Something I still don't quite understand, Re: Let's Encrypt with Tomcat behind httpd

[James H. H. Lampert]

Something just worked, that I wasn't expecting to work. Or rather, I was 
expecting it to work, but kill cert renewal.


The port 80 virtual host had

RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]


which I commented out, because https for that virtual host is a pure 
front-end for Tomcat, and of course, Certbot needs to stick something on 
the server that Let's Encrypt is expecting to be able to find.


So a few minutes ago, just for test purposes, I uncommented the above 
lines. Initially, it didn't work (it redirected the browser from 
http://foo.bar.com to a nonexistent https://www.foo.bar.com), but when I 
removed the "www" in the RewriteRule, changing the block to

RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]


it worked just fine.

So then, I did a "certbot renew --force-renewal" (expecting it to fail 
on the relevant cert, but in fact, it renewed just fine.


Not to look a gift equine in the masticatory orifice, but what am I 
missing here? What went right, when I was expecting it to go wrong? Why 
didn't the "rewrite" lines break renewal?


--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Login appears only once : solved

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Anwar,

On 8/18/20 17:42, Anwar AliKhan wrote:
> It came down to browser privacy and  security settings. Cleared all
> previous cookies and blocked third party cookies. Now Login appears
> every time in Google chrome.

None of that is necessary. Just "clear logins" from the site and you
are good. At least that's what Firefox calls it when it forgets all
HTTP Basic logins. Maybe Chrome doesn't have that.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl88XucACgkQHPApP6U8
pFgBFQ/8Cmg0sdFBev5CZPr3nDPRj/EdzRcbRShKcckN0ikWPbgAok4QfEzX0uBZ
n/w+EOpyrIgGWs7vmjxpftT8f6eQpRsDPGETNzefad8mpNxhTWhTXsyAkKn8wooP
CZ7iU91xgE/IpAjxAjHeIaFY1wEXlOWR1mM3njSsQLPfMBN/ITJaUSJjcPCzYJpn
VUhrpuOx7K57XF8bf+C4Ucl2A2fJ2LVxj15PmHkH30R34vN3Gk4GYgPvhhxD0Ymv
UgSCTqFy5k33YIZ9kprx3fGuuGDRFv2TtZaTTGGP4MKxYW3i3LvNf89D7yFkn/5i
9bN/uQGX7OthzJ4lCUa4gfothT3xGvMiw/QX4dHQsUOOaqIZCYJKPKh0mppK9xHb
g0UPnlTcJqdXY+BHEduNOHFLalZYECOqtYd0vXxAJv4MCbkRlswV3/TqBZ0Z2QaU
+jLLjBT82oAYEr1oyjzYlRxOVyIxryTnyCgo3S1QTSbs9QY4WHT544M5W+gZChWD
4vSmXfPtkT1I5cizYAH2L2Dcd98vk4LxW97sw00KRRNTu7S5jF1YF7Mv7mJMmcyo
PVveoflXu9uF7NVmDV0CeVGEokt3KsrdfzEx+8n50ZcyguCwv36D5rzIXCP2kFsp
DaENkjjhevDBK882mLTSOdVXP8sGYC3SrK2KGmNPdJaGJBvX0ww=
=pUL9
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Handling close_waits

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Norbert,

On 8/16/20 13:16, Norbert Elbanbuena wrote:
> I also noticed that while server receives the connection requests,
> we are seeing multiple requests from the same sources. Some same
> source requests (FIN-WAIT) are all in state while other same
> sources requests are in other state (some in FIN-WAIT or close_wait
> and some Established).
>
> Why are we seeing multiple requests from the same source at the
> same time? Doesn't each socket request exhaust a thread on the
> application?

Not always.

See the table at the bottom of this page:
http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#Connector_Compa
rison

The NIO and APR connectors are non-blocking while waiting for the
"next request", so if a client connects and never explicitly
disconnects, you can have a rising connection count without running
out of request-processing threads.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl88Xo4ACgkQHPApP6U8
pFjvVBAAneeiMR8ZeEwa2kzymC4PKAAu6ZhiBUjMpGeyfBjgPrOxegQV+9ucyOo/
Ydk++ubxpYu5NRVruvCyhGbKL6x0x8Ds9jUTKvctrMLrmXK2Fxm/+O50Y0Q2ddfr
n1QYT9jmlv4s9rybSoBinm6tOCTjZLxExp+f4eAgC6VM5Zfl9Z3QkvUHU+YoV1l6
S4AJteXjZZEytmURxtwYpmtHPVknWvg6vlGAP8FFbH2KAKoaqv0DUB+zWe3vtSoD
0+55j2mJJphQkY00nfqzxEZDgfy68+bcqA+eLPM7ya+DsDjHiaUWOXOFwA8hHAJ3
L7+USQtP28EgEvHU6LsTBwwZxIYo4bCIAiC/Ncs8AdxBUCDiq2dNaS+pESUIkef5
IgFu+mrcZycNxaabmebfiCexIt4Oc+JQzUo1VhGYEuulPic67WyYFeYAgoasSIqc
MBAwV6/ahYNfoZwiJWjBPkkGBTNDuVQbk8PNbJ9JmvP0yWVolZKZDr9OLJKVvfSF
r576LhEIa0fwdA1x115ipnjYGWzPaobnX7xzVjpNNUXtbISG9gGXut57z7u7Ttdw
AEBedOx3vFdmBIn4Rw4y3o8it7hOVlMNQqW6f4LW7+KCDKf3yK/4+dipF7exjh2e
+7dBdb0UU2xcLOre6ZRJD3XFp4V3bTYFu3QiZl2LStpJjMsfqmM=
=r7Rk
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: getting web application version string?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jason,

On 8/16/20 12:16, Jason Pyeron wrote:
> Is there a better way than this?

Yes.

> Specifically - detect running Tomcat, then if under Tomcat (today
> only interested in v7 and v9) obtain the version string as
> described [1] and shown on the Manager web application.

Once you've detected you are under Tomcat, just:

ServletContext ctx = ...; // Get it however

String webAppVersion =
(String)cts.getAttribute("org.apache.catalina.webappVersion");

Done.

In fact, you can probably both detect Tomcat and get the version
string at the same time, since it's unlikely any other container will
set that attribute.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl88XXQACgkQHPApP6U8
pFji9RAAgoET0rfK0Qeakblkg4Wl1h0SYe7dIjPyD9mtzvdyOpsT2C9a3wOF9JNV
Um0LsQ43d1bFpStVXLBgDsJwlRRdvgNV26Dt7UUkXbQ5o4Gsjd35aUnk1se3Wl89
m7CYcFxdF7RqsstKo5akyRZK5gXmf/LkmuQa/uqpbJr/7JKJkKAsfHu/vcB7nil8
PNFnmoQ557Q1Naq29mEQGPeHzUex3fz7YYXgtauvgz0rI1YBcK0uIikeqPtR5LcL
sK9yypt5X63R44/EQh2MBfvQyGw5EHcTm6JVGf5l7XzEWSfntwDwaXMZCwRbq2Op
i+m7W1SAQRyNCF8/ENVoNWqQjB2SQBQvsO0eCJ7QfXiw4qHcLNPEE235u9pQLdOd
TLzo/AnXB4FRB7r3nJYcdpNl0JPOUioyBonXoLcekklLn3gPhiK5FcI2+3QPAs7g
d6Yy1a+DLVN5Bj6cy7oxbhTA17LY0m9W8GE7d1ofc/rZBIST3zaCAcV1e0MHhELs
up9rVsZRJZ5samBxWvQN/CC3Rz2II1lda9QSxgik/r2ccms7shIRnOFPQqycYCao
gV/X75xvJwfhhJowPKskegv/zS+wdrSBSBqSbJZ2mTxJXrLYj5C/PDuEWJTzeI+q
meCJJVcHGpqslyblIrwvWW1RGY8aajV9LaLB3IWomeJEU9T3R30=
=Sq81
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 9 and FIPS-140

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Robert,

On 8/18/20 16:19, Robert Hicks wrote:
> Is this article good for enabling FIPS-140 for Tomcat 9?

[citation needed]

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl88XHcACgkQHPApP6U8
pFjw5Q/+PXzrigAURYaMW8OtPDMWoc1PnGiClAN6e6uiCkhHBIoXbcZe+LCckRVe
VmvjxNPjWIgf/Vu9LYxHpsw/OnmUj/hbBFshOTFf9/943Y+We0NDZOJV2ojsvBz+
8j4PcJnlN6RJrr64dt03J/aBf/ptuAaMB+Ir7sPHCAYcEm0946mSXzv5GOAP6MRy
bwQWqkXBzXew98cR+4g+6B64X9jFmIeo9Jmw1w7nlc3c8lbMyfs5Et2beNYTGVS/
7BDhRKiX+W57WnVyhtDlwNdFWUaJ/rny3bv14xoaav/UwBz9AlbFc8aZCkPVYtSV
SN+df6pAR458xEWNhnq31Gi3Sff14fBlIQNlPI7yjiprNl/FxJ7s2DEeQS+XzUv0
lGH/JEqxTkTYD80CM2etZp9c5cXbfDV5OyKtZuba1qNIcf52tnjUmc9nJELKV2Vc
ofCQT6a1MGwkwRuMTAFB9CERforfUwA/yZN9hU4FjPczHeEMcLN4pdiPCoROIE+M
Pd0W5xo/47pRG3Xzy8VtTKpIMafVZd0e+nYDvEHO7+kKRYUSpnaLPP49dXR+3fLW
ZuiskDpYhrcWEz5sWlXKD3mvGRv9cWfKTTotmQUQoS17acLHaBoS99ynXG2AIi0f
kola3Gu/UjB00Dnw9j6VW7+8s2dy87y0X4wWJqRgD1A8YBie2Ok=
=wFJ1
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Login appears only once

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Anwar,

On 8/18/20 14:45, Anwar AliKhan wrote:
> I rebooted the machine , then the login box appeared . Obviously
> this is not an ideal solution!

Which machine did you reboot? The Tomcat server or your own client
(browser)? Neither was necessary to get a login page.

Was the password you entered into tomcat-users.xml the same one you
provided when you first entered your username and password?

Sometimes, browsers don't bother to re-request pages when they think
they know the answer to the query (403). So maybe this was a
browser-cache issue? SHIFT-CTRL-R / SHIFT-CMD-R to fully-reload maybe?

- -chris

> On Tue, 18 Aug 2020, 19:07 Anwar AliKhan,
>  wrote:
>
>> Hi, I deployed an app called tomee using the tomcat manager app.
>>
>> The first time I selected the app in the tomcat manager to run
>> it. a login appeared asking for username and password.
>>
>> I had not set it up. So it took me to the 403  page .
>>
>> Now I have set  up tomee-admin user.
>>
>> I stopped restarted tomcat for it to register the contents of
>> tomcat-users.xml I no longer get the login Box. It goes straight
>> to the 403 page.
>>
>> *what is the problem ? Thanks for your help*
>>
>>
>>
>>   
>> 
>>  > username="tomee" password="tomee" roles="tomee-admin" /> HTTP
>> Status 403 – Forbidden --
>>
>> *Type* Status Report
>>
>> *Message* Access to the requested resource has been denied
>>
>> *Description* The server understood the request but refuses to
>> authorize it. -- Apache
>> Tomcat/9.0.37
>>
>
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl88XGQACgkQHPApP6U8
pFjtuxAAk7SmX3BVXXrIeJWkANJ0gaef3zmX48nIgewIJMsmQJIZx8Ax05dClaqM
F0S5kErMyba8OSo2R/5n1b3R0qCGIB3aFmStqTFY83Uw/cYrpRZA8mfgicvpNPZG
He6FBaUoDnRcZbuSpD8jRGnFQpt+gXVD5cNjg4TFd8pOijS0eZo+MtLEGI34iPed
fgY7ZFYuDKXge23fWhbeOH25fnEc+4KBivUbTAH34zlBTmRFb2lZxorq9s1rxl+r
ioO/mkTk/1ml9e+eGj3hPcUaY0bLuZhIEKjOw5p2jMlPbFNJDGJMpoBOUCNRJaxH
RlStmedLTHSlr2zT9Q/jqKfybacTN8ERIxTkhuBW9smBY/fAIo2UYnQS7Rma6U0w
8bN0NLAN/YNz4E3qg9F1Af0DX28gSGlRiL7mbDDjqWwJtT5rjKUpKHf65SqAoMq1
jU2edaQYpdX7wHgI9PT+omUcyRQwOPLn5Cawv7FKyGTA1hiO+DihW10UwlnmAO1s
P+dUvP/VA1c90y1FWelO1RS3wu9ElwetMp1hmv5cUkE37EKEVVmZoQY58cFvh+JD
kISgXgqVMfXqAb3lmvzLgUlk4rjVKA5v/ikad0bfQCjf8IoMcJnEB1HSArilmgeO
Yn0B0Ib+Aw3dsUKGn0fjcATg0TvW8a6YucKWOlOod04OGT7hGfs=
=G8E6
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat behind httpd, with Let's Encrypt and Certbot

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 8/17/20 03:50, Mark Thomas wrote:
> On 16/08/2020 18:00, James H. H. Lampert wrote:
>> Permit me to clarify:
>>
>> 1. The existing httpd server on this box, and its certbot setup
>> may be extended/expanded, but not otherwise disturbed.
>>
>> 2. Running Tomcat independently of httpd on this box is not an
>> option, because *both* are to be visible to the outside world on
>> port 443 of the same IP address. Doing so was not merely "an
>> option," but *mandatory* on the other box, which has Tomcat and
>> httpd on separate ports.
>>
>> 3. At this point, the concern is making certain that the httpd
>> virtual host for the new subdomain provides for the needs of both
>> Certbot and Tomcat. Then, I can worry about adding the new
>> subdomain to Certbot.
>
> First of all, to confirm I am reading the config correctly:
>
> - httpd redirects all http requests to https - anything proxied to
> Tomcat MUST have been received by httpd over https
>
> Given you don't mind whether proxying to Tomcat is over http or
> https, I recommend http and an http connector in Tomcat with the
> following settings:
>
> SSLEnabled="false", secure="true", scheme="https"

This is the right sauce for telling Tomcat that the request is secure
yet not encrypted, but that the reverse-proxy is handling the
encryption (which is why it's "secure").

But I wouldn't recommend this unless you are sure it will be on the
same box. If you decide to separate httpd from Tomcat on another
server, I'd recommend encrypting the connection between them. For
that, there is no need for a cert from a known CA: you can be your own
CA. Just mint your own cert which is valid however long you want,
install it in Tomcat, and make sure that httpd trusts it.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl88W6QACgkQHPApP6U8
pFjBRw/8C7VHEDxmbo2dvKnIA6/AIYu1NnrEdVYvVlBBDGYYcL35EJ5MgQFnkbEt
uXAfRE7YIBkePuC1/C4Z+4TQzYqws7GTmqsKxjrc4qwLx/nmBgNm4UumMMQI2lJT
htFbsNOJCshHw+260EQGSnF0qkSH+OU+Tg8oCLoJN8CpNHP7ND/rjJyEkKv0gfnq
vhY6BXEc1CLXtqNBAjRke2g6p3Z2xJhpVLkTauZ067wvOWbFq3SjapVK4fq1iFEO
4m6W7SURtKgZmflqtq8LDlHgmix63O61LldC1CunZObKW9FLxxqRCMRUmhKStDJw
+pmkjh11mtyILHhphuIjdKSdYsRere9JM0ewQ54JaAF2q7S5FXd1DPg328OfwnTh
tac0lBeRXxEzZyxxcT3bpIZpket6W0tqfD1Tn56++vEnzGKvfsb+px0oAufEab1p
HjmSmC823ixb0RSVP9V6DS9XapG6JoPnvnp10ekdlKF2XJ2uMB6j1+9oMy0pR/Rn
Q4faxJhm9dnuPSYdSeY9HXWdOUD3I1zudasJUhCMmwa9dc3VWmbxsn2F0/xxLTvF
FNbABkAnGo2rJ+dVqnyPtE2zQgRBZUVHuuGLxQFUsrB5bxnXnkTwD8pKBf8W64J+
L111/xdcZdYCCn1LY45uN7cnpsE+3TUtvzyovhhR2F0NCzVP3/o=
=oAo4
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat behind httpd, with Let's Encrypt and Certbot

[James H. H. Lampert]

Well, today, I brought the Tomcat server back up, and put the Virtual 
Host back into conf.d, and it worked.


Then I learned that my whole silly-go-round of a few months ago, trying 
to add the new subdomain to the existing certs, was completely 
unnecessary, that each subdomain's virtual host could point to its own 
cert file, and I also learned about "certbot renew --force-renewal" to 
test whether renewal would actually work (it does).


--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Login appears only once : solved

[Anwar AliKhan]

It came down to browser privacy and  security settings.
Cleared all previous cookies and blocked third party cookies.
Now Login appears every time in Google chrome.

On Tue, 18 Aug 2020, 22:13 Anwar AliKhan,  wrote:

> I have rebooted.
> Startup.sh
>
> Same tomcat-users.xml no other changes .
>
>
> With manager button  chrome going straight to 401.
>
> With Firefox manager button  -  login box appears works with username
> tomgui password tomcat as expected.
>
>
>
>
>
>
>
> On Tue, 18 Aug 2020, 21:55 Anwar AliKhan, 
> wrote:
>
>>
>> *With this tomcat-users.xml*
>> 
>> 
>>  
>> 
>> 
>> 
>>
>>
>> *Test*curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list
>> *Result*:
>> OK - Listed hosts
>> [localhost]:[]
>>
>>
>> I make same username and password for both admin-script & manager-gui
>> 
>> 
>> 
>>  
>> 
>> 
>> 
>>
>>
>> *Test*curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list
>> *Result:*
>> curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list
>> > http://www.w3.org/TR/html4/strict.dtd;>
>> 
>>  
>>   403 Access Denied
>>   

Re: Login appears only once

[Anwar AliKhan]

I have rebooted.
Startup.sh

Same tomcat-users.xml no other changes .


With manager button  chrome going straight to 401.

With Firefox manager button  -  login box appears works with username
tomgui password tomcat as expected.







On Tue, 18 Aug 2020, 21:55 Anwar AliKhan,  wrote:

>
> *With this tomcat-users.xml*
> 
> 
>  
> 
> 
> 
>
>
> *Test*curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list
> *Result*:
> OK - Listed hosts
> [localhost]:[]
>
>
> I make same username and password for both admin-script & manager-gui
> 
> 
> 
>  
> 
> 
> 
>
>
> *Test*curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list
> *Result:*
> curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list
>  http://www.w3.org/TR/html4/strict.dtd;>
> 
>  
>   403 Access Denied
>   

Re: Login appears only once

[Anwar AliKhan]

*With this tomcat-users.xml*


 





*Test*curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list
*Result*:
OK - Listed hosts
[localhost]:[]


I make same username and password for both admin-script & manager-gui



 





*Test*curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list
*Result:*
curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list
http://www.w3.org/TR/html4/strict.dtd;>

 
  403 Access Denied
  

Re: Login appears only once

[Anwar AliKhan]

*This works*
curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list
OK - Listed hosts
[localhost]:[]


I have rebooted and restarted the browser.
*BUT with the same tomcat-users.xml *

*It  is now going straight to 401.*

*with all three URL*
*http://localhost:8080/manager/status
*
http://localhost:8080/manager/html
http://localhost:8080/host-manager/html

*tomcat-usersxml*




 



401 Unauthorized
You are not authorized to view this page. If you have not changed any
configuration files, please examine the file conf/tomcat-users.xml in your
installation. That file must contain the credentials to let you use this
webapp.

For example, to add the manager-gui role to a user named tomcat with a
password of s3cret, add the following to the config file listed above.



Note that for Tomcat 7 onwards, the roles required to use the manager
application were changed from the single manager role to the following four
roles. You will need to assign the role(s) required for the functionality
you wish to access.

manager-gui - allows access to the HTML GUI and the status pages
manager-script - allows access to the text interface and the status pages
manager-jmx - allows access to the JMX proxy and the status pages
manager-status - allows access to the status pages only
The HTML interface is protected against CSRF but the text and JMX
interfaces are not. To maintain the CSRF protection:

Users with the manager-gui role should not be granted either the
manager-script or manager-jmx roles.
If the text or jmx interfaces are accessed through a browser (e.g. for
testing since these interfaces are intended for tools not humans) then the
browser must be closed afterwards to terminate the session.



On Tue, 18 Aug 2020, 20:46 ,  wrote:

> I was going to say it sounds like a persistent cookie...
>
>
> Dream * Excel * Explore * Inspire
> Jon McAlexander
> Asst Vice President
>
> Middleware Product Engineering
> Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions
>
> 8080 Cobblestone Rd | Urbandale, IA 50322
> MAC: F4469-010
> Tel 515-988-2508 | Cell 515-988-2508
>
> jonmcalexan...@wellsfargo.com
>
>
> This message may contain confidential and/or privileged information. If
> you are not the addressee or authorized to receive this for the addressee,
> you must not use, copy, disclose, or take any action based on this message
> or any information herein. If you have received this message in error,
> please advise the sender immediately by reply e-mail and delete this
> message. Thank you for your cooperation.
>
> -Original Message-
> From: Mark Thomas 
> Sent: Tuesday, August 18, 2020 1:57 PM
> To: users@tomcat.apache.org
> Subject: Re: Login appears only once
>
> On 18/08/2020 19:45, Anwar AliKhan wrote:
> > I rebooted the machine , then the login box appeared .
> > Obviously this is not an ideal solution!
>
> Did you close the browser between tests?
>
> Mark
>
>
> > On Tue, 18 Aug 2020, 19:07 Anwar AliKhan, 
> wrote:
> >
> >> Hi,
> >> I deployed an app called tomee using the tomcat manager app.
> >>
> >> The first time I selected the app in the tomcat manager to run it.
> >> a login appeared asking for username and password.
> >>
> >> I had not set it up. So it took me to the 403  page .
> >>
> >> Now I have set  up tomee-admin user.
> >>
> >> I stopped restarted tomcat for it to register the contents of
> >> tomcat-users.xml I no longer get the login Box. It goes straight to
> >> the 403 page.
> >>
> >> *what is the problem ? Thanks for your help*
> >>
> >>
> >>
> >> 
> >>   >> rolename="tomee-admin" />  >> roles="manager-gui"/>  >> roles="manager"/>  >> roles="tomee-admin" /> HTTP Status 403 – Forbidden
> >> --
> >>
> >> *Type* Status Report
> >>
> >> *Message* Access to the requested resource has been denied
> >>
> >> *Description* The server understood the request but refuses to
> >> authorize it.
> >> --
> >> Apache Tomcat/9.0.37
> >>
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Tomcat 9 and FIPS-140

[Robert Hicks]

Is this article good for enabling FIPS-140 for Tomcat 9?

Thanks,

Bob

RE: Login appears only once

[jonmcalexander]

I was going to say it sounds like a persistent cookie...


Dream * Excel * Explore * Inspire
Jon McAlexander
Asst Vice President

Middleware Product Engineering
Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com


This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

-Original Message-
From: Mark Thomas  
Sent: Tuesday, August 18, 2020 1:57 PM
To: users@tomcat.apache.org
Subject: Re: Login appears only once

On 18/08/2020 19:45, Anwar AliKhan wrote:
> I rebooted the machine , then the login box appeared .
> Obviously this is not an ideal solution!

Did you close the browser between tests?

Mark


> On Tue, 18 Aug 2020, 19:07 Anwar AliKhan,  wrote:
> 
>> Hi,
>> I deployed an app called tomee using the tomcat manager app.
>>
>> The first time I selected the app in the tomcat manager to run it.
>> a login appeared asking for username and password.
>>
>> I had not set it up. So it took me to the 403  page .
>>
>> Now I have set  up tomee-admin user.
>>
>> I stopped restarted tomcat for it to register the contents of 
>> tomcat-users.xml I no longer get the login Box. It goes straight to 
>> the 403 page.
>>
>> *what is the problem ? Thanks for your help*
>>
>>
>>
>> 
>>  > rolename="tomee-admin" /> > roles="manager-gui"/> > roles="manager"/> > roles="tomee-admin" /> HTTP Status 403 – Forbidden
>> --
>>
>> *Type* Status Report
>>
>> *Message* Access to the requested resource has been denied
>>
>> *Description* The server understood the request but refuses to 
>> authorize it.
>> --
>> Apache Tomcat/9.0.37
>>
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Login appears only once

[Mark Thomas]

On 18/08/2020 19:45, Anwar AliKhan wrote:
> I rebooted the machine , then the login box appeared .
> Obviously this is not an ideal solution!

Did you close the browser between tests?

Mark


> On Tue, 18 Aug 2020, 19:07 Anwar AliKhan,  wrote:
> 
>> Hi,
>> I deployed an app called tomee using the tomcat manager app.
>>
>> The first time I selected the app in the tomcat manager to run it.
>> a login appeared asking for username and password.
>>
>> I had not set it up. So it took me to the 403  page .
>>
>> Now I have set  up tomee-admin user.
>>
>> I stopped restarted tomcat for it to register the contents of
>> tomcat-users.xml
>> I no longer get the login Box. It goes straight to the 403 page.
>>
>> *what is the problem ? Thanks for your help*
>>
>>
>>
>> 
>> 
>> 
>> 
>> 
>> 
>> HTTP Status 403 – Forbidden
>> --
>>
>> *Type* Status Report
>>
>> *Message* Access to the requested resource has been denied
>>
>> *Description* The server understood the request but refuses to authorize
>> it.
>> --
>> Apache Tomcat/9.0.37
>>
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Login appears only once

[Anwar AliKhan]

I rebooted the machine , then the login box appeared .
Obviously this is not an ideal solution!



On Tue, 18 Aug 2020, 19:07 Anwar AliKhan,  wrote:

> Hi,
> I deployed an app called tomee using the tomcat manager app.
>
> The first time I selected the app in the tomcat manager to run it.
> a login appeared asking for username and password.
>
> I had not set it up. So it took me to the 403  page .
>
> Now I have set  up tomee-admin user.
>
> I stopped restarted tomcat for it to register the contents of
> tomcat-users.xml
> I no longer get the login Box. It goes straight to the 403 page.
>
> *what is the problem ? Thanks for your help*
>
>
>
> 
> 
> 
> 
> 
> 
> HTTP Status 403 – Forbidden
> --
>
> *Type* Status Report
>
> *Message* Access to the requested resource has been denied
>
> *Description* The server understood the request but refuses to authorize
> it.
> --
> Apache Tomcat/9.0.37
>

Login appears only once

[Anwar AliKhan]

Hi,
I deployed an app called tomee using the tomcat manager app.

The first time I selected the app in the tomcat manager to run it.
a login appeared asking for username and password.

I had not set it up. So it took me to the 403  page .

Now I have set  up tomee-admin user.

I stopped restarted tomcat for it to register the contents of
tomcat-users.xml
I no longer get the login Box. It goes straight to the 403 page.

*what is the problem ? Thanks for your help*









HTTP Status 403 – Forbidden
--

*Type* Status Report

*Message* Access to the requested resource has been denied

*Description* The server understood the request but refuses to authorize it.
--
Apache Tomcat/9.0.37