Re: Tomcat v9 - Insecure transport vulnerability reported by Qualys

2020-08-26 Thread Terence M. Bandoian
On 8/26/2020 11:27 PM, Pratik Shrestha wrote: Dear all, Thanks for so many replies and your discussions. For me, there are two options for the fix which I am not able to make them work. 1. Either show 'ERR_EMPTY_RESP' like old Tomcat version 7 used to show. As far as I know, with Tomcat 7

Re: Dates on Linux vs. Windows

2020-01-08 Thread Terence M. Bandoian
On 1/7/2020 6:53 PM, Jerry Malcolm wrote: >> If your systems always use the same time zone to read and write the data, it isn't a problem. Terrance, thanks for the info. In my case I do only have one timezone (or at least I want to...). Using the string for dates is a good idea. But this

Re: Dates on Linux vs. Windows

2020-01-07 Thread Terence M. Bandoian
On 1/7/2020 4:04 PM, Zahid Rahman wrote: Jerry Malcolm wrote : >Again this is the SAME line of code in java reading the >SAME field in the SAME database. Only thing different is >Linux/Windows OS On Tue, 7 Jan 2020, 21:52 , wrote: -Original Message- From: Jerry Malcolm

Re: Initiating httpservletrequest from inside Tomcat / TomEE

2019-05-06 Thread Terence M. Bandoian
On 5/6/2019 10:45 AM, Paul Carter-Brown wrote: Yea, but the issue is that only works when calling in the context of a current servlet call. Here is the kind of problem I want to solve: @WebServlet(name = "MyExample", urlPatterns = {"/example"}, loadOnStartup = 1) public class Example extends

Re: how to prevent user access to JSP pages?

2018-08-26 Thread Terence M. Bandoian
On 8/23/2018 4:26 AM, Mark Thomas wrote: On 22/08/18 19:48, Terence M. Bandoian wrote: Back on topic, do JSPs have to be registered with the container using servlet mappings in web.xml or some other mechanism in order to serve as targets of forwards by servlets? Further, does doing so make

Re: how to prevent user access to JSP pages?

2018-08-22 Thread Terence M. Bandoian
On 8/21/2018 11:44 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cris, On 8/20/18 1:31 PM, Berneburg, Cris J. - US wrote: Hi Mark Thanks for taking the time to reply. :-) cjb> Due to security concerns and general fussiness on my part, I'd like cjb> to

Re: how to prevent user access to JSP pages?

2018-08-18 Thread Terence M. Bandoian
On 8/17/2018 8:52 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 8/17/18 3:54 AM, Mark Thomas wrote: On 16/08/18 18:19, Berneburg, Cris J. - US wrote: Due to security concerns and general fussiness on my part, I'd like to prevent users from requesting

Re: Jsp pages with scriptlet and javadoc comments loaded in char[]

2018-05-02 Thread Terence M. Bandoian
On 5/2/2018 07:30, M. Manna wrote: Hi Mark, Basically, our application has quite a lot of large objects which are singletons. When we checked the list of char[] objects loaded in the memory, some of them showed JspServlet related Strings and had commented code loaded into char[]. we have quite

Re: Tomcat question

2018-04-24 Thread Terence M. Bandoian
On 4/23/2018 11:46 AM, zahi.f...@gmail.com wrote: I used the “manager” role for basic auth. While testing the web service with postman, I entered my user name and password. Yet, I got unauthorized message (401).. I couldn’t find any explanation for this issue.. What do the log files say?

Question regarding running Tomcat 7.0.57 offline

2018-04-19 Thread Terence M. Bandoian
On 4/19/2018 12:37 PM, John Dale wrote: Greetings; I have a 2006 era macbook pro with the latest osx. I run MySQL, which binds to localhost just fine when the network cable is unplugged and wireless turned off. Tomcat makes it through most of its startup, but hangs before completion and

Re: Security of AJP

2018-03-01 Thread Terence M. Bandoian
On 2/28/2018 10:16 AM, Mark H. Wood wrote: On Wed, Feb 28, 2018 at 09:25:53AM -0500, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris, On 2/28/18 8:40 AM, Cheltenham, Chris wrote: Since AJP is not really needed by Tomcat; If I comment out the AJP startup line

Re: _jspService is exceeding the 65535 bytes limit

2018-02-09 Thread Terence M. Bandoian
On 2/7/2018 4:37 PM, M. Manna wrote: If this doesn’t cause pain, I would do the following: 1) Replace all in-body scriptlets and use JSTL core tags in offending JSPs. Most of the codebloats are caused by using intermediate scriptlets e.g. <% if (foo.bar() == jack.jill() ) { %> // lots of jsp

Re: Ajp Nio-thread stuck in loop and consuming a lot of cpu

2018-01-18 Thread Terence M. Bandoian
On 1/18/2018 7:45 AM, Rainer Jung wrote: Just an addition to one of Mark's questions: Am 17.01.2018 um 22:20 schrieb Mark Thomas: Is it always the same threads generating the load or does it move between threads? Just in case Andreas is not aware: one can check with "top -H -p ". Using -H

RE: Tomcat SSL issue

2017-10-11 Thread Terence M. Bandoian
On 10/10/2017 9:45 AM, John Ellis wrote: John Ellis 405.285.2500 office http://biz-e.io -Original Message- From: Terence M. Bandoian [mailto:tere...@tmbsw.com] Sent: Monday, October 9, 2017 4:49 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Tomc

Re: BREAKTHROUGH (but not solved) Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-11 Thread Terence M. Bandoian
On 10/10/2017 1:20 AM, Peter Kreuser wrote: Christopher, A good read on the appropriate (openssl) cipher string that I use can be found here: https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ Hynek explains the whys and don'ts and updates the string on a regular basis! HTH

Re: Tomcat SSL issue

2017-10-09 Thread Terence M. Bandoian
On 10/9/2017 10:01 AM, John Ellis wrote: I posted questions about this a couple of weeks ago I think it was. I have been trying to get Tomcat running on a secure port with a valid SSL certificate. We finally got version 9.0.0.M20 setup successfully on port 9443 and I can go to that IP:port

Re: TomcatCon @ ApacheCon

2017-01-18 Thread Terence M. Bandoian
On 1/17/2017 4:04 PM, Mark Thomas wrote: On 09/01/2017 11:57, Mark Thomas wrote: I look forward to hearing your topic ideas. Thanks for all the great ideas so far. I've tried to pull them all together here: https://cwiki.apache.org/confluence/display/TOMCAT/TomcatCon+NA+2017 I'm waiting to

Re: TomcatCon @ ApacheCon

2017-01-09 Thread Terence M. Bandoian
On 1/9/2017 8:00 AM, jean-frederic clere wrote: On 01/09/2017 12:57 PM, Mark Thomas wrote: All, There is the opportunity (if we can pull it together as a community) to run a dedicated Tomcat conference alongside ApacheCon NA 2017. The dates are May 16 to 18. The call for papers closes on Feb

Re: Thread-safety of javax.servlet.Servlet#getServletConfig()

2016-12-05 Thread Terence M. Bandoian
On 12/5/2016 7:40 AM, Péter Gergely Horváth wrote: Hi Chris, Thanks your four input: this question is somewhere in-between... :) We have *definitely* seen cases, where a piece of code like the one below sometimes (a couple of times from tens of thousands of successfully serviced requests)

Re: Header values when using HttpServletResponse.sendRedirect()

2016-09-08 Thread Terence M. Bandoian
On 9/8/2016 4:47 AM, Terence M. Bandoian wrote: On 9/6/2016 2:36 PM, Joe Tseng wrote: All, I inherited a codebase that calls HttpServletResponse.sendRedirect() to another page after a user is successfully logged in. I want to be able to insert a header value before that redirection

Re: [TOMCAT-JDBC] rs.absolute() throws "Invalid operation for forward only resultset: absolute"

2016-09-08 Thread Terence M. Bandoian
On 9/8/2016 3:20 AM, Mohamad Abbas wrote: Hello, I am working on a legacy web application running on a tomcat 8.0.37, and i am getting an error "Invalid operation for forward only resultset: absolute" when trying to use an InsensitiveScrollableResultSet (to paginate results). To make it simple

Re: How to write a correct HTTP request to Tomcat 8.5.4 instance?

2016-09-06 Thread Terence M. Bandoian
On 9/5/2016 8:09 AM, Klemens Muthmann wrote: Am 05.09.2016 um 14:49 schrieb Tim Watts: On Mon, 2016-09-05 at 14:11 +0200, Klemens Muthmann wrote: Hi, I currently need to implement an HTTP data transmission from an Arduino with WiFi module to a PC running a Tomcat 8.5.4 instance. The Tomcat is

Re: Tomcat 8.x JvmOptions parameter length restrictions?

2016-08-29 Thread Terence M. Bandoian
On 8/29/2016 8:34 AM, Mekkelsen Madden, Steve wrote: I've setup Tomcat 8.5.3 as a Windows Service (configured the service.bat file) and everything appears to be working fine. I'm trying to find out if there are any restrictions to the overall length of the parameters which can be used in the

Re: How to configure SPNEGO authentication with fallback to FORM auth?

2016-07-01 Thread Terence M. Bandoian
On 6/30/2016 7:52 AM, ken edward wrote: I did get it to work. Simply merged existing spnego and form auth valves together, I will try to post later.. On Fri, Jun 24, 2016 at 6:21 PM, Terence M. Bandoian <tere...@tmbsw.com> wrote: On 6/24/2016 10:45 AM, ken edward wrote: On Fri, Jun 24

Re: Runtime Cloning of DataSource for Different DB?

2016-06-29 Thread Terence M. Bandoian
On 6/29/2016 1:44 AM, Mark Thomas wrote: On 29/06/2016 05:12, Terence M. Bandoian wrote: On 6/28/2016 3:56 AM, Mark Thomas wrote: On 27/06/2016 22:35, Jerry Malcolm wrote: Mark, On 6/27/2016 1:07 PM, Mark Thomas wrote: On 27/06/2016 17:44, Jerry Malcolm wrote: I'm assuming

Re: Runtime Cloning of DataSource for Different DB?

2016-06-28 Thread Terence M. Bandoian
On 6/28/2016 3:56 AM, Mark Thomas wrote: On 27/06/2016 22:35, Jerry Malcolm wrote: Mark, On 6/27/2016 1:07 PM, Mark Thomas wrote: On 27/06/2016 17:44, Jerry Malcolm wrote: I'm assuming that context.lookup(...) simply locates the "jdbc/myDB" tag in the context.xml file, pulls all of the

Re: How to configure SPNEGO authentication with fallback to FORM auth?

2016-06-24 Thread Terence M. Bandoian
On 6/24/2016 10:45 AM, ken edward wrote: On Fri, Jun 24, 2016 at 11:26 AM, Mark Thomas wrote: On 24/06/2016 16:17, ken edward wrote: On Fri, Jun 24, 2016 at 10:46 AM, Mark Thomas wrote: On 24 June 2016 14:22:32 BST, ken edward

Apache Tomcat 9.0.0-M4 and http/2 on Mac OS X 10.11.4

2016-04-03 Thread Terence M. Bandoian
On 4/2/2016 10:29 PM, Tobias Soloschenko wrote: Hi, I am trying to get http/2 working on Mac OS X 10.11.4 - these are the steps I used: 1. Install Brew: http://brew.sh/ 2. Download Apache Tomcat 9 https://tomcat.apache.org/download-90.cgi 3. Download Xcode command line tools by opening the

How to comply with http://www.sitemaps.org/protocol.html#location

2016-03-14 Thread Terence M. Bandoian
On 3/13/2016 10:23 AM, Lyallex wrote: CentOS 5.2 jdk1.7.0_45 apache-tomcat-7.0.42 no httpd, tomcat only, one webapp ROOT.war According to the documentation at http://www.sitemaps.org/protocol.html#location An xml sitemap should appear in the context root, if it dosn't it can only contain a

Re: WebAppClassLoaderBase.clearReferencesThreads warning

2016-02-02 Thread Terence M. Bandoian
On 2/2/2016 2:49 AM, Yuval Schwartz wrote: On Mon, Feb 1, 2016 at 7:36 PM, Terence M. Bandoian <tere...@tmbsw.com <mailto:tere...@tmbsw.com>> wrote: On 2/1/2016 10:12 AM, Yuval Schwartz wrote: Hello Terence, Thanks for the input.

Re: WebAppClassLoaderBase.clearReferencesThreads warning

2016-02-02 Thread Terence M. Bandoian
(); } } Notice the loop. For the new warning, my suggestion would be to find out who owns the thread in question. Can you do that with the profiler? Hope that helps. -Terence Bandoian On Mon, Feb 1, 2016 at 5:59 PM, Terence M. Bandoian <tere...@tmbsw.com> wrote: On 2/1/201

Re: Tomcat Server - Arraylist java.util.ConcurrentModificationException issue

2016-02-02 Thread Terence M. Bandoian
On 2/2/2016 3:54 AM, Subhro Paul wrote: From: "Terence M. Bandoian" <tere...@tmbsw.com> To: Tomcat Users List <users@tomcat.apache.org> Date: 02/01/2016 07:58 PM Subject:Tomcat Server - Arraylist java.util.ConcurrentModificationException issue On 2/1/201

Tomcat Server - Arraylist java.util.ConcurrentModificationException issue

2016-02-01 Thread Terence M. Bandoian
On 2/1/2016 6:50 AM, Subhro Paul wrote: Hi Team, Our web application has a "header.jsp" which has 2 Arraylist on it. Each ArrayList has more than 50 items inside. The code is to identify the mobile device and requested page and transfer the call to mobile page accordingly. This code works

Re: WebAppClassLoaderBase.clearReferencesThreads warning

2016-02-01 Thread Terence M. Bandoian
On 2/1/2016 8:54 AM, Yuval Schwartz wrote: Hello Mark, I think that the issue below was related to the way I was shutting down an instance of ScheduledExecutorService. I changed the way it is shutdown when the context is destroyed...I will update here if I don't receive any more warnings.

Re: switching between Java8 and Java 7 under tomcat7 leads to error

2016-01-25 Thread Terence M. Bandoian
On 1/25/2016 12:34 PM, George Sexton wrote: On 1/25/2016 3:52 AM, Christoph P.U. Kukulies wrote: Thanks. Will give that a try. How can I tell, which java engine Tomcat is actually using? At a CMD prompt I'm getting: C:\> java -version java version "1.8.0_71" Java(TM) SE Runtime

RE: [EXTERNAL] Re: Problem starting Tomcat 7.0.59 as a Windows Service

2016-01-15 Thread Terence M. Bandoian
of -Xgc and the addition of the -Djava.library.path, the service successfully started. Nice work! -Terence -Original Message- From: Terence M. Bandoian [mailto:tere...@tmbsw.com] Sent: Tuesday, January 12, 2016 6:46 PM To: Tomcat Users List Subject: RE: [EXTERNAL] Re: Problem starting

RE: [EXTERNAL] Re: Problem starting Tomcat 7.0.59 as a Windows Service

2016-01-12 Thread Terence M. Bandoian
On 1/12/2016 10:04 AM, McDermott, Becky wrote: I used the Java options provided by IBM. Since Tomcat will successfully start using the startup batch files, I assume that these settings are fine. I've tried playing with the settings and cannot get it to work either. I seems like it's some

Detecting Expired Session via JavaScript?

2015-12-02 Thread Terence M. Bandoian
On 12/1/2015 11:30 AM, Jerry Malcolm wrote: I'm looking for a way to detect that the current session has expired (or logged out via another tab on the browser). I know I could just issue dummy requests to the server and see if a login page comes back. But issuing requests automatically

RE: The resource path [...] is not valid

2015-10-02 Thread Terence M. Bandoian
On 10/2/2015 10:28 AM, Chen Yang wrote: I wonder if it's because of this? org.apache.fop.servlet.FopServlet$1.getResource(FopServlet.java:116) this.uriResolver = new ServletContextURIResolver(getServletContext()); this.transFactory = TransformerFactory.newInstance();

Re: Need configuration example for Tomcat 7.0.55 TLS configuration

2015-04-06 Thread Terence M. Bandoian
On 4/6/2015 2:11 AM, Ognjen Blagojevic wrote: Tom, On 5.4.2015 3:06, Tom Williamson wrote: I would like to know if anyone has a working example of getting TLS 1.2 working on Tomcat 7.0.55, so that it can be accessed by the latest version of Chrome and Firefox. Which version of Java do you

Re: SPNEGO test configuration with Manager webapp

2015-03-25 Thread Terence M. Bandoian
On 3/25/2015 2:19 PM, André Warnier wrote: David Marsh wrote: Javas version of kinit seems to report issue ? C:\Program Files\Apache Software Foundation\Tomcat 8.0\confC:\Program Files\Ja va\jdk1.8.0_40\bin\kinit -t -k c:\keytab\tomcat.keytab Exception: krb_error 0 Do not have keys of types

Re: Tomcat 7 (7.0.54) memory consuption is very high(3 times) than Tomcat 6 (6.0.28)

2015-03-24 Thread Terence M. Bandoian
On 3/23/2015 11:28 PM, Rahul Kumar Singh wrote: Also interesting is cat /proc/PID/maps but here one would need to calculate sizes per line from the two hex addresses given at the start of each line. Something like: cat /proc/PID/maps | perl -n -e '($a,$b)=split(/[- ]/);print hex($b)-hex($a),

Re: login issue

2015-02-17 Thread Terence M. Bandoian
On 2/17/2015 9:51 AM, James McEvoy wrote: Checked logs, added admin and manager to all needed files and added url so it's ok for tomcat to use and still rejected when Logging in. Stumped. I started and stopped it etc. Hi, James- You might try posting the new contents of tomcat-users.xml

Re: WorkManager replacement

2015-02-13 Thread Terence M. Bandoian
On 2/13/2015 8:52 AM, Kevin Hale Boyes wrote: I'll look into the timers for sure. I've also noticed that my application (lots of code) also uses Executors and ExecutorService so I might do something there. One of the things that WorkManager gave us, and we take advantage of, is a callback

Re: tomcat severe error when shutting down service but startup is clean

2015-02-13 Thread Terence M. Bandoian
On 2/13/2015 11:21 AM, David kerber wrote: On 2/13/2015 11:54 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David, ... public static void unRegisterDrivers() { try { for ( EnumerationDriver drivers = DriverManager.getDrivers(); drivers.hasMoreElements(); )

RE: tomcat errors

2015-02-12 Thread Terence M. Bandoian
On 2/11/2015 7:53 AM, Wirth, Kevin wrote: The catalina log and the err logs are being written too -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Wednesday, February 11, 2015 6:28 AM To: Tomcat Users List Subject: Re: tomcat errors 2015-02-10 22:45

Re: How-to disable SSL V3 on Tomcat 6.0.18.0

2015-01-29 Thread Terence M. Bandoian
On 1/29/2015 10:02 AM, Jammy Chen wrote: Hello Chuck, Thanks for replying, I understood this is old, our product has already upgraded to latest version, but somehow, some of our users are still in such old stage, they do not plan uptake now but they want disable SSL V3 as everybody know this is

Re: [OT] Tomcat 8 encoding issues: unable to change the default encoding iso-8859-1 to utf-8 in http header

2015-01-26 Thread Terence M. Bandoian
On 1/25/2015 4:29 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 1/24/15 7:52 AM, André Warnier wrote: Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, ... Morality : in web applications, always specify the

Re: JSp dynamic include in tomcat 8.0.15

2015-01-26 Thread Terence M. Bandoian
On 1/25/2015 4:23 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Srikanth, On 1/24/15 12:03 AM, Srikanth Hugar wrote: When i include jsp:include page=/WEB-INF//countries.jsp / It does not work in tomcat 8.0.15. I think there are too many dots in

Re: AJP connector address vs. IPv4/6

2015-01-24 Thread Terence M. Bandoian
On 1/23/2015 3:05 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 1/23/15 3:35 PM, André Warnier wrote: Jess Holle wrote: It seems that java.net.InetAddress.getLoopbackAddress().getHostAddress() should give the right answer -- if one is running with

Static files with default servlet in tomcat 8.0.9

2015-01-12 Thread Terence M. Bandoian
Please see my comments inline below. On 1/12/2015 8:55 AM, Srikanth Hugar wrote: Hello, I am trying to configure static files with default servlet in tomcat 8.0.9 but could not succeed. My directory structure in deployed webapp is: - WEB-INF - static -css -images -js -

Re: Tomcat 8, Apache 2.4, Tomcat Connector 1.2.40, Windows 7 home basic issue

2015-01-07 Thread Terence M. Bandoian
Please see inline comments from previous message. -Terence Bandoian On 1/2/2015 9:45 PM, Terence M. Bandoian wrote: On 1/1/2015 9:20 AM, Sandip Gaikwad wrote: Hi, Following are entries in files. Please let me know what is going wrong. *workers.properties* worker.list=worker1 # Set

Re: Tomcat 8, Apache 2.4, Tomcat Connector 1.2.40, Windows 7 home basic issue

2015-01-02 Thread Terence M. Bandoian
On 1/1/2015 9:20 AM, Sandip Gaikwad wrote: Hi, Following are entries in files. Please let me know what is going wrong. *workers.properties* worker.list=worker1 # Set properties for worker1 (ajp13) worker.worker1.type=ajp13 worker.worker1.host=localhost worker.worker1.port=8009

Re: Initialise application once

2014-12-22 Thread Terence M. Bandoian
On 12/21/2014 9:14 AM, Fabio Ricci wrote: Yes that made it THANK YOU very much!!! Grazie mille! Cheers Fabio Am 21.12.14 um 14:10 schrieb Alessandro Manzoni: Il 21.12.2014 13.38, Fabio Ricci ha scritto: Dear community I developed a tomcat JSP servlet which - say - instantiates a class,

Re: REST call failure on newer tomcat version/update

2014-12-22 Thread Terence M. Bandoian
On 12/22/2014 6:02 AM, Konstantin Kolinko wrote: 2014-12-19 20:49 GMT+03:00 Sean Dawson seandawson2...@gmail.com: Hello, We had a gwt app deployed and working with tomcat 7_42 and tried it recently in several configurations (Windows/Linux) with the latest update of 7 and it fails during a

My problem: I cannot successfully get or set a session attribute from a JSP file.

2014-12-08 Thread Terence M. Bandoian
On 12/6/2014 3:19 PM, Jim Anderson wrote: Hi to all, I am currently developing some server side JSP code. By and large, things are progressing and working well. I have gotten half way decent at debugging my java/javascript/jquery/jsp/HTML source code, but I have run into a problem in JSP

Re: jsp page on Tomcat non loading css

2014-11-08 Thread Terence M. Bandoian
On 11/7/2014 7:55 PM, Daniel Baktiar wrote: Hi Alessandro, Is there any servlet filter running which modifies the Content-Type headers? Look at the web.xml for filter/ tag. Daniel Baktiar On Thu, Nov 6, 2014 at 7:04 PM, Alessandro Panzeri alessandro.panzer...@gmail.com wrote: I deployed a

Re: Security Best Practices on Windows Service

2014-11-07 Thread Terence M. Bandoian
On 11/5/2014 1:34 PM, Igal @ getRailo.org wrote: hi, what are the security best practices for running Tomcat as a Windows Service? is the local system account safe or am I better off creating a new user and giving it write permissions only to the Tomcat runtime folders and read permissions to

Re: From HTTP to HTTPS request.getHeader(referer)

2014-11-04 Thread Terence M. Bandoian
On 11/4/2014 4:46 AM, Léa Massiot wrote: Hi, Terence M. Bandoian wrote: I'm not sure how you're using it but it's worth pointing out that response.sendRedirect Sends a temporary redirect response to the client... The client (browser) must then send another request to the server before any

Re: From HTTP to HTTPS request.getHeader(referer)

2014-11-03 Thread Terence M. Bandoian
On 11/2/2014 11:34 AM, Léa Massiot wrote: Hi again. It looks like sendRedirect() is working if I pass it a HTTPS URL as an argument: - String s_prov = request.getScheme() + :// + request.getServerName() + request.getContextPath() + / +

Re: From HTTP to HTTPS request.getHeader(referer)

2014-11-01 Thread Terence M. Bandoian
On 10/31/2014 11:18 AM, Mark Eggers wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/31/2014 5:06 AM, Léa Massiot wrote: Hello and thank you for reading my post. I'm trying to make a webapp work with HTTPS. It was working properly with HTTP. Below is the problem I have. Inside a

Re: HTTPS / URLs with no port number / Tomcat only

2014-10-29 Thread Terence M. Bandoian
On 10/28/2014 5:59 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Terence, On 10/28/14 5:49 PM, Terence M. Bandoian wrote: On 10/28/2014 8:55 AM, Léa Massiot wrote: Christopher Schultz-2 wrote A bit of warning: when modifying iptables, you need to be very

Re: How to access Sessions outside of class

2014-10-28 Thread Terence M. Bandoian
On 10/28/2014 9:36 AM, Jason Ricles wrote: Thanks Tim, That seems like the way to go. IT avoids us having to write our own protocols and everything and instead just code the logic for what action to take when a certain message is received. Hi, Jason- RMI seems reasonable if foo and bar

Re: HTTPS / URLs with no port number / Tomcat only

2014-10-28 Thread Terence M. Bandoian
On 10/28/2014 8:55 AM, Léa Massiot wrote: Christopher Schultz-2 wrote A bit of warning: when modifying iptables, you need to be very careful that you don't wipe-out any rules that allow you to gain remote access to the server. For instance, if you have a default rule to DROP all packets and an

Built-in Tomcat Support for Windows Authentication

2014-10-22 Thread Terence M. Bandoian
On 10/22/2014 4:40 AM, Philippe Wijdh wrote: Hello, We have spent a long time now, trying to set up Apache Tomcat with Windows Authentication. We followed the instructions as per http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html but we cannot make it work properly, the logon

java.lang.IllegalArgumentException at java.nio.Buffer.limit

2014-08-07 Thread Terence M. Bandoian
On 8/7/2014 10:04 AM, John Smith wrote: TC 7.0.54 / RHEL 6 / JDK 1.7.0_60 I'm getting a pretty consistent error in my logs that started showing up recently. I use logback and have a servlet catch all 500 errors and log them. The error seems to be associated with one servlet that writes XML

Security Manager Exception

2014-07-23 Thread Terence M. Bandoian
On 7/22/2014 11:04 AM, George Sexton wrote: I'm using Tomcat 7.0.54 with the security manager. I'm getting an exception I don't understand: 2014-07-22 09:27:03,934 [http-bio-80-exec-64] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[somehostname.mhsoftware.com].[/].[jsp]-

Re: Help understanding Session System Properties

2014-07-22 Thread Terence M. Bandoian
On 7/22/2014 9:36 AM, Felipe Jaekel wrote: I have a simple authentication logic in my applications, where I store the current user in the session and check with a filter if the current user value is not null. Eventually I see some null pointer exceptions in my Tomcat 7.0.47 that happened in JSF

Re: Problem with Transfer-Encoding

2014-07-09 Thread Terence M. Bandoian
On 7/8/2014 2:52 AM, Konstantin Kolinko wrote: 2014-07-07 21:07 GMT+04:00 Terence M. Bandoian tere...@tmbsw.com: On 7/5/2014 6:36 PM, André Warnier wrote: I agree with André about the difficulties of debugging character encodings. A couple of things you might check are the character encodings

Re: Host appBase vs Context docBase

2014-07-07 Thread Terence M. Bandoian
On 7/5/2014 9:48 AM, Terence M. Bandoian wrote: On 7/4/2014 9:04 PM, Igal @ getRailo.org wrote: I'm a little confused about the Host appBase attribute. Let's say that my website resides in D:\www\site1 I don't like using {Tomcat}/webapps so I don't want to have it as a base directory for websites

Re: Problem with Transfer-Encoding

2014-07-07 Thread Terence M. Bandoian
On 7/5/2014 6:36 PM, André Warnier wrote: Sushil Prusty wrote: Dear User Thanks for you input. You're welcome. First, a foreword : I will try my best to help you, but doing this is very difficult, and doing it via email is even more difficult. I was not kidding when I wrote earlier that

Re: Host appBase vs Context docBase

2014-07-05 Thread Terence M. Bandoian
On 7/4/2014 9:04 PM, Igal @ getRailo.org wrote: I'm a little confused about the Host appBase attribute. Let's say that my website resides in D:\www\site1 I don't like using {Tomcat}/webapps so I don't want to have it as a base directory for websites. What I've been doing so far is create an

Re: Browsers suddenly start timing out when accessing port 80 of secure site

2014-06-26 Thread Terence M. Bandoian
On 6/24/2014 12:25 PM, Bruce Lombardi wrote: Thanks for the response Konstantinos. I'll look into the HSTS header. The behavior you describe may be what is happening. Bruce Sent from my iPad On Jun 24, 2014, at 8:51 AM, Konstantin Preißer kpreis...@apache.org wrote: Hi, -Original

Re: Webapps directory query

2014-06-20 Thread Terence M. Bandoian
On 6/20/2014 12:53 AM, vicky wrote: Thanks Mark, but it doesn't have the details of scenario when we'll carry out a redeployment along with a restart/ How the exploded directories will then be updated , is it only the files are going to be updated within it ? Please give some directions.

Re: Tomcat is down or refused connection

2014-05-23 Thread Terence M. Bandoian
On 5/23/2014 1:22 AM, Ballarpure, Akshay (EXT-Tata Consultancy Ser - IN/Hyderabad) wrote: Hello, Soap request is failing with below message in our application. 2014/05/20 06:48:43 [ERROR] (browse_csl) failed to reach startSearch service, soapRC 502 2014/05/20 06:48:43 [ERROR]

Re: tomcat6 thread locked

2014-05-21 Thread Terence M. Bandoian
On 5/20/2014 8:28 PM, devoss ind wrote: Hi Christopher, Can you suggest stable tomcat and jvm versions. Regards, Devoss. On 20 May 2014 21:32, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Devoss, On 5/19/14, 2:43 AM, devoss ind

RE: Tomcat dependency on application server

2014-05-17 Thread Terence M. Bandoian
On 5/17/2014 4:35 AM, Randhir Singh wrote: I have 1 observation. In our developmental environment, I killed the Tomcat process and started the Tomcat it worked. But in the production environment, starting Tomcat was not enough and I had to restart JBoss Tomcat in sequence for Tomcat to be up.

Re: where find documentation

2014-05-16 Thread Terence M. Bandoian
On 5/15/2014 8:05 AM, Francesco Viscomi wrote: Hi all, i'm try to find a documentation that describe every tag inside the web.xml file, but i wasn't able to find anything about that on http://tomcat.apache.org/tomcat-5.5-doc/config/context.html someone can help me? thanks in advance; Francesco

Re: Session fixation Tomcat 7

2014-05-16 Thread Terence M. Bandoian
On 5/8/2014 8:56 PM, Akash Jain wrote: Hi, I am trying to resolve session fixation issue with tomcat 7.0.52 We have a Spring MVC application running on it, and the Auth method is provided by another application which writes cookie, and we use the cookie value to check whether the user is valid

Re: No activity on tomcat.users since Tues?

2014-05-12 Thread Terence M. Bandoian
On 5/11/2014 7:56 AM, Konstantin Kolinko wrote: 2014-05-10 22:54 GMT+04:00 Tim Watts t...@cliftonfarm.org: Markmail seems to confirm this but kind of remarkable, huh? I think the user community should get a promotion in recognition of our quantum leap in tomcat problem-solving skills! (Or

RE: Setup Issue tomcat 6 SLES 11 SSL

2014-05-01 Thread Terence M. Bandoian
of Wooster P - 330-263-2612 F - 330-263-2666 -Original Message- From: Terence M. Bandoian [mailto:tere...@tmbsw.com] Sent: Wednesday, April 30, 2014 3:01 PM To: Tomcat Users List Subject: Re: Setup Issue tomcat 6 SLES 11 SSL On 4/30/2014 9:02 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED

Re: CORS issue with Tomcat and Android Webview

2014-04-30 Thread Terence M. Bandoian
On 4/29/2014 3:48 AM, Jose María Zaragoza wrote: 2014-04-29 0:38 GMT+02:00 Terence M. Bandoian tere...@tmbsw.com: On 4/28/2014 5:32 PM, Terence M. Bandoian wrote: On 4/28/2014 3:08 PM, Jose María Zaragoza wrote: 2014-04-28 21:55 GMT+02:00 Terence M. Bandoian tere...@tmbsw.com: On 4/26/2014 6

Re: Setup Issue tomcat 6 SLES 11 SSL

2014-04-30 Thread Terence M. Bandoian
On 4/30/2014 9:02 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Vincent, On 4/29/14, 4:24 PM, Vincent T. DiScipio wrote: I have setup tomcat 6 on SLES 11 and secured the instance with an external certificate if authority. The following is occurring from the

Re: CORS issue with Tomcat and Android Webview

2014-04-30 Thread Terence M. Bandoian
On 4/28/2014 3:21 PM, Konstantin Kolinko wrote: 2014-04-28 23:44 GMT+04:00 Terence M. Bandoian tere...@tmbsw.com: On 4/27/2014 11:36 AM, Konstantin Kolinko wrote: 2014-04-27 0:50 GMT+04:00 Terence M. Bandoian tere...@tmbsw.com: On 4/26/2014 1:13 AM, Ankit Singhal wrote: On Sat, Apr 26, 2014

Re: CORS issue with Tomcat and Android Webview

2014-04-28 Thread Terence M. Bandoian
On 4/27/2014 11:36 AM, Konstantin Kolinko wrote: 2014-04-27 0:50 GMT+04:00 Terence M. Bandoian tere...@tmbsw.com: On 4/26/2014 1:13 AM, Ankit Singhal wrote: On Sat, Apr 26, 2014 at 12:53 AM, Terence M. Bandoian Hi, Ankit- Where did you see accept-origin documented? I see an init-param named

Re: CORS issue with Tomcat and Android Webview

2014-04-28 Thread Terence M. Bandoian
, Terence M. Bandoian tere...@tmbsw.comwrote: On 4/24/2014 11:16 PM, Ankit Singhal wrote: Hi I did more research on this and figure out the issue.If you see the headers from Android and look into Origin Header. Origin: file:// Tomcat CORS filter tries to validate the URI in Origin header

Re: CORS issue with Tomcat and Android Webview

2014-04-28 Thread Terence M. Bandoian
On 4/28/2014 3:21 PM, Konstantin Kolinko wrote: 2014-04-28 23:44 GMT+04:00 Terence M. Bandoian tere...@tmbsw.com: On 4/27/2014 11:36 AM, Konstantin Kolinko wrote: 2014-04-27 0:50 GMT+04:00 Terence M. Bandoian tere...@tmbsw.com: On 4/26/2014 1:13 AM, Ankit Singhal wrote: On Sat, Apr 26, 2014

Re: CORS issue with Tomcat and Android Webview

2014-04-28 Thread Terence M. Bandoian
On 4/28/2014 3:08 PM, Jose María Zaragoza wrote: 2014-04-28 21:55 GMT+02:00 Terence M. Bandoian tere...@tmbsw.com: On 4/26/2014 6:56 AM, Jose María Zaragoza wrote: 2014-04-26 13:16 GMT+02:00 Martin Gainty mgai...@hotmail.com: Date: Sat, 26 Apr 2014 11:43:05 +0530 Subject: Re: CORS issue

Re: CORS issue with Tomcat and Android Webview

2014-04-28 Thread Terence M. Bandoian
On 4/28/2014 5:32 PM, Terence M. Bandoian wrote: On 4/28/2014 3:08 PM, Jose María Zaragoza wrote: 2014-04-28 21:55 GMT+02:00 Terence M. Bandoian tere...@tmbsw.com: On 4/26/2014 6:56 AM, Jose María Zaragoza wrote: 2014-04-26 13:16 GMT+02:00 Martin Gainty mgai...@hotmail.com: Date: Sat, 26 Apr

Re: CORS issue with Tomcat and Android Webview

2014-04-26 Thread Terence M. Bandoian
On 4/26/2014 1:13 AM, Ankit Singhal wrote: On Sat, Apr 26, 2014 at 12:53 AM, Terence M. Bandoian tere...@tmbsw.comwrote: On 4/24/2014 11:16 PM, Ankit Singhal wrote: Hi I did more research on this and figure out the issue.If you see the headers from Android and look into Origin Header

Re: CORS issue with Tomcat and Android Webview

2014-04-25 Thread Terence M. Bandoian
to a message, please do so at the bottom of the message or inline, as I've done here. Additional information may be found on the Tomcat web site: http://tomcat.apache.org/lists.html#tomcat-users Hope that helps. -Terence Bandoian On Fri, Apr 25, 2014 at 1:36 AM, Terence M. Bandoian tere

Re: CORS issue with Tomcat and Android Webview

2014-04-24 Thread Terence M. Bandoian
On 4/22/2014 1:37 PM, Jose María Zaragoza wrote: -- Forwarded message -- From: Terence M. Bandoian tere...@tmbsw.com Date: 2014-04-22 20:12 GMT+02:00 Subject: Re: CORS issue with Tomcat and Android Webview To: Tomcat Users List users@tomcat.apache.org On 4/22/2014 11:03 AM

Re: CORS issue with Tomcat and Android Webview

2014-04-24 Thread Terence M. Bandoian
On 4/24/2014 1:14 PM, Jose María Zaragoza wrote: 2014-04-24 19:00 GMT+02:00 Terence M. Bandoian tere...@tmbsw.com: On 4/22/2014 1:37 PM, Jose María Zaragoza wrote: -- Forwarded message -- From: Terence M. Bandoian tere...@tmbsw.com Date: 2014-04-22 20:12 GMT+02:00 Subject: Re

Re: lean and mean Tomcat 7 configuration

2014-04-24 Thread Terence M. Bandoian
On 4/24/2014 10:52 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 4/24/14, 9:16 AM, André Warnier wrote: Starting from a vanilla current Tomcat 7 download (*), on a Linux server I have looked at the on-line Configuration documentation of Tomcat 7,

Re: CORS issue with Tomcat and Android Webview

2014-04-22 Thread Terence M. Bandoian
On 4/22/2014 11:03 AM, Ankit Singhal wrote: Also we tried to give the same call from Android App to some different Node server and things worked fine. So it seems some problem with Tomcat only. On Tue, Apr 22, 2014 at 9:22 PM, Ankit Singhal ankising...@gmail.comwrote: Hi All I am facing a

Re: Configuration question

2014-04-17 Thread Terence M. Bandoian
On 4/17/2014 9:01 AM, Mark Murphy wrote: Here is the configuration, as you can see the default host is set and the IP is not aliased. in server.xml ... Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=443 / ... Connector

Re: AW: AW: tomcat-connectors-1.2.39-windows-x86_64-iis does not work

2014-04-04 Thread Terence M. Bandoian
On 4/4/2014 5:52 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 4/4/14, 1:09 PM, Jeffrey Janner wrote: -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Friday, April 04, 2014 12:04 PM To: 'Tomcat Users List'

Re: Tomcat 7 : Configure redirect url for session timeout

2014-03-16 Thread Terence M. Bandoian
On 3/14/2014 6:18 PM, Akash Jain wrote: I want to redirect user to / with a query parameter to indicate that session has timed out. On Fri, Mar 14, 2014 at 4:01 PM, Leo Donahue donahu...@gmail.com wrote: On Fri, Mar 14, 2014 at 3:48 PM, Akash Jain akash.delh...@gmail.com wrote: Leo, If any

Re: Tomcat and Spring Framework

2014-03-09 Thread Terence M. Bandoian
On 3/7/2014 4:45 PM, Leo Donahue wrote: On Fri, Mar 7, 2014 at 3:41 PM, Konstantin Kolinko knst.koli...@gmail.comwrote: 2014-03-08 2:30 GMT+04:00 Leo Donahue donahu...@gmail.com: Any Spring developers on the list?

Re: simple way to access application in multi instance envirnoment

2014-03-09 Thread Terence M. Bandoian
On 3/9/2014 10:05 AM, Neven Cvetkovic wrote: Ahmed, On Sun, Mar 9, 2014 at 10:14 AM, Ahmed Dalatony ahmed.dalat...@gmail.comwrote: hello, can you help me little more with example or simpler doc i'm new to tomcat config and i don't understand virtual host thank you Ultimately, if you

  1   2   3   >