Shared library jni under tomcat
I am running Tomcat 8.0.32 on LInux, and trying to use a jni library under tomcat, and am hitting a wall. First I found that only one instance of the native library can be loaded so the library needs to live in shared/lib for general use. Then in order to load the native library I found documentation that I both needed to load the native library from a bootstrap jar that also lives in shared/lib and that the jar be loaded with the common clasloader Ref: https://wiki.apache.org/tomcat/HowTo#I.27m_encountering_classloader_problems_when_using_JNI_under_Tomcat So I have my code working to do all that. And if I make a call from the bootstrap jar to the first native method it works. But when I try to access the native method from my application code I get an error "java.lang.UnsatisfiedLinkError:". I believe that is because the native library has been loaded with the URLClassLoader and the application is loaded with the WepappClassLoader. Although I also read that the classloaders are hierarchical, and should go up the chain to find classes. I have verified that the URLClassLoader used to load the bootstrap jar is the same as the parent loader of the application (with .equals()) I did read an ancient thread (2006) that kind of described the problem I am having, and the last post there indicated that the solution is "to touch each class that uses native methods (from the loader that loaded the native library) , forcing the classes to be loaded". But I don't know how to 'touch' a java class. And my classes that use native methods are part of the application and could not be loaded by the URLClassLoader in any case. Or even if that post is (still) relevant. I have run out of ideas on what to do or test next. I've been through doc like https://tomcat.apache.org/tomcat-8.0-doc/class-loader-howto.html and many posts on stackoverflow on this topic, and cannot find anything to help. Any suggestions would be most welcome.
Re: tomcat redirects to http instead of https
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dino, On 11/19/18 08:16, Dino Edwards wrote: >>> I'm not using Named-Based Virtual Hosts > >>> Yes, you are. :) > > I didn't think I was. How do you figure? https://httpd.apache.org/docs/2.4/mod/core.html#namevirtualhost >> I do, there are two different applications in the box that use >> two different Tomcat instances running in different ports and I >> use Apache to proxy to each app while using one common SSL >> config > >>> Understood. If you have two different applications on two >>> Tomcat instances, is that why the port numbers don't match >>> above? > > Yes, sorry I posted the wrong config. So, it looks like I figured > it out. Apparently, Apache 2.4 has a problem using a combination of > both AJP and HTTP proxy statements in the same config (Apache 2.2 > worked fine), so I ended up setting the following: I don't believe Apache httpd has any problem with mixing mod_proxy_ajp and mod_proxy_http directives in the same configuration. Do you have a reference for such a claim? > Tomcat Instance 1 server.xml file: > > > > connectionTimeout="2" redirectPort="8443" /> > > > > > > Tomcat Instance 2 server.xml file: > > > > connectionTimeout="2" URIEncoding="UTF-8" redirectPort="8444" > /> > > Looks good so far. How is this different than what you had before? > And in Apache config file I set the following: > > ProxyRequests Off > > SSLEngine on SSLCertificateFile ..cer SSLCertificateKeyFile > ..key SSLCertificateChainFile .chain.cer SSLProtocol > -all +TLSv1.2 > > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown > Order deny,allow Allow from all > > #Tomcat 1 ProxyPass /admin ajp://localhost:8009/app1 > ProxyPassReverse /admin ajp://localhost:8009/app1 > > #Tomcat 2 ProxyPass /ciphermail ajp://localhost:8010/app2 > ProxyPassReverse /ciphermail ajp://localhost:8010/app2 If you want to be *really* explicit, you might want to add: SSLProxyProtocol TLSv1.2 ... if you want "TLSv1.2 everywhere". > ProxyTimeout 3600 > > This seems to work. Do you see a problem with the above? What did you actually end up changing? That all looks like a fairly standard reverse-proxy setup. Note that re-naming a context path with mod_proxy (e.g. /admin -> app1) is likely to cause a lot of problem. If that's not a typo or copy/paste error, you probably want to map /admin -> /admin and /ciphermail -> /ciphermail. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvzPcYACgkQHPApP6U8 pFiLmA//XIuLIMa7BWHTLvRB2gQ6+KQjR+uB03EoigHKVXJJPHMK+Dal47xkeOLG lDvw5KCr32/QvewKUpEc2lvVDkidR6glF4T6O2NU3BWyU3x4rvaIV7V0fR89z9+h /gDfEntQeVHCzJd0LqTYaG8g3crRj40OtjJa+Jy7vKg3vnL4koI/lxS2jfcrRRz+ cRigBMlybhYt+eBBRQl9oYULykwdN8DqqSu3tbFg1PoJxB2XBg1Lo8ZwHX7/sToJ /xHwkrmoA2p/9DBmuQqvAnblsEzlISZ8AbD/KRtL3RDslOR4gjzSr2Y+AcA+4DUI TzayNVwqbvCI9OzDVKN4fUyKvTouFPiRQkwEJXwgNTf31B55psyrPq9TBeEpK3ky hCBMcoKja4YWkpnGhmyMtRx1VEqMowYvtr8+Y2L8lLT7XjMjxuAMt/T7fuO3LcXp +Hjs8tPZkWsDNjoi3NOFQ6pW62d6unEXXAIxiCOR+Pr2RKEVeW1aCH7MqUPJko7T 7kP2R0mfLtZ2tNcbFnEguj/0k4taIFoQHOdheAdFE3JHUEwV+722RGG8vB+rQUXk 9OkYuhy147dhGdr1RJ5tMoKnp2/dG48k7ztwtHI50tb7aMb5PpaQGUjb46KtTUNb AHdsfMHPO3zNZ/c6hg8K13phaidd2XuLwTCpt4QMt4Djup4unpo= =vrEW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat redirects to http instead of https
On 11/19/2018 6:16 AM, Dino Edwards wrote: >>> I'm not using Named-Based Virtual Hosts Yes, you are. :) > I didn't think I was. How do you figure? >>> The first line in the config you shared was "". Got it thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat redirects to http instead of https
On 11/19/2018 6:16 AM, Dino Edwards wrote: I'm not using Named-Based Virtual Hosts Yes, you are. :) I didn't think I was. How do you figure? The first line in the config you shared was "". Thanks, Shawn - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8 and Oracle Wallets
Hi Luis,
Thank you very much for the hint. I wasn't able to export the Oracle Wallets
due to not knowing the password the DBA put on it.
However, I was able to obtain the original JKS from which the Oracle Wallets
were created from.
I removed all edits I made in setenvs.sh and worked purely with the
context.xml:
1. Add the following jar files in lib/ of Tomcat:
ojdbcx.jar (x = relevante major versie van Java, vbl: 8)
2. In ./jre/lib/security/java.security add the following:
security.provider.10=oracle.security.pki.OraclePKIProvider
3. In context.xml:
-
url="jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCPS)(HOST=)(PORT=2484)))(CONNECT_DATA=(SERVICE_NAME=< SERVICE
NAME >)))"
-
connectionProperties="javax.net.ssl.trustStore=./keystores/oracle_keystore/mykeystore.jks;javax.net.ssl.trustStorePassword=changeme;javax.net.ssl.trustStoreType=JKS;javax.net.ssl.keyStore=./keystores/oracle_keystore/mykeystore.jks;javax.net.ssl.keyStorePassword=changeme;javax.net.ssl.keyStoreType=JKS;"
Now it works!
Regards,
Christophe
--
--
Christophe Vanlancker
+32 (494) 232277 | Linux & Open-Source consultant - Inuits.eu
- Original Message -
From: "Luis Rodríguez Fernández"
To: "users"
Sent: Friday, 16 November, 2018 15:04:23
Subject: Re: Tomcat 8 and Oracle Wallets
Hello Christophe,
Very interesting, thanks!
Would it be possible in your scenario to export the certificates from the
wallet and import them to a different keystore (PCKS12 or JKS)? You can
have a look at [1]
Hope it helps,
Luis
[1]
https://blogs.oracle.com/dev2dev/ssl-connection-to-oracle-db-using-jdbc,-tlsv12,-jks-or-oracle-wallets
El vie., 16 nov. 2018 a las 12:03, Christophe Vanlancker (<
carroarma...@inuits.eu>) escribió:
I ran a strace on the Tomcat process, and see that Tomcat actually IS able
to see and read the wallets.
[pid 21880] open("< full path to wallets>/oracle_wallets/cwallet.sso",
O_RDONLY) = 362
So I think this means that the problem lies somewhere between Tomcat and
the OJDBC driver.
Regards,
Christophe
--
--
Christophe Vanlancker
+32 (494) 232277 | Linux & Open-Source consultant - Inuits.eu
From: "Christophe Vanlancker"
To: "users"
Sent: Thursday, 15 November, 2018 13:24:10
Subject: Tomcat 8 and Oracle Wallets
Hello,
I'm having an issue with setting up SSL encrypted connections to an Oracle
database.
I looked up on many websites and places and got the impression that either
people abandon setting up the encryption or implemented the connection in
code rather than through the jndi context in Tomcat itself.
Tomcat 8.5.34
JDK 1.8.0_171
RedHat 7.4 (Selinux permissive)
OracleDB 12.2.0.1.0
I've written a simple Java application which just connects to the database
using TCPS and makes a simple query.
This works.
java -D oracle.net.tns_admin ="./oracle_wallets/" -D
oracle.net.wallet_location ="(SOURCE=(METHOD=FILE) (METHOD_DATA =
(DIRECTORY=./oracle_wallets)))" -cp ./: ./lib/ ojdbc8.jar :./lib/
oraclepki.jar DataSourceSample
I'm using the official ojdbc8.jar from Oracle appropriate for the version
of Java and the Oracle database.
Because Oracle Wallets is an invention of Oracle itself, I added the
appropriate security provider in java.security:
security.provider.4=oracle.security.pki.OraclePKIProvider ( loaded before
com.sun.net.ssl.internal.ssl.Provider ) so it gets loaded before the
default PKCS implementation in Java.
cwallet.sso cwallet.sso.lck ewallet.p12 ewallet.p12.lck sqlnet.ora
tnsnames.ora are all placed inside the ./oracle_wallets.
As said before, the little Java app that I wrote is able to open the
wallets and connect to the database:
AArray = [B@6328d34a
AArray = [B@145eaa29
AArray = [B@15bb6bea
Driver Name: Oracle JDBC driver
Driver Version: 12.2.0.1.0
Default Row Prefetch Value is: 20
Database Username is: MY_USER
82062920015 SomeResults1
87093009324 SomeResults2
74031825702 SomeResults3
I translated this to Tomcat in the following way:
I placed the ojdbc8.jar and oraclepki.jar in the libs folder of Catalina.
I added the Java options in bin/setenv.sh:
export CATALINA_OPTS="$CATALINA_OPTS -Doracle.net.tns_admin=/oracle_wallets/"
export CATALINA_OPTS="$CATALINA_OPTS
-Doracle.net.wallet_location='(SOURCE=(METHOD=FILE) (METHOD_DATA =
(DIRECTORY= /oracle_wallets)))'"
The entries in the context.xml file look like this:
I can confirm that the rights on the filesystem for the wallets are
permissive enough for Tomcat to read them.
Tomcat is able to connect to the database.
But for some reason it's as if it's unable to read the wallets.
Caused by: oracle.net.ns.NetException: The Network Adapter could not
establish the connection
at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:523)
at
oracle.net.resolver.AddrResolution.resolveAndExecute(AddrResolution.java:521)
at oracle.net.ns.NSProtocol.establishConnection(NSProtocol.java:660)
RE: tomcat redirects to http instead of https
>> I'm not using Named-Based Virtual Hosts >> Yes, you are. :) I didn't think I was. How do you figure? > I do, there are two different applications in the box that use two > different Tomcat instances running in different ports and I use Apache > to proxy to each app while using one common SSL config >> Understood. If you have two different applications on two Tomcat instances, >> is that why the port numbers don't match above? Yes, sorry I posted the wrong config. So, it looks like I figured it out. Apparently, Apache 2.4 has a problem using a combination of both AJP and HTTP proxy statements in the same config (Apache 2.2 worked fine), so I ended up setting the following: Tomcat Instance 1 server.xml file: Tomcat Instance 2 server.xml file: And in Apache config file I set the following: ProxyRequests Off SSLEngine on SSLCertificateFile ..cer SSLCertificateKeyFile ..key SSLCertificateChainFile .chain.cer SSLProtocol -all +TLSv1.2 SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown Order deny,allow Allow from all #Tomcat 1 ProxyPass /admin ajp://localhost:8009/app1 ProxyPassReverse /admin ajp://localhost:8009/app1 #Tomcat 2 ProxyPass /ciphermail ajp://localhost:8010/app2 ProxyPassReverse /ciphermail ajp://localhost:8010/app2 ProxyTimeout 3600 This seems to work. Do you see a problem with the above? Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: http status 404 - not found
Just a quick check , have you saved your view page as a JSP and not as HTML
? If its saved as HTML , this might be the possible cause.
Thanks.
On Sun, 18 Nov 2018 at 09:31, Karen Goh
wrote:
> Hello Tomcat user group,
>
> I hope that this question is valid cos I googled and many related issue
> like this pointed to server problem.
>
> Tomcat version : 8.5.24
> IDE : Eclipse Oxygen
> OS : Windows 10
>
> Basically, I have created a maven structured web app and after right-click
> my tutorRegister page, and the form submitted, http status 404 appeared.
>
> This is what appeared in my browser :
>
> /webApp-hi5/$%7BpageContext.request.contextPath%7D/addTutor
>
> I have checked my past project and there was no problem in getting the
> form submitted but when I made the project into maven type, I am getting
> the above error.
>
> action="${pageContext.request.contextPath}/addTutor"
>
> Here's my pom.xml ;
>
> 4.0.0
>
> com.hi5Supreme.web
> webApp-hi5
> 0.0.1-SNAPSHOT
> war
>
> webApp-hi5 Maven Webapp
>
>
> UTF-8
> 1.8
> 1.8
>
>
>
>
> webApp-hi5
>
>
> src/main/webapp
>
>
>
>
>
>
> maven-clean-plugin
> 3.0.0
>
>
>
>
> maven-resources-plugin
> 3.0.2
>
>
>
> maven-compiler-plugin
> 3.7.0
>
>
>
> maven-surefire-plugin
> 2.20.1
>
>
>
> maven-war-plugin
> 3.2.0
>
> webApp-hi5
>
>
>
>
> maven-install-plugin
> 2.5.2
>
>
>
> maven-deploy-plugin
> 2.8.2
>
>
>
>
>
>
> javax.servlet.jsp
> javax.servlet.jsp-api
> 2.3.1
> provided
>
>
> javax.servlet
> jsp-api
> 2.0
>
>
> jstl
> jstl
> provided
> 1.2
>
>
>
> org.lazyluke
> log4jdbc-remix
> 0.2.7
>
>
> mysql
> mysql-connector-java
> 8.0.12
> provided
>
>
> javax.servlet
> javax.servlet-api
> 3.1.0
> provided
>
>
> junit
> junit
> 4.11
> test
>
>
>
>
> Hope someone can let me know how if I have missed out anything.
>
> Tks.
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
Re: http status 404 - not found
On 18/11/2018 04:01, Karen Goh wrote:
> Hello Tomcat user group,
>
> I hope that this question is valid cos I googled and many related issue like
> this pointed to server problem.
The question is valid but this is an application problem, not a server
problem.
> Tomcat version : 8.5.24> IDE : Eclipse Oxygen
> OS : Windows 10
Thanks for the OS and Tomcat version information. I'd recommend you
include the version of Java you are using as well. Generally, the Tomcat
version is the most useful, followed by the Java version and then the OS
information.
> Basically, I have created a maven structured web app and after right-click my
> tutorRegister page, and the form submitted, http status 404 appeared.
>
> This is what appeared in my browser :
>
> /webApp-hi5/$%7BpageContext.request.contextPath%7D/addTutor
OK. Tomcat will decode those %nn sequences before mapping the request to
a servlet so Tomcat will see:
/webApp-hi5/${pageContext.request.contextPath}/addTutor
> I have checked my past project and there was no problem in getting the form
> submitted but when I made the project into maven type, I am getting the above
> error.
>
>action="${pageContext.request.contextPath}/addTutor"
The EL has not been processed. It has been treated as template text.
Since the string does not start with '/' it has been treated as relative
to the current page (which I assume was '/webApp-hi5/something').
You need to find out why the EL in the form isn't being processed as EL.
Things to look at:
- file name
- version declared for web.xml
- the JSP specification and look for "Deactivating EL"
> Here's my pom.xml ;
>
>
> javax.servlet.jsp
> javax.servlet.jsp-api
> 2.3.1
> provided
>
This appears to be relevant given what you'll find in the JSP specification.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
