Tomcat 9 realm datasource digest attribute

2016-06-10 Thread Hardibo Pierre-Jean 
Hello, it seems realm's digest attribute is depreciated in tomcat9, how 
can i replace it ? (MD5) thanks


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Updating Apache Tomcat to a current version

2016-06-10 Thread paul.greene.va 
Actually, I don't want to have parallel versions going; 7.0.53 needs to 
go away to address the vulnerabilities found in the audit scan. Ideally 
everything should be the same as it is now, with the only difference 
being the app is using 7.0.69 rather than 7.0.53.



On 6/10/2016 12:48 AM, Daniel Savard wrote:

2016-06-09 23:04 GMT-04:00 paul.greene.va :


Hello All,

I manage an HP application that uses Apache Tomcat as a 3rd party
application. The installed Tomcat version is 7.0.53. Because of a recent
audit scan I have to update it to the most current version (7.0.69). HP
says - "not our application; we don't support it".

Is there an existing guide that describes how to update to a more recent
version within the same series? (7, in this case). Maybe I'm just missing
it but I cannot find anything that specific on the Apache Tomcat website.

Tomcat is installed on 64 bit Windows 2012.



Hi Paul,

just look at the Tomcat documentation on how you can install multiple
versions of Tomcat in parallel on the same Windows server. You do not
upgrade Tomcat, you install the latest version and then you drop you HP
webapps in the new container, provided you have configured it properly. In
fact, you can run both versions of Tomcat in parallel with the HP webapps
if you wish. I am doing this at will and I am also running a bunch of HP
web applications. You can also configure Tomcat to use whatever version of
Java you wish and again, you can have multiple versions of Java if needed.

Regards,
Daniel




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Yet another odd file in /tmp created by tomcat7

2016-06-10 Thread Scott Derrick 

Tomcat7
CentOS 6

I see the file ehcache-sizeof-agent2473717668134475820.jar in /tmp

It is created when I run one of my applications for the first time. The number 
part of the file name changes every time I restart the application.

I have seen an exception like this a few times that is associated with this 
file.

INFO   | jvm 1| 2016/06/07 10:07:52 | Jun 07, 2016 10:07:52 AM 
org.apache.tomcat.util.scan.StandardJarScanner scan
INFO   | jvm 1| 2016/06/07 10:07:52 | WARNING: Failed to scan 
[file:/tmp/ehcache-sizeof-agent4275027271014173816.jar] from classloader 
hierarchy
INFO   | jvm 1| 2016/06/07 10:07:52 | java.io.FileNotFoundException: 
/tmp/ehcache-sizeof-agent4275027271014173816.jar (No such file or directory)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
java.util.zip.ZipFile.open(Native Method)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
java.util.zip.ZipFile.(ZipFile.java:215)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
java.util.zip.ZipFile.(ZipFile.java:145)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
java.util.jar.JarFile.(JarFile.java:153)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
java.util.jar.JarFile.(JarFile.java:90)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
sun.net.www.protocol.jar.URLJarFile.(URLJarFile.java:93)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:88)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
sun.net.www.protocol.jar.JarURLConnection.getJarFile(JarURLConnection.java:89)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.tomcat.util.scan.FileUrlJar.(FileUrlJar.java:41)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.tomcat.util.scan.JarFactory.newInstance(JarFactory.java:34)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.catalina.startup.ContextConfig$FragmentJarScannerCallback.scan(ContextConfig.java:2664)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.tomcat.util.scan.StandardJarScanner.process(StandardJarScanner.java:259)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.tomcat.util.scan.StandardJarScanner.scan(StandardJarScanner.java:221)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.catalina.startup.ContextConfig.processJarsForWebFragments(ContextConfig.java:1931)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1261)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:878)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:376)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5322)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.catalina.manager.ManagerServlet.start(ManagerServlet.java:1256)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.catalina.manager.HTMLManagerServlet.start(HTMLManagerServlet.java:714)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.catalina.manager.HTMLManagerServlet.doPost(HTMLManagerServlet.java:219)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:212)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
INFO   | jvm 1| 2016/06/07 10:07:52 |   at

Re: Re: Tomcat application folder created in /tmp?

2016-06-10 Thread Anthony Biacco 
On Fri, Jun 10, 2016 at 11:04 AM, Scott Derrick  wrote:

>
> I'm not sure why those flags were set to true? I removed them and the copy
> is gone! thanks.
>

I can only imagine some sort of alcohol-induced admining? ;)


>
> I'm running on linux and understand that the locking has no effect anyway.
>
> thanks again,
>

yep yep. cheers


-Tony


>
> --
> We are all here for a spell; get all the good laughs you can.
> Will Rogers
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Re: Tomcat application folder created in /tmp?

2016-06-10 Thread Scott Derrick 



 Original Message 
Subject: Re: Tomcat application folder created in /tmp?
From: Anthony Biacco 
To: Tomcat Users List 
Date: Wed, 8 Jun 2016 14:21:39 -0600


On Wed, Jun 8, 2016 at 1:51 PM, Scott Derrick  wrote:


Tomcat7
Java 1.8.0_51
Running on CentOS 6(Linux)

When I deploy one of my apps using the tomcat manager app, it unpaks the
.war file into

../webapp/appName

and

/tmp/0-appName

The files look identical in both folders except the files in the
webapp/appName folder have the timestamp of when I created the war, and the
files in /tmp/0-appName have the timestamp of when I deployed the war.

what is the /tmp/appName folder and files for?

why does it do this for this app but not the other 7 apps I have deployed?

thanks,

Scott



this will happen if you have antiResourceLocking or antiJARLocking set to
true in your context config. if you do, question why you are doing this as
it's not the default.

http://tomcat.apache.org/tomcat-7.0-doc/config/context.html

-Tony


I'm not sure why those flags were set to true? I removed them and the copy is 
gone! thanks.

I'm running on linux and understand that the locking has no effect anyway.

thanks again,

Scott


--
We are all here for a spell; get all the good laughs you can.
Will Rogers

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

secure_protocol_version is null when using NIO2

2016-06-10 Thread Jason Schwanz 
Environment: Tomcat 8.0.33 on RHEL6

In our app we are capturing the SSL/TLS protocol being used by referencing
the org.apache.tomcat.util.net.secure_protocol_version request attribute.
When the connector is NIO this works beautifully, but trying this on NIO2
returns null.
-
Jason Schwanz

tomcat dns cache forever

2016-06-10 Thread Niranjan Babu Bommu 
Hi All,

I have an issue with tomcat dns cache ttl, where if I change the IP address
of the database, tomcat still sending connection requests to an old IP
until I restart tomcat, this is not the case with Jboss. I verified in java
security, this what we have in java.

#networkaddress.cache.ttl=-1

since this property has been disabled, by default ttl will be 30 sec, jboss
7 is respecting this value, but not tomcat.

so far I have tried these things in tomcat.

https://bz.apache.org/bugzilla/show_bug.cgi?id=33226

neither of these settings is not working in tomcat

-Dnetworkaddress.cache.ttl=0 or -Dsun.net.inetaddr.ttl=0


java version "1.7.0_60"
tomcat-7.0.56
os centos 6.

can someone please help me out to fix this issue?

-- 
*Thanks*
*Niranjan*

Re: Updating Apache Tomcat to a current version

2016-06-10 Thread paul.greene.va 

Ok, I'm totally new to Apache Tomcat; that's kind of all Greek to me.

When you say "drop a new webapp in a container", can you do that just by 
copying the WAR file from the current app into the new Tomcat folder? Or 
does a new WAR file need to be generated?


On 6/10/2016 12:48 AM, Daniel Savard wrote:

2016-06-09 23:04 GMT-04:00 paul.greene.va :


Hello All,

I manage an HP application that uses Apache Tomcat as a 3rd party
application. The installed Tomcat version is 7.0.53. Because of a recent
audit scan I have to update it to the most current version (7.0.69). HP
says - "not our application; we don't support it".

Is there an existing guide that describes how to update to a more recent
version within the same series? (7, in this case). Maybe I'm just missing
it but I cannot find anything that specific on the Apache Tomcat website.

Tomcat is installed on 64 bit Windows 2012.



Hi Paul,

just look at the Tomcat documentation on how you can install multiple
versions of Tomcat in parallel on the same Windows server. You do not
upgrade Tomcat, you install the latest version and then you drop you HP
webapps in the new container, provided you have configured it properly. In
fact, you can run both versions of Tomcat in parallel with the HP webapps
if you wish. I am doing this at will and I am also running a bunch of HP
web applications. You can also configure Tomcat to use whatever version of
Java you wish and again, you can have multiple versions of Java if needed.

Regards,
Daniel




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 6.0.45 - Problem in creating the socket.

2016-06-10 Thread Radha Krishna Meduri -X (radmedur - HCL TECHNOLOGIES LIMITED at Cisco) 
Hi,
We are trying to upgrade to 6.0.45 from 6.0.37.
Tomcat starting fine, but while creating the socket we are getting following 
exception.

For SSL implementation, we are using NSS/JSS from Mozilla.
The SSL implementation works fine with 6.037, but failing with 45.
Do you have any idea whether we have to modify SSL implementation to reflect 
new Tomcat changes?

org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler process
SEVERE: Error reading request, ignored
java.lang.ClassCastException: com.sun.net.ssl.internal.ssl.SSLSocketImpl cannot 
be cast to org.mozilla.jss.ssl.SSLSocket
at 
org.apache.tomcat.util.net.jsse.XXXSSLImplementation.getSSLSupport(XXXSSLImplementation.java:51)
at 
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
at 
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:504)
at java.lang.Thread.run(Unknown Source)

Thanks
Radhakrishna

RE: Remove Port from Https URL || SSL Port Issue || Important

2016-06-10 Thread Caldarale, Charles R 
> From: Christoph Nenning [mailto:christoph.nenn...@lex-com.net] 
> Subject: Re: Remove Port from Https URL || SSL Port Issue || Important

> ports below 1024 are privileged ports and can be opened by root only. Of 
> course you don't want to run tomcat as root. There are several ways to 
> open them anyway as non-root, e.g. the capability CAP_NET_BIND_SERVICE or 
> the tool authbind  (not sure if available in your version of redhat).

There's a wiki entry for this:
http://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileges.3F

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Remove Port from Https URL || SSL Port Issue || Important

2016-06-10 Thread Christoph Nenning 
> > Hello Gurus,
> >
> > We are using Tomcat to serve our User Base (we are not using 
> Apache http Server but only Tomcat). We have recently enabled SSL in
> our Project and everything runs just fine. We raised the CSR using 
> keytool, got the Certificates, So both of my below URLs work perfectly:
> >
> > http://hostname:8080
> > https://hostname:8443
> >
> > Framework Details:
> > OS: Red Hat Enterprise Linux Server release 5.9 (Tikanga)
> > Tomcat Version: 7.x
> >
> > Port 8443 which was not coming in the netstat o/p, now comes:
> >
> > netstat -an | grep 8443
> > tcp0  0 0.0.0.0:84430.0.0.0:* LISTEN
> >
> >
> > Here is how the server.xml looks like (excluding the ciphers list):
> >
> > 
> 
===
> >
> >   > port="8080" protocol="HTTP/1.1"
> > connectionTimeout="2"
> > redirectPort="8443" />
> >
> >  
> >
> >
> >
> >   > maxThreads="150" scheme="https" secure="true"
> > keystoreFile="/abc/xyz/
> XX.keystore" keystorePass="XX"
> > clientAuth="false" sslProtocol="TLS"
> > ciphers="X" />
> >
> > 
> 
=
> >
> > Now the requirement is that, we exclude the Port no. from the URL.
> Believe the only way out is to use Port 443 instead of 8443, so in 
> the above configuration in the SSL section we just replace the port 
> "8443" with Port "443" and give the redirectPort as "8443".
> >
> > However, it is not working out for us. We did a lot of 
> investigation, surfing but could not find any solution.
> > Also we confirmed that Port 443 is not blocked anywhere. Also 
> "netstat -an" doesn't give any o/p for Port 443:Below is how our 
> config looks like when we tried it out enabling 443 (excluding ciphers).
> >
> > 
> 
==
> >
> >   > port="8080" protocol="HTTP/1.1"
> > connectionTimeout="2"
> > redirectPort="8443" />
> >
> >  
> >
> >
> >
> >   protocol="HTTP/1.1" SSLEnabled="true"
> > maxThreads="150" scheme="https" secure="true"
> > keystoreFile="/abc/xyz/
> XX.keystore" keystorePass="XX"
> > clientAuth="false" sslProtocol="TLS" 
redirectPort="8443"
> > ciphers="XXX" />
> >
> >
> > 
> 
==
> >
> > Really appreciate your help and guidance towards resolving the 
> issue. Many thanks in advance...
> >
> 
> Hi.
> Thanks for the info provided above.
> (Suggested improvement still : provide the exact Tomcat version, and
> the Java version.)
> 
> Others :
> - the "redirectPort" attribute above (on the SSL Connector), is not 
> needed (and ignored) 
> if the Connector is already HTTPS anyway. See : 
> http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Attributes 
> --> redirectPort
> 
> but more importantly : what does the Tomcat logfile say ?
> (It should open port 443; if it doesn't, it may be that this port is
> already in use by 
> another program. The log would tell you that.)
> 
> netstat -pan | grep LISTEN | grep 443
> 
> (-pan will also list the program name and PID of what owns it)
> 
> 
> 
> 

Hi,

ports below 1024 are privileged ports and can be opened by root only. Of 
course you don't want to run tomcat as root. There are several ways to 
open them anyway as non-root, e.g. the capability CAP_NET_BIND_SERVICE or 
the tool authbind  (not sure if available in your version of redhat).

Hope that points you in the right direction.

Regards,
Christoph

This Email was scanned by Sophos Anti Virus

Re: Remove Port from Https URL || SSL Port Issue || Important

2016-06-10 Thread tomcat 

On 10.06.2016 12:14, varun gulati wrote:

Hello Gurus,

We are using Tomcat to serve our User Base (we are not using Apache http Server 
but only Tomcat). We have recently enabled SSL in our Project and everything 
runs just fine. We raised the CSR using keytool, got the Certificates, So both 
of my below URLs work perfectly:

http://hostname:8080
https://hostname:8443

Framework Details:
OS: Red Hat Enterprise Linux Server release 5.9 (Tikanga)
Tomcat Version: 7.x

Port 8443 which was not coming in the netstat o/p, now comes:

netstat -an | grep 8443
tcp0  0 0.0.0.0:84430.0.0.0:*   
LISTEN


Here is how the server.xml looks like (excluding the ciphers list):

===

 

 



 

=

Now the requirement is that, we exclude the Port no. from the URL. Believe the only way out is to use Port 
443 instead of 8443, so in the above configuration in the SSL section we just replace the port 
"8443" with Port "443" and give the redirectPort as "8443".

However, it is not working out for us. We did a lot of investigation, surfing 
but could not find any solution.
Also we confirmed that Port 443 is not blocked anywhere. Also "netstat -an" 
doesn't give any o/p for Port 443:Below is how our config looks like when we tried it out 
enabling 443 (excluding ciphers).

==

 

 



 


==

Really appreciate your help and guidance towards resolving the issue. Many 
thanks in advance...



Hi.
Thanks for the info provided above.
(Suggested improvement still : provide the exact Tomcat version, and the Java 
version.)

Others :
- the "redirectPort" attribute above (on the SSL Connector), is not needed (and ignored) 
if the Connector is already HTTPS anyway. See : 
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Attributes --> redirectPort


but more importantly : what does the Tomcat logfile say ?
(It should open port 443; if it doesn't, it may be that this port is already in use by 
another program. The log would tell you that.)


netstat -pan | grep LISTEN | grep 443

(-pan will also list the program name and PID of what owns it)




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Remove Port from Https URL || SSL Port Issue || Important

2016-06-10 Thread varun gulati 
Hello Gurus,

We are using Tomcat to serve our User Base (we are not using Apache http Server 
but only Tomcat). We have recently enabled SSL in our Project and everything 
runs just fine. We raised the CSR using keytool, got the Certificates, So both 
of my below URLs work perfectly:

http://hostname:8080
https://hostname:8443

Framework Details: 
OS: Red Hat Enterprise Linux Server release 5.9 (Tikanga)
Tomcat Version: 7.x

Port 8443 which was not coming in the netstat o/p, now comes:

netstat -an | grep 8443
tcp    0  0 0.0.0.0:8443    0.0.0.0:*   
LISTEN


Here is how the server.xml looks like (excluding the ciphers list):

===

    

    



    

=

Now the requirement is that, we exclude the Port no. from the URL. Believe the 
only way out is to use Port 443 instead of 8443, so in the above configuration 
in the SSL section we just replace the port "8443" with Port "443" and give the 
redirectPort as "8443".

However, it is not working out for us. We did a lot of investigation, surfing 
but could not find any solution. 
Also we confirmed that Port 443 is not blocked anywhere. Also "netstat -an" 
doesn't give any o/p for Port 443:Below is how our config looks like when we 
tried it out enabling 443 (excluding ciphers). 

==

    

    



    


==

Really appreciate your help and guidance towards resolving the issue. Many 
thanks in advance...

 Thanks and Regards,Varun Gulati+91-9665121901