Re: Tomcat 8.0.30 Session lost

2016-01-08 Thread Olaf Kock
Is there any chance that the first and correctly authenticated cookies (despite the debug output "secure=false") are https-only cookies and won't get transmitted in http, thus triggering new sessions? E.g. any chance they get rewritten at another level (Apache httpd, ServletFilter, others) to be

Re: Tomcat 8.0.30 Session lost

2016-01-12 Thread Olaf Kock
: Protection by IP-address-fixation calls for random problems that are hard to reproduce. Olaf Am 12.01.2016 um 16:51 schrieb Christopher Schultz: > Olaf, > > On 1/11/16 4:12 PM, Olaf Kock wrote: >> Well, at least you do a bit of protection instead of just disabling the >> session fix

Re: Tomcat 8.0.30 Session lost

2016-01-11 Thread Olaf Kock
Well, at least you do a bit of protection instead of just disabling the session fixation security filter. However, be aware that potentially many people might come from the same IP address - either because it's a NATing home router or a big company's proxy server. Especially if you want to attack

Re: Updating Apache Tomcat to a current version

2016-06-12 Thread Olaf Kock
Am 12.06.2016 um 15:20 schrieb paul.greene.va: > Thank you. I wasn't involved at all in the previous upgrade or the > original installation of Tomcat and/or HP Service Manager. Based on this information, I'd install a vanilla version of 7.0 53 next to your currently installed application that

Re: How to cancel download on the server side

2016-06-03 Thread Olaf Kock
Am 03.06.2016 um 15:51 schrieb Steffen Heil (Mailinglisten): > NO. We want to stream the results to the client... It usually is > several times bigger than the memory at hand. I can think of three options right now: * Know the content-length upfront (which you don't) - with that clients could

Re: Tomcat - Multiple sites and SSL

2016-01-15 Thread Olaf Kock
Please clarify your intent: By default, tomcat has a /commented/ connector on 8443, which you can configure You can activate as many connectors on as many ports as you like. But if you have all applications on the same application server anyways (and are using the same hostnames): Why bother?

Re: HSTS missing from HTTPS server on tomcat 8.0.27

2016-02-09 Thread Olaf Kock
Am 09.02.2016 um 15:10 schrieb Christopher Schultz: > On 2/9/16 6:28 AM, dku...@ccilindia.co.in wrote: > > > and then VA test results show that HSTS is not configured. > > It looks like "VA test" has a broken client: it's not issuing a valid > HTTP request. Just to make sure it's not the most

Re: HTTP communication

2016-01-29 Thread Olaf Kock
I'll second Andre's answer: Just because you declare a 10d timeout, you can't rely on the connection to stay up for that long. You can't even rely on a connection to stay up during the download of a simple gif (although that's so quick that the odds for connection termination are a lot lower).

Re: Tomcat memory

2016-02-21 Thread Olaf Kock
This is rather a Java than a tomcat question: The JVM allocates memory based on whatever default your current JVM version decides (you don't mention what version of Java you're on) >From a text on http://docs.oracle.com/javase/7/docs/technotes/guides/vm/gc-ergonomics.html that's linked from my

Re: Tomcat memory

2016-02-21 Thread Olaf Kock
urious to know if the tomcat ui or the > catalina does not have a Xms and -Xmx, would it default to 400MB? I read this > in another forum. > > -Gokul > > > -Original Message- > From: Olaf Kock [mailto:tom...@olafkock.de] > Sent: Sunday, February 21, 2016 3:14 AM >

Re: Error 404 for autodiscover.xml

2016-03-14 Thread Olaf Kock
Welcome to the internet. I guess that you'll also find a lot of requests for /phpmyadmin/*, /wordpress/* and a bunch of other software that you didn't install. There's background chatter on the internet, constantly scanning for known vulnerabilities (or just creating an index of installed software

Re: Appscan Issues

2016-04-08 Thread Olaf Kock
Am 08.04.2016 um 15:40 schrieb Kikkeri, Amith: > Thanks... I will me more detailed. > We don't use Apache HTTPD or ngnix. It's just tomcat7. Below is my connector > configuration. > > maxThreads="150" SSLEnabled="true" scheme="https" secure="true" >

Re: Appscan Issues

2016-04-08 Thread Olaf Kock
Am 08.04.2016 um 15:17 schrieb Kikkeri, Amith: > Hi, > Appscan was performed on our application and 2 issues were encountered. Could > anyone please let me know how to resolve these issues ? We use tomcat7. > > Browser Exploit Against SSL/TLS (a.k.a. BEAST) > RC4 cipher suites were detected >

Re: Appscan Issues

2016-04-09 Thread Olaf Kock
Am 09.04.2016 um 18:20 schrieb Christopher Schultz: > Olaf, > > On 4/8/16 9:49 AM, Olaf Kock wrote: > > > I'm typically configuring a HTTPS end point in Apache httpd and > > forward to tomcat. I feel that the documentation for explicit > > cipher-choice in Apache h

Re: Tomcat8 with Java8 session mix up issue

2016-04-11 Thread Olaf Kock
Am 11.04.2016 um 14:51 schrieb Nilesh Dabholkar: > Hi, > > Has anyone come across issues related mixing up user session on Tomcat 8.0.26? > > We've been seeing intermittent issues whereby user session are getting mixed > up after upgrading to Tomcat8 and Java8. Whenever I've seen content for

Re: Fwd:

2016-04-07 Thread Olaf Kock
Am 07.04.2016 um 10:42 schrieb SAMBUDDHA CHAUDHURI: > How to do Tomcat Server Clustering?How to use Load balancer in Tomcat > Server? You might want to check the chapters in tomcat's documentation where this is covered - they're called "18. Clustering" and "19. Load Balancer"

Re: Tomcat access log - body of a request shows in the next request

2016-03-04 Thread Olaf Kock
In addition to Mark's answer: Please add the *exact* tomcat version number ("7" is not sufficient) that you're running (make sure it's not an old one - it's unnecessary to hunt down bugs if they're long fixed. Also, when you crosspost

Re: Performance regression from 7 to 8

2016-03-03 Thread Olaf Kock
Tullio, just checking: * Have you isolated this to be a tomcat 7 vs 8 issue or could it also be a same-time change of the JVM? Network connection? Caching? * What's the test setup that you're using? Memory tuned? Apache in front? HTTP connector? AJP? Olaf Am 03.03.2016 um 12:06 schrieb Tullio

Re: OT if/else or not if/else

2016-04-23 Thread Olaf Kock
Am 23.04.2016 um 12:19 schrieb André Warnier (tomcat): > Since it is still week-end.. > > On 22.04.2016 21:57, Olaf Kock wrote: >> Optimize for the maintainer, not for the compiler. The maintainer might >> buy you a beer, the compiler for sure will not. > > Wit

Re: OT if/else or not if/else

2016-04-22 Thread Olaf Kock
Am 22.04.2016 um 18:24 schrieb Leon Rosenberg: > Hi guys, > > this is completely off-topic ;-) > > I was wondering if using if/else is not actually slowing down your code. > Lets say I have three possible conditions, A, B and C, which are exclusive. > My native approach would be: > if (A){...} >

Re: Request for documentation

2016-05-14 Thread Olaf Kock
Am 14.05.2016 um 14:06 schrieb Lyallex: > I need some documentation that details exactly what happens when the > fist bit of a request arrives at the server all the way through to > when the last bit of the response leaves the server. Does any such > documentation exit? > > Presumably the

Re: Locky Attack

2016-05-02 Thread Olaf Kock
I can't say how I "have dealt" with it. Only how I plan to in case it hits: Restore backups, educate colleagues. If it hasn't hit yet, there's an argument to have watchdogs that watch out for suspicious massive file changes on file servers. But I'm not sure if they already exist, and if they're

Re: setting jvm parameters to optimize production performance

2016-05-06 Thread Olaf Kock
Am 06.05.2016 um 14:11 schrieb Stefan Frei: > Tomcat 8.0.33 > Debain jessie > java 8 > > Hello > > i cannot find any resources how to set configure the setenv.sh for a > production environment. > > Does somebody have some tips? *How* to set them? CATALINA_OPTS="-your -parameters -here" *Which*

Re: Tomcat Security Option

2016-04-14 Thread Olaf Kock
Could you elaborate what you mean with "security option"? There's a number of things that you can do for securing tomcat, and enabling the security manager is only one thing. If you do this, you probably want to specify the policy for the server's sandbox - e.g. which files it's allowed to access,

Re: Basic Authentication

2016-04-14 Thread Olaf Kock
Have you already googled for "tomcat basic authentication"? Which of the numerous instructions did you have problems with? What nature were they? Am 14.04.2016 um 16:45 schrieb King Kenneth: > All, > > Please provide an example of how to set a web application to BASIC within the > web.xml file.

Re: Issue with Tomcat7

2016-08-01 Thread Olaf Kock
Am 01.08.2016 um 08:20 schrieb Syed Mudassir Ahmed: > Can someone help us what wrong we are doing? Not without more information - from the information you give us, we don't even know if your WebApp1 or WebApp2 was causing the "connection refused" reply. Please give: * Exact versions of

Re: Issue with Tomcat7

2016-08-01 Thread Olaf Kock
Am 01.08.2016 um 10:26 schrieb Syed Mudassir Ahmed: > I indeed wanted the help from Tomcat community users. I didn't want > to type a long message here to explain the problem. The way someone > is reading an email can also view the screen and give instant and > better help (out of their

Re: Issue with Tomcat7

2016-08-01 Thread Olaf Kock
Am 01.08.2016 um 09:25 schrieb Syed Mudassir Ahmed: > Thanks for the quick response. Can we setup a meeting this Friday as > per your convenience on google hangout? I would like to share the > screen and show the errors I am facing. This would be a great help. > I thought you were looking for

Re: https failing to start

2017-02-28 Thread Olaf Kock
Hi, Am 28.02.2017 um 17:45 schrieb Olayemi Olatunji: > Hello, > > Kindly see logs attached. > Please note that this list strips attachments. You'll need to either post *the relevant parts* inline or point to external resources. Relevant is most likely what you've changed in the original

Re: AT WITS END regarding JVM arguments

2016-09-01 Thread Olaf Kock
Am 01.09.2016 um 20:36 schrieb James H. H. Lampert: > ... > I just tried adding a "setenv.bat" to the "bin" directory, containing > >> SET CATALINA_OPTS=-Djava.awt.headless=true >> -Djavax.servlet.request.encoding=UTF-8 -Dfile.encoding=UTF-8 > > and after stopping and starting the service, even

Re: Tomcat 8 HTTPS issue with old browser

2016-10-04 Thread Olaf Kock
Am 04.10.2016 um 11:23 schrieb Kreuser, Peter: > In my opinion weakening the security of the majority of users (there are > seemingly others) is a pretty bad thing to do. My suggestion would be a > different connector on a separate port for the handhelds. Configure this > either on HTTP or a

Re: Tomcat 8 HTTPS issue with old browser

2016-10-04 Thread Olaf Kock
Am 04.10.2016 um 12:43 schrieb Garratt, Dave: > To elaborate, there is only this single application running on the server. > All other web applications use Windows IIS. > > I have mentioned that the problem is down to the old software on the scanner > but it’s a huge international

Re: tomcat under aix has SSL certificate with a weak hash algorithm

2016-09-27 Thread Olaf Kock
Am 27.09.2016 um 09:20 schrieb Michael Mattes: > Dear Tomcat users > > i have the following problem: I am using tomcat 6.0.45 under aix 7.1 > (7100-03-05-1524) > > i got the below Finding and my question is how can i fix it: ( ihave no > experience regarding > how to handle SSL certificates: >

Re: Hot pre-compiled JSP reloading

2017-03-27 Thread Olaf Kock
Am 27.03.2017 um 09:30 schrieb Joan Tomàs i Buliart: > Hello, > > We currently deploy our JSPs outside of the WAR. This allows us to > deploy the main application container and the JSP views at different > pace (one team moves much faster than the other). In order to support > this, we have

Re: Ways to identify poorly designed client aplications sending request to Tomcat !

2017-03-30 Thread Olaf Kock
Am 30.03.2017 um 01:33 schrieb Utkarsh Dave: > Hello all, > > My tomcat (7.0.72) hosts several web aplications in the server (based in > linux 6.8). [...] > Memory heap dump generated is of > Size: 787.3 MB Classes: 139k Objects: 19.3m Class Loader: 1.6k The combination of "hosts several web

Re: Ways to identify poorly designed client aplications sending request to Tomcat !

2017-03-30 Thread Olaf Kock
Am 30.03.2017 um 21:51 schrieb Utkarsh Dave: > Hi Andre, > > I suppose we should read 1.2 GB here ? Yes > Anyway, why do you say "which is enough" ? How do you know ? By the past > test results. that we have been doing on each application > And do not top-post. How do we know what you are

Re: Setting up HTTP/2 with no SSL connector ?

2017-03-30 Thread Olaf Kock
Am 30.03.2017 um 21:53 schrieb Laurent Perez: > Client is Chrome 56. Where could I check in tomcat source to see if the > client is sending the h2c upgrade token ? >>> I managed to run the servlets/serverpush/simpleimage HTTP/2 push example >>> from Tomcat 9 trunk with the SSL Http11AprProtocol

Re: Question on FORM POST processing via AJP1.3 in tomcat 1.0.69, changed from 1.014.

2017-03-27 Thread Olaf Kock
Am 27.03.2017 um 23:11 schrieb André Warnier (tomcat): > On 27.03.2017 23:03, Scott, Derric T wrote: >> I ran into a snag and finally identified the culprit. The tomcat on >> the backend went from 1.0.14 to 1.0.69. > As far as I know, there exists no such Tomcat version. Where did you > get

Re: [OT] Re: Tomcat 8/Redhat Linux 6.6 /Kernal 2.6.32 - Memory Won't Release

2017-03-19 Thread Olaf Kock
Am 19.03.2017 um 13:37 schrieb André Warnier (tomcat): > On 17.03.2017 14:54, Christopher Schultz wrote: > >> >> Note that Java *never* gives any memory back to the OS, even when the >> heap-usage goes down. This is a Java thing, not a Tomcat thing. > > I did not know that (*), and I have never

Re: classloader for components in META-INF/context.xml?

2017-03-18 Thread Olaf Kock
Am 18.03.2017 um 10:54 schrieb Mark Thomas: > On 17/03/2017 20:21, Mike Wilson wrote: >> I also ran into [1]. >> >> Some Tomcat configuration with custom components (Valves, Managers etc) may >> be done from a webapp's META-INF/context.xml. But currently if those classes >> are your own custom

Re: [OT] Re: Tomcat 8/Redhat Linux 6.6 /Kernal 2.6.32 - Memory Won't Release

2017-03-20 Thread Olaf Kock
Am 20.03.2017 um 09:30 schrieb André Warnier (tomcat): > One may wonder in fact : if when resizing the Heap downwards, the JVM > is anyway not going to give the surplus memory back to the OS, then > why bother ? what is the surplus ex-Heap memory then used > interestingly for, by the JVM ?

Re: Tomcat issue

2017-03-17 Thread Olaf Kock
Am 17.03.2017 um 07:04 schrieb Kerapetse Phorano: > I have set up an "admin" user with a password. The manager runs properly on > > localhost but the error comes if it is accessed from a different PC. The manager app is deliberately preconfigured to only be available from localhost. If you open

Re: Tomcat issue

2017-03-17 Thread Olaf Kock
Am 17.03.2017 um 09:44 schrieb Kerapetse Phorano: > Ok i see that. > So if that is the case how do i access tomcat outside the localhost? > > Regards, > Kerapetse > > On Fri, Mar 17, 2017 at 9:44 AM, Olaf Kock <tom...@olafkock.de> wrote: > >> Am 17.03.201

[OT] Re: renewing an ssl certificate

2017-04-06 Thread Olaf Kock
Am 06.04.2017 um 01:42 schrieb Christopher Schultz: > Great! Time to upgrade to Tomcat 8! It's really not bad at all. If you > have a testing environment, I think you'll be able to do it in about > 30 minutes. After you do it once, it'll take you more like 5 minutes. > *Everybody* has a testing

Re: POST + 500 + Response returns no content

2017-03-12 Thread Olaf Kock
Am 12.03.2017 um 06:12 schrieb Marc Boorshtein: > What am I missing? > IMHO: * A code sample, and if that doesn't uniquely answer the next question: * Are you working directly on the Servlet API or involve any other library? (which version?) Without this, it's hard to give some suggestion with

Re: A problem of accessing an application

2017-03-31 Thread Olaf Kock
Am 31.03.2017 um 15:42 schrieb M. Osama Alghwell: > docBase="E:\MyOrg\OrgAPP\Field" > > This will cause the service to not work (I did it and after changing I do > restart for the service) which meand Tomcat won't start Whatever you set as a docbase, it must be a fully deployable web application

Re: Security Headers Implementation in Tomcat 6.x version

2017-05-29 Thread Olaf Kock
Am 29.05.2017 um 07:59 schrieb Shaik, Mohammad N.: > We are using Tomcat 6.x version and we need to implement the following > headers in our environment. > > Headers: > 1) Strict-Transport-Security > 2) Content-Security-Policy > > 7) X-Robots-Tag > > When I checked the Tomcat 6 version

Re: [External] Re: Security Headers Implementation in Tomcat 6.x version

2017-06-02 Thread Olaf Kock
Am 02.06.2017 um 07:43 schrieb Shaik, Mohammad N.: > Hi Chris, > > My actual requirement was to implement 7 HTTP headers, out of > which 4 are implemented in "HttpHeaderSecurityFilter". The remaining 3 headers (Content-Security-Policy, Public-Key-Pins, X-Robots-Tag) are not addressed in any of

Re: Security Headers Implementation in Tomcat 6.x version

2017-05-31 Thread Olaf Kock
Am 29.05.2017 um 13:34 schrieb Shaik, Mohammad N.: > Hello Olaf, > > Thanks for your response! > > Based on your inputs, we are thinking to put Apache httpd in front of Tomcat > 6 server, since our header configuration is going to be static. > > Can you please help us in identifying which version

Re: Apache httpd server 2.4.25 binaries for Non Windows platforms

2017-06-16 Thread Olaf Kock
Am 16.06.2017 um 08:55 schrieb Prarthana Agwania: > We have a requirement to package Apache httpd server together with mod_jk > 1.2.42 and distribute it to customers. Our application is hosted on Tomcat > which needs to be load balanced. We tried the topology where in Apache > httpd server act as

Re: Connection pool issue was in with 7.0.52 version? And it is fixed in 7.0.78 version?

2017-06-16 Thread Olaf Kock
Am 16.06.2017 um 14:00 schrieb Sai Kumar: > There is no problem with code,We are closing the connections properely. > This issue is occured in production side.We are highly suspecting that > there is an issue with the Tomcat server( V7.0.52). First of all,Please let > us know if there is any bug

Re: Connection pool issue was in with 7.0.52 version? And it is fixed in 7.0.78 version?

2017-06-16 Thread Olaf Kock
Sai Kumar, Am 16.06.2017 um 12:06 schrieb Sai Kumar: > Hi , > > We are using following tomcat version > Apache Tomcat/7.0.52 > Server number: 7.0.52.0 > and currently we are facing a problem with this one. While you give some description of things that happen in your

Re: Connection pool issue was in with 7.0.52 version? And it is fixed in 7.0.78 version?

2017-06-16 Thread Olaf Kock
onnecting to any other request later. > > Please help us on this ASAP. > > On Fri, Jun 16, 2017 at 3:49 PM, Olaf Kock <tom...@olafkock.de> wrote: > >> Sai Kumar, >> >> >> Am 16.06.2017 um 12:06 schrieb Sai Kumar: >>> Hi , >>> >>&

Re: Tomcat events in London (and beyond)

2017-06-27 Thread Olaf Kock
I love the idea - am just wondering how you're planning to combine £50 without financial risk, with lunch & room (having an idea what hotels charge for a catered event day), Travel for you/the committers etc. I'll be happy to forward this to some people within my company - aiming at several

Re: How to prevent tomcat from deleting a webapp on restart

2017-09-11 Thread Olaf Kock
On 12.09.2017 03:00, Aryeh Friedman wrote: I have setup a webapp (main app) that is uploaded with a war file and second one ("images") that is just a dir in the webapp dir, no war file. Sometimes (not always) on tomcat restart/system reboot images gets deleted. How can I prevent this. That's

Re: TomcatCon Where (and when) next?

2017-09-29 Thread Olaf Kock
On 27.09.2017 23:14, Mark Thomas wrote: We are looking for suggestions for possible locations for the next event. Please add your suggestions to this thread. I've sent a more thorough reply privately and will be happy to assist in continuing Liferay's sponsorship. This will be easiest to secure

Re: getting some cookie & security related issues.

2017-11-30 Thread Olaf Kock
On 30.11.2017 08:52, Naga Ramesh wrote: User > AWS > Tomcat (HTTPS)(HTTPS) User-HTTPS request> AWS-ELB(https-443) re-direct to tomcat connector port-8080 What is the (expected) path when the user makes an HTTPS request? Is it: User > AWS >

Re: Cannot start TomCat on Windows10

2017-11-01 Thread Olaf Kock
On 01.11.2017 05:21, wrote: Hello, ?0?2 ?0?2 ?0?2 I've been using eclipse neon to run a j2ee project on Tomcat Server, but I can't start the Tomcat, and I google the errors but no solutions to it. And I've set the environment variables. Please help me, thank you. The attache is error

Re: Is there any way to make a little delay or sequencing of the requests coming to tomcat.

2017-11-01 Thread Olaf Kock
On 01.11.2017 06:00, Chaitanya Sabbineni wrote: I had a application where multiple requests are coming at same time because of which 1 request is overridden by other.Is so can Any one let me know if there is a way to achieve this. Tomcat easily handles simultaneous requests - it rather looks

Re: [ANN] Apache Tomcat 9.0.2 available

2017-12-01 Thread Olaf Kock
On 01.12.2017 15:54, Chris Cheshire wrote: Has 9 had an official release yet, or is it still almost there? On Fri, Dec 1, 2017 at 9:05 AM, Mark Thomas wrote: The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.2 (beta). 9.0.2 (beta) beta =

Re: Updating a working installation

2018-05-09 Thread Olaf Kock
On 09.05.2018 17:09, James H. H. Lampert wrote: Question: Is there an easy way to bump a working Tomcat installation from one release to another, without benefit of Linux "apt-get" or "yum," or WinDoze "cab" (this is an OS/400 installation), without having to rebuild the whole configuration

Re: Can't Connect to Apache.org Network

2018-06-12 Thread Olaf Kock
On 12.06.2018 23:33, Igal Sapir wrote: Perhaps it to revisit the thresholds that trigger warnings/bans. The Tomcat SVN repo might be much larger today than it was when those were last examined and set. You might want to start at https://github.com/apache/tomcat instead of pulling down

Re: How do we prevent directory access in apache

2018-05-29 Thread Olaf Kock
On 29.05.2018 05:07, Jins Raju Abraham wrote: How do we prevent a directory access in apache. Tried searching this and there are a lot of suggestion about doing it in the .htaccess file. "Apache Tomcat" doesn't know about .htaccess files. "Apache httpd" does, but you won't get an answer

Re: Deleting web.xml on tomcat exit

2018-06-07 Thread Olaf Kock
On 06.06.2018 21:36, Mark Thomas wrote: On 06/06/18 20:30, Jan Tosovsky wrote: Dear All, I use tomcat as a Liferay portal engine. It is usually stopped in two steps. There is Shutdown button available in Liferay Control panel, which stops the webapp. Once this is finished, it is safe to stop

Re: ALv2 Tomcat Training material

2018-01-06 Thread Olaf Kock
On 04.01.2018 14:01, Mark Thomas wrote: On 04/01/18 11:31, Marek Czernek wrote: Hi Mark, I think this is a great idea. Before doing any brainstorming though, I wonder about the following: 1. Who'd be the target audience? And what skill level would you want to    target? Any pre-requisites?

Re: GC allocation failure

2018-01-07 Thread Olaf Kock
On 05.01.2018 12:46, Suvendu Sekhar Mondal wrote: I really never found any explanation behind this "initial=max" heap size theory until I saw your mail; although I see this type of configuration in most of the places. It will be awesome if you can tell more about benefits of this

Re: tomcat 7.0 resurrecting directory while service is installed - running in command line mode?

2018-01-10 Thread Olaf Kock
On 10.01.2018 17:57, Christoph P.U. Kukulies wrote: Am 10.01.2018 um 17:06 schrieb Christoph P.U. Kukulies: The problem is overlaid by the following: [2018-01-10 16:35:37] [info]  [ 6340] Commons Daemon procrun (1.0.15.0 64-bit) s tarted [2018-01-10 16:35:37] [info]  [ 6340] Running

Re: tomcat 7.0 resurrecting directory while service is installed - running in command line mode?

2018-01-10 Thread Olaf Kock
On 10.01.2018 12:39, Christoph P.U. Kukulies wrote: Nonetheless still having a bit trouble with it and would like to use your suggestion, but it fails somehow due to blanks in path name. This weirdness with blanks in paths: C:\Program Files\Apache Software Foundation\Tomcat 7.0>SET

Re: Thread-safety with sessions

2018-01-18 Thread Olaf Kock
On 18.01.2018 06:37, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 1/17/18 4:31 PM, Mark Thomas wrote: On 17/01/18 17:05, Christopher Schultz wrote: All, I have a use-case related to caching where I need to make sure that an operation only happens one

Re: asgard tomcat application 404

2018-02-16 Thread Olaf Kock
On 15.02.2018 23:39, Tim Dunphy wrote: I'm trying to get Netflix Asgard tomcat app working. I'm using tomcat 9. I'm using windows. [...] Tomcat is about as much involved in this as is Windows. To second Christopher's OT answer: This is a problem of the deployed application, not of Tomcat. You

Re: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?

2017-12-28 Thread Olaf Kock
On 27.12.2017 23:16, Eric Robinson wrote: I mean A is java8 and tomcat8.. so make a C that is tomcat6 and java8 I don't think so. This is a requirement of the software company whose application solution we use. They are requiring us to move to tomcat 8 with jdk 1.8. If we try to mix tomcat8

Re: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?

2017-12-22 Thread Olaf Kock
On 22.12.2017 13:48, Eric Robinson wrote: We have multiple JVMs deployed on two identical Linux servers. Each server has 60 JVMs. Until today, both servers were running Tomcat6 with JDK 1.6. Today we upgraded one of the servers to Tomcat 8 with JDK 1.8. Now the JVMs on the Tomcat 8 server

Re: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?

2017-12-22 Thread Olaf Kock
On 22.12.2017 21:02, Eric Robinson wrote: With the exact same Xms and Xmx settings, I get vastly different resident and virtual image sizes from the Linux ps command. tomcatA: jdk1.8.0_152, res: 694312, virt: 5045084 tomcatB: jdk1.6.0_21, res: 332840, virt: 3922656 -Xmx

Re: Servlet Threads Changing Instance Data

2018-08-15 Thread Olaf Kock
Jerry, On 15.08.2018 18:14, Jerry Malcolm wrote: I have a mobile app that issues several http web service calls to initialize.  I was making them sequentially with no issues.  I then changed to give them all separate threads so they could load asynchronously.  Then the bottom fell out.  I

Re: [tomcat:8.0-jre8] CONFIDENTIAL adds Cache-Control: private?

2018-08-16 Thread Olaf Kock
Hi Martynas, On 16.08.2018 14:40, Martynas Jusevičius wrote: Hi, my initial observations suggest, and SO post [1] seems to confirm, that when CONFIDENTIAL is specified on a security-constraint in web.xml, Tomcat does two things: 1. automatically redirects to

Re: 2018.03.07-2 Bundle issue with tomcat 8 - Post

2018-08-17 Thread Olaf Kock
On 17.08.2018 15:40, Mandal, Jayanta wrote: Tomcat Version : We upgraded our tomcat environment from bundle 2016.10.31-2 to 2018.03.07-2 & suddenly we are seeing all Post method stopped working with new bundle. Previous Value Changed Value Bundle 2016.10.31-2 2018.03.07-2 Tomcat

Re: user lockout realm, logging ip addresses

2018-08-18 Thread Olaf Kock
On 18.08.2018 03:58, Alex O'Ree wrote: Is it possible to configure the user lockout realm to log what ip address the failed login attempt came from? I know the information needed will also be in the access log but added it to the "attempt to login from a locked account" message would be super

Re: Tomcat 5.5.17 migration to 6

2018-07-15 Thread Olaf Kock
On 14.07.2018 22:53, David Babooram wrote: Alright. I guess the thought the process was to upgrade to 6, then 7, 8 If your application doesn't do anything too tomcat specific, but is rather a standard web application, you might be able to just deploy it on Tomcat 8.5 and check if it all

Re: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page

2018-07-05 Thread Olaf Kock
On 05.07.2018 09:43, Sandels Mark (RTH) OUH wrote: Hi Olaf The web-page displays correctly when I connect to Tomcat directly. I posted to the tomcat users group as I havn't had any reply to my post to the Apache http user group! In answer to your other question, I do refer to the and

Re: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page

2018-07-05 Thread Olaf Kock
On 05.07.2018 09:18, Sandels Mark (RTH) OUH wrote: When I go to my web-page using a browser (Chrome), the source code of the web-page is displayed. I have added the PFX Certificate to Trusted Root Certification Authorities on my PC from which I launched Chrome. Here is the URL I am using

Re: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page

2018-07-05 Thread Olaf Kock
On 05.07.2018 12:35, Sandels Mark (RTH) OUH wrote: Hi Peter I would use tomcat to provide https if it could be configured to do this - is this fairly easy to do? The IT Department have given me a Certificate and private key for the server (OXNETMDMS04) but do I need to use "keytool" to

Re: WebApp Caching Broken

2018-03-06 Thread Olaf Kock
Kenneth, On 06.03.2018 15:09, Kenneth Taylor wrote: More troubleshooting revealed that our root context xml had been copied from another installation and had a wrong path in it.  However, I don’t think this was the problem since it was only a path to a Log4J config.  We re-installed Tomcat

Re: Binding a non root user to port 443

2018-03-14 Thread Olaf Kock
On 14.03.2018 16:02, Cheltenham, Chris wrote: Chris, I am kind of lost. I am not sure what you guys are asking. If I asked the same thing twice its because whatever was sent by someone else other than you did not work or I cannot use. well, I'm also lost. It would help to know what didn't

Re: ava.lang.IllegalArgumentException: Document base xxxx does not exist or is not a readable directory

2018-04-17 Thread Olaf Kock
On 16.04.2018 22:06, Support wrote: SEVERE: Error initializing static Resources java.lang.IllegalArgumentException: Document base /home/testuser/resources/Raptor does not exist or is not a readable directory A few things are slightly off of my expectations: But if you see below

Re: Tomcat question

2018-04-23 Thread Olaf Kock
On 23.04.2018 14:49, Zahi Fail wrote: This is the following code from my web.xml file: Images are the least popular medium to communicate code. And on this list, this is actually enforced: Images are stripped. Please post the actual text - that should be even easier than creating

Re: Trying to chase down "too many connection" problems with DB

2018-03-25 Thread Olaf Kock
On 24.03.2018 05:08, Shawn Heisey wrote: This message is long.  Lots of details, a fair amount of history. The primary Tomcat version we've got is 7.0.42. Specifically, it is the Tomcat that's included with Liferay 6.2. This is why we haven't attempted an upgrade even though the version

Re: Trying to chase down "too many connection" problems with DB

2018-03-25 Thread Olaf Kock
Hi Shawn, only some aspects answered for now, inline: On 25.03.2018 19:31, Shawn Heisey wrote: On 3/25/2018 3:15 AM, Olaf Kock wrote: * Liferay comes (optionally) bundled with Tomcat to ease installation, however, the tomcat in there will be your own and is up to you to upgrade. Yes, new

Re: I cant start Tomcat instances

2018-03-18 Thread Olaf Kock
On 17.03.2018 19:16, Loai Abdallatif wrote: actually all of them has X permissions -rwxr--r-- 1 root root 70 Mar 17 11:59 shutdown-instance0.sh -rwxr--r-- 1 root root 70 Mar 17 11:48 shutdown-instance1.sh -rwxr--r-- 1 root root 70 Mar 17 11:59 shutdown-instance2.sh

Re: Binding a non root user to port 443

2018-03-16 Thread Olaf Kock
Chris, On 15.03.2018 13:34, Cheltenham, Chris wrote: Andre, You probably missed where I had mentioned the infrastructure group poo poo'd altering iptables for whatever reason. Here is what I think are my 5 best choices for running tomcat as a non root user on a privileged port. 1) redirect

Re: I cant start Tomcat instances

2018-03-17 Thread Olaf Kock
On 17.03.2018 14:16, Loai Abdallatif wrote: Dear Colleagues I'm new to tomcat, I have successfully installed the service but when I tried to run three instances I coudnt due to error below : the this I did is copied the cataline Home to three instances tomcat0, tomcat1, and tomcat2

Re: No reliable way to know if the request emerged from localhost

2018-02-27 Thread Olaf Kock
On 27.02.2018 09:29, Vasantharaju Trichy wrote: Tomcat version 7.0.82 | Windows We have a requirement such that admins(tomcat users) need to login remotely to the machine where Tomcat is hosted and access tomcat webapp to perform certain action or see certain pages . These pages or actions

Re: [OT] Security of AJP

2018-02-27 Thread Olaf Kock
Hi Christopher, On 27.02.2018 23:18, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Olaf, On 2/27/18 4:33 PM, Olaf Kock wrote: On 27.02.2018 21:54, Mark A. Claassen wrote: I would /not/ state that it's /not secure/. But I'm following your later argument: It's

Re: [OT] Security of AJP

2018-02-28 Thread Olaf Kock
On 28.02.2018 16:01, Cheltenham, Chris wrote: In this case are you tunneling into tomcat via 8009 AJP connector? "tunneling the (unencrypted) AJP connection between Apache httpd and Tomcat, so that it's no longer transmitted in clear text." - that's how I'd phrase it. (and thank you

Re: tomcat 8.5.28

2018-03-02 Thread Olaf Kock
On 02.03.2018 15:22, Cheltenham, Chris wrote: What? don't feed the trolls ;) From: Cheltenham, Chris [mailto:ccheltenham-...@philasd.org] Sent: Friday, March 02, 2018 9:08 AM To: 'Tomcat Users List' Subject: tomcat 8.5.28 Hello, Has anyone set up tomcat as a

Re: Security of AJP

2018-02-27 Thread Olaf Kock
Mark, On 27.02.2018 21:54, Mark A. Claassen wrote: From what I have read, it seems that the AJP connector is not secure, and is meant to be used in a protective environment. There are lots of things that imply this, like no SSL settings and such, but I cannot find it directly stated

Re: Setclasspath error in Tomcat 8.5

2018-06-29 Thread Olaf Kock
On 27.06.2018 23:06, kevin ferguson wrote: Hi Guys I have a configured Tomcat server 8.5 and java installed 1.8.0_171. Java_home and Catalina_home configured and working. Here is a short version from my .bashrc --- #Setup home for java and openolat export CATALINA_BASE=/opt/tomcat export

Re: Number of Web Applications in one Tomcat

2018-10-29 Thread Olaf Kock
On 29.10.18 09:00, Ahmed, Tarek wrote: TLDR? Do you deploy one web application per tomcat instance or several? As you list the arguments quite well, I'd add my answer "it depends": General rule of thumb, to be executed in that order: If they're too few applications to worry about (and if

Re: Translation help wanted

2018-11-13 Thread Olaf Kock
On 13.11.18 18:12, Mark Thomas wrote: Seems time to add some AI-translate add-on to the code. That is supported but it has to be paid for. That was something I was thinking about. I have 10k characters of free translation (POEditor uses either Google translate or Microsoft Automatic

Re: Java Supported Versions for Apache Tomcat/7.0.77

2019-01-03 Thread Olaf Kock
On 02.01.19 23:11, Janakiram Maganti wrote: > Hi Support, > > Can you suggest what is the latest Java 8 version supported for “Apache > Tomcat/7.0.77”. > According to https://tomcat.apache.org/whichversion.html, there's no maximum version, it's "Java 6 and later". E.g. if you're running into

Re: Spring+Tomcat

2018-12-13 Thread Olaf Kock
On 13.12.18 05:51, Adlet Azhibek wrote: > *Hi all!* > how should download a new version of tomcat with *necessary (.jar) files in > a "lib" directory? I need, for example, "**spring-websocket-5. 1.3. RELEASE > .jar" in "lib". What should I do? I've downloaded necessary jar files from * >

  1   2   >