Re: Embedded Tomcat common classloader

2024-06-06 Thread Mark Thomas 

On 06/06/2024 18:48, Dave Breeze wrote:

Thanks Mark
appreciate that the url was for 8.0

With regards to classpath that was my first attempt - unfortunately it
would seem that Tomcat does not support wildcards in the classpath -
for example dirpath/lib/*.jar - at least in version 9.


The requirements for setting the class path are set by the JVM, not by 
Tomcat. If you want all the JARs in a directory to be included in the 
class path then you should add dirpath/lib/* to the class path.


Mark





Dave Breeze
Linkedin:https://uk.linkedin.com/in/dabreeze

On Thu, 6 Jun 2024 at 17:23, Mark Thomas  wrote:


On 06/06/2024 17:52, Dave Breeze wrote:

   I have an issue with embedded Tomcat and classloaders.

I have a java servlet application that runs in an embedded
Tomcat(9.0.70) instance.





https://tomcat.apache.org/tomcat-8.0-doc/class-loader-howto.html


Those are the Tomcat 8.0.x docs. You are using Tomcat 9.0.x.

Tomcat embedded does not set up the class loader structure you get with
a standard Tomcat instance. Tomcat just uses the classpath.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Webapp Getting redirected to an external IP Address

2024-06-06 Thread Tom Robinson 
Hi Rubel,

No, we are running on premises. Definitely not in the cloud.

*Kind regards,*

*Tom Robinson*
*IT Manager/System Administrator*


On Thu, 6 Jun 2024 at 12:32, Owen Rubel  wrote:

> Are you using this with a cloud service?
>
> This seems more like a misconfig of your setup. I have seen this in AWS
> before where it routes to their internal IP due to a misconfiguration.
>
> Owen Rubel
> oru...@gmail.com
>
>
> On Tue, Jun 4, 2024 at 6:26 PM Tom Robinson 
> wrote:
>
> > Hi Mark,
> >
> > On Tue, 4 Jun 2024 at 15:50, Mark Thomas  wrote:
> >
> > > On 04/06/2024 05:07, Tom Robinson wrote:
> > > > Hi,
> > > >
> > > > We are running a tomcat7 application
> > >
> > > You do realise that support for Tomcat 7 ended on 31 March 2021 don't
> > you?
> > >
> >
> > Yes, I do realise that tomcat7 is very old. We are running a legacy
> > application not of our design.
> >
> > > on our LAN which gets redirected from
> > > > a private, internal IP Address to an external ip address at which
> point
> > > it
> > > > fails. I can't find where this is happening.
> > >
> > > Is it an actual redirect - i.e. a 30x response? Or do you mean
> something
> > > else?
> > >
> > > If a redirect, does it redirect on the first request?
> > >
> >
> > OK, you are right, it's not a redirect (not a 30x response). I didn't
> think
> > to go into developer mode on the browser to check this until now.
> >
> > > Where and what can I check for this redirect and how to control it or
> > > > switch it off all together.
> > >
> > > Tomcat doesn't do this by default.
> > >
> > > Tomcat 7 doesn't have the redirect valve so it won't be that.
> > >
> > > Are you sure that the redirect is being issued by Tomcat? Might there
> be
> > > a reverse proxy in mix somewhere?
> > >
> >
> > No reverse proxies configured that I specifically know about.
> >
> >
> > > Other than that, it would have to be in the application code somewhere.
> > >
> >
> > In that case it must be as you say; i.e. in the code somewhere.
> >
> >
> > > > I browse to here on our LAN:
> > > >
> > > > https://myinternalhost.mydomain.com.au:8443
> > >
> > > Check what myinternalhost.mydomain.com.au resolves to in terms of an
> IP
> > > address.
> > >
> >
> > Amongst other things, I administer the network, DNS and DHCP so I know
> that
> > the name resolution is correct. I have re-checked to confirm.
> >
> > Try requesting a page that won't trigger a directory redirect. Something
> > > like:
> > >
> > > https://myinternalhost.mydomain.com.au:8443/index.html
> > >
> > > You may need to adjust that for your application.
> > >
> >
> > I found this in tomcat7/webapps/index.jsp:
> >
> > # cat index.jsp
> > <%@ taglib uri="/tags/struts-logic" prefix="logic" %>
> >
> > 
> >
> > That's the entire file! I'm not really clued in to how that works but it
> > does look like a code based redirect.
> >
> > This whole query has come about because I've been trying to secure the
> > tomcat webapps with SSL. The certificate management in java is
> challenging
> > having to use yet another certificate management tool (keytool).
> >
> > I realise now that I've just browsed to a default webapp running on
> tomcat.
> > Further investigation shows that the other webapps (some 17 separate
> > webapps) are indeed working correctly and SSL secured. I think I just
> > panicked a little seeing the 'redirect' to an external IP and got
> > bogged down unnecessarily into that redirect.
> >
> > For example, if I browse to:
> >
> > https://myinternalhost.mydomain.com.au:8443/legacyapp1
> >
> > the webapp runs, there is no redirect and it's SSL secured. The same for
> > legacyapp[2-17].
> >
> > I appreciate and thank you for your help.
> >
> > Kind regards,
> > Tom
> >
> >
> > >
> > > > I end up here:
> > > >
> > > > https://a.b.c.d:8443/kb
> > > >
> > > > Where a.b.c.d is our external, ISP provided IP Address.
> > > >
> > > > Why is this happening and how can I fix it?
> > > >
> > > > *Kind regards,*
> > > >
> > > > *Tom Robinson*
> > > > *IT Manager/System Administrator*
> > > >
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > >
> > >
> >
> > --
> > *MoTeC Pty Ltd*
> >
> > 121 Merrindale Drive
> > Croydon South 3136
> > Victoria Australia
> > *T: *61 3 9761 5050
> > *W: *www.motec.com.au 
> >
> >
> > --
> >  
> > 
> > 
> > 
> >
> >
> > --
> >  
> >
> > --
> >
> >
> > Disclaimer Notice: This message, including any attachments, contains
> > confidential information intended for a specific individual and purpose
> > and
> > is protected by law. If you are not the intended recipient you should
> > delete this message.

Re: Embedded Tomcat common classloader

2024-06-06 Thread Dave Breeze 
Thanks Mark
appreciate that the url was for 8.0

With regards to classpath that was my first attempt - unfortunately it
would seem that Tomcat does not support wildcards in the classpath -
for example dirpath/lib/*.jar - at least in version 9.


Dave Breeze
Linkedin:https://uk.linkedin.com/in/dabreeze

On Thu, 6 Jun 2024 at 17:23, Mark Thomas  wrote:
>
> On 06/06/2024 17:52, Dave Breeze wrote:
> >   I have an issue with embedded Tomcat and classloaders.
> >
> > I have a java servlet application that runs in an embedded
> > Tomcat(9.0.70) instance.
>
> 
>
> > https://tomcat.apache.org/tomcat-8.0-doc/class-loader-howto.html
>
> Those are the Tomcat 8.0.x docs. You are using Tomcat 9.0.x.
>
> Tomcat embedded does not set up the class loader structure you get with
> a standard Tomcat instance. Tomcat just uses the classpath.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Embedded Tomcat common classloader

2024-06-06 Thread Mark Thomas 

On 06/06/2024 17:52, Dave Breeze wrote:

  I have an issue with embedded Tomcat and classloaders.

I have a java servlet application that runs in an embedded
Tomcat(9.0.70) instance.





https://tomcat.apache.org/tomcat-8.0-doc/class-loader-howto.html


Those are the Tomcat 8.0.x docs. You are using Tomcat 9.0.x.

Tomcat embedded does not set up the class loader structure you get with 
a standard Tomcat instance. Tomcat just uses the classpath.


Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Side effect of Tomcat 10.1.20 with Freemarker

2024-06-06 Thread Mark Thomas 

On 06/06/2024 11:01, Jeroen Hoffman wrote:

Hi all,

We've found a side effect of change #68721 [1] in Tomcat 10.1.20 that 
we'd like to notify you about.


We're using Apache Freemarker for back-end templating, and its NodeModel 
class uses reflection to determine what classes to use for xpath, 
thereby catching IllegalAccessError, see [2].


Per change #68721 a IllegalAccessError is caught as LinkageError and 
turned into a Throwable, NoClassDefFoundError in our case, see [3], and 
then falls through that block in NodeModel and errors out.


So this change in Tomcat alters the behaviour in Freemarker, which I 
assume was unexpected. We can (and must) work around it, preventing the 
IllegalAccessError, but still, maybe you'd like to improve again or have 
other thoughts?


How are you getting from the original IllegalAccessError to a 
NoClassDefFoundError? Tomcat should re-throw the original 
IllegalAccessError.


Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Embedded Tomcat common classloader

2024-06-06 Thread Dave Breeze 
 I have an issue with embedded Tomcat and classloaders.

I have a java servlet application that runs in an embedded
Tomcat(9.0.70) instance. When the application is packaged into a
single war file – the application loads and performs as expected
(classes are fond in WEB-INF/lib.

Due to some system constraints it is necessary to deliver the
application code separate from its dependencies.

I modified the application pom to copy the dependencies to
${project.build.directory}/lib/




org.apache.maven.plugins
maven-dependency-plugin
2.5.1


copy-dependencies
package

copy-dependencies


${project.build.directory}/lib/






and to exclude the jar files from the war file



org.apache.maven.plugins
maven-war-plugin

WEB-INF/lib/*.jar




this builds the project as expected – 1 war file and one lib directory.


The class that creates the embedded Tomcat environment includes (much
abbreviated):


System.setProperty("catalina.home", catHome) ;
tomcat.start();
server = tomcat.getServer();
File base = server.getCatalinaBase();
File home = server.getCatalinaHome();
log.info("starting on port:" + sslPort +
" with home:" + home.getAbsolutePath() +
" base:" + base.getAbsolutePath());



The logging confirms that CATALINA_HOME is set.


On execution receive ClassNotFoundException,

java.lang.ClassNotFoundException:
com.google.gwt.user.server.rpc.RemoteServiceServlet
at 
org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1412)
at 
org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1220)
at java.lang.ClassLoader.defineClassImpl(Native Method)
at java.lang.ClassLoader.defineClassInternal(ClassLoader.java:396)
at java.lang.ClassLoader.defineClass(ClassLoader.java:357)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:154)
at 
org.apache.catalina.loader.WebappClassLoaderBase.findClassInternal(WebappClassLoaderBase.java:2472)
at 
org.apache.catalina.loader.WebappClassLoaderBase.findClass(WebappClassLoaderBase.java:875)
at 
org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1376)
at 
org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1220)
at 
org.apache.catalina.core.DefaultInstanceManager.loadClass(DefaultInstanceManager.java:534)
at 
org.apache.catalina.core.DefaultInstanceManager.loadClassMaybePrivileged(DefaultInstanceManager.java:515)
at 
org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:149)
at 
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1067)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1007)
at 
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4948)
at 
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5256)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at 
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1393)
at 
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1383)
at java.util.concurrent.FutureTask.run(FutureTask.java:277)
at 
org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
at 
java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:145)
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:916)
at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:835)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at 
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1393)
at 
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1383)
at java.util.concurrent.FutureTask.run(FutureTask.java:277)
at 
org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
at 
java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:145)
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:916)
at 
org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:265)
at 
org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:265)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at 
org.apache.catalina.core.StandardService.startInternal(StandardService.java:430)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at 
org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.startup.Tomcat.start(Tomcat.java:486)


My understanding from
https://tomcat.apache.org/tomcat-8.0-doc/class-loader-howto.html is
that the Tomcat common loader will search for jars in
CATALINA_HOME/lib. My CATALINA_HOME/lib contains gwt-user-2.10.0.jar
which contains RemoteServiceServlet.class.


Why is the Tomcat common loader not finding this class?


many

8443 connector configuration (tomcat9)

2024-06-06 Thread Christoph Kukulies 
I have the following configuration:

HAPROXY   TOMCAT9
https://cms.site.org/==>  https://cms.site.org:8443/


Haproxy is passing the https-request through to tomcat.

So far the request seems to arrive on the tomcat side but a secure connection 
can't be established since the
certificate infomation is missing.

I looked at the server.xml config file, especially into the section:

  






I can supply the information where the site.cer and priv.key are located but 
which protocol to use and what else parameters are required
is a closed book to me. Could anyone help?

Thank you.

--
Christoph



smime.p7s
Description: S/MIME cryptographic signature

Side effect of Tomcat 10.1.20 with Freemarker

2024-06-06 Thread Jeroen Hoffman 

Hi all,

We've found a side effect of change #68721 [1] in Tomcat 10.1.20 that 
we'd like to notify you about.


We're using Apache Freemarker for back-end templating, and its NodeModel 
class uses reflection to determine what classes to use for xpath, 
thereby catching IllegalAccessError, see [2].


Per change #68721 a IllegalAccessError is caught as LinkageError and 
turned into a Throwable, NoClassDefFoundError in our case, see [3], and 
then falls through that block in NodeModel and errors out.


So this change in Tomcat alters the behaviour in Freemarker, which I 
assume was unexpected. We can (and must) work around it, preventing the 
IllegalAccessError, but still, maybe you'd like to improve again or have 
other thoughts?


Regards,
Jeroen Hoffman

[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=68721
[2] 
https://github.com/apache/freemarker/blob/2.3/freemarker-core/src/main/java/freemarker/ext/dom/NodeModel.java#L645
[3] 
https://github.com/apache/tomcat/blob/10.1.x/java/org/apache/catalina/loader/WebappClassLoaderBase.java#L2307



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org