Re: Enable HTTP Strict Transport Security (HSTS) in Tomcat 9.0.x

2022-04-28 Thread Peter Chiu 
This is what I am using. Hope this helps.

https://orclcs.blogspot.com/2017/04/enable-hsts-in-tomcat.html

On Thu, Apr 28, 2022 at 3:11 PM Kaushal Shriyan 
wrote:

> Hi,
>
> I am running the tomcat version 9.0.56 on CentOS Linux release 7.9.2009
> (Core) and trying to configure HTTP Strict Transport Security (HSTS)
> using /opt/tomcat9/conf/web.xml
>
> # ./version.sh
> Using CATALINA_BASE:   /opt/tomcat9
> Using CATALINA_HOME:   /opt/tomcat9
> Using CATALINA_TMPDIR: /opt/tomcat9/temp
> Using JRE_HOME:
>  /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.x86_64
> Using CLASSPATH:
> /opt/tomcat9/bin/bootstrap.jar:/opt/tomcat9/bin/tomcat-juli.jar
> Using CATALINA_OPTS:
> Server version: Apache Tomcat/9.0.56
> Server built:   Dec 2 2021 14:30:07 UTC
> Server number:  9.0.56.0
> OS Name:Linux
> OS Version: 3.10.0-1160.62.1.el7.x86_64
> Architecture:   amd64
> JVM Version:1.8.0_322-b06
> JVM Vendor: Red Hat, Inc.
> # cat /etc/redhat-release
> CentOS Linux release 7.9.2009 (Core)
> #
>
>
> > */opt/tomcat9/conf/web.xml*
> >   httpHeaderSecurity
> >
> >
> org.apache.catalina.filters.HttpHeaderSecurityFilter
> >   true
> >   
> > hstsEnabled
> > true
> >   
> >   
> > hstsMaxAgeSeconds
> > 31536000
> >   
> >   
> > hstsIncludeSubDomains
> > true
> >   
> > 
> > 
> >   httpHeaderSecurity
> >   /*
> >   REQUEST
> > 
>
>
> When I scan the https://tomcatURL FQDN using
> https://www.ssllabs.com/ssltest/ I do not see the Strict Transport
> Security
> response header. Please guide me. Thanks in advance
>
> Best Regards,
>
> Kaushal
>

Re: Apex SSO

2022-03-25 Thread Peter Chiu 
Hi Chris,

To implement APEX SSO, that requires NO change to tomcat. That is why I
tried not to post here.

Here is the blog for starters. https://fuzziebrain.com/content/id/1908/

If tomcat is behind a proxy (apache or nginx), we might need to change a
setting in server.xml to return the real hostname.

Hope this helps.

On Fri, Mar 25, 2022 at 8:54 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Peter,
>
> On 3/24/22 14:54, Peter Chiu wrote:
> > I will email you directly. For the group knowledge, there is nothing
> > special you need to do on Tomcat if it is not behind a proxy.
>
> Please post to the mailing list. It's not at all clear to me how you'd
> get Oracle APEX to deliver authentication information to Tomcat.
>
> Presumably, that's what Rupali is trying to accomplish and it would be
> helpful for the whole community to post back.
>
> -chris
>
> > On Thu, Mar 24, 2022 at 1:51 PM rupali singh 
> > wrote:
> >
> >> Hi Peter,
> >>
> >> Are u using apache web server with tomcat or its only tomcat  .
> >> if possible can you please share steps for azure AD with me on
> >> rupali.r.si...@gmail.com
> >>
> >>
> >>
> >> On Thu, 24 Mar 2022 at 21:21, Peter Chiu  wrote:
> >>
> >>> I have a working APEX SSO against Azure AD or On-Permise AD.
> >>>
> >>> On Thu, Mar 24, 2022 at 1:13 PM rupali singh  >
> >>> wrote:
> >>>
> >>>> HI Team,
> >>>>
> >>>> We are using apex 21.1 with tomcat 9.54.
> >>>> we want to implement SSO for application deployed in Apex  with IDCS
> >>>> reference URL :
> >>>>
> >>>>
> >>>
> >>
> https://www.ateam-oracle.com/post/integrating-apex-with-oracle-identity-cloud-service
> >>>>
> >>>> but apex is not at all redirecting to IDCS URL and as per Oracle issue
> >> is
> >>>> with tomcat .
> >>>>
> >>>> anyone successfully implemented APEX SSO( webserver : apache tomcat)
> >>> with
> >>>> Oracle IDCS
> >>>> or  APEX SSO( webserver : apache tomcat)  with Microsoft Azure AD.
> >>>> can you please assist us with steps.
> >>>>
> >>>> --
> >>>> Thanks and Regards,
> >>>> Rupali
> >>>>
> >>>
> >>
> >>
> >> --
> >> Thanks and Regards,
> >> Rupali
> >>
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Fwd: tomcat 9.50 - rewrite rule question

2022-03-24 Thread Peter Chiu 
Application builder->Your application->Shared Components->Application
Definition Attributes->Properties->Friendly URLs

On Thu, Mar 24, 2022 at 3:25 PM rupali singh 
wrote:

> Hi,
>
> How we can enable friendly url in apex?
>
>
>
> On Fri, Mar 25, 2022, 12:48 AM Peter Chiu  wrote:
>
> > Have you consider doing the following
> > 1. custom URL/domain, and
> > 2. enable Friendly URLs in APEX
> >
> > On Thu, Mar 24, 2022 at 3:09 PM Felix Schumacher <
> > felix.schumac...@internetallee.de> wrote:
> >
> > >
> > > Am 24.03.22 um 19:23 schrieb rupali singh:
> > >
> > > hi,
> > >
> > > yes context name is apex.
> > >
> > > Good to know.
> > >
> > >  https://xyz.ae/apex/f?p=1001 <https://xyz.com/apex/f?p=1001> <
> > https://xyz.com/apex/f?p=1001>   tohttps://xyz.ae/apex/myapp <
> > https://xyz.com/aorx/myapp> <https://xyz.com/aorx/myapp>
> > >
> > > we dont want to change xyz.ae that will name remain as it is , we want
> > to
> > > change f?p=1001 <https://xyz.com/apex/f?p=1001> <
> > https://xyz.com/apex/f?p=1001> to myapp
> > >
> > > Sorry, I don't understand, what you meant by the above.
> > >
> > > I suspect, that you wanted to show, what the user enters into the
> browser
> > > and where the application listens. But it doesn't really makes sense to
> > me.
> > >
> > > Reading your first mail again, I think, that you have a loadbalancer
> that
> > > listens on xyz.ae and that proxies to xyz.com (you mentioned port
> 8080,
> > > which is left out in all your examples). Is that right?
> > >
> > > Apart from that, I wanted to know, what you tried on a technical level.
> > > Have you tried the curl command that I gave as an example?
> > >
> > > Felix
> > >
> > > On Wed, 23 Mar 2022 at 19:23, Felix Schumacher <
> > felix.schumac...@internetallee.de> wrote:
> > >
> > >
> > > Am 23. März 2022 12:14:25 MEZ schrieb rupali singh <
> > rupali.r.si...@gmail.com>:
> > >
> > > Hi Chris,
> > >
> > > I already tried with fully qualified name but its not working
> > >
> > > Can you be more specific, what you tried?
> > >
> > > Is Chris right and your context name is apex?
> > >
> > > Felix
> > >
> > > On Tue, Mar 22, 2022, 7:15 PM Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> > >
> > >
> > > All,
> > >
> > > On 3/21/22 10:19, Felix Schumacher wrote:
> > >
> > > Am 21.03.22 um 06:39 schrieb rupali singh:
> > >
> > > Hi Felix,
> > >
> > > location of context.xml file is
> > >
> > >   cat context.xml| grep RewriteValve
> > >   > >
> > > className="org.apache.catalina.valves.rewrite.RewriteValve"
> > >
> > > />
> > >
> > >   pwd
> > > /opt/tomcat/apache-tomcat-9.0.54/instance/conf
> > >
> > > That context.xml is thought to be a default template for all installed
> > > webapps. It will work, but remember, that every installed webapp will
> > > get its own copy of a rewrite valve.
> > >
> > > +1
> > >
> > > This is probably the problem.
> > >
> > >
> > > more
> > >
> > >
> > >
> >
> /opt/tomcat/apache-tomcat-9.0.54/instance/webapps/ROOT/WEB-INF/rewrite.config
> > >
> > > RewriteCond %{QUERY_STRING} p=10001
> > > RewriteRule ^/apex/f$ /apex/myapp [R,L]
> > >
> > > I think you want:
> > >
> > > RewriteCond %{QUERY_STRING} p=10001
> > > RewriteRule ^/f$ /myapp [R,L]
> > >
> > > The prefix /apex is already a part of the context-path and should be
> > > removed from the URL patterns being matched. If you want to redirect to
> > > another web application, you need a fully-qualified redirect like this:
> > >
> > > RewriteCond %{QUERY_STRING} p=10001
> > > RewriteRule ^/f$ https://www.google.com/ [R,L]
> > >
> > > -chris
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > >
> > >  -
> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > >
> > >
> >
>

Re: Fwd: tomcat 9.50 - rewrite rule question

2022-03-24 Thread Peter Chiu 
Have you consider doing the following
1. custom URL/domain, and
2. enable Friendly URLs in APEX

On Thu, Mar 24, 2022 at 3:09 PM Felix Schumacher <
felix.schumac...@internetallee.de> wrote:

>
> Am 24.03.22 um 19:23 schrieb rupali singh:
>
> hi,
>
> yes context name is apex.
>
> Good to know.
>
>  https://xyz.ae/apex/f?p=1001  
>    tohttps://xyz.ae/apex/myapp 
>  
>
> we dont want to change xyz.ae that will name remain as it is , we want to
> change f?p=1001  
>  to myapp
>
> Sorry, I don't understand, what you meant by the above.
>
> I suspect, that you wanted to show, what the user enters into the browser
> and where the application listens. But it doesn't really makes sense to me.
>
> Reading your first mail again, I think, that you have a loadbalancer that
> listens on xyz.ae and that proxies to xyz.com (you mentioned port 8080,
> which is left out in all your examples). Is that right?
>
> Apart from that, I wanted to know, what you tried on a technical level.
> Have you tried the curl command that I gave as an example?
>
> Felix
>
> On Wed, 23 Mar 2022 at 19:23, Felix Schumacher 
>  wrote:
>
>
> Am 23. März 2022 12:14:25 MEZ schrieb rupali singh :
>
> Hi Chris,
>
> I already tried with fully qualified name but its not working
>
> Can you be more specific, what you tried?
>
> Is Chris right and your context name is apex?
>
> Felix
>
> On Tue, Mar 22, 2022, 7:15 PM Christopher Schultz 
>  wrote:
>
>
> All,
>
> On 3/21/22 10:19, Felix Schumacher wrote:
>
> Am 21.03.22 um 06:39 schrieb rupali singh:
>
> Hi Felix,
>
> location of context.xml file is
>
>   cat context.xml| grep RewriteValve
>  
> className="org.apache.catalina.valves.rewrite.RewriteValve"
>
> />
>
>   pwd
> /opt/tomcat/apache-tomcat-9.0.54/instance/conf
>
> That context.xml is thought to be a default template for all installed
> webapps. It will work, but remember, that every installed webapp will
> get its own copy of a rewrite valve.
>
> +1
>
> This is probably the problem.
>
>
> more
>
>
> /opt/tomcat/apache-tomcat-9.0.54/instance/webapps/ROOT/WEB-INF/rewrite.config
>
> RewriteCond %{QUERY_STRING} p=10001
> RewriteRule ^/apex/f$ /apex/myapp [R,L]
>
> I think you want:
>
> RewriteCond %{QUERY_STRING} p=10001
> RewriteRule ^/f$ /myapp [R,L]
>
> The prefix /apex is already a part of the context-path and should be
> removed from the URL patterns being matched. If you want to redirect to
> another web application, you need a fully-qualified redirect like this:
>
> RewriteCond %{QUERY_STRING} p=10001
> RewriteRule ^/f$ https://www.google.com/ [R,L]
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>  -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Apex SSO

2022-03-24 Thread Peter Chiu 
I will email you directly. For the group knowledge, there is nothing
special you need to do on Tomcat if it is not behind a proxy.

On Thu, Mar 24, 2022 at 1:51 PM rupali singh 
wrote:

> Hi Peter,
>
> Are u using apache web server with tomcat or its only tomcat  .
> if possible can you please share steps for azure AD with me on
> rupali.r.si...@gmail.com
>
>
>
> On Thu, 24 Mar 2022 at 21:21, Peter Chiu  wrote:
>
> > I have a working APEX SSO against Azure AD or On-Permise AD.
> >
> > On Thu, Mar 24, 2022 at 1:13 PM rupali singh 
> > wrote:
> >
> > > HI Team,
> > >
> > > We are using apex 21.1 with tomcat 9.54.
> > > we want to implement SSO for application deployed in Apex  with IDCS
> > > reference URL :
> > >
> > >
> >
> https://www.ateam-oracle.com/post/integrating-apex-with-oracle-identity-cloud-service
> > >
> > > but apex is not at all redirecting to IDCS URL and as per Oracle issue
> is
> > > with tomcat .
> > >
> > > anyone successfully implemented APEX SSO( webserver : apache tomcat)
> > with
> > > Oracle IDCS
> > > or  APEX SSO( webserver : apache tomcat)  with Microsoft Azure AD.
> > > can you please assist us with steps.
> > >
> > > --
> > > Thanks and Regards,
> > > Rupali
> > >
> >
>
>
> --
> Thanks and Regards,
> Rupali
>

Re: Apex SSO

2022-03-24 Thread Peter Chiu 
I have a working APEX SSO against Azure AD or On-Permise AD.

On Thu, Mar 24, 2022 at 1:13 PM rupali singh 
wrote:

> HI Team,
>
> We are using apex 21.1 with tomcat 9.54.
> we want to implement SSO for application deployed in Apex  with IDCS
> reference URL :
>
> https://www.ateam-oracle.com/post/integrating-apex-with-oracle-identity-cloud-service
>
> but apex is not at all redirecting to IDCS URL and as per Oracle issue is
> with tomcat .
>
> anyone successfully implemented APEX SSO( webserver : apache tomcat)  with
> Oracle IDCS
> or  APEX SSO( webserver : apache tomcat)  with Microsoft Azure AD.
> can you please assist us with steps.
>
> --
> Thanks and Regards,
> Rupali
>