Re: Again with the missing headers

2021-04-12 Thread Konstantin Kolinko
пн, 12 апр. 2021 г. в 18:05, Rob Sargent :
> > [...]
>
> The datum of concern is handled via the session.
>
>   //Hold the offset of the first explicit marker in the chased
>   //segment.  That marker at most 16th locus up-stream of
>   //segment. Less at pter.  There are more markers found within the
>   //spanning cliques but these are not at predictable positions
>   private void setRebase(HttpServletRequest req, Integer value) {
> req.getSession().setAttribute("rebase", value);
>   }
>
>   private Integer getRebase(HttpServletRequest req) {
> return (Integer)(req.getSession().getAttribute("rebase"));
>   }
>
> I confess, in preparing this response I noticed that I start sending the 
> first lines of the streamed data then set the header as follows:
>   response.setHeader("rebaseSegment", "" + getRebase(req));
> then the remainder of the stream.  I’ll correct that and see if that plays 
> into the behaviour at all.
>
> The isCommitted() will come in handy too.  Thanks for that.

Ack.

BTW, usage of getSession() has similar limitation as
setHeader/addHeader versus isCommitted:
a session cannot be created when it is tracked via Cookies and
response headers have already been sent.

There is a difference in API though, as getSession() throws an
explicit IllegalStateException.

https://javaee.github.io/javaee-spec/javadocs/javax/servlet/http/HttpServletRequest.html#getSession-boolean-

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: RemoteIpValve resolving localname is really slow

2021-04-12 Thread Konstantin Kolinko
пн, 12 апр. 2021 г. в 16:50, Bourdais Nicolas
:
>
> We are hosting our tomcats on windows vms behind a reverse proxy and have 
> enabled RemoteIPValve.
> In the same time we have many hardware which talk to tomcat through a vpn.
> Recently we updated our tomcats to a more recent version (8.5.43 to 8.5.53) 
> and our apps running on hardware through vpn had difficulties to talk to 
> tomcat.
>
> We identified that these difficulties came from very slow localname 
> resolution in RemoteIpValve when calling through vpn.
> We added vpn IP to hosts file of our tomcat’s vms which resolved our errors.
>
> We found that these behaviour appeared with tomcat 8.5.44 and was a 
> consequence of the new feature in RemoteIPValve and RemoteIpFilter : 'support 
> x-forwarded-host’ id 57665.
> Since this feature the valve begins by resolving localname (along remoteAddr, 
> remoteHost, serverName etc…) which in our case is time consuming (> 5 s) and 
> leads to communication errors
>
> Is this behaviour expected and necessary ?
> Could localName be resolved only if changeLocalName is set to true ?
> Should I comment on bugzilla ?

1. What is the configuration of your valve and your connectors?

By default Tomcat does not perform a DNS lookup and thus there should
not be noticeable timeouts. Can you show a stacktrace, what actually
happens.

https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Diagnostics#TroubleshootingandDiagnostics-CommonTroubleshootingScenario

2. If one could confirm your trouble, it would better be filed as a
new issue in Bugzilla.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Again with the missing headers

2021-04-12 Thread Konstantin Kolinko
пн, 12 апр. 2021 г. в 16:20, Rob Sargent :
>
> Thank you.
>
> Can you suggest a way to confirm the problem is size related? Or are you 
> convinced by the numbers shown?

Look at "ServletResponse.isCommitted()"

https://cwiki.apache.org/confluence/display/TOMCAT/Specifications#Specifications-JavaServletSpecifications
https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletResponse.html#isCommitted--

> The client is a Java 15 app so there’s a chance I could use trailer headers. 
> I’m not explicitly using chunked encoding currently.
>
> I don’t like the idea of buffering the entire response as this is the part of 
> my setup where there are likely thousands of nearly simultaneous requests and 
> the server isn’t that beefy.
>
> And I take it there is no mechanism in tomcat 9 to force the headers out on 
> an implicit flush?  Or other mechanism which ensures headers are sent?

What are those headers, and what code at what place sets them?

BTW,
an AccessLogValve can be configured to log a value of a response
header with "%{xxx}o" pattern.
https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Access_Log_Valve


https://tomcat.apache.org/lists.html#tomcat-users
-> 6. " Top-posting is bad."

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Question ad distributing non-Java-binaries with a webapp ...

2021-04-11 Thread Konstantin Kolinko
сб, 10 апр. 2021 г. в 21:50, Rony G. Flatscher (Apache) :
>
> Is it possible to place and use binaries (including shared libraries) in a 
> webapp? Very much like
> supplying jars to the "lib"-directory?
>
> Use case: if possible, I would like to create a webapp that includes non-Java 
> binaries (executable,
> image and shared libraries) that get interfaced with via JNI.
>
> If this is possible then how so? Any pointers/hints would be highly 
> appreciated!

Hi, Rony!

1) You may look for an inspiration on how Tomcat Navive library is loaded
https://tomcat.apache.org/tomcat-9.0-doc/apr.html
https://tomcat.apache.org/native-doc/

Note that "64-bit Windows zip" binary distribution includes the
library (tcnative-1.dll).
https://tomcat.apache.org/download-90.cgi

In the source code, look at
org.apache.tomcat.jni.Library
org.apache.catalina.core.AprLifecycleListener
and its message resources,
java/org/apache/catalina/core/LocalStrings.properties

You may find examples of System.load(), System.loadLibrary(),
System.mapLibraryName() calls in the Library class.

See also the system property "java.library.path".


2) JVM has a limitation that a library is allowed to be loaded by one
classloader only.

That is why using a web application classloader looks to be a poor
place for loading a library, if you are ever going to use its full
features (parallel deployment of several web applications, a reload /
redeploy without stopping Tomcat, etc.) See
https://tomcat.apache.org/tomcat-9.0-doc/class-loader-howto.html

3) It is possible to load any classes when Apache Tomcat starts:

a) with a custom Listener,

b) abusing a JreMemoryLeakPreventionListener
https://tomcat.apache.org/tomcat-9.0-doc/config/listeners.html

c) as a custom resource
https://tomcat.apache.org/tomcat-9.0-doc/jndi-resources-howto.html#Generic_JavaBean_Resources

HTH.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: What exactly does the AJP connector on 8009 do?

2021-04-06 Thread Konstantin Kolinko
пн, 5 апр. 2021 г. в 21:59, James H. H. Lampert :
>
> We've just gotten a complaint about a vulnerability involving AJP (to
> something called "Ghostcat") from a customer. The report from the
> security consultant recommends updating to a more recent version of
> Tomcat, and I note that we've already started rolling out 7.0.108 to
> customers.
>
> Looking at server.xml, the only reference to AJP is in relation to port
> 8009, and that this connector is commented out in 108, but not in 93.
>
> So what exactly *is* this connector, and what purpose does it serve?

A well-configured instance of Apache Tomcat should serve requests
either over "http:"/"https:" or over "ajp:", but not both. The clients
for http: protocol are web browsers. The clients for AJP protocol are
web servers (proxies).

See also
https://tomcat.apache.org/connectors-doc/
https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html
https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html
https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Connectors
https://en.wikipedia.org/wiki/Apache_JServ_Protocol

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [OT] programming style or mental process ?

2021-04-06 Thread Konstantin Kolinko
вс, 4 апр. 2021 г. в 13:24, André Warnier (tomcat/perl) :
>
> Hi.
> I have a question which may be totally off-topic for this list, but this has 
> been puzzling
> me for a while and I figure that someone here may be able to provide some 
> clue as to the
> answer, or at least some interesting ponts of view.
>
> In various places (including on this list), I have seen multiple occurrences 
> of a certain
> way to write a test, namely :
>
>if (null == request.getCharacterEncoding()) {
>
> as opposed to
>
>if (request.getCharacterEncoding() == null) {
>
> Granted, the two are equivalent in the end.

Some programming languages have rules, in what order an expression is
evaluated. E.g. the left side is evaluated first, the result is stored
in a register (memory) of a CPU, then the right side is evaluated and
the result is stored, then it is followed by a comparison and a
conditional jump. Thus the two variants are not equivalent.

(Well, as null is a zero and not really a specific value, maybe it
does not need evaluation and a memory register to store it.)

In Java the Java Language Specification dictates the evaluation order,
"15.7.1 Evaluate Left-Hand Operand First". I vaguely remember that in
the C language the evaluation order in such expressions is
unspecified.

https://docs.oracle.com/javase/specs/

If one side of an expression can have unexpected side effects (like a
function call or a null pointer dereference can have), I prefer them
to be evaluated first. Thus my preference is for
"(request.getCharacterEncoding() == null)".


Otherwise, another point of view to consider is readability of the
code. If the function call is some lengthy expression, " (null ==
request.getCharacterEncoding()) " may be more readable when formatting
the code results in wrapping the lengthy expression, splitting it into
several lines.


I think that I should also mention the well-known construct when a
comparison is done by calling the "equals()" method on some constant
value:

   CONSTANT_VALUE.equals(someFunction())

In this case the "CONSTANT_VALUE" is known to be non-null, and thus
calling its method cannot result in a NullPointerException. (In more
complex cases the static method "Objects.equals()" helps to compare
two values in a null-aware way).

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Recent charset breakage

2021-04-01 Thread Konstantin Kolinko
чт, 1 апр. 2021 г. в 00:55, Christopher Schultz :
>
> [...]
>
> I've written a tiny JSP to demonstrate the problem.
>
> charecho.jsp
>  CUT 
> <%
>response.setContentType("text/html");
>response.setCharacterEncoding("UTF-8");
> %>
> 
> 

The value above is misspelled. You are missing "charset=" before "UTF-8".
Personally, I usually echo the actual contentType header value when
writing a meta tag. I think that would be


[...]

>
> So, somewhat "mystery solved" although I'd like to understand why
>  didn't work.

Does validating your web.xml file against an xsd schema complete successfully?

request-character-encoding is defined in
(javax|jakarta)/serv/et/resources/web-app_4_0.xsd, which means Tomcat
9 or later. You wrote that you are running Tomcat 8.5.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [OT] Push a static value into digester's CallMethod rule?

2021-02-17 Thread Konstantin Kolinko
ср, 17 февр. 2021 г. в 20:13, Christopher Schultz
:
>
> All,
>
> I asked this over on the commons-user list yesterday but haven't gotten
> a response. Since the digester was born here, maybe someone knows the
> answer to this. I'd be happy to get a response over on commons-user or
> here. I'll reply to my own thread if someone replies here, citing it.
>
> :::
>
> I'd like to invoke a method on the current top-of-the-stack object and
> pass a static string value to it, like this:
>
> digester.push(new MyBean());
> digester.addCallMethod("/Foo/Bar", "setAttribute", 2, new Class[] {
> String.class });
> digester.addCallParam("/Foo/Bar", 0, "MyStaticString");
> digester.addCallParam("/Foo/Bar", 1, "attrName");
> digester.parse(...);
>
> When encountering /Foo/Bar, I'd like this to be called:
>
> myBean.setAttribute("MyStaticString", [value of attribute "attrName"])
>
> Is that kind of thing possible?
>
> I thought I might pull a fast one and push the value "MyStaicString"
> onto the stack and call:
>
> digester.addCallParam("/Foo/Bar", 0, true);
>
> But I it seems I can't push a value onto the stack when a specific path
> is seen: only statically at some specific point (like before parsing
> begins).

You have not said what version you are using.

Looking at Apache Commons Digester 3.2 source code and
searching for "peekParams()" calls (the API used to access the list of
parameters created by CallMethodRule):

1. I see that there exists a ObjectParamRule class that allows
injecting arbitrary values as parameters for the call. It is
documented as "@since 1.4".

2. There exists a Digester.addObjectParam() method. It is "@since 1.6".

HTH

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Standards, specs for URL parameter ordering

2021-02-17 Thread Konstantin Kolinko
ср, 17 февр. 2021 г. в 20:05, Christopher Schultz
:
>
> Konstantin,
>
> [...]
>
> Without being able to rely on form-data ordering, the only way to "know"
> which question was asked first, second, etc. would be to either put a
> hidden form element on the page describing the question-order (back to
> the server) or to have individual hidden elements for each question
> specifying the order. Something like this:
>
>
>
>...

An alternative solution can be to include both question id and order
in the field name. E.g.




Well, your use case is a valid one.

BTW, for the same grounds for forms submitted with mime type of
"multipart/form-data"
the HttpServletRequest.getParts() method could return an ordered
collection (a List).
As of now, the API is specified to return a Collection [1].

[1] 
https://javaee.github.io/javaee-spec/javadocs/javax/servlet/http/HttpServletRequest.html#getParts--

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Standards, specs for URL parameter ordering

2021-02-17 Thread Konstantin Kolinko
ср, 17 февр. 2021 г. в 12:09, Mark Thomas :
>
> On 16/02/2021 14:58, Christopher Schultz wrote:
> > All,
> >
> > I'm sorry for using users@ as my own personal Google but I'm sure
> > someone knows this off the top of their head and can save me a lot of
> > reading.
> >
> > I'm wondering about which specs mention how to handle URL parameters
> > (and POST parameters, for that matter) in terms of ordering. For
> > example, if I have a URL like:
> >
> > https://example.com/context/resource?a=1=2=3=6
> >
> > (Note that I have "a" in there twice)
> >
> > If I call request.getParameterNames(), is there a predictable order in
> > which those parameters will be handed back? I'd love to hear that not
> > only are they returned in "URL order" (that is, the left-most parameter
> > is the first returned in that enumeration) in Tomcat, but either the
> > servlet spec, the CGI spec, or some other spec dictates that order
> > explicitly.
>
> Yes, they will be in that order. (See ApplicationHttpRequest.parameters,
> ParameterMap.delgatedMap and LinkedHashMap
>
> The order isn't explicitly defined in any specification I am aware of.
> However, the Servlet spec does state (3.1) that query string parameters
> should be presented before parameters parsed form the request body.

1. When there are multiple values, the order of values is preserved.

Java Servlet 4.0 spec has an example in its text that shows how the
order of values is preserved (chapter 3.1 "HTTP Protocol Parameters"):

Data from the query string and the post body are aggregated
into the request parameter set. Query string data is presented before
post body data. For example, if a request is made with a query string
of a=hello and a post body of a=goodbye=world, the resulting
parameter set would be ordered a=(hello, goodbye, world)

2. Original specification for url-encoded parameters is not HTTP, but
HTML specification. The place where I first saw it many years ago was
here:

https://tools.ietf.org/html/rfc1866#section-8.2.1
HTML 2.0 spec

> The fields are listed in the order they appear in the document

Personally, I would not rely on the order of names provided by
getParameterNames(), as it would be surprising for a client if
processing of a request depends on the order of parameter names. In
the same way as whether reordering of input fields on a web form could
break its processing.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Weirdest Tomcat Behavior Ever?

2020-10-26 Thread Konstantin Kolinko
вт, 27 окт. 2020 г. в 00:07, Eric Robinson :
>
> > On 26/10/2020 10:26, Mark Thomas wrote:
> > > On 24/10/2020 01:32, Eric Robinson wrote:
> > >
> > > At this point I'd echo Konstantin's recommendation to add the
> > > following system property:
> > > org.apache.catalina.connector.RECYCLE_FACADES=true
> > >
> > > You'd normally do this in $CATALINA_HOME/bin/setenv.sh (creating that
> > > file if necessary) with a line like:
> > >
> > > CATALINA_OPTS="$CATALINA_OPTS
> > > -Dorg.apache.catalina.connector.RECYCLE_FACADES=true"
> > >
> > > You can confirm that the setting has been applied by looking in the
> > > log for the start-up. You should see something like:
> > >
> > > Oct 26, 2020 10:18:45 AM
> > > org.apache.catalina.startup.VersionLoggerListener log
> > > INFO: Command line argument:
> > > -Dorg.apache.catalina.connector.RECYCLE_FACADES=true
> > >
> > >
> > > That option reduces the re-use of request, response and related
> > > objects between requests and, if an application is retaining
> > > references it shouldn't, you usually see a bunch of
> > > NullPointerExceptions in the logs when the application tries to re-use 
> > > those
> > objects.
> > >
> > > Meanwhile, I'm going to work on a custom patch for 7.0.72 to add some
> > > additional logging around the network writes.
> >
> > Patch files and instructions for use:
> >
> > http://home.apache.org/~markt/dev/v7.0.72-custom-patch-v1/
> >
> > Mark
>
> Hi Mark,
>
> A couple of questions.
>
> 1. Now that you have provided this patch, should I still enable 
> RECYCLE_FACADES=true?

Regarding the patch,
there is no source code for it, but I think that it adds debug
logging, nothing more.


RECYCLE_FACADES makes your configuration more safe, protecting Tomcat
from misbehaving web applications. I have that property set on all
Tomcat installations that I care about. Thus I think that you should
set it anyway.

I usually add that property into the conf/catalina.property file.

See the wiki for a more detailed answer.
https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Diagnostics#TroubleshootingandDiagnostics-TroubleshootingunexpectedResponsestateproblems

My thought that you case could be caused by something like the "Java
ImageIO" issue mentioned there. If something in the web application
produces dangling references to java.io.OutputStream and they are
closed during garbage collection, corrupting Tomcat internals.

> 2. [...] Can you think of any potential issues where making this change for 
> one instance could have a negative effect on any of the other instances? 
> Probably not, but just being careful.

I hope that you can cope with the amount of logging that this generates.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Weirdest Tomcat Behavior Ever?

2020-10-24 Thread Konstantin Kolinko
сб, 24 окт. 2020 г. в 03:08, Eric Robinson :
>
> > - Answers to the additional questions would be nice but the access log
> >   %b value for a failed request is the key piece of information required
> >   at this point.
> >
>
> Good news! I enabled that parameter a few days ago and we have already caught 
> some instances of the problem occurring. Here is the logging format...
>
> prefix="localhost_access." suffix=".log" pattern="%h %l %D %u 
> %t %{JSESSIONID}c %{cookie}i %r %s %b %S %q" />

I usually also have the following pattern in my access logs:
[%{org.apache.catalina.parameter_parse_failed}r
%{org.apache.catalina.parameter_parse_failed_reason}r]

It captures whether a request.getParameter() call completed abnormally and why.
That is unlikely your cause, but there may be some other request
attributes that may be of interest, but nothing comes to mind at the
moment.

> Due to some sensitive content in the HTTP requests below, I have globally 
> replaced certain words and addresses with random-ish strings, but I don't 
> think I've done anything to impact the issue.
>
> Following is an example from Wednesday.
>
> This is a request being sent from the nginx proxy to the first of 2 upstream 
> servers, 10.51.14.46
>
> 2020/10/21 15:51:22 [error] 39268#39268: *842342531 upstream prematurely 
> closed connection while reading response header from upstream, client: 
> 99.88.77.66, server: redacted.domain.com, request: "GET 
> /sandhut/jsp/catalog/xml/getWidgets.jsp?eDate=2020-10-21=64438=0=0=Yes=0=75064=322095=8568=0.5650846=21102020155122.472656
>  HTTP/1.1", upstream: 
> "http://10.51.14.46:3016/sandhut/jsp/catalog/xml/getWidgets.jsp?eDate=2020-10-21=64438=0=0=Yes=0=75064=322095=8568=0.5650846=21102020155122.472656;,
>  host: "redacted.domain.com"

I wonder what "CompressXML=Yes" does.


I also recommend to add the following system property to the configuration:
org.apache.catalina.connector.RECYCLE_FACADES=true

https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Diagnostics#TroubleshootingandDiagnostics-TroubleshootingunexpectedResponsestateproblems

> Drat, slight correction. I now recall that although we initially installed 
> 7.0.76 from the CentOS repo, the application vendor made us lower the version 
> to 7.0.72, and I DO NOT know where we got that.

It is possible to compare the files with pristine version from ASF
archive dist site,
https://archive.apache.org/dist/tomcat/tomcat-7/

If it was installed as an RPM package, `rpm -qf` should be able to
answer what installed package those files belong to.
https://stackoverflow.com/questions/1133495/how-do-i-find-which-rpm-package-supplies-a-file-im-looking-for

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: jstl jar location

2020-10-21 Thread Konstantin Kolinko
вт, 20 окт. 2020 г. в 22:31, George Stanchev :
>
>
> I am hoping someone can shed some lights on a question. I did try to search 
> online and SO but haven't had luck in figure it out so hopefully it is a 
> quick answer from the people that know that stuff. We have an uber-lib folder 
> where we keep shared libraries in our TC85-hosted app. If we put jstl-1.2.jar 
> into that directory but not in the application /WEB-INF/lib directory, TC 
> generates [1]. If I move jstl into the application lib folder, it works. I 
> made sure jstl is excluded from jarsToSkip and included in jarsToScan.
>
> Is there any rule or switch that says that the JSP compiler cannot use the 
> parent CL to resolve the jstl URIs?

There is a rule how JSP engine locates Tag Library Descriptor (TLD) files.

See chapters "JSP.7.2 Tag Libraries", "JSP.7.3 The Tag Library Descriptor".
Especially the "order of precedence" list in chapter "JSP.7.3.2 TLD
resource path".

It looks that you are relying on implicit declarations.of TLDs.

https://cwiki.apache.org/confluence/display/TOMCAT/Specifications

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: tomcat9 classpath

2020-10-06 Thread Konstantin Kolinko
вт, 6 окт. 2020 г. в 23:11, Christopher Schultz :
>
> Nothing you add or remove from catlaina.properties will change what is
> shown when you run "ps" and look at the command-line used to launch the JVM.
>
> Fortunately, it doesn't matter. Tomcat will configure the "common" and
> "shared" ClassLoaders with the correct list of JARs you specify in
> catalina.properties, and those libraries will be available to the server
> and/or your application(s). The fact that they are not in the "ps"
> output for "-classpath [stuff]" does not matter.

+1

The manual:
https://tomcat.apache.org/tomcat-9.0-doc/class-loader-howto.html

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Unclear sentence in FailedRequestFilter's javadoc

2020-10-05 Thread Konstantin Kolinko
пн, 5 окт. 2020 г. в 14:16, Martin Grigorov :
>
> Hi,
>
> What is the meaning of "addresses" at
> https://github.com/apache/tomcat/blob/a0fb5f4b42c593fa566878dddfa213e5f3c9c499/java/org/apache/catalina/filters/FailedRequestFilter.java#L40
> ?
>
> "Parameter parsing does check content type of the request, so there should
> not be problems with *addresses* that use
> request.getInputStream() and request.getReader()"
>
> I am not English native speaker, so it might be correct, but it looks like
> the wrong word is used here.

It looks odd for me as well, although from the commit history it looks
that it was my commit that added that sentence [1], 9 years ago.

Essentially, the text should be the same as in description of the
filter in Configuration Reference [2][3]. It talks about "the servlet
protected by this filter".

[1] https://svn.apache.org/viewvc?view=revision=1198707
[2] https://svn.apache.org/viewvc?view=revision=1200107
[3] 
http://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#Failed_Request_Filter

It looks as if you are the first person who has read that Javadoc in 9 years.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: NullPointerException on statrup - possible bug in Tomcat

2020-06-24 Thread Konstantin Kolinko
ср, 24 июн. 2020 г. в 19:25, :
>
> I have a web application which is failing in RestEasy initialization with an 
> NPE. It worked for many years until I added a large number of jar 
> dependencies because of a new development effort. I've debugged the code by 
> stepping through the Tomcat source to the point I've found where it is 
> failing. It seems to be a Tomcat bug but of course I'm not convinced since it 
> is highly more likely it is my problem.
>
> Tomcat version is 9.0.36, though the failure happens in the Tomcat 8 versions 
> I've tried as well.
>
> The NPE is triggered by a single "return null" statement in 
> org.apache.catalina.core.ApplicationContext line 933. Below is a code snippet 
> of where the return statement is. In my failing scenario the wrapper is NOT 
> null and isOverridable is already returning false. So it falls through to 
> return null.
>
> So here is my question: Why in the world in the code below does the return 
> null statement even exist? It seems like the return null at line 933 is the 
> precondition the code is trying to establish.

This method is documented in the specification of Servlet API (in
their javadoc) to return null if such servlet has already been
registered.
See Java EE 8 javadoc
https://javaee.github.io/javaee-spec/javadocs/javax/servlet/ServletContext.html#addServlet-java.lang.String-java.lang.Class-

(Following the links from Specifications page
https://cwiki.apache.org/confluence/display/TOMCAT/Specifications

K.Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Reason for failed POST to .../api/tokens in Tomcat 8 and 9?

2020-06-23 Thread Konstantin Kolinko
вт, 23 июн. 2020 г. в 20:08, Victor Norman :
>
> Cookie:
> JSESSIONID=F61EBB3764D21F4A6161304BB9D820EF; 
> JSESSIONID=BA81E2D37D390F411711FAB57F5B8DBF

1) Having two session cookies is not a crime, but why?

(It is not a cause of this issue. Just an odd configuration.)

I see that when I go to http://agora.cs.calvin.edu:8080/
I receive a HTML page with "http://agora.cs.calvin.edu:8080/agora/;>" and a
Set-Cookie header in a response.  That page does not need a session
and thus does not need sending the session cookie.

If that HTML response is generated by a JSP page, use <%@page session="false"%>.

(Also, I wonder whether one needs to return a HTML page? A JSP page
may generate a redirect response with HTTP status code 302 by using <%
response.sendRedirect(...) %> code instead of relying on a "meta
refresh" element of HTML).

2)
> Content-Length:
> 0

The POST request sends no data - the length of content is zero..
Looking at the source code [1], if I figured it correctly, I think
that it actually expects a username and a password.

Why was such a request sent?

[1] 
https://github.com/apache/guacamole-client/blob/master/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java

3) Guacamole is an Apache project, You may better ask on their mailing list,

[2] https://guacamole.apache.org/support/#mailing-lists

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: NullPointerException in CoyoteOutputStream

2020-06-12 Thread Konstantin Kolinko
пт, 12 июн. 2020 г. в 18:36, Mark A. Claassen :
>
> We were doing some load testing and we started getting a NullPointerException 
> at the stack trace below.  We don't get the NPE all the time, so I am 
> guessing some of these objects got corrupted somehow.
> One place the clear() method is called from is the recycle() method in the 
> Response object from the same package.
>
> Has anyone seen this before?  My Internet searches did not reveal any other 
> reports of this.  Is this something that has already been fixed in the course 
> of other changes?
>
> The version of Tomcat is 9.0.12 and we are using the openSSL underneath all 
> this.

Why not the current version (9.0.36)?

Also
https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Diagnostics#TroubleshootingandDiagnostics-TroubleshootingunexpectedResponsestateproblems

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Warning "AJP13 protocol: Reuse is set to false" written logs every second of every day. Please help.

2020-06-12 Thread Konstantin Kolinko
чт, 11 июн. 2020 г. в 18:57, Alfred Bakia :
>
> Description of issue:
> ColdFusion 2018 is an application server that uses Tomcat 9.0.21. Our 
> ColdFusion installation consists of instances. The instances are independent 
> application servers, each with its own Tomcat installation and Java Virtual 
> Machine. The Java version is 11.0.7.
>
> Each ColdFusion instance serves web content via the web server IIS.  We have 
> configured an AJP connector for the communication between Tomcat and IIS. The 
> relevant settings are
>
>
>   *   In server.xml
>
>  protocol="AJP/1.3" tomcatAuthentication="false" maxThreads="500" 
> packetSize="65535"/>

The packetSize has non-default value. The configuration reference [1]
says that the same value should be configured on the other side as
well, mentioning "max_packet_size" for mod_jk. I am not sure how that
is done for IIS.

[1] https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html


> On one of the instances (name: 'sr1studierdr1'), the following WARNING is 
> written to isapi_redirect.log every second or so:
>
>
>   *   [Thu Jun 11 16:44:57.739 2020] [11308:15392] [warn] 
> ajp_process_callback::jk_ajp_common.c (2242): (sr1studierdr1) AJP13 protocol: 
> Reuse is set to false

Searching the sources, the code that writes it appears to be in
native/common/jk_ajp_common.c

https://github.com/apache/tomcat-connectors/blob/master/native/common/jk_ajp_common.c#L2117

It is triggered by a value of a "reuse flag" field in an "END_RESPONSE" packet.

https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html#End_Response

At Tomcat side the END_RESPONSE packet is sent by
AjpProcessor.finishResponse() and can send two kinds of an end
response packet: one with a "reuse" flag value and another with a "no
reuse".

https://github.com/apache/tomcat/blob/9.0.x/java/org/apache/coyote/ajp/AjpProcessor.java#L104
https://github.com/apache/tomcat/blob/9.0.x/java/org/apache/coyote/ajp/AjpProcessor.java#L1049.

If there is a severe error that does not allow reuse of the
connection, the "no reuse" packet is sent. I wonder how you encounter
such an error.

Do you have an access log configured in Tomcat and what does it show?

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat shutdown password complexity

2020-05-10 Thread Konstantin Kolinko
вс, 10 мая 2020 г. в 22:20, Mark Thomas :
>
> On May 10, 2020 11:31:02 AM UTC, calder  wrote:
>
> 
>
> >I asked the DevOps person about the error - turns out it was a
> >SAXParseException when using the & char in the string.
>
> That is standard XML. You have to escape reserved characters in the XML.

+1.

XML is a data format.

> > He vaguely
> >remembers a shell issue with the bang char.
>
> I think he is mistaken. There is no issue using ! in XML.
>
> There are no limitations on the characters for the shutdown password. You 
> might need to encode some of them to define the password in XML but that is 
> all.

Control characters (e.g. CR, LF:   and ) - anything with
code less than whitespace(32) and the character with code 127 cannot
be used. Anything else can be.

For reference, the await loop that waits for the shutdown command:
https://github.com/apache/tomcat/blob/master/java/org/apache/catalina/core/StandardServer.java#L596

Note lines 546-548:
if (ch < 32 || ch == 127) {
break;
}
command.append((char) ch);

The code that sends the command:
https://github.com/apache/tomcat/blob/master/java/org/apache/catalina/startup/Catalina.java#L538

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Catalina PID file

2020-04-24 Thread Konstantin Kolinko
пт, 24 апр. 2020 г. в 05:25, Christopher Schultz :
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Rafael,
>
> On 4/23/20 17:18, Rafael Oliveira wrote:
> > I does not happen every time, but it happens, actually it happened
> > twice during a couple of deployments and only in one instance of
> > several that I have.
> >
> > I could not reproduce in a safe and close environment, I got this
> > error in a server with multiple users and multiple tasks and
> > concurred environment.
> >
> > The point is raise a question is this echo $! > "CATALINA_PID" the
> > best approach to get the PID?
>
> It's literally the only way to do it.
>
> $! doesn't get you the PID of some random other process that was
> recently started. It's exactly what it says it is: the PID of the last
> process that was backgrounded by the currently-executing script.
>
> If your pid-file contains the wrong PID, it's probably because
> something overwrite overwrote it after it was initially-generated.
>
> If you try to start Tomcat twice, for example, like this:
>
> $ CATALINA_HOME/bin/startup.sh
> [...]
> $ cat $CATALINA_PID
> 1234
> $ CATALINA_HOME/bin/startup.sh
> [...]
> $ cat $CATALINA_PID
> 2345
> $ ps -ef | grep "catalina.base=$CATALINA_HOME"
> 1234
>
> The startup script will always overwrite the PID file because it can't
> tell if it's going to fail (which it will, since the shutdown port is
> already bound to the first-launched instance).
>
> In the case above, the PID-file is clobbered by the second process
> while the first process continues to run (and be the correct process
> id). There isn't much to be done about that without resorting to
> drastic measures, such as having Tomcat write its own PID file after
> it starts up (enough), and getting the PID from Java isn't
> super-straightforward until Java 9. :(

1. I do not know what version of Tomcat the OP is using, but the
current catalina.sh has some protection from double runs:

  ps -p $PID >/dev/null 2>&1
  if [ $? -eq 0 ] ; then
echo "Tomcat appears to still be running with PID $PID.
Start aborted."
echo "If the following process is not a Tomcat process,
remove the PID file and try again:"
ps -f -p $PID
exit 1
  else

There is some time window between this check and the launch of Java
process (when the PID file is being written out), so there will always
be a race condition here.

2. If one does not like how Tomcat forks a separate shell process for
a java executable, it is possible to start it with "catalina.sh run".
In this case java is started in the same process (and no PID file is
being written) and all control over this process should be done in
your own code  YMMV.

3. Tomcat can be configured as a service (daemon) and started with
Apache Commons Daemon executable (jsvc).  jsvc knows how to manage a
PID file. See daemon.sh for an example.

> and getting the PID from Java isn't super-straightforward until Java 9. :(

4. With our own cat's food: Tomcat-Native has the method:

org.apache.tomcat.jni.Stdlib.getpid()

:)

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: 10.0.0-M4 missing PGP signatures?

2020-04-23 Thread Konstantin Kolinko
чт, 23 апр. 2020 г. в 21:18, Mark Thomas :
>
> On 23/04/2020 18:42, Tianon Gravi wrote:
> > Hi!
> >
> > I'm downloading 10.0.0-M4 from the download page[1] and was hoping to
> > be able to use PGP to verify the artifacts (as in other versions), and
> > it seems the link from that page[2] is a 404?
> >
> > [1]: https://tomcat.apache.org/download-10.cgi
> > [2]: 
> > https://downloads.apache.org/tomcat/tomcat-10/v10.0.0-M4/bin/apache-tomcat-10.0.0-M4.tar.gz.asc
> >
> > I've checked a couple other download mirrors and archive.apache.org,
> > and it appears that M3 *did* include a signature file for
> > "apache-tomcat-10.0.0-M3.tar.gz" (but interestingly, M1 did not
> > include one for "apache-tomcat-10.0.0-M1.tar.gz") so perhaps this is
> > just a pipeline hiccup / minor oversight?
>
> Thanks for the heads up.
>
> That part of the release process is fully automated and it includes
> signature generation.
>
> There have been a couple of glitches lately. I'm not sure what is going
> on. I'll try and watch the console for the next set of builds more
> carefully.
>
> I still have the original build outputs locally so I'll generate any
> missing signatures and get them uploaded.

The *.tar.gz and *.zip files are also published to the Maven
repository (as the org.apache.tomcat:tomcat artifact), and they have
the signatures.

I have a copy of Maven staging repository from the time of release vote.
So I verified that those signatures match the files in the release and
uploaded them to dist.a.o.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Practical multipart handling

2020-03-26 Thread Konstantin Kolinko
чт, 26 мар. 2020 г. в 18:03, Christopher Schultz :
>
> All,
>
> I'm developing my first multipart handler since .. I dunno, maybe
> 2005? This is the first time I'll be using the Servlet 3.0 multipart
> handling, of course through Tomcat. Some of these questions may have
> answers which are "implementation-specific", so in this case, I would
> like to know how things will behave in Tomcat specifically. Notes of
> where the spec leaves things up to the implementation will be appreciate
> d.
>
> I'd like to submit a form which has not only a large-ish file part,
> but also some regular fields like . My
> understanding is that I'll have to read those data by calling
> Part.getInputStream(), wrapping the InputStream in an
> InputStreamReader using the right charset, etc.

I think that those are available via the standard
request.getParameter(name) API.

> [...]
>
> Can I rely on the client to send the fields in any particular order?
> I'm not expecting to store the file on the server myself; I'd like to
> process it in a "streaming" fashion and not touch the disk if
> possible. I know that the server may store the file on the disk if it
> decides to. I'm not terribly worried about that. I just don't want to
> have to write the file to the disk TWICE, and I need information from
> those other parameters in order to configure the stream-processing.

Michael already answered this. There is a configurable threshold.
Anything over it will be written to disk as a temporary file.

The JavaDoc for Part.write() says that it can be implemented as moving
the file. "This method is not guaranteed to succeed if called more
than once"

> When iterating over the Collection returned from
> HttpServletRequest.getParts(), am I required to process each part in
> order immediately? Or can I store a reference to a Part for later?
> This kind of goes along with the previous question.

You can store the reference, but your "for later" should be no longer
than until the request processing ends.

> When I'm done with a part, must I explicitly call Part.delete()?

Tomcat deletes the files automatically (I implemented this feature in
Tomcat 7.0.30 - see changelog). In my own web applications I delete
the files explicitly (calling part.delete() in a cycle).

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat Wiki Source Code Download

2020-03-24 Thread Konstantin Kolinko
вт, 24 мар. 2020 г. в 10:12, Brian Burch :
>
> I'm quite baffled!
>
> http://tomcat.apache.org/source.html gives me the url:-
>
> http://svn.apache.org/repos/asf/tomcat/site
>
> I made a clean "svn checkout" and referred to the README.txt about the
> source files being xml formatted. I have all the html files, but the
> instructions tell me the real source is the xml. There are a lot of xml
> files, but not for Logging.
>
> Unfortunately, even after trying:-
>
> svn update --set-depth infinity xdocs jk-xdocs native-xdocs
>
> The directory tree does contain several xml files related to logging
> with Tomcat 5, but not the page I want to update.
>
> When I browse:-
>
> http://svn.apache.org/repos/asf/tomcat/site/trunk/xdocs/
>
> There are quite a few xml files, but not the one I would like to modify
> - Logging.xml.
>
> What have I misunderstood?

It would be easier if you mentioned the actual public URL of the page
which source code you are looking for.

It looks that you are mixing up 3 different things:

(a) The Wiki site
(b) tomcat.apache.org web site
(c) Documentation for a specific version of Tomcat.

I guess that you are looking for "(c)". That is the "docs" web
application that is distributed with each release of Tomcat, and its
source code is in webapps/docs directory in Tomcat source code (in
Git).

For convenience, once a version of Tomcat is released, a copy of its
documentation is published under "tomcat-X.Y-doc" onto
tomcat.apache.org web site. E.g.

https://tomcat.apache.org/tomcat-9.0-doc/logging.html
https://github.com/apache/tomcat/blob/9.0.x/webapps/docs/logging.xml

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: /META-INF/resources/ and Chrome's DevTools

2020-03-15 Thread Konstantin Kolinko
вс, 15 мар. 2020 г. в 13:47, Peter Rader :
>
> I have my default.js in a frontend.jar's /META-INF/resources/js/ according to 
> the specs (last paragraph of point 10.10 in 
> https://download.oracle.com/otn-pub/jcp/servlet-3.0-fr-eval-oth-JSpec/servlet-3_0-final-spec.pdf
>  ) it is served successfully. This works great!

1. If you unpack the file into a directory in your web application
(into its /js/ directory),
it will take precedence over the version packed in the framework jar.


2. It is possible to map files from elsewhere on your hard drive into
your web application.
It can be done with "" element in the
META-INF/context.xml file of your web application.

For reference:
http://tomcat.apache.org/tomcat-9.0-doc/config/resources.html


3. If your Tomcat runs on the same computer. you can run the web
application from an expanded directory, without packing it as a war
file.

1) Copy your META-INF/context.xml file as
$CATALINA_BASE/conf/Catalina/localhost/yourwebappname.xml

2) Add docBase attribute to the  element in it.

See
http://tomcat.apache.org/tomcat-9.0-doc/config/context.html#Defining_a_context


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Host based logging

2020-02-29 Thread Konstantin Kolinko
сб, 29 февр. 2020 г. в 15:33, Alexander Curvers :
>
> 

Note the "". Those are comment wrappers in XML.
The above  definition is commented-out and thus is ignored.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Question on HttpSession investigation

2020-02-12 Thread Konstantin Kolinko
пн, 10 февр. 2020 г. в 02:32, M. Manna :
>
> [...], we would like
> to check using JMX whether this is present somewhere in session. Debugging
> has not resulted into a successful outcome.
>
> We appreciate if this is not possible, but just wanted to check if tomcat
> currently emits anything related to this.

The Manager web application (that comes with Tomcat) is able to
display contents of a session:

- Click on the number that shows the count of active sessions in a web
application. You will see a list of active sessions.
- Click on sessionid. You will see a list of all attributes for that session.

You may look into the source code for HTMLManagerServlet to see how
"sessionDetail" command is implemented.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Installing a program designed for Tomcat 5.5 on Tomcat 9

2020-02-09 Thread Konstantin Kolinko
вс, 9 февр. 2020 г. в 02:12, Peter Rader :
>
>
> > I am currently trying to install a program designed to operate on Win XP 32
> > and earlier on to a Win 10 environment. The program extracts to the Shared
> > and Webapps folders of Tomcat 5.5 and uses a SQL database. After converting
> > the database and installing it on SQL 2017 I added the JDBC connector and
> > downloaded and installed tomcat 9 only to find there is no shared folder to
> > extract the shared files to. Any suggestions?
>
> Hm, shared ... do you mean the endorsed folder? From old apps I remember that 
> some jdbc-jars have to be placed in tomcat's endorsed folder.
>
> I am pretty sure that you could use the JVM/JDK's endorsed folder. They 
> usually have their place in \lib\endorsed .

Endorsed folder is a different beast. Please do not put anything there.

Tomcat 5.5 documentation is still available online (if you know the
address to type it in a browser's address bar) [1] The closest analogy
to the "Shared" classloader in current Tomcat is the "Common"
classloader that loads classes from ${catalina.base|/lib.

[1] https://tomcat.apache.org/tomcat-5.5-doc/class-loader-howto.html#Overview
[2] https://tomcat.apache.org/tomcat-9.0-doc/class-loader-howto.html#Overview

It is possible to reconfigure Tomcat 9 to have a separate Shared
classloader as well, but that is an overkill.

Also, do not forget about Migration Guides [3].

[3] https://tomcat.apache.org/migration.html
[4] https://tomcat.apache.org/migration-6.html#Modified_directory_structure

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [OT] HttpServletRequest.getRemoteAddr() sometimes returns NULL on Tomcat 9.0.30 and HTTP/2 secure requests

2020-02-06 Thread Konstantin Kolinko
ср, 5 февр. 2020 г. в 21:29, Manuel Dominguez Sarmiento :
>
> Yes, there are two reasons:
>
> 1) The Tomcat valves operate on all webapps. We only need/require this
> for one particular webapp without affecting the others.

You can configure a Valve for a specific web application by placing it
into Context configuration for that specific web application (usually
that is the "/META-INF/context.xml" configuration file). [1]

[1] 
http://tomcat.apache.org/tomcat-9.0-doc/config/context.html#Defining_a_context


2. If I understand correctly, the null value from
request.getRemoteAddr() means that the client connection has already
been closed.

Tomcat cannot do much at that point, unless the information has not
already been requested (and thus cached) when the connection was still
alive. (The recent changes to the AccessLogValve are just that: to
request the value earlier.)

It is useless to process a request if the connection has already been closed.

Why do you say that the null value is an invalid one? I do not see
such words in the specification.

3. Just as a note (I would not recommend it for your specific use case)

One known way to detect a closed connection is to trigger parameter
parsing and look whether an error flag (implemented as an attribute of
a Request) was set by it. See the implementation of
org.apache.catalina.filters.FailedRequestFilter for an example.

4. Do you run with the following configuration setting turned on?
org.apache.catalina.connector.RECYCLE_FACADES=true

See 
https://cwiki.apache.org/confluence/x/yColBg#TroubleshootingandDiagnostics-TroubleshootingunexpectedResponsestateproblems

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Expected behavior of calling javax.servlet.ServletRequest#getInputStream after javax.servlet.http.HttpServletRequest#getPart

2019-12-13 Thread Konstantin Kolinko
пт, 13 дек. 2019 г. в 08:18, Behrang Saeedzadeh :
>
> Unless an email, including its signature, is in violation of the mailing
> list policies, no one is in a position to ask participants to format their
> emails in a given way or not to include their email signatures. I suggest
> reading [...] for those that are not
> familiar with these policies.

Thank you for your kind references.

Please note that

1. It is up to PMC to oversee its project and its mailing lists.

2. Please note the rules of this mailing list, as stated in
https://tomcat.apache.org/lists.html#tomcat-users
-> 6.

and also
https://www.apache.org/foundation/policies/conduct.html
-> 6. Be concise

3. The mail signatures like the one that was seen in this mail thread look
a lot like click bait spam or SEO spam that many of us are tired of.

I do not really mind how one likes to present oneself. Though personally
my first reaction to any e-mail that resembles spam is to ignore it.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Not able to generate thread dump in windows

2019-12-12 Thread Konstantin Kolinko
чт, 12 дек. 2019 г. в 12:43, thulasiram k :
>
> Hi,
>
> I tried to generate thread dump for tomcat 7.0.94 in windows 2016.  it
> writes in logs "[10340] Console CTRL+BREAK event signaled" but no dump has
> generated. Can you please guide on this how to generate the thread dump /
> heap dump here.
>
> The reason I'm trying to generate the dump is our tomcat server stop
> working frequently and nothing is writing in logs. Is there any other way
> to check this issue.

Your configuration?

Did you read the official Tomcat FAQ? (Thoubleshooting and
Diagnostics)? It has a number of recipes documented there.

One of them is to use jps.exe and jstack.exe tools from an JDK.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Expected behavior of calling javax.servlet.ServletRequest#getInputStream after javax.servlet.http.HttpServletRequest#getPart

2019-12-11 Thread Konstantin Kolinko
ср, 11 дек. 2019 г. в 13:06, Behrang Saeedzadeh :
>
> Thanks Andre for explaining it much better than I did.
>
> I posted this to Jakarta EE's mailing list too:
> https://www.eclipse.org/lists/jakarta.ee-community/msg01477.html
>
> I think at least the JavaDocs comments and the spec need minor amendments
> to document this expected behaviour clearly.

javax.servlet.ServletRequest#getInputStream() and getParameter()
methods address different use cases. It is rather unusual to try
calling getInputStream() when the Content-Type of the request is the
one handled by parameter parsing.

It is possible to use both getParameter() and getInputStream() if
request body has content-type that is not processed by parameter
parsing. In this case getParameter() returns the parameters parsed
from the query string of the request line and does not process the
body.


E.g. in Tomcat Manager web application it is possible to send a WAR
file in the body of a PUT request. The context path for the uploaded
web application is specified by a parameter in the request URL. Both
getParameter() and getInputStream() are used here.

http://tomcat.apache.org/tomcat-9.0-doc/manager-howto.html#Deploy_A_New_Application_Archive_(WAR)_Remotely

I think that changing the method getInputStream() to throw an
IllegalStateException (e.g. as a vendor-specific option) may help
developers to detect their programming errors, but does not address
any real use case. On the good side, it also means that it does not
break any real use case.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: ServletRequest Obj Randomly not Processing x-www-form-urlencoded parms

2019-12-09 Thread Konstantin Kolinko
вс, 8 дек. 2019 г. в 08:09, Jerry Malcolm :
>
> I have ajax code that sends requests to TC in a REST-style process.  I
> send the parms url-encoded in the body.  This has worked untouched
> literally for years.  I have some new data objects in my db that "should
> be" sending the same type of requests through the same javascript
> routines.  But for some inexplicable reason, the HttpServletRequest
> object is randomly deciding to not process the parms.  When I try to
> enumerate the parms, I get none. Any parm I request comes back not
> found.  I added some code to read the body myself (request.getReader(),
> etc).  When the parms are available as it normally works, the reader is
> empty, which is what I would expect since it's been read by the request
> obj.  But when the request object tells me I have no parms, I can read
> the entire url-encoded parm string from the reader, which if I
> understand things, means the request object never tried to read the
> stream, unless it somehow restores the stream after a read (??).  But
> the important point I determined is that the parms are indeed present in
> the body... just not processed.
>
> [...]

I usually have the following in the pattern of AccessLogValve in my
configurations:

[%{org.apache.catalina.parameter_parse_failed}r
%{org.apache.catalina.parameter_parse_failed_reason}r]

Those request attributes are set in Tomcat whenever a problem is
encountered by parameter parsing, e.g. an IOException if a client
aborts the request. (The methods to process parameters in Servlet API
do not have a way to report any errors). Those attributes can be used
by org.apache.catalina.filters.FailedRequestFilter

http://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#Failed_Request_Filter

You may look where those attributes are set in the source code.

Mark wrote:
> Issues like this can be caused if a reference to a request or response
> is retained longer than it should be. You can try setting:
> -Dorg.apache.catalina.connector.RECYCLE_FACADES=true

+1.

https://cwiki.apache.org/confluence/x/yColBg
https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Diagnostics#TroubleshootingandDiagnostics-CommonTroubleshootingScenario

> I fired up my Windows laptop TC 9.x and got the exact same symptoms.

You may also try with Tomcat 9.0.30 - release candidate is available
and is currently being voted - see dev@ mailing list.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat is throwing an error Invalid byte tag in constant pool:19

2019-12-09 Thread Konstantin Kolinko
пн, 9 дек. 2019 г. в 03:58, Nelligan, Steven M :
>
>
> I am trying to rebuild my applications and all of a sudden, I am getting the 
> following error:
>
> Our backend application (from third party has been updated) It is using Java 
> 11.
>
> My tomcat servers are running version 7.34 of tomcat and version 1.7.0_45.

1.7.0_45 is the version of Java? But you say that those web
applications need at least Java 11?

> I have rebuilt and deploy a large number of our Apps; but there are about 4 
> with the following error:
> SEVERE: Unable to process Jar entry [module-info.class] from Jar 
> [jar:file:/G:/Tomcat7/temp/44-bannertools/WEB-INF/lib/jaxb-api-2.3.0.jar!/] 
> for SEVERE: Unable to process Jar entry [module-info.class] from Jar 
> [jar:file:/G:/Tomcat7/temp/44-bannertools/WEB-INF/lib/jaxb-api-2.3.0.jar!/] 
> for annotations
> org.apache.tomcat.util.bcel.classfile.ClassFormatException: Invalid byte tag 
> in constant pool: 19
> at 
> org.apache.tomcat.util.bcel.classfile.Constant.readConstant(Constant.java:133)

Sounds a lot like this issue that I answered a year ago:
https://stackoverflow.com/questions/52867430/invalid-byte-tag-in-constant-pool-19-error-message

>
> When I first tried this a couple of weeks ago... I needed up trying to 
> upgrade Tomcat to the latest release of 7.0_94

The latest release of Tomcat 7 is 7.0.96, released in July.

> Everything started to fall apart, the javax modules were failing, etc.  I 
> finally realized I was chasing my tail.
> Every time I got one thing working, two more broke.
>
> Restored everything back and went through the rebuild.
>
> I tried to copy the annotation_api.jar file from Tomcat 7.0_94 into tomcat 
> 7.0_45 but nothing would deploy...
>
> I'm at a loss on what could be happening
>
> Any help would be appreciate any guidance.
>
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: override context path for manager application

2019-12-04 Thread Konstantin Kolinko
чт, 5 дек. 2019 г. в 01:20, Guild, Jason A (DOT) :
>
> Hi all:
>
> The context path of the Tomcat manager application is "/manager" by default 
> [0].
> I am trying to change this context path from the default using an override 
> configuration.
>
> I am doing the typical creation of a container using makebase.sh and setting 
> CATALINA_BASE before starting it.
>
> To enable the manager application on these containers, I create a file 
> $CATALINA_BASE/conf/[engine]/[host]/manager.xml with the following content:
> 
>  antiResourceLocking="false" privileged="true">
> 

The usage of "path" attribute above is invalid. It must never be used
in a context xml file and it is ignored there,
because the path is derived from the name of the file.

See
http://tomcat.apache.org/tomcat-9.0-doc/config/context.html

If you want to rename the application, you must do the following:

1) first, rename the file itself, e.g. to

$CATALINA_BASE/conf/[engine]/[host]/dev9#manager.xml

$CATALINA_BASE/conf/[engine]/[host]/mymanager.xml

etc.

2) second, you must move the manager application from
"${catalina.home}/webapps/" to some other directory.

The applications in "webapps/" directory are auto-deployed when Tomcat
starts. If you keep the manager app there, it will be deployed twice,
with the new and with the old name.

> [..]
>
> Why is my override path of "/dev9/manager" ignored?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Unknown protocol: e on Windows

2019-12-04 Thread Konstantin Kolinko
ср, 4 дек. 2019 г. в 22:38, Christopher Schultz :
> Konstantin,
>
> On 12/4/19 13:33, Konstantin Kolinko wrote:
> > ср, 4 дек. 2019 г. в 20:28, Christopher Schultz
> > :
> >>
> >> All,
> >>
> >> I feel like I should be able to figure this out on my own, but
> >> I'm drawing a blank.
> >>
> >> I'm trying to upgrade from Apache Tomcat 8.0.35 to Apache Tomcat
> >> 8.5.35 and I'm getting errors on a certain portion of the
> >> conf/server.xml configuration.
> >>
> >> I copy have a perfect copy/paste of the config file here but
> >> basically this is configuring a keystore for TLS. Something like
> >> this:
> >>
> >> 
> >>
> >> The error is "unknown protocol: e". Clearly,
> >> Tomcat/Java/URL/whatever thinks that "E:" is a protocol. No
> >> problem... this has to be a file URL, so let's make it a file
> >> URL: [...]
> >
> > Chris,
> >
> > 1) Do know where that message is produced? (Stacktrace? What
> > version of Tomcat?)
> >
> > E.g. it may be that the code has several attempts to use the value
> > a) as file path, b) as URL,  and you only see the message from the
> > second attempt b), but it is a) that fails.
>
> I can get all that. I don't have access ATM. This was definitely being
> called through createSSLContext() and getStore() while loading the
> keystore. I'll write back when I have that exact info.
>
> > Is your keystoreFile path correct?
>
> Yes, if you ignore the fact that I cannot figure out how to "spell" it
> properly :)
>
> This works without error on the same Java version but using Tomcat 8.0.35.

Looking at the code, Tomcat 8.5 was refactored to use ConfigFileLoader there.
The message produced by ConfigFileLoader is rather misleading.
It is actually a "new File(location).isFile()" call that returns "false".

Looking at the sources of 8.5.x, the call path is probably the following:
o.a.t.util.net.SSLHostConfigCertificate#getCertificateKeystore():

result = SSLUtilBase.getStore(getCertificateKeystoreType(),
getCertificateKeystoreProvider(),
getCertificateKeystoreFile(),
        getCertificateKeystorePassword());

o.a.t.util.net.SSLUtilBase#getStore(...) L197

istream = ConfigFileLoader.getInputStream(path);

org.apache.tomcat.util.file.ConfigFileLoader

https://github.com/apache/tomcat/blob/8.5.x/java/org/apache/tomcat/util/file/ConfigFileLoader.java#L79

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Unknown protocol: e on Windows

2019-12-04 Thread Konstantin Kolinko
ср, 4 дек. 2019 г. в 20:28, Christopher Schultz :
>
> All,
>
> I feel like I should be able to figure this out on my own, but I'm
> drawing a blank.
>
> I'm trying to upgrade from Apache Tomcat 8.0.35 to Apache Tomcat
> 8.5.35 and I'm getting errors on a certain portion of the
> conf/server.xml configuration.
>
> I copy have a perfect copy/paste of the config file here but basically
> this is configuring a keystore for TLS. Something like this:
>
>  keystoreFile="E:\path\to\keystore.jks"
> [...]
> />
>
> The error is "unknown protocol: e". Clearly, Tomcat/Java/URL/whatever
> thinks that "E:" is a protocol. No problem... this has to be a file
> URL, so let's make it a file URL: [...]

Chris,

1) Do know where that message is produced? (Stacktrace? What version of Tomcat?)

E.g. it may be that the code has several attempts to use the value a)
as file path, b) as URL,  and you only see the message from the second
attempt b), but it is a) that fails.

Is your keystoreFile path correct?

2) Why the settings are specified on a . They will be
translated into / on the fly, but maybe
something is broken.

http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_Certificate
It says that certificateKeystoreFile can be an URI.

3) Does you connector use JSSE or OpenSSL?

There is some code that translates between the two configuration
flavors on the fly, but maybe something is broken.

> I'm using Oracle Java 1.8.0 build 161.

FYI, an up-to-date version of Java 8 for Windows is available from AdoptOpenJDK.
https://adoptopenjdk.net/

It is 8u232 now.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Support for JDK only by Windows Installer?

2019-11-16 Thread Konstantin Kolinko
сб, 16 нояб. 2019 г. в 12:08, Alexander Norz
:
>
> Am 15.11.2019 22:23, schrieb Mark Thomas:
> >
> >
> > Patches welcome.
> >
> > Mark
> >
>
> A patch is nearly ready. I will sent a pull request asap.

I think that you should start with a real reproducible description of
the issue (in Bugzilla).

What JDK are you using, from what vendor, and what are the steps to
reproduce the issue.

> But because of getting no error code and finding no log-file after a failed 
> silent installation.

Generally,

1) Without a JDK the installer cannot really choose whether to install
32-bit or 64-bit binaries.
I think that we can default to 64-bit nowadays.

2) The JDK can be reconfigured later, via configuration manager
(tomcat9w.exe) or by editing the registry.

>From 1) it is odd that the installer does not fail, but from 2) you
can always fix it afterwards (as long as CPU architecture is chosen
correctly and the correct binaries are installed).

> The environment variable JAVA_HOME isn't supported actually.

>From my experience with installing the service with service.bat, the
environment variables are lost when a program runs with elevated
privileges. That is why service.bat was changed to pass all settings
as command line arguments when installing a service (calling
tomcat9[w].exe). You may find a reference to Bugzilla issue in the
commit history of the service.bat file.

Best regards,
Konstantin Kolinko

> Alexander
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Getting Tomcat internal logging working

2019-11-07 Thread Konstantin Kolinko
чт, 7 нояб. 2019 г. в 17:11, Christopher Schultz :
>
> I'm using bin/catalina.sh start to launch Tomcat on Macos. The 'ps'
> command shows the following partial command-line:
>
> [...]
> - -Djava.util.logging.config.file=${CATALINA_BASE}/conf/logging.properties
> - -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager [...]
>
> The file ${CATALINA_BASE}/conf/logging.properties does indeed have the
> changes below.

OK, good.

(I hope that `ps` shows the actual path to logging.properties. There
should not be unexpanded reference to a environment variable above.)

This reminds me: ClassLoaderLogManager allows each web application to
have its own configuration of logging. If you have a
"logging.properties" file elsewhere in classpath of that web
application, it will have precedence over the default one.

The recommended use of this technology is to place your configuration
into WEB-INF/classes/logging.properties file of your web application.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Getting Tomcat internal logging working

2019-11-06 Thread Konstantin Kolinko
чт, 7 нояб. 2019 г. в 05:44, Christopher Schultz :
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I can't believe I'm having trouble with this, but I'm struggling with
> enabling logging.
>
> I'm experimenting with the CsrfPreventionFilter, which currently has
> zero logging at all in it. So, first I modified the code to add:
>
> + private final Log log =
> LogFactory.getLog(CsrfPreventionFilter.class);
>
> and, later
>
> if (nonceCache == null || previousNonce == null ||
> !nonceCache.contains(previousNonce)) {
> +   log.trace("nonceCache=" + (null == nonceCache ? "(null)" :
> nonceCache.cache));
> +   log.trace("previousNonce=" + previousNonce);
> +   log.trace("nonceCache.contains=" + (null == nonceCache ?
> "(null)" : nonceCache.contains(previousNonce)));
>
> res.sendError(getDenyStatus());
> return;
> }

Are you modifying the correct file?
(1. At build time it is copied to the output directory. Are you
modifying the source or the copy?

2. The configuration file is enabled via
-Djava.util.logging.config.file= system property that is set by
catalina script.  If you run Tomcat in some other way, that system
property may be not set at all. (E.g. when running Tomcat from within
Eclipse IDE.)
)

> Finally, I modified these lines in $CATALINA_BASE/conf/logging.propertie
> s:

> - - java.util.logging.ConsoleHandler.level = FINE
> + java.util.logging.ConsoleHandler.level = ALL
>
> ...
>
> + org.apache.catalina.filters.level=ALL

Looks OK.  Personally I never use 'ALL', but it should be OK. I prefer
to use FINE, FINER or FINEST.

https://docs.oracle.com/javase/7/docs/api/java/util/logging/Level.html#ALL

> When running, I see no logging when I'm expecting to see things in
> catalina.out. I changed these lines from log.trace() to
> System.err.println() and they do indeed show up.
>
> What am I missing?
>

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Any tutorials or hints about JSP using javax.script engines instead of Java?

2019-10-09 Thread Konstantin Kolinko
вт, 8 окт. 2019 г. в 18:11, Rony G. Flatscher (Apache) :
>
> Does anyone know of any tutorials that would demonstrate how to use any 
> javax.script language in
> JSPs instead of Java (e.g. using Jython or JavaScript instead)?
>
> If not, any advice/hint how to realize/create such a functionality (for then 
> creating such a
> tutorial instead) would be highly appreciated!

1. There is no such feature in Apache Tomcat.

Tomcat implements JSP specification and the specification [1] only
supports language="java" in a JSP declaration.

[1] 
https://cwiki.apache.org/confluence/display/TOMCAT/Specifications#Specifications-JavaServerPagesandExpressionLanguageSpecifications

Support for other language needs some specification document of such a
feature, and I do not know about any such document.

2. Technically, support for JSPs is provided by "Jasper" component of
Tomcat and its org.apache.jasper.servlet.JspServlet

Technically, it should not rely on Tomcat internals and could be
swapped with some other implementation. (Not tested).

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?

2019-10-08 Thread Konstantin Kolinko
ср, 9 окт. 2019 г. в 00:06, :
>
> How do we get access to the dev list for information around release 
> candidates, etc.?

In the same way as for the current (users) mailing list that you are writing to:
either subscribe or read past messages in an archive.
http://tomcat.apache.org/lists.html

And do not forget to follow the rules. They are the same as for the users list:
http://tomcat.apache.org/lists.html#tomcat-users
6. Top-posting is bad.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Bug in org.apache.tomcat.util.codec.binary.Base64.decodeBase64 ?

2019-10-08 Thread Konstantin Kolinko
вт, 8 окт. 2019 г. в 12:24, Arnaud Yahoo :
>
> Hello,
>
> I am using a 3rd party valve for OpenId Connect authentication that stop
> working upgrading from tomcat 8.5.24 to 8.5.46
>
> I managed to isolate the issue behing this and it is caused by a change
> in org.apache.tomcat.util.codec.binary.Base64
>
> It can be reproduce with a simple test case
>
> @Test
>  public void decodeBase64Test() {
>  String str =
> "YZJXP8zFDY6WPk1NZx4RtkH95lA4H_GM_XmFjouJImtqy-PD27-GUYVrCq1QM3M09TzRFZTL4aMMTweZFj3h1M-4Pqb4xrRq9URICQ9ffpnB9OGKjEwEpzhICwbE8C8-zEbhFOEgdXcyeP0pJc9uHEUH9Z4rTEg0jxmOmffIAbX9zfjhIla0XUsFd2C2QQGXu1nTFrb2EqfhLDls4ZLCcnLZE6Be3SpHCtvZiFN4w3xlI0TZitX4S3SjTocK4Xobb3Ey0RnewDP6jw78JniFTbuuGB962GlHDJvaQoda2dON9j7Yhv_pTvxBlHDmIKYINYsBfTwEQ_qtLJtmcvv41Q";
>
> assertArrayEquals(org.apache.tomcat.util.codec.binary.Base64.decodeBase64(str),
> java.util.Base64.getUrlDecoder().decode(str));
>  }
>
> This test is ok with 8.5.24 but fails with 8.5.46. Are there any known
> issues with Base64 utility ?

Please test with 8.5.47 release candidate that is currently being
voted (see e-mails on the dev@ list for links).

There have been changes in the decoding code between 8.5.46 and .47.

c8fcc65e74d43b8201a50a30f88836264e565f79
709b45b42020d6cbc59940ab04380f5b0134b946
(on 17 and 18 of September)

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Acessing static content - Tomcat 7 vs. Tomcat9

2019-10-07 Thread Konstantin Kolinko
пн, 7 окт. 2019 г. в 15:44, Martin Knoblauch :
>
> Hi Konstantin,
>
> On Mon, Oct 7, 2019 at 2:36 PM Konstantin Kolinko 
> wrote:
>
>
> 2. For Tomcat to issue a redirect, the "docs" directory must be
> > present in your web application. It can be empty, but it must be
> > present. (If there is none, Tomcat does not know that the requested
> > resource is a directory).
> >
> >
> OK. The "docs" directory is actually a symbolic link to a directory
> elsewhere.

Symbolic links by default are not allowed inside a web application.
The option to allow them differs between Tomcat 7 and 8.0, due to a
different underlying implementation of Web Application resources.

http://tomcat.apache.org/migration-8.html#Web_application_resources

(As a reminders: symbolic links must never be enabled on a
case-insensitive filesystem such as used by Windows, as it disables
the necessary security checks.)

http://tomcat.apache.org/tomcat-9.0-doc/security-howto.html

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Acessing static content - Tomcat 7 vs. Tomcat9

2019-10-07 Thread Konstantin Kolinko
пн, 7 окт. 2019 г. в 14:23, Martin Knoblauch :
>
> Dear fellow Tomcat users,
>
>  recently we migrated our application from Tomcat7 to Tomcat9. Most things
> work great so far, but we observed on issue. Basically serving static pages
> has stopped for us.
>
>  Our setup is Tomcat (7.0.62 or 9.0.12) behind Apache HTTPD (2.4.41 using
> mod_jk 1.2.46). Yes, 9.0.12 is not recent, but we are forced to that
> version.
>
> The mod_jk configuration basically looks like:
>
> 
>   LoadModule jk_module modules/mod_jk.so
>
>   JkWorkersFile "conf/cb2/workers.properties"
>   JkShmFile "logs/jk-runtime-status"
>   JkLogFile "logs/mod_jk.log"
>   JkLogLevel info
>   JkWatchdogInterval 60
> 
>
> And then later inside a virtual host:
>
> #
> # CB2 - Portal
> #
> # Mount the "/cb2" application to worker "cb2"
> #
> JkMount /cb2/* cb2
> #
> # Unmount "/cb2/docs" from worker "cb2" to allow static content
> # beeing served by apache. Same for "/cb2/cgi-bin"
> #
> JkUnMount /cb2/docs/* cb2
>
> So we JkUnMount the "/cb2/docs" directory from the application base in
> order to server the content directly from Apache. "docs" itself is a
> symbolic link pointing outside the application base.
>
> With TC7, we observe the following in the apache access_log:
>
> [07/Oct/2019:12:30:47 +0200] [2 ms] 160.46.219.110 - "POST /cb2/docs
> HTTP/1.1" s:302 l:- S:TLSv1.2 C:ECDHE-RSA-AES256-GCM-SHA384
> [07/Oct/2019:12:30:47 +0200] [20 ms] 160.46.219.110 - "GET /cb2/docs/
> HTTP/1.1" s:200 l:6367 S:TLSv1.2 C:ECDHE-RSA-AES256-GCM-SHA384
>
> So the POST from the application is redirected to the static content, which
> is served OK.

A web server will happily server a static content in response to a
POST request. The redirect happens because you are requesting a
directory and your request URI does not end with a '/'.

> With TC9 we see:
>
> [05/Oct/2019:02:58:13 +0200] [0 ms] #160.46.219.110# - "GET /docs HTTP/1.1"
> s:404 l:196 S:TLSv1.2 C:ECDHE-RSA-AES256-GCM-SHA384
>
> As said, the major difference between the setups is TC7 vs. TC9. Any ideas
> for me to follow? I did not find anything in the migration 7->8 or 8->9
> guides.

1. In your access log here I see "GET /docs" instead of "/cb2/docs".
Is it intentional?

2. For Tomcat to issue a redirect, the "docs" directory must be
present in your web application. It can be empty, but it must be
present. (If there is none, Tomcat does not know that the requested
resource is a directory).

3. Starting with some version (January 2016) the default place where
the redirect is issued by Tomcat was moved from Mapper (in earlier
stages of request processing) to the DefaultServlet. This behaviour is
controlled by configuration attributes on a Context (in the file
META-INF/context.xml of your web application). See CVE-2015-5345

http://tomcat.apache.org/security-9.html

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Invalid HTTP Header - attack?

2019-08-01 Thread Konstantin Kolinko
чт, 1 авг. 2019 г. в 22:11, John Dale :
>
> Great feedback.  Thanks.
>
> I am the network department. :)
>
> This is a public facing service and shortly after I see this in the
> log, I get an OOM exception and server shutdown.  Twice now this
> morning.
>

The exception text is a bit misleading. It says "header", but it
actually caused by sanity checks that are done when parsing the first
line of the request (it precedes all the headers) aka the "request
line". Thus you can see "parseRequestLine()" in the stack trace.

As you may know, starting with HTTP/1.1 a client can send several HTTP
request over the same connection (aka "keep alive", also "request
pipelining"). If the length of the preceding request was not processed
correctly either because the client sent an incorrect value of
Content-Length header or if there is a bug, Tomcat will start parsing
a new request at a wrong place and you will see such an error.

Other cause of similar errors is when a client tries to connect using
https: protocol to a http: connector. A small difference is that in
that case the sanity check will be triggered earlier: when parsing the
HTTP method name (the first component of the request line). In your
case the error message says about the HTTP protocol version (the third
component of the request line).


1. Personally, I always run with
org.apache.catalina.connector.RECYCLE_FACADES=true
as documented in [1].

This property helps if there is a bug in a web application.

2. Make sure that you use an up-to-date version of Tomcat. You didn't
tell us what version of Tomcat 9.0.x you are using.

3. If there is bug that causes Tomcat to incorrectly process a length
of a request (a known way to trigger such a bug), I think that it will
be treated as a security vulnerability that leads to an information
leak.

See CVE-2018-8037 )fixed in 9.0.10), CVE-2017-5651 and CVE-2017-5647
(both fixed in 9.0.0.M19) for an idea.

https://tomcat.apache.org/security-9.html

Maybe you can configure creation of a heap dump during the OOM, so
that it could be diagnosed what is causing a memory leak?

Note that there is a procedure to report security issues [2]. A public
Bugzilla should not be used for such reports.

4. The error message that you saw is printed only once in every 24
hours. The latter occurrences during the same day are suppressed
(logged at DEBUG level) to prevent flooding one's log files. This
behaviour is controlled by system properties [3],

org.apache.juli.logging.UserDataHelper.CONFIG
org.apache.juli.logging.UserDataHelper.SUPPRESSION_TIME

[1] 
https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#System_Properties

[2] https://tomcat.apache.org/security.html

[3] https://tomcat.apache.org/tomcat-9.0-doc/config/systemprops.html#Logging

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Can Tomcat ignore overridden jar

2019-07-29 Thread Konstantin Kolinko
вс, 28 июл. 2019 г. в 09:26, Jmeter Tea :
>
> We are using Tomcat 8.5 *without any hot deploy*,
>
> I assume that classes are loaded to memory and for example if class change
> in jar it will ignore (not hot deploy)

Mark have already answered your question.

Adding to that: I think you should consider using the "parallel
deployment" feature. You can deploy a new version of your application
in parallel with the old one.

http://tomcat.apache.org/tomcat-8.5-doc/config/context.html#Parallel_deployment

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Password is not working properly

2019-07-29 Thread Konstantin Kolinko
чт, 25 июл. 2019 г. в 17:23, Support :
>
> Hi Sir,
>
> I am using tomcat 9 for my application. For my admin page, I have a
> username and password in conf/tomcat-user.xml.
> Using digest.sh, I encrypted my password(sha-256).
>
> password: Password
> encrypted: 5er5akakfkd556546adnfjbkklndkfgbjdb

Even though everyone now knows your password,
but nobody knows what you actually did (step-by-step),
nor what exact version of Tomcat 9.0.xx you are using,
nor how your Realm is configured.

Your "encrypted" value does not look like a correct password digest,
which has format "{salt}${iterations}${digest}"

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Re: HTTP to HTTPS redirect not happening

2019-07-22 Thread Konstantin Kolinko
вс, 21 июл. 2019 г. в 00:09, Richard Huntrods :
>
> I still am having trouble understanding why the web application's
> WEB-INF/web.xml would be the appropriate place to put the change when I
> want to affect ROOT. I would have thought webapps/ROOT/WEB-INF/web.xml
> would have been the correct one.

Every web application has its own set of files, rooted to its own
directory or zipped as war file.

The "WEB-INF/web.xml" file is one of those files.

The "WEB-INF/web.xml" file for the "ROOT" web application is indeed
$CATALINA_BASE/webapps/ROOT/WEB-INF/web.xml.

The file for the "manager" web application is
$CATALINA_BASE/webapps/manager/WEB-INF/web.xml.

and so on.

The global defaults file "$CATALINA_BASE/conf/web.xml" should not be modified.

> which is considered "more elegant" or better

+1 to Martynas's answer.

The web.xml is defined by specification, better understood and better
tested, and is supported by other Servlet Containers besides Apache
Tomcat. In general, there should be more people who are able to help
with it, compared to helping with a RewriteValve.

(Though if there are a lot of Apache HTTPD Server administrators
around you, the rewrite syntax will be more familiar to them).

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: WAR file not deploying correctly

2019-07-22 Thread Konstantin Kolinko
пн, 22 июл. 2019 г. в 11:28, Victor WILLART :
>
> 22-Jul-2019 09:36:31.598 SEVERE 
> [ContainerBackgroundProcessor[StandardEngine[Catalina]]] 
> org.apache.catalina.startup.ExpandWar.deleteDir [C:\Program Files\Apache 
> Software Foundation\Tomcat 8.0\webapps\ProductionMetricsApp-0.3.0\config] 
> could not be completely deleted. The presence of the remaining files may 
> cause problems

As you can see from the above log message, Tomcat was unable to delete
the "config" directory. Thus your stopping and undeploying a web
application was not completed.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat 9.0.20 : send email on errors

2019-07-22 Thread Konstantin Kolinko
пн, 22 июл. 2019 г. в 20:38, Robert Hicks :
>
> Using the default logging (java.util.logging) is it possible to have Tomcat
> itself (not a jsp or servlet) send an email if it is unable to log or there
> are errors in its log files?

This question reminds me of Zawinski's Law.

Reliable monitoring would better be performed by some external tool.

> The scenario I am thinking of would be if the logging file system is full
> or unavailable due to other issues.

java.util.logging has an internal mechanism to handle fatal errors.

To reference some source code - looking at some version of JDK 8, see
the files in
http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/687fd7c7986d/src/share/classes/java/util/logging

For example, see how StreamHandler.publish() handles errors (lines of
225-228 of StreamHandler.java). If it is unable to write a message it
does

[[[
} catch (Exception ex) {
 reportError(null, ex, ErrorManager.WRITE_FAILURE);
}
]]]

The actual processing of the error is delegated to a
java.util.logging.ErrorManager.  The default implementation just
prints to System.err once and ignores further errors, but I think it
is configurable.

I hope this helps.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [EXTERNAL] Re: cglib jars always give errors with different versions when start Tomcat 9.0.13

2019-07-22 Thread Konstantin Kolinko
пн, 22 июл. 2019 г. в 23:15, Hua, Gary - Saint Louis, MO - Contractor
:
>
> Chris:
>
> We inherited this web application from previous vendor IBM.The original 
> version of hibernate related jars are: cglib-2.1.jar, ehcache-1.1.jar, 
> hibernate3.jar(3.1.0)
>
> This web application was deployed to WebSphere server and it works fine so 
> far, but now our client need to switch to Tomcat server. The web application 
> works okay in my local Tomcat 9.0.13 server in eclipse, but when I deploy it 
> to our web server, those errors occur when I start the server.

1. Why not the current version of Tomcat 9 (9.0.22) ?

2. Does the class mentioned in a NoClassDefFoundError exist in exactly
one of the jars that you are using (and no more than one jar)?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: WAR file not deploying correctly

2019-07-20 Thread Konstantin Kolinko
пт, 19 июл. 2019 г. в 12:47, Victor WILLART :
>
> Hi everybody,
>
>
> I am using Tomcat 8.0, and I am struggling to replace and deploy a WAR file.
>

Tomcat 8.0 has reached End of Life and should not be used anymore. The
replacements are Tomcat 8.5 and 9.0.

>
> I made a new WAR file, named it like the old one, and replaced it in my 
> webapps folder. But the new generated folder for my application is just 
> containing a single folder "config" which is empty. All the other folders and 
> files are missing … I tried also to deploy it through the Tomcat Manager and 
> it happened the same.
>
>
> I don't think my war file is wrong since I have a back up folder of my app 
> that was working perfectly before trying this, and the back up WAR file isn't 
> working neither.  Only replacing the deployed folder by the deployed folder 
> from back up makes my app work again correctly.
>
>
> If you have any hints or guesses about this, I would gladly try them.
>

1. A WAR file is effectively a ZIP archive (with minor differences
like using UTF-8 to encode file names). The first thing Tomcat does
when you deploy the web application is to unpack the file.  You can
perform this step manually using the "jar"utility from JDK.

If you unpack the file manually, you would better remove the war file
from the webapps directory (or at least rename its extension), so that
auto-deployment does not interfere.

It may be that your war file is broken, or does not contain anything
besides the "config" directory. The "t" command of the jar utility can
be used to test the war file and to list its contents (as suggested by
Christopher).

2. When you undeploy a web application, make sure that all its files
(in webapps and in work directory) are removed. The "config" directory
may remain from an incomplete undeployment.

E.g. if the files in the config directory are owned by root user and
cannot be deleted by the user running Apache Tomcat.

3. I hope that you do not run two copies of Tomcat over the same
webapps directory at the same time.

4. Read the logs.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: HTTP to HTTPS redirect not happening

2019-07-20 Thread Konstantin Kolinko
сб, 20 июл. 2019 г. в 17:47, Richard Huntrods :
>
> OK. That was really weird.
>
> As I said in my message, following the directions on the web did NOT
> work. It didn't force redirection from http to https.
>
> What it DID end up doing was to kill the tomcat servlet application.
> Before the change it was working fine, and after the change it would
> only generate a 404 page.
>
> I reverted to the original /conf/web.xml, restarted tomcat and the
> servlet application is back up and running perfectly.
>
> So this code in /conf/web.xml affected the servlet but not the ROOT
> static web pages.

1. The web.xml file and its behavior are defined in the Servlet Specification.

Some random instructions on the net have to be used carefully.

2. The web.xml file is the one in your web application (WEB-INF/web.xml).

The /conf/web.xml file provides defaults for all web applications, and
SHOULD not be edited. (The /conf/context.xml should not be exited as
well. That is another frequent error.).

Those defaults are merged with the web.xml file of your web
application using merging rules defined in the Servlet Specification.

There is an option, "logEffectiveWebXml" [1] that turns on logging of
the merged web.xml file.

3. Beware of typos.

The tag "" is misspelled.

There is an option, "xmlValidation" [1] that turns on automatic
validation of web.xml against the XML schema specified in that file.

(Personally, I usually run with
org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
and that turns "xmlValidation" on as well).

4. Top-posting is bad.

[1] http://tomcat.apache.org/tomcat-9.0-doc/config/context.html

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: tomcat and openjdk as windows service

2019-07-19 Thread Konstantin Kolinko
пт, 19 июл. 2019 г. в 15:02, Lemke, Michael ST/HZA-ZIC2
:
>
> I have tomcat (9.0.22) running as a service on Windows with Oracle's Java 8. 
> I now want to move this to OpenJdk 12 to keep current and I have quite some 
> problems to have tomcat find the OpenJdk installation. With Oracle it just 
> worked with the Jvm=auto option for the tomcat service. With OpenJdk I only 
> got it to work by messing around with JAVA_HOME, which is no fun especially 
> for services. Without it tomcat doesn't find Java or uses Oracle's if I don't 
> remove it first.
>
> Now is this a tomcat problem or a OpenJdk installation problem?
>
> For OpenJdk I used
>
> https://github.com/ojdkbuild/ojdkbuild/releases/download/12.0.1-1/java-12-openjdk-12.0.1.12-1.windows.ojdkbuild.x86_64.msi
>
> and have the installer set the Windows Registry entries under JavaSoft
>
> HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\JDK\12.0.1
>
> From what I found on the net these Registry settings changed with Java 9.
>

I use OpenJDK 12.0.1 on Windows with Tomcat 9, successfully.

I am using a build of OpenJDK that was packed as a zip file, so that
is from a different vendor than yours.
I cannot comment on all steps of your experience with installer, but
here are a few comments/ pointers


1. I installed Tomcat as a service using "service.bat" file included
with Tomcat.

The JAVA_HOME environment variable is used by "service.bat" file only.
I set it at command prompt before running the service.bat file. E.g.

set JAVA_HOME=C:\Programs\java-12

There is no need to set the variable globally. Your frustration is uncalled for.

2. The path to Java can be edited via a GUI configuration dialog for
the service runner. The dialog is shown when you run "tomcat9w.exe".


3. The service runner is provided by Apache Commons Daemon project and
is used by Apache Tomcat (and other projects) "as is". (The service
runner for Windows is called "Procrun" within that project.)

http://commons.apache.org/proper/commons-daemon/procrun.html

"tomcat9.exe" and "tomcat9w.exe" are renamed copies of "prunsrv.exe"
and "prunmgr.exe" respectively.

I do not remember how procrun searches for Java jvm.dll. I's been a
long time since I studied their source code. If that algorithm could
be improved, it is an issue with Apache Commons Daemon project.

If some documentation is lacking, it could be improved in Apache Tomcat project.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat not responding (in browser) after undeploying docs and examples application.

2019-06-16 Thread Konstantin Kolinko
вс, 16 июн. 2019 г. в 07:11, Nazmus Sadat :
>
> Greetings.
> For security reasons, I wanted to remove docs and examples application. So,
> at first, I deleted both of their directories from the webapps directory.
> However, the remaining applications (including manager app) were not
> responding in browser (blank pages were being served), although the tomcat
> service was running in the server. The logs were not showing anything.
>
> Then I put back docs and examples directories in webapps directory, and
> things were back again. Then, I tried to undeploy them using tomcat
> manager. The undeployment works, but again I got blank screens for
> remaining applications.
>
> I even tried restricting access to these two apps (docs and examples) using
> valve and filters. And unfortunately, again the same issue: I get blank
> screens.
>
> Finally, I started with a clean installation. However, I get same result
> after undeploying docs and examples.
>
> Permission is not an issue, all contents belong to the tomcat user.
>
> I am using Tomcat 8.5.37.
>
> Operating System: Amazon Linux 4.14.88
> Java version: 1.8.0_191-b12

1. What is in your access log file? (Was the request processed by Tomcat?)

(as mentioned in FAQ > Troubleshooting)

2. Blank page in Tomcat 8.5 may be generated for either of the following reasons
a) the request was rejected at an early stage of processing before
reaching a web application (e.g. an incorrect request, HTTP response
code 400)

b) there is no ROOT web application, i.e. there is no application that
has an ErrorReportValve that can generate an user-friendly error page.

> Finally, I started with a clean installation.

3. A clean installation starts with downloading a binary release (zip
or tar.gz file) from tomcat.apache.org we site. Is this what you did?

Why aren't you using the current version (8.5.42)?


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: How to stop trailing slash redirects?

2019-06-06 Thread Konstantin Kolinko
чт, 6 июн. 2019 г. в 10:32, Rob Nikander :
>
> Hi,
>
> I would like requests to a webapp to have paths that look like this:
>
> http://server/myapp <http://server/myapp>   not:  http://server/myapp/ 
> <http://server/myapp/>
>
> But for some reason, Tomcat keeps redirecting the 1st to the 2nd. I’m aware 
> of the attribute `mapperContextRootRedirectEnabled` (on the Context), but 
> setting that to “false” is not helping.  My web.xml looks like:
>
> 
> MyServlet
> 
> /other
> …
>
> What is going on? How do I stop the redirects?

1. Exact version number of Tomcat =? Does it support that attribute?

2. I think that you have to make your servlet the default one,
i.e. to map it to / just like it is done
with DefaultServlet in the default web.xml.

A filter can be mapped like that as well.

3. Beware that session cookies have "/" appended to their Path
attribute by default.

There is a Context attribute that configures that, but beware that
when a cookie path does not have the trailing '/', some browsers will
send this cookie both to myapp and to myappFoo (with any suffix).


In general, disabling the redirect is a bad idea and should be avoided.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: programmatically setting MIME mappings for static-only site

2019-04-19 Thread Konstantin Kolinko
пт, 19 апр. 2019 г. в 19:29, Garret Wilson :>
> I'm wanting to embed Tomcat to only serve static files (for the moment).
> That is, no JSP, etc. I also want to have the welcome files completely
> customizable.
>
> So instead of calling `tomcat.addWebapp()`, I go the completely
> programmable route and call `tomcat.addContext()`,
> `context.createWrapper()`, etc. This makes my bypass the
> `DefaultWebXmlListener`, which would have called
> `initWebappDefaults(Context ctx)` to set up the welcome files and such
> myself.
>
> But `initWebappDefaults()` also sets up the default MIME mappings. And
> `Tomcat.DEFAULT_MIME_MAPPINGS` is private.

Also note that the value is not synch'ed with the default list in
conf/web.xml. E.g  the following entries from the top of the default
list are missing


123
application/vnd.lotus-1-2-3


7z
application/x-7z-compressed


(and many others)

Some years ago the list in web.xml was synch'ed to the similar file in
Apache HTTPD, but the list used by embedded Tomcat was not updated.

Previous discussion:
http://markmail.org/message/gjkixk7wysopyztp

> So the situation seems to be that Tomcat forces me to choose between
> creating a full-fledged JSP server, or setting up all the MIME types
> with some list of my own. Maybe it would be good for me to have my own
> list eventually, but for now this seems like an artificial choice forced
> upon me.
>
> Part of the problem seems to be that the (ancient?) code has the MIME
> mappings as a string array!! Heaven knows we don't want to expose that.
> It should really be turned into a read-only map and then exposed so we
> can use it.

An array is a bad API, but generally it is faster to create an array.
All the time used to create a map goes to waste if it is only accessed
sequentially, like it is done here.

The only place where the values are used is

for (int i = 0; i < DEFAULT_MIME_MAPPINGS.length;) {
ctx.addMimeMapping(DEFAULT_MIME_MAPPINGS[i++],
DEFAULT_MIME_MAPPINGS[i++]);
}

There are some people who ask for options to make Tomcat to start up
faster (e.g. in a "serverless" environment when you start a process on
demand and pay for execution time). Not being careful here may
negatively affect the startup time. The current
'DEFAULT_MIME_MAPPINGS' field is a static one and is always created
when the class is loaded, regardless of whether it will be used or
not.


> Then of course I see the comment:
>
>  > TODO: would a properties resource be better ? Or just parsing
> /etc/mime.types ?
>
> To answer part of that question, we can't just parse `/etc/mime.types`
> because the embedded server might not even have an `/etc/mime.types`
> file. This should definitely be put into a properties resource, I would
> think.

For reference,
https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types

> So I've probably answered my own question; this is an old TODO that
> needs to be done, I suppose?
>

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Is there a problem with the digest?

2019-04-12 Thread Konstantin Kolinko
пт, 12 апр. 2019 г. в 17:27, Richard Huntrods :
>
> It's been four days since I've seen a 'users-dig...@tomcat.apache.org'
> email. I posted a question on April 9, and no digest since (I subscribed
> to the digest), yet I found a reply on the digest archive by searching
> with Google.

Why Google? The are several public archives of this mailing list, as
listed here:
https://tomcat.apache.org/lists.html#tomcat-users

> So again... is there a problem with digest emails? I have no spam
> filters enabled and there's nothing in a junk or trash folder.
>
> I also tried sending a blank email to
> users-digest-h...@tomcat.apache.org yesterday and no reply from that either.

I never tried sending a "blank" email. Those may be rejected by spam
filer (as well as e-mails using HTML formatting).

I usually add a few lines of text.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: ecj-4.6.3 no longer required?

2019-03-26 Thread Konstantin Kolinko
вт, 26 мар. 2019 г. в 20:58, David Cleary :
>
> I'm current updating our server that is based on Tomcat 8.5.x and found that 
> ecj-4.6.3.jar is no longer in the distribution. The changelog does not
note that it has been removed. I just want to confirm that I should
remove this library as part of the Tomcat update.

How did you install your copy of Apache Tomcat?
Both the official apache-tomcat-8.5.39.zip and
apache-tomcat-8.5.39.tar.gz files have ecj-4.6.3.jar in them.

Technically, answering the topic of "whether it is required":

1) ECJ is not needed if your web applications do not have JSP pages.
(If they contain only servlets, or where JSPs are pre-compiled).

2) ECJ is not needed if Tomcat is configured to compile JSPs with
javac from JDK. It is possible, but it is a rare configuration.

3) The ecj.jar can be replaced with any newer version.

This specific version (ecj-4.6.3.jar) is the latest one that can run
on Java 7, thus it is bundled with the official release of Tomcat 8.5.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Documentation difference between Apache Tomcat 8.0 and 8.5

2019-02-12 Thread Konstantin Kolinko
вт, 12 февр. 2019 г. в 17:28, Christopher Schultz
:
>
> -BEGIN PGP SIGNED MESSAGE-
>
> Maybe so you can use syslog to aggregate all your logs? IFAIK, there
> is not a good way to send JULI logging to syslog, but log4j supports it.

Certainly, there exists a way. I have not used it yet though.

https://stackoverflow.com/questions/2311697/is-there-a-robust-java-util-logging-handler-implementation-of-syslog
http://rusv.github.io/agafua-syslog/

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: tomcat 8.5.38 change to catalina.sh

2019-02-11 Thread Konstantin Kolinko
вт, 12 февр. 2019 г. в 00:17, Charles Slivkoff :
>
> More details.
>
> CATALINA_PID is being defined before calling catalina.sh.
>
> The 8.5.37 version is storing a PID value, but it is not the correct PID. 
> Might this have been the reason for the change?
>
> The 8.5.38 version does not even create the file.
>
> I can also see this same behavior on Ubuntu 18.04.1 LTS.
>

The two most recent changes to catalina.sh in Tomcat 8.5 are

http://svn.apache.org/viewvc?view=revision=1850830
http://svn.apache.org/viewvc?view=revision=1848048

I have several thoughts here. I think Bug 63041 is the place to
discuss a solution to this issue.

https://bz.apache.org/bugzilla/show_bug.cgi?id=63041

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat occasionally returns a response without HTTP headers

2018-12-01 Thread Konstantin Kolinko
сб, 1 дек. 2018 г. в 01:30, Kohei Nozaki :
>
> Hello Christopher, thank you for your help.
>
> * Our downstream Nginx instance (The client of our Tomcat instance) recorded 
> the error "upstream sent no valid HTTP/1.0 header while reading response 
> header from upstream" at that time and the error makes perfect sense 
> concerning the response which has neither HTTP status line nor HTTP headers.
>
> Speaking of a possibility of a bug, a person commented on the Stackoverflow 
> question and said that there might be something in the request that possibly 
> downgrades the connection to HTTP/0.9. Do you think it's possible? The 
> comments can be seen from the URL below:
>
> https://stackoverflow.com/questions/53496598/tomcat-occasionally-returns-a-response-without-http-headers#comment93976313_53552752

1. See the official FAQ / Troubleshoting page:
https://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics

Especially pay attention to
1) configuring an access log
2) setting system property
org.apache.catalina.connector.RECYCLE_FACADES=true

(and Java ImageIO stream handling bug)

2. HTTP 0.9 is a valid response format (a feature, not a bug) that
does not contain status line nor headers, sends just the requested
document and closes the connection afterwards. The "Specifications"
page in the wiki has a link to the original specification, if you are
interested.

But HTTP 0.9 should never mix itself with chunked encoding. (The "5d +
CRLF" chunk size that you are seeing).

3. If somebody calls "out.flush()" (or response.flushBuffer()) before
writing a response body, the headers and the body will be sent as
separate packets and may appear separately in wireshark.  It is a
valid behaviour.

(But your client should see the headers. It shouldn't report that
headers are missing).

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: RSS Feed for Markmail

2018-10-17 Thread Konstantin Kolinko
Archives of the mailing list can be downloaded as mbox files.

http://mail-archives.apache.org/mod_mbox/tomcat-users/201810.mbox
201809, 201808 etc.

ср, 17 окт. 2018 г. в 15:53, Robert Shipway :
>
> Thank you for your help.   All fixed now.
>
> I recreated from scratch the RSS feed within the browser of Outlook 2016 and 
> it is now working again, but unfortunately have lost the history of the last 
> 6 months of e-mails.
>
> -Original Message-
> From: Robert Shipway
> Sent: 17 October 2018 12:32
> To: Tomcat Users List 
> Subject: RE: RSS Feed for Markmail
>
> Unfortunately, I am not allowed to be sending e-mails that are not HTML 
> e-mails from the company I work for and even if I try to send a non HTML 
> e-mail, our company firewall changes it to be an HTML e-mail.
>
> The error being received is
>
> 'Task 'RSS Feeds' reported error (0x800c0019): 'Unknown Error 0x800c0019'
> 'Task 'RSS Feeds' reported error (0x80070026): 'Synchronization to RSS Feed: 
> 'https://tomcat,markmail.org/atom/+list:org.apache.tomcat.users' has failed.'
>
> -Original Message-
> From: Robert Shipway 
> Sent: 17 October 2018 12:18
> To: Tomcat Users List 
> Subject: RE: RSS Feed for Markmail
>
> That is what I have been trying to do the last three days, with no response!!
>
> -Original Message-
> From: Konstantin Kolinko 
> Sent: 17 October 2018 12:15
> To: Tomcat Users List 
> Subject: Re: RSS Feed for Markmail
>
> ср, 17 окт. 2018 г. в 14:09, Robert Shipway :
> >
> > Hello,
> >
> > For the last 6 months, I have been getting the e-mails for Markmail on RSS 
> > feed but last Thursday that seem to stop for some reason and I get the 
> > following error:
> >
> > What is the best way to resolve this issue please?
>
> 1. Read the rules. You should not post HTML emails to this list and you 
> should not use attachments.
>
> http://tomcat.apache.org/lists.html#tomcat-users
>
> Your image has been filtered. Thus nobody knows what your error was.
>
> 2. Ask the owners of markmail.org site.
>
> https://markmail.org/docs/faq.xqy
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: RSS Feed for Markmail

2018-10-17 Thread Konstantin Kolinko
ср, 17 окт. 2018 г. в 14:37, Konstantin Kolinko :
>
> ср, 17 окт. 2018 г. в 14:31, Robert Shipway :
> >
> > Unfortunately, I am not allowed to be sending e-mails that are not HTML 
> > e-mails from the company I work for and even if I try to send a non HTML 
> > e-mail, our company firewall changes it to be an HTML e-mail.
> >
> > The error being received is
> >
> > 'Task 'RSS Feeds' reported error (0x800c0019): 'Unknown Error 0x800c0019'
> > 'Task 'RSS Feeds' reported error (0x80070026): 'Synchronization to RSS 
> > Feed: 'https://tomcat,markmail.org/atom/+list:org.apache.tomcat.users' has 
> > failed.'
>
> I am able to access the above URL as well as [2] with a web browser.
> It displays correctly.
>
> [2] https://tomcat.markmail.org/atom/+list:org%2Eapache%2Etomcat%2Eusers
>
> Maybe your RSS Client has trouble establishing an HTTPS connection to that 
> site?

Your URL starts with "tomcat,"  with comma, instead of "tomcat."
Clicking it in browser redirected me to
[1] https://markmail.org/atom/+list:org.apache.tomcat.users


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: RSS Feed for Markmail

2018-10-17 Thread Konstantin Kolinko
ср, 17 окт. 2018 г. в 14:31, Robert Shipway :
>
> Unfortunately, I am not allowed to be sending e-mails that are not HTML 
> e-mails from the company I work for and even if I try to send a non HTML 
> e-mail, our company firewall changes it to be an HTML e-mail.
>
> The error being received is
>
> 'Task 'RSS Feeds' reported error (0x800c0019): 'Unknown Error 0x800c0019'
> 'Task 'RSS Feeds' reported error (0x80070026): 'Synchronization to RSS Feed: 
> 'https://tomcat,markmail.org/atom/+list:org.apache.tomcat.users' has failed.'

I am able to access the above URL as well as [2] with a web browser.
It displays correctly.

[2] https://tomcat.markmail.org/atom/+list:org%2Eapache%2Etomcat%2Eusers

Maybe your RSS Client has trouble establishing an HTTPS connection to that site?

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: RSS Feed for Markmail

2018-10-17 Thread Konstantin Kolinko
ср, 17 окт. 2018 г. в 14:09, Robert Shipway :
>
> Hello,
>
> For the last 6 months, I have been getting the e-mails for Markmail on RSS 
> feed but last Thursday that seem to stop for some reason and I get the 
> following error:
>
> What is the best way to resolve this issue please?

1. Read the rules. You should not post HTML emails to this list and
you should not use attachments.

http://tomcat.apache.org/lists.html#tomcat-users

Your image has been filtered. Thus nobody knows what your error was.

2. Ask the owners of markmail.org site.

https://markmail.org/docs/faq.xqy

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: help with org.apache.jasper.compiler.JDTCompiler issue?

2018-09-20 Thread Konstantin Kolinko
ср, 19 сент. 2018 г. в 22:20, Berneburg, Cris J. - US :
>
> Hi Folks
>
> We can't figure out what's wrong with our staging server.  After upgrading 
> Java and our application, Tomcat started logging "Compilation error" 
> exceptions.  The login JSP page did not display.
>
> After reverting Java and our app, the app still won't run and still throws 
> compilation errors.  Tomcat is working because we can access the Manager and 
> Host Manager applications.
>
> As for the app deployment, we:
> 1. Stop the Tomcat service.
> 2. Delete the contents of the tomcat folder 
> work/Catalina/localhost/app/org/apache/jsp.
> 3. Delete the contents of the app folder under webapps.
> 4. Copy the new app exploded structure to the webapps app folder.
> 5. Reboot the server (Windows Server 2012).
>
> * Staging Server - before upgrade
> JRE 8u171, 32 bit
> Tomcat 6.0.32, 32 bit
> App v3.3.2
>
> * Staging Server - after upgrade
> JRE 8u181, 32 bit
> Tomcat 6.0.32, 32 bit (unchanged)
> App v3.4.1
>
> * Staging Server - after rollback
> JRE 8u171, 32 bit
> Tomcat 6.0.32, 32 bit (unchanged)
> App v3.3.2
>
> * Production Server
> JRE 8u171, 32 bit
> Tomcat 6.0.32, 32 bit
> App v3.3.2
>
> * Test Server
> JRE 8u181, 64 bit
> Tomcat 6.0.37, 64 bit
> App v3.4.1
> App v3.3.2
>
> * Dev/Build Server
> JDK 8u181, 64 bit
> Tomcat 6.0.37, 64 bit
> App v3.4.1
> App v3.3.2
>
> * Also:
> a. The 32-bit staging versus 64-bit app build was not an issue in production.
> b. The Tomcat revision 32 in staging versus 37 in dev/test has not been an 
> issue in prod.
> c. This deployment method has worked for years.
> d. I don't think the staging server needs either the JAVA_HOME or 
> CATALINA_HOME environment variables because production does not have them 
> either.
> e. The Tomcat service uses the built-in system account.
>
> * Partial stack trace:
> org.apache.jasper.compiler.JDTCompiler$1 findType
> SEVERE: Compilation error
> org.eclipse.jdt.internal.compiler.classfmt.classFormatException
> at 
> org.eclipse.jdt.internal.compiler.classfmtClassFileReader.(ClassFileReader.java:342)
> at org.apache.jasper.compiler.JDTCompiler$1.findType(JDTCompiler.java:206)
> at org.apache.jasper.compiler.JDTCompiler$1.findType(JDTCompiler.java:163)
> at 
> org.eclipse.jdt.internal.compiler.lookup.LookupEnvironment.askForType(LookupEnvironment.java:96)
> at 
> org.eclipse.jdt.internal.compiler.lookup.UnresolvedReferenceBinding.resolve(UnresolvedReferenceBinding.java:49)
> at 
> org.eclipse.jdt.internal.compiler.lookup.BinaryTypeBinding.resolveType(BinaryTypeBinding.java:97)
> at 
> org.eclipse.jdt.internal.compiler.lookup.PackageBinding.getTypeOrPackage(PackageBinding.java:167)
> at org.eclipse.jdt.internal.compiler.lookup.Scope.getType(Scope.java:2187)
> at 
> org.eclipse.jdt.internal.compiler.ast.TypeDeclaration.resolve(TypeDeclaration.java:974)
> at 
> org.eclipse.jdt.internal.compiler.ast.TypeDeclaration.resolve(TypeDeclaration.java:1164)
> at 
> org.eclipse.jdt.internal.compiler.ast.CompilationUnitDeclaration.resolve(CompilationUnitDeclaration.java:366)
> at org.eclipse.jdt.internal.compiler.Compiler.process(Compiler.java:623)
> [...]
>
> Got any ideas?  Your help would be appreciated.  Thanks!

My guess is that the Eclipse Compiler for Java in your Tomcat 6.0.32
was released N years ago and cannot deal with Java 8u181. From the
message it looks like it cannot parse some class file.

1. Replacing ecj-n.n.n.jar in your copy of Tomcat with a more recent
version (from a later version of Tomcat, or directly from Eclipse.org)
may work. At least as a temporary solution.
Their API is compatible and the main reason why newer library is not
shipped with old versions of Tomcat is because it requires Java 8 to
run (and Tomcat 6.0 must be able to run on Java 5).

Option 2: Upgrade!!

Tomcat 6 has reached end of life.  See
https://tomcat.apache.org/security-6.html
https://tomcat.apache.org/tomcat-60-eol.html
https://tomcat.apache.org/migration.html

Option 3: Switch to using a javac compiler from JDK instead of ECJ compiler.

It is possible via configuration, but YMMV. It is a rarely used option.


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: 21 second pause that randomly happens

2018-07-16 Thread Konstantin Kolinko
2018-07-16 15:55 GMT+03:00 David Cleary :
> We have a customer who is experiencing a random, 21 second pause when using 
> out Tomcat based application server. We believe this may be during a TCP 
> connect and timeout. Logging indicates the pause happens before the request 
> makes it to our back end. It mostly happens when we create an initial logical 
> connection, but we have also seen it elsewhere where we believe the TCP Keep 
> alive was expired and a new socket had to be established. However, I do not 
> know this and am hoping there is some logging I can turn on in the NIO 
> connector to collect more data. I tried turning on logging in the Endpoint 
> class, but that did not provide anything useful. There is a NAT firewall 
> between the client and server, so I'm looking for some TCP level logging that 
> could point me in the proper direction.

Tomcat version = ?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Can't start Tomcat in debug mode

2018-07-16 Thread Konstantin Kolinko
2018-07-16 15:56 GMT+03:00 Désilets, Alain :
>>lurodrig@:tomcat-9-0-5-installation$ lsof -i:8000
>>COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
>>java13522 lurodrig4u  IPv4 450991  0t0  TCP localhost:8000
>>(LISTEN)
>
> Gives me this
>
> java2323 desilets5u  IPv4 0xad510ad86ad41671  0t0  TCP 
> *:irdmi (LISTEN)
>
> which seems to indicate that Tomcat is NOT listening on locahost, but on 
> something called *:irdmi. Not sure that this matters, because from what I can 
> read on the net, *:irdmi corresponds to port 8000.
>

Note that the above lsof output for port 8000 says "IPv4",but the one
below for port 8080 says "IPv6".

>>lurodrig@:tomcat-9-0-5-installation$ lsof -i:8080
>>COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
>>java13522 lurodrig   51u  IPv6 450993  0t0  TCP *:http-alt 
>> (LISTEN)
>
> Gives me this:
>
> java2323 desilets   61u  IPv6 0xad510ad8630f7d61  0t0  TCP 
> *:http-alt (LISTEN)
>
> Again, I believe *:http-alt is just an alias for  8080, so it doesn't seem to 
> matter.
>
> Note that if I start with 'catalina.sh start' (i.e. no jpda), I get *:http-al 
> for 'lsof -8080'  and nothing for 'lsof -8000'.
>
>>Hope it helps,
>
> So far, no. But I appreciate the effort. Any other ideas?
>
>>ps: a HTTP request against the debug port will print this message in the
>>catalina.out Debugger failed to attach: handshake failed - received >GET /
>>HTTP/1.1< - expected >JDWP-Handshake<
>
>  Yep, I get that message when running with jpda

You have that message = You have started in debug mode = You tried
connecting with a wrong client.

I have impression that you have successfully started Tomcat in debug mode.
The problem is that you cannot connect to it.

Have you tried to connect with a proper debug client (IDE)?

You may try using explicit IPv4 address, http://127.0.0.1:8000/

I wonder whether address=8000 can be used to specify IP address as well as port.


Also
>  /Library/Tomcat

What version is that? Is it ours?

> I have a file /Library/Tomcat/bin/setenv

You tried many ways. I wonder which one wins.
All those environment variables are used to build the command line for
Java. I wonder whether java sees several copies of those options.

For example, if you start with suspend=y then Java will start, but it
will stop (like being on a breakpoint) at Tomcat startup sequence.

Have you looked into Tomcat log files? Look for output from
VersionLoggerListener.
http://tomcat.apache.org/tomcat-9.0-doc/config/listeners.html#Version_Logging_Lifecycle_Listener_-_org.apache.catalina.startup.VersionLoggerListener


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Getting the Manager app running on localhost.. Please help

2018-07-12 Thread Konstantin Kolinko
2018-07-12 18:24 GMT+03:00 Désilets, Alain :
>> Where 132.246.129.58 is my IP address. Note that I tried also with 
>> “132.0.0.0” and with “^.*$” to no avail.
>
> I should be more precise…
>
> When I try with “^.*$”, I get same behavior as when I didn’t have a 
> manager.xml file, ie:
>
>   *   Server Status: works
>   *   Manager: opens page but deploying war causes ‘This site can’t be 
> reached’
>   *   Host Manager: ‘403 Access Denied’
>
> And by “132.0.0.0.”, I actually meant “127.0.0.1”. When I try that from 
> ‘localhost:8080’, all buttons result in ‘403 Access Denied’. But when I 
> access the buttons from “127.0.0.1:8080”, I get the same behavior as above

See
https://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics#Common_Troubleshooting_Scenario

"localhost" name never resolves to "132."something.


> /usr/local/apache-tomcat-8.5.4/bin

Why 8.5.4??? Why not the current release (8.5.32)?

See
http://tomcat.apache.org/security-8.html


> sudo sh startup.sh;

Do not run Tomcat as root!

See
http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html

Delete all temporary files (in the logs, temp and work directories of
Tomcat) that might now be owned by root and not writable by a regular
user and start over. Note that deploying / undeploying a web
application via Manager requires write access to the webapps, work and
maybe conf directories for the user running Tomcat java process.

>   
>   
 >  
 >  

The Manager app in Tomcat 8.5 does not use the "manager" role.  The
last time it was used was Tomcat 6. Are you sure that you are
following a correct manual?

The "manager-script" role should be used by automated scripts only.
Granting "manager-script" and "manager-gui" to the same user means
that CSRF protection (in the Manager web application) for that user
will be ineffective.


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Working dir incorrect tomcat 9.10?

2018-06-30 Thread Konstantin Kolinko
2018-06-30 12:55 GMT+03:00 Carl-Henrik Tjärnlund :
> Hi!
> I'm in the process of upgrading from tomcat 8 to 9 and was running into a
> probelm with velocity not beeing able to create the default log file,
> ./velocity.log and after some troubleshooting it seems it is trying to
> create it in the root of the file system instead of the current working
> directory, which i thought would be CATALINA_BASE.
>
> I just did some test and logging in the webapp:
>
> log.info("Working path: " + new File(".").getAbsolutePath());
>
> would report "Working path:  /.
> And I could do a workaround by creating /velocity.log manually and give the
> tomcat9 user ownership.

Or you could do System.getProperty("user.dir").


Tomcat does not care what the current working directory is when you
launch it.  All it cares is the value of system properties
"catalina.home" and "catalina.base".

(The well known environment variables CATALINA_HOME, CATALINA_BASE are
used by catalina.sh/catalina.bat scripts to set those system
properties when launching Java process for Tomcat).


If your logging configuration supports substitution of environment
variables, use one of those variables explicitly, e.g. as
"${catalina.base}/logs" (see the default conf/logging.properties in
Tomcat for an example).

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: test email

2018-06-27 Thread Konstantin Kolinko
2018-06-27 23:34 GMT+03:00 kevin ferguson :
> Hi Guys
>
> Please delete if received I send about 6 emails all bounced not sure why.
> The only think I can think is, the mailing list does not like photo
> atttachements.

There rules are specified here:
http://tomcat.apache.org/lists.html#tomcat-users

See #7. in that list (no HTML, no attachments).

Usually attachments are silently stripped.

HTML formatting may cause the message to be treated as spam and be bounced.


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Question regarding running Tomcat 7.0.57 offline

2018-04-20 Thread Konstantin Kolinko
2018-04-19 23:34 GMT+03:00 John Dale <jcdw...@gmail.com>:
>
> org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot create
> PoolableConnectionFactory (Could not create connection to database
> server. Attempted reconnect 3 times. Giving up.)

Are you using "127.0.0.1" in your JDBC url?

Is the database OK and running?
Can you connect to the database with a standalone Java client (not Tomcat)?


I wonder whether using an IPv6 address will make any difference.
::1
0:0:0:0:0:0:0:1


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: [ANN] Apache Tomcat 7.0.86 released

2018-04-20 Thread Konstantin Kolinko
There is a regression in handling of DataSource resources that do not
specify a factory.

http://bz.apache.org/bugzilla/show_bug.cgi?id=62316


Even though there is a simple workaround,
I think that we need to roll 7.0.87 release rather soon.


K.Kolinko

2018-04-16 16:32 GMT+03:00 Violeta Georgieva :
> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 7.0.86.
>
> Apache Tomcat is an open source software implementation of the Java
> Servlet, JavaServer Pages, Java Expression Language and Java
> WebSocket technologies.
>
> This release contains a number of bug fixes and improvements compared to
> version 7.0.85. The notable changes since 7.0.85 include:
>
> - Add support for the maxDays attribute to the AccessLogValve and
>   ExtendedAccessLogValve. This allows the maximum number of days for
>   which rotated access logs should be retained before deletion to be
>   defined.
>
> - Avoid infinite recursion, when trying to validate a session while
>   loading it with PersistentManager.
>
> Please refer to the change log for the complete list of changes:
> http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
>
> Apache Tomcat website:
> http://tomcat.apache.org
>
> Downloads:
> http://tomcat.apache.org/download-70.cgi
>
> Migration guides from Apache Tomcat 5.5.x and 6.0.x:
> http://tomcat.apache.org/migration.html
>
> Enjoy
>
> The Apache Tomcat team

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: ClassNotFoundException: org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory starting in 7.0.86

2018-04-20 Thread Konstantin Kolinko
2018-04-17 22:18 GMT+03:00 Shawn Heisey <apa...@elyograg.org>:
> ...
>
> You should be able to work around the problem by defining a factory in
> your pools set to "org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory"
> so that the default is not used.  This addition should only be made on
> configs for Tomcat 7.
>

There exists a system property that specifies the factory used for data sources.
Thus it is easy to workaround this by adding a line to
catalina.properties (or a -D value to CATALINA_OPTS in setenv.sh file)

I created a bugzilla entry, to better document the issue and the workaround:
https://bz.apache.org/bugzilla/show_bug.cgi?id=62316

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Can you access my Manager App? http://24.0.5.14:8081/manager/html Tomcat/8.5.29, CentOS

2018-04-05 Thread Konstantin Kolinko
>> Why can't I log in? I get a 401 error when I try with any these
>> users. Do I have them set correctly? The 401 error said I can get
>> access by adding the user "tomcat" like I so. I also read the
>> documentation
>> <http://24.0.5.14:8081/docs/manager-howto.html#Configuring_Manager_App
> lication_Access>
>>
>>
> but
>> I must not understand. I tried running tomcat on my windows
>> computer and got a similar 403 error. I originally had this issue
>> when I was trying to integrate my Spring Boot app in Jenkins and
>> got error
>>
>> org.codehaus.cargo.container.tomcat.internal.TomcatManagerException:
>>
>>
> The username and password you provided are not correct (error 401).
>>

1. Do not confuse error 401 and error 403.

HTTP Response Status 401 means that server asks you for a different
user name / password.
-- Your name/password are wrong.

HTTP Response Status 401 means that access have been denied:
a) Your name/password are known, but the user does not have rights to
access the page. => Check roles of an user.

b) Your name/password are known, but CSRF token has expired. => Go to
/manager/html. The entrance page does not need a CSRF token.

c) You have been blocked by your IP address (by RemoteAddrValve).
(No user name is asked)


>
> My guess is that one or more of the following is true:
>
> 1. The tomcat-users.xml file isn't in your CATALINA_BASE/conf/ directory
>
> 2. Your CATALINA_BASE/conf/server.xml does not have a  in it
> for MemoryUserDatabaseFactory
>
> 3. Your Manager application doesn't have a  configured
>
> Can you confirm all of the above?

4. You did not restart your Tomcat after editing the file.

The tomcat-users.xml file is read when Tomcat starts. You need to
restart Tomcat for the changes to take effect.



Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: on getting started contributing doc improvements (was RE: On Tomcat 8.5.16, RemoteHostFilter ...)

2018-03-30 Thread Konstantin Kolinko
2018-03-30 20:16 GMT+03:00 Christopher Schultz <ch...@christopherschultz.net>:
>
> IMHO, the wiki isn't a great place to do ... anything, really. We have
> a few pages that grew and grew (like the FAQ/HOWTO pages) and that's
> all there really is.
>
> I think it would be better to re-organize that information into a
> better format. I'm not entirely sure what that better format might be.

The "FAQ", "HowTo" and "Specification" pages have external links
pointing to them
at tomcat.apache.org site and also in web applications bundled with
released versions of Tomcat (docs, ROOT).

The rest of pages can be moved.

Technically, specific FAQ answers are frequently mentioned in e-mails
and can be found in archives of the mailing lists.

I think that main headache for FAQ and HowTo is to keep them
up-to-date and relevant. I reviewed and updated many of them several
years ago, but a lot of those are rather old. I reorganized HowTo page
several years ago by grouping them into topics.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: on getting started contributing doc improvements (was RE: On Tomcat 8.5.16, RemoteHostFilter ...)

2018-03-30 Thread Konstantin Kolinko
2018-03-30 19:49 GMT+03:00 charlie arehart <charlie_li...@carehart.org>:
>
> 1) If you (or anyone following along and responsible for that FrontPage) are 
> open to more feedback, your second step pointed me to the section there 
> about, "If you do decide to contribute". The next words there say "you will 
> need to create a Wiki login name", but it doesn't say how to do that. Now, 
> sure, one might figure it out by thinking to click the login button at the 
> top of the page, which then offers a link to create one. But it could be 
> quite helpful if it just went ahead and offered that link under those words 
> "create a Wiki login name", going to 
> https://wiki.apache.org/tomcat/FrontPage?action=newaccount. :-)

I updated the Front Page by adding some words, and also fixed Tomcat logo image.

> 2) Anyway, I did that, and the sentence then goes on to say that we should 
> then send that new login name to the dev or users list, asking to be added to 
> the ContributorsGroup. Now, I realize I should (and will) join the dev list 
> also, but since the discussion has started here and may seem to come "out of 
> left field" from me there, I will offer here that the login name is 
> CharlieArehart.

Welcome!
I see that Christopher have already added you.

Regarding the documentation, I think the first step is to get familiar
with how the docs are built.
There is
http://tomcat.apache.org/bugreport.html#How_to_submit_patches_and_enhancement_requests
-> "To prepare a documentation patch..."


The source code for Tomcat can be taken from SVN or from a Git mirror.
It does not matter which one is used as long as you are not trying to
commit it. Either tool or just Unix "diff -u" can be used to create a
patch.

The source code for "tomcat.apache.org" site is only in SVN.
SVN commands can be used to checkout only relevant portion of the site
(skipping megabytes of documentaion/Javadoc for all releases of
Tomcat)
There is a Readme,
https://svn.apache.org/repos/asf/tomcat/site/trunk/README.txt

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat stopped and Debug can't be done in Eclipse

2018-03-24 Thread Konstantin Kolinko
>
> Thanks Konstantin for giving me quite a clear detail on how to do the actual 
> debugging.
>
> The thing is that I am constantly getting 404 with certain occasion able to 
> get the tutorRegister page being displayed so I think there is still 
> something not quite right in the setting or something else I don't know.
>
> I'd like to check with you is it a good idea to have this line at the System 
> Variables(this is the Advanced System Setting at Windows 10) hard coded there 
> ?
>
> CATALINA_OPTS -Xdebug -Xrunjdwp:transport=dt_socket,address=8000, server=y, 
> suspend=n

That system variable is used only by catalina.bat,
to build up command line for java[w].exe process that runs Tomcat.

The variable has a meaning only when Tomcat is started by batch scripts:
running "startup.bat" or "catalina.bat start"

It is not used in any other situation.
It is not used when starting Tomcat from within Eclipse IDE.
It is not used when running Tomcat as a Windows service.


The system variables used by catalina.bat can be set globally,
but the recommended way is to create a file setenv.bat  - as
documented in RUNNING.txt.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Granting permission to a single application-supplied JAR

2018-03-22 Thread Konstantin Kolinko
2018-03-23 1:32 GMT+03:00 Christopher Schultz <ch...@christopherschultz.net>:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Konstantin,
>
> Thanks for the reply.
>
> On 3/22/18 6:12 PM, Konstantin Kolinko wrote:
>> 2018-03-23 0:39 GMT+03:00 Christopher Schultz
>> <ch...@christopherschultz.net>:
>>> All,
>>>
>>> I'm working on getting my application working under a
>>> SecurityManager. It's actually been a little less painful than I
>>> thought it would be.
>>>
>>> I'm using Solr for some index searching. I'm using SolrJ for the
>>> library to communicate via HTTP to a localhost Solr server. When
>>> using this grant:
>>>
>>> grant { permission "java.util.PropertyPermission"
>>> "solr.httpclient.builder.factory", "read"; permission
>>> "java.net.SocketPermission", "localhost:8983",
>>> "resolve,connect"; }
>>>
>>> My application can can contact Solr without any errors.
>>>
>>> If I change the "grant" to include a codeBase to restrict those
>>> connections to the Solr library, I get a AccessControlException:
>>> access denied to the system property. Here is the modified
>>> grant:
>>>
>>>
>>> grant codeBase
>>> "file:${catalina.base}${file.separator}webapps${file.separator}myapp$
> {fi
>>>
>>>
> le.separator}WEB-INF${file.separator}lib${file.separator}solr-solrj-7.2.
>>> 1.jar" { permission "java.util.PropertyPermission"
>>> "solr.httpclient.builder.factory", "read"; permission
>>> "java.net.SocketPermission" "localhost:8983", "resolve,connect";
>>> };
>>>
>>> I have verified that the file exists under the path specified
>>> above. I tried both ${file.separator} and '/' as the file
>>> separator. I also tried "jar:/path/to/jar!/-" as the codeBase. No
>>> luck.
>>
>> 1) The "grant" clause uses an URL, with '/'.
>>
>> ${file.separator} is used in file paths for a file system: in
>> java.io.FilePermission
>
> Thanks for pointing that out. I tried both ways and it did not make a
> difference.
>
>>> These grants are added to the end of the stock catalina.policy
>>> file that ships with Tomcat.
>>>
>>> What am I missing, here?
>>
>> 2) Tomcat version=? ;)
>
> 8.5.29, but this is a JVM security policy problem and should not be
> affected by the Tomcat version.
>
>> See "Troubleshooting" recipe here:
>>
>> http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html#Tr
> oubleshooting
>>
>>  You need to know the actual permission that failed.
>
> It's java.util.PropertyPermission to "read" the system property
> "solr.httpclient.builder.factory". Specifying no codeBase allows the
> code to execute.
>
>> You need to know java.security.CodeSource.getLocation() for all
>> classes in stacktrace up to the failing point (starting from the
>> nearest AccessController.doPrivileged()).
>
> Umm... how in the word do I determine that?
>
>> All those CodeSources should have that permission. If you missed
>> one, you will fail.
>
> So I'm going to assume that there are no doPrivileged() calls anywhere
> in the call stack. Does that mean that I have two options:
>
> 1. Grant the privilege to the whole JVM (as I have confirmed does work)
>
> 2. Add a doPrivileged() call somewhere that eventually attempts to
> read this system property?

Reads of a system property are usually wrapped in doPrivileged().

E.g. see java.io.PrintWriter constructor in Java 8u162:

lineSeparator = java.security.AccessController.doPrivileged(
new sun.security.action.GetPropertyAction("line.separator"));

The code above assumes that sun.* classes cannot be accessed by untrusted code.
(In case of Tomcat this is true thanks to "package.access" setting in
catalina.properties.)

>
> I also attempted to give the permission to me web application as a
> whole like this:
>
> grant codeBase
> "file:${catalina.base}/webapps/mywebapp/WEB-INF/classes/-" {
>   // same privileges
> };

The above grants permission to "WEB-INF/classes" directory, The
libraries are in "lib". There are also JSPs.

Example in catalina.policy:

// The permissions granted to the context root directory apply to JSP pages.
// grant codeBase "file:${catalina.base}/webapps/examples/-" {
//  permission java.net.SocketPermission
"dbhost.mycompany.com:5432", "connect";
//  permission java.net.SocketPermission "*.noaa.gov:80", "connect";
// };


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Granting permission to a single application-supplied JAR

2018-03-22 Thread Konstantin Kolinko
2018-03-23 0:39 GMT+03:00 Christopher Schultz <ch...@christopherschultz.net>:
> All,
>
> I'm working on getting my application working under a SecurityManager.
> It's actually been a little less painful than I thought it would be.
>
> I'm using Solr for some index searching. I'm using SolrJ for the
> library to communicate via HTTP to a localhost Solr server. When using
> this grant:
>
> grant {
>   permission "java.util.PropertyPermission"
> "solr.httpclient.builder.factory", "read";
>   permission "java.net.SocketPermission", "localhost:8983",
> "resolve,connect";
> }
>
> My application can can contact Solr without any errors.
>
> If I change the "grant" to include a codeBase to restrict those
> connections to the Solr library, I get a AccessControlException:
> access denied to the system property. Here is the modified grant:
>
>
> grant codeBase
> "file:${catalina.base}${file.separator}webapps${file.separator}myapp${fi
> le.separator}WEB-INF${file.separator}lib${file.separator}solr-solrj-7.2.
> 1.jar"
> {
>   permission "java.util.PropertyPermission"
> "solr.httpclient.builder.factory", "read";
>   permission "java.net.SocketPermission" "localhost:8983",
> "resolve,connect";
> };
>
> I have verified that the file exists under the path specified above. I
> tried both ${file.separator} and '/' as the file separator. I also
> tried "jar:/path/to/jar!/-" as the codeBase. No luck.

1) The "grant" clause uses an URL, with '/'.

${file.separator} is used in file paths for a file system: in
java.io.FilePermission


> These grants are added to the end of the stock catalina.policy file
> that ships with Tomcat.
>
> What am I missing, here?

2) Tomcat version=? ;)

See "Troubleshooting" recipe here:

http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html#Troubleshooting

You need to know the actual permission that failed.

You need to know java.security.CodeSource.getLocation() for all
classes in stacktrace up to the failing point (starting from the
nearest AccessController.doPrivileged()).

All those CodeSources should have that permission. If you missed one,
you will fail.


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat stopped and Debug can't be done in Eclipse

2018-03-17 Thread Konstantin Kolinko
t; createAppenderRef(ref="STDOUT", level="null", Filter=null)
> 2018-03-17 14:33:47,119 localhost-startStop-1 DEBUG Building 
> Plugin[name=logger, class=org.apache.logging.log4j.core.config.LoggerConfig].
> 2018-03-17 14:33:47,119 localhost-startStop-1 DEBUG 
> createLogger(additivity="false", level="TRACE", 
> name="org.hibernate.type.descriptor.sql", includeLocation="null", ={STDOUT}, 
> ={}, 
> Configuration(C:\Users\Karen.Goh\workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp2\wtpwebapps\Hi5S\WEB-INF\log4j2.xml),
>  Filter=null)
> 2018-03-17 14:33:47,119 localhost-startStop-1 DEBUG Building 
> Plugin[name=AppenderRef, 
> class=org.apache.logging.log4j.core.config.AppenderRef].
> 2018-03-17 14:33:47,135 localhost-startStop-1 DEBUG 
> createAppenderRef(ref="STDOUT", level="null", Filter=null)
> 2018-03-17 14:33:47,135 localhost-startStop-1 DEBUG Building 
> Plugin[name=logger, class=org.apache.logging.log4j.core.config.LoggerConfig].
> 2018-03-17 14:33:47,135 localhost-startStop-1 DEBUG 
> createLogger(additivity="false", level="DEBUG", name="util", 
> includeLocation="null", ={STDOUT}, ={}, 
> Configuration(C:\Users\Karen.Goh\workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp2\wtpwebapps\Hi5S\WEB-INF\log4j2.xml),
>  Filter=null)
> 2018-03-17 14:33:47,135 localhost-startStop-1 DEBUG Building 
> Plugin[name=loggers, 
> class=org.apache.logging.log4j.core.config.LoggersPlugin].
> 2018-03-17 14:33:47,150 localhost-startStop-1 DEBUG 
> createLoggers(={Business.RegisterService, DQOSql.tutorDAOImpl.java, 
> controller.tutorController, org.hibernate, org.hibernate.SQL, 
> org.hibernate.type.descriptor.sql, util})
> 2018-03-17 14:33:47,166 localhost-startStop-1 DEBUG Building 
> Plugin[name=AppenderRef, 
> class=org.apache.logging.log4j.core.config.AppenderRef].
> 2018-03-17 14:33:47,166 localhost-startStop-1 DEBUG 
> createAppenderRef(ref="STDOUT", level="null", Filter=null)
> 2018-03-17 14:33:47,182 localhost-startStop-1 DEBUG Building 
> Plugin[name=root, 
> class=org.apache.logging.log4j.core.config.LoggerConfig$RootLogger].
> 2018-03-17 14:33:47,182 localhost-startStop-1 DEBUG 
> createLogger(additivity="null", level="INFO", includeLocation="null", 
> ={STDOUT}, ={}, 
> Configuration(C:\Users\Karen.Goh\workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp2\wtpwebapps\Hi5S\WEB-INF\log4j2.xml),
>  Filter=null)
> 2018-03-17 14:33:47,197 localhost-startStop-1 DEBUG Building 
> Plugin[name=loggers, 
> class=org.apache.logging.log4j.core.config.LoggersPlugin].
> 2018-03-17 14:33:47,197 localhost-startStop-1 DEBUG createLoggers(={root})
> 2018-03-17 14:33:47,197 localhost-startStop-1 DEBUG Configuration 
> XmlConfiguration[location=C:\Users\Karen.Goh\workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp2\wtpwebapps\Hi5S\WEB-INF\log4j2.xml]
>  initialized
> 2018-03-17 14:33:47,197 localhost-startStop-1 DEBUG Starting configuration 
> XmlConfiguration[location=C:\Users\Karen.Goh\workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp2\wtpwebapps\Hi5S\WEB-INF\log4j2.xml]
> 2018-03-17 14:33:47,197 localhost-startStop-1 DEBUG Started configuration 
> XmlConfiguration[location=C:\Users\Karen.Goh\workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp2\wtpwebapps\Hi5S\WEB-INF\log4j2.xml]
>  OK.
> 2018-03-17 14:33:47,197 localhost-startStop-1 DEBUG Shutting down 
> OutputStreamManager SYSTEM_OUT.false.false-1
> 2018-03-17 14:33:47,197 localhost-startStop-1 DEBUG Shut down 
> OutputStreamManager SYSTEM_OUT.false.false-1, all resources released: true
> 2018-03-17 14:33:47,213 localhost-startStop-1 DEBUG Appender DefaultConsole-1 
> stopped with status true
> 2018-03-17 14:33:47,213 localhost-startStop-1 DEBUG Stopped 
> org.apache.logging.log4j.core.config.DefaultConfiguration@3177456d OK
> 2018-03-17 14:33:47,244 localhost-startStop-1 DEBUG Registering MBean 
> org.apache.logging.log4j2:type=/Hi5S
> 2018-03-17 14:33:47,260 localhost-startStop-1 DEBUG Registering MBean 
> org.apache.logging.log4j2:type=/Hi5S,component=StatusLogger
> 2018-03-17 14:33:47,275 localhost-startStop-1 DEBUG Registering MBean 
> org.apache.logging.log4j2:type=/Hi5S,component=ContextSelector
> 2018-03-17 14:33:47,291 localhost-startStop-1 DEBUG Registering MBean 
> org.apache.logging.log4j2:type=/Hi5S,component=Loggers,name=
> 2018-03-17 14:33:47,307 localhost-startStop-1 DEBUG Registering MBean 
> org.apache.logging.log4j2:type=/Hi5S,component=Appenders,name=STDOUT
> 2018-03-17 14:33:47,369 localhost-startStop-1 DEBUG LoggerContext[name=/Hi5S, 
> org.apache.logging.log4j.core.LoggerContext@64c0cbaa] started OK with 
> configuration 
> XmlConfiguration[location=C:\Users\Karen.Goh\workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp2\wtpwebapps\Hi5S\WEB-INF\log4j2.xml].
> 2018-03-17 14:33:47,369 localhost-startStop-1 DEBUG 
> Log4jServletContextListener ensuring that Log4j starts up properly.
> 2018-03-17 14:33:47,369 localhost-startStop-1 DEBUG Log4jServletFilter 
> initialized.
> Mar 17, 2018 2:33:47 PM org.apache.coyote.AbstractProtocol start
> INFO: Starting ProtocolHandler ["http-nio-8080"]
> Mar 17, 2018 2:33:47 PM org.apache.coyote.AbstractProtocol start
> INFO: Starting ProtocolHandler ["ajp-nio-8009"]
> Mar 17, 2018 2:33:47 PM org.apache.catalina.startup.Catalina start
> INFO: Server startup in 16089 ms
>
>
> and at the internal browser, I then enter the URL to debug my app.  The URL 
> appeared and I entered the infor into the form.
>
> But, after I submitted my form, only a blank screen and it is not jumped to 
> the breakpoint(s) that need debug and everything just grind to a halt :(

Switch Eclipse to "Debug" perspective.
(menu Window > Perspective > Open Perspective > Debug)

Reset the perspective, if some panels (views) are hidden.
(menu Window > Perspective > Reset Perspective)

> I hope you can tell me what is missing such that I can't get debug to work ?
>

HTH

Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: ClassNotFoundException when calling custom MBean operation

2018-03-06 Thread Konstantin Kolinko
oadClass(Launcher.java:331)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
> at java.lang.Class.forName0(Native Method)
> at java.lang.Class.forName(Class.java:348)
> at
> com.sun.naming.internal.VersionHelper12.loadClass(VersionHelper12.java:7
> 2)
> at
> com.sun.naming.internal.VersionHelper12.loadClass(VersionHelper12.java:6
> 1)
> at
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:672)
> ... 43 more
>
>
> The error I get on VisualVM (my JMX client, here) is that it can't
> load my ServiceException class -- one that is defined only within the
> web application.
>
> I suspect the problem is that the thread's context class loader (TCCL)
> is set to Tomcat's ClassLoader, since the request is being handled by
> Tomcat's internal JMX server. If I were to invoke this operation via
> the Manager's JMXProxyServlet, I'd probably be dealing with the
> Manager's WebappClassLoader, instead, but the problem would be the
> same: those ClassLoaders are unaware of my application's classes.
>
> I *believe* the solution is to change the TCCL in this "reload"
> method, but that means I'll need to capture the TCCL during the
> invocation of the MBean itself and hang on to it... something like this:
>
> ClassLoader originalCL =
> Thread.currentThread().getContextClassLoader();
> ReloadableObject rlo =
> ReloadableObjectHelper.newReloadableObject();
>
> try {
> MBeanServer mbs = getServer();
> ObjectName objectName = new
> ObjectName("com.chadis:type=ReloadableObject");
>
> if(mbs.isRegistered(objectName))
> mbs.unregisterMBean(objectName);
>
> mbs.registerMBean(new ReloadableObjectBean(rlo,
> originalCL), objectName);
> }
>
> Then, later, in the reload() method:
>
>
> @Override
> public void reload() throws ReloadableObjectException,
> ServiceException
> {
> ClassLoader tccl =
> Thread.currentThread().getContextClassLoader();
>
> try {
> Thread.currentThread().setContextClassLoader(originalCL)
> ;
>
> ReloadableObject rlo =
> ReloadableObjectHelper.newReloadableObject();
> _loadTime = new Date();
> _rlo = rlo;
> } finally {
> Thread.currentThread().setContextClassLoader(tccl);
> }
> }
>
> Does that sound about right?
>
> I'll probably want to future-proof it by wrapping those calls into
> PrivilegedActions, etc. but is this the right approach for what I'm
> trying to do, here? Or am I missing something?
>

>From those error messages, it looks like your code does a JNDI lookup.

And the lookup fails with a NamingException (a
javax.naming.NoInitialContextException to be specific, but that is
just a detail).

A JNDI tree is local to a web application. Each web application has an
independent JNDI tree. Selecting the correct one uses TCCL as the key.

So if you TCCL class loader is not set correctly, you won't be able to
access JNDI.

If you are interested in implementation details, see
org.apache.naming.SelectorContext
org.apache.naming.ContextBindings
org.apache.naming.java.javaURLContextFactory


On the question on what is the best way to change and restore TCCL:
Current code uses a helper API method, StandardContext.bind() / unbind().


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Error parsing HTTP request header, HTTP method names must be tokens

2018-02-21 Thread Konstantin Kolinko
2018-02-21 22:19 GMT+03:00 Alex O'Ree <alexo...@apache.org>:
> That's the error message. The problem is I have no idea which client it is
> and what character it is sending that is causing the issue. Thus I would
> like to get the offending header logged in some way.

The "http-nio-8080-exec-3" in the message is the thread name. It can
be written to the Access Log with "%I"

http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Access_Logging

Also look for response status in an access log. I think those requests
are handled with status "400".

You will see an IP address there. You wont't see any headers (such as
User-Agent) as those have not been parsed yet.

> On Tue, Feb 20, 2018 at 4:25 PM, Coty Sutherland <csuth...@apache.org>
> wrote:
>
>> On Tue, Feb 20, 2018 at 4:01 PM, Alex O'Ree <alexo...@apache.org> wrote:
>> > I keep running into the an IllegalArgumentException at or near startup of
>> > tomcat 8.5 with a bunch of cxf web services deployed and I have no idea
>> > what's causing it. The error message mentions turning on logging at the
>> > debug level.
>>
>> Random shot in the dark given the minimal date provided :) Does it
>> look like this:
>>
>> INFO [http-nio-8080-exec-3]
>> org.apache.coyote.http11.Http11Processor.service Error parsing HTTP
>> request header
>>  Note: further occurrences of HTTP request parsing errors will be
>> logged at DEBUG level.
>>  java.lang.IllegalArgumentException: Invalid character found in the
>> request target. The valid characters are defined in RFC 7230 and RFC
>> 3986
>> at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(
>> Http11InputBuffer.java:460)
>> at org.apache.coyote.http11.Http11Processor.service(
>> Http11Processor.java:291)
>> at org.apache.coyote.AbstractProcessorLight.process(
>> AbstractProcessorLight.java:66)
>> at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(
>> AbstractProtocol.java:754)
>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.
>> doRun(NioEndpoint.java:1376)
>> at org.apache.tomcat.util.net.SocketProcessorBase.run(
>> SocketProcessorBase.java:49)
>> at java.util.concurrent.ThreadPoolExecutor.runWorker(
>> ThreadPoolExecutor.java:1149)
>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
>> ThreadPoolExecutor.java:624)
>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(
>> TaskThread.java:61)
>> at java.lang.Thread.run(Thread.java:748)
>>
>> If so, then your client is sending you requests with unencoded special
>> characters that are now disallowed by Tomcat.
>>

>> Question: Assuming i need to edit the logging.properties file, which
setting/line do i have to edit to reveal what the root cause is?

http://tomcat.apache.org/tomcat-8.5-doc/logging.html
and also official Java documentation on java.util.logging.

>From the log message cited by Coty, I think you need to add
org.apache.coyote.http11.Http11Processor.level = FINE

In short, you need both
1) .level = FINE
2) .level = FINE

"1)" controls whether a log event is raised,
"2)" controls writing it out to a specific output (console, file)

"2)" is already set in the logging.properties file provided by Tomcat.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat stopped and Debug can't be done in Eclipse

2018-02-20 Thread Konstantin Kolinko
2018-02-20 17:57 GMT+03:00 Karen Goh <karenwo...@yahoo.com>:
>
> Hi Konstantin,
>
> Can you point me some useful resources where I can learn about setting the 
> Tomcat launch configuration.

1. On the topic of debugging, see the following page:
https://wiki.apache.org/tomcat/FAQ/Developing

The following two items on that page should be interesting for you:
a) "Official Eclipse IDE Web Tools FAQ for Tomcat"

with links to Eclipse documentation

b) "How do I configure Tomcat to support remote debugging?"

This is for the use case when you start Tomcat separately and attach a
debugger to an already running Tomcat.


2. On a topic of simply running Tomcat (not debugging), official
documentation is "RUNNING.txt" file.

There is also
http://tomcat.apache.org/tomcat-8.5-doc/setup.html

Environment variables used by launch scripts are documented in a
comment at the top of those scripts (catalina.bat, catalina.sh).


> Currently, I have the below inside my arguments :
>
> -Dcatalina.base="C:\Users\Karen.Goh\workspace3\.metadata\.plugins\org.eclipse.wst.server.core\tmp0"
>  -Dcatalina.home="C:\Program 
> Files\Apache\apache-tomcat-9.0.4-windows-x64\apache-tomcat-9.0.4" 
> -Dwtp.deploy="C:\Users\Karen.Goh\workspace3\.metadata\.plugins\org.eclipse.wst.server.core\tmp0\wtpwebapps"
>  -Djava.endorsed.dirs="C:\Program 
> Files\Apache\apache-tomcat-9.0.4-windows-x64\apache-tomcat-9.0.4\endorsed"
>
> Is this the part that is causing Tomcat to just hang ? Or I have missed out 
> something I am not aware of.  Kindly highlight please.

3. When Tomcat starts, its actual arguments are printed by
VersionLoggerListener.

You can see them in your previous e-mail, Search for "Command line argument"
http://markmail.org/message/tgymk3r43ox5ggps

> Cos I can't proceed with any debugging at all as in run the green button : 
> Please see this attachment at https://imgur.com/OQLyJFb

4. In your image I see that your Tomcat is not running

(The "Console" view at the bottom says "". The "Servers"
view says "[Stopped, Synchronized]".)

How did you start it?

5. My recipe will be:
- In the "Servers" view select the server and deploy you application
onto it (right click -> context menu -> ...)
- Then click the small green "bug" button in the toolbar of this view
(in the small toolbar right above "Servers" view, not the one in the
main toolbar). The server should launch in debug mode.

HTH

> Is there any other changes I need to make since I am also using a maven plug 
> in as below :
>
> 
>     org.apache.maven.plugins
> maven-war-plugin
> 3.2.0
> 
>
> It used to be very easy for me to do debugging and now things are so much 
> complicated now.
>

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat stopped and Debug can't be done in Eclipse

2018-02-20 Thread Konstantin Kolinko
2018-02-20 5:04 GMT+03:00 Karen Goh <karenwo...@yahoo.com.invalid>:
> Hi,
>
> I am writing to this mailing group again because I finally know that Tomcat 
> is the cause of the problem(after writing to an expert)
> and thus I hope to sort help for this problem.
>
> The tomcat version is Apache Tomcat 9.0.4 windows 64.
>
> Eclipse Oxygen.
> Project : Maven dynamic MVC web app with Hibernate, JPA and JSP.
> MySQL server 5.7.
>
> Whenever, I run debug on jsp, after submitting the form, tomcat will just 
> stop and Eclipse does not take over the debugging.
>
> All the breakpoints are there and perspective is showing debug mode, except 
> the debug buttons are all grey out though.
>
> I do not know how to make Tomcat not stopping.
>
> Kindly advise if there is a setting I have missed out such that the above 
> scenario is happening.

1. How exactly do you start Tomcat in debug mode? What instructions
and documentation are you following?

2. From log output in your previous thread,
http://markmail.org/message/tgymk3r43ox5ggps

your command line options are

> Jan 21, 2018 11:25:58 PM org.apache.catalina.startup.VersionLoggerListener 
> log INFO: Command line argument:
> -agentlib:jdwp=transport=dt_socket,suspend=y,address=localhost:51917

I think that "suspend=y" option is the cause of the behaviour that you
are seeing.

IIRC, with that option Java stops and waits for a debugger just after
JVM launch. I think that in Eclipse you can look into "threads" view,
find a running (stopped) "main" thread there and hit a green button to
resume it.


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat7 with jre 1.7 error during starting

2018-01-26 Thread Konstantin Kolinko
2018-01-26 14:08 GMT+03:00 Rajesh Cherukuri <rajec...@gmail.com>:
> HI
>
> we have a existing  running tomcat version 5 running on solaris with out
> any issues ,  recently we have  installed tomcat 7 on the same solaris 10
> server  with no application deployed , and configured java version as
> jre1.6 in setenv.sh  i couldn't start the tomcats after my installation ,
> and below is the error what i get when i start tomcat with java1.7  later i
> tired the to configure the java version as 1.8 , i still get the same error
> but slightly different error but both are failing at "
>
> *org.apache.catalina.util.ExtensionValidator.getManifest(ExtensionValidator.java:402)*
> can some one let me know if there are any pre-requisites to run a
> tomcat on 7 on Soalris  10 ,
>
>
>
>
> *With java 1.6*
>
> ib:/opt/CA/SharedComponents/lib/:/opt/CA/DSM/scripts/install/:/opt/CA/DSM/caf/lib/:.:/opt/CA/SharedComponents/lib:/opt/CA/CAlib:/opt/CA/DSM/caf/lib:/usr/jdk/packages/lib/sparc:/usr/local/lib:/usr/lib
> 26-Jan-2018 10:49:52 org.apache.catalina.startup.Catalina load
> SEVERE: Catalina.start
> *org.apache.catalina.LifecycleException: Failed to initialize component
> [StandardServer[8075]]*
> at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:459)
> *Caused by: java.lang.ExceptionInInitializerError*
> at
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:806)
> at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
> ... 8 more
> *Caused by: java.lang.IllegalArgumentException*
> at
> java.util.zip.ZipInputStream.getUTF8String(ZipInputStream.java:303)
> at java.util.zip.ZipInputStream.getFileName(ZipInputStream.java:436)
> at java.util.zip.ZipInputStream.readLOC(ZipInputStream.java:255)
> at java.util.zip.ZipInputStream.getNextEntry(ZipInputStream.java:82)
> at java.util.jar.JarInputStream.(JarInputStream.java:67)
> at java.util.jar.JarInputStream.(JarInputStream.java:44)
> at
> org.apache.catalina.util.ExtensionValidator.getManifest(ExtensionValidator.java:402)
> at


1. The rules of this mailing list: top-posting is discouraged.
http://tomcat.apache.org/lists.html#tomcat-users
-> 6.

Also ->1. there. You are not saying the exact version number.

2. From the error message text, I think that you have an incorrect jar
file somewhere on your classpath  (in lib/ directory of Tomcat?)

One of differences between JAR files format and plain ZIP format: its
file names are encoded in UTF-8. The ZIP format uses OS locale for
filenames.

If a JAR file was packed with a ZIP tool, the filenames in it might be
broken. The exception apparently tells that a file name is not a valid
UTF-8 string.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: tomcat version question

2018-01-25 Thread Konstantin Kolinko
2018-01-26 1:03 GMT+03:00 Robert J. Carr <rjc...@apl.washington.edu>:
> Hello.
>
> There is a "which version" page on the main site which is really useful,
> and it lists all the versions of the various specs related to the version
> of tomcat, but a really important one IMO that is missing is the Java EE
> version, so I can look up the api docs.
>
> Is there a reason why this is omitted?  Currently, I have to look up the
> servlet spec, and then cross reference that with the Java EE to find the
> appropriate docs.
>
> Or am I missing something?

Have you seen the Specifications page in the Wiki?
https://wiki.apache.org/tomcat/Specifications

I updated the whichversion page with a link to there (r1822243).

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: roles stripped when using login() in tomcat 8.5 but not 8.0

2018-01-23 Thread Konstantin Kolinko
2018-01-22 11:25 GMT+03:00 Robert J. Carr <rjc...@gmail.com>:
> Hi Mark, everyone-
>
> I've constructed a sample app of ~5 files.  The code is bundled in the jar
> file in the WEB-INF/lib directory.  Here's a public url for the application
> (test.war; 8K):
>
>
> https://drive.google.com/file/d/1mZRXrm90F4WN3mizqoqrWYmQ1HHfrSS4/view?usp=sharing
>

Thank you for the sample application! It is easy to reproduce the issue.

I filed it into Bugzilla:
https://bz.apache.org/bugzilla/show_bug.cgi?id=62036

I went on to upload your test.war there (I fixed some typos in web.xml
and repacked). I hope that you do not mind.


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Using Environment variables instead of Java -D properties for context.xml substitution

2018-01-23 Thread Konstantin Kolinko
2018-01-23 16:14 GMT+03:00 Peter Kreuser <l...@kreuser.name>:
> BTW:
>
>
>> Am 23.01.2018 um 13:56 schrieb Peter Kreuser <l...@kreuser.name>:
>>
>> Algirdas,
>>
>>
>>
>>> Am 23.01.2018 um 13:27 schrieb Algirdas Veitas <apvei...@gmail.com>:
>>>
>>> Andre, my apologies for bringing up a topic that has been repeated ad
>>> nauseum.
>>>
>>> We were thinking of a process like the following, which would eliminate
>>> "the information has to available somewhere in a file" on the actual server
>>> where Tomcat is running.
>>>
>>>> cd $TOMCAT_HOME/bin
>>>> set +o history
>>>> export DB_USERNAME=xyz
>>>> ./startup.sh
>>> . once the process has started
>>>> unset DB_USERNAME
>>>> set -o history
>>>
>>> This process does not eliminate the need to store the values of sensitive
>>> information.  But by supporting environment variables, one could eliminate
>>> using catalina.properties or -DDB_USERNAME, which exposes the information
>>> on the server.  In our case, operations would get the data from a secure
>>> vault and then run the above scripts.  I suppose we could get the same
>>> effect by modifying catalina.properties, starting the server and then
>>> clearing catalina.properties, until the next restart...
>>
>> Where would you put that script with the text?
>> Well if you use a secure vault, then that script would have to know the 
>> password to the full secure vault...
>>
>> You get a feel for the problem?
>>
>> Run Tomcat in a dedicated service user, make the conf only readable for him 
>> and restrict the access to the user’s home/tomcat dirs...
>>
>> The admins of the server will have access to all the information anyhow. But 
>> any other users around will not be able to read the conf, even the java opts 
>> of the process will be invisible.
>>
>> Just my 2cts.
>>
>> Peter
>
> the commandline parameters (-D) are also in the tomcat logs, thus probably in 
> your backups and archives.
>

VersionLoggerListener can also be configured to log the environment
variables with logEnv="true". It is not the default setting though.


> ad nauseum.

The FAQ page:
https://wiki.apache.org/tomcat/FAQ/Password


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Thread-safety with sessions

2018-01-17 Thread Konstantin Kolinko
2018-01-17 20:05 GMT+03:00 Christopher Schultz <ch...@christopherschultz.net>:
>
> All,
>
> I have a use-case related to caching where I need to make sure that an
> operation only happens one time with respect to an object in the
> session. Basically, I want to build a cache and put it into the
> session, but it needs to be thread-safe enough that two threads can't
> see the object isn't there, build such an object, and then put it into
> the session (thereby overwriting each other).
>
[...]
>
> So the question is "what should I use as the monitor?"
>
> My first thought was that I should use the session object itself:
>
> Cache myCache = null;
> synchronized (session) {
>   myCache = session.getAttribute("cacheKey");
>   if(null == myCache) {
> myCache = new Cache();
> session.setAttribute("cacheKey", cache);
>   }
> }
>
> That would be the best option, since it's the object I actually care
> about. However, I believe Tomcat sometimes (always) provides wrapper
> objects around servlet-spec-defined objects and I'm wondering if there
> are any guarantees about the HttpSession object being consistent
> across threads?

I think that the best way is to implement a listener
https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpSessionListener.html

There is "sessionCreated" event that can be used to create the cache
or any kind of a lock object for the cache (e.g. an AtomicReference),

See also other HttpSession* listeners in that package,
https://docs.oracle.com/javaee/7/api/javax/servlet/http/package-summary.html

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: urgent problems with tomcat release 8.5.4

2017-12-22 Thread Konstantin Kolinko
2017-12-22 5:28 GMT+03:00 CYAG (Johnny Chao Yang) :
> Hello team,
>
>
> Due to the tomcat 8.0 will closed to its support deadline, so we are going to 
> upgrade our tomcat version from 8.0 to 8.5.4, as Apache tomcat official 
> website announced 8.5.x will not stop support so far, but the support time 
> decides which tomcat version is better for us to choose and it really affect 
> our IT infrastructure, so could we know approximately how long will Apache 
> keep support Tomcat release 8.5.x ?
>
>
> Very appreciated for your help & will looking hearing for your feedback. :)
>


http://www.catb.org/~esr/faqs/smart-questions.html#urgent

The current version of Tomcat 8.5 is 8.5.24.
https://wiki.apache.org/tomcat/FAQ/Linux_Unix#Q5

http://markmail.org/message/c7mxxiokcmf665qy

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: internalProxies regex

2017-12-20 Thread Konstantin Kolinko
2017-12-20 11:37 GMT+03:00 Harrie Robins <har...@eyequestion.nl>:
> Hello everyone,
>
>
>
> I have a question about the remoteipvalve in tomcat 8.5:
> https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/valves/Remo
> teIpValve.html
>
>
>
>
> internalProxies
>
> Regular expression that matches the IP addresses of internal proxies. If
> they appear in the remoteIpHeader value, they will be trusted and will not
> appear in the proxiesHeader value
>
> RemoteIPInternalProxy
>
> Regular expression (in the syntax supported by java.util.regex)
>
> 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|
> 169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|
> 172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|
> 172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
> By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are allowed.
>
>
>
> I need to convert some CIDR ranges to regex:
>
>
> my concern is that /d{1,3} wil match too many (non exist) addresses
>
> 103\.21\.24\d[4-7]\.\d[0-9]\d{1,3}|103\.22\.20\d[0-3]\.\d[0-9]\d{1,3}|103\.3
> 1\.\d[4-7]\.\d[0-9]\d{1,3}
>
>
>
> So I re-wrote using capture groups, below does not function however, and I
> assume it is due to OR (|) which tomcat will affectively see as a new entry?
> So I tried escaping, but I cannot get it to work:
>
> 103\.21\.(2(4[4-7]))\.([0-9]\|[1-9][0-9]\|1([0-9][0-9])\|2([0-4][0-9]\|5[0-5
> ]))|103\.22\.(2(0[0-3]))\.([0-9]\|[1-9][0-9]\|1([0-9][0-9])\|2([0-4][0-9]\|5
> [0-5]))

Your assumption that "tomcat will affectively see as a new entry" is wrong.
The string is used as whole to initialize a java.util.regex.Pattern().
Tomcat does not split it.

You may write a simple program / junit test to test how
java.util.regex.Pattern() processes your value.  Or you may run Tomcat
with debugger,

https://wiki.apache.org/tomcat/FAQ/Developing#Debugging
https://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics#Common_Troubleshooting_Scenario

AFAIK, '\|' in a regular expression will be interpreted as expecting
literal '|' character in the matched string.  No IP address has this
character so none will match.



Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Moving a web application from tomcat6 to tomcat9

2017-12-18 Thread Konstantin Kolinko
2017-12-16 1:05 GMT+03:00 Onur Küçükturan <onur.kucuktu...@karel.com.tr>:
>
> Hi Christopher,
>
> I shutdown the service and deleted all the logs files and after I moved all 
> the folders under WebApps ( dart, dart.war, docs, manager,host-manager, 
> examples) and logs are attached after the tomcat9 starts 
> (nothing_under_webapps.zip)
>
> After I re-delete logs and copied only dart.war under /webapps and re-run the 
> service, attached logs "with_dart.zip".
>

1.) Rules:
http://tomcat.apache.org/lists.html#tomcat-users
-> 6. Top-posting is bad.
-> 7. Please format your messages as plain text, not HTML.

Usually attachments are automatically removed my mailing list server.
Yours came through, thus I will comment

2)

16-Dec-2017 01:02:17.341 SEVERE [main]
org.apache.tomcat.util.digester.Digester.fatalError Parse Fatal Error
at line 37 column 2: The content of elements must consist of
well-formed character data or markup.
 org.xml.sax.SAXParseException; lineNumber: 37; columnNumber: 2; The
content of elements must consist of well-formed character data or
markup.
at 
com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:203)
[...]
at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1453)
at 
org.apache.catalina.users.MemoryUserDatabase.open(MemoryUserDatabase.java:400)
at 
org.apache.catalina.users.MemoryUserDatabaseFactory.getObjectInstance(MemoryUserDatabaseFactory.java:102)

The above means that your tomcat-users.xml file is broken (is not a
valid well-formed XML file).

(The message does not mention the name of the file,
but tomcat-users.xml is the file usually used by MemoryUserDatabase
class mentioned in the stacktrace).

http://tomcat.apache.org/tomcat-9.0-doc/jndi-resources-howto.html#UserDatabase_Resources


3)
16-Dec-2017 01:02:18.095 SEVERE [main]
org.apache.catalina.core.ContainerBase.addChildInternal
ContainerBase.addChild: start:
 org.apache.catalina.LifecycleException: Failed to start component
[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/dart]]
...
Caused by: java.lang.ClassNotFoundException: org.apache.log4j.Logger
at 
org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1275)
at 
org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1104)
... 51 more

The above means that Log4J library is missing in your web application.
(Log4j 1.2.x, I guess)

https://logging.apache.org/log4j/1.2/
https://logging.apache.org/log4j/2.x/manual/migration.html

4)
What is in localhost.2017-12-16.log ?

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Logging framework

2017-12-07 Thread Konstantin Kolinko
2017-12-08 9:58 GMT+03:00 mirunalini Chandrasekaran <miru3...@gmail.com>:
> Hi All,
>
> I am using Tomcat 7.0.81 on centos 7.3 and using openjdk 1.7.0.141. Tomcat
> was downloaded from http://tomcat.apache.org/
>
> The problem I am seeing recently is manager*.log and localhost*.log files
> are not created. Instead, I see the messages that were to be written into
> manager.log are going into Catalina.out. catalina.out and
> localhost_access.log continue to work like before. May I know how and from
> where to start debugging this?
> I have verified logging.properties, there is no issue with it.

How do you start Tomcat?

Overall, Tomcat uses the standard java.uti.logging API to perform its
logging. The java.util.logging is configured via the following two
system properties:

-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.util.logging.config.file=$CATALINA_BASE/conf/logging.properties

These two properties are set by catalina.sh wrapper script when it
launches java process for Tomcat
If those properties are missing, the default configuration of
java.util.logging is to log everything to a
java.util.logging.ConsoleHandler.

The stdout and stderr of the java process are redirected to
"catalina.out" file by catalina.sh script. It is not a proper log
file.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Are Symbol files of Tomcat DLLs publicly available?

2017-12-05 Thread Konstantin Kolinko
2017-12-05 9:47 GMT+03:00 Suvendu Sekhar Mondal <suv3...@gmail.com>:
> On Tue, Dec 5, 2017 at 1:28 AM, Mark Thomas <ma...@apache.org> wrote:
>> On 04/12/17 11:12, Suvendu Sekhar Mondal wrote:
>>> Hello Everyone,
>>>
>>> I am investigating a Tomcat crash. Actually, JRE crashed due to
>>> "access violation" error. It created a Windows memory dump file. I am
>>> trying to analyze it win WinDbg. Problem I am facing is that lots of
>>> Symbols (of tomcat7, jvm, java, tcnative-1, nio DLLs) are not
>>> available to me. As a result WinDbg is giving me a Stack filled up
>>> with DLL names and HEX values.
>>>
>>> In order to get some of them - mostly JRE related, I have already
>>> reached out to Java forum:
>>> https://community.oracle.com/thread/4102753. No response so far :(.
>>>
>>> Can someone please tell me how can I get Symbol files of Tomcat DLLs
>>> like tomcat7 and tcnative-1? Are they publicly available?
>>
>> Exactly which versions do you need?
>
> Sorry, Mark. I should have provide that information upfront. I am using:
>
> Tomcat 7.0.55
> JRE version: Java(TM) SE Runtime Environment (8.0_92-b14) (build 1.8.0_92-b14)
> OS version: Windows Server 2012 R2
>

Is it worth debugging a version that is more than 3 years old? A lot
have been fixed since then.


tcnative-1.dll is Tomcat Native library
It can be downloaded here:
https://tomcat.apache.org/download-native.cgi

The tomcat-native-1.2.16-win32-bin.zip file has *.pdb files in it.

Tomcat 7.0.55 was shipped with Tomcat Native 1.1.31. Those binaries
can be downloaded from an archive website. I do not know whether they
contain debug symbols or not.


tomcat7.exe, tomcat7w.exe are renamed Prunsrv.exe and Prunmgr.exe from
http://commons.apache.org/proper/commons-daemon/procrun.html

http://commons.apache.org/proper/commons-daemon/download_daemon.cgi
-> Browse native binaries download area... -> windows/
There are no debug symbol files in the current version
(commons-daemon-1.1.0-bin-windows.zip).

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: File and directory permissions on Tomcat 8.5 tar archive

2017-11-24 Thread Konstantin Kolinko
2017-11-24 15:53 GMT+03:00 Rune Rustand <run...@gmail.com>:
> Apache Tomcat 8.5.23
> Redhat Enterprise Linux 7.4  (3.10.0-693.1.1.el7.x86_64)
>
>
>
> Binary distributions tar archive
>
> We are upgrading our servers from Tomcat 8.0 to Tomcat 8.5, and are using
> the core archive. The process is done by running a puppet script that
> extracts the tar archive on all the servers (many).
>
> Are there any reasons why the file and directory permissions differ from
> the tar archive and the zip archive?
> When I unpack the tar archive the permissions on files and directories are
> not set for all users.
>
> I unpack the archive like this:
> tar zxvpf apache-tomcat-8.5.23.tar.gz
>
> examples of file and directories permissons are:
> [runrus@nemesis apache-tomcat-8.5.23]$ ls -l
> total 96
> drwxr-x---. 2 runrus runrus  4096 Nov 24 08:46 bin
> drwx--. 2 runrus runrus  4096 Sep 28 12:31 conf
> drwxr-x---. 2 runrus runrus  4096 Nov 24 08:46 lib
> -rw-r-. 1 runrus runrus 57092 Sep 28 12:31 LICENSE
> drwxr-x---. 2 runrus runrus 6 Sep 28 12:30 logs
> -rw-r-. 1 runrus runrus  1723 Sep 28 12:31 NOTICE
> -rw-r-. 1 runrus runrus  7064 Sep 28 12:31 RELEASE-NOTES
> -rw-r-. 1 runrus runrus 15946 Sep 28 12:31 RUNNING.txt
> drwxr-x---. 2 runrus runrus29 Nov 24 08:46 temp
> drwxr-x---. 7 runrus runrus76 Sep 28 12:30 webapps
> drwxr-x---. 2 runrus runrus 6 Sep 28 12:30 work

[...]

> For the zip file:
> unzip apache-tomcat-8.5.23.zip
>
> [runrus@nemesis apache-tomcat-8.5.23]$ ls -l
> total 104
> drwxr-xr-x. 2 runrus runrus  4096 Sep 28 11:31 bin
> drwxr-xr-x. 2 runrus runrus  4096 Sep 28 11:31 conf
> drwxr-xr-x. 2 runrus runrus  4096 Sep 28 11:31 lib
> -rw-r--r--. 1 runrus runrus 58153 Sep 28 11:31 LICENSE
> drwxr-xr-x. 2 runrus runrus 6 Sep 28 11:30 logs
> -rw-r--r--. 1 runrus runrus  1774 Sep 28 11:31 NOTICE
> -rw-r--r--. 1 runrus runrus  7241 Sep 28 11:31 RELEASE-NOTES
> -rw-r--r--. 1 runrus runrus 16416 Sep 28 11:31 RUNNING.txt
> drwxr-xr-x. 2 runrus runrus29 Sep 28 11:31 temp
> drwxr-xr-x. 7 runrus runrus76 Sep 28 11:31 webapps
> drwxr-xr-x. 2 runrus runrus 6 Sep 28 11:30 work

Set `umask 0027` before unzipping.

The 'conf' directory, the logs, and serialized sessions in 'work' are
likely to contain confidential data and should not be world-readable.
http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html#Non-Tomcat_settings


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Service killed by signal 9

2017-11-10 Thread Konstantin Kolinko
2017-11-10 12:31 GMT+03:00 Greg Huber <gregh3...@gmail.com>:
> Since switching to jsvc, randomly I am getting tomcat restarting, looking
> at the logs I see that the jsvc is using alot of memory total-vm:  and
> being killed by the system.
>
> Nov  9 13:11:11 prodbox kernel: Out of memory: Kill process 1287 (jsvc)
> score 121 or sacrifice child
> Nov  9 13:11:11 prodbox kernel: Killed process 1287 (jsvc)
> total-vm:3453120kB, anon-rss:378280kB, file-rss:0kB, shmem-rss:0kB
>
> I am using the below on properties on the startup (from previous version
> statup scripts):
>
> -Xms256M -Xmx768m -Xss1280k -XX:+UseParallelGC -XX:MaxGCPauseMillis=1500
> -XX:GCTimeRatio=9 -server -XX:+DisableExplicitGC
>
> (I replaced -Xss256k with -Xss1280k to stop crashing see
> https://issues.apache.org/jira/browse/DAEMON-365)

The links in that issue go to a thread that explains that the issue is
actually caused a kernel bug.
It was reported & diagnosed in June 2017, thus should it have already
been fixed?

1,2 Mb of stack for each thread mean that for 200 threads you will
need 240 Mb of memory just for thread stacks.  Most of that is wasted
memory: You do not need to increase -Xss unless you are hitting
StackOverflowError.

> Is there a way to limit the total-vm or find out why its got so big?
> -XX:+DisableExplicitGC ??
>
> Standard tomcat install with apache/modjk.

https://wiki.apache.org/tomcat/FAQ/Linux_Unix#Q5

In Tomcat Manager web application there is "Server Status" page. It
has a table that shows current memory consumption, as reported by
Java.  The values can also be queried via JMX (e.g. with jconsole
application).


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Start embedded Tomcat 9.0.1 server from java code

2017-11-08 Thread Konstantin Kolinko
I have several comments on
[1] 
https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/test/java/org/apache/openmeetings/webservice/AbstractWebServiceTest.java#L98


2017-11-07 20:07 GMT+03:00 Tobias Soloschenko
<tobiassolosche...@googlemail.com>:
> Hi Maxim,
>
> same for me I just created a simple setup like this:
>
> String baseDir =".";
> String webappDirLocation = "src/main/webapp/";
> String webxmlDirLocation = "src/main/webapp/WEB-INF/web.xml";
> Tomcat tomcat = new Tomcat();
> tomcat.setPort(8080);

1) Maybe you will want to update the test to use a random port number,
so that several tests could be run in parallel.

Use connector.setPort(0) to enable random port number feature (see
TomcatBaseTest.setUp())
followed by connector.getLocalPort(); after startup  (see
TomcatBaseTest.getPort())

http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java?revision=1812119=markup#l146

An example of a simple test case and use of getPort():
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/TestTomcat.java?revision=1769263=markup#l189

2) Tomcat tests use address="localhost" on connector.
See TomcatBaseTest.setUp()

Running with localhost avoids opening ports on a public interface.

(When running on Windows its Firewall pops up a dialog and asks
whether to allow network access for this software.
Using localhost avoid this dialog.)

> tomcat.setBaseDir(baseDir);
> tomcat.getHost().setAppBase(baseDir);
> tomcat.getHost().setDeployOnStartup(true);
> tomcat.getHost().setAutoDeploy(true);
> tomcat.enableNaming();
> StandardContext ctx = (StandardContext) tomcat.addWebapp("/project", 
> new File(webappDirLocation).getAbsolutePath());
> File additionWebInfClasses = new File("target/classes");
> WebResourceRoot resources = new StandardRoot(ctx);
> resources.addPreResources(new DirResourceSet(resources, 
> "/WEB-INF/classes",
> additionWebInfClasses.getAbsolutePath(), "/"));
> ctx.setResources(resources);
> ctx.setDefaultWebXml(new File(webxmlDirLocation).getAbsolutePath());
> tomcat.start();
> tomcat.getServer().await();
>

3) In an automated test both "deployOnStartup" and "autoDeploy" flags
should be set to "false".

Do you want that any random files and directories created in a
temporary directory (baseDir) to be auto-deployed
and exposed as web applications in Tomcat?  I guess that you do not
want that, so set those flags to false.

Tomcat.addWebapp explicitly configures a web application.
Auto-deployment is not needed.

> I just placed in a Servlet into my classpath and applied the mapping in the 
> web.xml - with the dependencies of tomcat-embed-core and tomcat-embed-jasper 
> of version 9.0.1 it is not working and with 8.5.23 it does.
>
> Here is the log of both.
> [...]

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



  1   2   3   4   5   6   7   8   9   10   >