Re: regarding CVE-2020-8022 applicable to tomcat 8.5.57

2020-09-02 Thread Olaf Kock
On 02.09.20 10:16, Rathore, Rajendra wrote: > Please let me know whether CVE-2020-8022 applicable to tomcat 8.5.57 or not, > if yes please let me know which release we fixing it. The CVE states: "A Incorrect Default Permissions vulnerability in the *packaging of tomcat* on SUSE Enterprise

Re: Allowing dir listing of root (/) dir of the machine

2020-08-24 Thread Olaf Kock
On 24.08.20 16:41, Aryeh Friedman wrote: > On Mon, Aug 24, 2020 at 4:27 AM Mark Thomas wrote: > >> On 23/08/2020 22:05, Aryeh Friedman wrote: >>> In order to allow my developers to quickly access any temporarily >> produced >>> html files created/stored outside of webapps (such as those created

Re: Patch for Ubuntu 18

2020-07-20 Thread Olaf Kock
On 20.07.20 15:55, Celestino Federico (ETAS-SEC/ISY-IT) wrote: >   > > Could someone tell me how to find a debdiff for tomcat8 package from > version *8.5.39-1ubuntu1~18.04.3* (last version available on Ubuntu > 18) and version *8.5.56*? > > My expectation is that you'll have to create this

Re: file ownership of webapps and below

2020-07-14 Thread Olaf Kock
On 14.07.20 11:12, Christoph Kukulies wrote: > I found there are some mismatches in file ownership from manual installation > and moving around webapps trees from different tomcat versions. > My current tomcat (9) runs under user.group tomcat.tomcat. A couple of files > have ownership > >

Re: How to encrypt db password in tomcat context.xml

2020-06-28 Thread Olaf Kock
On 28.06.20 19:50, Jürgen Weber wrote: I would like to know how to encrypt and decrypt the database password in context.xml when the application is running which also allow me to change the db password for the purpose of security. >>

Re: How to encrypt db password in tomcat context.xml

2020-06-26 Thread Olaf Kock
On 26.06.20 15:05, FANG YAP wrote: > Hi Tomcat, > > I would like to know how to encrypt and decrypt the database password in > context.xml when the application is running which also allow me to change > the db password for the purpose of security.

Re: Cryptominer malware and Tomcat

2020-06-18 Thread Olaf Kock
Hi Pete, On 17.06.20 23:44, Pete Helgren wrote: > I am going to guess that it is one of these two known vulnerabilities: > > CST-7111: RCE via JSON deserialization (LPS-88051/LPE-165981) > The JSONDeserializer of Flexjson allows the instantiation of arbitrary > classes and the invocation of

Re: Does Tomcat 9 still support AJP connections, REMOTE_USER, and tomcatAuthentication="false"?

2020-05-15 Thread Olaf Kock
hat seem to > be saying that the "tomcatAuthentication" parameter on the Tomcat connection > was no longer supported or something like that? > > Also re. "secret" on the Tomcat side: If that is set to, for example, > "mysecret", how do I pass that on the Apach

Re: Does Tomcat 9 still support AJP connections, REMOTE_USER, and tomcatAuthentication="false"?

2020-05-15 Thread Olaf Kock
On 15.05.20 09:06, oh...@yahoo.com.INVALID wrote: > Hi, > > I am using an Apache proxy in front of Tomcat 9, and I am using AJP > connection to connect from the Apache to Tomcat, and I have the Apache > sending a username to the Tomcat in a REMOTE_USER header. > > In the Tomcat server.xml I

Re: how do I switch class loaders

2020-05-08 Thread Olaf Kock
On 08.05.20 19:50, Christopher Schultz wrote: > Olaf, > > On 5/8/20 13:19, Olaf Kock wrote: > > > You might want to hunt down duplicate classes in the JAR files on > > your classpath. Worst case: unpack them all in temporary > > directories and check for occurren

Re: how do I switch class loaders

2020-05-08 Thread Olaf Kock
utput >>> below). The class is being loaded twice from the same location, I'm >>> guessing by two different class loaders. How can that be? >>> >>> [Loaded org.redisson.tomcat.RedissonSessionManager from >>> file:/C:/dev/tomcat.9.0.19/lib/redisson-tomc

Re: how do I switch class loaders

2020-05-08 Thread Olaf Kock
On 08.05.20 09:37, Jonathan Yom-Tov wrote: > Thanks Mark. Just tried that. I put the redisson-tomcat jar outside of > WEB-INF/lib and added it with scope provided. I get the exact same issue. > What am I doing wrong? Make sure, it's actually gone from your webapp. Depending on the deployment

Re: Tomcat 7.0.103

2020-04-20 Thread Olaf Kock
Hi Greg, On 21.04.20 04:13, Hebner, Greg D. wrote: > We are migrating from 7.0.68 to 7.0.103 to close some security > vulnerabilities. We are running LDAP authentication via JAAS. Authentication > was working normally on 7.0.68. we use scripts to configure Tomcat > installations so every

Re: How to shutdown tomcat

2020-04-17 Thread Olaf Kock
On 17.04.20 16:55, Blake McBride wrote: > I suppose, never mind. I created a startup listener that just does a > System.exit(0) on contextDestroyed which is what I want - exit. > > Thanks. > > Blake > > > On Fri, Apr 17, 2020 at 8:53 AM Blake McBride wrote: > >> Greetings, >> >> I am running

Re: learning tomcat 7 on Linux

2020-04-08 Thread Olaf Kock
On 08.04.20 14:55, Andy Sloane wrote: > Hi, > I have set up a Linux CentOS 7 host, and have installed Tomcat 7... > > ... > I would like to learn how to develop webapps. > I see no particular reason to start with Tomcat 7. Most of the code that you will learn will be version independent, and the

Re: How to increase Memory available to Tomcat?

2020-03-31 Thread Olaf Kock
On 31.03.20 17:02, o haya wrote: > Hi, > > I am running Tomcat 9.02 under RHEL 7 (under Oracle JDK 1.8), and I would > like to increase the memory that is available to Tomcat when it is running. > > I have tried sourcing the following: > > JAVA_OPTS="-Djava.awt.headless=true

Re: Does Tomcat/Java get around the problem of 64K maximum client source ports?

2020-03-26 Thread Olaf Kock
Hi Eric, On 26.03.20 18:58, Eric Robinson wrote: > Greetings, > > Many people say the maximum number of client ports is 64K. However, TCP > connections only require unique sockets, which are defined as... > > local_IP:local_port -> remote_ip:remote_port > > Theoretically, it is possible for a

Re: Is it possible to programmatically compile jsp files?

2020-03-25 Thread Olaf Kock
ommons project has a couple of nice options (I vaguely remember a TeeOutputStream or similar, which would automagically be able to keep your current client happy, while also filling up the buffer) Olaf > On Wed, Mar 25, 2020 at 4:03 PM Olaf Kock wrote: > >> On 25.03.20 14:51, Jona

Re: Is it possible to programmatically compile jsp files?

2020-03-25 Thread Olaf Kock
On 25.03.20 14:51, Jonathan Yom-Tov wrote: > I think I phrased my question incorrectly. What I want to do is to cache > the HTML resulting from the JSPs evaluation so I can serve the cached > result. The reason is that I'm working on an application which makes a lot > of requests per page. This

Re: Is it possible to programmatically compile jsp files?

2020-03-24 Thread Olaf Kock
On 24.03.20 15:44, Jonathan Yom-Tov wrote: > I have a set of jsp files. These jsps' compilation result changes whenever > a variable in my cache changes. I want to compile them whenever that > variable changes so they're ready to serve without going through the normal > pipeline. Is that

Re: AW: gostCat patch

2020-03-23 Thread Olaf Kock
On 23.03.20 15:07, Mark Thomas wrote: > On 23/03/2020 14:02, Fritze, Florian wrote: >> Maybe I am making it too easy but if you or another tomcat developer could >> prevent the newest Tomcat from throwing this exception: >> >> org.apache.catalina.core.StandardService.startInternal Failed to

Re: Security audit raises questions (Tomcat 7.0.93)

2020-03-18 Thread Olaf Kock
On 18.03.20 01:04, James H. H. Lampert wrote: > On 3/17/20 3:50 PM, Mark Thomas wrote: >> The XXS might be valid. I assume the tool provided a sample URL you >> could use to validate the finding. That should point you in the right >> direction but feel free to ask here if more help is required.

Re: Tomcat 8.5.51 fails

2020-02-13 Thread Olaf Kock
On 13.02.20 11:17, Olaf Kock wrote: > On 13.02.20 10:36, kohm...@iris.eonet.ne.jp wrote: >> On 2020/02/13 18:25, André Warnier (tomcat/perl) wrote: >>> Check in the file (tomcat_dir)/conf/server.xml, the Connector : >>> >>>     >> The setting is the

Re: Tomcat 8.5.51 fails

2020-02-13 Thread Olaf Kock
On 13.02.20 10:36, kohm...@iris.eonet.ne.jp wrote: > On 2020/02/13 18:25, André Warnier (tomcat/perl) wrote: >> Check in the file (tomcat_dir)/conf/server.xml, the Connector : >> >>     > > The setting is the same as mine. > > I have use server.xml used in 8.5.50. In case of 8.5.50, I have no

Re: Question on Apache Tomcat Patches

2020-02-11 Thread Olaf Kock
On 11.02.20 15:39, Walker, Mike (GE Aviation, US) wrote: > So apache only releases full versions not upgrades? Does that mean if you > run the version 7.99 it will create a new folder under Apache Software > Foundation folder for 7.99 files? Since this would imply a change to the path > for

Re: RewriteValve does not work on HTTPS

2020-02-04 Thread Olaf Kock
On 04.02.20 20:31, Hua Zhang wrote: > Best tomcat team, > > Hereby I have a question about an issue I found by using RewriteValve > on tomcat 9.30 > > The rewrite.config is very simple: > > /RewriteCond %{HTTP_HOST} =youkoop.com > RewriteRule ^.*$ https://www.youkoop.com

Re: Dates on Linux vs. Windows - Resolved

2020-01-08 Thread Olaf Kock
On 08.01.20 06:05, Jerry Malcolm wrote: > Just to summarize for anybody who comes along with a similar > problem I original set the timezone of mySQL RDS instance to > Central time when I created it months back (unchangable after it's > set).  I set my Linux timezone to Central as well in

Re: Tomcat 9 does not allow to read file in /tmp folder with 777 permission?

2020-01-04 Thread Olaf Kock
On 04.01.20 15:35, bphamhuu wrote: > Hello, > > I have a java web application by Tomcat 9 servlet container which tries to > read a file in /tmp folder with 777 permission on Ubuntu 18.04 > > ls -ltr /tmp/test.txt > -rwxrwxrwx 1 vagrant vagrant 10 Jan 3 17:03 /tmp/test.txt > > The java code is:

Re: HSTS not apply to some request URI path on tomcat 8.5.9 Centos 7

2019-12-26 Thread Olaf Kock
On 26.12.19 11:22, Pattavee Sanchol wrote: > Dear support team > > I config tomcat server to enabled HSTS some request URI path not > response with Secure heading > > ... > > > I some request URI such as http://192.168.1.1/%20 is not response with > security hedering > > > this is working > > >

Re: Exception while starting tomcat version 9.0.29

2019-12-20 Thread Olaf Kock
On 20.12.19 13:28, Kushagra Bindal wrote: > Hi, > > We are working on upgrading our tomcat version from 8.5.24 to 9.0.29. In > this process, while starting one of our services we found that while > starting catalina.out is having some exception. > > Note: This exception we are getting before

OT Developer Praise - was Re: EOL for Tomcat 9.X ?

2019-10-22 Thread Olaf Kock
On 22.10.19 17:56, Michael Osipov wrote: > Am 2019-10-22 um 16:43 schrieb Christopher Schultz: >> >> So Tomcat 9 is looking good for aother 10 years at this point. > > ...and this is the reason why I appreciate the Tomcat devs' work. I > can simply stick to a version and virtually forget about

Re: Adding the manager app to an existing installation

2019-10-18 Thread Olaf Kock
On 18.10.19 17:21, Tom Povey wrote: > Hi, > > I’ve been asked to help with an existing Tomcat install which is supporting a > live website. When it was installed, it did not have the manager app added. > We want to use the manager app now. > > I have copied the manager folder from another

Re: EOL for Tomcat 9.X ?

2019-10-18 Thread Olaf Kock
On 18.10.19 17:25, Robert Hicks wrote: > Management is asking me if there is an end of life for Tomcat 9 reported. I > don't see anything on the tomcat web site. Mark recently answered this to a the same question for Tomcat 8.5: There is no official date. The Tomcat project maintains 3 major

Re: Password encryption in Tomcat 8.5.35

2019-09-16 Thread Olaf Kock
On 16.09.19 08:24, Olaf Kock wrote: > If someone has access to the old Wiki's information, it'd be a great > page to restore. > "Do you really want to send this mail?" - "Of course" - "so be it" - m( Facepalm: It takes the steps above to think of a

Re: Password encryption in Tomcat 8.5.35

2019-09-16 Thread Olaf Kock
On 16.09.19 06:05, Mohan T wrote: > Hi, > > We are using tomcat 8.5.35, on Red Hat Enterprise Linux Server release 7.4. > > Is it possible to encrypt or mask passwords that is being used in the > datasource for connecting to database. I am mentioning the credentials in > server.xml There used

Re: [ANN] Apache Tomcat 9.0.24 available

2019-08-21 Thread Olaf Kock
On 20.08.19 21:43, Christopher Schultz wrote: > Olaf, > > On 8/19/19 09:55, Olaf Kock wrote: > > > If nothing changed since I looked at it last time, ubuntu didn't > > update to a new version, but at most backported some fixes while > > staying on roughly the sa

Re: Tomcat 9 Getting Started

2019-08-20 Thread Olaf Kock
On 20.08.19 12:28, Enosh Mogire wrote: > When I execute ls -la /opt/tomcat this is what I get > > enosh@hp:~$ ls -la /opt/tomcat > total 36 > drwxr-xr-x 3 tomcat tomcat 4096 Aug 20 08:55 . > drwxr-xr-x 7 root root 4096 Aug 19 10:53 .. > drwxr-xr-x 9 tomcat tomcat 4096 Aug 14 10:31

Re: Tomcat 9 Getting Started

2019-08-20 Thread Olaf Kock
On 20.08.19 10:14, Enosh Mogire wrote: > So after installing and extracting the Tomcat archive file, I needed to set > the required permissions on the files through the commands bellow > > enosh@hp:~$ sudo chgrp -R tomcat /opt/tomcat > enosh@hp:~$ cd /opt/tomcat/ > enosh@hp:/opt/tomcat$ sudo

Re: Tomcat 9 Getting Started

2019-08-20 Thread Olaf Kock
On 20.08.19 09:44, Enosh Mogire wrote: > I trust that your week is well and that this email finds you well. My name > is Enosh and I am a newbie to the system. I recently started a personal > learning project with DHIS2 and I needed to install the Apache servlet but > I keep on getting this

Re: [ANN] Apache Tomcat 9.0.24 available

2019-08-19 Thread Olaf Kock
On 19.08.19 15:41, John Dale wrote: > Does this get included in the apt framework for ubuntu automatically? > > John > > > On 8/19/19, Mark Thomas wrote: >> The Apache Tomcat team announces the immediate availability of Apache >> Tomcat 9.0.24. If nothing changed since I looked at it last

Re: AW: Updating tomcat 7 to 9 got problems

2019-06-07 Thread Olaf Kock
Christopher, On 07.06.19 16:41, Christopher Schultz wrote: > Olaf, > > On 6/7/19 10:04, Olaf Kock wrote: > > On 07.06.19 15:30, Support wrote: > >> Hi, > >> > >> it is not working my folder structure is usr/share/tomcat > > > [snip] > >

Re: AW: Updating tomcat 7 to 9 got problems

2019-06-07 Thread Olaf Kock
On 07.06.19 15:30, bernd.sch...@daimler.com wrote: > Hi, > > it is not working my folder structure is usr/share/tomcat On top of Bernd's questions: Please provide as much detail as you can. "It is not working" isn't really helpful for coming up with additional suggestions. How exactly is it not

Re: Running sudo from a servlet

2019-05-23 Thread Olaf Kock
On 22.05.19 18:31, Christopher Schultz wrote: > Claude, > > On 5/21/19 14:20, Claude Brisson wrote: > > (responding to myself) > > > The culprit is the option > > > NoNewPrivileges=true > > > in the file > > /etc/systemd/system/multi-user.target.wants/tomcat8.service > > > When changed to false,

Re: Latest Best Practices for Tomcat Tuning

2019-05-22 Thread Olaf Kock
On 22.05.19 16:36, Louis Zipes wrote: > Hi Experts, > I know that if you Google 'Tomcat Tuning' you will get some hits (ex. > https://www.mulesoft.com/tcat/tomcat-performance) but I would like to see if > we can have a discussion of best practices for Tomcat tuning from the group > of experts

Re: Problem in ApacheTomcat - 8.0. 37: Files are not displaying in sorted order.

2019-04-24 Thread Olaf Kock
On 24.04.19 14:52, Rahul Ranjan wrote: > Hi Team, > > I am facing an issue which is related to ApacheTomcat-8.0.37. I wrote > a code to display the files/folder in browser. By default it should > display in alphabetically sorted order. But it's not showing. > I have migrated my code from Unix to

Re: Could not find datasource: java:/comp/env/jdbc/TOPSDB when start Tomcat 9.0.13

2019-03-25 Thread Olaf Kock
On 25.03.19 03:41, Hua, Gary - Saint Louis, MO - Contractor wrote: > Hi experts: > > After I deployed my application TOPS to Tomcat server(9.0.13) > on Linux box, and started the server, I got the following error: > > > 1537 [main] FATAL

Re: Default Max response size in Tomcat

2019-03-20 Thread Olaf Kock
On 20.03.19 12:08, Saurav Sarkar wrote: > Just to add the stack trace. > > I am getting ClientAbortException "Connection reset by peer" when i am > trying to write to the response stream > > 2019-03-20T10:32:28.501+ [APP/PROC/WEB/0] ERR >

Re: What is `tomcat7/common/` for?

2019-03-13 Thread Olaf Kock
On 13.03.19 15:01, Joel Griffith wrote: > I installed it using Ubuntu's apt-get install, so installing it again > won't do anything different. Is there a documentation page > that lists what files are supposed to be there? > That would help. I can't seem to find one. If you installed through

Re: What is `tomcat7/common/` for?

2019-03-13 Thread Olaf Kock
On 13.03.19 14:22, Joel Griffith wrote: > > I think it was accomplishing something; tomcat7/common/lib/ contained a > > bunch of .jar files that looked like standard Tomcat installation files > > (tomcat7-websocket.jar, tomcat-catalina-7.0.68.jar, etc.).  If I switch > > directories in the

Re: I'm not able to get acces server status Apache Tomcat/9.0.16

2019-03-05 Thread Olaf Kock
On 04.03.19 19:06, ITMex wrote: > Hi everyone, I'm running Apache Tomcat/9.0.16 over CentOS 7 so far is > okay, but I'm not able to get acces to "server status, Manager App and > Host Manager" menus, even from localhost I got the following message: > > > HTTP Status 404 – Not Found Did you

Re: Tomcat Apache 7.0.79 upgrade to Latest version

2019-02-20 Thread Olaf Kock
Hi Nitin, John gave you a good primer, for almost all of the rest I'll point to the fine documentation again. Look at a diff between your current installation and the plain vanilla download of the tomcat version that you're running. What I want to comment on is this: On 20.02.19 15:33, Nitin

Re: Tomcat Apache 7.0.79 upgrade to Latest version

2019-02-20 Thread Olaf Kock
On 20.02.19 14:47, Nitin Kadam wrote: > Thanks John for reply.. > > is there any documentation walkthrough for this upgrade available? > i am new to Tomcat and e to doing this 1st time, It will be great help if > anyone > provide same. There's plenty of documentation on

Re: Tomcat Apache 7.0.79 upgrade to Latest version

2019-02-20 Thread Olaf Kock
On 20.02.19 13:57, Nitin Kadam wrote: > Hello Team, > > Can you please guide how we can migrate seamlessly from Tomcat > apache 7.0.79 to 7.0.92 or any latest version that 8.x or 9.x ( Windows > 2012 R2 server)escr 7.0 to 8.0: https://tomcat.apache.org/migration-8.html 8.0 to 8.5:

Re: Anyway to set more max ram to Tomcat 32bit?

2019-01-04 Thread Olaf Kock
On 04.01.19 02:46, ark...@tutanota.com wrote: > Something wierd seems to be going on... I have an application on tomcat that > used to be on a physical windows server 2008 standard 32-bit which I p2v'd > with vmware converter over as a VM. I'm upgrading the server to windows > server 2008 r2

Re: Java Supported Versions for Apache Tomcat/7.0.77

2019-01-03 Thread Olaf Kock
On 02.01.19 23:11, Janakiram Maganti wrote: > Hi Support, > > Can you suggest what is the latest Java 8 version supported for “Apache > Tomcat/7.0.77”. > According to https://tomcat.apache.org/whichversion.html, there's no maximum version, it's "Java 6 and later". E.g. if you're running into

Re: insufficient memory for the Java Runtime Environment to continue

2018-12-23 Thread Olaf Kock
On 22.12.18 22:58, Dhaval Jaiswal wrote: > Application built in such a way that it consum memory and hence, it's > exhaust all memory and results in crashing Java. Probably GC is not running > when it reaches to its threshold. Is there a way I can call GC explicitly > without affecting running

Re: insufficient memory for the Java Runtime Environment to continue

2018-12-22 Thread Olaf Kock
On 22.12.18 20:17, Dhaval Jaiswal wrote: > System has allocated all mentioned RAM. > > I assume 13 would be fine. Adding to John's question, what I forgot earlier: Another rule of thumb is to identify the *minimum* amount of memory that the application can run with, then add a bit of headroom.

Re: insufficient memory for the Java Runtime Environment to continue

2018-12-22 Thread Olaf Kock
On 22.12.18 13:35, Dhaval Jaiswal wrote: > I am facing issue of crashing JAVA process and log files attached for > the same.  > > Server total RAM is 16 GB. > > catalina.sh having following setting.  > export JAVA_MEM_OPTS="-Xms1g -Xmx15g -XX:MaxPermSize=1536m" > > Can some one help where could

Re: Migrating app from Tomcat5.5.17 to Tomcat7, getting Description The origin server did not find a current representation for the target resource

2018-12-20 Thread Olaf Kock
On 20.12.18 14:04, Bo wrote: > there is no 64bit for v5, but i see one for v6 and above > There doesn't need to be one. The installer just needs to find the 64 bit JRE (or JDK, can't remember when this requirement was changed) and use it to start tomcat, e.g. for the service. Tomcat itself,

Re: Spring+Tomcat

2018-12-13 Thread Olaf Kock
On 13.12.18 05:51, Adlet Azhibek wrote: > *Hi all!* > how should download a new version of tomcat with *necessary (.jar) files in > a "lib" directory? I need, for example, "**spring-websocket-5. 1.3. RELEASE > .jar" in "lib". What should I do? I've downloaded necessary jar files from * >

Re: Translation help wanted

2018-11-13 Thread Olaf Kock
On 13.11.18 18:12, Mark Thomas wrote: Seems time to add some AI-translate add-on to the code. That is supported but it has to be paid for. That was something I was thinking about. I have 10k characters of free translation (POEditor uses either Google translate or Microsoft Automatic

Re: Number of Web Applications in one Tomcat

2018-10-29 Thread Olaf Kock
On 29.10.18 09:00, Ahmed, Tarek wrote: TLDR? Do you deploy one web application per tomcat instance or several? As you list the arguments quite well, I'd add my answer "it depends": General rule of thumb, to be executed in that order: If they're too few applications to worry about (and if

Re: user lockout realm, logging ip addresses

2018-08-18 Thread Olaf Kock
On 18.08.2018 03:58, Alex O'Ree wrote: Is it possible to configure the user lockout realm to log what ip address the failed login attempt came from? I know the information needed will also be in the access log but added it to the "attempt to login from a locked account" message would be super

Re: 2018.03.07-2 Bundle issue with tomcat 8 - Post

2018-08-17 Thread Olaf Kock
On 17.08.2018 15:40, Mandal, Jayanta wrote: Tomcat Version : We upgraded our tomcat environment from bundle 2016.10.31-2 to 2018.03.07-2 & suddenly we are seeing all Post method stopped working with new bundle. Previous Value Changed Value Bundle 2016.10.31-2 2018.03.07-2 Tomcat

Re: [tomcat:8.0-jre8] CONFIDENTIAL adds Cache-Control: private?

2018-08-16 Thread Olaf Kock
Hi Martynas, On 16.08.2018 14:40, Martynas Jusevičius wrote: Hi, my initial observations suggest, and SO post [1] seems to confirm, that when CONFIDENTIAL is specified on a security-constraint in web.xml, Tomcat does two things: 1. automatically redirects to

Re: Servlet Threads Changing Instance Data

2018-08-15 Thread Olaf Kock
Jerry, On 15.08.2018 18:14, Jerry Malcolm wrote: I have a mobile app that issues several http web service calls to initialize.  I was making them sequentially with no issues.  I then changed to give them all separate threads so they could load asynchronously.  Then the bottom fell out.  I

Re: Tomcat 5.5.17 migration to 6

2018-07-15 Thread Olaf Kock
On 14.07.2018 22:53, David Babooram wrote: Alright. I guess the thought the process was to upgrade to 6, then 7, 8 If your application doesn't do anything too tomcat specific, but is rather a standard web application, you might be able to just deploy it on Tomcat 8.5 and check if it all

Re: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page

2018-07-05 Thread Olaf Kock
On 05.07.2018 12:35, Sandels Mark (RTH) OUH wrote: Hi Peter I would use tomcat to provide https if it could be configured to do this - is this fairly easy to do? The IT Department have given me a Certificate and private key for the server (OXNETMDMS04) but do I need to use "keytool" to

Re: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page

2018-07-05 Thread Olaf Kock
On 05.07.2018 09:43, Sandels Mark (RTH) OUH wrote: Hi Olaf The web-page displays correctly when I connect to Tomcat directly. I posted to the tomcat users group as I havn't had any reply to my post to the Apache http user group! In answer to your other question, I do refer to the and

Re: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page

2018-07-05 Thread Olaf Kock
On 05.07.2018 09:18, Sandels Mark (RTH) OUH wrote: When I go to my web-page using a browser (Chrome), the source code of the web-page is displayed. I have added the PFX Certificate to Trusted Root Certification Authorities on my PC from which I launched Chrome. Here is the URL I am using

Re: Setclasspath error in Tomcat 8.5

2018-06-29 Thread Olaf Kock
On 27.06.2018 23:06, kevin ferguson wrote: Hi Guys I have a configured Tomcat server 8.5 and java installed 1.8.0_171. Java_home and Catalina_home configured and working. Here is a short version from my .bashrc --- #Setup home for java and openolat export CATALINA_BASE=/opt/tomcat export

Re: Can't Connect to Apache.org Network

2018-06-12 Thread Olaf Kock
On 12.06.2018 23:33, Igal Sapir wrote: Perhaps it to revisit the thresholds that trigger warnings/bans. The Tomcat SVN repo might be much larger today than it was when those were last examined and set. You might want to start at https://github.com/apache/tomcat instead of pulling down

Re: Deleting web.xml on tomcat exit

2018-06-07 Thread Olaf Kock
On 06.06.2018 21:36, Mark Thomas wrote: On 06/06/18 20:30, Jan Tosovsky wrote: Dear All, I use tomcat as a Liferay portal engine. It is usually stopped in two steps. There is Shutdown button available in Liferay Control panel, which stops the webapp. Once this is finished, it is safe to stop

Re: How do we prevent directory access in apache

2018-05-29 Thread Olaf Kock
On 29.05.2018 05:07, Jins Raju Abraham wrote: How do we prevent a directory access in apache. Tried searching this and there are a lot of suggestion about doing it in the .htaccess file. "Apache Tomcat" doesn't know about .htaccess files. "Apache httpd" does, but you won't get an answer

Re: Updating a working installation

2018-05-09 Thread Olaf Kock
On 09.05.2018 17:09, James H. H. Lampert wrote: Question: Is there an easy way to bump a working Tomcat installation from one release to another, without benefit of Linux "apt-get" or "yum," or WinDoze "cab" (this is an OS/400 installation), without having to rebuild the whole configuration

Re: Tomcat question

2018-04-23 Thread Olaf Kock
On 23.04.2018 14:49, Zahi Fail wrote: This is the following code from my web.xml file: Images are the least popular medium to communicate code. And on this list, this is actually enforced: Images are stripped. Please post the actual text - that should be even easier than creating

Re: ava.lang.IllegalArgumentException: Document base xxxx does not exist or is not a readable directory

2018-04-17 Thread Olaf Kock
On 16.04.2018 22:06, Support wrote: SEVERE: Error initializing static Resources java.lang.IllegalArgumentException: Document base /home/testuser/resources/Raptor does not exist or is not a readable directory A few things are slightly off of my expectations: But if you see below

Re: Trying to chase down "too many connection" problems with DB

2018-03-25 Thread Olaf Kock
Hi Shawn, only some aspects answered for now, inline: On 25.03.2018 19:31, Shawn Heisey wrote: On 3/25/2018 3:15 AM, Olaf Kock wrote: * Liferay comes (optionally) bundled with Tomcat to ease installation, however, the tomcat in there will be your own and is up to you to upgrade. Yes, new

Re: Trying to chase down "too many connection" problems with DB

2018-03-25 Thread Olaf Kock
On 24.03.2018 05:08, Shawn Heisey wrote: This message is long.  Lots of details, a fair amount of history. The primary Tomcat version we've got is 7.0.42. Specifically, it is the Tomcat that's included with Liferay 6.2. This is why we haven't attempted an upgrade even though the version

Re: I cant start Tomcat instances

2018-03-18 Thread Olaf Kock
On 17.03.2018 19:16, Loai Abdallatif wrote: actually all of them has X permissions -rwxr--r-- 1 root root 70 Mar 17 11:59 shutdown-instance0.sh -rwxr--r-- 1 root root 70 Mar 17 11:48 shutdown-instance1.sh -rwxr--r-- 1 root root 70 Mar 17 11:59 shutdown-instance2.sh

Re: I cant start Tomcat instances

2018-03-17 Thread Olaf Kock
On 17.03.2018 14:16, Loai Abdallatif wrote: Dear Colleagues I'm new to tomcat, I have successfully installed the service but when I tried to run three instances I coudnt due to error below : the this I did is copied the cataline Home to three instances tomcat0, tomcat1, and tomcat2

Re: Binding a non root user to port 443

2018-03-16 Thread Olaf Kock
Chris, On 15.03.2018 13:34, Cheltenham, Chris wrote: Andre, You probably missed where I had mentioned the infrastructure group poo poo'd altering iptables for whatever reason. Here is what I think are my 5 best choices for running tomcat as a non root user on a privileged port. 1) redirect

Re: Binding a non root user to port 443

2018-03-14 Thread Olaf Kock
On 14.03.2018 16:02, Cheltenham, Chris wrote: Chris, I am kind of lost. I am not sure what you guys are asking. If I asked the same thing twice its because whatever was sent by someone else other than you did not work or I cannot use. well, I'm also lost. It would help to know what didn't

Re: WebApp Caching Broken

2018-03-06 Thread Olaf Kock
Kenneth, On 06.03.2018 15:09, Kenneth Taylor wrote: More troubleshooting revealed that our root context xml had been copied from another installation and had a wrong path in it.  However, I don’t think this was the problem since it was only a path to a Log4J config.  We re-installed Tomcat

Re: tomcat 8.5.28

2018-03-02 Thread Olaf Kock
On 02.03.2018 15:22, Cheltenham, Chris wrote: What? don't feed the trolls ;) From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org] Sent: Friday, March 02, 2018 9:08 AM To: 'Tomcat Users List' Subject: tomcat 8.5.28 Hello, Has anyone set up tomcat as a

Re: [OT] Security of AJP

2018-02-28 Thread Olaf Kock
On 28.02.2018 16:01, Cheltenham, Chris wrote: In this case are you tunneling into tomcat via 8009 AJP connector? "tunneling the (unencrypted) AJP connection between Apache httpd and Tomcat, so that it's no longer transmitted in clear text." - that's how I'd phrase it. (and thank you

Re: [OT] Security of AJP

2018-02-27 Thread Olaf Kock
Hi Christopher, On 27.02.2018 23:18, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Olaf, On 2/27/18 4:33 PM, Olaf Kock wrote: On 27.02.2018 21:54, Mark A. Claassen wrote: I would /not/ state that it's /not secure/. But I'm following your later argument: It's

Re: Security of AJP

2018-02-27 Thread Olaf Kock
Mark, On 27.02.2018 21:54, Mark A. Claassen wrote: From what I have read, it seems that the AJP connector is not secure, and is meant to be used in a protective environment. There are lots of things that imply this, like no SSL settings and such, but I cannot find it directly stated

Re: No reliable way to know if the request emerged from localhost

2018-02-27 Thread Olaf Kock
On 27.02.2018 09:29, Vasantharaju Trichy wrote: Tomcat version 7.0.82 | Windows We have a requirement such that admins(tomcat users) need to login remotely to the machine where Tomcat is hosted and access tomcat webapp to perform certain action or see certain pages . These pages or actions

Re: asgard tomcat application 404

2018-02-16 Thread Olaf Kock
On 15.02.2018 23:39, Tim Dunphy wrote: I'm trying to get Netflix Asgard tomcat app working. I'm using tomcat 9. I'm using windows. [...] Tomcat is about as much involved in this as is Windows. To second Christopher's OT answer: This is a problem of the deployed application, not of Tomcat. You

Re: Thread-safety with sessions

2018-01-18 Thread Olaf Kock
On 18.01.2018 06:37, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 1/17/18 4:31 PM, Mark Thomas wrote: On 17/01/18 17:05, Christopher Schultz wrote: All, I have a use-case related to caching where I need to make sure that an operation only happens one

Re: tomcat 7.0 resurrecting directory while service is installed - running in command line mode?

2018-01-10 Thread Olaf Kock
On 10.01.2018 17:57, Christoph P.U. Kukulies wrote: Am 10.01.2018 um 17:06 schrieb Christoph P.U. Kukulies: The problem is overlaid by the following: [2018-01-10 16:35:37] [info]  [ 6340] Commons Daemon procrun (1.0.15.0 64-bit) s tarted [2018-01-10 16:35:37] [info]  [ 6340] Running

Re: tomcat 7.0 resurrecting directory while service is installed - running in command line mode?

2018-01-10 Thread Olaf Kock
On 10.01.2018 12:39, Christoph P.U. Kukulies wrote: Nonetheless still having a bit trouble with it and would like to use your suggestion, but it fails somehow due to blanks in path name. This weirdness with blanks in paths: C:\Program Files\Apache Software Foundation\Tomcat 7.0>SET

Re: GC allocation failure

2018-01-07 Thread Olaf Kock
On 05.01.2018 12:46, Suvendu Sekhar Mondal wrote: I really never found any explanation behind this "initial=max" heap size theory until I saw your mail; although I see this type of configuration in most of the places. It will be awesome if you can tell more about benefits of this

Re: ALv2 Tomcat Training material

2018-01-06 Thread Olaf Kock
On 04.01.2018 14:01, Mark Thomas wrote: On 04/01/18 11:31, Marek Czernek wrote: Hi Mark, I think this is a great idea. Before doing any brainstorming though, I wonder about the following: 1. Who'd be the target audience? And what skill level would you want to    target? Any pre-requisites?

Re: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?

2017-12-28 Thread Olaf Kock
On 27.12.2017 23:16, Eric Robinson wrote: I mean A is java8 and tomcat8.. so make a C that is tomcat6 and java8 I don't think so. This is a requirement of the software company whose application solution we use. They are requiring us to move to tomcat 8 with jdk 1.8. If we try to mix tomcat8

Re: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?

2017-12-22 Thread Olaf Kock
On 22.12.2017 21:02, Eric Robinson wrote: With the exact same Xms and Xmx settings, I get vastly different resident and virtual image sizes from the Linux ps command. tomcatA: jdk1.8.0_152, res: 694312, virt: 5045084 tomcatB: jdk1.6.0_21, res: 332840, virt: 3922656 -Xmx

Re: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?

2017-12-22 Thread Olaf Kock
On 22.12.2017 13:48, Eric Robinson wrote: We have multiple JVMs deployed on two identical Linux servers. Each server has 60 JVMs. Until today, both servers were running Tomcat6 with JDK 1.6. Today we upgraded one of the servers to Tomcat 8 with JDK 1.8. Now the JVMs on the Tomcat 8 server

Re: [ANN] Apache Tomcat 9.0.2 available

2017-12-01 Thread Olaf Kock
On 01.12.2017 15:54, Chris Cheshire wrote: Has 9 had an official release yet, or is it still almost there? On Fri, Dec 1, 2017 at 9:05 AM, Mark Thomas wrote: The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.2 (beta). 9.0.2 (beta) beta =

Re: getting some cookie & security related issues.

2017-11-30 Thread Olaf Kock
On 30.11.2017 08:52, Naga Ramesh wrote: User > AWS > Tomcat (HTTPS)(HTTPS) User-HTTPS request> AWS-ELB(https-443) re-direct to tomcat connector port-8080 What is the (expected) path when the user makes an HTTPS request? Is it: User > AWS >

  1   2   >