Re: security-constraint blocks welcome file with 403

[Addy D]

On Mon, Jun 19, 2017 at 3:09 PM, Mark Thomas  wrote:

> On 19/06/17 08:24, Greg Huber wrote:
> > Hello,
> >
> > If I add a security constrait to block direct access to jsp outside of
> > /WEB-INF/ it blocks the welcome-file with a 403.  Is there a caveat for
> > using this here?
>
> Your welcome file is invalid. It should be a file name without a path.
> Remember it applies to all directories, not just the web application root.
>
> Security constraints apply to welcome files.
>
> You'll need to use a servlet to do a forward to "WEB-INF/jsps/index.jsp"
>
> Mark
>
>
> >
> > 
> >  
> >  No direct JSP access
> >  
> >  No-JSP
> >  *.jsp
> >  
> >  
> >  no-users
> >  
> >  
> >
> >  
> >  Don't assign users to this role
> >  no-users
> >  
> >
> >  
> >  WEB-INF/jsps/index.jsp
> >  
> >
> > Cheers Greg
> >
>
> This is what I have done using spring.

@RequestMapping(value = { "/", "/login" })
public ModelAndView login(@RequestParam(value = "error", required =
false) String error,
@RequestParam(value = "logout", required = false) String
logout) {
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("login");
return modelAndView;
}

And my login.jsp file resides inside the WEB-INF/jsp/login.jsp

In case if you are using spring. ;)


>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Apache Tomcat 7 (7.0.78) - Introduction

[Addy D]

On Wed, May 31, 2017 at 1:01 PM, 付传淮 <337435...@qq.com> wrote:

> I am learning tomcat,I found such a title on the following page.
> http://tomcat.apache.org/tomcat-7.0-doc/introduction.html
> at all Introduction of the tomcat document,you can see:
>
> Context - In a nutshell, a Context is a web application.
>
> Term2 - This is it.
>
> Term3 - This is it!
>
> I do not understand what the Term 2 and 3 are doing, is this the key just
> like the key character reserved in Java?


I think they are just trying to explain the terminology used in their
document and Term1 and Term2 are example for it. So if I have understood it
correctly it is like *context *- In a nutshell, a Context is a web
application. explains the meaning of context. And context it self is a term
and hence it is in bold.

Re: Websocket & Logging

[Addy D]

Thank you all for helping out, it really solved my issue :)

On Thu, Mar 30, 2017 at 9:40 PM, Mark Thomas <ma...@apache.org> wrote:

> On 30/03/17 16:56, Addy D wrote:
> > On Thu, Mar 30, 2017 at 8:49 PM, Konstantin Kolinko <
> knst.koli...@gmail.com>
> > wrote:
> >
> >> 2017-03-30 12:15 GMT+03:00 Addy D <pathfinder2104.w...@gmail.com>:
> >>> I can see following in log, while starting tomcat:
> >>>
> >>> Mar 30, 2017 2:33:22 PM
> >>> org.springframework.web.socket.server.support.WebSocketHandlerMapping
> >>> registerHandler
> >>> INFO: Mapped URL path [/call] onto handler of type [class
> >>> org.springframework.web.socket.server.support.
> >> WebSocketHttpRequestHandler]
> >>>
> >>> Same kind of logs are also available when I run my Spring boot
> >> application,
> >>> in this app I am able to connect to wss://localhost:8443/call.
>
> 
>
> > No my application is not "ROOT",
>
> The the URL you quote above won't work.
>
> > i have my application as "myapp" but I
> > have a similar (almost same, I am moving spring boot app to tomcat)
> > spring-boot application which works fine with embedded tomcat in it with
> > the same url, in fact in application startup time, I see "/call" getting
> > registered in the tomcat log. as shown below.
>
> You have two options.
>
> 1. Rename myapp.war to ROOT.war
>
> 2. Use wss://localhost:8443/myappp/call to access your service
>
> I'd also recommend a careful read of the Servlet specification,
> particularly section 3.5 along with this page from the Tomcat docs:
> http://tomcat.apache.org/tomcat-8.5-doc/config/context.html#Naming
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Websocket & Logging

[Addy D]

On Thu, Mar 30, 2017 at 8:49 PM, Konstantin Kolinko <knst.koli...@gmail.com>
wrote:

> 2017-03-30 12:15 GMT+03:00 Addy D <pathfinder2104.w...@gmail.com>:
> > I can see following in log, while starting tomcat:
> >
> > Mar 30, 2017 2:33:22 PM
> > org.springframework.web.socket.server.support.WebSocketHandlerMapping
> > registerHandler
> > INFO: Mapped URL path [/call] onto handler of type [class
> > org.springframework.web.socket.server.support.
> WebSocketHttpRequestHandler]
> >
> > Same kind of logs are also available when I run my Spring boot
> application,
> > in this app I am able to connect to wss://localhost:8443/call.
>
> 1. Rules:
> http://tomcat.apache.org/lists.html#tomcat-users
> -> 6. Top-posting is bad.
>
> 2. What is the name of your web application? Is it "ROOT"?
> FAQ:
> https://wiki.apache.org/tomcat/HowTo#How_do_I_make_my_
> web_application_be_the_Tomcat_default_application.3F
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Sorry for top-posting.
No my application is not "ROOT", i have my application as "myapp" but I
have a similar (almost same, I am moving spring boot app to tomcat)
spring-boot application which works fine with embedded tomcat in it with
the same url, in fact in application startup time, I see "/call" getting
registered in the tomcat log. as shown below.

Mar 30, 2017 2:33:22 PM
org.springframework.web.socket.server.support.WebSocketHandlerMapping
registerHandler
INFO: Mapped URL path [/call] onto handler of type [class
org.springframework.web.socket.server.support.WebSocketHttpRequestHandler]

Same logs are there when I run my spring boot application, further more I
also tried about enabling logging in tomcat, so I can investigate the issue
further but I am not able to start full logging in tomcat as well, (I tried
modifying logging.properties, but the log levels are already set to FINE, I
am not sure what to do with it).

Re: Websocket & Logging

[Addy D]

I can see following in log, while starting tomcat:

Mar 30, 2017 2:33:22 PM
org.springframework.web.socket.server.support.WebSocketHandlerMapping
registerHandler
INFO: Mapped URL path [/call] onto handler of type [class
org.springframework.web.socket.server.support.WebSocketHttpRequestHandler]

Same kind of logs are also available when I run my Spring boot application,
in this app I am able to connect to wss://localhost:8443/call.



On Thu, Mar 30, 2017 at 11:16 AM, Addy D <pathfinder2104.w...@gmail.com>
wrote:

> Well, I haven't change the code, the thing was working with Spring boot
> (embedded tomcat) I just moved the code/app to an actual tomcat server.
>
> By trying the link from websocket.org I just wanted to confirm that
> nothing is wrong with my Java Script code or browser. I now come to a
> conclusion that something either on tomcat  or application side is missing.
>
> On Thu, Mar 30, 2017 at 12:43 AM, Igal @ Lucee.org <i...@lucee.org> wrote:
>
>> That means that the Endpoint at websocket.org is configured correctly.
>>
>> How doe that help troubleshooting your Endpoint?
>>
>> Igal Sapir
>> Lucee Core Developer
>> Lucee.org <http://lucee.org/>
>>
>> On 3/29/2017 12:10 PM, Addy D wrote:
>>
>>> No, I tried something different, I tried this url wss://
>>> echo.websocket.org,
>>> this one is working.
>>>
>>> On Wed, Mar 29, 2017 at 11:49 PM, Igal @ Lucee.org <i...@lucee.org>
>>> wrote:
>>>
>>> Can you access it in a non-secure protocol?  i.e. ws:// instaed of
>>>> wss://?
>>>>
>>>> Testing that can help eliminate possible issues.
>>>>
>>>> Igal Sapir
>>>> Lucee Core Developer
>>>> Lucee.org <http://lucee.org/>
>>>>
>>>>
>>>> On 3/29/2017 11:17 AM, Addy D wrote:
>>>>
>>>> The exact url I am trying to hit is : wss://localhost:8443/call
>>>>>
>>>>>
>>>>> On Wed, Mar 29, 2017 at 10:58 PM, Igal @ Lucee.org <i...@lucee.org>
>>>>> wrote:
>>>>>
>>>>> On 3/29/2017 2:17 AM, Addy D wrote:
>>>>>
>>>>>> Hello all,
>>>>>>
>>>>>>> I am facing an issue in my application, I want to know following
>>>>>>> things.
>>>>>>>
>>>>>>> 1. The tomcat is returning 404 for upgrade header (request to
>>>>>>> upgrade to
>>>>>>> websocket protocol). Do I need to configure anything here?
>>>>>>>
>>>>>>> What's the Endpoint that you've set up (and how did you set it up)?
>>>>>>>
>>>>>> What is the exact URL that you're trying to hit with the ws://
>>>>>> request?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> -
>>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>
>

Re: Websocket & Logging

[Addy D]

Well, I haven't change the code, the thing was working with Spring boot
(embedded tomcat) I just moved the code/app to an actual tomcat server.

By trying the link from websocket.org I just wanted to confirm that nothing
is wrong with my Java Script code or browser. I now come to a conclusion
that something either on tomcat  or application side is missing.

On Thu, Mar 30, 2017 at 12:43 AM, Igal @ Lucee.org <i...@lucee.org> wrote:

> That means that the Endpoint at websocket.org is configured correctly.
>
> How doe that help troubleshooting your Endpoint?
>
> Igal Sapir
> Lucee Core Developer
> Lucee.org <http://lucee.org/>
>
> On 3/29/2017 12:10 PM, Addy D wrote:
>
>> No, I tried something different, I tried this url wss://
>> echo.websocket.org,
>> this one is working.
>>
>> On Wed, Mar 29, 2017 at 11:49 PM, Igal @ Lucee.org <i...@lucee.org>
>> wrote:
>>
>> Can you access it in a non-secure protocol?  i.e. ws:// instaed of wss://?
>>>
>>> Testing that can help eliminate possible issues.
>>>
>>> Igal Sapir
>>> Lucee Core Developer
>>> Lucee.org <http://lucee.org/>
>>>
>>>
>>> On 3/29/2017 11:17 AM, Addy D wrote:
>>>
>>> The exact url I am trying to hit is : wss://localhost:8443/call
>>>>
>>>>
>>>> On Wed, Mar 29, 2017 at 10:58 PM, Igal @ Lucee.org <i...@lucee.org>
>>>> wrote:
>>>>
>>>> On 3/29/2017 2:17 AM, Addy D wrote:
>>>>
>>>>> Hello all,
>>>>>
>>>>>> I am facing an issue in my application, I want to know following
>>>>>> things.
>>>>>>
>>>>>> 1. The tomcat is returning 404 for upgrade header (request to upgrade
>>>>>> to
>>>>>> websocket protocol). Do I need to configure anything here?
>>>>>>
>>>>>> What's the Endpoint that you've set up (and how did you set it up)?
>>>>>>
>>>>> What is the exact URL that you're trying to hit with the ws:// request?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -
>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>>
>>>>>
>>>>>
>>>>>
>

Re: Websocket & Logging

[Addy D]

No, I tried something different, I tried this url wss://echo.websocket.org,
this one is working.

On Wed, Mar 29, 2017 at 11:49 PM, Igal @ Lucee.org <i...@lucee.org> wrote:

> Can you access it in a non-secure protocol?  i.e. ws:// instaed of wss://?
>
> Testing that can help eliminate possible issues.
>
> Igal Sapir
> Lucee Core Developer
> Lucee.org <http://lucee.org/>
>
>
> On 3/29/2017 11:17 AM, Addy D wrote:
>
>> The exact url I am trying to hit is : wss://localhost:8443/call
>>
>>
>> On Wed, Mar 29, 2017 at 10:58 PM, Igal @ Lucee.org <i...@lucee.org>
>> wrote:
>>
>> On 3/29/2017 2:17 AM, Addy D wrote:
>>>
>>> Hello all,
>>>>
>>>> I am facing an issue in my application, I want to know following things.
>>>>
>>>> 1. The tomcat is returning 404 for upgrade header (request to upgrade to
>>>> websocket protocol). Do I need to configure anything here?
>>>>
>>>> What's the Endpoint that you've set up (and how did you set it up)?
>>>
>>> What is the exact URL that you're trying to hit with the ws:// request?
>>>
>>>
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>>
>

Re: Websocket & Logging

[Addy D]

The exact url I am trying to hit is : wss://localhost:8443/call


On Wed, Mar 29, 2017 at 10:58 PM, Igal @ Lucee.org <i...@lucee.org> wrote:

> On 3/29/2017 2:17 AM, Addy D wrote:
>
>> Hello all,
>>
>> I am facing an issue in my application, I want to know following things.
>>
>> 1. The tomcat is returning 404 for upgrade header (request to upgrade to
>> websocket protocol). Do I need to configure anything here?
>>
> What's the Endpoint that you've set up (and how did you set it up)?
>
> What is the exact URL that you're trying to hit with the ws:// request?
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Websocket & Logging

[Addy D]

Details from firefox "Network" tab:


Request URL: https://localhost:8443/call
Request Method: GET
Status Code: 404



Request Headers:
Host: localhost:8443
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0)
Gecko/20100101 Firefox/51.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://localhost:8443
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nmwooZUzvtitW09NoWgk6g==
Connection: keep-alive, Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

Response Headers:
Content-Language: en
Content-Length: 994
Content-Type: text/html;charset=utf-8
Date: Wed, 29 Mar 2017 12:02:34 GMT

Console Output:
GET https://localhost:8443/call [HTTP/1.1 404  17ms]
Strict-Transport-Security: The connection to the site is untrustworthy, so
the specified header was ignored.[Learn More]  small_logo.png
Firefox can’t establish a connection to the server at
wss://localhost:8443/call.



On Wed, Mar 29, 2017 at 5:04 PM, Addy D <pathfinder2104.w...@gmail.com>
wrote:

> Hey Mark,
>
> Thanks for replying,  details are:
>
> 1. I am finding following things in the "Network" tab in chrome.
> a. General:
>
> Request URL:wss://localhost:8443/call
> Request Method:GET
> Status Code:404
>
>
> b. Response Header:
>
> HTTP/1.1 404
> Content-Type: text/html;charset=utf-8
> Content-Language: en
> Content-Length: 994
> Date: Wed, 29 Mar 2017 10:54:46 GMT
>
> c. Request Header:
>
> GET wss://localhost:8443/call HTTP/1.1
> Host: localhost:8443
> Connection: Upgrade
> Pragma: no-cache
> Cache-Control: no-cache
> Upgrade: websocket
> Origin: https://localhost:8443
> Sec-WebSocket-Version: 13
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87   Safari/537.36
> Accept-Encoding: gzip, deflate, sdch, br
> Accept-Language: en-US,en;q=0.8
> Sec-WebSocket-Key: 7QJCsfHPo++Q6d1L/MydLg==
> Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
>
> 2. Tomcat Logging:
> In conf/logging.properties I added following things.
>
> handlers = 1catalina.org.apache.juli.AsyncFileHandler,
> 2localhost.org.apache.juli.AsyncFileHandler, 
> 3manager.org.apache.juli.AsyncFileHandler,
> 4host-manager.org.apache.juli.AsyncFileHandler,
> 5websocket.org.apache.juli.AsyncFileHandler, java.util.logging.
> ConsoleHandler
>
>
> 5websocket.org.apache.juli.AsyncFileHandler.level = TRACE
> 5websocket.org.apache.juli.AsyncFileHandler.directory =
> ${catalina.base}/logs
> 5websocket.org.apache.juli.AsyncFileHandler.prefix = WEBSOCKET.
>
> org.apache.tomcat.websocket.server.level = FINE
>
> 3. About endpoints:
>
> I have an application where I have integrated Spring + Spring MVC +
> Spring Security + Spring websocket.
> Spring websocket class TextWebSocketHandler is extended and using it
> for communication between server and client.
>
> client side using simple JavaScript based WebSocket instance which
> takes a single url as an argument.
>
> The url is wss://localhost:8443/call. I have register this "/call" by
> overriding a method from WebSocketConfigurer.java as
>  shown below
>
>  @Override
> public void registerWebSocketHandlers(WebSocketHandlerRegistry
> registry) {
> registry.addHandler(callHandler(),
> "/call").setAllowedOrigins("*");
> }
>
> Regards
> Addy
>
> On Wed, Mar 29, 2017 at 3:32 PM, Mark Thomas <ma...@apache.org> wrote:
>
>> On 29/03/17 10:17, Addy D wrote:
>> > Hello all,
>> >
>> > I am facing an issue in my application, I want to know following things.
>> >
>> > 1. The tomcat is returning 404 for upgrade header (request to upgrade to
>> > websocket protocol). Do I need to configure anything here?
>>
>> It certainly looks like it. What URL are you sending the upgrade request
>> to?
>>
>> > 2. How to enable logging for particular package of tomcat ? (I tried
>> > changing logging.properties, added new logger over there but didn't
>> work).
>>
>> What did you try adding?
>>
>> > 3. How can I see, registered websocket endpoints, which are registered
>> by
>> > my application?
>>
>> Not easily. We need to think about adding some debug logging and/or JMX
>> information for this.
>>
>> How have you deploye

Re: Websocket & Logging

[Addy D]

Hey Mark,

Thanks for replying,  details are:

1. I am finding following things in the "Network" tab in chrome.
a. General:

Request URL:wss://localhost:8443/call
Request Method:GET
Status Code:404


b. Response Header:

HTTP/1.1 404
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 994
Date: Wed, 29 Mar 2017 10:54:46 GMT

c. Request Header:

GET wss://localhost:8443/call HTTP/1.1
Host: localhost:8443
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
Origin: https://localhost:8443
Sec-WebSocket-Version: 13
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87   Safari/537.36
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8
Sec-WebSocket-Key: 7QJCsfHPo++Q6d1L/MydLg==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

2. Tomcat Logging:
In conf/logging.properties I added following things.

handlers = 1catalina.org.apache.juli.AsyncFileHandler,
2localhost.org.apache.juli.AsyncFileHandler,
3manager.org.apache.juli.AsyncFileHandler,
4host-manager.org.apache.juli.AsyncFileHandler,
5websocket.org.apache.juli.AsyncFileHandler,
java.util.logging.ConsoleHandler


5websocket.org.apache.juli.AsyncFileHandler.level = TRACE
5websocket.org.apache.juli.AsyncFileHandler.directory =
${catalina.base}/logs
5websocket.org.apache.juli.AsyncFileHandler.prefix = WEBSOCKET.

org.apache.tomcat.websocket.server.level = FINE

3. About endpoints:

I have an application where I have integrated Spring + Spring MVC +
Spring Security + Spring websocket.
Spring websocket class TextWebSocketHandler is extended and using it
for communication between server and client.

client side using simple JavaScript based WebSocket instance which
takes a single url as an argument.

The url is wss://localhost:8443/call. I have register this "/call" by
overriding a method from WebSocketConfigurer.java as
 shown below

 @Override
public void registerWebSocketHandlers(WebSocketHandlerRegistry
registry) {
registry.addHandler(callHandler(),
"/call").setAllowedOrigins("*");
}

Regards
Addy

On Wed, Mar 29, 2017 at 3:32 PM, Mark Thomas <ma...@apache.org> wrote:

> On 29/03/17 10:17, Addy D wrote:
> > Hello all,
> >
> > I am facing an issue in my application, I want to know following things.
> >
> > 1. The tomcat is returning 404 for upgrade header (request to upgrade to
> > websocket protocol). Do I need to configure anything here?
>
> It certainly looks like it. What URL are you sending the upgrade request
> to?
>
> > 2. How to enable logging for particular package of tomcat ? (I tried
> > changing logging.properties, added new logger over there but didn't
> work).
>
> What did you try adding?
>
> > 3. How can I see, registered websocket endpoints, which are registered by
> > my application?
>
> Not easily. We need to think about adding some debug logging and/or JMX
> information for this.
>
> How have you deployed your WebSocket endpoints?
>
> Mark
>
>
> >
> > P.S I have configured my tomcat to support https, below is the line which
> > is used to configure https.
> >
> > " > keystoreFile="D:\Servers\tomcat-8.5.9\keystore.jks"
> keystorePass="password"
> > maxThreads="150" port="8443"
> > protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
> > secure="true" sslProtocol="TLS"/>   "
> >
> >
> > I am stuck at these places, I need a direction, it would be nice if
> anyone
> > can help me.
> >
> > Thanks & Regards
> > Addy
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Websocket & Logging

[Addy D]

Hello all,

I am facing an issue in my application, I want to know following things.

1. The tomcat is returning 404 for upgrade header (request to upgrade to
websocket protocol). Do I need to configure anything here?

2. How to enable logging for particular package of tomcat ? (I tried
changing logging.properties, added new logger over there but didn't work).

3. How can I see, registered websocket endpoints, which are registered by
my application?


P.S I have configured my tomcat to support https, below is the line which
is used to configure https.

"   "


I am stuck at these places, I need a direction, it would be nice if anyone
can help me.

Thanks & Regards
Addy