Re: How to configure SPNEGO authentication with fallback to FORM auth?

2016-07-04 Thread Andrei Ivanov 
Hi Ken,
Would you mind posting the patch? :-)

On Thu, Jun 30, 2016 at 3:52 PM, ken edward  wrote:
> I did get it to work. Simply merged existing spnego and form auth valves
> together, I will try to post later..
>
> On Fri, Jun 24, 2016 at 6:21 PM, Terence M. Bandoian 
> wrote:
>
>> On 6/24/2016 10:45 AM, ken edward wrote:
>>
>>> On Fri, Jun 24, 2016 at 11:26 AM, Mark Thomas  wrote:
>>>
>>> On 24/06/2016 16:17, ken edward wrote:

> On Fri, Jun 24, 2016 at 10:46 AM, Mark Thomas  wrote:
>
> On 24 June 2016 14:22:32 BST, ken edward  wrote:
>>
>>> Hello,
>>>
>>> I have tomcat 8 on linux, configured with kerberos/SPNEGO
>>> authentication.
>>> All works well, but if the client cannot use kerberos to authenticate,
>>> it
>>> will not fallback to FORM authentication.
>>>
>>> I see some references that tomcat 8 does not do fallback negotiation
>>> for
>>> FORM auth. True?
>>>
>> Yes
>>
>> Any workarounds?
>>>
>> Nothing simple. Both SPNEGO and FORM have their complications. You'll
>>
> need

> to code some form of custom solution.
>>
>> Have a look in the archives. This has come up before and I think there
>>
> is

> some sample code that might get you most of the way there.
>>
>>
>>
>> I had already searched the mail archives, and did not see any sample
>
 code.

> If anyone has any insight, please do post some code fragments.
>
 I was thinking of this:
 http://wiki.apache.org/tomcat/SSLWithFORMFallback

 Not quite what you are looking for but it might help.


 I guess I need to extend the SPNEGO valve code in tomcat 8 to handle
>>> fallback to FORM auth, similar to SSLWIthFORMFallback. aaarg. Such a
>>> simple
>>> and essential use case. Perplexing that it is not implemented.
>>>
>>>
>>
>> If you get it working, you might consider submitting a patch.  Doing so
>> might save someone else from cursing under their breath.
>>
>> -Terence Bandoian
>> http://www.tmbsw.com/
>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to configure SPNEGO authentication with fallback to FORM auth?

2016-06-27 Thread Andrei Ivanov 
Hi André,
In my case, our form has a connection to the AD and a backup, where it
performs the authentication.


I would also be interested to get this sort of setup working to get
seamless authentication with a fallback to form.

On Sun, Jun 26, 2016 at 1:05 PM, André Warnier (tomcat)  wrote:
> On 24.06.2016 17:45, ken edward wrote:
>>
>> On Fri, Jun 24, 2016 at 11:26 AM, Mark Thomas  wrote:
>>
>>> On 24/06/2016 16:17, ken edward wrote:

 On Fri, Jun 24, 2016 at 10:46 AM, Mark Thomas  wrote:

> On 24 June 2016 14:22:32 BST, ken edward  wrote:
>>
>> Hello,
>>
>> I have tomcat 8 on linux, configured with kerberos/SPNEGO
>> authentication.
>> All works well, but if the client cannot use kerberos to authenticate,
>> it
>> will not fallback to FORM authentication.
>>
>> I see some references that tomcat 8 does not do fallback negotiation
>> for
>> FORM auth. True?
>
>
> Yes
>
>> Any workarounds?
>
>
> Nothing simple. Both SPNEGO and FORM have their complications. You'll
>>>
>>> need
>
> to code some form of custom solution.
>
> Have a look in the archives. This has come up before and I think there
>>>
>>> is
>
> some sample code that might get you most of the way there.
>
>
>
 I had already searched the mail archives, and did not see any sample
>>>
>>> code.

 If anyone has any insight, please do post some code fragments.
>>>
>>>
>>> I was thinking of this:
>>> http://wiki.apache.org/tomcat/SSLWithFORMFallback
>>>
>>> Not quite what you are looking for but it might help.
>>>
>>>
>> I guess I need to extend the SPNEGO valve code in tomcat 8 to handle
>> fallback to FORM auth, similar to SSLWIthFORMFallback. aaarg. Such a
>> simple
>> and essential use case. Perplexing that it is not implemented.
>>
>
> To me, the question here is more : if SPNEGO fails, and you fall back to
> form-based authentication, what are you going to authenticate *against*,
> once the user fills the form ?
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Http2UpgradeHandler error

2016-06-23 Thread Andrei Ivanov 
On Thu, Jun 23, 2016 at 2:52 PM, Mark Thomas <ma...@apache.org> wrote:
> On 22/06/2016 21:28, Andrei Ivanov wrote:
>> Yes, I can test.
>> 64-bit please.
>
> Thanks.
>
> It turned out not to be quite as simple as just a tc-native update.
> You'll need this dll:
> http://home.apache.org/~markt/dev/tc-native-debug/tcnative-1.dll
>
> and these class files:
> http://home.apache.org/~markt/dev/tc-native-debug/tomcat-8.5.3-patch.zip
>
> The dll should replace the tc-native DLL you are currently using.
>
> The class files patch the 8.5.3 release. They might work with other
> versions but if they don't work it won't be pretty. The class files
> should be unpacked from the zip placed in this directory:
> $CATALINA_BASE/lib/org/apache/tomcat/util/net
>
>
> Hopefully, everything should now just work when you use TLS. If it
> doesn't there will be some debug messages written to stdout by tc-native
> that should give me an idea of what is going wrong.
>
> Finally, I need to point out the obvious.
> The files above are not an official Apache release and are provided
> solely for debugging this issue only. You use these files at your own risk.
>
> Thanks for the offer to help,
>
> Mark
>

I ran the test, Tomcat doesn't log anymore errors, Firefox seems happy :-)

Tried with Chrome 51.0.2704.103 m, it also seems happy, showing h2
and/or spdy as protocol when loading various resources of the app.

Tried MS Edge, but that seems to use HTTP 1.1 for some reason.

Thank you.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Http2UpgradeHandler error

2016-06-22 Thread Andrei Ivanov 
On Wed, Jun 22, 2016 at 10:42 PM, Mark Thomas <ma...@apache.org> wrote:
> On 21/06/2016 17:36, Mark Thomas wrote:
>> On 21/06/2016 14:52, Mark Thomas wrote:
>>> On 21/06/2016 14:43, Andrei Ivanov wrote:
>>
>> 
>>
>>>> 21-Jun-2016 13:38:41.122 FINE [https-openssl-apr-8443-exec-6]
>>>> org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper.fillReadBuffer
>>>> An APR general error was returned by the SSL read operation on
>>>> APR/native socket [1,852,286,144] with wrapper
>>>> [org.apache.tomcat.util.net.
>>>> AprEndpoint$AprSocketWrapper@1dfa0278:1852286144]. It will be treated
>>>> as EAGAIN and the socket returned to the poller.
>>>> 21-Jun-2016 13:38:41.125 SEVERE [https-openssl-apr-8443-exec-6]
>>>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process Error
>>>> reading request, ignored
>>>>  java.lang.IllegalStateException
>>>
>>> Bingo!
>>>
>>> That proves the theory. Thanks for testing it so quickly. I should be
>>> able to put together a fix for this fairly quickly. I'll update this
>>> thread when I have the fix ready to test. If you're able to build Tomcat
>>> 8.5.x locally by then, great. If not, I can always provide a snapshot
>>> build for you to test with.
>>
>> This is going to take a little longer than I thought. I need to dig
>> deeper into the tc-native / OpenSSL code.
>
> Progress has been made.
>
> I think the root cause was a bug in tc-native (fixed for 1.2.8) that had
> an incomplete work-around applied in Tomcat. I've fixed this in
> tc-native 1.2.x. An update to tc-native 1.2.8 (when released) should be
> sufficient to fix this. If I upload a snapshot build of the 1.2.8-dev
> .dll somewhere would you be able to test it? Do you need 32-bit or 64-bit?

Yes, I can test.
64-bit please.

Thank you :-)

>
> Mark
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Http2UpgradeHandler error

2016-06-21 Thread Andrei Ivanov 
On Tue, Jun 21, 2016 at 4:52 PM, Mark Thomas <ma...@apache.org> wrote:
> On 21/06/2016 14:43, Andrei Ivanov wrote:
>> On Tue, Jun 21, 2016 at 4:01 PM, Mark Thomas <ma...@apache.org> wrote:
>>> On 21/06/2016 13:43, Mark Thomas wrote:
>>>
>>>> I'll take a look at the code and see if I can figure out how this is
>>>> happening. Are you able to build 8.5.x from source to test any changes I
>>>> might make?
>> If all it needs is a Java tools, I can build.
>
> Tomcat is a lot easier to build that it used to be. You need Ant, svn
> client and an internet connection. For details see:
> http://tomcat.apache.org/tomcat-8.5-doc/building.html
>
> If you prefer (although there are no explicit instructions) you can
> replace svn with git and use the mirror at:
> https://github.com/apache/tomcat85
>
>> Btw, tcnative is 1.2.7, the one that came in
>> apache-tomcat-8.5.3-windows-x64.zip.
>
> I guessed you were using that version but wanted to be sure.
>
>>> I have a theory which can be proved/disproved with some extra logging.
>
> 
>
>> Restarted Tomcat and Firefox.
>> The following are just from loading the login form and its
>> dependencies (css/js).
>
> 
>
>> 21-Jun-2016 13:38:41.122 FINE [https-openssl-apr-8443-exec-6]
>> org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper.fillReadBuffer
>> An APR general error was returned by the SSL read operation on
>> APR/native socket [1,852,286,144] with wrapper
>> [org.apache.tomcat.util.net.
>> AprEndpoint$AprSocketWrapper@1dfa0278:1852286144]. It will be treated
>> as EAGAIN and the socket returned to the poller.
>> 21-Jun-2016 13:38:41.125 SEVERE [https-openssl-apr-8443-exec-6]
>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process Error
>> reading request, ignored
>>  java.lang.IllegalStateException
>
> Bingo!
>
> That proves the theory. Thanks for testing it so quickly. I should be
> able to put together a fix for this fairly quickly. I'll update this
> thread when I have the fix ready to test. If you're able to build Tomcat
> 8.5.x locally by then, great. If not, I can always provide a snapshot
> build for you to test with.
>
> Mark

One more, for the fun :-)
Not sure if it's related:

21-Jun-2016 13:43:52.248 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.run Processing socket
[1,852,302,560] for event(s) [1]
21-Jun-2016 13:43:52.250 FINE [https-openssl-apr-8443-exec-3]
org.apache.tomcat.util.net.AprEndpoint$Poller.add Add to addList
socket [1,852,302,560], timeout [-1], flags [1]
21-Jun-2016 13:43:52.250 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.run Add to poller socket
[1,852,302,560]
21-Jun-2016 13:43:52.251 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.removeFromPoller
Attempting to remove [1,852,302,560] from poller
21-Jun-2016 13:43:52.254 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.run Processing socket
[1,852,302,560] for event(s) [1]
21-Jun-2016 13:43:52.255 FINE [https-openssl-apr-8443-exec-5]
org.apache.tomcat.util.net.AprEndpoint$Poller.add Add to addList
socket [1,852,302,560], timeout [-1], flags [1]
21-Jun-2016 13:43:52.256 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.run Add to poller socket
[1,852,302,560]
21-Jun-2016 13:43:52.259 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.removeFromPoller
Attempting to remove [1,852,302,560] from poller
21-Jun-2016 13:43:52.275 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.run Processing socket
[1,852,302,560] for event(s) [1]
21-Jun-2016 13:43:52.291 FINE [https-openssl-apr-8443-exec-6]
org.apache.tomcat.util.net.AprEndpoint$Poller.add Add to addList
socket [1,852,302,560], timeout [-1], flags [1]
21-Jun-2016 13:43:52.314 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.run Add to poller socket
[1,852,302,560]
21-Jun-2016 13:43:52.320 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.removeFromPoller
Attempting to remove [1,852,302,560] from poller
21-Jun-2016 13:43:52.325 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.run Processing socket
[1,852,302,560] for event(s) [1]
21-Jun-2016 13:43:52.333 FINE [https-openssl-apr-8443-exec-10]
org.apache.tomcat.util.net.AprEndpoint$Poller.add Add to addList
socket [1,852,302,560], timeout [-1], flags [1]
21-Jun-2016 13:43:52.338 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.run Add to poller socket
[1,852,302,560]
21-Jun-2016 13:43:52.342 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util

Re: Http2UpgradeHandler error

2016-06-21 Thread Andrei Ivanov 
On Tue, Jun 21, 2016 at 4:01 PM, Mark Thomas  wrote:
> On 21/06/2016 13:43, Mark Thomas wrote:
>
>> I'll take a look at the code and see if I can figure out how this is
>> happening. Are you able to build 8.5.x from source to test any changes I
>> might make?
If all it needs is a Java tools, I can build.

Btw, tcnative is 1.2.7, the one that came in
apache-tomcat-8.5.3-windows-x64.zip.

>
> I have a theory which can be proved/disproved with some extra logging.
>
> First, please add the following line to logging.properties and then restart.
> org.apache.tomcat.util.net.AprEndpoint.level = FINE
>
> Re-create the problem and then look for the following in the logs. Where
> you see {n} in the message below, it will be replaced by some value.
>
> An APR general error was returned by the SSL read operation on
> APR/native socket [{0}] with wrapper [{1}]. It will be treated as EAGAIN
> and the socket returned to the poller.
>
>
> Do you see messages like this in the logs?

Restarted Tomcat and Firefox.
The following are just from loading the login form and its
dependencies (css/js).

21-Jun-2016 13:38:38.276 FINE [https-openssl-apr-8443-Acceptor-0]
org.apache.tomcat.util.net.AprEndpoint.processSocketWithOptions socket
[1,852,261,520]
21-Jun-2016 13:38:38.302 FINE [https-openssl-apr-8443-exec-1]
org.apache.tomcat.util.net.AprEndpoint.setSocketOptions Negotiated
[h2] protocol using ALPN
21-Jun-2016 13:38:38.303 FINE [https-openssl-apr-8443-exec-1]
org.apache.tomcat.util.net.AprEndpoint$Poller.add Add to addList
socket [1,852,261,520], timeout [60,000], flags [1]
21-Jun-2016 13:38:38.303 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.run Add to poller socket
[1,852,261,520]
21-Jun-2016 13:38:38.304 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.removeFromPoller
Attempting to remove [1,852,261,520] from poller
21-Jun-2016 13:38:39.272 FINE [https-openssl-apr-8443-Acceptor-0]
org.apache.tomcat.util.net.AprEndpoint.processSocketWithOptions socket
[1,852,286,144]
21-Jun-2016 13:38:39.287 FINE [https-openssl-apr-8443-exec-2]
org.apache.tomcat.util.net.AprEndpoint.setSocketOptions Negotiated
[h2] protocol using ALPN
21-Jun-2016 13:38:39.287 FINE [https-openssl-apr-8443-exec-2]
org.apache.tomcat.util.net.AprEndpoint$Poller.add Add to addList
socket [1,852,286,144], timeout [60,000], flags [1]
21-Jun-2016 13:38:39.289 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.run Add to poller socket
[1,852,286,144]
21-Jun-2016 13:38:39.289 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.removeFromPoller
Attempting to remove [1,852,286,144] from poller
21-Jun-2016 13:38:40.020 FINE [https-openssl-apr-8443-Acceptor-0]
org.apache.tomcat.util.net.AprEndpoint.processSocketWithOptions socket
[1,852,294,352]
21-Jun-2016 13:38:40.041 FINE [https-openssl-apr-8443-exec-3]
org.apache.tomcat.util.net.AprEndpoint.setSocketOptions Negotiated
[h2] protocol using ALPN
21-Jun-2016 13:38:40.042 FINE [https-openssl-apr-8443-exec-3]
org.apache.tomcat.util.net.AprEndpoint$Poller.add Add to addList
socket [1,852,294,352], timeout [60,000], flags [1]
21-Jun-2016 13:38:40.043 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.run Add to poller socket
[1,852,294,352]
21-Jun-2016 13:38:40.043 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.removeFromPoller
Attempting to remove [1,852,294,352] from poller
21-Jun-2016 13:38:40.549 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.run Processing socket
[1,852,261,520] for event(s) [1]
21-Jun-2016 13:38:40.649 FINE [https-openssl-apr-8443-exec-4]
org.apache.tomcat.util.net.AprEndpoint$Poller.add Add to addList
socket [1,852,261,520], timeout [-1], flags [1]
21-Jun-2016 13:38:40.649 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.run Add to poller socket
[1,852,261,520]
21-Jun-2016 13:38:40.650 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.removeFromPoller
Attempting to remove [1,852,261,520] from poller
21-Jun-2016 13:38:41.119 FINE [https-openssl-apr-8443-Poller]
org.apache.tomcat.util.net.AprEndpoint$Poller.run Processing socket
[1,852,286,144] for event(s) [1]
21-Jun-2016 13:38:41.122 FINE [https-openssl-apr-8443-exec-6]
org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper.fillReadBuffer
An APR general error was returned by the SSL read operation on
APR/native socket [1,852,286,144] with wrapper
[org.apache.tomcat.util.net.
AprEndpoint$AprSocketWrapper@1dfa0278:1852286144]. It will be treated
as EAGAIN and the socket returned to the poller.
21-Jun-2016 13:38:41.125 SEVERE [https-openssl-apr-8443-exec-6]
org.apache.coyote.AbstractProtocol$ConnectionHandler.process Error
reading request, ignored
 java.lang.IllegalStateException
at

Http2UpgradeHandler error

2016-06-21 Thread Andrei Ivanov 
Hello,
Trying to upgrade from 8.0.35 to 8.5.3 (on Win 7 and JDK
1.8.0_92-b14), I ran into this error, using Firefox 47:

21-Jun-2016 11:13:01.689 SEVERE [https-openssl-apr-8443-exec-5]
org.apache.coyote.AbstractProtocol$ConnectionHandler.process Error
reading request, ignored
 java.lang.IllegalStateException
at 
org.apache.coyote.http2.Http2UpgradeHandler.fill(Http2UpgradeHandler.java:1087)
at 
org.apache.coyote.http2.Http2UpgradeHandler.fill(Http2UpgradeHandler.java:1063)
at 
org.apache.coyote.http2.Http2Parser.readConnectionPreface(Http2Parser.java:519)
at 
org.apache.coyote.http2.Http2UpgradeHandler.init(Http2UpgradeHandler.java:225)
at 
org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch(Http2UpgradeHandler.java:273)
at 
org.apache.coyote.http11.upgrade.UpgradeProcessorInternal.dispatch(UpgradeProcessorInternal.java:54)
at 
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:53)
at 
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785)
at 
org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2226)
at 
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)


This happened after the login formed was displayed and submitted, on
the 2nd screen of the app, on successful login.

The page was displayed as if the stylesheets were not loaded, just the
plain html rendered.

Clicking around I've just triggered this error:

21-Jun-2016 11:22:34.118 SEVERE [https-openssl-apr-8443-exec-5]
org.apache.coyote.AbstractProtocol$ConnectionHandler.process Error
reading request, ignored
 java.lang.ArrayIndexOutOfBoundsException: -3
at 
org.apache.coyote.http2.HpackDecoder.handleIndex(HpackDecoder.java:248)
at org.apache.coyote.http2.HpackDecoder.decode(HpackDecoder.java:99)
at 
org.apache.coyote.http2.Http2Parser.readHeaderBlock(Http2Parser.java:404)
at 
org.apache.coyote.http2.Http2Parser.readHeadersFrame(Http2Parser.java:246)
at org.apache.coyote.http2.Http2Parser.readFrame(Http2Parser.java:96)
at org.apache.coyote.http2.Http2Parser.readFrame(Http2Parser.java:68)
at 
org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch(Http2UpgradeHandler.java:291)
at 
org.apache.coyote.http11.upgrade.UpgradeProcessorInternal.dispatch(UpgradeProcessorInternal.java:54)
at 
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:53)
at 
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785)
at 
org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2226)
at 
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)

This one seems to be when loading
https://test:8443/enss/javax.faces.resource/angel/css/angel.css.jsf
Firebug shows a lot of aborted requests to other resources like these,
ending in css.jsf or js.jsf (loaded through the JSF filter from
Mojarra 2.2.13, with Primefaces 6.0).


Config details with modifications from the default follow:

conf/server.xml













conf/context.xml





Did I configure something wrong?

It's working fine with Tomcat 8.0, but I guess that's just using HTTP 1.1

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: env-entry with mapped-name

2015-11-16 Thread Andrei Ivanov 
Anybody? :-/

On Thu, Nov 12, 2015 at 1:10 PM, Andrei Ivanov <andrei.iva...@gmail.com>
wrote:

> Hi,
> After reading https://bitbucket.org/sgarlick/demo/wiki/JNDI, I tried to
> apply that to my app deployed on Tomcat:
>
> Tomcat context.xml has this entry:
> 
>
> The application web.xml has this entry:
> 
> spring.profiles.active
> java.lang.String
> java:comp/env/env/enss/profile
> 
>
> From what I understand, when Spring looks up
> java:comp/env/spring.profiles.active Tomcat should find it using the value
> provided in the mapped-name.
>
> It doesn't work and by looking at the Tomcat 8.0.28 sources, the
> mapped-name is just added in the properties of ContextEnvironment, but it's
> never used.
>
> Did I misunderstand what the mapped-name should do?
> Or is it a bug in Tomcat that it doesn't use mapped-name for anything?
>
> Thank you
>

env-entry with mapped-name

2015-11-12 Thread Andrei Ivanov 
Hi,
After reading https://bitbucket.org/sgarlick/demo/wiki/JNDI, I tried to
apply that to my app deployed on Tomcat:

Tomcat context.xml has this entry:


The application web.xml has this entry:

spring.profiles.active
java.lang.String
java:comp/env/env/enss/profile


>From what I understand, when Spring looks up
java:comp/env/spring.profiles.active Tomcat should find it using the value
provided in the mapped-name.

It doesn't work and by looking at the Tomcat 8.0.28 sources, the
mapped-name is just added in the properties of ContextEnvironment, but it's
never used.

Did I misunderstand what the mapped-name should do?
Or is it a bug in Tomcat that it doesn't use mapped-name for anything?

Thank you