Re: Tomcat server not considering Mime Type - Request urgent help!!
Pls check http response headers for the request to confirm if it's returning proper headers. Once they are in place then it may be to do with browser settings not processing headers. On Tue, Jan 12, 2021, 2:48 PM Jonnalagadda, Swathi (External) < swathi.jonnalaga...@xerox.com> wrote: > Hi Team > > We have an application deployed in tomcat9.0.38 server which generates an > xls file dynamically and saves at server end. When we try to access the > file using application frontend, it is neither showing up in excel format > nor showing up pop up to save the file instead it is showing the content of > xls file in xml format directly on the browser. > > Below mime type is set both at web.xml of webapplicatio end and as well as > Tomcat9038/conf/web.xml > > > xls > application/vnd.ms-excel > > > Could you please help in resolving the issue ASAP > > > Thanks > Swathi >
Re: Tomcat Displaying Login Page before redirecting to https
Mark, It definitely helped. Works like a charm now. I figure I only have about 10 more years of doing this stuff to start becoming reasonably educated in all of the ins and outs of tomcat. The deeper I get, the more I realize how many issues and problems you folks have had to deal with and resolve over the years. I really appreciate all of the help you and your team have been to me as I attempt to get everything working. Jerry On 1/12/2021 1:49 AM, Mark Thomas wrote: On 12/01/2021 00:45, Jerry Malcolm wrote: On 1/11/2021 6:11 PM, Mark Thomas wrote: On 12/01/2021 00:00, Jerry Malcolm wrote: I have a standalone tomcat. TC is configured to redirect any port 80 requests to https/443. It works fine on pages that aren't protected by web.xml security constraints. However, if a page is protected, the login page appears while still in non-ssl http mode. For years, I've had httpd sitting in front of TC handling the ssl stuff. So this is new territory for us. Have we got something misconfigured or perhaps out of order that is pushing the ssl redirect down in the process? Suggestions? How have you configured the http -> https redirect? Mark Hi Mark, This is a snippit from my main web.xml file: http://xmlns.jcp.org/xml/ns/javaee; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd; version="3.1"> Protected Context /* CONFIDENTIAL CorsFilter org.apache.catalina.filters.CorsFilter Hi Jerry, I suspect the issue is how security constraints are merged. URL patterns in security constraints behave differently to URL patterns in Servlets and Filters. For security constraints you take every constraint that matches the URL pattern (and the HTTP method but I'm ignoring that for simplicity) and merge them according to the rules in section 13.8.1. The key part is: "A security constraint that does not contain a user-data-constraint shall combine with other user-data-constraint to cause the unprotected connection type to be an accepted connection type." To put it another way, if you want everything to redirect from http to https, every security constraint needs to include a transport-guarantee of CONFIDENTIAL. HTH, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Join tables from different databases with tomcat datasource
The original question was about how to configure a tomcat datasource to connect to two separate databases on a single mysql query. My confusion came from the fact that the urls I'm using in the resource definition in tomcat server.xml include the database name. My original question assumed that I somehow needed to have a different datasource that referenced the other database and somehow use both datasources on one call. I was not aware that I could override the database defined in the TC datasource with a different database. So my question was indeed a Tomcat question and was not a sql question. The responses evolved into sql after the original question was answered. Thanks for the info. I did get it to work. Jerry On 1/12/2021 12:42 PM, Christopher Schultz wrote: Chris, Marking as OP since this is really a question about databases. On 1/11/21 14:15, Chris Cheshire wrote: On Jan 11, 2021, at 1:19 PM, Jerry Malcolm wrote: I have a query that needs to access tables in two different databases on the same mysql instance. I see how that can be done with the JOIN syntax in mysql. But datasource pools reference a single database, correct? I really need to 'join' two datasources for one sql call. I found info on doing this by embedding TC in the Spring framework. But I was hoping to not have to do a major restructuring. Is there a way to get a connection that attaches to two separate databases? If the databases are on the same MySQL instance, just adjust the grants for the user to be able to access tables in both datasources. +1 You will have to fully-qualify the table references in your queries like this: SELECT lt.foo, rt.bar FROM local_table lt JOIN other_db.remote_table rt ON lt.fk=rt.pk ; Hope that helps, -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat server not considering Mime Type - Request urgent help!!
Hi Team We have an application deployed in tomcat9.0.38 server which generates an xls file dynamically and saves at server end. When we try to access the file using application frontend, it is neither showing up in excel format nor showing up pop up to save the file instead it is showing the content of xls file in xml format directly on the browser. Below mime type is set both at web.xml of webapplicatio end and as well as Tomcat9038/conf/web.xml xls application/vnd.ms-excel Could you please help in resolving the issue ASAP Thanks Swathi
Re: Bug report: Default TLS version needs to be greater then 1.1
Aryeh, On 1/12/21 14:00, Aryeh Friedman wrote: As of the latest upgrade of Safari Apple now gives a warning dialog if a site uses https with TLS 1.0 or 1.1 (as per the NSA directive to discontinue all use of said versions). No directive from the US NSA. It's a recommendation. Apple and other browser vendors apply their own policies for this kind of thing. As of March 2020 (last year!), Firefox *disabled* TLSv1 and TLSv1.1 by default, then backed-off because apparently COVID-19 interferes with TLSv1.2 handshakes. Google deprecated those protocols a few months earlier and now they are disabled. Tomcat 9.0.35 (the latest available via ports on FreeBSD) defaults to TLS 1.1 when SSLProtocol="TLS". No, it doesn't. The default is to support TLSv1, TLSv1.1, TLSv1.2, and TLSv1.3. As per the above warning in Safari and the reason for it shouldn't Tomcat default to 1.2+ (I fixed it by adding sslEnabledProtocols="TLSv1.2" which as far I was able to determine is not documented anywhere except for the following on StackOverflow: https://stackoverflow.com/questions/9749339/does-tomcat-support-tls-v1-2) It might surprise you to know that it's documented in Tomcat's user guide: http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig The sslEnabledProtocols attribute on a was replaced a long time ago by the "protocols" attribute on an . It shoudl continue to work, but you are encouraged to use the new-style configuration as it's much more flexible and more obvious what's happening. Note that the client is in full control of the client "hello" portion of the TLS handshake where it advertises the protocol versions it wants to use. If it doesn't advertise "TLSv1.2" then you probably won't get that protocol. What you have done is disable versions below TLSv1.2, which is why Safari doesn't complain. My guess is that Safari tries the lowest protocol it understands first instead of trying to connect using the latest version first, and you see this error. To answer your question/statement about changing the default "protocols" to be TLSv1.2 (and not include the other protocols) in Tomcat, this is a choice for administrators to make. Changing the default may cause a lot of damage downstream. That said, we should probably change the default for Tomcat 10+ to be "TLSv1.2". I'll raise that on the dev@ list. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Bug report: Default TLS version needs to be greater then 1.1
As of the latest upgrade of Safari Apple now gives a warning dialog if a site uses https with TLS 1.0 or 1.1 (as per the NSA directive to discontinue all use of said versions). Tomcat 9.0.35 (the latest available via ports on FreeBSD) defaults to TLS 1.1 when SSLProtocol="TLS". As per the above warning in Safari and the reason for it shouldn't Tomcat default to 1.2+ (I fixed it by adding sslEnabledProtocols="TLSv1.2" which as far I was able to determine is not documented anywhere except for the following on StackOverflow: https://stackoverflow.com/questions/9749339/does-tomcat-support-tls-v1-2) -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
Re: [OT] Join tables from different databases with tomcat datasource
Chris, Marking as OP since this is really a question about databases. On 1/11/21 14:15, Chris Cheshire wrote: On Jan 11, 2021, at 1:19 PM, Jerry Malcolm wrote: I have a query that needs to access tables in two different databases on the same mysql instance. I see how that can be done with the JOIN syntax in mysql. But datasource pools reference a single database, correct? I really need to 'join' two datasources for one sql call. I found info on doing this by embedding TC in the Spring framework. But I was hoping to not have to do a major restructuring. Is there a way to get a connection that attaches to two separate databases? If the databases are on the same MySQL instance, just adjust the grants for the user to be able to access tables in both datasources. +1 You will have to fully-qualify the table references in your queries like this: SELECT lt.foo, rt.bar FROM local_table lt JOIN other_db.remote_table rt ON lt.fk=rt.pk ; Hope that helps, -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
FW: Tomcat 8.5.50.0: Unable to disable TLSv1.1 in protocol="org.apache.coyote.http11.Http11NioProtocol"
Hi, I'm running Tomcat 8.5.50.0 on JRE 1.8.0_241-b07 on Solaris 5.11. Like many other people, I've failed to disable TLSv1, TLSv1.1 etc. Here is a snippet of server.xml: sslEnabledProtocols="TLSv1.2,TLSv1.3" In fact, configuring any of these had absolutely no effect all and no message or error in catalina.out: sslEnabledProtocols="TLSv1.2,TLSv1.3" sslProtocol="TLSv1.2" protocols="TLSv1.2,TLSv1.3" Tomcat continues to happily allow a TLS1 connection: $ openssl s_client -connect 127.0.0.1:443