Re: [tomcat-users] Re: getting web application version string?

2020-08-17 Thread Michael Osipov
Am 2020-08-17 um 17:57 schrieb Jason Pyeron: -Original Message- From: Michael Osipov Sent: Sunday, August 16, 2020 1:27 PM Am 2020-08-16 um 18:16 schrieb Jason Pyeron: Is there a better way than this? Specifically - detect running Tomcat, then if under Tomcat (today only interested

Re: getting web application version string?

2020-08-16 Thread Michael Osipov
Am 2020-08-16 um 18:16 schrieb Jason Pyeron: Is there a better way than this? Specifically - detect running Tomcat, then if under Tomcat (today only interested in v7 and v9) obtain the version string as described [1] and shown on the Manager web application. At least for the version, you

Re: [Tomcat 9.0.37] Https / SSL on Windows server 2016 with windows certificate store

2020-07-12 Thread Michael Osipov
Am 2020-07-11 um 23:52 schrieb Valentin: Hello, I try to configure my tomcat 9.0.37 installed on a windows server 2016 to use a certificate located in *cert:LocalMachine\My* I mention that I am an administrator of this machine. This certificate is also used by IIS. What I did was to configure

Re: Looking for mod_proxy_ajp or mod_proxy_http users

2020-07-09 Thread Michael Osipov
Am 2020-07-08 um 23:52 schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I'm (likely) giving a presentation at this year's ApacheCon North America (which is *virtual* this year, so the "North America" just means "it was supposed to be in New Orleans in

Re: RFC7807 ErrorReportValve

2020-07-07 Thread Michael Osipov
Am 2020-07-06 um 16:04 schrieb Mark Thomas: On 05/07/2020 10:28, Michael Osipov wrote: Am 2020-07-02 um 21:30 schrieb Thomas Meyer: Hi, What are your opinions on providing a RFC7807 based ErrorReportValve as part of Tomcat default distribution? Thomas, this has been bugging me for a while

Re: RFC7807 ErrorReportValve

2020-07-05 Thread Michael Osipov
Am 2020-07-02 um 21:30 schrieb Thomas Meyer: Hi, What are your opinions on providing a RFC7807 based ErrorReportValve as part of Tomcat default distribution? Thomas, this has been bugging me for a while. Let me share some thoughts on this, I'll limit my experiences with Tomcat, Spring Web

Re: jsvc - non root - log as root

2020-06-27 Thread Michael Osipov
Am 2020-06-26 um 09:21 schrieb Jürgen Weber: Hi, when you run tomcat with jsvc and have jsvc drop privileges to a different user, stdout and stderr log files are still created with root as owner. Can you make jsvc create them as the -user ? What is you actual problem with that? I have talked

Re: Connection Closure due to Fatal Stream with HTTP2

2020-06-13 Thread Michael Osipov
Am 2020-06-13 um 08:42 schrieb Chirag Dewan: Hi, We are observing that under high load, my clients start receiving a GoAway frame with error: *Connection[{id}], Stream[{id}] an error occurred during processing that was fatal to the connection.* Background : We have implemented our clients to

Re: Should Tomcat 10 enable response compression by default?

2020-06-10 Thread Michael Osipov
Am 2020-06-09 um 22:20 schrieb Mark Thomas: Hi all, An enhancement has been opened to enable response compression by default: https://bz.apache.org/bugzilla/show_bug.cgi?id=64431 In short, the proposal is to change the default for the Connector's compression attribute from "off" to "on". This

Re: Tomcat 9.0.27 loads incorrect openssl version

2020-06-07 Thread Michael Osipov
other situations You can use Python's ctypes.CDLL() function to perform the same operation quick and easy in Python's REPL. Please also provide the ./configure args and output of libtcnative as well as config.log after configure. Michael -Original Message- From: Michael Osip

Re: Tomcat 9.0.27 loads incorrect openssl version

2020-06-07 Thread Michael Osipov
Am 2020-06-07 um 20:16 schrieb Norbert Elbanbuena: Hi, I removed the previous version of OpenSSL 1.0.2k-fips from yum. Then I installed OpenSSL 1.1.1g from source and made a clean install of tomcat-native 1.2.24 pointing to the correct OpenSSL path. When I start Tomcat, it still shows OpenSSL

Re: Is ARM64 architecture officially supported ?

2020-04-19 Thread Michael Osipov
Am 2020-04-19 um 19:51 schrieb Martin Grigorov: Hi Emilio, On Fri, Apr 17, 2020 at 2:14 PM Emilio Fernandes < emilio.fernande...@gmail.com> wrote: Hola Tomcat community! We consider using AWS Graviton [1] based instances which use ARM64 processors for our backend services. I've googled

Re: AccessLogValve and IPv6 string representation (RFC 5952 section 4)

2020-04-13 Thread Michael Osipov
Am 2020-04-14 um 01:45 schrieb Manuel Dominguez Sarmiento: Hi, we are in the middle of a thorough review to fully support IPv6 across our platform. It has come to our attention that Java does not fully conform to RFC 5952 section 4 which deals with IPv6 zero compression (i.e. ::1 instead of

Re: Practical multipart handling

2020-03-26 Thread Michael Osipov
Am 2020-03-26 um 16:03 schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I'm developing my first multipart handler since .. I dunno, maybe 2005? This is the first time I'll be using the Servlet 3.0 multipart handling, of course through Tomcat. Some of these

Re: Client cert auth on demand

2020-02-29 Thread Michael Osipov
Am 2020-02-29 um 15:12 schrieb Mark Thomas: On 29/02/2020 13:05, Thomas Meyer wrote: Am 29. Februar 2020 13:10:13 MEZ schrieb Mark Thomas : On 29/02/2020 11:23, Michael Osipov wrote: Am 2020-02-29 um 12:13 schrieb Mark Thomas: On 29/02/2020 11:07, Michael Osipov wrote: Am 2020-02-29 um 12

Re: Client cert auth on demand

2020-02-29 Thread Michael Osipov
Am 2020-02-29 um 14:05 schrieb Thomas Meyer: Am 29. Februar 2020 13:10:13 MEZ schrieb Mark Thomas : On 29/02/2020 11:23, Michael Osipov wrote: Am 2020-02-29 um 12:13 schrieb Mark Thomas: On 29/02/2020 11:07, Michael Osipov wrote: Am 2020-02-29 um 12:05 schrieb Mark Thomas: On 29/02/2020 10

Re: Client cert auth on demand

2020-02-29 Thread Michael Osipov
Am 2020-02-29 um 12:13 schrieb Mark Thomas: On 29/02/2020 11:07, Michael Osipov wrote: Am 2020-02-29 um 12:05 schrieb Mark Thomas: On 29/02/2020 10:40, Michael Osipov wrote: Tomcat does not support renegotiation of TLS contexts based on URLs like HTTPd. Yes it does. If you specify

Re: Client cert auth on demand

2020-02-29 Thread Michael Osipov
Am 2020-02-29 um 12:13 schrieb Mark Thomas: On 29/02/2020 11:07, Michael Osipov wrote: Am 2020-02-29 um 12:05 schrieb Mark Thomas: On 29/02/2020 10:40, Michael Osipov wrote: Tomcat does not support renegotiation of TLS contexts based on URLs like HTTPd. Yes it does. If you specify

Re: Client cert auth on demand

2020-02-29 Thread Michael Osipov
Am 2020-02-29 um 12:05 schrieb Mark Thomas: On 29/02/2020 10:40, Michael Osipov wrote: Am 2020-02-29 um 10:09 schrieb Thomas Meyer: Hi, Instead of configuring the container for client cert Auth change the webapp: 1) define a realm in local context.xml 2) add resp security constraint only

Re: Client cert auth on demand

2020-02-29 Thread Michael Osipov
Am 2020-02-29 um 10:09 schrieb Thomas Meyer: Am 27. Februar 2020 10:58:01 MEZ schrieb "Martynas Jusevičius" : Hi list, I'm using a Docker image based on tomcat:8.0-jre8. It serves as an end-user facing webapp but also as a REST API which authenticates using client certificates. The same URLs

Re: Expect: 100-continue with filters vs valves

2020-02-19 Thread Michael Osipov
Am 2020-02-18 um 23:43 schrieb Mark Thomas: On 18/02/2020 19:47, Michael Osipov wrote: Am 2020-02-18 um 20:28 schrieb Mark Thomas: Got it - I think. Let me re-phrase to see if I understand correctly. You have a code fragment that issues a redirect. The app submits a request

Re: Expect: 100-continue with filters vs valves

2020-02-18 Thread Michael Osipov
Am 2020-02-18 um 20:28 schrieb Mark Thomas: On 18/02/2020 18:13, Michael Osipov wrote: Am 2020-02-18 um 10:00 schrieb Mark Thomas: On 17/02/2020 20:17, Michael Osipov wrote: I have continued some tests on 8.5.51 with PUT requests and Expect: 100 continue header from HttpClient 5.0. I have

Re: Expect: 100-continue with filters vs valves

2020-02-18 Thread Michael Osipov
Am 2020-02-18 um 10:00 schrieb Mark Thomas: On 17/02/2020 20:17, Michael Osipov wrote: I have continued some tests on 8.5.51 with PUT requests and Expect: 100 continue header from HttpClient 5.0. I have noticed that the very same code code fragment What code fragment? My bad, here

Expect: 100-continue with filters vs valves

2020-02-17 Thread Michael Osipov
I have continued some tests on 8.5.51 with PUT requests and Expect: 100 continue header from HttpClient 5.0. I have noticed that the very same code code fragment kicks in in the expect header evaluation when run as valve, but completely ignored when run in a filter. Tomcat will simply signal

Re: Tomcat responding 500 instead of 408

2020-02-17 Thread Michael Osipov
Am 2020-02-17 um 16:47 schrieb Mark Thomas: On 17/02/2020 15:07, Michael Osipov wrote: Folks, I am recently working an issue with Maven Wagon and HttpClient and noticed that Tomcat responds with 500 while I would expect 408 in this case. Tried very simple code on Tomcat 8.5.51

Tomcat responding 500 instead of 408

2020-02-17 Thread Michael Osipov
Folks, I am recently working an issue with Maven Wagon and HttpClient and noticed that Tomcat responds with 500 while I would expect 408 in this case. Tried very simple code on Tomcat 8.5.51: @Override protected void doPut(HttpServletRequest request, HttpServletResponse

Re: Tomcat 9.0.27 intermittent JVM crashing on libapr-1.so

2020-01-22 Thread Michael Osipov
Am 2020-01-22 um 23:30 schrieb Norbert Elbanbuena: Hello and greetings, I'm running tomcat 9.0.27 using APR and OpenSSL and get intermittent crashes with the hs_err log always pointing that the problematic frame is libapr-1.so. Our machine details: OS: CentOS Linux release 7.6.1810 (Core)

Re: Possible release of next 8.5.x in 2020

2020-01-12 Thread Michael Osipov
Am 2020-01-12 um 19:26 schrieb M. Manna: Hey All, Just trying to get a timeline (or possible release time) for next 8.5.x. The latest release is 8.5.50 from December 2020. I am assuming there is one imminent for January 2020? This is purely for individual interest as my dev cycle requires a

Re: [OT] Specifying a custom SSLSocketFactory for an LDAP connection

2020-01-08 Thread Michael Osipov
Am 2020-01-09 um 01:34 schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, For anyone who has experience with LDAP in Java, I need a little help. I have some code connecting to an LDAP server and doing all the wonderful things I want to do, but I'd like to

Re: Dates on Linux vs. Windows

2020-01-07 Thread Michael Osipov
Am 2020-01-07 um 21:58 schrieb Jerry Malcolm: This may be more of a Java question than Tomcat.  But I'm not sure.  I have the same code, talking to the same MySql Linux (AWS) database.  I read a date column value in a Tomcat app.  After calling resultSet.getDate(...) I printed the date

Re: [OT] Re: Maven Warning. Ubuntu Users

2020-01-06 Thread Michael Osipov
Am 2020-01-06 um 21:13 schrieb Zahid Rahman: That must be the reason why Apache Netbeans is using a version from 2015 and Apache Struts is recommending to use jdk 8. Because there is somebody like you keeps telling people it is off topic and Giant IT companies are not releasing jdk further

Re: Jakarta EE 9

2019-10-28 Thread Michael Osipov
Am 2019-10-28 um 22:00 schrieb Stefan Mayr: Am 28.10.2019 um 14:13 schrieb Rémy Maucherat: On Mon, Oct 28, 2019 at 1:46 PM Johan Compagner wrote: Hi On Mon, 28 Oct 2019 at 13:15, Mark Thomas wrote: Hi all, A frequent topic of discussion at ApacheCon EU was Jakarta EE 9. For those of

Re: Jakarta EE 9

2019-10-28 Thread Michael Osipov
Am 2019-10-28 um 14:59 schrieb Mark Thomas: On October 28, 2019 12:37:14 PM UTC, Johan Compagner wrote: Hi On Mon, 28 Oct 2019 at 13:15, Mark Thomas wrote: Hi all, A frequent topic of discussion at ApacheCon EU was Jakarta EE 9. For those of you who aren't familiar with Jakarta EE

Re: Jakarta EE 9

2019-10-28 Thread Michael Osipov
Am 2019-10-28 um 13:15 schrieb Mark Thomas: Hi all, A frequent topic of discussion at ApacheCon EU was Jakarta EE 9. For those of you who aren't familiar with Jakarta EE the key points are: - Oracle have donated Java EE to Eclipse - Eclipse have released Jakarta EE 8 which is essentially

Re: EOL for Tomcat 9.X ?

2019-10-22 Thread Michael Osipov
Am 2019-10-22 um 16:43 schrieb Christopher Schultz: Robert, On 10/18/19 11:46, Robert Hicks wrote: Thanks! Further, releases of the servlet spec seem to be published approximately every 4 years in recent memory[1]. Tomcat 9 implements spec version 4.0, released in Sept 2017. If that

Re: FW: Apache Vulnerability - Understanding Connector Protocols

2019-08-01 Thread Michael Osipov
Am 2019-08-01 um 21:19 schrieb Mark Thomas: On 01/08/2019 20:07, Justiniano, Tony wrote: And that is what I was thinking, inadvertently, our scanning tool just found the apache version during a scan and corresponded it (the apache version) with a CVE. Do you concur? Sounds likely. Most low

Re: Invalid HTTP Header - attack?

2019-08-01 Thread Michael Osipov
Am 2019-08-01 um 20:36 schrieb Mark Thomas: On 01/08/2019 19:08, John Dale wrote: I'm getting this in my logs - is this an attack do you think? Unlikely to be an attack. Most likely a broken client. There is another scenario: Regular security scans on all corporate subnets from sec dept. I

Re: Tomcat Authentication + Spring Security J2EEPreAuthentication

2019-05-21 Thread Michael Osipov
Am 2019-05-20 um 21:35 schrieb Nacho Ganguli: My last attempt used Spring Security JEE pre-authentication filters. This works as I would like "provided" that I only use basic auth and tomcat's default realm (tomcat-users.xml). As soon as I introduce form-based auth, it does not work and I am

Re: Tomcat Authentication + Spring Security J2EEPreAuthentication

2019-05-18 Thread Michael Osipov
Am 2019-05-17 um 19:11 schrieb Nacho Ganguli: HELP, I NEED SOMEBODY, NOT JUST ANYBODY! HELP (It all started weeks ago when I tried unsuccessfully to use Tomcat's SSO Valve and decided to try pre-authentication...) We are developing a subscription-based "portal" webapp that we use to

Re: Expect: 100-continue not working with curl and HTTP/2

2019-03-30 Thread Michael Osipov
Am 2019-03-29 um 22:07 schrieb Mark Thomas: On 29/03/2019 12:28, Michael Osipov wrote: Am 2019-03-29 um 12:14 schrieb Mark Thomas: On 28/03/2019 15:14, Osipov, Michael wrote: Hi folks, right away, I don't know whether it is us (Tomcat) or curl. I'd lke to narrow down the cause. It seems

Tomcat 8.5 drops query string on protocol upgrade

2019-03-30 Thread Michael Osipov
While searching for a cause for "Expect: 100-continue not working with curl and HTTP/2" I have found another issue. I'd be happy if someone else can reproduce this: $ curl --verbose --negotiate -u : --upload-file target/lda-docgen-webapp-0.1-backend-dev.war

Re: Expect: 100-continue not working with curl and HTTP/2

2019-03-29 Thread Michael Osipov
Am 2019-03-29 um 22:07 schrieb Mark Thomas: On 29/03/2019 12:28, Michael Osipov wrote: Am 2019-03-29 um 12:14 schrieb Mark Thomas: On 28/03/2019 15:14, Osipov, Michael wrote: Hi folks, right away, I don't know whether it is us (Tomcat) or curl. I'd lke to narrow down the cause. It seems

Re: Expect: 100-continue not working with curl and HTTP/2

2019-03-29 Thread Michael Osipov
Am 2019-03-29 um 22:07 schrieb Mark Thomas: On 29/03/2019 12:28, Michael Osipov wrote: Am 2019-03-29 um 12:14 schrieb Mark Thomas: On 28/03/2019 15:14, Osipov, Michael wrote: Hi folks, right away, I don't know whether it is us (Tomcat) or curl. I'd lke to narrow down the cause. It seems

Re: Expect: 100-continue not working with curl and HTTP/2

2019-03-29 Thread Michael Osipov
Am 2019-03-29 um 12:14 schrieb Mark Thomas: On 28/03/2019 15:14, Osipov, Michael wrote: Hi folks, right away, I don't know whether it is us (Tomcat) or curl. I'd lke to narrow down the cause. It seems to be related to the use of kerberos. I don't see any errors when I provide the user name

Re: Followup2: Changed behaviour of Tomcat Deployment/Context/Lifecycle Manager concerning symbolic links

2019-03-11 Thread Michael Osipov
Am 2019-03-11 um 09:03 schrieb Rainer Jung: Am 11.03.2019 um 08:09 schrieb Michael Osipov: Am 2019-03-10 um 22:29 schrieb Mark Thomas: On 10/03/2019 20:54, Michael Osipov wrote: Am 2019-03-10 um 12:16 schrieb Mark Thomas: On 10/03/2019 09:08, Guido Jäkel wrote: Dear John, Hi Rainer, Thank

Re: Followup2: Changed behaviour of Tomcat Deployment/Context/Lifecycle Manager concerning symbolic links

2019-03-11 Thread Michael Osipov
Am 2019-03-10 um 22:29 schrieb Mark Thomas: On 10/03/2019 20:54, Michael Osipov wrote: Am 2019-03-10 um 12:16 schrieb Mark Thomas: On 10/03/2019 09:08, Guido Jäkel wrote: Dear John, Hi Rainer, Thank you for your hints. I leaned to used this features on Github locate the commit - it's

Re: Followup2: Changed behaviour of Tomcat Deployment/Context/Lifecycle Manager concerning symbolic links

2019-03-10 Thread Michael Osipov
Am 2019-03-10 um 12:16 schrieb Mark Thomas: On 10/03/2019 09:08, Guido Jäkel wrote: Dear John, Hi Rainer, Thank you for your hints. I leaned to used this features on Github locate the commit - it's https://github.com/apache/tomcat/commit/fd2abbb525660a9968694afd99a58f8c22cb54c6 and

Re: Tomcat 8.5 SPNEGO Active Directory stuck with a "Failed authenticate() test"

2019-02-08 Thread Michael Osipov
Am 2019-02-08 um 12:54 schrieb Tommy Schneider: Hello, I'm trying to set up Tomcat 8.5 with SPNEGO in the following environment: Tomcat: 8.5.37 built: Dec 12 2018 12:07:02 UTC Platform/OS: AIX 7.2 ppc64 Java: Eclipse OpenJ9 9-internal+0-adhoc.jenkins From what I can see in the catalina

Re: Incorrect decoding of encoded HTTP headers

2018-10-03 Thread Michael Osipov
Am 2018-10-03 um 11:22 schrieb Jean Pierre Urkens: Hi everybody, I am having an issue where Unicode characters (e.g. and & #105;) are passed by the Apache Webserver 2.4 to Tomcat as UTF-8 encoded bytes while Tomcat seems to evaluate them as ISO-8859-15 encoded. Having taken a

Re: Servlet Threads Changing Instance Data

2018-08-15 Thread Michael Osipov
Am 2018-08-15 um 22:00 schrieb Jerry Malcolm: On 8/15/2018 1:50 PM, Olaf Kock wrote: Jerry, On 15.08.2018 18:14, Jerry Malcolm wrote: I have a mobile app that issues several http web service calls to initialize.  I was making them sequentially with no issues.  I then changed to give them

Re: Possible bug in HttpServletRequest#getRequestDispatcher()

2018-08-02 Thread Michael Osipov
Am 2018-08-02 um 16:30 schrieb Mark Thomas: On 02/08/18 11:15, Mark Thomas wrote: On 30/07/18 19:48, Michael Osipov wrote: Am 2018-07-25 um 22:13 schrieb Michael Osipov: Hi folks, I might have found a bug and looking for someone to confirm. (Tested in Tomcat 8.5.32). I agree

Re: Possible bug in HttpServletRequest#getRequestDispatcher()

2018-07-30 Thread Michael Osipov
Am 2018-07-25 um 22:13 schrieb Michael Osipov: Hi folks, I might have found a bug and looking for someone to confirm. (Tested in Tomcat 8.5.32). Consider the following servlet: @WebServlet("/request-dispatcher") public class TestServlet extends HttpServlet { private static

Re: Re: FW: HttpServletResponse.sendError - missing message in error page

2018-07-30 Thread Michael Osipov
> [...] > > “It is implied but it could be clearer.” > > [...] > > I agree that default ErrorReportValve is not something that has to be > backward compatible as the apps should have provided their own. Yet, > we were using the default as it was working very well and was covering > our needs.

Re: HttpServletResponse.sendError - missing message in error page

2018-07-26 Thread Michael Osipov
> Hello, > > I noticed that when using HttpServletResponse.sendError in Tomcat 7.0.90 > with string message the message is no longer shown as the response is > displayed. > > I reproduce this with request to simple servlet: > > > > *public void doGet(HttpServletRequest request,

Possible bug in HttpServletRequest#getRequestDispatcher()

2018-07-25 Thread Michael Osipov
Hi folks, I might have found a bug and looking for someone to confirm. (Tested in Tomcat 8.5.32). Consider the following servlet: @WebServlet("/request-dispatcher") public class TestServlet extends HttpServlet { private static final long serialVersionUID = 1L; protected void

Re: RE: mod_proxy_http and "Expect: 100-continue" don't play well

2018-07-06 Thread Michael Osipov
quest is run by its handler in the fixup phase. This should allow > headers generated by the browser, or by Apache input filters to be overridden > or modified. > > "] > > >-Original Message- > >From: Michael Osipov [mailto:micha...@apache.org] > >Sent: Th

Re: mod_proxy_http and "Expect: 100-continue" don't play well

2018-07-05 Thread Michael Osipov
, but you are dropping this request header. You effective disabling this feature. -Original Message- From: Michael Osipov [mailto:1983-01...@gmx.net] Sent: Thursday, July 05, 2018 2:03 PM To: users@tomcat.apache.org Subject: Re: RE: mod_proxy_http and "Expect: 100-continue"

Re: RE: mod_proxy_http and "Expect: 100-continue" don't play well

2018-07-05 Thread Michael Osipov
st. Michael > >-Original Message- > >From: Michael Osipov [mailto:micha...@apache.org] > >Sent: Wednesday, July 04, 2018 9:26 PM > >To: users@tomcat.apache.org > >Subject: mod_proxy_http and "Expect: 100-continue" don't play well > > > >Hi fo

mod_proxy_http and "Expect: 100-continue" don't play well

2018-07-04 Thread Michael Osipov
Hi folks, has anymore ever used Tomcat behind mod_proxy_http where a client does a PUT/POST with "Expect: 100-continue"? I recently started using Tomat 8.5.31 behind HTTPd 2.4.33 and immediately hit BZ 60330/55433. HTTPd responds with HTTP/1.1 100 instead of receiving this from Tomcat. The

Re: Mounting WebDAV in Tomcat 7.0.45

2016-11-29 Thread Michael Osipov
Am 2016-11-29 um 20:07 schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 11/29/16 12:36 PM, André Warnier (tomcat) wrote: On 29.11.2016 17:56, Mark Thomas wrote: On 29/11/2016 16:44, Arno Schäfer wrote: Hi all, I have activate WebDAV in our web

Re: Validating HTTP status code

2016-11-29 Thread Michael Osipov
Am 2016-11-29 um 16:07 schrieb Mark Thomas: On 29/11/2016 14:40, Christopher Schultz wrote: Michael, On 11/29/16 8:14 AM, Michael Osipov wrote: Hi folks, while investigating another possible patch for the RewriteValve, I have noticed that Tomcat 8.5 does not validate the set status code

Re: Validating HTTP status code

2016-11-29 Thread Michael Osipov
Am 2016-11-29 um 15:40 schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Michael, On 11/29/16 8:14 AM, Michael Osipov wrote: Hi folks, while investigating another possible patch for the RewriteValve, I have noticed that Tomcat 8.5 does not validate the set status

Validating HTTP status code

2016-11-29 Thread Michael Osipov
Hi folks, while investigating another possible patch for the RewriteValve, I have noticed that Tomcat 8.5 does not validate the set status code, everything ist possible, e.g., -99 or 1000. Scanning the code I haven't found any validation or such upto

How to use org.apache.catalina.Catalina#findRoleMapping properly?

2015-12-14 Thread Michael Osipov
Hello, I'd like to perform role mapping from technical role names spit out by our realm to application specific ones like Admin, Translator, Manager, etc. Though, the aforementioned method should do it but it isn't called anywhere in the code. I am aware of security-role-ref in web.xml but those