Re: Apex SSO

2022-03-25 Thread Luis Rodríguez Fernández
Hello there,

My two cents: we have ORDS 20 over tomcat 9.0.41 authenticating against
keycloak IdP, however using SAML [1]. In tomcat we have the keycloak
connector [2] and for the APEX integration I developed a simple valve [3]
that injects a header with the username. This header is used by the APEX
application for authenticating the user. A new Authentication Scheme based
on that header is needed.

Hope it helps,

Luis

ps: thanks for the blog entry Peter, I was not aware that APEX 21.1 comes
with an OpenIDConnect authentication scheme, very nice stuff!

[1] https://www.keycloak.org/
[2]
https://www.keycloak.org/docs/latest/securing_apps/index.html#_saml-tomcat-adapter
[3]
https://github.com/cerndb/tomcat-sso-integration-components/blob/master/cern-tomcat-authentication-kit/src/main/java/ch/cern/sso/tomcat/valves/SsoHeadersValve.java

El vie, 25 mar 2022 a las 16:08, rupali singh ()
escribió:

> hi team,
>
> the reason im asking is we have document for apex and idcs integration
>
> https://www.ateam-oracle.com/post/integrating-sso-between-apex-cloud-and-identity-cloud-service-the-easy-way
>
> i did all the setup as per document but now the issue is apex is not
> redirecting to idcs url and giving below error.when we are trying to access
> the application URL.
> In tomcat logs there is no trace of IDCS discover URL and oracle denying
> from support coz we are using tomcat which is not supported by oracle.
>
> Hence trying to understand if there is anything we need on tomcat  and why
> apex is not redirecting to idcs url
> we are not using any proxy for tomcat
>
> apex error :
>
> [image: image.png]
>
> On Fri, 25 Mar 2022 at 18:42, Peter Chiu  wrote:
>
>> Hi Chris,
>>
>> To implement APEX SSO, that requires NO change to tomcat. That is why I
>> tried not to post here.
>>
>> Here is the blog for starters. https://fuzziebrain.com/content/id/1908/
>>
>> If tomcat is behind a proxy (apache or nginx), we might need to change a
>> setting in server.xml to return the real hostname.
>>
>> Hope this helps.
>>
>> On Fri, Mar 25, 2022 at 8:54 AM Christopher Schultz <
>> ch...@christopherschultz.net> wrote:
>>
>> > Peter,
>> >
>> > On 3/24/22 14:54, Peter Chiu wrote:
>> > > I will email you directly. For the group knowledge, there is nothing
>> > > special you need to do on Tomcat if it is not behind a proxy.
>> >
>> > Please post to the mailing list. It's not at all clear to me how you'd
>> > get Oracle APEX to deliver authentication information to Tomcat.
>> >
>> > Presumably, that's what Rupali is trying to accomplish and it would be
>> > helpful for the whole community to post back.
>> >
>> > -chris
>> >
>> > > On Thu, Mar 24, 2022 at 1:51 PM rupali singh <
>> rupali.r.si...@gmail.com>
>> > > wrote:
>> > >
>> > >> Hi Peter,
>> > >>
>> > >> Are u using apache web server with tomcat or its only tomcat  .
>> > >> if possible can you please share steps for azure AD with me on
>> > >> rupali.r.si...@gmail.com
>> > >>
>> > >>
>> > >>
>> > >> On Thu, 24 Mar 2022 at 21:21, Peter Chiu  wrote:
>> > >>
>> > >>> I have a working APEX SSO against Azure AD or On-Permise AD.
>> > >>>
>> > >>> On Thu, Mar 24, 2022 at 1:13 PM rupali singh <
>> rupali.r.si...@gmail.com
>> > >
>> > >>> wrote:
>> > >>>
>> >  HI Team,
>> > 
>> >  We are using apex 21.1 with tomcat 9.54.
>> >  we want to implement SSO for application deployed in Apex  with
>> IDCS
>> >  reference URL :
>> > 
>> > 
>> > >>>
>> > >>
>> >
>> https://www.ateam-oracle.com/post/integrating-apex-with-oracle-identity-cloud-service
>> > 
>> >  but apex is not at all redirecting to IDCS URL and as per Oracle
>> issue
>> > >> is
>> >  with tomcat .
>> > 
>> >  anyone successfully implemented APEX SSO( webserver : apache
>> tomcat)
>> > >>> with
>> >  Oracle IDCS
>> >  or  APEX SSO( webserver : apache tomcat)  with Microsoft Azure AD.
>> >  can you please assist us with steps.
>> > 
>> >  --
>> >  Thanks and Regards,
>> >  Rupali
>> > 
>> > >>>
>> > >>
>> > >>
>> > >> --
>> > >> Thanks and Regards,
>> > >> Rupali
>> > >>
>> > >
>> >
>> > -
>> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> > For additional commands, e-mail: users-h...@tomcat.apache.org
>> >
>> >
>>
>
>
> --
> Thanks and Regards,
> Rupali
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: How to access Tomcat session objects directly via JavaScript?

2021-05-17 Thread Luis Rodríguez Fernández
Hello Leo,

You can add your custom header in the response via the
HttpServletResponse.addHeader() [1] method.

Hope it helps,

Luis

[1]
https://tomcat.apache.org/tomcat-8.5-doc/servletapi/javax/servlet/http/HttpServletResponse.html#addHeader(java.lang.String,%20java.lang.String)






El lun, 17 may 2021 a las 3:54, leo ()
escribió:

> Rony,
>
> Thanks for chiming! :-)
>
> >> […] In the JSP pages I retrieve the session
> >> object *through Java* like this
> >>
> >> <%
> >> HttpSession session = request.getSession();
> >> ...
> >> user = (String)session.getAttribute("user");
> >> ...
> >> %>
> >>
> >> Then later on these pages *in the JavaScript* part I have:
> >>
> >> 
> >> var user = "<%=user%>"
> >> ...
> >> 
> >>
> >> Question: Can I get the content of the session object in pure
> >> JavaScript? […]
> >
> > what taglib are you using?
>
> Sorry to appear ignorant, but I don’t know. I just use the <% …. %>
> and <%= … %> constructs in my JSP pages.
>
> I don’t maintain the server (it is Tomcat 8.5), but I could request
> small changes  (as long as they don’t break existing stuff!). Any way
> to find out what taglib the server provides?
>
> > or is your example purely hypothetical?
>
> No, no not at all. This is the code I use.
>
> Thanks and regards,
> Leo
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: [OT] Working with SAML

2021-03-17 Thread Luis Rodríguez Fernández
Hello Chris,

- Manually create DOM: agree with you, I would not go in that direction. I
did it years ago when I developed a logout servlet for weblogic. You can
have a look at the code here [1] and feel my pain :)
- Library: I remember testing opensaml [2], it was the most popular at that
time but  it is not supported anymore :(

I am not sure what's your scenario, perhaps it is very specific and you do
not have any other choice than get your hands dirty and implement something
on your own. However if what you have in mind fits in this diagram [3] and
you are running in tomcat :) I would use keycloak [4], for us is working
great.

Hope it helps,

Luis


[1] https://github.com/cerndb/wls-cern-sso/tree/master/saml2slo
[2] https://stackoverflow.com/a/9080912/637409
[3]
http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html#5.1.2.SP-Initiated%20SSO:%20%20Redirect/POST%20Bindings|outline
[4]
https://www.keycloak.org/docs/latest/securing_apps/index.html#_saml-tomcat-adapter







El mar, 16 mar 2021 a las 23:22, André Warnier (tomcat/perl) ()
escribió:

> Alternatively, see this :
> https://wiki.shibboleth.net/confluence/display/SP3/JavaHowTo
>
> On 16.03.2021 21:18, Christopher Schultz wrote:
> > Robert,
> >
> > On 3/16/21 14:33, Robert Turner wrote:
> >> Chris,
> >>
> >> I'm not sure if it will do what you want, but when sourcing Java-based
> SAML
> >> libraries for our use as an SP, I too found that most of the libraries
> were
> >> much larger and more complicated that I thought necessary. We went with
> the
> >> (limited but simple to use) OneLogin libraries for our use case. It
> doesn't
> >> do everything by any means, but was considerably smaller and simpler
> than
> >> most packages out there.
> >
> > I did see the OneLogin library. You mean this one, right?
> > https://github.com/onelogin/java-saml
> >
> > Is there anything tied to any particular service for that? Or do they
> simply give-away
> > their library for use anywhere?
> >
> > Thanks,
> > -chris
> >
> >> On Tue, Mar 16, 2021 at 1:55 PM Christopher Schultz <
> >> ch...@christopherschultz.net> wrote:
> >>
> >>> All,
> >>>
> >>> I've got a system which is accepting one-legged, signed SAML responses
> >>> from trusted third parties and going all the right things. It's working
> >>> great.
> >>>
> >>> It's time to look at doing the opposite: assembling our own SAML
> >>> responses, signing them, and sending them to another party.
> >>>
> >>> I'm sure I could manually create a DOM document with all the right
> >>> namespaces, add the various values that I need, and then use XML DSIG
> >>> using the bits and pieces that are provided by Java directly, but
> >>> there's got to be a nice compact library that doesn't require me to
> >>> download the entire internet in order to use in my product.
> >>>
> >>> Any recommendations?
> >>>
> >>> Thanks,
> >>> -chris
> >>>
> >>> -
> >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >>> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>>
> >>>
> >>
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Correct manager.xml for Tomcat 8 manager GUI

2021-02-25 Thread Luis Rodríguez Fernández
Hello Patrick,

Check if you have also the webapps/manager/META-INF/context.xml By default
that RemoteAddrValve [1] configuration only allows connections from the
same host.

Cheers,

Luis

[1]
https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/valves/RemoteAddrValve.html

El mié, 24 feb 2021 a las 20:13, Mark Eggers ()
escribió:

> On 2/24/2021 9:54 AM, Patrick Baldwin wrote:
> > Hi, I'm trying to reconfigure a pre-existing dev Tomcat 8 server so folks
> > can use the manager GUI; so far, I just get the ERR_CONNECTION_REFUSED
> > message.
> >
> > I've stripped the tomcat users file down to just:
> >
> > $ cat /usr/local/tomcat/conf/tomcat-users.xml
> > 
> >   
> >   
> > 
> >
> > And the  /usr/local/tomcat/conf/Catalina/localhost /manager.xml is
> > currently:
> > $ pwd
> > /usr/local/tomcat/conf/Catalina/localhost
> > $ cat manager.xml
> > 
> >
> > 
> >  className="org.apache.catalina.webresources.DirResourceSet"
> > webAppMount="/WEB-INF/classes" base="/usr/local/tomcat/webapps/manager"
> />
> > 
> >
> > 
> >
> >
> > Not seeing an error in catalina.out about the manager, looks like it's
> > deploying OK:
> >
> > 24-Feb-2021 12:00:56.070 INFO [localhost-startStop-1]
> > org.apache.catalina.startup.HostConfig.deployDescriptor Deploying
> > configuration descriptor
> > [/usr/local/tomcat/conf/Catalina/localhost/manager.xml]
> > 24-Feb-2021 12:00:56.092 INFO [localhost-startStop-1]
> > org.apache.catalina.startup.HostConfig.deployDescriptor Deployment of
> > configuration descriptor
> > [/usr/local/tomcat/conf/Catalina/localhost/manager.xml] has finished in
> > [22] ms
> >
> > Since it's a dev system, I've temporarily turned off the firewall and
> > selinux to make sure they aren't the issue.
> >
> > Any thoughts?
> >
>
> What version of Tomcat 8?
>
> For all recent versions of Tomcat (even 7), you'll need the following:
>
> http://tomcat.apache.org/xml;
>xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
>xsi:schemaLocation="http://tomcat.apache.org/xml
> tomcat-users.xsd"
>version="1.0">
> 
> 
>
> . . . just my two cents
> /mde/
>
>
>
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: JNDI ldaps Problem with SSO

2021-02-25 Thread Luis Rodríguez Fernández
Hello Susan,

org.apache.catalina.realm.JNDIRealm used the container log so
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = ALL
should give you some more details. By default these logs go to
the localhost.-MM-DD.log, if you want to print them in the console you
can always change the handler
to org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers =
java.util.logging.ConsoleHandler

Depending on your Active Directory configuration you may need to provide
connectionName and connectionPassword properties, from [1]:

*"When making a connection in order to search the directory and retrieve
user and role information, the realm authenticates itself to the directory
with the username and password specified by
the connectionName and connectionPassword properties. If these properties
are not specified the connection is anonymous. This is sufficient in many
cases."*

Cheers,

Luis

[1] http://tomcat.apache.org/tomcat-8.0-doc/realm-howto.html









El jue, 25 feb 2021 a las 18:26, Brian Wolfe ()
escribió:

> Seems there might be some debug you can turn on. I haven't tried it myself.
> But Look at this for reference.
> https://ldapwiki.com/wiki/Tomcat%20And%20LDAP
>
> On Thu, Feb 25, 2021 at 11:18 AM  wrote:
>
> > Dear Brian
> >
> > Thank you for your reply
> >
> > We can see the successful handshake with the LDAP Server.
> > We think, after that, some more data  goes back and forth and then the
> > connection is closed. We can't see, what is exactly happening - its
> TLSv1.3
> > When using ldap with port 3268 - its all good.
> > So the search itself seems to be fine.
> >
> > Only ldaps with port 3269 fails
> >
> > Is there maybe another debug Option for the ldap?
> >
> > Thank you
> >
> > Susan
> >
> >
> >
> > > -Original Message-
> > > From: Brian Wolfe 
> > > Sent: Donnerstag, 25. Februar 2021 17:00
> > > To: Tomcat Users List 
> > > Subject: Re: JNDI ldaps Problem with SSO
> > >
> > > if you define the truststore on the command line it will ignore the
> > cacerts file.
> > > Also looks like you're trying to connect to AD over the catalog port.
> > > I would suggest using the LDAPS port 636. The GC port is used to search
> > > things within the forest that may not be in the domain. small change
> but
> > > shouldn't cause a connection issue if you're using the catalog port.
> > >
> > > You shouldn't have to configure any additional SSL stuff on the realm.
> > As long
> > > as your JNDI url is ldaps it should know to use SSL. Java will
> negotiate
> > the SSL
> > > for you.
> > >
> > > One thing you can do is turn on SSL debug and look at the negotiation
> to
> > see
> > > if it is negotiating SSL.
> > > *-Djavax.net.debug=ssl*
> > > You should see it negotiate with the ldap server on startup. You will
> > also be
> > > able to see the whole SSL handshake and see if it's failing.
> > >
> > > On Thu, Feb 25, 2021 at 10:35 AM  wrote:
> > >
> > > > Hi Bill
> > > >
> > > > Thank you for your fast reply
> > > >
> > > > We are using RHEL7
> > > >
> > > > The JAVA is using it's default cacerts which includes all ROOT CA's
> of
> > > > the LDAP Server.
> > > > We also added another Trusstore in the JAVA OPTS of the Tomcat JVM,
> > > > which also includes the whole chain of the LDAP Server Cert:
> > > >
> > > > tomcat   21503 1  2 Feb16 ?05:32:41
> > /usr/java/latest/bin/java
> > > >
> -Djava.util.logging.config.file=/opt/tomcat/tomcat8_app1/conf/logging.
> > > > properties
> > > > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> > > > -Djavax.net.ssl.trustStore=/etc/pki/tls/certs/RootCore.jks
> > > > -Djavax.net.ssl.trustStorePassword=xxx
> > > > -Djdk.tls.ephemeralDHKeySize=2048 -Xmx12G -XX:+UseThreadPriorities
> > > > -Dnm.data.home=/opt/tomcat/data
> > > > -Djava.security.auth.login.config=/opt/tomcat/data/conf/jaas.conf
> > > > -Djava.security.krb5.conf=/opt/tomcat/tomcat8_app1/conf/krb5.conf
> > > > -Djavax.security.auth.useSubjectCredsOnly=false
> > > > -Dsun.security.krb5.debug=false -Duser.timezone=Europe/Berlin
> > > > -Djava.endorsed.dirs=/opt/tomcat/apache-tomcat-8.0.36/endorsed
> > > > -classpath
> > > > /opt/tomcat/apache-tomcat-
> > > 8.0.36/bin/bootstrap.jar:/opt/tomcat/apache-
> > > > tomcat-8.0.36/bin/tomcat-juli.jar
> > > > -Dcatalina.base=/opt/tomcat/tomcat8_appway1
> > > > -Dcatalina.home=/opt/tomcat/apache-tomcat-8.0.36
> > > > -Djava.io.tmpdir=/opt/tomcat/tomcat8_appway1/temp
> > > > org.apache.catalina.startup.Bootstrap start
> > > >
> > > > Our server.xml only contains the ldap realm and database realm.
> > > > Could it be, that a ssl config is necessary too?
> > > >
> > > > Thank you
> > > >
> > > > Susan
> > > >
> > > > > -Original Message-
> > > > > From: Bill Stewart 
> > > > > Sent: Donnerstag, 25. Februar 2021 16:04
> > > > > To: Tomcat Users List 
> > > > > Subject: Re: JNDI ldaps Problem with SSO
> > > > >
> > > > > On Thu, Feb 25, 2021 at 2:31 AM wrote:
> > > > >
> > > > > We are having a problem 

Re: Replacement / alternatives of Tomcat-juli.jar and Tomcat-juli-adapters.jar in Tomcat 9

2021-02-24 Thread Luis Rodríguez Fernández
Hello Ravi,

Here [1] upi can find an example of tomcat 9 + log4j2.

Hope it helps,

Luis

[1] https://github.com/lurodrig/log4j2-in-tomcat

El mié, 24 feb 2021 a las 17:09, Ravi Kumar ()
escribió:

> Hi Mark,
>
> Thanks for the suggestion and help. We will review and revert .
>
> Thanks again.
> Regards,
> Ravi
>
> On Wed, Feb 24, 2021 at 9:30 PM Mark Thomas  wrote:
>
> > On 24/02/2021 15:57, Ravi Kumar wrote:
> > > Hi Tomcat Team,
> > >
> > > We used to have *Tomcat-juli.jar and Tomcat-juli-adapters.jar*
> available
> > on
> > > Tomcat7 download pages under the EXTRAS directory.
> > >
> > > But with Tomcat 9, we don't have these 2 jars or in fact extras folder
> > > available. We use these jars for logging purposes of the
> web-application
> > > console.
> > >
> > > Could you please suggest any alternative jars or any other way for
> > > accommodating this replacements in Tomcat 9 ?
> >
> > Those were for log4j 1.x which is no longer supported.
> >
> > If you want to use log4j 2.x that can intercept java.util.logging
> > (Tomcat's default logging system) without additional Tomcat JARs.
> > Details on how to intercept j.u.l should be in the log4j 2.x docs.
> >
> > Mark
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Dynamic Configuration on TC startup

2021-02-24 Thread Luis Rodríguez Fernández
Hello,

- server.xml templating + docker: nice solution Martynas, we are doing
basically the same but with shell envsubst
- TC virtual-host creation: perhaps you can make use of the
https://tomcat.apache.org/tomcat-9.0-doc/html-host-manager-howto.html

Cheers,

Luis

El mié, 24 feb 2021 a las 0:51, Martynas Jusevičius ()
escribió:

> I think this is where you need to wrap your apps into Docker images :)
>
> See this base image for example:
> https://hub.docker.com/r/atomgraph/letsencrypt-tomcat
> It configures server.xml by using an XSLT stylesheet and environmental
> parameters:
> https://github.com/AtomGraph/letsencrypt-tomcat/blob/master/entrypoint.sh#L134
>
> And this image extends it and adds the webapp (as ROOT) in a two-stage
> build:
> https://github.com/AtomGraph/LinkedDataHub/blob/master/Dockerfile#L139
>
> Hope it helps.
>
> On Wed, Feb 24, 2021 at 12:45 AM Jerry Malcolm 
> wrote:
> >
> > The server solution I am developing is split across multiple Amazon Web
> > Services EC2 instances.  They all use the same TC WAR images.  But each
> > server handles a different portion of the functionality
> > aaa.mydomain.com is called for one set of function, and bbb.mydomain.com
> > is called for another set of function.  This is not load balancing the
> > same server.  It's two separate TC "hosts" with two different server
> > names, but the same code base.
> >
> > It hugely simplifies maintenance if I can create one EC2 server image
> > (AWS AMI) and clone it to both aaa.mydomain and bbb.mydomain servers.
> > But the one issue is the TC configuration.  The TC host name on aaa
> > needs to be configured as aaa.mydomain.com and bbb TC host name needs to
> > be configured as bbb.mydomain.com.
> >
> > I figure the brute force method is to clone the AMI to both and then
> > scp/ftp one TC config directory to aaa and a different TC config
> > directory to bbb.  That will work.  But in my mind it's not elegant, and
> > until I write automation scripts, it requires manual intervention.
> >
> > This may be a short thread if you say that's the way to do it. Fine.
> > But I do want to ask if there's any better ways to do this that I'm not
> > aware of, such as using RDNS or something at TC boot to identify if I'm
> > aaa or bbb based on my ip address and then boot the appropriate Tomcat
> > config accordingly.  Ok, maybe I'm just blue skying  But I would
> > like a few opinions from people a lot closer to this area than I am.
> >
> > One other fly in the ointment is that a few of the hosts currently have
> > light activity, but may grow.  So in a couple of cases, I have multiple
> > virtual TC hosts (ccc.mydomain, ddd.mydomain, and eee.mydomain) on one
> > single EC2 instance allowing for the capability to split any one of
> > those out to its own EC2 instance in the future as needed.
> >
> > So EC2-a has aaa, EC2-b has bbb, and EC2-c has ccc, ddd, and eee hosts.
> > But again, all of TC hosts run the same WAR packages.
> >
> > Thanks.
> >
> > Jerry
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: embedded, not local

2021-02-15 Thread Luis Rodríguez Fernández
mmm, I see...

- May I ask you to run ` openssl s_client -showcerts -connect
localhost:16004` to check that your tomcat connector has started? You
should get an output like `Verify return code: 18 (self signed certificate)`
- Having a look at what your browser is saying I have the feeling that your
issue is not 100% SSL/TLS related but more CORS related stuff...

Cheers,

Luis

El lun, 15 feb 2021 a las 16:18, Rob Sargent ()
escribió:

> Luis,
> Not a peep.  Not in IntelliJ, nor from startup script (with zero output
> redirects). It works (on localhost:16004 and on k1:16004 (fully
> qualified), but only http, not https.  The browser shows "This site
> can’t provide a secure connection" and not much from chrome inspect:
> request: "Referrer Policy: strict-origin-when-cross-origin"
> response: "Failed to load response data"
>
> Thanks
> rjs
>
> On 2/15/21 2:14 AM, Luis Rodríguez Fernández wrote:
> > Hello Rob,
> >
> > Do you have a stacktrace or error message that you can share?
> >
> > Cheers,
> >
> > Luis
> >
> >
> >
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: embedded, not local

2021-02-15 Thread Luis Rodríguez Fernández
Hello Rob,

Do you have a stacktrace or error message that you can share?

Cheers,

Luis




El lun, 15 feb 2021 a las 1:26, Rob Sargent ()
escribió:

> Yep, me again.
>
> Inching along here, unable as yet to re-create ssl traffic when not on
> localhost. Moving from my basement (localhost) where ssl worked using
>
> SGSSRVR_keystoreFile = /home/rob/Downloads/tomcat/localhost-rsa.jks
> SGSSRVR_truststoreFile  =
> /home/rob/Downloads/tomcat/localhost-rsa-cert.pem
> SGSSRVR_storeType = JKS
>
> to my office with three separate machines where I can better impersonate
> AWS.
> Following Chris's adivce (since I've been given the green light to
> self-sign)
>
> | Most people just want to mint a key+cert and have Tomcat use that
> for TLS. You can do that very simply:
> | $ keytool -genkey -keyalg RSA -sigalg SHA256withRSA -keysize 4096
> -alias ${HOSTNAME} -keystore ${HOSTNAME}.p12 -storetype PKCS12 -ext
> san=dns:${HOSTNAME}
> | Fill-out all the stuff. This gives you a new RSA key and a
> self-signed certificate. If self-signed is okay with you, you are done.
>
> I put in my fully qualified hostname("k1"), and added the full path of
> the .p12 file to my configuration props
>
> SGSSRVR_keystoreFile   =
> /home/u0138544/aws/deploy/server/k1.p12
> SGSSRVR_keystoreAlias = k1
> SGSSRVR_keystorePwd  = as-assigned
> SGSSRVR_truststoreFile =
> /home/u0138544/aws/deploy/server/k1.p12
> SGSSRVR_truststoreAlias   = k1
> SGSSRVR_truststorePwd= as-assigned
> ##(with and without)
> SGSSRVR_storeType= PCKS12 (JKStoo)
>
> and pick those up as follows (including trying only key and only trust
> portions)
>
>  done = done && connector.setProperty("sslProtocol", "TLS");
>  done = done && connector.setProperty("keyAlias",
> System.getProperty("SGSSRVR_keystoreAlias"));
>  done = done && connector.setProperty("keystorePass",
> System.getProperty("SGSSRVR_keystorePwd"));
>  done = done && connector.setProperty("keystoreFile",
> keyFile.getAbsolutePath());
>  done = done && connector.setProperty("keystoreType",
> System.getProperty("SGSSRVR_storeType"));
>
>  done = done && connector.setProperty("truststoreType",
> System.getProperty("SGSSRVR_storeType"));
>  done = done && connector.setProperty("truststoreFile",
> trustFile.getAbsolutePath());
>  done = done && connector.setProperty("truststorePassword",
> System.getProperty("SGSSRVR_truststorePwd"));   //always false
>  done = done && connector.setProperty("truststoreAlias",
> System.getProperty("SGSSRVR_truststoreAlias"));  //always false
>
>  done = done && connector.setProperty("SSLEnabled", "true");
>  done = done && connector.setProperty("clientAuth", "false");
>  done = done && connector.setProperty("maxThreads", "200");
>  done = done && connector.setProperty("SSLEnabled", "true");
>
>  if (! done) {
>System.out.println("Some problem(s) in connector setup");
>  }
>
> If anyone can tell me where I've gone wrong (again) I'm all ears.
>
>
>
>
>
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Not able to connect to Tomcat 9.0.39 instance using jconsole/jvisualvm

2021-02-04 Thread Luis Rodríguez Fernández
Hello Suvendu,

I've never used the
"org.apache.catalina.mbeans.JmxRemoteLifecycleListener", I would advise you
to continue using the JVM startup options for JMX [1]

Martynas: the JPDA port is using to enable debugging in your java process
and be able to connect to it, e.g. via your favourite IDE.

Cheers,

Luis

[1]
https://tomcat.apache.org/tomcat-9.0-doc/monitoring.html#Enabling_JMX_Remote






El mar, 2 feb 2021 a las 16:23, Suvendu Sekhar Mondal ()
escribió:

> Hi Martynas,
>
> On Tue, Feb 2, 2021 at 5:04 PM Martynas Jusevičius
>  wrote:
> >
> > Not sure if related, but JPDA address config changed from -
> > JPDA_ADDRESS=8000 on Tomcat 8 to - JPDA_ADDRESS=*:8000 on Tomcat 9
> > (i.e. host needs to be included, or a wildcard).
> >
> Thanks for pointing that out but I think it is not related to the
> problem I am seeing.
>
> > On Tue, Feb 2, 2021 at 12:22 PM Suvendu Sekhar Mondal 
> wrote:
> > >
> > > Hello Everyone,
> > >
> > > We recently migrated Tomcat from 7.0.55 to 9.0.39. Everything is
> > > working as expected except accessing exposed MBeans via JMX clients
> > > like jconsole/jvisualvm. While troubleshooting the issue, I enabled
> > > debug logging for both of those tools and it is throwing following
> > > error:
> > > java.rmi.ConnectIOException: non-JRMP server at remote endpoint
> > > at
> sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:248)
> > > at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
> > > at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:338)
> > > at
> sun.rmi.registry.RegistryImpl_Stub.lookup(RegistryImpl_Stub.java:112)
> > > at sun.tools.jconsole.ProxyClient.checkSslConfig(ProxyClient.java:234)
> > > at sun.tools.jconsole.ProxyClient.(ProxyClient.java:127)
> > > at sun.tools.jconsole.ProxyClient.getProxyClient(ProxyClient.java:475)
> > > at sun.tools.jconsole.JConsole$3.run(JConsole.java:524)
> > >
> > > We are using org.apache.catalina.mbeans.JmxRemoteLifecycleListener to
> > > specify RMI registry and server port like this:
> > >> > className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
> > > rmiRegistryPortPlatform="8181" rmiServerPortPlatform="8282" />
> > >
> > > And we can see that TC is registering properly to those ports:
> > >  2021-02-02 05:07:08,541 INFO
> > > org.apache.catalina.mbeans.JmxRemoteLifecycleListener - The JMX Remote
> > > Listener has configured the registry on port [8181] and the server on
> > > port [8282] for the [Platform] server
> > >
> > > We use remote JMX with no authentication or SSL:
> > > -Dcom.sun.management.jmxremote.ssl=false
> > > -Dcom.sun.management.jmxremote.authenticate=false
> > >
> > > Workaround is to add following options in JVM arguments and then I was
> > > able to use JMX on port 8181:
> > > -Dcom.sun.management.jmxremote
> > > -Dcom.sun.management.jmxremote.port=8181
> > >
> > > But I am not sure why it broke in Tomcat 9.0.39 in the first place
> > > because with a similar configuration we are able to access JMX on
> > > Tomcat 7.0.55. I noticed that JmxRemoteLifecycleListener has been
> > > deprecated and will be removed in future[1] but we are on a version
> > > which was released 3-4 months ago. So, could this be a bug or
> > > something else?
> > >
> > > [1] 2021-02-02 05:07:07,447 WARNING
> > > org.apache.catalina.mbeans.JmxRemoteLifecycleListener - The
> > > JmxRemoteLifecycleListener is deprecated as as the features it
> > > provides are now available in the remote JMX capability included with
> > > the JRE. This listener will be removed in Tomcat 10 and may be removed
> > > from Tomcat 9 some time after 2020-12-31.
> > >
> > > JDK version: jdk1.8.0_192
> > > OS: Windows Server 2016
> > >
> > > Thanks & Regards,
> > > Suvendu
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: SingleSignOn does not log debug info?

2021-01-14 Thread Luis Rodríguez Fernández
Hello Mark,

Thank you very much!

org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = ALL
does the trick for me:

/...
FINE [http-nio-8080-exec-5]
org.apache.catalina.authenticator.SingleSignOn.invoke SSO processing
request for [/manager/html]
.../...

Cheers,

Luis


El jue, 14 ene 2021 a las 17:04, Mark Thomas () escribió:

> On 14/01/2021 15:52, Luis Rodríguez Fernández wrote:
> > Hello there,
> >
> > I am trying to enable debug for
> > the org.apache.catalina.authenticator.SingleSignOn valve. In my
> > ${CATALINA_BASE}/conf/logging.properties I have set
> >
> > java.util.logging.ConsoleHandler.level = ALL
> > .../...
> > org.apache.catalina.authenticator.SingleSignOn.level = ALL
> >
> > In my ${CATALINA_BASE}/conf/server.xml I've uncommented
> >
> > 
> >
> > After a successful authentication in one of my webapps I can see that the
> > JSESSIONIDSSO cookie has been created, so I would expect to see some of
> the
> > containerLog.debug(...) statements of theSingleSignOn.invoke() method.
> >
> > Also If I try with org.apache.catalina.authenticator..level = ALL I can
> see
> > in my catalina.out
> >
> > 14-Jan-2021 16:48:23.326 FINE [main]
> > org.apache.catalina.authenticator.AuthenticatorBase.startInternal Found
> > SingleSignOn Valve at
> > SingleSignOn[StandardEngine[Catalina].StandardHost[localhost]]
> >
> > So I see that my SSO valve has been enabled.
> >
> > Am I missing something?
>
> Because it is the container log, that is the logger you need to
> configure ...level=debug for, not the authenticator package.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


SingleSignOn does not log debug info?

2021-01-14 Thread Luis Rodríguez Fernández
Hello there,

I am trying to enable debug for
the org.apache.catalina.authenticator.SingleSignOn valve. In my
${CATALINA_BASE}/conf/logging.properties I have set

java.util.logging.ConsoleHandler.level = ALL
.../...
org.apache.catalina.authenticator.SingleSignOn.level = ALL

In my ${CATALINA_BASE}/conf/server.xml I've uncommented



After a successful authentication in one of my webapps I can see that the
JSESSIONIDSSO cookie has been created, so I would expect to see some of the
containerLog.debug(...) statements of theSingleSignOn.invoke() method.

Also If I try with org.apache.catalina.authenticator..level = ALL I can see
in my catalina.out

14-Jan-2021 16:48:23.326 FINE [main]
org.apache.catalina.authenticator.AuthenticatorBase.startInternal Found
SingleSignOn Valve at
SingleSignOn[StandardEngine[Catalina].StandardHost[localhost]]

So I see that my SSO valve has been enabled.

Am I missing something?

Thanks in advance,

Luis

ps: my environment looks like this (removing folder paths for brevity):

$ ./bin/catalina.sh version
.../...
Using CLASSPATH:
.../apache-tomcat-9.0.41/bin/bootstrap.jar:.../apache-tomcat-9.0.41/bin/tomcat-juli.jar
Using CATALINA_OPTS:
Server version: Apache Tomcat/9.0.41
Server built:   Dec 3 2020 11:43:00 UTC
Server number:  9.0.41.0
OS Name:Linux
OS Version: 4.15.0-130-generic
Architecture:   amd64
JVM Version:1.8.0_191-b12
JVM Vendor: Oracle Corporation

$ ps -ef | grep tomcat
.../...
...jdk1.8.0_191/bin/java
-Djava.util.logging.config.file=.../apache-tomcat-9.0.41/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager .../...

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Virtual event focussed on Tomcat Security

2020-10-02 Thread Luis Rodríguez Fernández
Hello there,

Sounds good!

For the authentication of our tomcat applications we rely on a SSO solution
(keycloak) using standards like SAML and OpenIDConnect. Maybe a session
about this can fit in the event. I would be interested in what other folks
are doing in this field.

Thanks,

Luis







El jue., 1 oct. 2020 a las 17:19, Christopher Schultz (<
ch...@christopherschultz.net>) escribió:

> Raghu,
>
> On 9/30/20 10:35, Mysore, Raghunath wrote:
> > This plan about Tomcat security is very nice. We look forward to the
> meetings.
> >
> > Could we have a session related to " Best practices for using  Tomcat
> > +  (Apache Web Server) Forward Proxy (FP) combo in a real production
> > environment "  where an application hosted in Tomcat (web) container,
> > targets a  destination system in the internet, through the FP ?
> There are some presentations already on our "presentations" page that
> might address some of your questions. Is there something specific that
> is missing?
>
> http://tomcat.apache.org/presentations.html
>
> > The application communicates with the destination system on a TLS
> > channel. The FP is placed in a perimeter zone.   The role of FP is to
> > route the intranet traffic to the destination system in internet.
>
> This sounds like a fairly specific use-case. Are you looking for help in
> building such a system, or some suggestions for making sure that it's
> secure, high-performance, etc.?
>
> > Is there any generalized document that makes assessment (and
> > recommendations) of a Tomcat plus a Forward Proxy combo, in a real
> > word set up ?
> No, but it would probably be an interesting subject for a presentation.
> Maybe you could work with others in the community to develop such a
> presentation and in fact present it at an upcoming conference!
>
> -chris
>
> > -Original Message-
> > From: Maarten van Hulsentop 
> > Sent: Wednesday, September 30, 2020 3:10 AM
> > To: Tomcat Users List 
> > Subject: Re: Virtual event focussed on Tomcat Security
> >
> > Hi Mark,
> >
> > This sounds like a great idea to me. Security is a very important topic,
> and the maturity of the Tomcat makes it a very secure choice for users. I
> am sure a lot of people will be interested to join in.
> >
> > What is not completely clear to me on this event; would this event be
> focussed on improving the security of Tomcat from within (as a Hackathon
> suggests)? Like trying to find security flaws/improvements and get them
> fixed.
> > or is this meant to be an educational event where information is shared
> about secure setups/hardening of the Tomcat in production systems? Or a
> little of both?
> >
> > For the educational/hardening aspect, it could be nice to team up
> with/involve OWASP?
> >
> > I am surely interested to pitch in on this topic!
> >
> > Kind regards,
> >
> > Maarten van Hulsentop
> >
> > Op di 29 sep. 2020 om 13:26 schreef Mark Thomas :
> >
> >> Hi all,
> >>
> >> We (the Tomcat community) have some funding from Google to help us
> >> improve Tomcat security. Our original plan was to use the funding to
> >> support an in-person security focussed hackathon. As you would expect,
> >> those plans are on hold for now. We would, therefore, like to explore
> >> the possibility of doing something virtually.
> >>
> >> The purpose of this email is to gather input from the community about
> >> what such an event should look like. With that input we can put
> >> together a plan for the event. So, over to you. What would your ideal
> >> virtual event focussed on Tomcat Security look like?
> >>
> >> Thanks,
> >>
> >> Mark
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: [OT] Decent OAuth libraries?

2020-09-14 Thread Luis Rodríguez Fernández
Hello Chris,

I can suggest you Keycloak [1]. It supports OIDC (extension of OAUTH2) [2],
it has adapters for apache tomcat [3] and it is quite easy to start with. I
made a little proof of concept protecting the good and old /manager tomcat
application using the "Client Credentials Flow". My setup looks like this:

- Keycloak server: docker run --name=keycloak_for_oidc_tests -e
KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -p 9090:8080 -e
KEYCLOAK_IMPORT=/tmp/test-realm.json -v
$(pwd)/test-realm-with-users.json:/tmp/test-realm.json jboss/keycloak You
can find the test-realm.json here [4]
- Add this keycloak.json [5] to the $CATALINA_BASE/webapps/manager/WEB-INF/
folder. You can also generate via the admin console (localhost:9090/auth)
- Unzip [6] into $CATALINA_BASE/lib
- Declare the  in
the $CATALINA_BASE/webapps/manager/META-INF/context.xml

I will try to put all this in a little repo, maybe it can be helpful for
somebody else, but with the above steps you should be done. Maybe you want
to add some debugging to your $CATALINA_BASE/conf/logging.properties to see
what's happening under the hood:

org.keycloak.level = ALL
org.apache.catalina.realm.level = ALL
org.apache.catalina.authenticator.level = ALL

Hope it helps,

Luis

[1] https://www.keycloak.org
[2]
https://www.keycloak.org/docs/latest/securing_apps/index.html#openid-connect-2
[3]
https://www.keycloak.org/docs/latest/securing_apps/index.html#_tomcat_adapter
[4]
https://gist.github.com/lurodrig/6ecab404985683e6ed6cfe6c8fa8475f#file-test-realm-with-users-json
[5]
https://gist.github.com/lurodrig/ac51a5cdfd3482ea20680e19b77b2558#file-keycloak-json
[6]
https://downloads.jboss.org/keycloak/11.0.2/adapters/keycloak-oidc/keycloak-tomcat-adapter-dist-11.0.2.zip










El lun., 14 sept. 2020 a las 15:38, Christopher Schultz (<
ch...@christopherschultz.net>) escribió:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I'm looking at implementing OAuth/OAuth2 on the server for both
> incoming and outgoing SSO with other systems. It doesn't look like
> rocket surgery, but I figure: why reinvent the wheel?
>
> Has anyone had any experiences in particular they'd like to share? I
> think I'd prefer something that was explicitly geared-towards OAuth
> and not something more general like Apache CXF, unless CXF is *super
> good* as doing OAuth and also provides some other great thing that
> maybe I didn't know I needed.
>
> Thanks,
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9fcjgACgkQHPApP6U8
> pFiRcxAAtZ+rmO2i4PrFCRMPcEBWP6Z4z7IeBQUPfiotz5c84IvjOIqnJHyIx6RW
> Qyy7uy/7lHXMeu5xw/4DFx4qFxdG/O1+B7mekkxBrRnDFxOFByZS5RjVo0c8SFjo
> xiXvyeEy+/ucZb7Ca1M5Xryo5aIaTjXP8DSVkUWIfMqVyc9COrKt9Ds6gy/0xAll
> OcUj7CrRW1LiCoZmIPhXkabHqsxHofu5oEGHzcFE1tdsFr9L8JEfAPAhSgGJnDky
> yqW9P5LD8vH+34gVMqKCOOtHGVdNug7F4GTz+4z/ScHLhAcR/giRi/05ydigGvyL
> umux/QLzj1C5y1Nu+7jkBGz7QnokzsMMOjHH5n29/dIBOz/LS+6P7BidKLVgycdu
> HLomJpfmKRJaj6VHofMczYo6oCzGzrwdpeWBBvWwLE733CUU3IqQskUHvqIGj66C
> fopFuTk0Uyeizh7TY2+NyIAdcGdQyNjb+qYHYoN19Td8V/eAM3HjcJsxC9j0WRlT
> Sx16g0pMDLu36IjO2C4ltE7mUcKbD8yTZkTcs6ORTBX/88Kbj6dfymHj13DUUz5H
> +d2PbLlm8NNz530OmSJ0FopnM6afjCRzlE/tfQUOmCnGyxKjo+piqnBLws6no7NB
> 4+I9auIX0gmXygc/h/S2e8SH4sElCNfgRj9Cw8sgK7znc6wKTpc=
> =pwRm
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Truststore in HTTPS Connector does not work with Linux

2020-09-08 Thread Luis Rodríguez Fernández
Hello David,

That error usually happens when the java process (tomcat) can not access
the truststore file. May I ask you to check permissions and ownership of
the truststore file? You can always add -Djavax.net.debug=all to your
CATALINA_OPTS, it will give you way more information about the issue.

Hope it helps,

Luis







El mar., 8 sept. 2020 a las 9:58, David Weisgerber (<
david.weisger...@ms-gmbh.de>) escribió:

> Hi,
> I have some weird problem or bug with the HTTPS Connector. In our product,
> that ships with tomcat we want to achieve the following:
> There is one keystore where the customer puts its server certificate for
> HTTPs as well as (if intended) zero or one certificate for client
> authentication. The certificate for client authentication can be
> self-signed and the customer can setup its own certificate authority for
> this.
> For this I put the following code for configuring the connector in the
> server.xml:
>
>  protocol="org.apache.coyote.http11.Http11NioProtocol"
>maxThreads="150" SSLEnabled="true" scheme="https"
> secure="true" bindOnInit="false"
>clientAuth="false" sslProtocol="TLS"
> keystoreFile="/diagdata/keystore.jks" keystorePass="custo1234"
> keyAlias="main" truststoreFile="/diagdata/keystore.jks"
> truststorePassword="custo1234" />
>
> (The real clientAuth is done in the deployed application because it is
> more complicated, I just need the feature to be enabled).
> This gives me the following error:
> org.apache.catalina.LifecycleException: Protocol handler start failed
> <2>at
> org.apache.catalina.connector.Connector.startInternal(Connector.java:1038)
> <2>at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
> <2>at
> org.apache.catalina.core.StandardService.startInternal(StandardService.java:438)
> <2>at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
> <2>at
> org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930)
> <2>at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
> <2>at org.apache.catalina.startup.Catalina.start(Catalina.java:633)
> <2>at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> <2>at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> <2>at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> <2>at java.base/java.lang.reflect.Method.invoke(Method.java:564)
> <2>at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343)
> <2>at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:478)
> <2>Caused by: java.lang.IllegalArgumentException: the trustAnchors
> parameter must be non-empty
> <2>at org.apache.tomcat.util.net
> .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
> <2>at org.apache.tomcat.util.net
> .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
> <2>at org.apache.tomcat.util.net
> .NioEndpoint.bind(NioEndpoint.java:217)
> <2>at org.apache.tomcat.util.net
> .AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141)
> <2>at org.apache.tomcat.util.net
> .AbstractEndpoint.start(AbstractEndpoint.java:1227)
> <2>at
> org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:592)
> <2>at
> org.apache.catalina.connector.Connector.startInternal(Connector.java:1035)
> <2>... 12 more
> <2>Caused by: java.security.InvalidAlgorithmParameterException: the
> trustAnchors parameter must be non-empty
> <2>at
> java.base/java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
> <2>at
> java.base/java.security.cert.PKIXParameters.(PKIXParameters.java:157)
> <2>at
> java.base/java.security.cert.PKIXBuilderParameters.(PKIXBuilderParameters.java:130)
> <2>at org.apache.tomcat.util.net
> .SSLUtilBase.getParameters(SSLUtilBase.java:494)
> <2>at org.apache.tomcat.util.net
> .SSLUtilBase.getTrustManagers(SSLUtilBase.java:425)
> <2>at org.apache.tomcat.util.net
> .SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
> <2>at org.apache.tomcat.util.net
> .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
> <2>... 18 more
>
> The error goes away when I remove truststoreFile and truststorePassword.
> Now comes the interesting part: The same configuration works under Windows
> (with other paths of course) using the Windows-Store as truststore for
> HTTPS connections to other servers. The same configuration worked with
> Tomcat 8.5.4 and the error just popped up from version 8.5.5. The error
> also seems not to be based on the java version, I tried it with Java 8 and
> Java 14. Under Windows we use Java 9...
>
> Is this a Linux specific bug? What is a trust anchor anyway?
>
> Thanks in advance,
> David
> -
> To unsubscribe, e-mail: 

Re: Faster Start Up

2020-07-17 Thread Luis Rodríguez Fernández
Hello Chris,

Yes, I do agree that / docs do not look very
clear. We after different test ended up with configurations like this one
(${CATALINA_BASE}/conf/context.xml)


  


or this other one (${CATALINA_BASE}/conf/catalina.properties)

tomcat.util.scan.StandardJarScanFilter.jarsToSkip=*.*

for disabling completely the jar scanning.

Cheers,

Luis

ps: finally we decided to disable the jar scanning just for the jars that
we were adding ourselves in our custom tomcat image (keycloak for SSO,
jolokia for monitoring and some utilities). Our colleague Thomas added
below shell kung-fu to our Dockerfile

RUN jars_to_skip_in_tld_search=$(find ${CATALINA_BASE}/lib/* -printf "%f,")
\
 && line_number_of_beginning_of_skip_list=$(sed -n
'/tomcat.util.scan.StandardJarScanFilter.jarsToSkip=\\/='
${CATALINA_BASE}/conf/catalina.properties) \
 && comment_to_insert="# Note: The first line of the list (and this
comment) was inserted while\n# building the image to skip TLD scanning of
our own jars." \
 && sed -i
"${line_number_of_beginning_of_skip_list}a\\${jars_to_skip_in_tld_search}"
${CATALINA_BASE}/conf/catalina.properties \
 && sed -i
"${line_number_of_beginning_of_skip_list}i\\${comment_to_insert}"
${CATALINA_BASE}/conf/catalina.properties \
 && echo "Will skip jars: ${jars_to_skip_in_tld_search}"

pps: BTW: thanks Thomas, it works!











El mié., 15 jul. 2020 a las 18:51, Christopher Schultz (<
ch...@christopherschultz.net>) escribió:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> On 7/15/20 10:14, Christopher Schultz wrote:
> > Reading the documentation for / it
> > looks like maybe this would work:
> >
> >  
> > 
>
> With the above configuration, I still see this INFO log in my log file:
>
> INFO: At least one JAR was scanned for TLDs yet contained no TLDs.
> Enable debug logging for this logger for a complete list of JARs that
> were scanned but no TLDs were found in them. Skipping unneeded JARs
> during scanning can improve startup time and JSP compilation time.
>
> > Or maybe:
> >
> >  
> > 
>
> Looks like this gets the job done.
>
> I'm curious: why does tldScan="" not work?
>
> > If I specify one of the above, will the JAR scan still occur
> > (meaning, enumerate the list of JAR files and run through them) but
> > no JAR files will actually be opened? Or will the scanning process
> > be skipped entirely if the JarScanner sees that its configuration
> > implies it will never do any work?
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl8PNBAACgkQHPApP6U8
> pFhkkBAAl1MLW79GuyPRC8QP/ZeWwFJcpDL52JgS7NR/xulENkybpFtqCjzfXdzv
> w8jMKDN6AkcFzVo6oNnGkuMn4hUKSVHE8y44kMNW49YNGn7xSnqXt8iXDOUVkrqv
> kP1S82Yjc3UZxfQ8CZrGU/VV8qCwGgbRwbNLJp6VdS0tedJCku9MI1KpVu1tKCi0
> uSV+39j6DRAnWgdnaCaxRPBROm0R7d5TB2fR+C/uzfxXnxaL+kihGp9hDlenbeFS
> JhQigxP2+U6o9J2GtDKSk2v2+yre01ZWDwPKG0SIU0hvZfIxo2mxjkt2Pze9P7yT
> UC8lNaZ/asL1PQW3+6rWep7Pp4XEYGz929HQdOZFhIoGpzPvVwDVFiJ22bib41SB
> +/oiRWoly2xwwBHN+U30SS2TMsqvBxvXZKb07riK7BeOB/Ep42Wh/LDFw5W0ZKRs
> jDW3to0JaqdcLkBftRKmdJT1zwn/3KcIVWcLioyx/lr+kQpykEfMCeeZ5BWonEWp
> OP86c6ofbwv32h5qkFT4DPRd8tNDFDI8S9UpNnGcmnTMDbJEkA5sIsdgx8AvOGwp
> 5CAr1ME6TeAmmx8yZsCHv2wSkNsuKEAggq5MOW7V3VdS37ChV8TBW86Kl3n2OXn/
> T1s+P1RGg1T0nBUf7bA7zecUmD2urH/HYg/ncoysshA5XjjPQ7g=
> =hvr2
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Junk characters in SOAP request after upgrade to tomcat 9.0.31

2020-06-10 Thread Luis Rodríguez Fernández
Hello Naveen,

Recently we have had a similar issue migrating a webapp from another
application server to tomcat. We solved it specifying
UTF-8 in the
web.xml descriptor.

You can read here [1] the long story :)

Hope it helps,

Luis

[1] https://cwiki.apache.org/confluence/display/TOMCAT/Character+Encoding


El mié., 10 jun. 2020 a las 11:08, Naveen Kumar ()
escribió:

> Hi All,
>
> I have a webapp A which has few SOAP services and I consume those services
> from webapp B.
> I started getting below error since I upgraded the tomcat to 9.0.31 (from
> 9.0.24):
> com.sun.xml.ws.transport.http.HttpAdapter.invokeAsync Couldn't create SOAP
> message due to exception: XML reader error:
> javax.xml.stream.XMLStreamException: java.io.EOFException: Unexpected EOF
>
> Then I wrote a filter at webapp A to intercept the request and I could see
> that some junk characters are added in the SOAP request.
>
> If I upgrade tomcat to 9.0.35, the error disappears.
>
> Problematic request:
> LoggingFilter.doFilter - The servlet  request soap mapping  body is:à   8Ï
> S(http://schemas.xmlsoap.org/soap/envelope/ð??? Envelope??? Body8Ï ns13
>
> Correct request:
> The servlet  request soap mapping  body is: encoding='UTF-8'?>
> Does anyone know what could be the possible reason for this?
>
> Thanks in advance.
> - Naveen
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Regarding context.xml changes impact other web service not deployed

2020-06-09 Thread Luis Rodríguez Fernández
Hello Abirami,

Well, strict does what it promises, so if those third-party rest services
were expecting some cookies that now are not being sent by the browser, it
is normal that they do not work as expected.

Internal implementation: sure! You can always have a look at the code of
the different CookieProcessors [1] & [2]

Hope it helps,

Luis

[1]
https://github.com/apache/tomcat/blob/f3c9fdd40bdbc3dc22b512596954e2bc6d424d5a/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
[2]
https://github.com/apache/tomcat/blob/623b2c9d0997481f1c5229135fa2f92e24303e47/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java



El mar., 9 jun. 2020 a las 7:59, S Abirami ()
escribió:

> Hi Team,
>
>  In our product to address security vulnerability in context.xml, we
> have introduced following entry
>
>  
>
>
> After introducing the above line, I noticed few rest service which is not
> deployed in that Tomcat also getting impact.
>
> Deployment Details
>
> Deployed :RHEL
> Tomcat Installation format :  tar.gz
>
> Hence,  interested to know about the internal implementation of the
> context in Tomcat to understand the impact.
>
> Thanks in advance for the support.
>
> Regards,
> Abirami.S
>
>
>
>
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Ensuring clean Tomcat shutdown

2020-06-08 Thread Luis Rodríguez Fernández
Hello Amit,

Well, your approach will work. Personally, I do not like very much to parse
logs. We, for instance, in our tomcat instances we provide an application
that queries the status of the deployed apps, see below.

If you have control in the code of  "AAA" application I would suggest you
to implement contextDestroyed [1] and make a clean up of your resources (db
connections, etc.)

The catalina stop  works beautifully in linux. I must to confess that it
is being a while since I do not have a look at the catalina.bat one :)

Hope it helps,

Luis

[1]
https://tomcat.apache.org/tomcat-9.0-doc/servletapi/javax/servlet/ServletContextListener.html#contextDestroyed-javax.servlet.ServletContextEvent-

// From Registry javadocs: It provides methods to create and

// manipulate model mbeans and simplify their use.protected transient
Registry registry;private static final String ALL_WEB_MODULES_QRY =
"*:j2eeType=WebModule,*";

// Get all modules (contexts)
// Retrieve the MBean serverregistry = Registry.getRegistry(null,
null);mBeanServer = Registry.getRegistry(null,
null).getMBeanServer();Set objectNames =
mBeanServer.queryNames(new ObjectName(ALL_WEB_MODULES_QRY), null);







El dom., 7 jun. 2020 a las 3:50, Amit Pande ()
escribió:

> When the application does not clean up the resources, during shutdown, we
> see WARNINGs in Catalina logs:
>
> "WARNING [Catalina-utility-21]
> org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesThreads The
> web application [AAA] appears to have started a thread named [BBB] but has
> failed to stop it. This is very likely to create a memory leak. Stack trace
> of thread:"
>
> I wanted to ensure a clean Tomcat shutdown and thinking of an automated
> test:
>
>   1.  Stop Tomcat
>   2.  Parse/grep Catalina logs for warnings like above
>   3.  If found, fail the test, if not pass
>
> Is there a better/elegant way to achieve this? E.g. using life cycle
> listeners?
>
> Also, the catalina stop  option (where a kill is attempted after n
> seconds are passed) works for all platforms, is my understanding correct?
>
> Thanks,
> Amit
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: how do I switch class loaders

2020-05-08 Thread Luis Rodríguez Fernández
Hello Jonathan,

It is not exactly the same :), look at the "$2" appended at the end.This is
an "anonymous inner class" [1]

Cheers,

Luis

[1]
https://stackoverflow.com/questions/11388840/java-compiled-classes-contain-dollar-signs


El vie., 8 may. 2020 a las 11:52, Jonathan Yom-Tov (<
jonathan.yom...@sysaid.com>) escribió:

> This is very odd. I ran Tomcat with -verbose:class (see relevant output
> below). The class is being loaded twice from the same location, I'm
> guessing by two different class loaders. How can that be?
>
> [Loaded org.redisson.tomcat.RedissonSessionManager from
> file:/C:/dev/tomcat.9.0.19/lib/redisson-tomcat-9-3.12.2.jar]
> [Loaded org.redisson.tomcat.RedissonSessionManager$2 from
> file:/C:/dev/tomcat.9.0.19/lib/redisson-tomcat-9-3.12.2.jar]
>
> On Fri, May 8, 2020 at 11:04 AM Olaf Kock  wrote:
>
> >
> > On 08.05.20 09:37, Jonathan Yom-Tov wrote:
> > > Thanks Mark. Just tried that. I put the redisson-tomcat jar outside of
> > > WEB-INF/lib and added it with scope provided. I get the exact same
> issue.
> > > What am I doing wrong?
> >
> > Make sure, it's actually gone from your webapp. Depending on the
> > deployment technique I've seen removed files to persist from previous
> > deployments.
> >
> > You might need to fully undeploy, then deploy the new version without
> > the jar in question. But inspect the runtime environment to make sure
> > you only have a single library accessible. Having the same class
> > available two different ways is a recipe for disaster, don't fix it my
> > messing with the classloader: Fix it by eliminating one of them.
> >
> > You might also check if you're not accessing any wrapped object, e.g. by
> > inspecting getManager(session).getClass().getName().
> >
> > Olaf
> >
> >
> >
> > > Here's my code:
> > >
> > > HttpSession session = httpServletRequest.getSession(false);
> > > try {
> > > RedissonSessionManager rsm = (RedissonSessionManager)
> > getManager(session);
> > > } catch (Exception e) {
> > > e.printStackTrace();
> > > }
> > >
> > > private Manager getManager(HttpSession session) throws Exception {
> > >
> > > Field facadeSessionField =
> > > StandardSessionFacade.class.getDeclaredField("session");
> > > facadeSessionField.setAccessible(true);
> > > StandardSession stdSession = (StandardSession)
> > > facadeSessionField.get(session);
> > >
> > > return stdSession.getManager();
> > > }
> > >
> > >
> > >
> > > On Thu, May 7, 2020 at 11:52 PM Mark Thomas  wrote:
> > >
> > >> On 07/05/2020 21:36, Jonathan Yom-Tov wrote:
> > >>> My application uses Redisson (a client which persists the session to
> > >>> Redis). There are two Redisson jar files located in
> $CATALINA_HOME/lib,
> > >> so
> > >>> if I understand the docs correctly they're loaded by the common class
> > >>> loader.
> > >>>
> > >>> I want to access the RedissonSessionManager class during a request.
> The
> > >>> problem is that if I do something like RedissonSessionManager
> manager =
> > >>> (RedissonSessionManager) session.getManager() I get a
> > ClassCastException,
> > >>> presumably because they were loaded by different class loaders.
> > >>>
> > >>> Will it help if I somehow access the common class loader for this? If
> > so
> > >>> how can I do that? If not is there some other way I can achieve this?
> > >> Make sure you don't have those JARs in your application's WEB-INF/lib
> as
> > >> well as $CATALINA_BASE/lib.
> > >>
> > >> In any recent version of Tomcat any JAR in $CATALINA_BASE/lib will be
> > >> visible to your application.
> > >>
> > >> Mark
> > >>
> > >> -
> > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > >> For additional commands, e-mail: users-h...@tomcat.apache.org
> > >>
> > >>
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
>
> --
> [image: SysAid Technologies]
> <
> http://www.sysaid.com/?utm_source=signature_medium=email_campaign=sysaid-logo
> >
> Jonathan Yom-Tov
> Senior Architect
> jonathan.yom...@sysaid.com
> Phone (IL): +972 (3) 533-3675 Ext. 932
> [image: SysAid Technologies]
> <
> https://www.sysaid.com/?utm_source=signature_medium=email_campaign=sysaid-logo-icon
> >
>   [image: SysAid on Facebook] 
>  [image:
> SysAid on Twitter]    [image: SysAid on
> Linked-in] 
>  [image:
> SysAid on YouTube]    [image:
> SysAid
> on Instagram] 
> [image: Banner] 
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: log4j failed on tomcat9

2020-05-08 Thread Luis Rodríguez Fernández
Hello AjChen,

Here [1] you can find an example of how I configured log4j2 in tomcat 9.
You can skip all the bla, bla, bla and go directly to the gitthub repo [2]
and run the example to have a look at the configuration.

Note: I've been running like this for a while in production, but I do think
that I am going to come back to the default, beautiful and simple JULI :)

Hope it helps,

Luis

[1]
https://db-blog.web.cern.ch/blog/luis-rodriguez-fernandez/2019-03-keeping-your-logs-clean-apache-tomcat-9-log4j2-and-spring-boot
[2] https://github.com/lurodrig/log4j2-in-tomcat/

El jue., 7 may. 2020 a las 23:48, Christopher Schultz (<
ch...@christopherschultz.net>) escribió:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> AJ,
>
> On 5/7/20 16:40, AJ Chen wrote:
> > I use eclipse to develop web app for tomcat, Web app has a
> > dependent project and so the dependent project and all jars are
> > added on the classpath for tomcat runtime. Log4j works on tomcat 6.
> > But after upgrate to tomcat 9, log4j failed to start with the
> > following error. Anyone has seen similar problem? log4j2 also
> > failed. Thanks.
> >
> > log4j:ERROR A "org.apache.log4j.DailyRollingFileAppender" object is
> > not assignable to a "org.apache.log4j.Appender" variable.
> > log4j:ERROR The class "org.apache.log4j.Appender" was loaded by
> > log4j:ERROR [sun.misc.Launcher$AppClassLoader@18b4aac2] whereas
> > object of type log4j:ERROR
> > "org.apache.log4j.DailyRollingFileAppender" was loaded by
> > [ParallelWebappClassLoader
>
> Can I just say that the above is a masterpiece of diagnostic error
> messaging?
>
> I can already tell that you have a classloading issue, and it's almost
> certain that you have log4j.jar both in CATALINA_BASE/lib and your web
> application's META-INF/lib directory. Is that the case?
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl60gjsACgkQHPApP6U8
> pFgydxAAvnJ1tJFklOMnsHnx+gFn7m0UkWjs1Sj+1zurmjuAzd64aXjwt8Mh2FRH
> JaJ4R0kYaHruoJxNDKelS+FIYgn1qe7D7LE7uq6gmNHg5b1JruoUXbk2GcaTfM55
> htu9idB/JOyx5lmlP4tR6E/K7HctM6h2A7zuJ2s98VM2WljU/Ts6v5R1C53JbXq6
> gzB0g6XYyVnuQx/9qoSyOSqKIBp3jLp2G8JlKje7SzKZcJeXSzq0HPUX6Do15VK1
> Rl8ineKRjwDHgujjN3DiXqh+BnbdY6URsFApwGVxNLqh/ykIQYIHVxCGuRv9+W3D
> i0Uxx9C2p6rb6Nr8Tk6lxZjx1IMCC0JuKaunHPt6bQ26s/VNEROU5aztQ5RF/ynN
> pjFvwa/UIR6/i5u7mtGo2WBRLmH04KOu/7ZS8FL4ieKHXuaGGDvZlTe3AZ8hBPNx
> 2jHtmpqWiQaw1+lMnL7RxrmGBISIWSH4+MAKXWDzM4OSeTsKxTv2gcZ14Z9HfYZm
> JGO3DGgOSfWAnFSTYX9L/NodRfIDXLMPTAG/epWzSSiF5tf6nAzWNj6Vbi1L0VnS
> 8IdfqHavSGeIqhDqwTSwuQhXYdoc6AyBdY5WIYEGiUNu789b9SjNlY8/EWqjrJKx
> 3Au9YxYkMTqi2SL/r1cCd8HU+imS9L3aSZPKaOn73AsTtux/VCA=
> =IVj+
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Changing the Java using by Tomcat

2020-05-08 Thread Luis Rodríguez Fernández
Hello Krishna,

Me I would point my JRE_HOME or JAVA_HOME to the new installation. You can
have a look at the section 3.2 of the RUNNING.txt [1]

Hope it helps,

Luis

[1] https://tomcat.apache.org/tomcat-9.0-doc/RUNNING.txt





El mié., 6 may. 2020 a las 11:01, André Warnier (tomcat/perl) (<
a...@ice-sa.com>) escribió:

> On 06.05.2020 10:55, Reddy, Tippana Krishnanandan wrote:
> > Hi All,
> >
> > We are using tomcat 9.0.6 and we want to change existing JAVA used by
> tomcat and replace it Adopt openJDK without uninstalling the tomcat.
> >
> > Is this possible? if so can anyone please send us details how to
> approach this.
> >
>
> I don't think that there is anything in the tomcat configuration itself
> that must be changed.
> It will consists mostly of changes to the tomcat startup scripts.
> Under what OS are you running tomcat ? and how was it installed ?
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Getting 404 error while accessing URL after deployment

2020-05-05 Thread Luis Rodríguez Fernández
Hello Megha,

I am afraid that with that information you can not be sure if your webapp
has been deployed or not. Maybe you can have a look at the manager app of
your tomcat [1] instance (http://localhost:8080/manager), or query for the
state of the applications using the jmxproxyservlet (
http://localhost:8080/manager/jmxproxy/?qry=*:j2eeType=WebModule,*)

About the logs: I would recommend you to increase the level. The tomcat
logging [2] can be a good place to start, or check in your application
sources, chances are that you are using some logging framework.

Hope it helps,

Luis

[1] http://tomcat.apache.org/tomcat-9.0-doc/manager-howto.html
[2] http://tomcat.apache.org/tomcat-9.0-doc/logging.html

El mar., 5 may. 2020 a las 6:23, Megha Agrawal ()
escribió:

> Hi,
>
> > Where did you look for the logs ?
> I look into the files inside the logs folder.
>
> >Please check your Tomcat configuration. If there are errors during the
> >deployment they must be written to logs/catalina.out.
>
> There is no file named Catalina.out in the logs folder. In
> logs/catalina.txt file no such error logged that means deployment of
> project is successful.
> Project is deploying successfully but unable to run the API related to
> project.
>
> Thanks
> Megha Agrawal
>
>
> From: Martin Grigorov
> Sent: Monday, May 4, 2020 7:49 PM
> To: Tomcat Users List
> Subject: Re: Getting 404 error while accessing URL after deployment
>
> Hi,
>
> On Mon, May 4, 2020 at 5:02 PM Megha Agrawal  wrote:
>
> > Hi
> >
> > I am trying to deploy my project on the tomcat server and access the URL
> > using browser. Project is deploying successfully on the server but unable
> > to access URL related to that project. Also, logs are not generating for
> > the deployment and request. Therefore unable to find the reason for the
> > problem.
> >
>
> Where did you look for the logs ?
> Please check your Tomcat configuration. If there are errors during the
> deployment they must be written to logs/catalina.out.
>
>
> >
> > I am using the following configurations:
> > Tomcat version: 9.0.34
> > Operating system: Windows 10 (64-bit)
> > IDE: Eclipse (Version: 2019-03 (4.11.0), Build id: 20190314-1200)
> > Java: JDK-8
> >
> > The same project is running fine on other machines and also other
> projects
> > are running fine on this server.
> > Please look into this issue and provide some details about it.
> >
> > Thanks and regards
> > Megha Agrawal
> >
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Error occurred while upgrading BPM application to Tomcat 8.5.53

2020-04-09 Thread Luis Rodríguez Fernández
Hello Kushagra,

Regarding the supported platform matrix [1] it looks like the tomcat
version should be Tomcat 8.5.28

Hope it helps,

Luis

[1]
https://docs.alfresco.com/process-services1.10/concepts/supported-platforms.html






El jue., 9 abr. 2020 a las 9:53, Kushagra Bindal ()
escribió:

> Hi,
>
> We are currently using Alfresco APS 1.10.0 version. It is working smoothly
> with 8.5.24 version.
>
> But while upgrading this to Tomcat 8.5.53 we are encountering below error.
>
> 08-Apr-2020 08:46:07.951 WARNING [localhost-startStop-1]
> org.apache.catalina.startup.SetContextPropertiesRule.begin
> [SetContextPropertiesRule]{Context} Setting property 'debug' to '100' did
> not find a matching property.
> 08-Apr-2020 08:46:13.919 SEVERE [localhost-startStop-1]
> org.apache.catalina.core.ContainerBase.addChildInternal
> ContainerBase.addChild: start:
> org.apache.catalina.LifecycleException: Failed to start component
>
> [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/bpm-designer]]
> at
>
> org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:440)
> at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:198)
> at
>
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:743)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
> at
>
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
> at
>
> org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1859)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
>
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.IllegalArgumentException: More than one fragment with
> the name [spring_web] was found. This is not legal with relative ordering.
> See section 8.2.2 2c of the Servlet specification for details. Consider
> using absolute ordering.
> at
>
> org.apache.tomcat.util.descriptor.web.WebXml.orderWebFragments(WebXml.java:2200)
> at
>
> org.apache.tomcat.util.descriptor.web.WebXml.orderWebFragments(WebXml.java:2159)
> at
>
> org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1131)
> at
>
> org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:776)
> at
>
> org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:299)
> at
>
> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
> at
>
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5065)
> at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
> ... 10 more
> 08-Apr-2020 08:46:13.921 SEVERE [localhost-startStop-1]
> org.apache.catalina.startup.HostConfig.deployDirectory Error deploying web
> application directory [/usr/local/tomcat/webapps/bpm-designer]
> java.lang.IllegalStateException: ContainerBase.addChild: start:
> org.apache.catalina.LifecycleException: Failed to start component
>
> [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/bpm-designer]]
> at
>
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:747)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:719)
> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
> at
>
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1125)
> at
>
> org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1859)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
>
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> 08-Apr-2020 08:46:13.922 INFO [localhost-startStop-1]
> org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
> application directory [/usr/local/tomcat/webapps/bpm-designer] has finished
> in [6,051] ms
>
> We explored the same on google and found one solution on stackoverflow :
>
> https://stackoverflow.com/questions/54290263/more-than-one-fragment-with-the-name-spring-web-was-found-this-is-not-legal-w
>
> Now we tried it by setting  in web.xml, but the problem
> persist.
>
> Can someone please suggest the possible solution of this problem.
>
> --
> Regards,
> Kushagra
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: invoke jmxproxy servlet using argument with a , is not a possible

2020-03-24 Thread Luis Rodríguez Fernández
Hello Arnaud,

If jmxproxy does not work for you perhaps you can give a try to jolokia
[1]. It accepts JSON POST requests [2] that can implement your scenario.
The installation is quite straight-forward, simply deploy it as a .war or
attach it as an agent to your JVM.

Hope it helps,

Luis

[1] https://jolokia.org

[2] https://jolokia.org/reference/html/protocol.html#post-request










El mar., 24 mar. 2020 a las 9:36, Martin Grigorov ()
escribió:

> Hi,
>
> On Mon, Mar 23, 2020 at 7:08 PM Arnaud Yahoo 
> wrote:
>
> > Hello
> >
> > I am trying to invoke a mbean through jmxproxy servlet. Arguments are
> > separated with , so when one argument itself is containing a coma, it
> > breaks the invocation.
> >
> > It seems there is no way to escape ,.
> >
> > For example trying to save a context configuration fails :
> >
> > curl -u user:pass -G "http://localhost:8080/manager/jmxproxy/;
> > --data-urlencode "invoke=Catalina:type=StoreConfig" --data-urlencode
> > "op=storeContext" --data-urlencode
> >
> "ps=Catalina:j2eeType=WebModule,name=//localhost/myContext,J2EEApplication=none,J2EEServer=none,true,true"
> >
> >
>
>
> https://github.com/apache/tomcat/blob/b9aff64f78740235a5565004423be40cadc740ac/java/org/apache/catalina/manager/JMXProxyServlet.java#L240
> splits
> the parameters by comma and in your case it finds 5 parameters, while
> StoreConfig#storeContext(String, boolean, boolean) expects 3 parameters.
> Without improvements in the parsing code I think your case is not supported
> at the moment.
>
> Martin
>
>
> >
> > of course it works from jconsole.
> >
> > (By the way as an alternative I tried
> >
> > curl -u user:pass
> > http://localhost:8080/manager/text/save?path=/myContext but it fails
> with
> >
> > FAIL - Encountered exception [javax.management.MBeanException: Cannot
> > find operation store] )
> >
> > Arnaud
> >
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Fwd: Advice please for Tomcat 8.5.53-dev with log4j2

2020-03-18 Thread Luis Rodríguez Fernández
Grande Brian, congrats!

Sorry, I've just read your message, a bit late to the party: time ago I had
cooked a tomcat9 container + log4j2 with a sample spring-boot app deployed.
You can have a look here [1]

Cheers,

Luis

[1]
https://db-blog.web.cern.ch/blog/luis-rodriguez-fernandez/2019-03-keeping-your-logs-clean-apache-tomcat-9-log4j2-and-spring-boot

El mié., 18 mar. 2020 a las 8:44, Brian Burch ()
escribió:

> On 18/3/20 5:18 pm, Brian Burch wrote:
> > 
>
> Could resist tinkering a bit more, but I'll be in trouble because I'm
> late for dinner!!
>
> Success! I have just created the catalina.log file formatted according
> to my own log4j2.xml.
>
> Yes, it was my stupid mistake, but I'll write tomorrow about what it did
> to make it work.
>
> Thanks for listening and advising. It really helped a lot and I wouldn't
> have cracked it on my own.
>
> Brian
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: OpenId with apache and tomcat

2020-03-13 Thread Luis Rodríguez Fernández
Hello Stephane,

> moving authentication at tomcat level with an openid Realm

If I understand you correctly you want to make the authentication process
in tomcat instead of delegating in your apache proxy, don't you ? I would
have a look then at the tomcat keycloak adapter [1]. Me I am using the SAML
one in tomcat 8.5 & 9 and it works like a charm!

Hope it helps,

Luis

[1]
https://www.keycloak.org/docs/latest/securing_apps/index.html#_tomcat_adapter






El vie., 13 mar. 2020 a las 17:53, Stephane Passignat (<
passig...@hotmail.com>) escribió:

> Hi,
>
> Actually I have Apache2 operating as proxy and authenticate layer (HTTP
> Form and HTTP Basic), in front of several Tomcat instances and webapps.
> Apache pushes the userId to tomcat through AJP.
> On tomcat side, the webapp has a Basic login-module in web.xml.
>
> I'm quite satisfied of the result, authentication and authorization are
> out of the application scope. The deployment and maintenance of
> application is super easy. The sensitive maintenance of authentication
> is made by a dedicated team...
>
> I wish to improve that adding OpenId Authentication, keeping apache as
> authentication layer with an openid connector, but the one I saw
> doesn't seems to be used a lot and is not available as precompiled for
> my os...
> I'm looking also at moving authentication at tomcat level with an
> openid Realm. It's not ideal because of the large number of
> applications are servers do impact and network configuration to change,
> ...
>
>
>
> Does someone have experience in this architecture ? Do you have some
> recommendation for Apache Module or Tomcat Realm to use ?
>
>
> Thanks
> Stephane
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Question on HttpSession investigation

2020-02-10 Thread Luis Rodríguez Fernández
Hello M. Manna,

I do think HttpSession.getAttributeNames(), HttpSession.getAttribute(name)
should be good enough for debugging your issue. You can have a look at the
good and classic examples servlet [1] included in every tomcat distribution.

If you want to be sure what server is serving your request you can print as
well the server's IP or hostname
using Inet4Address.getLocalHost().getHostName(). Or even simpler you can
add a system property like -Dserver.name=serverA and print it.

Hope it helps,

Luis

[1]
https://github.com/apache/tomcat/blob/master/webapps/examples/WEB-INF/classes/SessionExample.java









El lun., 10 feb. 2020 a las 0:32, M. Manna () escribió:

> Hello,
>
> I apologise in advance if the answer is obvious for this question. We are
> trying to investigate (in an isolated cluster) whether our session
> attributes are getting lost somewhere in the process.
>
> The issue is that we are setting it at a JSP Tag Level, however, when we do
> an AJAX request back to the same server, the session doesn't have the
> attribute set by the tag. Since it's two different servers, we would like
> to check using JMX whether this is present somewhere in session. Debugging
> has not resulted into a successful outcome.
>
> We appreciate if this is not possible, but just wanted to check if tomcat
> currently emits anything related to this.
>
> Regards,
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Tomcat 9.0 - JDBC URL Help

2020-01-28 Thread Luis Rodríguez Fernández
Hello Crista,

I do think that you can have more chances of get an answer for this in the
Oracle Community [1]

Anyway this is how our tns entries [2] looks like for our Oracle Databases:

TNS_ENTRY_1_PROD=(
 DESCRIPTION=
  (ADDRESS=
(PROTOCOL=TCP) (HOST=my.host.name.1) (PORT=X) )
  (ADDRESS=
(PROTOCOL=TCP) (HOST=my.host.name.1) (PORT=X) )

(LOAD_BALANCE=off)
  (CONNECT_DATA=

(SERVER=DEDICATED)

(SERVICE_NAME=my.service.name)

(FAILOVER_MODE=

(TYPE=SELECT)

(METHOD=BASIC)

)
  )
)

Hope it helps,

Luis

[1]
https://community.oracle.com/community/groundbreakers/database/general_questions
[2]
https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/glossary.html#GUID-8836AF91-6176-4133-BD13-348AF90181CE






El lun., 27 ene. 2020 a las 18:15, Edwards, Crista E
() escribió:

> What is the proper syntax for the URL portion of my JDBC connection when
> using 2 databases? We are on Tomcat 9.0, connecting to an Oracle database.
> We have 2 database instances, one active & one inactive, but the JDBC
> connection must contain both & connect to the active instance. Below is an
> example of the URL we were using when on Websphere servers.
>
> jdbc:oracle:thin:@
> (DESCRIPTION=(ADDRESS_LIST=(source_route=off)(load_balance=off)(failover=on)(address=(protocol=tcp)(host=
> ldb123.prod.exint.net)(port=1500))(address=(protocol=tcp)(host=
> ldb234.prod.exint.net)(port=1500)))(connect_data=(service_name=
> abc0405p_rwsvc.prod.exint.net)))
>
> Thank you,
> Crista Edwards
>
>
>
> The contents of this email are the property of PNC. If it was not
> addressed to you, you have no legal right to read it. If you think you
> received it in error, please notify the sender. Do not forward or copy
> without permission of the sender. This message may be considered a
> commercial electronic message under Canadian law or this message may
> contain an advertisement of a product or service and thus may constitute a
> commercial electronic mail message under US law. You may unsubscribe at any
> time from receiving commercial electronic messages from PNC at
> http://pages.e.pnc.com/globalunsub/
> PNC, 249 Fifth Avenue, Pittsburgh, PA 15222; pnc.com
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Projects dependencies, warnings Runtime ClassNotFoundExceptions may result, quick fixes

2020-01-22 Thread Luis Rodríguez Fernández
Hello Léa,

mmm, this does not look like a tomcat issue. Perhaps you can find more help
to your issue in the eclipse mailing lists:
https://accounts.eclipse.org/mailing-list

Hope it helps,

Luis

El mié., 22 ene. 2020 a las 13:10, Lmhelp1 () escribió:

> Hello,
>
> I am using Tomcat v9.0 anddeploying war files to it.
> I use Eclipse to develop the Webapps.
>
> So, in Eclipse, I have two "Dynamic Web Projects" "dwp1" and "dwp2".
> I have another Java project "jp".
> Both classes of projects "dwp1" and "dwp2" need and use classes of
> project "jp".
>
> For both projects "dwp1" and "dwp2", in Eclipse "Java Build Path ->
> Projects", I added the project "jp" under the "Classpath" section (there
> is also a "Modulepath" section which is empty) to declare that both
> projects depend on the "jp" project.
>
> When I build "dwp1.war" and "dwp2.war", I can see, once deployed on
> Tomcat, under "WEB-INF/lib/" the jar file "jp.jar".
> ("jp.jar" once unjared, doesn't contain a "lib" directory with the jar
> file it depends on. Maybe it's normal, I don't know.)
>
> Now, in Eclipse, I have two types of warnings:
> WARNING_1 - Classpath entry /jp will not be exported or published.
> Runtime ClassNotFoundExceptions may result.
> WARNING_2 - Classpath entry /jp/lib/xxx.jar will not be exported or
> published. Runtime ClassNotFoundExceptions may result.
> where "xxx.jar" is a jar file in "jp/lib/".
>
> WARNING_1
> I saw, in Eclipse, that I could apply quick fixes, I selected this is one:
> "Mark the associated raw classpath entry as a publish/export dependency"
> It transforms "dwp1\.classpath"like this:
> Before:
> 
> After:
> 
>
>   value="/WEB-INF/lib"/>
>
> 
>
> WARNING_2
> I saw, in Eclipse, that I could apply quick fixes, I selected this is one:
> "Exclude the associated raw classpath entry from the set of potential
> publish/export dependencies"
> It transforms "jp\.classpath" like this:
> Before:
> 
> After:
> 
>
>  
>
> 
>
> The quick fixes make the warnings disappear but I don't understand what
> they do.
> Shall I ignore these warnings, shall I apply the quick fixes or shall I
> do something else?
>
> (I don't know for how long these warnings have been here but I used to
> ignore them and the Webapps worked correctly, they still do).
>
> Thank you.
> Best regards.
> --
> Léa
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: HTTP/2 configuration

2019-12-12 Thread Luis Rodríguez Fernández
Hi Mark,

I 've been using tomcat for many years and the cases were I had to modify
the http connector defaults were very rare. I would go for the simplest
solution.

Hope it helps and thank you so mch to you and the rest of the
committers!

Luis







El jue., 12 dic. 2019 a las 6:25, Arief Hasani ()
escribió:

>  Hi Mark,
> IMHO, being able to override form HTTP1.1 conf is all good as user could
> easily assume that if not specified in the upgrade than use http1.1 configs
> Cheers
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>



-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: JMX 101 Question

2019-12-05 Thread Luis Rodríguez Fernández
Hello Jerry,

To be tested, but perhaps connectionProperties can help you on this? [1]

Hope it helps,

Luis

[1] https://tomcat.apache.org/tomcat-9.0-doc/jdbc-pool.html

El jue., 5 dic. 2019 a las 19:42, Jerry Malcolm ()
escribió:

> I'm trying to add some code to monitor my jdbc data connection pool.
> Each time a connection is requested, I have some jmx code that logs
> values from the datasource mbean.  I haven't done much jmx coding.  So
> consider me a rookie on this topic.  I found some code on the web that
> does pretty much what I need. The relevant part of the code:
>
>MBeanServer server = ManagementFactory.getPlatformMBeanServer();
>Set objectNames = server.queryNames(null, null);
>for (ObjectName name : objectNames) {
>MBeanInfo info = server.getMBeanInfo(name);
>if (info.getClassName().equals(
> "org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool"))  {
>for (MBeanAttributeInfo mf : info.getAttributes()) {
>
> This code works.  The problem is that I have a bunch of virtual hosts
> running on the same instance of TC.  So I get a bunch of matching
> mbeans, apparently one for each virtual host / resource defined.
>
> Is there any way to identify which mbean is for the datasource I
> currently care about?  I was hoping there would be an attribute with the
> datasource name or the database name or even just some way to add a
> unique identifier when I create it.  But I don't see anything.  I've
> resorted to having maxTotal set to incrementally different values in all
> of my resource statements just so I can identify the datasource I'm
> looking at in the logs.  But that's a hack.
>
> Is there a better way to uniquely identify datasource mbeans in jmx?
>
> Thx
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Adding the manager app to an existing installation

2019-10-20 Thread Luis Rodríguez Fernández
Hello Tom,

Hard to say what´s happening without some realm logging. You can have a
look here [1].

Hope it helps,

Luis

[1]
https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat




El vie., 18 oct. 2019 a las 18:54, Tom Povey ()
escribió:

> Thanks Olaf,
>
> Typo in my email. They’re on 8.5.36. I will upgrade them to the latest 8.5.
>
> Tom
>
> > On 18 Oct 2019, at 16:45, Olaf Kock  wrote:
> >
> >
> > On 18.10.19 17:21, Tom Povey wrote:
> >> Hi,
> >>
> >> I’ve been asked to help with an existing Tomcat install which is
> supporting a live website. When it was installed, it did not have the
> manager app added. We want to use the manager app now.
> >>
> >> I have copied the manager folder from another Tomcat install (same
> version which is 5.5.36) and updated tomcat-users in the /conf directory
> but I can’t login to the manager gui. I give the username and password for
> the manager-gui role but it just comes back and redisplays the login prompt.
> >
> > tomcat-users.xml, as far as I remember, requires restart of the server
> > to be taken into account. You didn't mention that you did this. Plus,
> > you only said "updated": By default there's no account in there, I'm
> > assuming that you "updated" correctly. You might want to post it here
> > (bar the actual password).
> >
> > Plus, your version is 1 day shy of being 7 years old, with the
> > end-of-life being even a few more days longer in the past (30 Sep 2012)
> > http://tomcat.apache.org/tomcat-55-eol.html
> >
> > It's about time to move on...
> >
> > Olaf
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Session Size Calculation Question

2019-10-20 Thread Luis Rodríguez Fernández
Hello M.Manna,

Yes, probably SESSIONS.ser can give you an idea. Maybe if you want to get
more accurate results perhaps you can

1. Do it yourself via JMX [1]
2. Give a try to psi-probe [2], it seems that it has everything that you
need

Hope it helps,

Luis

[1]
https://stackoverflow.com/questions/19827650/java-monitor-active-web-sessions
[2]
https://cwiki.apache.org/confluence/display/tomcat/AddOns#AddOns-WebApplications






El sáb., 19 oct. 2019 a las 2:51, M. Manna () escribió:

> Hello,
>
> We are trying to do some calculation for our user session size (or near
> estimate of it).
>
> What we understand is that upon a "Graceful" shutdown, Catalina Host will
> write out the serializable values of all session into a SESSIONS.ser file
> in the main servlet's work directory. If this is correct, then the size of
> the the SESSIONS.ser file (assuming 1 user has logged in) would probably
> (and approximately) equal to a user's session size?
>
> We do understand that not all the info in the serializable session may not
> be required. However, given that StandardManager does the privileged load
> based on reading the entire SESSIONS.ser file, we thought it would be a
> more appropriate way of calculating the session size.
>
> Any guidance or help is appreciated, and apologies for making any incorrect
> assumption.
>
> Thanks,
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Upgrade from Tomcat 7 to Tomcat 9.0.17

2019-04-17 Thread Luis Rodríguez Fernández
Hello Akram,

If you can not put the jars inside each webapp perhaps you could define a
shared.loader in your catalina.properties [1]. It works for us.

Hope it helps,

Luis

[1]
https://tomcat.apache.org/tomcat-9.0-doc/class-loader-howto.html#Advanced_configuration







El mar., 16 abr. 2019 a las 23:21, Christopher Schultz (<
ch...@christopherschultz.net>) escribió:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Akram,
>
> On 4/16/19 16:21, Akram Hussain wrote:
> > Hi Christopher,
> >
> > I have almost 27-30 apps in my tomcat.
> >
> > Do I need to declare in every applications's META-INF\context.xml.
>
> Yes. If every application needs those libraries, then you'll need to
> configure them. Just like you had to configure your custom class
> loader for each application in the past.
>
> Why not simply put the JAR files into the applications as usual? Then
> each web application is self-contained and you don't have to go
> through all these back-flips.
>
> > And also I have a listener class which is in tomcat\lib folder,
> > which also access these shared classes using CustomSharedLibrary.
>
> Then you can put all the libraries into Tomcat's lib/ directory and
> you don't have to do any of this.
>
> > How can I access those shared libraries in listener which is in
> > tomcat\lib folder?
>
> What does your Listener do? You might not even need it...
>
> - -chris
>
> > On Wed, Apr 17, 2019 at 1:02 AM Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> > Akram,
> >
> > On 4/16/19 12:41, Akram Hussain wrote:
>  I have gone through it, But it was not clear to me.
> 
>  If an example is provided, how to pass resources to
>  SharedClassLoader, it could be helpful.
> >
> > If you configure something like this in your META-INF/context.xml:
> >
> >   > base="/path/to/your/shared/libraries"
> > className="org.apache.catalina.webresources.DirResourceSet" />
> > 
> >
> > That should allow your application to load JAR files from your
> > /path/to/your/shared/libraries directory.
> >
> > You should completely remove your custom class loader. Completely.
> >
> > -chris
> >
>  On Tue, Apr 16, 2019 at 7:57 PM Christopher Schultz <
>  ch...@christopherschultz.net> wrote:
> 
>  Akram,
> 
>  On 4/16/19 06:29, Akram Hussain wrote:
> >>> I have Custom SharedClassLoader in Tomcat 7 to load
> >>> shared library jars, which is used by different
> >>> applications in that tomcat. We migrated to Tomcat 9,
> >>> now it is not working. How to achieve the same
> >>> functionality in tomcat 9.
> 
>  Have a look at the  which should be able to do
>  what you need without any custom code:
> 
>  http://tomcat.apache.org/tomcat-9.0-doc/config/resources.html
> 
> >>>
> 
> In Tomcat 9 it expects resources to be passed. I don't find
> >>> any sample Code on how to populate resources.
> >>>
> >>> I tried like below
> >>>
> >>> public CustomSharedClassLoader(ClassLoader parent)
> >>> throws Exception { super(parent); //The below three
> >>> lines are added by me to work for Tomcat 9.
> >>> StandardRoot standardRoot = new StandardRoot();
> >>> standardRoot.addPreResources(new DirResourceSet());
> >>> setResources(standardRoot);// End for tomcat 9
> >>> changes.
> >>>
> >>> for (URL urlForJars : getClassPath(SHARED_LIB)) {
> >>> addURL(urlForJars); } start(); }
> >>>
> >>> It didn't work.
> >>>
> >>> public class CustomSharedClassLoader extends
> >>> WebappClassLoader{//Which takes shared folder libarary,
> >>> it returns those classes.}
> 
>  You should be able to ditch your custom ClassLoader
>  entirely.
> 
>  -chris
> >
> > --
> - ---
> >
> >
> >
> >
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail:
> > users-h...@tomcat.apache.org
> >
> >
> 
> >>
> >> -
> >>
> >>
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly2RzgACgkQHPApP6U8
> pFilIA/+NvG9+sG1tPbWyAXvy9bwGnRATgTZqxGGWvGZ2XL2Knkt+lPaoh7Vtum9
> jYm4ZUIWNrkg4APxCwHXnfNlkLEF36igANlytDlBBUoVKBqEgngWUqR2w19yeRma
> 8GS7YbDS6bUJ/KQTBEkeTeyf7EdLHVfJwrnKZ6qxV2QmC+IBwCr7I2vlWwx59qac
> CqCL97FzRjtwDa6sHsC5PYsdu0fy8z4NzI4Ro4bcKNjDnvsQ0LSaKR0WM6OlaHAW
> wFayoV/oUK8uRbDrS3q4pOtAnLxwF+CVrk0x7clpyPnqlSO0TIebZ+ejOEe4lsHK
> gC33pK+vpKtl3d68WNf4aZfjXdrqsnF0IvnPPayAThVysHHOfJqGyYL2wdtmFru9
> vOKKIPqM4TT6V0BWZiX4lrE/kbF8c4KhpdtdIkFyf8KqWtezYBZIjIlEEaoiqlSO
> KWdnrxRQ3Y2gJMUBAUDK0CiEl8Rw/L030CUmeLabNvN8MORpva2GOIGUk2wUVRwB
> 

Re: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server

2019-04-16 Thread Luis Rodríguez Fernández
ase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_JECEWR
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_ORD]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_ORD
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTERNATIONAL]
> > 15-Apr-2019 17:08:17.768 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTERNATIONAL
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_LAX]
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_LAX
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasRole Username [topsadmin] does NOT
> have role [TOPS_INTL_FIELD_USER_MIA]
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_MIA
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.authenticator.AuthenticatorBase.invoke  Failed
> accessControl() test
> >
> >
> >
> > The error messages on the screen looks like below:
> >
> > HTTP Status 403 – Forbidden
> >
> > Type Status Report
> >
> > Message Access to the requested resource has been denied
> >
> > Description The server understood the request but refuses to authorize
> it.
> >
> > USPS_restricted
> >
> >
> >
> >
> >
> >
> > Any idea what is that about?   Again the Ream definition is:
> >
> >  >   connectionURL="ldaps://eagandcs-dev-sha2.usps.gov:636"
> >   connectionName="wasd...@devsub.dev.dce.usps.gov"
> >   connectionPassword=""
> >   authentication="simple"
> >   referrals="ignore"
> >   userSearch="(sAMAccountName={0})"
> >   userBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> >   userSubtree="true"
> >   roleSearch="(member={0})"
> >   roleName="cn"
> >   roleSubtree="true"
> >   roleBase="DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
> >   adCompat="true"
> > />
> >
> >
> >
> > Thanks
> > Gary
> >
> >
>
> Peter
>
> PS: you should redact sensitive data from your mails. At least change
> passwords now... google is NOT your friend in this case...
>
> > -Original Message-
> > From: Luis Rodríguez Fernández [mailto:uo67...@gmail.com]
> > Sent: Monday, April 15, 2019 3:47 AM
> > To: Tomcat Users List 
> > Subject: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server
> >
> > Hello Gary,
> >
> > I would recommend you to add some debug to your JNDIReam [1]. For
> debugging your ldap search filters ldapsearch can be your friend [2] :)
> >
> > Hope it helps,
> >
> > Luis
> >
> > [1]
> >
> https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat
> > [2]
> >
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html
> >
> >
> >
> >
> >
> >
> >
> > El vie., 12 abr. 2019 a las 0:23, Hua, Gary - Saint Louis, MO -
> Contractor
> > () escribió:
> >
> >> All:
> >>
> >>
> >>
> >> Sorry on my previous email I have some graphic contents that can not
> >> be displayed.   Now I change it to texts so you can see them
> >>
> >>
> >>
> >> *From:* Hua, Gary - Saint Louis, MO - Contractor [
> >> mailto:gang@usps.gov.INVALID ]
> >> *Sent:* Thursday, April 11, 2019 4:29 PM
> >> *To:* users@tomcat.apache.org
> >> *Subject:* [EXTERNAL] Tomcat(9.0.13) Error in DEV Server
> >>
> >>
> >>
> >> Tomcat Experts:
> >>
> >>
> >>
> >>The Tomcat server works fine in my local computer with
> >> application “TOPS“ in Eclipse.  I deployed the TOPS application to our
&

Re: Tomcat(9.0.13) Error in DEV Server

2019-04-15 Thread Luis Rodríguez Fernández
Hello Gary,

I would recommend you to add some debug to your JNDIReam [1]. For debugging
your ldap search filters ldapsearch can be your friend [2] :)

Hope it helps,

Luis

[1]
https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat
[2]
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Examples-of-common-ldapsearches.html







El vie., 12 abr. 2019 a las 0:23, Hua, Gary - Saint Louis, MO - Contractor
() escribió:

> All:
>
>
>
>  Sorry on my previous email I have some graphic contents that can not
> be displayed.   Now I change it to texts so you can see them
>
>
>
> *From:* Hua, Gary - Saint Louis, MO - Contractor [
> mailto:gang@usps.gov.INVALID ]
> *Sent:* Thursday, April 11, 2019 4:29 PM
> *To:* users@tomcat.apache.org
> *Subject:* [EXTERNAL] Tomcat(9.0.13) Error in DEV Server
>
>
>
> Tomcat Experts:
>
>
>
> The Tomcat server works fine in my local computer with
>  application “TOPS“ in Eclipse.  I deployed the TOPS application to our DEV
> web server eagnmnmed1f45 under webapps.
>
>
>
> After I started the Tomcat  server (9.0.13) in DEV server
> and entered the TOPS home page URL
> http://eagnmnmed1f45:9080/TOPS-WEB/Welcome.do (It is
> http://localhost:8080/TOPS-WEB/Welcome.do  in my local computer)   in the
> browser,   it was re-directed to
> https://eagnmnmed1f45:9443/TOPS-WEB/Welcome.do.and following error:
>
>
>
>
>
> *The website cannot display the page*
>
>   HTTP 500
>
>
>
> *Most likely causes:*
>
>- The website is under maintenance.
>- The website has a programming error.
>
>
>
> *What you can try:*
>
>
>
> [image: res://\\ieframe.dll/bullet.png]
>
> Refresh the page.Refresh the page.
>
>
>
> [image: res://\\ieframe.dll/bullet.png]
>
> Go back to the previous page.Go back to the previous page.
>
>
>
> [image: More information]
>
> More information
>
>
>
>
>
> atadmin@eagnmnmed1f45:/opt/TomCat/apache-tomcat-9.0.13/logs>tail -f
> catalina.out
>
> 5307 [main] WARN org.hibernate.cache.EhCacheProvider - Could not find
> configuration [LegDistanceImpl]; using defaults.
>
> 5764 [main] INFO org.hibernate.impl.SessionFactoryObjectFactory - Not
> binding factory to JNDI, no JNDI name configured
>
> 0 [main] INFO filter.ResponseOverrideFilter  - Filter initialized.
> Response buffering is enabled
>
> 1648 [main] INFO tiles.TilesPlugin  - Tiles definition factory loaded for
> module ''.
>
> 1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules
> file from '/WEB-INF/validator-rules.xml'
>
> 1652 [main] INFO validator.ValidatorPlugIn  - Loading validation rules
> file from '/WEB-INF/validation.xml'
>
> 1738 [main] INFO tiles.TilesPlugin  - Factory already exists for module
> ''. The factory found is from module ''. No new creation.
>
> 05-Apr-2019 11:18:01.913 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> ["http-nio-9080"]
>
> 05-Apr-2019 11:18:01.928 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> ["https-jsse-nio-9443"]
>
> 05-Apr-2019 11:18:01.932 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in 12256 ms
>
> 53654 [https-jsse-nio-9443-exec-5] INFO tiles.TilesRequestProcessor  -
> Tiles definition factory found for request processor ''.
>
> Error connecting to LDAP server.
>
> java.lang.NullPointerException
>
> at
> com.usps.nom.tops.web.struts.action.WelcomeAction.getInfo(WelcomeAction.java:120)
>
> at
> com.usps.nom.tops.web.struts.action.WelcomeAction.welcome(WelcomeAction.java:61)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.dispatchMethod(AbstractDispatchAction.java:136)
>
> at
> com.usps.ibm.core.servlet.struts.AbstractDispatchAction.execute(AbstractDispatchAction.java:84)
>
> at
> com.usps.nom.tops.web.struts.action.AbstractTOPSDispatchAction.execute(AbstractTOPSDispatchAction.java:258)
>
> at
> org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
>
> at
> org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
>
> at
> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
>
> at
> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> 

Re: Session Persistence Problems

2019-04-12 Thread Luis Rodríguez Fernández
Hello Jerry,

Sure, you can always set the path of your cookies to "/" via the
cookie-config element [1] in your web.xml descriptor:



/



Or via your context.xml [2]

Hope it helps,

Luis

[1]
https://javaee.github.io/servlet-spec/downloads/servlet-4.0/servlet-4_0_FINAL.pdf
[2] https://tomcat.apache.org/tomcat-9.0-doc/config/context.html






El vie., 12 abr. 2019 a las 0:14, Jerry Malcolm ()
escribió:

> On 4/11/2019 4:22 PM, Christopher Schultz wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > Jerry,
> >
> > On 4/11/19 15:29, Jerry Malcolm wrote:
> >> Alternatively, if I had a better understanding of how sessions are
> >> managed by both TC and the browser, it might help me figure out
> >> what is going wrong.  I know a session key is generated by TC and
> >> sent back in a response.  And I'm assuming that the browser must
> >> return that session key on subsequent calls.  But if there are
> >> several webapps on domain, how does the browser differentiate which
> >> session key to send back on a subsequent response?  Is it just
> >> understood that the first 'folder' level under the domain (i.e.
> >> context name) is always a different session key?
> >> (myDomain.com/order vs. myDomain/account)?   Or does the browser
> >> send all session keys back per domain and let TC figure out which
> >> one, if any, to use?   Again, just looking for a little education
> >> here
> > Do you know if HTTP cookies or URL-parameters are being used for
> > session-management? If you aren't sure, try logging-in to your
> > application and look at the URLs and cookies.
> >
> > Typically, a web application will use cookies with the name
> > JSESSIONID. If the session identifier is tracked in the URL, then
> > you'll see ";jsessionid=[id]" in your URLs after the path but before
> > the query string.
> >
> > It's very easy to "lose" a URL-tracked session id because every single
> > URL generated by your application must include that parameter. A sinle
> > miss can cause the session to be lost by the client. If you are using
> > SSO (always with a cookie), it can mask the dropping of the session in
> > this way.
> >
> > It's harder to "lose" a session cookie since the browser typically
> > manages that. Cookies are tracked per web-application using each
> > application's path. The browser should only return a single cookie for
> > a given path. If you have applications that share a URL space (e.g.
> > /master and /master/sub and /master/sub2) then things can get very
> > confusing for the browser and the server. It's best not to overlap
> > URL-spaces in this way.
> >
> > Are you using clustering or anything else like that which might also
> > cause session-ids to change?
> >
> > - -chris
>
> Thank you so much for the info... I think we're getting somewhere I
> am definitely using cookies and not url parms for the session id. (no
> clustering).  I went into the firefox debugger and located the cookie
> storage for the site.  I found a cookie for each webapp context that I
> am using.  That makes sense.   I think I know what is happening.
> Correct my assumptions here:
>
> I have a webapp with context /order.  There is a JSESSIONID cookie for
> /order as expected. I assume that every time I send a URL from the
> browser with the /order context, the browser will correctly send the
> /order session cookie.  So far, so good...
>
> But I have a rewrite rule "/storefront" that maps to one of the
> /order urls.  I assume the browser knows nothing about rewrites, so the
> browser is going to assume that "/storefront" is simply a different
> webapp context that it doesn't have a session id cookie for, and
> therefore doesn't send anything.  Therefore, when the rewritten url
> becomes another /order url, TC gets an /order request but with no
> session id, and therefore creates a new session and sends it back for
> the browser to store (replace) as the /order session id.
>
> So assuming I have analyzed this correctly, that can explain precisely
> what I'm seeing.   Understanding the problem is a big step... But now I
> have to figure out how to get around it and make it do what I want.  At
> this point, I see three options:
>
> 1) remove all rewrites from httpd.  That is going to be massive, very
> difficult, and non-trivial.  And I'll also have to come up with way to
> handle multi-client variations, etc. that I have been mapping by simply
> using different rewrites on each site.  This one is not even close to my
> first choice
>
> 2) Could I perhaps send my own additional JSESSIONID cookies with the
> current "/order" session id for the rewrite 'fake contexts' such as
> "/storefront" so that the browser will basically send a copy of the
> /order session id with the /storefront url?
>
> 3) I really don't care to have separate sessions for each webapp context
> anyway.  In fact, I'd prefer it if there was one session / sessionId for
> the enter application (all 

Re: Session Persistence Problems

2019-04-11 Thread Luis Rodríguez Fernández
Hello Jerry,

> I'm using single sign-on

Do you mean tomcat Single Sign On valve? [1], a third party solution or
your custom implementation? That can change the game completely :)

> some RewriteRules in httpd

Can you share them? That could change the game also :)

Cheers,

Luis

[1]
https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Single_Sign_On_Valve







El jue., 11 abr. 2019 a las 5:57, Jerry Malcolm ()
escribió:

> I have a TC host that is running about 10 separate webapps that interact
> with each other.  I understand that sessions are per-webapp.  But within
> one webapp, with the same browser just making different calls to the
> same webapp is starting new sessions about 30% of the time.  I've put a
> debug statement at the beginning of all of my JSPs that logs
> session.isNew().  It'll start a new session, then use it for 10 or so
> subsequent calls. But then it'll decide to drop that session and start a
> new one that it'll subsequently use for a while. The setup is nothing
> fancy.  It's just calling several different JSPs within the same webapp
> (context).  I am keeping data in the session that really needs to
> persist for the duration of the 'real' session between the user and the
> site.  So this is a serious problem.   (This is happening both with
> Firefox and Chrome).  I'm using TC 9.0.1 on Windows.
>
> I definitely could have some misunderstandings here.  But my first
> understanding is that once a browser makes a call to a webapp, a session
> is created, and that session remains around until invalidated on a
> logout or a timeout occurred, and that webapp uses that session for the
> remainder of the activity between that browser and that webapp.  If
> that's not the case, then please set me straight. If that assumption is
> correct, what could possibly be causing the sessions to keep dropping
> and new ones created?
>
> Interestingly, logon state is not being dropped with the new sessions.
> I'm using single sign-on.  So that may be ensuring the logon doesn't drop.
>
> The only thing I can come up with is that I'm using some RewriteRules in
> httpd to map the complex url paths to single words like "/product". (SEO
> advisor told me to do that...) I'm trying to see in the logs if there is
> a correlation between rewrites and the new sessions.  But I can't really
> tell if that's what's causing it.
>
> Am I missing or do I have some sort of errant configuration setting that
> is causing the sessions to keep reinitiating?  Is there something else
> I'm missing?  I really need to have sessions that last as long as the
> user is on the site.
>
> Suggestions?  Help??
>
> Thx.
>
> Jerry
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Resource Request - MySQL Data Pool

2019-03-26 Thread Luis Rodríguez Fernández
Hello Richard,

In my experience the best is to "start simple". I would have a look at the
apache tomcat doc [1], configure your pool with a minimal setup and test.
Everything depends on your application workload, how your queries looks
like, etc,  so I am afraid that there are no "silver bullets" in this
domain.

Hope it helps,

Luis


[1]
https://tomcat.apache.org/tomcat-8.5-doc/jndi-datasource-examples-howto.html






El lun., 25 mar. 2019 a las 19:15, Richard Huntrods ()
escribió:

>  It's time to update my application to use "real" (i.e. current
> best practices) data connection pooling.
>
> My application is Java Servlets, no beans, no JSP. Database is MySQL.
>
> System etc. details:
> Ubuntu live server 18.04.2, built March 6, 2019.
>
> MySQL - latest installed via 'apt-get install mysql-server' after system
> build.
>
> OpenJVM - 11? - again, latest version installed via 'apt-get install
> default-jdk' at same time.
>
> Tomcat 8.5.39 - just updated the same day it came out.
>
> This system has been running in production since the early 2001's. OS
> has changed over the years from Sun Solaris 8.x to Solaris 10.x and now
> to Ubuntu 18.04 (server). Java has been updated over the years as well,
> as has Tomcat and MySQL. Through all that the system works quite perfectly.
>
> Except... there are occasional hangs that implicate the 'home grown'
> data connection pool.  I wrote this by hand (in Java) back in 2001
> because there was nothing much available back then. Since it kept
> working, I didn't have the time/inclination to change over the years.
>
> But the latest connector (mysql-connector-java-8.0.15.jar, a.k.a.
> "com.mysql.cj.jdbc.Driver" is giving me some hiccups. I thought rather
> than trying to debug my own connection pool, it was time to switch over
> to a proper "modern" supported connection pooling system.
>
> Which brings me to my question.
>
> Would the community please weigh in on the BEST tutorials / documents
> regarding creating a Tomcat/MySQL database connection pool for Servlets
> (not JSP or beans) with some good code examples and server.xml examples?
>
> I've already done some extensive internet searches, but when you are
> doing something for the first time it's hard to tell the difference
> between "really really good" and "blogger who has not really tried it".
>
> Thanks very much in advance.
>
> -Richard
>
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Access to server denied

2019-03-25 Thread Luis Rodríguez Fernández
Hello Peter,

I am bit confused: you get the forbidden error after a successful login in
the third party product? Is that third party product installed in a
different machine? Which product? Is any kind of SSO solution (keycloak,
Microsoft ASDF, OpenAM...)? May I ask you to describe a bit your scenario,
please?

Best regards,

Luis







El lun., 25 mar. 2019 a las 10:18, Peter Henriques (<
peter.henriq...@macro4.com>) escribió:

> Hello,
>
>
>
> I have successfully installed Tomcat 8.5.39 on z/OS 2.3 under USS. I use
> the native IBM Java utility.  However I have to connect to a third party
> product which presents a web front end with a username/password panel.
>
> This is the error I get when I connect zos23.intranet.XX.com:
> portnumber/app/#login:
>
>
>
> *HTTP Status 403 – Forbidden*
> --
>
> *Type* Status Report
>
> *Message* /App/
>
> *Description* The server understood the request but refuses to authorize
> it.
> --
>
> *Apache Tomcat/8.5.39*
>
>
>
> Is this purely a permissions issue with RACF or is there an error with my
> config with permissible usernames.
>
>
>
> Regards
>
>
>
> *Peter M Henriques*
>
> *Support Engineer – Mainframe Support Group*
>
> *D:* +44-1293-872072 | *T:* +44-1293-872000 | www.macro4.com
>
>
>
>    
>  
> 
>
>
>
> Registered office: The Orangery, Turners Hill Road, Worth, Crawley, West
> Sussex, RH10 4SS
>
> Registered in England no: 00927588
>
>
>
> Please consider the environment and only print this email if you really
> need to.
>
>
>
> This e-mail message has been scanned and cleared by Google Message
> Security and the UNICOM Global security systems. This message is for the
> named person's use only. If you receive this message in error, please
> delete it and notify the sender.
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Datasource Connection Pool

2019-03-18 Thread Luis Rodríguez Fernández
Hello Rajendra,

For instance if you are using MYSQL a validationQuery="l" in your
datasource configuration [1] plus the magic autoreconnect parameter in the
URL can do the trick for you. However this can have side effects (see the
mysql autoreconnect description).

In my experience the cheapest option use to be to restart your application.

Hope it helps,

Luis

[1] https://commons.apache.org/proper/commons-dbcp/configuration.html
[2]
https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-reference-configuration-properties.html



El lun., 18 mar. 2019 a las 17:24, Rajendra ()
escribió:

> Hi,
>
> Tomcat(8.5.32) is not establishing connections to database after database
> is restarted. Currently, I am restarting Tomcat instance if DB is
> restarted. Please let me know any parameters need to be added to datasource
> resource element in Tomcat in order to establish database connections
> automatically after database back into online.
>
> Thanks !
>
> Rajendra
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: 4 Apache Events in 2019: DC Roadshow soon [etc]

2019-03-13 Thread Luis Rodríguez Fernández
Thanks for sharing Chris.

BTW: I've checked the one in Berlin [1]. Do you have an idea when the call
for abstracts will be open?

Thanks in advance,

Luis

[1] https://apachecon.com/aceu19/index.html

El mié., 13 mar. 2019 a las 2:31, Christopher Schultz (<
ch...@christopherschultz.net>) escribió:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> On 3/6/19 09:00, Rich Bowen wrote:
> > * Apache Roadshow DC is in [2] weeks. Register now at
> > https://apachecon.com/usroadshowdc19/
> I'll be speaking at this event, and I'd love to meet some local
> Tomcat-ers. It's $25 to attend; schedule available at
> https://apachecon.com/usroadshowdc19/schedule.html
>
> > Monday, March 25th @ George Mason University, Fairfax
>
> Hope to see some folks there,
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlyIXVoACgkQHPApP6U8
> pFhfQw/9ElIJf2BzpcHIo/fWmSwdoiQMJjRPtJ42KVob3uBbrOQ1qGXiL/Ezdjwz
> 7N6koDcMX0epu7BwxD1o57ASGrvaTpUTVpmDTgQk+UZVo4qumfUxKTTMjHBuj7Cx
> fbLl41V0BEaipu1BAC0cu+g6E2B3dkCB2xXk330voQdE98RYGDWPV0EZlwCBM5lu
> WDiv+gwba7mJwVJh+bTT/fZ5gRBRK4MV+8O5cMQIiDoBPF0pxkj7Y9+ogk8cu9SG
> 5hV1VMvWBY3fG8cvWGmSlpsfz7d2zgH3ij7y6UH1pim7OrTl6c/oUIQ+J/z5GhMV
> 6yz3Rhg4IEaMHNpcFQnKI4DKQ2uKc64G1k1XJixwgnKWyQgYSPlIbqcxkMh0GGrf
> kDkdzhO0vNHau4jE3dNH2tTQpsJ+obV9MHFQ8HwUpJE49qg+AAI7KLZW9BhYDX4k
> QOxDTOPK9LYPcHWDc55cW6Cf8ILlMWFZW2hMITTsYgc/Y+NpB5fk9vqGOcn2RFlG
> sXs4Hid9kMcZY0pFfn7P+PwcL4UUGz3fV4quW9VonlwKJswxP5jvVIYLadMQrabQ
> Lnw3IniXTEh4bXy3wtUVt0Xd4l+LmoT9r04r0YA8PF7zT8Kk1BuW93imQz+DZsb1
> EnuahJrfDpfoyAjh7p54TZJQQvdqUc3L//kA+oo4X0GGDTpS4mE=
> =PJsc
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Tomcat connection error

2019-02-18 Thread Luis Rodríguez Fernández
Hello Faisal,

It looks like your problem is more related with your hikari connection pool
than with tomcat itself. I would recommend you to double check your hikari
configuration properties. Pay specially attention on how you are
configuring your connection pool (minimum and maximum size, timeout,
etc...) It looks like there is "something" in your application that
prevents to get connections from your pool.

Hope it helps,

Luis






El lun., 18 feb. 2019 a las 6:33,  escribió:

> Dear all,
>
>
>
> I am working on a project and I am facing following issue on almost every
> second day. I need to restart tomcat to get it running again.
>
> Can someone guide me on it. Ask if you need some other insight to look into
> it.
>
>
>
> 2019-02-18 04:49:35.572  WARN 20698 --- [io-4200-exec-15]
> o.h.engine.jdbc.spi.SqlExceptionHelper   : SQL Error: 0, SQLState: null
>
> 2019-02-18 04:49:35.572 ERROR 20698 --- [io-4200-exec-15]
> o.h.engine.jdbc.spi.SqlExceptionHelper   : HikariPool-1 - Connection is not
> available, request timed out after 3ms.
>
> 2019-02-18 04:49:35.573  WARN 20698 --- [io-4200-exec-15]
> o.s.s.o.provider.endpoint.TokenEndpoint  : Handling error:
> InternalAuthenticationServiceException, Unable to acquire JDBC Connection;
> nested exception is org.hibernate.exception.JDBCConnectionException: Unable
> to acquire JDBC Connection
>
>
>
> Server is Ubuntu (aws)
>
> Database is mySql
>
> java version "1.8.0_181"
>
> Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
>
> Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)
>
>
>
> Best Regards | Bien Cordialement | تحياتي
>
> Faisal Zaidi
> Application Architect
>
>
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Create a JNDI Datasource through JMX

2019-02-04 Thread Luis Rodríguez Fernández
Hello Arnaud,

mmm, nothing stops you from create your custom mbean interface that wraps
your datasource.

>From Tomcat 8.5 doc "The connection pool object exposes an MBean that can
be registered" [1] Perhaps you could start having a look here. Nevertheless
may I ask you what is your use case for this?

Hope it helps,

Luis


[1] https://tomcat.apache.org/tomcat-8.5-doc/jdbc-pool.html#JMX






El lun., 4 feb. 2019 a las 11:30, Arnaud Yahoo ()
escribió:

> Hello,
>
> I would like to know if it is possible to create/configure a Datasource
> Ressource in tomcat using JMX.
>
> I tried with a tomcat 8.5 and jconsole, I managed to create some
> resource with type javax.sql.Datasource, but I did not find a way to
> configure the datasource (jdbc driver, url, max active, ...)
>
> It seems hard to find informations about that.
>
> Thanks,
>
> Arnaud
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Spring+Tomcat

2018-12-13 Thread Luis Rodríguez Fernández
Hello Adlet,

Regarding the deployment of spring in tomcat: I would recommend  you to
keep the application libraries (spring and others) in your WEB-INF/lib. You
can have a look at this fantastic tutorial [1].

About websockets: keep in mind that tomcat has out-of-the-box websocket
support. Nevertheless should not be a problem if you choose to use another
implementation that integrates better in your app. Me in the past I did
deploy some websockets [2] applications in tomcat and they worked.

Hope it helps,

Luis

[1] https://www.baeldung.com/spring-boot-war-tomcat-deploy
[2] https://github.com/Atmosphere/atmosphere



El jue., 13 dic. 2018 a las 5:51, Adlet Azhibek ()
escribió:

> *Hi all!*
> how should download a new version of tomcat with *necessary (.jar) files in
> a "lib" directory? I need, for example, "**spring-websocket-5. 1.3. RELEASE
> .jar" in "lib". What should I do? I've downloaded necessary jar files from
> *
> https://mvnrepository.com, *but it doesn't work**.*
>
>
>
> *best regards, Adlet Azhibek*
>
> *a.azhi...@cloudmaker.kz *
>
> *adl.c...@gmail.com *
> *+77474821894*
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Tomcat behind Apache web server ProxyPass settings for WebSocket

2018-12-06 Thread Luis Rodríguez Fernández
Hello Richard,

Yes, Christopher is right, with such configuration all the requests will be
upgraded to ws. Digging down in my old apache conf I found something like
this:

ProxyPass /WinCCOAWebUI/ui
ws://db-00032:13122/WinCCOAWebUI/ui
ProxyPassReverse /WinCCOAWebUI/ui
ws://db-00032:13122/WinCCOAWebUI/ui

ProxyPass /WinCCOAWebUI/*  http
://db-00032:13122/WinCCOAWebUI/
ProxyPassReverse /WinCCOAWebUI/*  http
://db-00032:13122/WinCCOAWebUI/

Well in the original configuration I was using mod_proxy for the ws request
and mod_jk for all the rest plus shibboleth for the authentication part,
but I prefer to avoid you the pain :)

Hope it helps,

Luis






El mié., 5 dic. 2018 a las 16:46, Christopher Schultz (<
ch...@christopherschultz.net>) escribió:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Richard,
>
> On 12/4/18 15:00, rich...@xentu.com wrote:
> > I'm trying to see the WebSocket examples that ship with Tomcat 9 in
> > action.
> >
> > If I point my browser directly at tomcat on 8080, they work.
> >
> > However, Tomcat is behind an Apache2 webserver and I can't seem to
> > get the ProxyPass settings right. Other Tomcat applications work if
> > I access them via Apache, but WebSocket applications don't. The
> > snake demo for example, gives a 'Info: WebSocket closed' message.
> >
> > Apache is on the same server as Tomcat and has the proxy_wstunnel
> > mod loaded.
> >
> > The relevant (I think) part of my  VirtualHost in the Apache2 conf
> > file is like this:
> >
> > ProxyPass/http://127.0.0.1:8080/  #works ok
> > ProxyPassReverse /http://127.0.0.1:8080/  #works ok
> > ProxyPass/ws://127.0.0.1:8080/ ProxyPassReverse /
> > ws://127.0.0.1:8080/
> >
> > Could anyone tell me what's wrong here?
>
> My reading of the (umm... concise?) mod_proxy_wstunnel documentation
> is that all URLs handled by mod_proxy_wstunnel will be upgraded to
> Websocket connections. The configuration you have above will either
> completely ignore your Websocket configuration (because ProxyPass
> directives work in a first-match fashion, so your first '/' mapping
> will map to http) or (if you replaced http: with ws:), everything will
> be upgraded to Websocket so HTTP won't work.
>
> Perhaps you want to:
>
> a. List the Websocket-mapped URLs first
>
> and
>
> b. Don't map / to Websocket. Try /ws or whatever the examples use
>
> Caveat: I know almost nothing about Websocket. YMMV.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwH8r0ACgkQHPApP6U8
> pFhE6RAAtaqxDXDLjDx+Eovt2V9PtiLPIxY8fP5uZfMtTRo7SP6acgRe45NH9qHj
> tcQt0WiJP9twIyt25oENERF2sbwOgHGLzaDLeLNCJDIER+qre/PN6pspvZzU89nO
> 1a6AdCm4aoZTGsn9GXXn4xRP/TNoAbq0FRXxjp6SUeHlGIK3wSOYGERMafZgfOm7
> ETWGP7SG+mw6+Vbp4dnwvx71uLOjgYu8ly6GcDsbe9UOqqb7PlTGtzWQWDz5ahiP
> Kks7RuVsAOIRxHN4VEoQwu5lYOHFObKOBwtCHbQYZQby3hjXBbShZTKYDEVoorwo
> jUU0LFQMPb5IBkeH009FQZJXZcS4EvzzZK3bYx/LYQFqwYcB5VAXTT/wNV4J67dS
> 59JEl0xTxAgqTvu30TIW82ymMqsKRpPiUHblcQ0YIidQVnFUqhw9eAZdKoeDlgaY
> XL3TpBhHnJgzUxgDIc7R1gj218GiyY2rK2CK4KzrbaIE7HnobWMJxcarB/57KO8F
> JKrr7k0RkaXM1zsv63dr34LFiPQH0i2hqRDFRADNsDYOSf21dP3ZFOBdd4nKe4M3
> edNXPgSIput+c5iiSECGVL1eQ2IKXfDwQkXR5Cj3v44TpYaOdlsChK27aq1uIWst
> PLUL28Q19ugIlPh1qQp/6SGc/T2r+HUGbhs+A7IQectxNzb+ywQ=
> =Dl4U
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Tomcat 8 and Oracle Wallets

2018-11-16 Thread Luis Rodríguez Fernández
Hello Christophe,

Very interesting, thanks!

Would it be possible in your scenario to export the certificates from the
wallet and import them to a different keystore (PCKS12 or JKS)? You can
have a look at [1]

Hope it helps,

Luis

[1]
https://blogs.oracle.com/dev2dev/ssl-connection-to-oracle-db-using-jdbc,-tlsv12,-jks-or-oracle-wallets






El vie., 16 nov. 2018 a las 12:03, Christophe Vanlancker (<
carroarma...@inuits.eu>) escribió:

> I ran a strace on the Tomcat process, and see that Tomcat actually IS able
> to see and read the wallets.
>
>
>
> [pid 21880] open("< full path to wallets>/oracle_wallets/cwallet.sso",
> O_RDONLY) = 362
>
>
> So I think this means that the problem lies somewhere between Tomcat and
> the OJDBC driver.
>
>
> Regards,
> Christophe
>
> --
> --
> Christophe Vanlancker 
> +32 (494) 232277 | Linux & Open-Source consultant - Inuits.eu
>
>
> From: "Christophe Vanlancker" 
> To: "users" 
> Sent: Thursday, 15 November, 2018 13:24:10
> Subject: Tomcat 8 and Oracle Wallets
>
> Hello,
>
> I'm having an issue with setting up SSL encrypted connections to an Oracle
> database.
>
> I looked up on many websites and places and got the impression that either
> people abandon setting up the encryption or implemented the connection in
> code rather than through the jndi context in Tomcat itself.
>
> Tomcat 8.5.34
> JDK 1.8.0_171
> RedHat 7.4 (Selinux permissive)
> OracleDB 12.2.0.1.0
>
> I've written a simple Java application which just connects to the database
> using TCPS and makes a simple query.
> This works.
>
> java -D oracle.net.tns_admin ="./oracle_wallets/" -D
> oracle.net.wallet_location ="(SOURCE=(METHOD=FILE) (METHOD_DATA =
> (DIRECTORY=./oracle_wallets)))" -cp ./: ./lib/ ojdbc8.jar :./lib/
> oraclepki.jar DataSourceSample
>
> I'm using the official ojdbc8.jar from Oracle appropriate for the version
> of Java and the Oracle database.
>
> Because Oracle Wallets is an invention of Oracle itself, I added the
> appropriate security provider in java.security:
> security.provider.4=oracle.security.pki.OraclePKIProvider ( loaded before
> com.sun.net.ssl.internal.ssl.Provider ) so it gets loaded before the
> default PKCS implementation in Java.
>
> cwallet.sso cwallet.sso.lck ewallet.p12 ewallet.p12.lck sqlnet.ora
> tnsnames.ora are all placed inside the ./oracle_wallets.
>
> As said before, the little Java app that I wrote is able to open the
> wallets and connect to the database:
>
> AArray = [B@6328d34a
> AArray = [B@145eaa29
> AArray = [B@15bb6bea
> 
> Driver Name: Oracle JDBC driver
> Driver Version: 12.2.0.1.0
> Default Row Prefetch Value is: 20
> Database Username is: MY_USER
> 
> 82062920015 SomeResults1
> 87093009324 SomeResults2
> 74031825702 SomeResults3
> 
>
>
> I translated this to Tomcat in the following way:
>
> I placed the ojdbc8.jar and oraclepki.jar in the libs folder of Catalina.
>
> I added the Java options in bin/setenv.sh:
>
> export CATALINA_OPTS="$CATALINA_OPTS -Doracle.net.tns_admin= path>/oracle_wallets/"
> export CATALINA_OPTS="$CATALINA_OPTS
> -Doracle.net.wallet_location='(SOURCE=(METHOD=FILE) (METHOD_DATA =
> (DIRECTORY=  /oracle_wallets)))'"
>
> The entries in the context.xml file look like this:
>
>  auth="Container"
> type="javax.sql.DataSource"
> username="MY_USER"
> password="*"
> url="jdbc:oracle:thin:@MY_DATABASE"
> driverClassName="oracle.jdbc.OracleDriver"
> timeBetweenEvictionRunsMillis="12"
> testOnBorrow="True"
> logAbandoned="True"
> removeAbandonedTimeout="3600"
> maxIdle="20"
> initialSize="32"
> removeAbandonedOnBorrow="True"
> maxTotal="256"
> validationQuery="select 1 from dual"
> removeAbandonedOnMaintenance="True"
> maxWaitMillis="30"
> />
>
> I can confirm that the rights on the filesystem for the wallets are
> permissive enough for Tomcat to read them.
> Tomcat is able to connect to the database.
>
> But for some reason it's as if it's unable to read the wallets.
>
>
> Caused by: oracle.net.ns.NetException: The Network Adapter could not
> establish the connection
> at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:523)
> at
> oracle.net.resolver.AddrResolution.resolveAndExecute(AddrResolution.java:521)
>
> at oracle.net.ns.NSProtocol.establishConnection(NSProtocol.java:660)
> at oracle.net.ns.NSProtocol.connect(NSProtocol.java:286)
> at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1438)
> at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:518)
> ... 68 more
> Caused by: oracle.net.ns.NetException: Unable to initialize ssl context.
> at
> oracle.net.nt.CustomSSLSocketFactory.getSSLSocketEngine(CustomSSLSocketFactory.java:564)
>
> at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:143)
> at oracle.net.nt.ConnOption.connect(ConnOption.java:161)
> at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:470)
> ... 73 more
> Caused by: oracle.net.ns.NetException: Unable to initialize the key store.
> at
> 

Re: web.xml mime-mappings

2018-11-01 Thread Luis Rodríguez Fernández
Hello Baron,

There are no dumb questions, no worries :)

Are you referring to the $CATALINA_BASE/conf/web.xml by chance? This is the
default web.xml [1] that defines default values for all the webapps
deployed in your tomcat server. Me personally I rarely modify it.

 Me, as a sample web.xml I usually take either the one distributed in the
always good $CATALINA_BASE/webapps/examples/WEB-INF/web.xml or the one from
the classic "hello, world" app [2]

Hope it helps,

Luis

[1] https://tomcat.apache.org/tomcat-9.0-doc/default-servlet.html
[2] https://tomcat.apache.org/tomcat-9.0-doc/appdev/sample/






El jue., 1 nov. 2018 a las 3:01, Baron Fujimoto ()
escribió:

> Apologies in advance if this is a dumb question.
>
> I usually base our config files off of the sample config files as a
> starting point.
>
> The sample web.xml contains many mime-mapping elements (1000+ I think). Is
> there any good reason to include these if your application isn't going to
> use the vast majority of these mime-types? I.e., is it recommended to edit
> it down to just those that the application is likely to use? It seems like
> it would be less unwieldy if I did this, but I just want to make sure
> there's no compelling downside to it.
>
> --
> Baron Fujimoto  :: UH Information Technology Services
> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: To Support at Tomcat, Got an issue Finding Maths.

2018-10-15 Thread Luis Rodríguez Fernández
Hello Ian,

Perhaps you are trying something like this? <%@ page
import="java.lang.Math" %>

You have very nice and simple jsp examples inside the examples application
of any tomcat distribution. E.g.
${CATALINA_BASE}webapps/examples/jsp/tagplugin/foreach.jsp

Hope it helps,

Luis


El vie., 12 oct. 2018 a las 20:19, Christopher Schultz (<
ch...@christopherschultz.net>) escribió:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Ian,
>
> On 10/12/18 06:15, Ian Burton wrote:
> > On 10 Oct 2018 15:18, "Christopher Schultz"
> >  wrote: On 10/10/18 06:19, Ian Burton
> > wrote:
>  I have spent many hours searching for a organised way to ask
>  for a
> 
>  Public void setter(double value){
> 
>  Value = Maths.sin(param1);
> 
>  }
> 
>  Here is an example of files used from Java to JSP.
> 
>  [Calculus Beanjava – Measures.jsp]
> 
>  Nothing has been compatible, is there a licence restriction?
> >>
> >> It's unclear what you're asking, here.
> >>
> >> Can you explain a little more what you are trying to do?
> >>
> >
> > Expressing my problem, with JSP plugins think
> > java.lang.math.(import) is neither working or available.
> >
> > I've looked at different approaches &, Program scripted best
> > displayed.
>
> I'm sorry, I still don't understand. Can you provide an example of a
> JSP file that does _not_ work on a fresh Tomcat install, but /should/
> work?
>
> Please note that this mailing strips attachments, so you'll need to
> copy/paste into your message.
>
> What version of Tomcat are you trying to use?
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvA5bAACgkQHPApP6U8
> pFinsQ//fF6EMDFJb/qqGAV5GkwIkjldqwndfewyi76C5fFNcWrFOWesUrU+55fP
> ovOuY7zsU9/hQtthhCQPtKOm3AcjLHd6CBy6bRn0GhDIuzvqXZU6TUO0OfNgzbUX
> BF+AQwM0ckJb7RvDI3oIQpMmyLzIxPW1SsAtLfgZqAc9TUvKzMIinlUcCPxZ0g+x
> yszSuAHkKBG9T0TYRyRXVRJPpw1NMWbqr0b2iD0So8vdn2GERAfI126I9PHAuSkn
> gPb7wCiMz9Y1zon3QBcoU+jl1ayXtxznFGMhVfME9TNR114s/OByMVU7gVZ5F6GI
> gu57pxbl028PCKqwIsbKDkroL8fkz11JKlRTgbYZR4ruVgQT7ktpJNyg52NvfEHu
> E9Us/7sckhBP0nzEHoJW3KsBEmVe+lQNVI+jlpo+dLG9puvWyZAW96jK4fQSD/CI
> gK2613CS8o5EdmEz2FpSsOKJMuD1urNaMzKhcNRAqq90JaknGdAeUNhTlZAkmxHv
> tL8UgijLPUHM4SAtfJJn/SeuTe9b9n9MvFPRl4g4jbSgXSh6Y9XwIy9S24y1jNjX
> zJroRxlPDiTucnrPBGnioaUVR6Id+1PbTmXrr6VQS9GEDc6FSJfUrWfOdwW/mLNG
> qlewsxhqQBUC4fxBvQbsxAUC+Dt3vN5ffA9C1UCe7C4YECl/vXg=
> =S1NH
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: SSL on Tomcat

2018-10-02 Thread Luis Rodríguez Fernández
Hello Christopher,

It makes sense, thank you very much for your advice!

Cheers,

Luis

El lun., 1 oct. 2018 a las 20:39, Christopher Schultz (<
ch...@christopherschultz.net>) escribió:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Luis,
>
> On 10/1/18 11:06 AM, Luis Rodríguez Fernández wrote:
> > Agree with Christopher, you have to fix your client. Just get the
> > root Certificate Authority public key and import it in your client
> > truststore.
>
> I'd recommend trusting the finest-grained cert you can get away with.
> That might not always be the root CA cert. It might be the server's
> cert directly.
>
> > If you did not change it the client (java) the default keystore is
> > located in  $JAVA_HOME/jre/lib/security/cacerts. Something like:
> >
> > keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts
> > -storepass trust_store_password_here -alias Root -import -file
> > the_downloaded_ca.crt
> >
> > The default password for cacerts is changeit
>
> FWIW, I wouldn't recommend changing the JVM's trust store. I say so
> for two reasons:
>
> 1. You will be trusting that certificate for ALL JVMS LAUNCHED
> AFTERWARD. Perhaps you don't want some other service to trust your
> 192.168.1.120 certificate when it's only supposed to be used with a
> single client service.
>
> 2. You will have to remember to update the trust store every time you
> change your Java installation. That means upgrades, downgrades, etc.
>
> The best way to do this IMO is to create a trust store specific for
> that service (client) and use it EXPLICITLY.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAluyafIACgkQHPApP6U8
> pFijGRAAr8BXcoObcsRM/n++276xFYoAJPGKigExp6wpLjI0iHasPpXC0BPaMInb
> w7ZkgwAY77Qq7jCcUB8FGrBQXo+axN2r8MVsghV/UyTIwnZyKDM0lb4z6d6016Bc
> fQjoalUal857FH20PRAv5U+GrrpNcE7Mua5yu6eTqlMpX2hC0kBCc+oaH6xmtZr/
> lvtn9UK5/ymS83yW5sxxYRa3uEnFf6U2EFJoWKGraEOHquEiX01Jn5nOYxccyPMT
> TtjZ+yzkc/gvBTsme0ZVdOXTK9m+0Q10f/Fgc4bidSb9ZybaBcm8YsOqpqjP9poC
> YU4KtJP7BsJbMVzNV7YFlmIDlOVXwzk84oqEj8trbUe8AtJnq9gCLFp6/1ElmXE4
> xP26Gw1ck2vqQC/4u43HsiBegLFaBUorjNw3fWkf3PTiqSXHjXToJK9oYRv1DNkr
> SV8dlnujLbqmDQWag2FHTkE6Ka5sFBdbeFUdFP0Qd7jkhmErr5nziO1RtZ1bkIUz
> MaCYdpLR+OdU1XMrENnLHRedmpjDXp4UA1/mqr/PSMadQrlK7Z4fF5UVurXFWn7Z
> C+HNYzoSmvUL+y1KsficoK3ZGthUpkgApFFbFh3aSKdm07V+Xt1KK6sRndcjdoff
> KtU/sG0d0SSLnJmRCJHINRSOccmHZUiWGJ9+UXXE2Gd4nEw43r4=
> =okQm
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: SSL on Tomcat

2018-10-01 Thread Luis Rodríguez Fernández
Hello Loai,

Agree with Christopher, you have to fix your client. Just get the root
Certificate Authority public key and import it in your client truststore.
If you did not change it the client (java) the default keystore is located
in  $JAVA_HOME/jre/lib/security/cacerts. Something like:

 keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass
trust_store_password_here -alias Root -import -file the_downloaded_ca.crt

The default password for cacerts is changeit

Hopeit helps,

Luis




El sáb., 29 sept. 2018 a las 12:05, Loai Abdallatif (<
loai.abdalla...@gmail.com>) escribió:

> Thanks Chris, but how to do it, should I copy the ssl certificate from
> Webserver 192.168.1.120 to my tomcat container (worker0) in 192.168.1.111
> in server.xml .
> any idea please
>
> On Sat, Sep 29, 2018 at 1:35 AM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > Loai,
> >
> > On 9/27/18 10:50, Loai Abdallatif wrote:
> > > Hello,
> > >
> > > I have Set Apache Load Balancer ( ModJK) with Server IP
> > > 192.168.1.120 (Webserver01.epsilon.test)  which forward the traffic
> > > to tomcat server .(192.168.1.111 (appserver01.epsilon.test)
> > >
> > > each tomcat server has three workers ( 0,1,2)
> > >
> > > I deployed *Central Authentication Service* (CAS)  on Worker0  and
> > > its is working with warning related to ssl Certificate, I have
> > > another Application on this worker0 called ServiceCatalog
> > > unfortunatly it didnt work and gave error as below
> > >
> > >
> > > ERROR org.jasig.cas.client.util.CommonUtils -
> > > sun.security.validator.ValidatorException: PKIX path building
> > > failed
> > >  : sun.security.provider.certpath.SunCertPathBuilderException:
> > > unable to find valid certification path to requested
> > >  target javax.net.ssl.SSLHandshakeException:
> > > sun.security.validator.ValidatorException: PKIX path building
> > > failed: sun.sec
> > >  urity.provider.certpath.SunCertPathBuilderException: unable to
> > > find valid certification path to requested target
> >
> > As Guido says, your client (org.jasig.cas.client) does not trust the
> > server it's trying to connect to.
> >
> > Is the server in this case the one you set up above? It's not clear
> > exactly what you are trying to do.
> >
> > There is nothing you can change with Tomcat to fix this error... you
> > must configure your client to trust the server.
> >
> > - -chris
> > -BEGIN PGP SIGNATURE-
> > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
> >
> > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAluurMsACgkQHPApP6U8
> > pFiGARAAk5GnoU7+3tk16yh+cCme1mzPZiEUf0y1uE8CK74zaNB4OXbeF6iuNOEm
> > 9OP5MV6zyQC/NxI+DSlUzN32ZUEDLKSw7OUcMmhBfrZs690NEChHTJV9p/EpC7NS
> > 8LwMU/r3MFrvpkaLuPQsq+DbzbNRefh6+eOEhGTT3WtwW6SYtXxNUbBz4WmCSTrz
> > LHPYGTpUT19CX2BE5sNQeV5F4/ul3fLSMuVp4RryVo4BLQKBwh/rexb1fUbsdxyn
> > /v3HyCgreuhFV7DVMF+BuA46sccOm6kScMf7r9LrDioMswZvn79dFGgo9qMDgCWE
> > 37j7Dnv72GdtlkkNAkP9sKm413B4LzAhuL56bAyK+3SRRKuiqDPgq+4tcEOsIb4u
> > j6j3ZtJbpoojibAuNZWcvR3kjEPfCDUnRa6JSKXu1Y7Bekr3kLYbiGtOVWXi0ozs
> > 9zzq8D7lqSDD7b0UhuZ22yuR0OBZMlxn0/ELH0GNikyLuwAd3UrrcNXfL7kpl5P9
> > BFSEnpZ8uD7bhXrkVCBdM+ktXrCYS8StEIFNwXe5WeUbLdXoCDNKvlKgZKq2/IkD
> > /Zjh44ecYr8TNdfvyNJxL2YGTUZcfwyZETrMX/1ont7VfFU/xHuh1DE6R60vAtfB
> > 8nEsqNc+FFocsKlEwQbVyt0XP54DPfPGzXX544NLfbaIr2/2JOk=
> > =Bjfw
> > -END PGP SIGNATURE-
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Connection refused: connect

2018-09-26 Thread Luis Rodríguez Fernández
Hello Karen,

May I ask you what exactly you try to do:

- Deploy locally
- Deploy remotely
- Debug locally
- Debug remotely
- Other...

Eclipse version? Other plugins or tools (e.g. maven)?

Thanks,

Luis

El sáb., 22 sept. 2018 a las 0:52, Igal Sapir ()
escribió:

> On 9/21/2018 12:45 PM, André Warnier (tomcat) wrote:
> > Hi.
> > Sorry, forget my answer below, I was probably talking nonsense here.
> > The stack trace that you show does not even mention any Tomcat class,
> > so the "connect" mentioned below probably has nothing to do with the
> > HTTP CONNECT method.
> > It looks like something in Eclipse itself, but since I do not know
> > Eclipse (either), I don't have a clue.
> >
> > On 21.09.2018 17:06, André Warnier (tomcat) wrote:
> >> On 21.09.2018 10:54, Karen Goh wrote:
> >>> Hi,
> >>>
> >>> I am repeatedly getting the following exceptions and am stuck here
> >>> like forever.
> >>>
> >>> Hope someone can tell me what's wrong with my tomcat server version:
> >>> 8.5.24 with Eclipse
> >>>
> >>> java.net.ConnectException: Connection refused: connect
> >>> at java.net.DualStackPlainSocketImpl.connect0(Native Method)
> >>> at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source)
> >>> at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
> >>> at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown
> >>> Source)
> >>> at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
> >>> at java.net.PlainSocketImpl.connect(Unknown Source)
> >>> at java.net.SocksSocketImpl.connect(Unknown Source)
> >>> at java.net.Socket.connect(Unknown Source)
> >>> at java.net.Socket.connect(Unknown Source)
> >>> at java.net.Socket.(Unknown Source)
> >>> at java.net.Socket.(Unknown Source)
> >>> at
> >>>
> org.eclipse.jdi.internal.connect.SocketTransportService$2.run(SocketTransportService.java:148)
>
> >>>
> >>>
> >>> at java.lang.Thread.run(Unknown Source)
>
> It looks to me like Eclipse is trying to connect to Tomcat but fails.
> If the connection is made over the network then a firewall might be
> playing a role here.  If it's all done locally then Tomcat is not
> listening on the host:port to which Eclipse is trying to connect.
>
> Can you connect to that host:port with a browser?  e.g.
> http://localhost:8080/ ?
>
> Igal
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Tutorial - How to Set Up Lucee in Tomcat

2018-09-05 Thread Luis Rodríguez Fernández
Cool, thanks! +1 for the makebase utility!

Cheers,

Luis

El mié., 5 sept. 2018 a las 12:26, Ivan Serdyuk (<
local.tourist.k...@gmail.com>) escribió:

>
> https://www.facebook.com/pg/Kyiv-Scala-Group-223492434893596/posts/?ref=page_internal
> -
> posted here.
>
> On Wed, Sep 5, 2018 at 1:16 PM Ivan Serdyuk 
> wrote:
>
> > Awesome. I shall share that now
> >
> > On Wed, Sep 5, 2018 at 9:25 AM Igal @ Lucee.org  wrote:
> >
> >> I published a blog post with an accompanying video tutorial about
> >> setting up Lucee in Tomcat.  While there are some Lucee-specific
> >> elements in the tutorial, most of it is applicable to any servlet setup,
> >> covering CATALINA_HOME, CATALINA_BASE, and the recently added makebase
> >> utility.
> >>
> >> I hope that some users will find it informative and useful. Feedback is
> >> welcome.
> >>
> >> You can read it at
> >> http://blog.rasia.io/blog/how-to-easily-setup-lucee-in-tomcat.html
> >>
> >> Or watch the video at
> >> https://youtu.be/nuugoG5c-7M
> >>
> >> Best,
> >>
> >> Igal Sapir
> >> Lucee Core Developer
> >> Lucee.org 
> >>
> >>
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Tomcat 8.x-9.x + Struts 1.3.x - Applications will get into a state where they won't serve random bunch of static resources, 500 errors

2018-08-06 Thread Luis Rodríguez Fernández
Hello Chris,

Definitely you have to increase the logging level. If your tomcat instance
is using JULI and you suspect from struts perhaps you could try to increase
the debugging level of struts in your
$CATALINA_BASE/conf/logging.properties:

org.apache.struts.level=FINE or FINEST

Hope it helps,

Luis


2018-08-06 18:08 GMT+02:00 Louis Zipes :

> Hi,
> Not an answer but just letting you my thinking on where I would look for
> additional error messages that might help tell more of the story.
>
> 1) Any additional information in the individual Java Plugin Logs that tell
> more of the story?
>
> 2) Can you increase the logging on the Tomcat side to try to capture more
> of the error?
>
> 3) What about the SUSE logs themselves?  Do they tell you anything?
>
> Thanks, Louis
>
> -Original Message-
> From: Chrifister [mailto:chrifis...@gmail.com]
> Sent: Monday, August 06, 2018 11:54 AM
> To: users@tomcat.apache.org
> Subject: Tomcat 8.x-9.x + Struts 1.3.x - Applications will get into a
> state where they won't serve random bunch of static resources, 500 errors
>
> - - - external message, proceed with caution - - -
>
>
> Hi,
>
> Our current setup is Tomcat 9.0.8 running SuSE Enterprise. This server is
> running a dozen web applications built with Struts 1.3.8 with some newer
> Spring applications on the horizon. There is a large user base with some
> applications seeing heavy usage. Applications are currently using Java 1.7
> and 1.8.
>
> We were originally running Tomcat 7.x but were having issues with perm gen
> maxing out very quickly for unknown reasons but possibly related to a buggy
> third party "enterprise-grade" reporting Java library. We had to restart
> the server nightly to try and keep perm gen from maxing out. Part of the
> reason was this third-party library spawned immortal threads that would
> prevent an application from unloading and being garbage collected when a
> newer build of an application was deployed (the developers behind it never
> expected the library would be run on a server with multiple
> applications). So we upgraded Tomcat to 8.5.x first and then to 9.x
> recently. This fixed the perm gen issue.
>
> Our current issue we are having is that for some unknown reason and after
> seemingly random lengths of time, an application will get into a state and
> will start having issues which results in failed page loads or pages not
> loading correctly. According to Chrome's network tab in developer console,
> a random bunch of static resources (javascript, css, images) are returning
> 500 errors and not being served. Whether the page loads or not depends on
> exactly which resources were not returned. Every time you access any page
> in that application, another random bunch of resources have 500 errors.
> There's no indication in any of Tomcat's log files that an application is
> in this state. The application will stay in this unusable state until it is
> restarted or the server is restarted.
>
> We've resorted to once again scheduling the server to restart nightly which
> has cut down on the frequency of this happening which hints at this being
> related to usage, but it is still happening once a week and sometimes more.
> The applications that seem to experience this the most are I believe the
> more heavily used applications.
>
> No Spring application has experienced this issue on our other servers which
> leads me to tentatively say that Spring is not affected and/or is not a
> cause of the issue but upgrading all applications to Spring is not feasible
> at the moment.
>
> We've tried upgrading Struts in the most frequently affected applications
> to 1.3.10 but it did not solve the issue and actually afflicted us with
> another issue stemming from a bug in that Struts version. So we had to go
> back to 1.3.8.
>
> I spoke with a couple of people in Tomcat's IRC channel and they seemed to
> think it was a third-party library or a problem/race condition between the
> Struts and Tomcat servlets. While this may be important information, I have
> no idea what to do with it.
>
> I'm not sure debugging is a possibility because it's a remote server and I
> wouldn't even know what to look for. I also can't allow a production
> application to remain in this state for very long.
>
> I can't file a bug report because I can't reproduce it at will and I am
> unable to provide thread or heap dumps.
>
> I have a suspicion it may be caused by that third part library although I
> don't see how that library would affect Tomcat's serving of static
> resources.
>
> This issue has never happened to our test server or our local instances of
> tomcat. Since I suspect it's related to usage, this is not surprising.
>
> Any help would be greatly appreciated.
>
> Chris
> ---
> CONFIDENTIALITY NOTICE: This message is for intended addressee(s) only and
> may contain information that is confidential, proprietary or exempt from
> disclosure. If you are not the 

Re: Tomcat error at run-time.

2018-08-03 Thread Luis Rodríguez Fernández
Hello Noel,

mmm, perhaps you could consider to use spring-boot for this. It provides a
nice out-of-the-box embedded tomcat:
https://spring.io/blog/2014/03/07/deploying-spring-boot-applications

Hope it helps,

Luis

2018-08-03 7:06 GMT+02:00 noel joseph :

> Hey Chris,
>
> This is my code...
>
> package com.TomCat.EmbTC;
>
> import java.io.File;
> import javax.servlet.ServletException;
> import org.apache.catalina.LifecycleException;
> import org.apache.catalina.startup.Tomcat;
>
> public class App {
>  public static void main(String[] args) throws LifecycleException,
> InterruptedException,
>  ServletException {
>   String docBase = "src/main/webapp/";
>
>   Tomcat tomcat = new Tomcat();
>   String webPort = System.getenv("PORT");
> if(webPort == null || webPort.isEmpty()) {
> webPort = "8111";
> }
> tomcat.setPort(Integer.valueOf(webPort));
>
>   tomcat.addWebapp("/", new File(docBase).getAbsolutePath());
>System.out.println("configuring app with basedir: " + new File("./" +
> docBase).getAbsolutePath());
>
>   tomcat.start();
>   tomcat.getServer().await();
>
>  }
> }
>
> and this is my pom.xml file
> http://maven.apache.org/POM/4.0.0; xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance;
>   xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> http://maven.apache.org/maven-v4_0_0.xsd;>
>   4.0.0
>   com.TomCat
>   EmbTC
>   jar
>   0.0.1-SNAPSHOT
>   EmbTC Maven Webapp
>   http://maven.apache.org
> 
> UTF-8
> 1.8
> 1.8
> 8.5.5
> 
>
>   
> 
>   junit
>   junit
>   3.8.1
>   test
> 
>
> 
> commons-logging
> commons-logging
> 1.2
> 
> 
> org.apache.tomcat.embed
> tomcat-embed-core
> ${tomcat.version}
> 
>
> 
> org.apache.tomcat
> tomcat-jasper
> ${tomcat.version}
> 
>
> 
> org.apache.tomcat
> tomcat-jasper-el
> ${tomcat.version}
> 
>
> 
> org.apache.tomcat
> tomcat-jsp-api
> ${tomcat.version}
> 
>   
>   
>  EmbTC
>   
> 
>
>
> I am not making use of a web.xml file.
> This codes running perfectly on eclipse when run, depolying a tomcat server
> as expected.
> But when i convert into a jar and run it as a jnlp file i get the error...
>
> org.apache.catalina.LifecycleException: A child container failed during
> start
> at
> org.apache.catalina.core.ContainerBase.startInternal(
> ContainerBase.java:947)
> at
> org.apache.catalina.core.StandardEngine.startInternal(
> StandardEngine.java:262)
> at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
> at
> org.apache.catalina.core.StandardService.startInternal(
> StandardService.java:422)
> at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
> at
> org.apache.catalina.core.StandardServer.startInternal(
> StandardServer.java:793)
> at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
> at org.apache.catalina.startup.Tomcat.start(Tomcat.java:344)
> at com.TomCat.EmbTC.App.main(App.java:23)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> at com.sun.javaws.Launcher.executeApplication(Unknown Source)
> at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
> at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
> at com.sun.javaws.Launcher.run(Unknown Source)
> at java.lang.Thread.run(Unknown Source)
>
> Please let me know what's the problem with my code.
>
> Thanks,
> Noel
>



-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: cors filter in WEB-INF/web.xml

2018-07-31 Thread Luis Rodríguez Fernández
Hello Masber,

In order to get accurate answers it would be helpful if you could provide
details like:

- Platform details: OS, jdk/jre, apache-tomcat version...
- "I went through documentation" which one? perhaps
https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#CORS_Filter
- "my web client still complains" I guess that you get some error response
here; have you checked your logs?

Hope it helps,

Luis





2018-07-28 9:00 GMT+02:00 masber masber :

> Dear Apache Tomcat community,
>
>
> I am learning Tomcat and would like to create a crosfilter, I went through
> the documentation and added the code suggested but my web client still
> complains.
>
>
> This is the content of my web.xml file:
>
>
> 
>
> Archetype Created Web Application
>
>
> 
>
> jersey-servlet
>
> org.glassfish.jersey.servlet.
> ServletContainer
>
>
> 
>
> jersey.config.server.provider.packages param-name>
>
> returnitRest
>
> 
>
>
> 
>
> jersey.config.server.provider.classnames param-name>
>
> org.glassfish.jersey.media.multipart.
> MultiPartFeature
>
> 
>
>
> 
>
> javax.ws.rs.Application
>
> returnitRest.AppConfig
>
> 
>
>
> 1
>
> 
>
>
> 
>
> jersey-servlet
>
> /rest/*
>
> 
>
>
> 
>
>   CorsFilter
>
>   org.apache.catalina.filters.CorsFilter
>
>   
>
> cors.allowed.origins
>
> *
>
>   
>
>   
>
> cors.allowed.methods
>
> GET,POST,HEAD,OPTIONS,PUT
>
>   
>
>   
>
> cors.allowed.headers
>
> Content-Type,X-Requested-With,accept,Origin,
> Access-Control-Request-Method,Access-Control-Request-Headers
>
>   
>
>   
>
> cors.exposed.headers
>
> Access-Control-Allow-Origin,Access-Control-
> Allow-Credentials
>
>   
>
>   
>
> cors.support.credentials
>
> true
>
>   
>
>   
>
> cors.preflight.maxage
>
> 10
>
>   
>
> 
>
> 
>
>   CorsFilter
>
>   /*
>
> 
>
> 
>
>
> I was wondering whether someone could help me to understand what I am
> doing wrong?
>
>
> thank you very much
>
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Can't start Tomcat in debug mode

2018-07-16 Thread Luis Rodríguez Fernández
Hello Alain,

 /Library/Tomcat/bin/catalina.sh jpda start should be good enough. If you
have a look at the tomcat command line process are the JPDA options
enabled? E.g.:

$ $CATALINA_HOME/bin/catalina.sh jpda start

$ ps -ef | grep --color dt_socket
lurodrig 13522  2883  6 13:58 pts/500:00:04
.../jdk1.8.0_162/bin/java...
-agentlib:jdwp=transport=dt_socket,address=localhost:8000,server=y,suspend=n
... org.apache.catalina.startup.Bootstrap start

In the catalina.out you should see something like: Listening for transport
dt_socket at address: 8000

Asking for the debug and http ports:

lurodrig@:tomcat-9-0-5-installation$ lsof -i:8000
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
java13522 lurodrig4u  IPv4 450991  0t0  TCP localhost:8000
(LISTEN)

lurodrig@:tomcat-9-0-5-installation$ lsof -i:8080
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
java13522 lurodrig   51u  IPv6 450993  0t0  TCP *:http-alt (LISTEN)

Hope it helps,

Luis

ps: a HTTP request against the debug port will print this message in the
catalina.out Debugger failed to attach: handshake failed - received >GET /
HTTP/1.1< - expected >JDWP-Handshake<



2018-07-16 13:45 GMT+02:00 Désilets, Alain :

> I am unable to start Tomcat in debug mode. I have searched and see that
> lots of people are having similar issues. I tried all the fixes that were
> proposed and none of them seem to work.
>
> Here is what I have at the moment.
>
> I have a file /Library/Tomcat/bin/setenv with the following content
> # Trying to start Tomcat in debug mode...
> #
> # CATALINA_OPTS="-agentlib:jdwp=transport=dt_socket,address=
> 8000,server=y,suspend=n"
> JPDA_ADDRESS=8000
> JPDA_TRANSPORT=dtsocket
> JPDA_SUSPEND=n
>
> Note that I tried setting the JPDA environment both ways (using
> CATALINA_OPTS and JPDA_* vars) and the result is the same.
>
> To restart tomcat, I do the following command:
>
>
> echo "" > /Library/Tomcat/logs/catalina.out ;
> /Library/Tomcat/bin/shutdown.sh; sleep 2; /Library/Tomcat/bin/catalina.sh
> jpda start; echo "Restarted tomcat, catalina.out is:"; cat
> /Library/Tomcat/logs/catalina.out
>
> This produces the following output:
>
>
> Using CATALINA_BASE:   /Library/Tomcat
>
> Using CATALINA_HOME:   /Library/Tomcat
>
> Using CATALINA_TMPDIR: /Library/Tomcat/temp
>
> Using JRE_HOME:/Library/Java/JavaVirtualMachines/jdk1.8.0_
> 102.jdk/Contents/Home
>
> Using CLASSPATH:   /Library/Tomcat/bin/bootstrap.
> jar:/Library/Tomcat/bin/tomcat-juli.jar
>
> Using CATALINA_BASE:   /Library/Tomcat
>
> Using CATALINA_HOME:   /Library/Tomcat
>
> Using CATALINA_TMPDIR: /Library/Tomcat/temp
>
> Using JRE_HOME:/Library/Java/JavaVirtualMachines/jdk1.8.0_
> 102.jdk/Contents/Home
>
> Using CLASSPATH:   /Library/Tomcat/bin/bootstrap.
> jar:/Library/Tomcat/bin/tomcat-juli.jar
>
> Tomcat started.
>
> Restarted tomcat, catalina.out is:
>
>
>
> 16-Jul-2018 07:35:12.366 INFO [main] 
> org.apache.catalina.core.StandardServer.await
> A valid shutdown command was received via the shutdown port. Stopping the
> Server instance.
>
> 16-Jul-2018 07:35:12.366 INFO [main] org.apache.coyote.AbstractProtocol.pause
> Pausing ProtocolHandler ["http-nio-8080"]
>
> 16-Jul-2018 07:35:12.426 INFO [main] org.apache.coyote.AbstractProtocol.pause
> Pausing ProtocolHandler ["ajp-nio-8009"]
>
> 16-Jul-2018 07:35:12.483 INFO [main] 
> org.apache.catalina.core.StandardService.stopInternal
> Stopping service [Catalina]
>
> 16-Jul-2018 07:35:12.517 INFO [main] org.apache.coyote.AbstractProtocol.stop
> Stopping ProtocolHandler ["http-nio-8080"]
>
> 16-Jul-2018 07:35:12.520 INFO [main] org.apache.coyote.AbstractProtocol.stop
> Stopping ProtocolHandler ["ajp-nio-8009"]
>
> 16-Jul-2018 07:35:12.523 INFO [main] 
> org.apache.coyote.AbstractProtocol.destroy
> Destroying ProtocolHandler ["http-nio-8080"]
>
> 16-Jul-2018 07:35:12.523 INFO [main] 
> org.apache.coyote.AbstractProtocol.destroy
> Destroying ProtocolHandler ["ajp-nio-8009"]
>
>
>
> When I go to http://localhost:8000, I get “This site can’t be reached”.
>
>
>
> Same if I go to http://localhost:8080/.
>
>
>
> But… if I restart tomcat using the same command as above, except without
> the ‘jpda’ argument to Catalina.sh, then 8080 is started fine, but not 8000
> (which Is to be expected).
>
>
>
> I checked to see if port 8000 is already busy by issueing this command:
>
>
>
> sudo lsof -iTCP -sTCP:LISTEN -n -P | grep 8000
>
>
>
> But is shows no process listening on that port. And I know that this
> command works because when I successfully start tomcat without ‘jpda’, if I
> use this command to check for port 8080, I get:
>
>
>
> java  1925 desilets   60u  IPv6 0xad510ad8630ef821  0t0  TCP
> *:8080 (LISTEN)
>
>
> Not sure what to try next… have pretty much run out of options at this
> point.
>
> Any help will be greatly appreciated.
>
> Thx.
>
> Alain Désilets
> National Research Council of Canad
>



-- 

"Ever tried. Ever failed. No matter. Try Again. Fail 

Re: Requirements for servlet session attributes?

2018-07-05 Thread Luis Rodríguez Fernández
Hello Alex,

It looks like you are missing the getSession() method there:
HttpServletRequest#getSession()#setAttribute("mykey", clientObjectHere);
please have a look at [1]

Hope it helps,

Luis

[1]
https://tomcat.apache.org/tomcat-9.0-doc/servletapi/javax/servlet/http/HttpServletRequest.html#getSession--

2018-07-03 23:28 GMT+02:00 Alex O'Ree :

> The jaws client maybe takes 100ms to fire up.  So it's not terrible slow
> but the overall website is noticeably faster when caching it. All of the
> resources (wsdls, xsds) are local but there's a quite a few of them.
>
> Caching this object does not work as a session attribute.
> HttpServletRequest#setAttribute("mykey", clientObjectHere);
> followed by
> HttpServletRequest#getAttribute("mykey") == null on subsequent http
> requests.
>
> ServletContext#setAttribute and getAttribute does work however it is not
> viable in my situation
>
>
> On Jul 1, 2018 9:43 AM, "Christopher Schultz" <
> ch...@christopherschultz.net>
> wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Alex,
>
>
> On 7/1/18 7:48 AM, Alex O'Ree wrote:
> > I was working on attempting to increase performance on a web app
> > which calls a jaxws service on behalf of the user. The process for
> > creating the jaxws client is somewhat slow so I was to try and
> > cache the the jaxws client object as an HTTP session attribute. It
> > doesn't work for some reason.
>
> Can you define "doesn't work"?
>
>
> > What does work is attaching the jaxws client object to the
> > application context, however this isn't a feasible solution.
>
> So, placing the client into the application via
> ServletContex.setAttribute("jaxclient", client) works?
>
>
> > I vaguely recall running into a similar problem with performing the
> > same task in jboss which i think had the requirement for adding a
> > @Serializable annotation to anything added to the session object.
> > Does tomcat require the same?
>
> Tomcat itself has no specific requirement for session attributes to be
> Serializable, unless you want your sessions to be "distributable" (as
> in a cluster). If you want to improve performance, using clustering
> isn't a great strategy, though.
>
> Tomcat won't fail immediately when adding a non-serializable object to
> the session. Instead, it will fail/log-error at the end of the
> request-processing when the changes to the session are propagated to
> the other node(s) in the cluster. Thus, your local session *should*
> continue to work.
>
> I'm curious about what takes so long when creating the JAXWS client.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAls42lEACgkQHPApP6U8
> pFhiyw//bRNRj/r6jvIi4WEBHTFt154fmvumT2eL56o3dmfxP+byylgcbwWm7z+P
> FvFkR76Vs15P7oSHARsCsSs3xfq46Nn/MyUkZzjdzFSXn4O39AOuzVB2M0NNMsrG
> G6xgrBxGCHD3Zfmk4R2cysqpDkWXjNDS1UlBgyn8DfO2kbjZu6f1OxU6Z9xtYDc0
> Shjfe+qrFo0kqI3XiJbn0PWB1QtTcF7eKjsOZMub/UsR5F1zH3KgdD7FYOvVllbP
> BaBxTdov6Jvbjg0RLKa9+fEmWFGbGkBq1daFLm6+SovSg1KXBzzidDi8k8qAly/P
> XjnNjV44l9mj4Uw1I7gArwvOGk/rm6X7m5NjIfeKjnB0rHpHwuqrrSL6sOvX2cEW
> UA+TX1sq06e9jeUiAzeS27H+Imfk6pNJycp5sW2JPiR7QTlvJwwJKlYIIs9TEiDo
> veQ0hAVRWTc/BPsthXJVakNW0cpySg8Jost/n0jBnl+ryjPnorBdCx6PVLbJ2RnY
> 1le5p4QCZRLRekDvO2PsGP0TRADWttPilumteTPgDR33KqookS9n02S9Ct6Lobdx
> 6YXFqtrlAMFzgdvyTtGgRU2J0a95JZWsLme+hLFqsiIAyS+wP8JfewhZr2paGFtI
> aTKdqTgyAXa6JmQqHOlZL6i+D8B6RawRl1xlcRc1FF1uEdPDmvc=
> =Y2qD
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>



-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Tomcat stop and start using bash script

2018-06-28 Thread Luis Rodríguez Fernández
Hello Danesh

Perhaps you could look for any of your tomcat connector ports, ask for the
process that is listening and kill it:

$ ppid=`lsof -i:8080 -Fp | grep p`
$ pid=`echo ${ppid#p*}`
$ kill $pid

Probably you can find something more elegant but the idea could be this
one...

Hope it helps,

Luis


2018-06-27 17:02 GMT+02:00 Leon Rosenberg :

> use -force option
> bin/shutdown.sh -force
>
> regards
> Leon
>
> On Wed, Jun 27, 2018 at 5:51 PM dhanesh1212121212 
> wrote:
>
> > Hi All,
> >
> > Trying to stop and start tomcat in production using bash script for war
> > deployment.
> >
> > If tomcat not stopped properly then how we can kill the correct process
> and
> > make sure it's stopped correctly.
> >
> > Regards,
> > Dhanesh M.
> >
>



-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Configuration of Tomcat Container to use SAML authentication

2018-06-11 Thread Luis Rodríguez Fernández
Hello Sandeep,

Both keycloack saml adapter [1] or the servlet filter[2] work for me
out-of-the-box.

I am using tomcat 9.0.5

Cheers,

Luis


[1]
https://www.keycloak.org/docs/latest/securing_apps/index.html#_saml-tomcat-adapter
[2]
https://www.keycloak.org/docs/latest/securing_apps/index.html#java-servlet-filter-adapter

2018-06-09 14:09 GMT+02:00 Arnaud Yahoo :

> Hello,
>
> I recently tried (with success) the tomcat Valve from Fediz (Apache CXF)
>
> http://cxf.apache.org/fediz-tomcat.html
>
> Note tha you need to take a recent 1.4.4 snapshot, because 1.4.3 has some
> bugs preventing it to work with SAML
>
> Hope this help
>
> Arnaud
>
>
>
> On 08/06/2018 21:49, Christopher Schultz wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Sandeep,
>>
>> On 6/8/18 10:39 AM, Sandeep Muddamsetty wrote:
>>
>>> We are trying to implement  SAML SSO configuration on Tomact 8.5.X
>>> servers . As we came to know that there is no direct
>>> implementation of this authentication process  through some of the
>>> blogs and need to depend on third party tools to make it possible .
>>> As we are seeing so many tools  while searching for this but  not
>>> getting exact information to use which tool . Do we have any apache
>>> recommended tools for this ?.
>>>
>> I don't have a particular recommendation for you, but if you find
>> something that works well, would you mind sharing your experience with
>> the community?
>>
>> I have implemented SAML SSO myself, but we don't use Tomcat's built-in
>> authentication and authorization framework, so it wouldn't be applicable
>> .
>>
>> You will almost certainly have to implement a Valve (which is a
>> Tomcat-specific component) to accomplish this. You might want to look
>> at the org.apache.catalina.authenticator.FormAuthenticator source code
>> to see how it's done. Much of the heavy-lifting is done by the
>> AuthenticatorBase class, but the
>> doAuthenticate(Request,HttpServletResponse) method is where the "real
>> work" gets done to handle the incoming data, etc.
>>
>> I suspect if you began with that code and started chopping-out pieces
>> and replacing them with parsing of the SAML response, validating and
>> verifying its authenticity, and then obtaining the user's identity
>> through the various SAML attributes sent by the identity provider, you
>> could get quite far on your own.
>>
>> If you want to use an outside authentication system, it wouldn't
>> surprise me to discover that Spring Security already had a plug-in for
>> this kind of thing.
>>
>> Hope that helps,
>> - -chris
>> -BEGIN PGP SIGNATURE-
>> Comment: GPGTools - http://gpgtools.org
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsa3d0ACgkQHPApP6U8
>> pFgk1A//dRubWfOSrqniOQcUz0kFPtgyCYVOKBus6HLoo2+nWR6yXarLvbA8WG0+
>> rOcpmrSI4k2hcsjtDCG1GgtzdKVKdQhWJk5ZZOAomEl5Bwyj97geUxtrsnOwgXBY
>> BxY+p1m0IJuTSG5qF8i+zkvdfSRESghPx+wAUwxhf8g/XGucGA+S39HyEUrEGx6y
>> hkgdWvZdj13MIBADidY54yyq7mCqccAz+Qn7D87E5i65D4aM4mBjqUM33U+55t/C
>> 6FQjRSDJVO0ShRrQg4gPLk7r9f1BNibr0gdiy5oCg4P/zbDLEvVNVnViGQV4gjmx
>> P3scgYGhamHLdTyGtmN1Bz19Ls1GFLia9JdA/2AtD41V6wpTIoWoN8wdHDOWTuO6
>> JTRDzTmLimjI38ca5ze26JJITueKK4MTpSL7eAcRopXfW4qoNi6Rc87hUUA/btT7
>> UhZGqeDVlyXTGQi5/KdL6BaFan+s6ILG/Ntuy9jCyohx/Jwrwx0XoksbjgTxYhhd
>> zYRlHG8XSEcGt9epHLm5G2Rnk8GfeuzuBtj512+QxsX6VrI2q3sHuIPIgA7Egsa4
>> LMNntcn156spvvrF2AbsGevCqKp+fka6JL6FT7cT7EHJ60spi93kLpKx+oN1j4wI
>> YInTT9ClPaEvj85EO5eKJdTAMPReB0Hj3ZvUeoj4Kvx1enenTG4=
>> =1Fc/
>> -END PGP SIGNATURE-
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Tomcat/9.0.8 - Can't deploy war of 104MB

2018-05-24 Thread Luis Rodríguez Fernández
Hello Arnold,

In this type of issues you should get something like this in the
catalina.out:

ERROR
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager] -
HTMLManager: FAIL - Deploy Upload Failed, Exception:
[org.apache.tomcat.util.http.fileupload.FileUploadBase$SizeLimitExceededException:
the request was rejected because its size (355668026) exceeds the
configured maximum (52428800)]

It looks like is more in the ant side. Have you tried directly with the
/manager application?

Hope it helps,

Luis










2018-05-24 17:51 GMT+02:00 Arnold Morein :

> Have been working on a WAR project that is pretty big (104MB) against
> Tomcat 8. The Ant command:
>
>  path="${path}" war="file:${dist.home}${path}.war" />
>
> Was working fine. After upgrading to the last JDK 8 (1.8.0_172) and Tomcat
> 9.0.8 this command results in:
>
> build.xml:832: java.io.IOException: Error writing request body to server
>
> I've googled but all I have found is that the Tomcat manager application
> has a 50MB default upload limit, which I changed to:
>
> 
>   
>   15000
>   15000
>   0
> 
>
> And yet after restarting Tomcat, the error remains.
>
> Can anyone else replicate this behavior or suggest a fix?
>
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Querying Microsoft LDAP with Java

2018-05-23 Thread Luis Rodríguez Fernández
Hello Laurie,

I do think that you are missing your cn in the query:

/usr/bin/ldapsearch -x -h myhost.com -b "OU=Workgroups,DC=cern,DC=ch"
"(member:X.X.XXX.X.X.X.:=cn=lurodrig,ou=users,ou=organic
units,DC=myorganization,dc=com)" cn

Hope it helps,

Luis


2018-05-22 22:34 GMT+02:00 Laurie Miller-Cook <
laurie.miller-c...@larmerbrown.com>:

> Hi there,
>
>
>
> This is a bit of a long shot but I wanted to see if anyone could assist.
>
>
>
> I have an installation of SAP Enable Now, which is a war file placed
> within Tomcat.
>
>
>
> As part of the installation I need to query the MS LDAP server to get a
> list of the users. I know that the connection to the LDAP server is working
> as I can import a list of Groups into Enable Now, but when I try specifying
> to pull the users from a security group I get nothing.
>
>
>
> I use the below LDAP Query, which I have tested in a custom search on the
> Windows server and it does return the list of users that I am after.
>
>
>
> (&(objectClass=User)(memberOf:1.2.840.113556.1.4.1914:= 
> CN=Users,OU=Distribution
> Groups,OU=Finance,OU=London Campus,OU=United Kingdom,OU=Europe,DC=global,
> DC=
>
>
> Does anyone know why the query is not returning the expected list of users?
>
>
>
> Best regards
>
>
>
>
>
> *Laurie Miller-Cook*
>
> *dd:* +44 (0)1252 607220
>
> *e: *laurie.miller-c...@larmerbrown.com
>
>
>
> [image: cid:image008.jpg@01D1C255.36AD22A0]
>
> *t*: +44 (0)1252 607220
>
> *w*: www.larmerbrown.com
>
> 8 Murrell Green Business Park, London Road, Hook, Hampshire, RG27 9GR UK
>
> *[image: cid:image009.png@01D1C255.36AD22A0]*
> *[image:
> cid:image010.png@01D1C255.36AD22A0]*
> *[image:
> cid:image011.png@01D1C255.36AD22A0]*
> *[image:
> cid:image012.png@01D1C255.36AD22A0]* *[image:
> cid:image013.jpg@01D1C255.36AD22A0]*
> *[image:
> cid:image014.png@01D1C255.36AD22A0]* 
>
>
>



-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: log4j

2018-05-22 Thread Luis Rodríguez Fernández
Hello Chris,

You can have a look here:
https://logging.apache.org/log4j/2.x/log4j-appserver/index.html

Hope it helps,

Luis

2018-05-18 19:55 GMT+02:00 George Stanchev :

> Depends on what you're asking. If you're asking to use log4j to capture
> Tomcat logging, then the answer is - you can't but you can use Log4j2 or
> JULI. If the question is how to use log4j for your apps deployed under
> Tomcat, then answer can be found easily...
>
> From: Cheltenham, Chris 
> Sent: Friday, May 18, 2018 7:50 AM
> To: 'Tomcat Users List' 
> Subject: log4j
>
> Hello,
>
> How do I configure Tomcat 8.5.x to use log4j?
>
> Is there a good document to follow?
>
> I am not very familiar with java but it looks like you configure to logs
> to accept java logging for Tomcat.
>
>
> ===
>
> Thank You;
>
> Chris Cheltenham
> Technology Services
> The School District of Philadelphia
>
> Work # 215-400-5025
> Cell # 215-301-6571
>



-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Which maven provided dependencies to target Tomcat ?

2018-05-09 Thread Luis Rodríguez Fernández
Hello Xavier,

Perhaps you can have a look here:
https://wiki.apache.org/tomcat/Specifications.

Me, I have:


javax
javaee-web-api
7.0
provided


Hope it helps,

Luis





2018-05-09 16:35 GMT+02:00 Xavier Dupont :

> Hi guys.
>
> If I want to target the Java EE full profile, I use go here
> https://mvnrepository.com/artifact/javax/javaee-api/8.0 and get the
> following XML snippet.
>
> 
> javax
> javaee-api
> 8.0
> provided
> 
>
> If I want to target the Java EE web profile, I use  this url instead
> https://mvnrepository.com/artifact/javax/javaee-web-api/8.0
>
> And if I only need a subset of JSRs included in the javaee web profile,
> they are all nicely included in the list of compile dependencies, this is
> all very nice.
>
> Since tomcat only supports a subset of the web profile, which dependencies
> should be added in maven ?
>
> Here's the full list for the Java EE 7 Web profile.
>
> javax.annotation:javax.annotation-api:1.2
> javax.ejb:javax.ejb-api:3.2
> javax.el:javax.el-api:3.0.0
> javax.enterprise:cdi-api:1.1
> javax.faces:javax.faces-api:2.2
> javax.inject:javax.inject:1
> javax.interceptor:javax.interceptor-api:1.2
> javax.json:javax.json-api:1.0
> javax.servlet:javax.servlet-api:3.1.0
> javax.servlet.jsp:javax.servlet.jsp-api:2.3.1
> javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api:1.2.1
> javax.transaction:javax.transaction-api:1.2
> javax.validation:validation-api:1.1.0.Final
> javax.websocket:javax.websocket-api:1.0
> javax.ws.rs:javax.ws.rs-api:2.0
> org.eclipse.persistence:javax.persistence:2.1.0
> org.glassfish:javax.faces:2.2.0
>
> I ask because I couldn't find the answer on the web, and it seems to me
> that many sources are actually quite wrong and how it should be done.
> I believe this should appear in a section of the tomcat documentation, at
> least for versions 6, 7, and 8 of Java EE, which Tomcat seems to track.
>
> Xavier.
>



-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Question on Tomcat clustering

2018-05-03 Thread Luis Rodríguez Fernández
Hello Martin,

If you use the default tomcat logging [1] probably setting

org.apache.catalina.ha.level = FINE or FINEST

in your $CATALINA_BASE/conf/logging.properties will give you the
information you need.

Hope it helps,

Luis

[1] https://tomcat.apache.org/tomcat-7.0-doc/logging.html








2018-05-03 16:17 GMT+02:00 Martin Knoblauch :

> Hi,
>
>  one question on Tomcat HA clustering. Is there a way (e.g. a log file
> pattern to look for) to find out that a sessions activity has actually been
> transfered to another cluster node? We are operating a productive
> environment with 6 clustered TC processes and we would like to know how
> oftenthe clustering actually kicks in.
>
>  We are on Tomcat 7. Please don't tell me to upgrade, but the productive
> version of the software is not certified with anything newer.
>
>  Here is the cluster part of the configuration:
>
>   channelSendOptions="8">
>
>   expireSessionsOnShutdown="false"
>notifyListenersOnReplication="true"/>
>
>className="org.apache.catalina.tribes.group.GroupChannel">
>  className="org.apache.catalina.tribes.membership.McastService"
> address="228.0.0.4"
> bind="real hostname censored"
> port="45564"
> frequency="1000"
> dropTime="3"/>
>  className="org.apache.catalina.tribes.transport.nio.NioReceiver"
>   address="auto"
>   port="4001"
>   autoBind="100"
>   selectorTimeout="5000"
>   maxThreads="6"/>
>
>  className="org.apache.catalina.tribes.transport.ReplicationTransmitter" >
>className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"
> timeout="6"/>
> 
>  className="org.apache.catalina.tribes.group.interceptors.
> TcpFailureDetector"/>
>  className="org.apache.catalina.tribes.group.interceptors.
> MessageDispatch15Interceptor"/>
>  className="org.apache.catalina.tribes.group.interceptors.
> ThroughputInterceptor"
> interval="10"/>
>   
>
>
> 
> filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.
> *\.css;.*\.txt;"/>
>
>  className="org.apache.catalina.ha.deploy.FarmWarDeployer"
>   tempDir="/tmp/war-temp/"
>   deployDir="/tmp/war-deploy/"
>   watchDir="/tmp/war-listen/"
>   watchEnabled="false"/>
>
>  className="org.apache.catalina.ha.session.JvmRouteBinderValve"
>enabled="true" sessionIdAttribute="takeoverSessionid"/>
>  className="org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener"
> />
>  className="org.apache.catalina.ha.session.ClusterSessionListener"/>
> 
>
> Cheers
> Martin
> --
> --
> Martin Knoblauch
> email: k n o b i AT knobisoft DOT de
> www: http://www.knobisoft.de
>



-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Training material is now on-line

2018-04-24 Thread Luis Rodríguez Fernández
Empty while, simple and beautiful!

Agree on that. I did not think about the examples exposure...

Thanks!

2018-04-24 15:29 GMT+02:00 Mark Thomas <ma...@apache.org>:

> On 23/04/18 14:42, Luis Rodríguez Fernández wrote:
> > Hello Mark,
> >
> > Thank you for sharing the materials!
> >
> > https://apache.github.io/tomcat-training/courses/
> tomcat-for-administrators.html#/132
> > Do you have such .jsp anywhere? Would it make sense to add it as part of
> > the /examples/jsp/ of tomcat distribution?
>
> Just add:
>
> <%
> long current = System.currentTimeMillis();
> while (System.currentTimeMillis() < current + 1) {
> }
> %>
>
> to a JSP.
>
> I don't think we want anything like this in the examples. Too many folks
> expose the examples to the internet and adding a JSP liek the above
> would invite a DoS attack.
>
> Mark
>
>
> >
> > Thanks in advance,
> >
> > Luis
> >
> > 2018-04-23 15:15 GMT+02:00 Berneburg, Cris J. - US <cberneb...@caci.com
> >:
> >
> >> Thanks Mark
> >>
> >> [lots of snippage]
> >>
> >> MT> https://apache.github.io/tomcat-training/
> >>
> >> cjb> Should "Client" actually be "Server" in Step 12: ChangeCipherSpec?
> >> cjb> Or did you already know about that?
> >>
> >> MT> It should and I didn't. I've just committed the fix. It should be
> >> MT> live in a few minutes. Thanks for spotting that and pointing it out.
> >>
> >> Sure, thanks for fixing it.  Also, is that the sort of modification a
> >> Tomcat newbie like me could perform?
> >>
> >> cjb> Also, are the demonstrations (marked by the placeholders in the
> >> cjb> presentation) part of the recorded sessions from previous Tomcat
> >> cjb> conventions?
> >>
> >> MT> The aim is to record each module off-line (rather than at a training
> >> MT> course where there is rather too much other stuff to do) and post it
> >> MT> on YouTube. There aren't any fixed timescales for this though.
> >>
> >> Thanks Mark, good to know.
> >>
> >> --
> >> Cris Berneburg
> >> CACI Lead Software Engineer
> >>
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Training material is now on-line

2018-04-23 Thread Luis Rodríguez Fernández
Hello Mark,

Thank you for sharing the materials!

https://apache.github.io/tomcat-training/courses/tomcat-for-administrators.html#/132
Do you have such .jsp anywhere? Would it make sense to add it as part of
the /examples/jsp/ of tomcat distribution?

Thanks in advance,

Luis

2018-04-23 15:15 GMT+02:00 Berneburg, Cris J. - US :

> Thanks Mark
>
> [lots of snippage]
>
> MT> https://apache.github.io/tomcat-training/
>
> cjb> Should "Client" actually be "Server" in Step 12: ChangeCipherSpec?
> cjb> Or did you already know about that?
>
> MT> It should and I didn't. I've just committed the fix. It should be
> MT> live in a few minutes. Thanks for spotting that and pointing it out.
>
> Sure, thanks for fixing it.  Also, is that the sort of modification a
> Tomcat newbie like me could perform?
>
> cjb> Also, are the demonstrations (marked by the placeholders in the
> cjb> presentation) part of the recorded sessions from previous Tomcat
> cjb> conventions?
>
> MT> The aim is to record each module off-line (rather than at a training
> MT> course where there is rather too much other stuff to do) and post it
> MT> on YouTube. There aren't any fixed timescales for this though.
>
> Thanks Mark, good to know.
>
> --
> Cris Berneburg
> CACI Lead Software Engineer
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Tomcat question

2018-04-23 Thread Luis Rodríguez Fernández
Hello Zahi,

As it is said in http://tomcat.apache.org/lists.html "Please format your
messages as plain text, not HTML. Do not send attachments, as they are
likely to be removed and ignored by the mailing list server."

Just copy and paste the content of your xml files should be enough :)

Cheers,

Luis





2018-04-23 14:49 GMT+02:00 Zahi Fail :

> Hello,
>
> I'm working with Tomcat 9.0.6 version as my servlet,
> Throughout my jax-rs project i have tried to create basic authentication.
>
> While i'm trying to access a post method without the basic auth. it all
> working well (I got the 200 message from the HTTP server). But, after
> adding the basic auth. my user name and password doesn't work from some
> reason..
>
>
> This is the following code from my web.xml file:
>
>
>
> and in the tomcat-user.xml i have updated the code as below:
>
>
>
>  thanks,
> Tzahi File
>



-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


Re: Is LDAP connection failing?

2018-04-13 Thread Luis Rodríguez Fernández
Hello Felix,

Thanks for your feedback!

Actually I realized that with userPattern I do not need to declare neither
userBase nor userSubtree.

roleSubtree="true", indeed! Nevertheless with "1" was working for me
anyway...

Cheers,

Luis

2018-04-11 11:32 GMT+02:00 Felix Schumacher <
felix.schumac...@internetallee.de>:

> Hi Luis,
>
>
> Am 05.04.2018 18:50, schrieb Luis Rodríguez Fernández:
>
>> Hello Suvendu,
>>
>> May I ask you to share your JNDIRealm configuration?
>>
>> For me something like this works:
>>
>>  >  connectionURL="ldaps://my.users.directory.com:636"
>>  connectionName="CN=MY_BINDING_USER,OU=Users,OU=Organic
>> Units,DC=cern,DC=ch"
>>  connectionPassword="PASSWORD"
>>  userBase="OU=Users,OU=Organic Units,DC=cern,DC=ch"
>>  userSubtree="false"
>>  userPattern="cn={0},OU=Users,OU=Organic Units,DC=cern,DC=ch"
>>
>>  roleBase="OU=BASE_ORGANIZATION_UNIT_FOR_MY_GROUPS,OU=
>> Workgroups,DC=cern,DC=ch"
>>  roleSubtree="1"
>>  roleName="cn"
>>  roleSearch="((member={0})(objectclass=group))"
>> />
>>
>
> you are using userPattern to find users. In that case the userSubtree
> configuration
> will be ignored. roleSubtree should be either "true" or "false".
>
> Regards,
>  Felix
>
>
>
>> Hope it helps,
>>
>> Luis
>>
>>
>>
>>
>>
>>
>>
>>
>> 2018-04-05 15:32 GMT+02:00 Suvendu Sekhar Mondal <suv3...@gmail.com>:
>>
>> Hello Everyone,
>>>
>>> Recently in one of our environments I am seeing following log in
>>> Catalina.out. It seems that LDAP connection is failing. This issue is
>>> sporadic and goes away with Tomcat recycle.
>>>
>>> One interesting thing is "localhost:389" part. I could not find out
>>> any configuration related to that. It could happen that I am not
>>> looking at the correct place.
>>>
>>> We have 200+ JVMs out there which were starting up simultaneously but
>>> this happens for some of them sporadically. I suspect that some race
>>> condition might be causing this failure but could not found any
>>> evidence so far. Can someone please suggest how can I identify what is
>>> failing? and why it is failing?
>>>
>>> Thanks!
>>> Suvendu
>>>
>>> Stack trace:
>>> 2018-04-02 20:34:27,293 INFO org.apache.catalina.startup.HostConfig -
>>> Deploying web application directory D:\xxx\webapps\ROOT
>>> 2018-04-02 20:34:33,341 SEVERE org.apache.catalina.realm.CombinedRealm
>>> - Failed to start "org.apache.catalina.realm.JNDIRealm/1.0" realm
>>> org.apache.catalina.LifecycleException: Failed to start component
>>> [Realm[JNDIRealm]]
>>>  at org.apache.catalina.util.LifecycleBase.start(
>>> LifecycleBase.java:154)
>>>  at org.apache.catalina.realm.CombinedRealm.startInternal(
>>> CombinedRealm.java:201)
>>>  at org.apache.catalina.util.LifecycleBase.start(
>>> LifecycleBase.java:150)
>>>  at org.apache.catalina.core.StandardContext.startInternal(
>>> StandardContext.java:5373)
>>>  at org.apache.catalina.util.LifecycleBase.start(
>>> LifecycleBase.java:150)
>>>  at org.apache.catalina.core.ContainerBase.addChildInternal(
>>> ContainerBase.java:901)
>>>  at org.apache.catalina.core.ContainerBase.addChild(
>>> ContainerBase.java:877)
>>>  at org.apache.catalina.core.StandardHost.addChild(
>>> StandardHost.java:649)
>>>  at org.apache.catalina.startup.HostConfig.deployDirectory(
>>> HostConfig.java:1247)
>>>  at org.apache.catalina.startup.HostConfig$DeployDirectory.
>>> run(HostConfig.java:1898)
>>>  at java.util.concurrent.Executors$RunnableAdapter.
>>> call(Executors.java:511)
>>>  at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>>>  at java.util.concurrent.ThreadPoolExecutor.runWorker(
>>> ThreadPoolExecutor.java:1142)
>>>  at java.util.concurrent.ThreadPoolExecutor$Worker.run(
>>> ThreadPoolExecutor.java:617)
>>>  at java.lang.Thread.run(Thread.java:745)
>>> Caused by: org.apache.catalina.LifecycleException: Exception opening
>>> directory server connection
>>>  at org.apache.catalina.realm.JNDIRealm.startInternal(
>>> JNDIRealm.java:2191)
>>

Re: Is LDAP connection failing?

2018-04-05 Thread Luis Rodríguez Fernández
Hello Suvendu,

May I ask you to share your JNDIRealm configuration?

For me something like this works:

 

Hope it helps,

Luis








2018-04-05 15:32 GMT+02:00 Suvendu Sekhar Mondal :

> Hello Everyone,
>
> Recently in one of our environments I am seeing following log in
> Catalina.out. It seems that LDAP connection is failing. This issue is
> sporadic and goes away with Tomcat recycle.
>
> One interesting thing is "localhost:389" part. I could not find out
> any configuration related to that. It could happen that I am not
> looking at the correct place.
>
> We have 200+ JVMs out there which were starting up simultaneously but
> this happens for some of them sporadically. I suspect that some race
> condition might be causing this failure but could not found any
> evidence so far. Can someone please suggest how can I identify what is
> failing? and why it is failing?
>
> Thanks!
> Suvendu
>
> Stack trace:
> 2018-04-02 20:34:27,293 INFO org.apache.catalina.startup.HostConfig -
> Deploying web application directory D:\xxx\webapps\ROOT
> 2018-04-02 20:34:33,341 SEVERE org.apache.catalina.realm.CombinedRealm
> - Failed to start "org.apache.catalina.realm.JNDIRealm/1.0" realm
> org.apache.catalina.LifecycleException: Failed to start component
> [Realm[JNDIRealm]]
>  at org.apache.catalina.util.LifecycleBase.start(
> LifecycleBase.java:154)
>  at org.apache.catalina.realm.CombinedRealm.startInternal(
> CombinedRealm.java:201)
>  at org.apache.catalina.util.LifecycleBase.start(
> LifecycleBase.java:150)
>  at org.apache.catalina.core.StandardContext.startInternal(
> StandardContext.java:5373)
>  at org.apache.catalina.util.LifecycleBase.start(
> LifecycleBase.java:150)
>  at org.apache.catalina.core.ContainerBase.addChildInternal(
> ContainerBase.java:901)
>  at org.apache.catalina.core.ContainerBase.addChild(
> ContainerBase.java:877)
>  at org.apache.catalina.core.StandardHost.addChild(
> StandardHost.java:649)
>  at org.apache.catalina.startup.HostConfig.deployDirectory(
> HostConfig.java:1247)
>  at org.apache.catalina.startup.HostConfig$DeployDirectory.
> run(HostConfig.java:1898)
>  at java.util.concurrent.Executors$RunnableAdapter.
> call(Executors.java:511)
>  at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>  at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
>  at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
>  at java.lang.Thread.run(Thread.java:745)
> Caused by: org.apache.catalina.LifecycleException: Exception opening
> directory server connection
>  at org.apache.catalina.realm.JNDIRealm.startInternal(
> JNDIRealm.java:2191)
>  at org.apache.catalina.util.LifecycleBase.start(
> LifecycleBase.java:150)
>  ... 14 more
> Caused by: javax.naming.CommunicationException: localhost:389 [Root
> exception is java.net.ConnectException: Connection refused: connect]
>  at com.sun.jndi.ldap.Connection.(Connection.java:216)
>  at com.sun.jndi.ldap.LdapClient.(LdapClient.java:137)
>  at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1614)
>  at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
>  at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:319)
>  at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(
> LdapCtxFactory.java:70)
>  at javax.naming.spi.NamingManager.getInitialContext(
> NamingManager.java:684)
>  at javax.naming.InitialContext.getDefaultInitCtx(
> InitialContext.java:313)
>  at javax.naming.InitialContext.init(InitialContext.java:244)
>  at javax.naming.InitialContext.(InitialContext.java:216)
>  at javax.naming.directory.InitialDirContext.(
> InitialDirContext.java:101)
>  at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:2108)
>  at org.apache.catalina.realm.JNDIRealm.startInternal(
> JNDIRealm.java:2189)
>  ... 15 more
> Caused by: java.net.ConnectException: Connection refused: connect
>  at java.net.TwoStacksPlainSocketImpl.socketConnect(Native Method)
>  at java.net.AbstractPlainSocketImpl.doConnect(
> AbstractPlainSocketImpl.java:350)
>  at java.net.AbstractPlainSocketImpl.connectToAddress(
> AbstractPlainSocketImpl.java:206)
>  at java.net.AbstractPlainSocketImpl.connect(
> AbstractPlainSocketImpl.java:188)
>  at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
>  at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
>  at java.net.Socket.connect(Socket.java:589)
>  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>  at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
>  at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
>  at java.lang.reflect.Method.invoke(Method.java:498)
>  at com.sun.jndi.ldap.Connection.createSocket(Connection.java:350)
>  at 

Re: javax.servlet.Filter failed to start error. How to debug it?

2018-04-03 Thread Luis Rodríguez Fernández
Hello Coty,

Thank you very much. Yes you are right, in the localhost.$(date).log I can
see:

03-Apr-2018 18:13:40.751 SEVERE [main]
org.apache.catalina.core.StandardContext.filterStart Exception starting
filter [SsoAisFilter]
 java.lang.ClassNotFoundException:
cern.ch.sso.sp.filters.decorators.SsoAisFilter

And yes, in the past I used to turn it off, leaving only the catalina.out
and catalina. $(date).log

Cheers,

Luis


2018-04-03 14:56 GMT+02:00 Coty Sutherland <csuth...@apache.org>:

> On Tue, Apr 3, 2018 at 8:47 AM, Luis Rodríguez Fernández
> <uo67...@gmail.com> wrote:
> > Hello there,
> >
> > I've realized that if I make a typo in my  declaration I
> get
> > something in the catalina.out like:
> >
> > Apr 03, 2018 2:27:01 PM org.apache.catalina.core.StandardContext
> > startInternal
> > SEVERE: One or more Filters failed to start. Full details will be found
> in
> > the appropriate container log file
> > Apr 03, 2018 2:27:01 PM org.apache.catalina.core.StandardContext
> > startInternal
> > SEVERE: Context [/examples] startup failed due to previous errors
>
> Did you check the localhost.$(date).log ? That is the "appropriate
> container log file" mentioned in the message above, unless you changed
> the Host's name or logging config to turn it off :)
>
> > The catalina.log gives me the same information :(
> >
> > I have also tried increasing the logging level of
> org.apache.catalina.core
> > adding
> >
> > org.apache.catalina.core.level = ALL
> > org.apache.catalina.startup.level = ALL
> >
> > into my ${CATALINA_HOME}/conf/logging.properties I did not get any
> useful
> > information neither.
> >
> > Is there a way of debugging these kind of issues?
> >
> > Thanks in advance,
> >
> > Luis
> >
> > Server version: Apache Tomcat/9.0.5
> > Server built:   Feb 6 2018 21:42:23 UTC
> > Server number:  9.0.5.0
> > OS Name:Linux
> > OS Version: 4.4.0-116-generic
> > Architecture:   amd64
> > JVM Version:1.8.0_151-b12
> > JVM Vendor: Oracle Corporation
> >
> > Tomcat running on docker FROM tomcat:9.0.5-jre8-alpine
> > Alpine release 3.7.0
> > Linux d799b4063c4c 4.4.0-116-generic
> >
> > --
> >
> > "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
> >
> > - Samuel Beckett
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


javax.servlet.Filter failed to start error. How to debug it?

2018-04-03 Thread Luis Rodríguez Fernández
Hello there,

I've realized that if I make a typo in my  declaration I get
something in the catalina.out like:

Apr 03, 2018 2:27:01 PM org.apache.catalina.core.StandardContext
startInternal
SEVERE: One or more Filters failed to start. Full details will be found in
the appropriate container log file
Apr 03, 2018 2:27:01 PM org.apache.catalina.core.StandardContext
startInternal
SEVERE: Context [/examples] startup failed due to previous errors

The catalina.log gives me the same information :(

I have also tried increasing the logging level of org.apache.catalina.core
adding

org.apache.catalina.core.level = ALL
org.apache.catalina.startup.level = ALL

into my ${CATALINA_HOME}/conf/logging.properties I did not get any useful
information neither.

Is there a way of debugging these kind of issues?

Thanks in advance,

Luis

Server version: Apache Tomcat/9.0.5
Server built:   Feb 6 2018 21:42:23 UTC
Server number:  9.0.5.0
OS Name:Linux
OS Version: 4.4.0-116-generic
Architecture:   amd64
JVM Version:1.8.0_151-b12
JVM Vendor: Oracle Corporation

Tomcat running on docker FROM tomcat:9.0.5-jre8-alpine
Alpine release 3.7.0
Linux d799b4063c4c 4.4.0-116-generic

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett