Re: Getting application root path before servlet is initialized?

2017-02-22 Thread Daniel Küppers 

Am 22.02.2017 um 11:19 schrieb Martin Knoblauch:

On Tue, Feb 21, 2017 at 8:55 PM, Mark Thomas  wrote:


On 21/02/2017 13:31, Martin Knoblauch wrote:

Hi,

  is there a way to find the absolute path of the application root before
the servlet is initialized?

Alternatively: is there a way to defer the initialization of a datasource
until the servlet is initialized?

Background: I have extended "org.apache.tomcat.jdbc.pool.

DataSourceFactory"

to automatically set credentials so that they are not stored in the
"Catalina/localhost/XXX.xml" file. Instead they are taken from encrypted
values in a file below the application root. Works fine if I know that

path

at "createDataSource" time.

And the decryption key for that file is stored where?

https://wiki.apache.org/tomcat/FAQ/Password



  Thanks for link. It clearly reflects my opinion as well, but the customer
demand is:

- no plain-text credentials (Big multinational company security policies -
fight them if you need the fun). And yes, this is all about making auditors
happy
- minimize the locations where credentials are stored. This is only lightly
related to the decrypt issue. Having to store identical stuff in more than
one place is opening up all other sorts of practical issues

  So, yes - any mechanism that can decrypt needs to store the key somewhere
and this just shifts away the problem from securing one item to securing
another one. In my case the application (that I will not reveal here)
stores encrypted DB credentials in its configuration and provides an API to
retrieve them decrypted. I guess, the key is somewhere in the source code
(likely obfuscated to prevent casual hacking by debugging). the less I know
... :-)


In order to avoid hard coding that path, I need a programmatic to find
that

value. Unfortunately the datasource is initialized before the servlet, so
"getRealPath()" is not working yet.

Environment is Tomcat 8 plus JDK 8. Plus an commercial application that I
do not want to name :-)

Ignoring what I suspect is a fundamental flaw in this plan, you probably
want a ServletContextListener and contextInitialized()



Thanks again for the hint. Will have a look. In the meanwhile  I found a
way by looking at

this.getClass().getProtectionDomain().getCodeSource().getLocation().getPath();

Adding some assumptions about the classpath (which are required to be true
in this whole context) this gives me the needed information :-)

Thanks
Martin


Mark


I could imagine that the use of a secure key-value store would be 
helpfull in this scenario.
vault is a great solution for this. quick googling [1] brings a tomcat 
implementation for vault.

If youre not allready familiar with vault, give it a try [2].

Daniel

[1] https://github.com/januslabs/tomcat-vault
[2] https://www.hashicorp.com/vault.html

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache TomCat 5.5

2016-09-14 Thread Daniel Küppers 



Hello EveryOne,

As new bee of Apache.  We have been using one of the old Apache TomCat on windows server 
2008R2, IIS 7.  After we purchased and installed the SSL certificate.  We need to apply a 
header directive in Apache "Strict-Transport-Security" so that our web site 
would be secured as the Government required.  My question is where can I insert this 
line?  In which and where's the files in Apache TomCat 5.5, JDK 8 updated 102.  Is it in 
the same server.xml file as we modified the connector for SSL.
Look forward to hearing from your supports.

Regards,


Mary Pham
Information Technology Specialist
National Institutes of Health Library
Division of Library Services
Office of Research Services
10 Center Drive, Room 1L07, MSC 1150
Bethesda, MD 20892-1150
T. 301.496.1506
maryp...@mail.nih.gov

Hello Mary,

you are using a quite outdated tomcat. A quick googling brought me to 
stackoverflow, which might solve the problem for your tomcat 5.5. the 
easiest way possible is to add a filter to your webapp and apply the 
HSTS header in the response. You can make use of the buildin HSTS 
support, if its possible to upgrade your tomcat to a recent version.
Related SO-Question: 
http://stackoverflow.com/questions/27541755/add-hsts-feature-to-tomcat


Best regards,

Daniel

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Log file setting.

2016-07-20 Thread Daniel Küppers 

James,
i think this is either a Log4j error or a custom one. It seems like the 
path for *IDOMailLOCAL1.log* is hard coded, as it's not present in the 
Log4j config file.
I would suggest you search your codebase for pattern like *IDOMail* 
(because the LOCAL1 might be generic, imho) or for the drive letter *D:*.

If that doesnt bring something up, try the Log4j user-list:

https://logging.apache.org/log4j/1.2/mail-lists.html

greetings

Daniel

Am 19.07.2016 um 23:33 schrieb Boyle, James A:

Hello,
I have a web app running on my workstation using Tomcat 7 and 
have the following entries in my console output. Any help would be appreciated. 
Thanks.

INFO: Initializing log4j from 
[file:///c://lbxdw_ido_obm//conf//LOCALlog4j_JAB.xml] This is the log4j config 
file and is a good file.
log4j:ERROR setFile(null,true) call failed. Not sure why this is being 
generated. I specify the Error appender in the config file appropriately
java.io.FileNotFoundException: D:\Apps\Tomcat 7.2\logs\IDOMailLOCAL1.log (The 
device is not ready) This is the issue. My D drive is the DVD drive, but the 
kicker is that I cant find anywhere in my app or within Tomcat where this 
setting is being made. Nothing residual in the registry. Is there some sort of 
.ini file that I am missing?

Log4j config file

http://jakarta.apache.org/log4j/; 
debug="true">

   
   
  
   


   
   
   
  
   


   
   
   
  
   


   
   


Jim Boyle
Wholesale Lockbox Technology
Bank of America
(617) 533-4532
james.a.bo...@baml.com

--
This message, and any attachments, is for the intended recipient(s) only, may 
contain information that is privileged, confidential and/or proprietary and 
subject to important terms and conditions available at 
http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended 
recipient, please delete this message.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Update path of executeable of a tomcat windows service

2016-02-22 Thread Daniel Küppers 

Am 22.02.2016 um 16:31 schrieb David kerber:

On 2/22/2016 10:12 AM, Fabian Birk wrote:

Hello,

I am using tomcat as a windows service and want to update the path of
executeable during my automated process via command line.
The Reason why I dont want to deinstall / install the service is, that I
want to keep the other informations like service user etc.

I have a tomcat 7 service (should work for all tomcat versions if 
possible)

and want to update it with the following command:

tomcat8 //US//TestService --DisplayName="TestService2" ^
--Install="..\Tomcat\x64\bin\tomcat8.exe"

The DisplayName is updated, install is not.

Is it even possible to change the path of executeable via tomcat?


I'm not sure about using a tomcat utility to do that, but I believe 
you can use the windows SC command to modify this setting.

You can actually change the binPath as suggested[1] like this:
sc config binPath=
Also you need administrative rights for the edit.

[1] http://stackoverflow.com/a/24877051/2614106


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat 7

2016-01-07 Thread Daniel Küppers 

Am 07.01.2016 um 11:50 schrieb ANISH S IYER:

hello

while am deploying java application in webapps,say test contains spring and
hibernate,with mysql db. it work normally

while i also deploy another apps in in the tomcat say demo, all deployment
are okay, but it accesses the database of test, instead of demo.
at can i do for resolving the issue..

i found your e-mail from tat help centre

let me know more details

I would appreciate if the question wouldn't be that poorly written, as 
its also hard to understand.
For me, it looks like youre deploying your webapp named *test* and 
*demo*, which accidently

share or have the same connection string to your mysql database.
Have a look at that, it might solve the problem.

--
Best regards

Daniel Küppers

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat caching

2015-11-16 Thread Daniel Küppers 



Am 16.11.2015 um 14:56 schrieb David E. Filip:

In my experience, the most common explanation (but certainly not the only!) for 
an active webapp to be occasionally and sporadically running extremely slow, 
but run fine at other times, is running low on heap space.

If you have not already, I would suggest checking the Tomcat Server Status app 
(http://localhost:8080/manager/status) and determine if any of the heaps are 
filling up while you are experiencing this slowness.  If they are, your app 
could be spending too much time waiting for the garbage collector, and you will 
need to increase the heap size in your startup file.

On Nov 16, 2015, at 6:45 AM, Konstantin Kolinko <knst.koli...@gmail.com> wrote:


2015-11-16 12:22 GMT+03:00 Daniel Küppers <dan...@tetralog.com>:

Hi,
i have a recurring issue, that tomcat caches my jsf webapp pages in a
strange manner.
Sometimes for multiple days/hours, one or two explict pages or the whole
webapp is loading very slowly.
My setup is a locally used tomcat 8.0.28 for debugging in Eclipse and a
local database.
The behaviour persists also after browser cache clearing and with different
browsers.
Does anyone else have seen this behaviour before?
Do i miss a specific parameter?


Your problem is "one or two explict pages or the whole webapp is
loading very slowly".  Why are you blaming caching?

Stack trace when application behaves slowly =? Is it know what it
actually does at that time?

Is the clock on your server set correctly?
Is autoDeploy tuned off on a Host, or it wastes time checking for
changes of a war file?
Is Jasper (JspServlet) configured with development=false, or it wastes
time checking and recompiling the pages?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Thanks for the replies. I will monitor the free heapspace from now on. 
If i see something that concludes to this problem, i'll let you know.
For which exact Memory Pool i should have a watchout? Here are my 
current used loads:

- PS Eden Space: 89%
- PS Old Gen: 4%
- PS Survivor Space: 33%
I dont get a stacktrace when the app runs slowly. I also only get this 
issues when the configuration is in developing mode. It persists even 
restarts.
Clock is set correctly, AutoDeploy is On, running in development mode 
(myFaces). I cant determine how Jasper should be configured.


Daniel

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat caching

2015-11-16 Thread Daniel Küppers 

Hi,
i have a recurring issue, that tomcat caches my jsf webapp pages in a 
strange manner.
Sometimes for multiple days/hours, one or two explict pages or the whole 
webapp is loading very slowly.
My setup is a locally used tomcat 8.0.28 for debugging in Eclipse and a 
local database.
The behaviour persists also after browser cache clearing and with 
different browsers.

Does anyone else have seen this behaviour before?
Do i miss a specific parameter?

Daniel

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org