Re: Request attributes

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 3/16/18 3:14 PM, Mark A. Claassen wrote:
> I recently discovered some request attributes that I was curious
> about.  Are these accurate across all connectors?  Or are these the
> defaults for using something like the NIO connector? Specifically
> in my case, I am using the APR connector and openSSL.
> 
> Example: 
> 
> Attribute 'org.apache.tomcat.util.net.secure_protocol_version' =
> 'TLSv1.2' Attribute 'javax.servlet.request.key_size' = '256' 
> Attribute 'javax.servlet.request.cipher_suite' =
> 'ECDHE-RSA-AES256-GCM-SHA384'

Of those 3, the second and third are defined by the servlet
specification (hence their namespaced attribute key names). The first
of those is something I've been trying to get into the spec[1] but so
far it has been ignored. :(

I'd love some +1 votes on that issue if anyone would be willing to
login and give a +1.

Because it is not spec-defined, it has a Tomcat-scoped attribute key.
I the future, I hope that the Tomcat-specific key will be replaced
(probably not actually replaced, but just repeated) by a spec-defined
request attribute key.

- -chris

[1] https://github.com/javaee/servlet-spec/issues/130
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqtkOcACgkQHPApP6U8
pFgz+BAAqAIvZw2y70oJSKIzCBMTvFuGiZAxgculNu8tmDpoESf3dcH9wPKYp5lp
OUgNH4E+8xsz1IPkMegGXdF5IUrjKe1ArWxoTfqLhHDeWjavuxGiDkMalA1zkB9Z
4gH6e3fFcdYKK+KvFXIP/TUYf5ojRwStsKhqTXuL6R6rY5SDULqRGSoYEf2qYwl0
mT0qWYQHy3FK70A0l0HN8Z5FOaon6guHVZJ31VEsVlHZ+Xm0Q59znvPZvVgE9gI3
CFpub3x8jyZdnSOu2H0Rnd74lfDVJR8hTifUbVu0UsGtfzTeOd6RvdTc+CFBvUoz
tJhO6qrEZLER29KkvxWRgEU8qo4a0bN06BFnmws5+uX/GiDkJ8RTIjKok1P2Jw3b
5PrKxl/CIPo318aFh6lrDZ1azYQtySpvReOrcraVDA9njgxkw7ViI384K1w/e8lx
H/w1N3BfHae3rVow/CvX6HonFtC4g9OPx4STk9C5upt1Z+9JNMS4GGcSLLRNdkkL
0c6w1tvZVcYOR28XIVHUedCg3L0Z5x9CQEsYh60fIujEhBD74DM5cghZ4rKHVEnp
uNvxm7FY/r0PHUpg954SbJrh/5hbS7ot0jQW+25X6H3GCrCWJKkGSqQ0LI42xYOC
U5dun25mNt2+hKHxADj/UTDGbRgPHEld2jRLjtW66Z/NdcF4MEQ=
=PNJX
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat's data-source issue with Fork Join Tasks

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Priyam,

On 3/17/18 12:10 AM, Priyam Srivastava wrote:
> Many Thanks for your response. I was able to resolve this issue by
> writing the below code just before JNDI Look Up:
> 
> Thread l_thread = Thread.currentThread(); 
> l_thread.setContextClassLoader(this.getClass().getClassLoader()); 
> initialContext = new InitialContext(); 

Don't forget to "pop" the TCCL in a finally block after you do your
work, or you may potentially confuse some code later down the pipeline.

Tomcat will likely recover *its* own state so if control transfers
back to Tomcat right away, you might not notice any problems.

But it's a good practice (and essential in many situations) to restore
the state of the TCCL if you are going to be making changes to it.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqtjIsACgkQHPApP6U8
pFgD/Q//UZQuNPk4368jDu6o2nszk7aqEQ2KSNsKkbVPYpptmBMzNX9K2iJ+I4Jd
h2BgVXcH7hMu0lLtEiV67Ml57XMfWeySJy9kbrSnzlys9h0EETmmoPxS7ckdFZ/5
CB76l8xNYA/jN7w7XyLAyRRjP9SUdN6eBwcXuZHILNq1lM6Y8KomqT/TvBAwpr69
NFoL47qPnwktu+m60U3nlRZ6tqQft8NoJkGUp12bqlx3oWt5RybsHJJfjDcvWxXG
jgntbqwjzRVwNANAkPL1NbwHKdZvMzozGxcsXazL1JQ/GtIfJ20lxPSqbe9f+dq9
wqJE7wn5gVy/Hgx2wMqcGMY3dHfch0bjBvX5/QpaVNTKGrsTAIw7lHt8eP4TDi6b
1syMIJ9kCe89fm01DxGnODlDxP2yKidQW709uzZ+kFRBB7aNhntO6JPtYRLjKGNX
3lB/PuQ1oF7GBPh8rjibee3bkMtcPDnOX5tK48xKXb7cpdFbb7eHK5kDevLb+hvJ
wzOS51JYnrTaKsom3Mn5q54GO1r/IY09uc/wT7uIAlirdEISs/OR1904V+L/4nAq
4KjT1mEEjwhgvssELMwPEw498hxngwex/88HlC52v3hevDexkE6CNSvV9Tbl9Qhq
Nqyk788uhmUbWmAqcri4wi3+cfCxwaxHRScv8tGlJP5Ubz951Z8=
=9ar9
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: I cant start Tomcat instances

[Loai Abdallatif]

actually all of them has X permissions

-rwxr--r-- 1 root   root  70 Mar 17 11:59 shutdown-instance0.sh
-rwxr--r-- 1 root   root  70 Mar 17 11:48 shutdown-instance1.sh
-rwxr--r-- 1 root   root  70 Mar 17 11:59 shutdown-instance2.sh
-rwxr--r-- 1 root   root  69 Mar 17 11:58 startup-instance0.sh
-rwxr--r-- 1 tomcat root  69 Mar 17 11:46 startup-instance1.sh
-rwxr--r-- 1 tomcat root  69 Mar 17 11:59 startup-instance2.sh


On Sat, Mar 17, 2018 at 3:39 PM, Stefan Frei 
wrote:

> check the permissons on the .sh files (chmod +x)
>
> 2018-03-17 14:16 GMT+01:00 Loai Abdallatif :
> > Dear Colleagues
> > I'm new to tomcat, I have successfully installed the service but when I
> > tried to run three instances I coudnt  due to error below
> >
> > : the this I did is copied the cataline Home to three instances tomcat0,
> > tomcat1, and tomcat2 directories
> >
> > and in each directory I have configured the connectors ports, AJP port
> and
> > addresses .
> > the tomcat main instance is working but I think the problem is that in
> > CATALINA_BASE .but I dont know how to instruct the statup script
> >
> >
> > root@appserver01:/opt/tomcat0# ./startup-instance0.sh
> > ./startup-instance0.sh: line 3: ./startup.sh: No such file or directory
> > root@appserver01:/opt/tomcat0#
> > root@appserver01:/opt/tomcat0#
> > root@appserver01:/opt/tomcat0# cat startup-instance0.sh
> > export CATALINA_BASE=/opt/tomcat0
> > cd $CATALINA_HOME/bin
> > ./startup.sh
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: I cant start Tomcat instances

[Loai Abdallatif]

Thanks Olaf

so how to tell the tomcat the instance 0 to take its config from  tomcat0
directory .


On Sat, Mar 17, 2018 at 3:39 PM, Olaf Kock  wrote:

>
>
> On 17.03.2018 14:16, Loai Abdallatif wrote:
>
>> Dear Colleagues
>> I'm new to tomcat, I have successfully installed the service but when I
>> tried to run three instances I coudnt  due to error below
>>
>> : the this I did is copied the cataline Home to three instances tomcat0,
>> tomcat1, and tomcat2 directories
>>
>> and in each directory I have configured the connectors ports, AJP port and
>> addresses .
>> the tomcat main instance is working but I think the problem is that in
>> CATALINA_BASE .but I dont know how to instruct the statup script
>>
>>
>> root@appserver01:/opt/tomcat0# ./startup-instance0.sh
>> ./startup-instance0.sh: line 3: ./startup.sh: No such file or directory
>> root@appserver01:/opt/tomcat0#
>> root@appserver01:/opt/tomcat0#
>> root@appserver01:/opt/tomcat0# cat startup-instance0.sh
>> export CATALINA_BASE=/opt/tomcat0
>> cd $CATALINA_HOME/bin
>> ./startup.sh
>>
>
> well,
>
>  ./startup.sh: No such file or directory
>
> Did you see that you set CATALINA_BASE (note: BASE) and then cd to the
> undefined CATALINA_HOME/bin (note: HOME)? You probably didn't intend this:
> Both are typically undefined on a system level, so you're probably not
> cding into the directory you intend.
>
> Olaf
>
>
>
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat stopped and Debug can't be done in Eclipse

[Konstantin Kolinko]

/Hi!

2018-03-17 10:11 GMT+03:00 Karen Goh :
>
> I have added this in my JVM under the tomcat argument for remote debug 
> configuration :
>
> -Dcatalina.opts="-agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n"

The above line is wrong.

There is no system property "catalina.opts".
Those arguments are for java (java.exe, javaw.exe).
https://docs.oracle.com/javase/8/docs/technotes/tools/windows/java.html#BABDJJFI



Note that "Remote" debugging means that you do two steps:

1. First, you start Tomcat as a normal "running" application.

If you do it from within Eclipse, use "Run", not "Debug".

See menu Run > Run Configurations...
Add those options to its "Arguments" into "VM arguments" field (not
"Program arguments")

-agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n


2. Then, you start "Debug" separately.

See menu Run > Debug Configurations...

Create "Remote Java Application".

Fill in "Project" (your project),  "Port" (8000) fields and press
"Debug" to start debugging.

Eclipse will connect to Tomcat that has been started separately.


> Below, it shows that Tomcat is started
>
> Mar 17, 2018 2:33:29 PM org.apache.tomcat.util.digester.SetPropertiesRule 
> begin
> WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting 
> property 'source' to 'org.eclipse.jst.jee.server:Hi5S' did not find a 
> matching property.
> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: Server version:Apache Tomcat/8.5.24
> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: Server built:  Nov 27 2017 13:05:30 UTC
> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: Server number: 8.5.24.0
> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: OS Name:   Windows 10
> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: OS Version:10.0
> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: Architecture:  amd64
> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: Java Home: C:\Program Files\Java\jre1.8.0_161
> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: JVM Version:   1.8.0_161-b12
> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: JVM Vendor:Oracle Corporation
> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: CATALINA_BASE: 
> C:\Users\Karen.Goh\workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp2
> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: CATALINA_HOME: C:\Program Files\Apache\apache-tomcat-8.5.24
> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: Command line argument: 
> -agentlib:jdwp=transport=dt_socket,suspend=y,address=localhost:50906

Note the above line.
A command line argument, logged by VersionLoggerListener .

> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: Command line argument: 
> -Dcatalina.base=C:\Users\Karen.Goh\workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp2
> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: Command line argument: -Dcatalina.home=C:\Program 
> Files\Apache\apache-tomcat-8.5.24
> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: Command line argument: 
> -Dwtp.deploy=C:\Users\Karen.Goh\workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp2\wtpwebapps
> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: Command line argument: -Djava.endorsed.dirs=C:\Program 
> Files\Apache\apache-tomcat-8.5.24\endorsed
> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: Command line argument: 
> -Dcatalina.opts=-agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n

Note the above line.
That is what you added.

> Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
> INFO: Command line argument: -Dfile.encoding=UTF-8
> Mar 17, 2018 2:33:29 PM org.apache.catalina.core.AprLifecycleListener 
> lifecycleEvent
> INFO: The APR based Apache Tomcat Native library which allows optimal 
> performance in production environments was not found on the 
> java.library.path: [C:\Program 
> Files\Java\jre1.8.0_161\bin;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:/Program
>  Files/Java/jre1.8.0_161/bin/server;C:/Program 
> Files/Java/jre1.8.0_161/bin;C:/Program 
> Files/Java/jre1.8.0_161/lib/amd64;C:\ProgramData\Oracle\Java\javapath;C:\Program
>  Files\MySQL\mysql-5.7.20-win32\bin;C:\Program 
> Files\Java\jdk1.8.0_151\bin;C:\Program Files (x86)\Eclipse JEE 

Re: Tomcat shutdown, webapp vs database pools

[Alex O'Ree]

Thanks for the info. I'll investigate further into the listeners.

On Sat, Mar 17, 2018 at 4:27 AM, Mark Thomas  wrote:

> On 16/03/18 22:42, Alex O'Ree wrote:
> > I have a war file that defines a context.xml file, some cxf based web
> > services and a few other background tasks using quartz that are
> initialized
> > in a servlet context listener.
> >
> > When tomcat shuts down, it appears that tomcat stops the database
> > connection pool before the cxf services or the quartz tasks. This causes
> > huge amounts of log output. I'm a bit unclear as to how to adjust/change
> > the shutdown order of the database pool vs the servlet listeners.
> >
> > The web app's web.xml does declare a resource-ref element that points at
> > the jndi lookup name, but perhaps the configuration is wrong.
> >
> > I have looked at https://tomcat.apache.org/
> tomcat-8.0-doc/jndi-resources-
> > howto.html#JDBC_Data_Sources and my configuration appears to be correct,
> > however something is still not quite right.
> >
> > What am I doing wrong?
>
> Don't know.
>
> The listeners are stopped before the JNDI resources so I'm not sure what
> is going on. Is it possible the listener isn't waiting for the cxf
> services or the quartz tasks to complete before it exits the
> contextDestroyed() method?
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: I cant start Tomcat instances

[Stefan Frei]

check the permissons on the .sh files (chmod +x)

2018-03-17 14:16 GMT+01:00 Loai Abdallatif :
> Dear Colleagues
> I'm new to tomcat, I have successfully installed the service but when I
> tried to run three instances I coudnt  due to error below
>
> : the this I did is copied the cataline Home to three instances tomcat0,
> tomcat1, and tomcat2 directories
>
> and in each directory I have configured the connectors ports, AJP port and
> addresses .
> the tomcat main instance is working but I think the problem is that in
> CATALINA_BASE .but I dont know how to instruct the statup script
>
>
> root@appserver01:/opt/tomcat0# ./startup-instance0.sh
> ./startup-instance0.sh: line 3: ./startup.sh: No such file or directory
> root@appserver01:/opt/tomcat0#
> root@appserver01:/opt/tomcat0#
> root@appserver01:/opt/tomcat0# cat startup-instance0.sh
> export CATALINA_BASE=/opt/tomcat0
> cd $CATALINA_HOME/bin
> ./startup.sh

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: I cant start Tomcat instances

[Olaf Kock]

On 17.03.2018 14:16, Loai Abdallatif wrote:

Dear Colleagues
I'm new to tomcat, I have successfully installed the service but when I
tried to run three instances I coudnt  due to error below

: the this I did is copied the cataline Home to three instances tomcat0,
tomcat1, and tomcat2 directories

and in each directory I have configured the connectors ports, AJP port and
addresses .
the tomcat main instance is working but I think the problem is that in
CATALINA_BASE .but I dont know how to instruct the statup script


root@appserver01:/opt/tomcat0# ./startup-instance0.sh
./startup-instance0.sh: line 3: ./startup.sh: No such file or directory
root@appserver01:/opt/tomcat0#
root@appserver01:/opt/tomcat0#
root@appserver01:/opt/tomcat0# cat startup-instance0.sh
export CATALINA_BASE=/opt/tomcat0
cd $CATALINA_HOME/bin
./startup.sh


well,

 ./startup.sh: No such file or directory

Did you see that you set CATALINA_BASE (note: BASE) and then cd to the 
undefined CATALINA_HOME/bin (note: HOME)? You probably didn't intend this: Both 
are typically undefined on a system level, so you're probably not cding into 
the directory you intend.

Olaf







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

I cant start Tomcat instances

[Loai Abdallatif]

Dear Colleagues
I'm new to tomcat, I have successfully installed the service but when I
tried to run three instances I coudnt  due to error below

: the this I did is copied the cataline Home to three instances tomcat0,
tomcat1, and tomcat2 directories

and in each directory I have configured the connectors ports, AJP port and
addresses .
the tomcat main instance is working but I think the problem is that in
CATALINA_BASE .but I dont know how to instruct the statup script


root@appserver01:/opt/tomcat0# ./startup-instance0.sh
./startup-instance0.sh: line 3: ./startup.sh: No such file or directory
root@appserver01:/opt/tomcat0#
root@appserver01:/opt/tomcat0#
root@appserver01:/opt/tomcat0# cat startup-instance0.sh
export CATALINA_BASE=/opt/tomcat0
cd $CATALINA_HOME/bin
./startup.sh

Re: Tomcat shutdown, webapp vs database pools

[Mark Thomas]

On 16/03/18 22:42, Alex O'Ree wrote:
> I have a war file that defines a context.xml file, some cxf based web
> services and a few other background tasks using quartz that are initialized
> in a servlet context listener.
> 
> When tomcat shuts down, it appears that tomcat stops the database
> connection pool before the cxf services or the quartz tasks. This causes
> huge amounts of log output. I'm a bit unclear as to how to adjust/change
> the shutdown order of the database pool vs the servlet listeners.
> 
> The web app's web.xml does declare a resource-ref element that points at
> the jndi lookup name, but perhaps the configuration is wrong.
> 
> I have looked at https://tomcat.apache.org/tomcat-8.0-doc/jndi-resources-
> howto.html#JDBC_Data_Sources and my configuration appears to be correct,
> however something is still not quite right.
> 
> What am I doing wrong?

Don't know.

The listeners are stopped before the JNDI resources so I'm not sure what
is going on. Is it possible the listener isn't waiting for the cxf
services or the quartz tasks to complete before it exits the
contextDestroyed() method?

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat's data-source issue with Fork Join Tasks

[Mark Thomas]

On 17/03/18 04:10, Priyam Srivastava wrote:
> Hi Mark,
> 
> Many Thanks for your response. I was able to resolve this issue by writing
> the below code just before JNDI Look Up:
> 
> Thread l_thread = Thread.currentThread();
> l_thread.setContextClassLoader(this.getClass().getClassLoader());
> initialContext = new InitialContext();
> 
> 
> 
> I have a questions based on the discussions on the thread link you provided:
> 
> If this is something to do with ForkJoin Pool, then why it is happening
> only in Tomcat why not in other application servers as I mentioned in my
> initial post.

Because of the way Tomcat implements the memory leak protection for the
problem described in bug 60620.

I can't speak for the other containers as I don't know how their
internals are coded.

Mark


> 
> Regards,
> Priyam
> 
> On Sat, Mar 17, 2018 at 2:22 AM, Mark Thomas  wrote:
> 
>> On 16/03/18 12:06, Priyam Srivastava wrote:
>>> I have a scenario where we have to run some random number of independent
>>> tasks to load data from DB. So I am using Java's fork Join framework to
>>> create those task and then invoke them.
>>
>> See:
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=60620 and the various
>> threads linked from there.
>>
>> Mark
>>
>>
>>>
>>> Each task opens its own connection using datasource and closes it.
>>>
>>> But in Tomcat, I am getting below error at line:
>>>
>>> initialContext = new InitialContext();
>>>
>>> javax.naming.NoInitialContextException: Cannot instantiate class:
>>> org.apache.naming.java.javaURLContextFactory
>>> at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
>>> ~[?:1.8.0_161]
>>> at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
>>> ~[?:1.8.0_161]
>>> at javax.naming.InitialContext.init(Unknown Source) ~[?:1.8.0_161]
>>> at javax.naming.InitialContext.(Unknown Source) ~[?:1.8.0_161]
>>> at com.dummy.test.TestClass.compute(TestClass.java:71) [classes/:?]
>>> at java.util.concurrent.RecursiveAction.exec(Unknown Source)
>> [?:1.8.0_161]
>>> at java.util.concurrent.ForkJoinTask.doExec(Unknown Source)
>> [?:1.8.0_161]
>>> at java.util.concurrent.ForkJoinPool$WorkQueue.execLocalTasks(Unknown
>>> Source) [?:1.8.0_161]
>>> at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(Unknown Source)
>>> [?:1.8.0_161]
>>> at java.util.concurrent.ForkJoinPool.runWorker(Unknown Source)
>> [?:1.8.0_161]
>>> at java.util.concurrent.ForkJoinWorkerThread.run(Unknown Source)
>>> [?:1.8.0_161]
>>> Caused by: java.lang.ClassNotFoundException:
>>> org.apache.naming.java.javaURLContextFactory
>>>
>>> This error seems to be coming only in Tomcat and when I run the same code
>>> in Wildfly/Glassfish or JBOSS EAP, everything works fine.
>>>
>>> On the other hand if I change my code and run these tasks using Thread
>>> instead of Fork Join framework, I don't face this issue in Tomcat.
>>>
>>> So why this error is coming in Tomcat only?
>>>
>>> Note: I am getting this error after deploying in Tomcat and hitting app
>> URL
>>> from Postman. The so called missing class is already there in
>>> jar catalina.jar present inside /lib
>>>
>>> Environment Details:
>>>
>>> Java Version: 1.8
>>> Tomcat Version: 8.5, 9.0.6
>>> OS: Windows 10 Pro 64 bit
>>> Database: Oracle 11g and MySQL 5.7
>>>
>>> I have uploaded a dummy code to simulate this issue in Git. Please refer
>> to
>>> the readme.txt for full details there.
>>>
>>> Git URL:
>>> https://github.com/wambling/my-project.git
>>>
>>> Regards,
>>> Priyam
>>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: JKS certificate for Tomcat client authentication

[Igor Cicimov]

Hi Chris,

On Tue, Feb 27, 2018 at 1:56 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Igor,
>
> On 2/23/18 5:47 PM, Igor Cicimov wrote:
> > On Sat, Feb 24, 2018 at 7:52 AM, Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
> >>
> >> Igor,
> >>
> >> On 2/23/18 4:45 AM, Igor Cicimov wrote:
> >>> Hi all,
> >>>
> >>> I have the following setup in the tomcat default file on
> >>> Ubunntu-14.04:
> >>>
> >>> JAVA_OPTS="$JAVA_OPTS
> >>> -Djavax.net.ssl.keyStore=/opt/encompass/keystore/keystore.jks"
> >>> JAVA_OPTS="$JAVA_OPTS
> >>> -Djavax.net.ssl.trustStore=/opt/encompass/keystore/truststore.jks"
> >>>
> >>>
> >>>
> The keystore.jks holds dozen of SSL keys our app uses to
> >>> authenticate to various web services. One of these
> >>> certificates expired and I used openssl to create new private
> >>> key (key.pem) and CSR, that the other side signed and sent back
> >>> (cert.pem). Then I concatenated the certificate and the private
> >>> key into single file:
> >>>
> >>> $ cat cert.pem key.pem > cert2.pem
> >>>
> >>> and imported the file into the existing keystore using
> >>> keytool:
> >>>
> >>> $ keytool -delete -alias client-cert -keystore keystore.jks
> >>> -storepass  $ keytool -import -alias client-cert -file
> >>> cert2.pem -keystore keystore.jks -storepass 
> >>>
> >>> The signing root CA and the intermediate certificate already
> >>> exist in the truststore.jks keystore.
> >>>
> >>> Does this procedure sound sane? Is there a better (or maybe
> >>> proper) way of doing it?
> >>
> >> Are you just sanity-checking your process for importing certs
> >> into a JKS bundle?
> >>
> >
> > I'm just sanity-checking the process in terms of keystore
> > functionality and any possible issues for the JVM using and finding
> > the cert and the key in the store.
> >
> > The reason being after importing the new cert our access does not
> > work any more and the issuer has a limited (as they say, *sigh*)
> > troubleshooting capability on their side. Not sure how is that
> > possible having in mind that they have designed and are in control
> > of the authentication (ssl client certs) and authorization
> > (username/password) system (Tivoli Axis2 app if that matters).
> > Building something and then not being able to tell clients if their
> > access is denied due to bad/missing certificate or bad/missing
> > credentials is just unbelievable. They even claim they can't even
> > see our side connecting at all to their web service although in our
> > logs I can see:
> >
> > Invalid Content-Type:text/html. Is this an error message instead of
> > a SOAP response?
> >
> > response coming back but as html error message instead of SOAP
> > response.
>
> You could try my ssltest tool. It supports client TLS authentication.
> Maybe just a sanity-check that there isn't anything wrong with your
> own Java client:
>
> https://github.com/ChristopherSchultz/ssltest
>
> Also, since you have the original (separate) key and (signed)
> certificate files, definitely give this a try:
>
> $ openssl s_client \
> -showcerts \
> -cert cert.pem \
> -key key.pem \
> -connect [endpoint]
>
> If you can't connect using that, then either the cert or the key is
> not correct. OpenSSL should tell you if the key doesn't match the
> cert, or if the password is wrong.
>
> If you remove the -cert and -key arguments and try to connect, the
> service ought to tell you which certificates are acceptable. It will
> probably tell you that anything signed by a particular certificate is
> okay and not your particular certificate (otherwise, they'd have a
> million certs they trust).
>
> Once you can confirm that the crypto material you have (key, certs),
> then you can use ssltest above to see if you have packaged those bits
> into the keystore properly. You might want to use a separate keystore
> for this testing purpose, just in case something else is interfering.
>
> Theoretically, as long as your keystore contains:
>
> 1. The signing (or, more likely, the "intermediate") certificate
> 2. The signed certificate
> 3. The signed certificate's private key
>
> You ought to be able to connect. You don't really even need a
> certificate "alias", though things "seem" to work better when they are
> present.
>
> >> Does the process result in the items you expected to be in the
> >> keystore?
> >>
> >
> >> From what I can see all the bits are there. I have enabled the
> >> java ssl
> > debugging and can see the cert being loaded on startup and
> > exchanged during SSL handshake and no errors can be seen in the
> > process, like the usual PKIX error when matching cert can not be
> > found etc.
> >
> > Any ideas what can be possibly wrong?
>
> Lots of things:
>
> 1. Wrong cert in the store (unsigned versus signed, though if you are
> using openssl for everything you usually don't have an unsigned
> cert... only 

Re: Tomcat stopped and Debug can't be done in Eclipse

[Karen Goh]

On Wed, 2/21/18, Konstantin Kolinko  wrote:

 Subject: Re: Tomcat stopped and Debug can't be done in Eclipse
 To: "Karen Goh" 
 Cc: "Tomcat Users List" 
 Date: Wednesday, February 21, 2018, 5:43 AM
 
 2018-02-20 17:57 GMT+03:00 Karen
 Goh :
 >
 > Hi Konstantin,
 >
 > Can you point me some
 useful resources where I can learn about setting the Tomcat
 launch configuration.
 
 1. On
 the topic of debugging, see the following page:
 https://wiki.apache.org/tomcat/FAQ/Developing
 
 The following two items on
 that page should be interesting for you:
 a)
 "Official Eclipse IDE Web Tools FAQ for Tomcat"
 
 with links to Eclipse
 documentation
 
 b) "How
 do I configure Tomcat to support remote debugging?"
 
 This is for the use case when
 you start Tomcat separately and attach a
 debugger to an already running Tomcat.
 
 
 2. On a topic
 of simply running Tomcat (not debugging), official
 documentation is "RUNNING.txt"
 file.
 
 There is also
 http://tomcat.apache.org/tomcat-8.5-doc/setup.html
 
 Environment variables used by
 launch scripts are documented in a
 comment
 at the top of those scripts (catalina.bat, catalina.sh).
 
I have added this in my JVM under the tomcat argument for remote debug 
configuration :
 
-Dcatalina.opts="-agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n"

Below, it shows that Tomcat is started

Mar 17, 2018 2:33:29 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting 
property 'source' to 'org.eclipse.jst.jee.server:Hi5S' did not find a matching 
property.
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server version:Apache Tomcat/8.5.24
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server built:  Nov 27 2017 13:05:30 UTC
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server number: 8.5.24.0
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: OS Name:   Windows 10
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: OS Version:10.0
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Architecture:  amd64
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Java Home: C:\Program Files\Java\jre1.8.0_161
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: JVM Version:   1.8.0_161-b12
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: JVM Vendor:Oracle Corporation
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: CATALINA_BASE: 
C:\Users\Karen.Goh\workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp2
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: CATALINA_HOME: C:\Program Files\Apache\apache-tomcat-8.5.24
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: 
-agentlib:jdwp=transport=dt_socket,suspend=y,address=localhost:50906
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: 
-Dcatalina.base=C:\Users\Karen.Goh\workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp2
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dcatalina.home=C:\Program 
Files\Apache\apache-tomcat-8.5.24
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: 
-Dwtp.deploy=C:\Users\Karen.Goh\workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp2\wtpwebapps
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Djava.endorsed.dirs=C:\Program 
Files\Apache\apache-tomcat-8.5.24\endorsed
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: 
-Dcatalina.opts=-agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n
Mar 17, 2018 2:33:29 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Command line argument: -Dfile.encoding=UTF-8
Mar 17, 2018 2:33:29 PM org.apache.catalina.core.AprLifecycleListener 
lifecycleEvent
INFO: The APR based Apache Tomcat Native library which allows optimal 
performance in production environments was not found on the java.library.path: 
[C:\Program 
Files\Java\jre1.8.0_161\bin;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:/Program
 Files/Java/jre1.8.0_161/bin/server;C:/Program 
Files/Java/jre1.8.0_161/bin;C:/Program 
Files/Java/jre1.8.0_161/lib/amd64;C:\ProgramData\Oracle\Java\javapath;C:\Program