Query string and query parameters encoding on Tomcat 8.5.5
Hi. I do not understand what happens with query paramers and URI encoding in Tomcat 8.5.5. On client side, the query is : https://localhost:8447/adele_admin/ldapapi/personnes?mot=P%C3%A9net Where "Pénet" is, as far as I understand, correctly encoded. On server side, the Connector-s all have URIEncoding forced to UTF-8 (which is the default value anyway). In the logs, I can see : ::1 - - [15/Sep/2016:15:52:27 +0200] "OPTIONS /adele_admin/ldapapi/personnes?mot=Pénet HTTP/2.0" 200 - ::1 - lpenet [15/Sep/2016:15:52:41 +0200] "GET /adele_admin/ldapapi/personnes?mot=Pénet HTTP/2.0" 404 - (404 is ok there) But request.getQueryString() (where request is the HttpServletRequest instance passed by tomcat) returns a wrongly encoded mot=Pénet and request.getParameter("mot") returns "Pénet" I need the query string to be ok so that libraries like RestEasy which relies on it correctly works. In my REST api, I get poorly encoded @QueryParam-s... Is there a parameter I missed ? I carefully reviewed the CHANGELOG, but might have missed something... Thanks in advance, Ludovic | | AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT. | - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fwd: Compiling Tomcat Native 1.2.8
On 12/09/2016 22:32, Pierce Allen wrote: Hello - I run a collection Tomcat web servers on Redhat 7.2 (up-to-date) Normally we like to compile and use the latest stable version of Tomcat Native we can get our hands on (currently the one that ships with Tomcat 8.5.5.0 is labeled tcnative 1.2.8). However, when I try to compile recent versions of Tomcat Native I get an error that my OpenSSL version is too low: checking OpenSSL library version >= 1.0.2... configure: error: Your version of O penSSL is not compatible with this version of tcnative I don't really want to muck up the distro by trying to update OpenSSL by downloading and compiling OpenSSL's source code. RedHat backports security fixes to OpenSSL 1.0.1e so there are no "heartbleed" or other known vulnerabilities with the in-band OpenSSL version. Is there some workaround or procedure that can be used to get recent versions of Tomcat Native to compile on up to date RedHat systems? In a similar situation, I statically link openssl. Please find enclosed my .spec for Tomcat 8.5.5. I tried not to alter it too much when removing information specific to my organisation. Ludovic | | AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT. | %define major_version 8 %define minor_version 5 %define revision 5 %define full_version %{major_version}.%{minor_version}.%{revision} %define native_major_version 1 %define native_minor_version 2 %define native_revision 8 %define native_full_version %{native_major_version}.%{native_minor_version}.%{native_revision} %define commons_daemon_version 1.0.15 %define openssl_major 1 %define openssl_minor 0 %define openssl_revision 2h %define openssl_full_version %{openssl_major}.%{openssl_minor}.%{openssl_revision} %define apr_major 1 %define apr_minor 5 %define apr_revision 2 %define apr_full_version %{apr_major}.%{apr_minor}.%{apr_revision} Name: my-tomcat Version: %{full_version} Release: 1 Summary: My Own Tomcat License: My License Group: my.group autoprov: yes autoreq: yes Requires: my-jre BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XX) # dependance vers le jdk 7 par facilite (le 8 serait mieux) BuildRequires: apr-devel openssl-devel java-1.7.0-openjdk, java-1.7.0-openjdk-devel, chrpath %define source_file http://mirrors.ircam.fr/pub/apache/tomcat/tomcat-%{major_version}/v%{full_version}/bin/apache-tomcat-%{full_version}.tar.gz %define openssl_file https://www.openssl.org/source/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision}.tar.gz %define apr_file http://wwwftp.ciril.fr/pub/apache/apr/apr-%{apr_major}.%{apr_minor}.%{apr_revision}.tar.bz2 Source: %{source_file} Source1: mysql-connector-java-5.1.23-bin.jar Source2: OracleDriver-7.jar Source3: postgresql-9.4.1209.jar Source6: %{openssl_file} Source7: %{apr_file} Patch: manager.patch Patch1: server.xml.patch Patch2: tomcat-users.xml.patch # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/ %define basedir %{_var}/lib/%{name} %define appdir %{basedir}/webapps %define bindir %{_datadir}/%{name}/bin %define confdir %{_sysconfdir}/%{name} %define homedir %{_datadir}/%{name} %define libdir %{_javadir}/%{name} %define logdir %{_var}/log/%{name} %define cachedir %{_var}/cache/%{name} %define tempdir %{cachedir}/temp %define workdir %{cachedir}/work %define _initrddir %{_sysconfdir}/init.d %define tomcat_base %{homedir} %description My desc Startup and shutdown are managed with commons-daemon %{commons_daemon_version}. %prep %{__mkdir} -p $RPM_BUILD_DIR/%{name} cat << \EOF > %{_builddir}/%{name}/%{name}-req #!/bin/sh %{__find_requires} $* |\ sed -e '/libcrypto/d' -e '/libssl.so/d' -e '/pkgconfig' EOF %define __find_requires %{_builddir}/%{name}/%{name}-req chmod +x %{__find_requires} %define _use_internal_dependency_generator 0 %setup -T -D -a 6 -n . %setup -T -D -a 7 -n . %setup -T -D -a 0 -n . %patch -p0 %patch1 -p0 %patch2 -p0 cd ${RPM_BUILD_DIR} tar xvzf apache-tomcat-%{full_version}/bin/tomcat-native.tar.gz tar xvzf apache-tomcat-%{full_version}/bin/commons-daemon-native.tar.gz if [ ! -d ${RPM_BUILD_DIR}/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision} ]; then mv ${RPM_BUILD_DIR}/openssl-* ${RPM_BUILD_DIR}/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision} fi %build %{__rm} -rf $RPM_BUILD_ROOT pushd . cd ${RPM_BUILD_DIR}/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision} ./config --prefix=${RPM_BUILD_DIR}/openssl-inst no-shared -fPIC make make install_sw popd pushd . cd ${RPM_BUILD_DIR}/apr-%{apr_major}.%{apr_minor}.%{apr_revision} CFLAGS="-fPIC" ./configure --prefix=${RPM_BUILD_DIR}/apr-inst make make install # lthis line desactivate dynamic linking against openssl sed -i -e "/dlname=/d" -e "/library_names=/d" ${RPM_BUILD_DIR}/apr-inst/lib/libapr-1.la popd pushd . cd ${RPM_BUILD_DIR}/tomcat-native-%{native_full_version}-src/native CFLAGS="-fPIC" ./configure --prefix=${RPM_BUILD_DIR}/tomcat-native-inst --with-apr=${RPM_BUILD_DIR}/apr-inst/bin/apr-
Re: Websockets : differents behaviours on connection when using WS or WSS
On 18/07/2016 16:25, l.pe...@senat.fr wrote: Hi. I am using Tomcat 8.0.36 with Atmosphere 2.4.5 ( https://github.com/Atmosphere/atmosphere ) to implement WebSockets with fallbacks such as long polling. I am writing tests using Tomcat JSR356 implementation. I studied your WebSocket samples and I am using a fake trustore : ClientEndpointConfig cec = ClientEndpointConfig.Builder.create().build(); File keyStorePath = new File("path/to/test.keystore"); cec.getUserProperties().put(WsWebSocketContainer.SSL_TRUSTSTORE_PROPERTY, keyStorePath.getAbsolutePath()); cec.getUserProperties().put(WsWebSocketContainer.SSL_TRUSTSTORE_PWD_PROPERTY, "pouetpouet"); or similarly I am setting the WsWebSocketContainer.SSL_CONTEXT_PROPERTY to a passthrough ssl context, accepting all certificates (it's just for tests, it's ok). My test looks like : WebSocketContainer container = ContainerProvider.getWebSocketContainer(); RecordingReceivedMessagesSocket socket = new RecordingReceivedMessagesSocket(); URI echoUri = new URI(getWSTestURI("/ws/delaislimites")); ClientEndpointConfig cec = ClientEndpointConfig.Builder.create().build(); File keyStorePath = new File("path/to/test.keystore"); cec.getUserProperties().put(WsWebSocketContainer.SSL_TRUSTSTORE_PROPERTY, keyStorePath.getAbsolutePath()); cec.getUserProperties().put(WsWebSocketContainer.SSL_TRUSTSTORE_PWD_PROPERTY, "pouetpouet"); Session wsSession = container.connectToServer(socket, cec, echoUri); I realised that my message was incomplete and, by the way, found the answer myself. When I do not go SSL, I do not call the same version of connectToServer. I am doing Session wsSession = container.connectToServer(socket, echoUri); This version os connectToServer gets an Object rather than a endpoint as first parameter and, among other things, looks for the ClientEndpoint annotation. If it finds it, it wraps it in a PojoEndpointClient (pojo is the first parameter of connectToServer) : Endpoint ep = new PojoEndpointClient(pojo, Arrays.asList(annotation.decoders())); So, if I do container.connectToServer(new PojoEndpointClient(socket, new ArrayList<>()), cec, echoUri); everything is fine, because of the inits that PojoEndpointClient does. Sorry for the noise. Ludovic socket.close(); log.info("Attente de la fermeture de la socket"); Assert.assertTrue(socket.awaitClose(10,TimeUnit.SECONDS)); log.info("La socket doit avoir reçu OK"); Assert.assertTrue(socket.getReceivedMessages().contains("OK")); Assert.assertTrue(true); RecordingReceivedMessagesSocket class looks like : @ClientEndpoint @Log4j2 @Getter public class RecordingReceivedMessagesSocket extends BaseTestSocket { List receivedMessages = new ArrayList<>(); @OnMessage public String onMessage(String msg, Session session) { log.info("Message reçu : {}", msg); this.receivedMessages.add(msg); return msg; } } @ClientEndpoint @Log4j2 @Getter public class BaseTestSocket extends Endpoint { private Session session; private final CountDownLatch closeLatch; public BaseTestSocket() { this.closeLatch = new CountDownLatch(1); } @OnOpen @Override public void onOpen(Session session, EndpointConfig config) { log.info("Connexion établie."); this.session = session; } public boolean awaitClose(int duration, TimeUnit unit) throws InterruptedException { return this.closeLatch.await(duration,unit); } @OnClose @Override public void onClose(Session session, CloseReason reason) { log.info("Connexion fermée."); this.closeLatch.countDown(); } public void write(String message) throws IOException { this.session.getBasicRemote().sendText(message); } public void writeObject(Object object) throws IOException, EncodeException { this.session.getBasicRemote().sendObject(object); } public void close() throws IOException { this.session.close(); } } When I implement getWSTestURI() so that it returns a url for a non encrypted request, such as ws://localhost/8084/ws/delaislimites : * RecordingReceivedMessagesSocket.onMessage gets called with the immediate server reply ("OK"). The ServerEndPoint looks like : @Log4j2 @ManagedService(path = "/ws/delaislimites") public class WSDelaisLimites { @Inject private BroadcasterFactory factory; @Inject private AtmosphereResourceFactory resourceFactory; @Inject private MetaBroadcaster metaBroadcaster; @Ready(encoders = {JacksonEncoder.class}) @DeliverTo(DeliverTo.DELIVER_TO.ALL) public String onReady(final AtmosphereResource r) { l
Websockets : differents behaviours on connection when using WS or WSS
Hi. I am using Tomcat 8.0.36 with Atmosphere 2.4.5 ( https://github.com/Atmosphere/atmosphere ) to implement WebSockets with fallbacks such as long polling. I am writing tests using Tomcat JSR356 implementation. I studied your WebSocket samples and I am using a fake trustore : ClientEndpointConfig cec = ClientEndpointConfig.Builder.create().build(); File keyStorePath = new File("path/to/test.keystore"); cec.getUserProperties().put(WsWebSocketContainer.SSL_TRUSTSTORE_PROPERTY, keyStorePath.getAbsolutePath()); cec.getUserProperties().put(WsWebSocketContainer.SSL_TRUSTSTORE_PWD_PROPERTY, "pouetpouet"); or similarly I am setting the WsWebSocketContainer.SSL_CONTEXT_PROPERTY to a passthrough ssl context, accepting all certificates (it's just for tests, it's ok). My test looks like : WebSocketContainer container = ContainerProvider.getWebSocketContainer(); RecordingReceivedMessagesSocket socket = new RecordingReceivedMessagesSocket(); URI echoUri = new URI(getWSTestURI("/ws/delaislimites")); ClientEndpointConfig cec = ClientEndpointConfig.Builder.create().build(); File keyStorePath = new File("path/to/test.keystore"); cec.getUserProperties().put(WsWebSocketContainer.SSL_TRUSTSTORE_PROPERTY, keyStorePath.getAbsolutePath()); cec.getUserProperties().put(WsWebSocketContainer.SSL_TRUSTSTORE_PWD_PROPERTY, "pouetpouet"); Session wsSession = container.connectToServer(socket, cec, echoUri); socket.close(); log.info("Attente de la fermeture de la socket"); Assert.assertTrue(socket.awaitClose(10,TimeUnit.SECONDS)); log.info("La socket doit avoir reçu OK"); Assert.assertTrue(socket.getReceivedMessages().contains("OK")); Assert.assertTrue(true); RecordingReceivedMessagesSocket class looks like : @ClientEndpoint @Log4j2 @Getter public class RecordingReceivedMessagesSocket extends BaseTestSocket { List receivedMessages = new ArrayList<>(); @OnMessage public String onMessage(String msg, Session session) { log.info("Message reçu : {}", msg); this.receivedMessages.add(msg); return msg; } } @ClientEndpoint @Log4j2 @Getter public class BaseTestSocket extends Endpoint { private Session session; private final CountDownLatch closeLatch; public BaseTestSocket() { this.closeLatch = new CountDownLatch(1); } @OnOpen @Override public void onOpen(Session session, EndpointConfig config) { log.info("Connexion établie."); this.session = session; } public boolean awaitClose(int duration, TimeUnit unit) throws InterruptedException { return this.closeLatch.await(duration,unit); } @OnClose @Override public void onClose(Session session, CloseReason reason) { log.info("Connexion fermée."); this.closeLatch.countDown(); } public void write(String message) throws IOException { this.session.getBasicRemote().sendText(message); } public void writeObject(Object object) throws IOException, EncodeException { this.session.getBasicRemote().sendObject(object); } public void close() throws IOException { this.session.close(); } } When I implement getWSTestURI() so that it returns a url for a non encrypted request, such as ws://localhost/8084/ws/delaislimites : * RecordingReceivedMessagesSocket.onMessage gets called with the immediate server reply ("OK"). The ServerEndPoint looks like : @Log4j2 @ManagedService(path = "/ws/delaislimites") public class WSDelaisLimites { @Inject private BroadcasterFactory factory; @Inject private AtmosphereResourceFactory resourceFactory; @Inject private MetaBroadcaster metaBroadcaster; @Ready(encoders = {JacksonEncoder.class}) @DeliverTo(DeliverTo.DELIVER_TO.ALL) public String onReady(final AtmosphereResource r) { log.info("Browser {} connected.", r.uuid()); return "OK"; } /** * Invoked when the client disconnect or when an unexpected closing of the underlying connection happens. * * @param event */ @Disconnect public void onDisconnect(AtmosphereResourceEvent event) { if (event.isCancelled()) { log.info("Browser {} unexpectedly disconnected", event.getResource().uuid()); } else if (event.isClosedByClient()) { log.info("Browser {} closed the connection", event.getResource().uuid()); } } /* ... */ @Message public String onMessage(String message) throws IOException { StringBuilder sb = new StringBuilder(); sb.append("Reçu le message texte "); sb.append(message); log.info(sb.toString()); return message; } } So, I am getting "OK". When I connect through SSL, with a url like wss://localhost:8765/ws/delaislimites : * RecordingReceivedMessagesSocket.onMessage never
Re: Tomcat Embedded and Web Fragments
On 13/07/2016 15:57, Violeta Georgieva wrote: Hi, 2016-07-07 15:07 GMT+03:00 l.pe...@senat.fr : Hi. I am using Tomcat embedded, for integration tests. I do not find how to let it take in account web-fragments of included jars. Is there a specific config ? Does anyone have a working example ? Take a look at the Tomcat's tests https://github.com/apache/tomcat/blob/trunk/test/org/apache/catalina/startup/TestContextConfig.java Thank you ! I moved on to other tasks, but there is clearly a solution in these tests. Ludovic | | AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT. | - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat Embedded and Web Fragments
Hi. I am using Tomcat embedded, for integration tests. I do not find how to let it take in account web-fragments of included jars. Is there a specific config ? Does anyone have a working example ? I am using version 8.0.36. Thanks in advance, Ludovic | | AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT. | - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
JWT and Tomcat
Hi. I am planning to use JSON web tokens (JWT, see https://jwt.io/ and RFC 7519 https://tools.ietf.org/html/rfc7519 ). Is there any plan to have a "standard" valve implementing this RFC in Tomcat ? The best I could find is https://github.com/andreacomo/tomcat-jwt-security Is there an already available option I missed ? Thanks in advance, Ludovic | | AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT. | - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Determining parallely deployed versions of a webapp programmatically
On 16/12/2015 15:58, l.pe...@senat.fr wrote: Hi. I have in some of my apps cron-like tasks, scheduled by libs such as quartz. As I am also an happy user of the parallel deployment feature of tomcat, I was wondering whether, without special privileges such as those of the "admin" webapps, I could programatically determine if a webapp is the "top" version of a family of webapps. So, if webapp versions : * 1.2.1 * 1.2.2 * 1.2.3 are deployed, I should be capable to determine that 1.2.3 is the latest and only run the scheduled task in this last one. Is there any API to achieve that ? I found no API and ended with the following : 1) store the ServletContext on startup, using a ServletContextListener 2) find the tomcat Context from the ServletContext, using MBeans MBeanServer mBeanServer = MBeanServerFactory.findMBeanServer(null).get(0); ObjectName name = new ObjectName("Catalina", "type", "Server"); Server server = (Server) mBeanServer.getAttribute(name, "managedResource"); Service service = server.findService("Catalina"); Engine engine = (Engine) service.getContainer(); Host host = (Host) engine.findChild(engine.getDefaultHost()); Container[] children = host.findChildren(); for(int i = 0 ; i < children.length ; i++) { if(children[i] instanceof Context) { Context ctx = (Context) children[i]; if(ctx.getServletContext() == sc) { return ctx; } } } 3) From the Context, go up to the host and scan contexts, finding those whose name starts with the same base name as ours (defined as our name stripped from an optionnal ##version ending) Host host = (Host) context.getParent(); List ret = new ArrayList<>(); Container[] children = host.findChildren(); String shortName = StringUtils.substringBefore(context.getName(),"##"); for(int i = 0 ; i < children.length ; i++) { if(children[i] instanceof Context) { Context cur = (Context) children[i]; if(StringUtils.startsWith(cur.getName(), shortName)) { ret.add(cur); } } } return ret; StringUtils is here org.apache.commons.lang3.StringUtils. Note that you should not try to perform 2) in the ServletContextListner mentionned in 1), or you deadlock when calling, server.findService. Any advice from a tomcat expert to enhance this solution welcomed. :-) Ludovic | | AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT. | - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Determining parallely deployed versions of a webapp programmatically
Hi. I have in some of my apps cron-like tasks, scheduled by libs such as quartz. As I am also an happy user of the parallel deployment feature of tomcat, I was wondering whether, without special privileges such as those of the "admin" webapps, I could programatically determine if a webapp is the "top" version of a family of webapps. So, if webapp versions : * 1.2.1 * 1.2.2 * 1.2.3 are deployed, I should be capable to determine that 1.2.3 is the latest and only run the scheduled task in this last one. Is there any API to achieve that ? Thanks in advance, Ludovic | | AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT. | - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Parallel deployment version selection
Hi. I am using parallel deployment to upgrade my webapps with no downtime. I just have a small issue / question on how the latest version is selected. As far as I understand, the container select the latest version by lexicographically ordering the version string. So if webapp##1.0.51 and webapp##1.0.52 are deployed version 1.0.52 will be selected. I just have a periodic issue with versions ranging from 1.0.1, 1.0.2,...1.0.9 and then jumping to 1.0.10 (same thing for hundreds of course) : 1.0.9 is prefered to 1.0.10 because 9 is after 1. Is there a way to configure tomcat so that it analyses the version part as a triplet of numbers ? And so understand that 10 is more recent than 9 ? Thanks in advance, Ludovic | | AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT. | - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Double call to requestInitialized when forwarding for FORM auth
On 15/07/2015 23:36, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ludovic, On 7/15/15 3:29 AM, l.pe...@senat.fr wrote: On 13/07/2015 15:13, Christopher Schultz wrote: It looks like you or DeltaSpike are not cleaning-up as the request transitions from one state to another. Ok, thank you. What kind of notification should we process to detect this transition ? I'm not sure, since it's DeltaSpike which is objecting to the current state of the request. I think you'll have better luck with asking the DeltaSpike folks. They are welcome to come here to ask about why something may have changed. Was there ever a reply to your initial question? Yes, and a patch allowing this "double initialization". But as I suspect that there is something "cleaner" to do, I try to scratch the subject. In your post to their list, you mentioned that "there are sometimes Pretty much the same than in this case, if I sum it up. A typical example : years ago, I wrote a web filter, had to perform some locking in it (because of legacy libs) and was quite surprised to see the request going through the filter twice when serving a login page on FORM auth. I am no JEE Guru, so "strange" does not mean "bad" but "surprising". Thanks, Ludovic | | AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT. | - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Double call to requestInitialized when forwarding for FORM auth
On 13/07/2015 15:13, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ludovic, On 7/10/15 2:33 AM, l.pe...@senat.fr wrote: I have a problem with DeltaSpike Servlet module ( https://deltaspike.apache.org/documentation/servlet.html ) that seems to be caused by an incorrect behavior of Tomcat. The thread on DS mailiing list : http://mail-archives.apache.org/mod_mbox/deltaspike-users/201507.mbox/ %3C559E1F24.40408%40senat.fr%3E It looks like you or DeltaSpike are not cleaning-up as the request transitions from one state to another. Ok, thank you. What kind of notification should we process to detect this transition ? Ludovic | | AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT. | - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Double call to requestInitialized when forwarding for FORM auth
Hi. I have a problem with DeltaSpike Servlet module ( https://deltaspike.apache.org/documentation/servlet.html ) that seems to be caused by an incorrect behavior of Tomcat. The thread on DS mailiing list : http://mail-archives.apache.org/mod_mbox/deltaspike-users/201507.mbox/%3C559E1F24.40408%40senat.fr%3E I am using Tomcat 8.0.23 and it seems that requestInitialized is called twice when a forward is performed. In my case, this forward is performed because I am using container managed security with auth method set to "FORM" and Tomcat redirects to the login page. Is this behavior incorrect or should I propose a patch to DS ? Thanks in advance, Ludovic | | AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT. |