Tomcat 9 realm datasource digest attribute
Hello, it seems realm's digest attribute is depreciated in tomcat9, how can i replace it ? (MD5) thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Updating Apache Tomcat to a current version
Actually, I don't want to have parallel versions going; 7.0.53 needs to go away to address the vulnerabilities found in the audit scan. Ideally everything should be the same as it is now, with the only difference being the app is using 7.0.69 rather than 7.0.53. On 6/10/2016 12:48 AM, Daniel Savard wrote: 2016-06-09 23:04 GMT-04:00 paul.greene.va: Hello All, I manage an HP application that uses Apache Tomcat as a 3rd party application. The installed Tomcat version is 7.0.53. Because of a recent audit scan I have to update it to the most current version (7.0.69). HP says - "not our application; we don't support it". Is there an existing guide that describes how to update to a more recent version within the same series? (7, in this case). Maybe I'm just missing it but I cannot find anything that specific on the Apache Tomcat website. Tomcat is installed on 64 bit Windows 2012. Hi Paul, just look at the Tomcat documentation on how you can install multiple versions of Tomcat in parallel on the same Windows server. You do not upgrade Tomcat, you install the latest version and then you drop you HP webapps in the new container, provided you have configured it properly. In fact, you can run both versions of Tomcat in parallel with the HP webapps if you wish. I am doing this at will and I am also running a bunch of HP web applications. You can also configure Tomcat to use whatever version of Java you wish and again, you can have multiple versions of Java if needed. Regards, Daniel - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Yet another odd file in /tmp created by tomcat7
Tomcat7 CentOS 6 I see the file ehcache-sizeof-agent2473717668134475820.jar in /tmp It is created when I run one of my applications for the first time. The number part of the file name changes every time I restart the application. I have seen an exception like this a few times that is associated with this file. INFO | jvm 1| 2016/06/07 10:07:52 | Jun 07, 2016 10:07:52 AM org.apache.tomcat.util.scan.StandardJarScanner scan INFO | jvm 1| 2016/06/07 10:07:52 | WARNING: Failed to scan [file:/tmp/ehcache-sizeof-agent4275027271014173816.jar] from classloader hierarchy INFO | jvm 1| 2016/06/07 10:07:52 | java.io.FileNotFoundException: /tmp/ehcache-sizeof-agent4275027271014173816.jar (No such file or directory) INFO | jvm 1| 2016/06/07 10:07:52 | at java.util.zip.ZipFile.open(Native Method) INFO | jvm 1| 2016/06/07 10:07:52 | at java.util.zip.ZipFile.(ZipFile.java:215) INFO | jvm 1| 2016/06/07 10:07:52 | at java.util.zip.ZipFile.(ZipFile.java:145) INFO | jvm 1| 2016/06/07 10:07:52 | at java.util.jar.JarFile.(JarFile.java:153) INFO | jvm 1| 2016/06/07 10:07:52 | at java.util.jar.JarFile.(JarFile.java:90) INFO | jvm 1| 2016/06/07 10:07:52 | at sun.net.www.protocol.jar.URLJarFile.(URLJarFile.java:93) INFO | jvm 1| 2016/06/07 10:07:52 | at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69) INFO | jvm 1| 2016/06/07 10:07:52 | at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:88) INFO | jvm 1| 2016/06/07 10:07:52 | at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122) INFO | jvm 1| 2016/06/07 10:07:52 | at sun.net.www.protocol.jar.JarURLConnection.getJarFile(JarURLConnection.java:89) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.tomcat.util.scan.FileUrlJar.(FileUrlJar.java:41) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.tomcat.util.scan.JarFactory.newInstance(JarFactory.java:34) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.catalina.startup.ContextConfig$FragmentJarScannerCallback.scan(ContextConfig.java:2664) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.tomcat.util.scan.StandardJarScanner.process(StandardJarScanner.java:259) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.tomcat.util.scan.StandardJarScanner.scan(StandardJarScanner.java:221) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.catalina.startup.ContextConfig.processJarsForWebFragments(ContextConfig.java:1931) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1261) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:878) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:376) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5322) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.catalina.manager.ManagerServlet.start(ManagerServlet.java:1256) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.catalina.manager.HTMLManagerServlet.start(HTMLManagerServlet.java:714) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.catalina.manager.HTMLManagerServlet.doPost(HTMLManagerServlet.java:219) INFO | jvm 1| 2016/06/07 10:07:52 | at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) INFO | jvm 1| 2016/06/07 10:07:52 | at javax.servlet.http.HttpServlet.service(HttpServlet.java:728) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:212) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) INFO | jvm 1| 2016/06/07 10:07:52 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) INFO | jvm 1| 2016/06/07 10:07:52 | at
Re: Re: Tomcat application folder created in /tmp?
On Fri, Jun 10, 2016 at 11:04 AM, Scott Derrickwrote: > > I'm not sure why those flags were set to true? I removed them and the copy > is gone! thanks. > I can only imagine some sort of alcohol-induced admining? ;) > > I'm running on linux and understand that the locking has no effect anyway. > > thanks again, > yep yep. cheers -Tony > > -- > We are all here for a spell; get all the good laughs you can. > Will Rogers > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Re: Tomcat application folder created in /tmp?
Original Message Subject: Re: Tomcat application folder created in /tmp? From: Anthony BiaccoTo: Tomcat Users List Date: Wed, 8 Jun 2016 14:21:39 -0600 On Wed, Jun 8, 2016 at 1:51 PM, Scott Derrick wrote: Tomcat7 Java 1.8.0_51 Running on CentOS 6(Linux) When I deploy one of my apps using the tomcat manager app, it unpaks the .war file into ../webapp/appName and /tmp/0-appName The files look identical in both folders except the files in the webapp/appName folder have the timestamp of when I created the war, and the files in /tmp/0-appName have the timestamp of when I deployed the war. what is the /tmp/appName folder and files for? why does it do this for this app but not the other 7 apps I have deployed? thanks, Scott this will happen if you have antiResourceLocking or antiJARLocking set to true in your context config. if you do, question why you are doing this as it's not the default. http://tomcat.apache.org/tomcat-7.0-doc/config/context.html -Tony I'm not sure why those flags were set to true? I removed them and the copy is gone! thanks. I'm running on linux and understand that the locking has no effect anyway. thanks again, Scott -- We are all here for a spell; get all the good laughs you can. Will Rogers - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
secure_protocol_version is null when using NIO2
Environment: Tomcat 8.0.33 on RHEL6 In our app we are capturing the SSL/TLS protocol being used by referencing the org.apache.tomcat.util.net.secure_protocol_version request attribute. When the connector is NIO this works beautifully, but trying this on NIO2 returns null. - Jason Schwanz
tomcat dns cache forever
Hi All, I have an issue with tomcat dns cache ttl, where if I change the IP address of the database, tomcat still sending connection requests to an old IP until I restart tomcat, this is not the case with Jboss. I verified in java security, this what we have in java. #networkaddress.cache.ttl=-1 since this property has been disabled, by default ttl will be 30 sec, jboss 7 is respecting this value, but not tomcat. so far I have tried these things in tomcat. https://bz.apache.org/bugzilla/show_bug.cgi?id=33226 neither of these settings is not working in tomcat -Dnetworkaddress.cache.ttl=0 or -Dsun.net.inetaddr.ttl=0 java version "1.7.0_60" tomcat-7.0.56 os centos 6. can someone please help me out to fix this issue? -- *Thanks* *Niranjan*
Re: Updating Apache Tomcat to a current version
Ok, I'm totally new to Apache Tomcat; that's kind of all Greek to me. When you say "drop a new webapp in a container", can you do that just by copying the WAR file from the current app into the new Tomcat folder? Or does a new WAR file need to be generated? On 6/10/2016 12:48 AM, Daniel Savard wrote: 2016-06-09 23:04 GMT-04:00 paul.greene.va: Hello All, I manage an HP application that uses Apache Tomcat as a 3rd party application. The installed Tomcat version is 7.0.53. Because of a recent audit scan I have to update it to the most current version (7.0.69). HP says - "not our application; we don't support it". Is there an existing guide that describes how to update to a more recent version within the same series? (7, in this case). Maybe I'm just missing it but I cannot find anything that specific on the Apache Tomcat website. Tomcat is installed on 64 bit Windows 2012. Hi Paul, just look at the Tomcat documentation on how you can install multiple versions of Tomcat in parallel on the same Windows server. You do not upgrade Tomcat, you install the latest version and then you drop you HP webapps in the new container, provided you have configured it properly. In fact, you can run both versions of Tomcat in parallel with the HP webapps if you wish. I am doing this at will and I am also running a bunch of HP web applications. You can also configure Tomcat to use whatever version of Java you wish and again, you can have multiple versions of Java if needed. Regards, Daniel - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 6.0.45 - Problem in creating the socket.
Hi, We are trying to upgrade to 6.0.45 from 6.0.37. Tomcat starting fine, but while creating the socket we are getting following exception. For SSL implementation, we are using NSS/JSS from Mozilla. The SSL implementation works fine with 6.037, but failing with 45. Do you have any idea whether we have to modify SSL implementation to reflect new Tomcat changes? org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler process SEVERE: Error reading request, ignored java.lang.ClassCastException: com.sun.net.ssl.internal.ssl.SSLSocketImpl cannot be cast to org.mozilla.jss.ssl.SSLSocket at org.apache.tomcat.util.net.jsse.XXXSSLImplementation.getSSLSupport(XXXSSLImplementation.java:51) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:504) at java.lang.Thread.run(Unknown Source) Thanks Radhakrishna
RE: Remove Port from Https URL || SSL Port Issue || Important
> From: Christoph Nenning [mailto:christoph.nenn...@lex-com.net] > Subject: Re: Remove Port from Https URL || SSL Port Issue || Important > ports below 1024 are privileged ports and can be opened by root only. Of > course you don't want to run tomcat as root. There are several ways to > open them anyway as non-root, e.g. the capability CAP_NET_BIND_SERVICE or > the tool authbind (not sure if available in your version of redhat). There's a wiki entry for this: http://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileges.3F - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Remove Port from Https URL || SSL Port Issue || Important
> > Hello Gurus, > > > > We are using Tomcat to serve our User Base (we are not using > Apache http Server but only Tomcat). We have recently enabled SSL in > our Project and everything runs just fine. We raised the CSR using > keytool, got the Certificates, So both of my below URLs work perfectly: > > > > http://hostname:8080 > > https://hostname:8443 > > > > Framework Details: > > OS: Red Hat Enterprise Linux Server release 5.9 (Tikanga) > > Tomcat Version: 7.x > > > > Port 8443 which was not coming in the netstat o/p, now comes: > > > > netstat -an | grep 8443 > > tcp0 0 0.0.0.0:84430.0.0.0:* LISTEN > > > > > > Here is how the server.xml looks like (excluding the ciphers list): > > > > > === > > > > > port="8080" protocol="HTTP/1.1" > > connectionTimeout="2" > > redirectPort="8443" /> > > > > > > > > > > > > > maxThreads="150" scheme="https" secure="true" > > keystoreFile="/abc/xyz/ > XX.keystore" keystorePass="XX" > > clientAuth="false" sslProtocol="TLS" > > ciphers="X" /> > > > > > = > > > > Now the requirement is that, we exclude the Port no. from the URL. > Believe the only way out is to use Port 443 instead of 8443, so in > the above configuration in the SSL section we just replace the port > "8443" with Port "443" and give the redirectPort as "8443". > > > > However, it is not working out for us. We did a lot of > investigation, surfing but could not find any solution. > > Also we confirmed that Port 443 is not blocked anywhere. Also > "netstat -an" doesn't give any o/p for Port 443:Below is how our > config looks like when we tried it out enabling 443 (excluding ciphers). > > > > > == > > > > > port="8080" protocol="HTTP/1.1" > > connectionTimeout="2" > > redirectPort="8443" /> > > > > > > > > > > > > protocol="HTTP/1.1" SSLEnabled="true" > > maxThreads="150" scheme="https" secure="true" > > keystoreFile="/abc/xyz/ > XX.keystore" keystorePass="XX" > > clientAuth="false" sslProtocol="TLS" redirectPort="8443" > > ciphers="XXX" /> > > > > > > > == > > > > Really appreciate your help and guidance towards resolving the > issue. Many thanks in advance... > > > > Hi. > Thanks for the info provided above. > (Suggested improvement still : provide the exact Tomcat version, and > the Java version.) > > Others : > - the "redirectPort" attribute above (on the SSL Connector), is not > needed (and ignored) > if the Connector is already HTTPS anyway. See : > http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Attributes > --> redirectPort > > but more importantly : what does the Tomcat logfile say ? > (It should open port 443; if it doesn't, it may be that this port is > already in use by > another program. The log would tell you that.) > > netstat -pan | grep LISTEN | grep 443 > > (-pan will also list the program name and PID of what owns it) > > > > Hi, ports below 1024 are privileged ports and can be opened by root only. Of course you don't want to run tomcat as root. There are several ways to open them anyway as non-root, e.g. the capability CAP_NET_BIND_SERVICE or the tool authbind (not sure if available in your version of redhat). Hope that points you in the right direction. Regards, Christoph This Email was scanned by Sophos Anti Virus
Re: Remove Port from Https URL || SSL Port Issue || Important
On 10.06.2016 12:14, varun gulati wrote: Hello Gurus, We are using Tomcat to serve our User Base (we are not using Apache http Server but only Tomcat). We have recently enabled SSL in our Project and everything runs just fine. We raised the CSR using keytool, got the Certificates, So both of my below URLs work perfectly: http://hostname:8080 https://hostname:8443 Framework Details: OS: Red Hat Enterprise Linux Server release 5.9 (Tikanga) Tomcat Version: 7.x Port 8443 which was not coming in the netstat o/p, now comes: netstat -an | grep 8443 tcp0 0 0.0.0.0:84430.0.0.0:* LISTEN Here is how the server.xml looks like (excluding the ciphers list): === = Now the requirement is that, we exclude the Port no. from the URL. Believe the only way out is to use Port 443 instead of 8443, so in the above configuration in the SSL section we just replace the port "8443" with Port "443" and give the redirectPort as "8443". However, it is not working out for us. We did a lot of investigation, surfing but could not find any solution. Also we confirmed that Port 443 is not blocked anywhere. Also "netstat -an" doesn't give any o/p for Port 443:Below is how our config looks like when we tried it out enabling 443 (excluding ciphers). == == Really appreciate your help and guidance towards resolving the issue. Many thanks in advance... Hi. Thanks for the info provided above. (Suggested improvement still : provide the exact Tomcat version, and the Java version.) Others : - the "redirectPort" attribute above (on the SSL Connector), is not needed (and ignored) if the Connector is already HTTPS anyway. See : http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Attributes --> redirectPort but more importantly : what does the Tomcat logfile say ? (It should open port 443; if it doesn't, it may be that this port is already in use by another program. The log would tell you that.) netstat -pan | grep LISTEN | grep 443 (-pan will also list the program name and PID of what owns it) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Remove Port from Https URL || SSL Port Issue || Important
Hello Gurus, We are using Tomcat to serve our User Base (we are not using Apache http Server but only Tomcat). We have recently enabled SSL in our Project and everything runs just fine. We raised the CSR using keytool, got the Certificates, So both of my below URLs work perfectly: http://hostname:8080 https://hostname:8443 Framework Details: OS: Red Hat Enterprise Linux Server release 5.9 (Tikanga) Tomcat Version: 7.x Port 8443 which was not coming in the netstat o/p, now comes: netstat -an | grep 8443 tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN Here is how the server.xml looks like (excluding the ciphers list): === = Now the requirement is that, we exclude the Port no. from the URL. Believe the only way out is to use Port 443 instead of 8443, so in the above configuration in the SSL section we just replace the port "8443" with Port "443" and give the redirectPort as "8443". However, it is not working out for us. We did a lot of investigation, surfing but could not find any solution. Also we confirmed that Port 443 is not blocked anywhere. Also "netstat -an" doesn't give any o/p for Port 443:Below is how our config looks like when we tried it out enabling 443 (excluding ciphers). == == Really appreciate your help and guidance towards resolving the issue. Many thanks in advance... Thanks and Regards,Varun Gulati+91-9665121901