Re: Logging TLS Session Failures

2017-03-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Durga, On 3/9/17 3:34 AM, Durga Srinivasu Karuturi wrote: > This is one of the requirement from FIPS/CC certification. Can you provide a reference for this requirement? - -chris > On Wed, Mar 8, 2017 at 11:03 PM, Christopher Schultz < >

Re: JMX currentThreadsBusy less than connections/requests when use APR connector

2017-03-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Linbo, On 3/8/17 8:13 PM, linbo liao wrote: > Here is the Connector configuration: > > protocol="org.apache.coyote.http11.Http11AprProtocol" > maxHttpHeaderSize="8192" maxThreads="400" acceptorThreadCount="4" > maxKeepAliveRequests="-1"

Re: How do I set the logger org.apache.tomcat.util.scan.StandardJarScanner's level to WARN

2017-03-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hoa, On 3/9/17 11:58 AM, Hoa Phan wrote: > I have tried: > > org.apache.tomcat.util.scan.StandardJarScanner.level = SERVERE //in > the logging.properties > > -Dorg.apache.tomcat.util.scan.StandardJarScanner=SERVERE //on > startup > >

How do I set the logger org.apache.tomcat.util.scan.StandardJarScanner's level to WARN

2017-03-09 Thread Hoa Phan
I have tried: org.apache.tomcat.util.scan.StandardJarScanner.level = SERVERE //in the logging.properties -Dorg.apache.tomcat.util.scan.StandardJarScanner=SERVERE //on startup org.apache.tomcat.util.scan.StandardJarScanner=SERVER //as sysprops None of them works... That logger is still WARN

Re: [ANN] TomcatCon schedule announced

2017-03-09 Thread Igal @ Lucee.org
This is great, but unfortunately I will not be able to attend in person due to scheduling conflicts. Will the sessions be recorded? I'd be willing to pay a reasonable fee to watch them afterwards. Thanks, Igal Sapir Lucee Core Developer Lucee.org On 3/9/2017 6:08 AM,

Re: What is the correct way to use scanManifest

2017-03-09 Thread Mark Thomas
On 09/03/17 13:15, Hoa Phan wrote: > Hi, > > I see that since 8.0.38 we added a scanManifest props to JarScanner. > But when I added the props > into: container/tomcat8x/apache-tomcat-8.0.38/conf/context.xml > > > WEB-INF/web.xml > ${catalina.base}/conf/web.xml > > > > >

Re: [ANN] TomcatCon schedule announced

2017-03-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 3/9/17 2:42 PM, Mark Thomas wrote: > On 09/03/17 18:36, Igal @ Lucee.org wrote: >> This is great, but unfortunately I will not be able to attend in >> person due to scheduling conflicts. >> >> Will the sessions be recorded? I'd be

Re: Status code 403 Forbidden issue for websocket creation using WSS protocol

2017-03-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nishant, On 3/9/17 2:12 PM, nishant singh wrote: > Thank you for the response.I am using a self signed certificate. > How to make httpd trust the certificate that Tomcat is presenting? I think this is the directive you are looking for:

Status code 403 Forbidden issue for websocket creation using WSS protocol

2017-03-09 Thread nishant singh
Hi, I am creating a websocket connection to server using "wss" protocol from client. I have configured apache as proxy(mod proxy and mod_proxy_wstunnel.so module is enabled in Apache httpd.conf file) to my tomcat server. In apache VirtualHost for port 443 is created.Attached is Apache

Re: Status code 403 Forbidden issue for websocket creation using WSS protocol

2017-03-09 Thread nishant singh
Hello Chris, Thank you for the response.I am using a self signed certificate. How to make httpd trust the certificate that Tomcat is presenting? Nishant On Fri, Mar 10, 2017 at 12:09 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash:

Re: [ANN] TomcatCon schedule announced

2017-03-09 Thread Mark Thomas
On 09/03/17 18:36, Igal @ Lucee.org wrote: > This is great, but unfortunately I will not be able to attend in person > due to scheduling conflicts. > > Will the sessions be recorded? I'd be willing to pay a reasonable fee > to watch them afterwards. We should have audio recordings. I believe

Re: Status code 403 Forbidden issue for websocket creation using WSS protocol

2017-03-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nishant, On 3/9/17 1:16 PM, nishant singh wrote: > I am creating a websocket connection to server using "wss" > protocol from client. I have configured apache as proxy(mod proxy > and mod_proxy_wstunnel.so module is enabled in Apache httpd.conf >

Re: What is the correct way to use scanManifest

2017-03-09 Thread Hoa Phan
I'll try that and see how it goes, thanks Mark. Btw, when I was debugging I couldn't find where this method get called at all: public void setScanManifest(boolean scanManifest) { this.scanManifest = scanManifest; } This props default to true: private boolean scanManifest =

Re: [ANN] TomcatCon schedule announced

2017-03-09 Thread Mark Thomas
On 09/03/17 19:51, Christopher Schultz wrote: > Mark, > > On 3/9/17 2:42 PM, Mark Thomas wrote: >> On 09/03/17 18:36, Igal @ Lucee.org wrote: >>> This is great, but unfortunately I will not be able to attend in >>> person due to scheduling conflicts. >>> >>> Will the sessions be recorded? I'd be

RE: getRealPath is a bad idea?

2017-03-09 Thread Berneburg, Cris J. - US
Chris >> BTW, why doesn't getRealPath return the full path to the >> folder that the WAR file is in instead of null? > > You mean for a call like getRealPath("/")? Yes, exactly! > Well, that would require a path to be returned to the "root" of > the application. Let's say that ROOT.war is in >

Re: How do I set the logger org.apache.tomcat.util.scan.StandardJarScanner's level to WARN

2017-03-09 Thread Hoa Phan
Hi Chris, I tried: org.apache.tomcat.util.scan.StandardJarScanner.level=SERVERE //in the logging.properties -Dorg.apache.tomcat.util.scan.StandardJarScanner.level=SERVERE //on startup org.apache.tomcat.util.scan.StandardJarScanner.level= SERVERE //as sysprops But they didn't help either :(,

Re: getRealPath is a bad idea?

2017-03-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cris, On 3/9/17 3:18 PM, Berneburg, Cris J. - US wrote: >>> BTW, why doesn't getRealPath return the full path to the folder >>> that the WAR file is in instead of null? >> >> You mean for a call like getRealPath("/")? > > Yes, exactly! > >>

RE: Apache Tomcat 9

2017-03-09 Thread Caldarale, Charles R
> From: pina.freder...@gmail.com [mailto:pina.freder...@gmail.com] > Subject: Apache Tomcat 9 > I'm trying to teach myself Java Web App Development but can't seem to get > this issue resolved. > Mar 09, 2017 5:44:17 PM org.apache.catalina.core.StandardServer await > SEVERE:

Re: What is the correct way to use scanManifest

2017-03-09 Thread Mark Thomas
On 09/03/17 21:38, Hoa Phan wrote: > I'll try that and see how it goes, thanks Mark. Btw, when I was debugging I > couldn't find where this method get called at all: > public void setScanManifest(boolean scanManifest) { > this.scanManifest = scanManifest; > } > > This props

Re: Apache Tomcat 9

2017-03-09 Thread calder
>> From: pina.freder...@gmail.com [mailto:pina.freder...@gmail.com] >> Subject: Apache Tomcat 9 > > >> I'm trying to teach myself Java Web App Development but can't seem to get >> this issue resolved. > >> Mar 09, 2017 5:44:17 PM org.apache.catalina.core.StandardServer await >> SEVERE:

RE: Apache Tomcat 9

2017-03-09 Thread pina.frederick
How do I stop it ? Sent from Mail for Windows 10 From: Caldarale, Charles R Sent: Thursday, March 9, 2017 6:16 PM To: Tomcat Users List Subject: RE: Apache Tomcat 9 > From: pina.freder...@gmail.com [mailto:pina.freder...@gmail.com] > Subject: Apache Tomcat 9 > I'm trying to teach myself Java

Re: Apache Tomcat 9

2017-03-09 Thread tomcat
On 10.03.2017 00:24, pina.freder...@gmail.com wrote: How do I stop it ? Close the lid of your laptop ? (Sorry, could not stop myself) Sent from Mail for Windows 10 From: Caldarale, Charles R Sent: Thursday, March 9, 2017 6:16 PM To: Tomcat Users List Subject: RE: Apache Tomcat 9 From:

Re: How do I set the logger org.apache.tomcat.util.scan.StandardJarScanner's level to WARN

2017-03-09 Thread calder
On Thu, Mar 9, 2017 at 9:48 PM, Hoa Phan wrote: > Hi Chris, > > I tried: > > org.apache.tomcat.util.scan.StandardJarScanner.level=SERVERE //in the > logging.properties > > -Dorg.apache.tomcat.util.scan.StandardJarScanner.level=SERVERE //on startup > >

Re: How do I set the logger org.apache.tomcat.util.scan.StandardJarScanner's level to WARN

2017-03-09 Thread Hoa Phan
Ouch!! My bad... sorry Chris. On Fri, Mar 10, 2017 at 10:31 AM, calder wrote: > On Thu, Mar 9, 2017 at 9:48 PM, Hoa Phan wrote: > > Hi Chris, > > > > I tried: > > > > org.apache.tomcat.util.scan.StandardJarScanner.level=SERVERE //in the > >

Apache Tomcat 9

2017-03-09 Thread pina.frederick
Hello ! I’m trying to teach myself Java Web App Development but can’t seem to get this issue resolved. Can anyone give me a few hints ? I’m using a Windows 10 Hope laptop with Eclipse Neon 2 IDE. Thanks. Mar 09, 2017 5:44:16 PM org.apache.tomcat.util.digester.SetPropertiesRule begin WARNING:

Re: How do I set the logger org.apache.tomcat.util.scan.StandardJarScanner's level to WARN

2017-03-09 Thread Hoa Phan
Unfortunately it's still the same. When I tried to debug it the logger tomcat is using is DirectJDKLog Is org.apache.tomcat.util.scan.StandardJarScanner.level=SEVERE the right way to turn off WARNING logging ​? On Fri, Mar 10, 2017 at 10:34 AM, Hoa Phan wrote: > Ouch!! My

Websocket client with SSL and authentication

2017-03-09 Thread radiatejava
Tomcat team, I have few questions on websocket: 1. I am looking for Java websocket client sample code that uses basic (user) auth. 2. Is there any sample code for how to put in SSL (keystore and truststore) websocket client ? 3. I want to create a websocket client within the Tomcat jvm. I know

Re: JMX currentThreadsBusy less than connections/requests when use APR connector

2017-03-09 Thread linbo liao
1、The load-generating vm has 2 cores. 2、Can I use currentThreadsBusy to monitor the performance of Tomcat using APR connector? 2017-03-10 0:42 GMT+08:00 Christopher Schultz : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Linbo, > > On 3/8/17 8:13 PM,

Re: How do I set the logger org.apache.tomcat.util.scan.StandardJarScanner's level to WARN

2017-03-09 Thread Hoa Phan
Oops just noticed I set the subject wrong. I meant to set it to SEVERE to get rid of the FileNotFoundException all over the places. I tried to overwrite logging.properties in tomcat itself and in the webapp with the content: handlers = java.util.logging.ConsoleHandler

How to restrict access to specific webapp + denyStatus

2017-03-09 Thread Diego Gomes
Hello guys! inside of my "/opt/tomcat7/webapps/" folder, I have many apps over there I would like to protect for instance, "Student" (/opt/tomcat7/webapps/Student) app to only allow specific IP address, so I did: "# vi /opt/tomcat7/conf/Catalina/localhost/Student.xml" and addedd:

Re: What is the correct way to use scanManifest

2017-03-09 Thread Hoa Phan
looks like I can't overwrite the webapp context.xml with tomcat context.xml. I have no control over the WAR file until tomcat deployed it :( If I try to use tomcat server.xml and add inside it somehow breaks the webapp. Is there any other way for me to set this scanmanifest to false.

Re: [ANN] TomcatCon schedule announced

2017-03-09 Thread Igal @ Lucee.org
On 3/9/2017 11:42 AM, Mark Thomas wrote: We typically make these available free of charge. For past Tomcat related sessions see: http://tomcat.apache.org/presentations.html We should have audio for more of those. I'll see if I can track it down. Thanks for the link! I've been on that Tomcat

RE: getRealPath is a bad idea?

2017-03-09 Thread Caldarale, Charles R
> From: Berneburg, Cris J. - US [mailto:cberneb...@caci.com] > Subject: RE: getRealPath is a bad idea? > How do you all configure the location of a special folder that is not part of > the > deployment package itself? A site-specific config file perhaps? Take a look at this:

Re: Logging TLS Session Failures

2017-03-09 Thread tomcat
On 09.03.2017 09:34, Durga Srinivasu Karuturi wrote: This is one of the requirement from FIPS/CC certification. Thanks, Durga Srinivasu Durga, I believe that in your original post, you said : "We have a requirement in our application to log all TLS session failures." You should probably

Re: Logging TLS Session Failures

2017-03-09 Thread Durga Srinivasu Karuturi
This is one of the requirement from FIPS/CC certification. Thanks, Durga Srinivasu On Wed, Mar 8, 2017 at 11:03 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Durga, > > On 3/8/17 10:02 AM, Durga Srinivasu Karuturi wrote: >

Re: Logging TLS Session Failures

2017-03-09 Thread Durga Srinivasu Karuturi
Our application meaning on RHEL machine within JVM with embedded tomcat (with single web-app) Okay, tomcat may not have this information on handshake failures. I need to see little higher level for capturing these failures. Thanks for answers so far. Thanks, Durga Srinivasu On Thu, Mar 9,

[ANN] TomcatCon schedule announced

2017-03-09 Thread Mark Thomas
All, I am delighted to announce that the schedule for TomcatCon has been published: https://apachecon2017.sched.com/overview/type/TomcatCon Registration is open at: http://events.linuxfoundation.org/events/apachecon-north-america/attend/register- with early bird pricing ($600) through Sunday

Re: Logging TLS Session Failures

2017-03-09 Thread Jammy Chen
If you are using JSSE which you mentioned in earlier post, you probably can only enable debug for all or specially one -Djavax.net.debug=ssl:record or -Djavax.net.debug=ssl:handshake - but it will log all sessions You could try to register a customized SSL socket factory in JSSE, you may extend

What is the correct way to use scanManifest

2017-03-09 Thread Hoa Phan
Hi, I see that since 8.0.38 we added a scanManifest props to JarScanner. But when I added the props into: container/tomcat8x/apache-tomcat-8.0.38/conf/context.xml WEB-INF/web.xml ${catalina.base}/conf/web.xml It doesn't work and the prop is still true on startup: