Re: Need help setting up SSL on Tomcat 8
On 7.7.2016 23:17, Daniel Savard wrote: Certificate Error There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID). Looks like adding the keyAlias to the connector did not fix anything unfortunately. Did you examined the received certificate in the browser. Usually this help to identify why it failed. In this case, the chain of certification seems to be the problem. +1 What is your certification path / certificate hierarchy? In Firefox: click on padlock icon, click on arrow, More information, View Certificate, Details, Certificate Hierarchy In Chrome: click on padlock icon, Details, View Certificate, Certification path. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Long running process and parallel deployment
I need some help: My web application has an upload file function. These files can be huge. While the file is uploading, the upload class spawns a new thread to send status updates to the client's progress bar. This works fine even for the most giant files except when we want to make a parallel deployment while uploads are happening. 08-Jul-2016 10:41:41.852 WARNING [ContainerBackgroundProcessor[StandardEngine[Catalina]]] org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesThreads The web application [WebApps##001012] is still processing a request that has yet to finish. This is very likely to create a memory leak. You can control the time allowed for requests to finish by using the unloadDelay attribute of the standard Context implementation. Stack trace of request processing thread: ... and the stack trace shows it is right in the middle of a file upload. On top of that, the threads that update the upload progress bar are firing and are being beat down by tomcat: 8-Jul-2016 10:41:42.233 INFO [http-nio-8080-exec-7] org.apache.catalina.loader.WebappClassLoaderBase.checkStateForResourceLoading Illegal access: this web application instance has been stopped already. Could not load [META-INF/services/javax.xml.parsers.SAXParserFactory]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access. java.lang.IllegalStateException: Illegal access: this web application instance has been stopped already. Could not load [META-INF/services/javax.xml.parsers.SAXParserFactory]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access. ... And that's one of the upload progress threads. The first message mentions setting unloadDelay as a possible solution. The docs are light on the consequences of setting that value abnormally high to accommodate the largest of file uploads. What would setting it to an hour (360 ms) or more do? Will the next version of the webapp deploy and run for new sessions while the old one waits to idle out? What about those threads? Will they be allowed to fire while it is waiting on shutdown? I'm in the process of setting up a sandbox but if y'all have advice for me that would save me the trouble of setting the scenario up on a set of test servers, I would REALLY appreciate it.
Dynamically determine which credentials to use for a Tomcat JDBC Connection Pool [Tomcat 8.0.36]
Hi. I'm looking for a way to dynamically determine which username and password to use for a Tomcat JDBC Connection Pool [https://tomcat.apache.org/tomcat-8.0-doc/jdbc-pool.html] based on the database URL to which it is connecting. I imagine this as an external key=value lookup where (database URL)={username, password}. However, I've not been able to set the user credentials programatically as I'd hoped via dataSource.getConnection(username, password) despite setting alternateUsernameAllowed="true" in the context.xml Resource element and leaving the username and password attributes blank. I also tried setting the auth attribute to "Application" instead of "Container", but that didn't make any difference. What would be the correct way of doing this? I'm also open to other suggestions. Thank you, Philip - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Encoding issues with Tomcat 7.0.69+ and 8.0.33+
Hi guys, I work on the XWiki project (http://xwiki.org) and we’ve had several reports of users telling us that XWiki is not working anymore with versions of Tomcat > 7.0.69 and > 8.0.33. It works perfectly well with those versions and lower. The issue is described in more detail at http://jira.xwiki.org/browse/XWIKI-13556 In short, I’ve tracked down one of the issues and here’s the problem we have: * We use context.getRequest().getRequestDispatcher(path).forward(…). * We are url-encoding the path. For example:path = /bin/view/Main/test%20with%20space * With Tomcat > 7.0.69 and > 8.0.33 (I’m testing with versions 8.0.36 and 7.0.59 to be precise) this generates an incoming URL of .../bin/view/Main/test%2520with%2520space in our code * With Tomcat <= 7.0.69 and <= 8.0.33 it was generating an incoming URL of .../bin/view/Main/test%20with%20space in our code Also note that with Jetty 9.2.13.v20150730 if we don’t url-encode the path passed to getRequestDispatcher(path) then Jetty generates an incoming URL of .../bin/view/Main/test with space in our code, which is of course invalid and fails. So I wanted to ask you two questions: * Would someone know the change in Tomcat that brought this difference from previous versions? * Who’s right? :) Thanks for any help -Vincent XWiki Committer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Weird problem with WebSockets
Hi! I have developed an app using websocket. I am using servers to upload my app in DigitalOcean but here the websockets doesnt work but using another server server4U everuthing is fine. I am using Tomcat 8.5.3 somebody has any cluee, any, about this behavour , the only thing that I think is DigitalOcean myabe has any proxy in front of their servers , Tomcat is so weird with this, and server4U dont. I tested my app with WildFly in DigitalOcean and it works fine. I know maybe this is not a problem or who knows but I want just a cluee. Thks In Advance
Re: WebSockets
Coming from the TomEE, I see there, that while the server starts up it logs all kind of information of web-apps and services it found in its deployment. For example REST Endpoints with the Path they are served under are logged. I found that quit nice for a freshmen to know which services are served. At poking around with the WebSockets I had a hard time to figure out if the HTML was wrong or if the server just didn't serve the Endpoint. So basically for debugging reasons. mf 2016-07-03 18:57 GMT+02:00 Mark Thomas: > On 03/07/2016 11:04, Martin Funk wrote: > > Hi, > > > > I'm into my first steps of using the WebSocket API. > > Things are quite nice so far, WebSockets, used the right way, might open > up > > a complete new type of WebApplications. > > > > I've got a question though, is there a way to configure Tomcat to > announce > > the annotated ServerEndpoints, it comes across while starting the server, > > in the catalina log? > > No. That does not appear to be logged at any level. > > What are you trying to achieve? > > Mark > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Share data between applications
On 07/07/16 19:59, André Warnier (tomcat) wrote: On 07.07.2016 17:48, Nathan Quirynen wrote: We have several applications deployed in Tomcat and want to add 1 application to handle authentication for all of the other applications. All applications are defined as different host elements in Tomcat configuration (server.xml) like following example: ... How I see it theoretically working: When a user goes to an url that points to webapp1, a request filter in the application sees that the user has not been authenticated yet and redirects to the "loginapp" where authentication happens and redirects back to webapp1 where the user now has been authenticated for (only for this specific application). Is it possible to share data between these applications in any way or somehow access and make changes in the http session for webapp1 to make this flow work? I hope my question is clear, else I'd like to hear your questions. Hi. Your question is clear. I believe however that what you want to achieve, given your configuration (multiple Hosts) is not possible in Tomcat alone (nor maybe in any Servlet Engine respectful of the Servlet Specification). However, there is one way in which I can imagine a solution, provided you have (or are willing to add) a front-end Apache httpd along with a Apache-Tomcat "mod_jk" connector. Have a look here, first of all : http://tomcat.apache.org/tomcat-8.0-doc/config/ajp.html#Standard_Implementations -> tomcatAuthentication -> tomcatAuthorization In other words, you could use a httpd front-end proxy to all your Tomcat Hosts, do the authentication at the httpd level (using any of the numerous methods available to do so), and then transmit this authenticated user-id to Tomcat, at the moment the requests get proxied to Tomcat for execution. Because for Tomcat then, all incoming requests (no matter for which Host) would already be authenticated, and Tomcat would "believe" this authentication and not bother to do its own anymore, even for protected areas within Tomcat Hosts. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Hey thanks for your answer. I'll look into your suggestion to see if that's a possibility for us. What I have also found in my further research is JNDI resources. I have never used this so my knowledge is pretty zero on this, but would this be something I can use to share data (some java beans with needed data for the authentication) across my applications in my current setup? Nathan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to Disable TLSv1.0 in Tomcat 7
Greetings Experts, Since past few days i have been struggling with disabling TLSv1.0 in my Tomcat configuration. Here is the content of my server.xml file. I was able to disable SSLv3, and things were working fine but somehow not able to disable TLSv1.0. Really appreciate your suggestions on how to resolve this vulnerability Disabled SSLv3 with below config: To disable TLSv1.0 i adopted to below config, fortunately it cleared the scans but my site broke on Https: Reffered Link: http://tomcat.10.x6.nabble.com/How-to-allow-only-TLS-1-1-connections-to-Tomcat-6-0-server-with-https-td4995362.html == Please help me identify if i am missing on anything. Thanks and Regards,Varun Gulati +91-9665121901
Disable SSLv3 & TLSv1.0 in Tomcat 7
Hello Team, Since past few days i have been struggling with disabling TLSv1.0 in my Tomcat configuration. Here is the content of my server.xml file. I was able to disable SSLv3, and things were working fine but somehow not able to disable TLSv1.0. Really appreciate your suggestions on how to resolve this vulnerability Disabled SSLv3 with below config: To disable TLSv1.0 i adopted to below config, fortunately it cleared the scans but my site broke on Https: Reffered Link: http://tomcat.10.x6.nabble.com/How-to-allow-only-TLS-1-1-connections-to-Tomcat-6-0-server-with-https-td4995362.html == Please help me identify if i am missing on anything. Thanks and Regards,Varun Gulati