Re: Access to source IP address during authentication and authorization

2017-08-08 Thread Zemian Deng 
Hi, how about extends the
"org.apache.catalina.authenticator.AuthenticatorBase"? or extends
"FormAuthenticator" if you are using form based. The base class is actually
a Valve, thus provide the "Request" object access. And to use it, just
simply add as a valve in your context xml file. If I understand it
correctly, this will override the default one.

On Tue, Aug 8, 2017 at 9:09 AM, Mark Thomas  wrote:

> On 08/08/17 14:01, Christopher Schultz wrote:
> > Mark,
> >
> > On 8/8/17 8:49 AM, Mark Thomas wrote:
> >> On 08/08/17 13:44, Christopher Schultz wrote:
> >
> >> 
> >
> >>> I have no problem with Tomcat having access to the IP address. I
> >>> just want Tomcat to make that IP address available to the
> >>> authenticator component in some way.
> >
> >> https://bz.apache.org/bugzilla/show_bug.cgi?id=59750
> >
> >> Implementing that in a way that is truly backwards compatible
> >> requires a little thought.
> >
> > I agree that backward-compatibility is a significant issue, since the
> > Realm interface hasn't changed since ... well, ever.
> >
> > How about cheating and using a ThreadLocal?
> >
> > try {
> >   tl.set(theRequest)
> >   authenticator.authenticate(username,password);
> > } finally {
> >   tl.set(null);
> > }
> >
> > ??
>
> Yuck.
>
> > For SecurityFilter, we added a sub-interface that adds more methods,
> > like this:
> >
> > authenticate(String username, String password);
> > authenticate(String username, String password, HttpServletRequest req);
> >
> > Then, the driver does this:
> >
> > if(realm instanceof ExtendedRealm)
> >   ((ExtendedRealm)realm).authenticate(username, password, theRequest);
> > else
> >   realm.authenticate(username, password);
>
> That could work for 8.5.x and earlier. We can use default methods in
> Tomcat 9.
>
> I was also thinking about the case where a custom component called the
> Realm (e.g. custom nested Realms). I'm not sure there is one solution
> that can cleanly handle all use cases. We probably need to go with the
> majority.
>
> > If using the HttpServletRequest itself is architecturally distasteful,
> > we could use some other kind of data object, or simply
> > java.lang.Object (which is a little distasteful itself).
>
> I have no problem with using the HttpServletRequest.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: [8.0.44] NPE when deploying to /manager/text/list with RemoteHostValve

2017-08-07 Thread Zemian Deng 
Hi Martynas, you are getting NPE because "request.getRemoteHost()" is
returning null value after you enableLookups! Maybe you have problem
resolving hostname in your env? Try to disable the valve and test "<%=
request.getRemoteHost() %>" in a simple jsp until you can get the right
value before re-enable the valve again.

--Zemian

On Mon, Aug 7, 2017 at 11:46 AM, Martynas Jusevičius  wrote:

> Hi,
>
> I'm deploying WAR from Jenkins Docker container to Tomcat Docker container.
>
> In server.xml I have enableLookups to enable DNS lookups
>
> connectionTimeout="2"
>redirectPort="8443"
>enableLookups="true"/>
>
> and in conf/Catalina/localhost/manager.xml I have
>
>   docBase="${catalina.home}/webapps/manager">
> allow="jenkins" />
> 
>
> There is also manager-script role and user in tomcat-users.xml but I won't
> post it because authentication works.
>
> The issue is RemoteHostValve. If I comment the Valve out, deployment works.
> If I enable it as shown here, in the localhost log I can see
>
> 07-Aug-2017 17:00:22.854 SEVERE [http-apr-8080-exec-1]
> org.apache.catalina.core.StandardHostValve.invoke Exception Processing
> /manager/text/list
>  java.lang.NullPointerException
> at java.util.regex.Matcher.getTextLength(Matcher.java:1283)
> at java.util.regex.Matcher.reset(Matcher.java:309)
> at java.util.regex.Matcher.(Matcher.java:229)
> at java.util.regex.Pattern.matcher(Pattern.java:1093)
> at
> org.apache.catalina.valves.RequestFilterValve.isAllowed(
> RequestFilterValve.java:377)
> at
> org.apache.catalina.valves.RequestFilterValve.process(
> RequestFilterValve.java:312)
> at
> org.apache.catalina.valves.RemoteHostValve.invoke(RemoteHostValve.java:84)
> at
> org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:141)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java:79)
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(
> AbstractAccessLogValve.java:620)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:88)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(
> CoyoteAdapter.java:502)
> at
> org.apache.coyote.http11.AbstractHttp11Processor.process(
> AbstractHttp11Processor.java:1132)
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.
> process(AbstractProtocol.java:684)
> at
> org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.
> run(AprEndpoint.java:2458)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(
> TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:748)
>
>
> Can anyone explain what the issue is and how to fix it?
>
> Thanks
>
> Martynas
>

Re: 404 - servlet not found (7.0.52)

2017-08-01 Thread Zemian Deng 
Tomcat should emit a parse error during deployment / startup of your
application something like

"SEVERE [localhost-startStop-1]
org.apache.tomcat.util.descriptor.web.WebXmlParser.parseWebXml Parse error
in application web.xml"

However the Tomcat server itself will continue to load and run. It just
that your webapp alone will failed to deploy.


On Tue, Aug 1, 2017 at 6:39 AM, Christoph Kukulies 
wrote:

> Argh. I solved it. I had a dangling servlet-mapping section in my web.xml.
> Weird, that tomcat doesn't report on this, or does it?
>
>
> Am 01.08.2017 um 12:09 schrieb Christoph Kukulies:
>
>> I'm pulling my hairs at the moment for a servlet is not being found which
>> worked before.
>>
>> I have a class in webapps/servlets/WEB-INF/classes/My.class and sections
>> in web.xml for this:
>>
>> 
>> My
>> My
>> 
>>
>> and a mapping:
>>
>> 
>> My
>> /servlet/My
>> 
>>
>>
>> What I did last was to add another class Mytest in the same directory.
>> But it gave an error 404 (found later that I forgot the mapping for that
>> class), deleted the lines for the servlet section for that again .
>>
>> I also deleted ~/work/Catalina and reverted everything back to the old
>> state (where only My was defined).
>>
>>
>> Now work/Catalina/localhost/servlets is empty (!?).
>>
>> The invoking page is:
>>
>> 
>> 
>> 
>>
>>
>> 
>> 
>>
>>
>>
>> I'm clueless at the moment.
>>
>> --
>>
>> Christoph
>>
>>
>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: starting tomcat at system boot

2008-08-20 Thread Zemian Deng 
On Tue, Aug 19, 2008 at 10:33 PM, Bill Barker [EMAIL PROTECTED] wrote:


 Markus Schönhaber [EMAIL PROTECTED] wrote in message
 news:[EMAIL PROTECTED]
  Zemian Deng wrote:
 
  When setting up tomcat during boot startup on a linux/unix, is there
 more
  advantage using jsrv that comes with Tomcat as describe here:
  http://tomcat.apache.org/tomcat-6.0-doc/setup.html
 
  VS
 
  Just a plain shell script that calls catalina.sh ?
 
  With jsvc Tomcat is able to bind to privileged ports (for example 80,
  443) and drop root privileges right afterwards.
  If you just use the shell scripts, you'd have to run Tomcat as root if
  you'd want it to bind to privileged ports[1].
 

 There is one other (usually small) advantage to jsvc.  With jsvc, the
 shutdown port isn't used, so only root can shutdown/restart Tomcat.  With
 the scripts, anyone with physical access to the machine can shutdown
 Tomcat.


ASWSOME!!! Great to know this one!

Thank you both for the information!



  Regards
   mks
 
  [1] OTOH, making Tomcat *accessible* through a privileged port doesn't
  necessarily mean that Tomcat has to *bind* to this port. Another
  possibility to achieve this is, for example, to use netfilter or
  something to redirect traffic from a privileged port to the
  non-privileged port that Tomcat listens on.
 
  -
  To start a new topic, e-mail: users@tomcat.apache.org
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
 
 




 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]




-- 
Sweet - a Scala web framework:
http://code.google.com/p/sweetscala

starting tomcat at system boot

2008-08-19 Thread Zemian Deng 
Hello list,

When setting up tomcat during boot startup on a linux/unix, is there more
advantage using jsrv that comes with Tomcat as describe here:
http://tomcat.apache.org/tomcat-6.0-doc/setup.html

VS

Just a plain shell script that calls catalina.sh ?

-- 
Sweet - a Scala web framework:
http://code.google.com/p/sweetscala

Re: Setting CATALINA_BASE failed with tomcat-6.0.18

2008-08-06 Thread Zemian Deng 
Hum... so it is a confirmed bug then. I don't see a ticket open on those
threads. Should I create one?

On Wed, Aug 6, 2008 at 11:14 AM, Rainer Jung [EMAIL PROTECTED]wrote:

 See also

 http://marc.info/?t=12180313421r=1w=2

 Regards,

 Rainer

 Zemian Deng schrieb:

  Hi Mark, I am away from a computer now. But the steps I gave to
 reproduce out of default download is only 4 steps!!!

 You can't see error using that?

 I guess I can check the log for the stacktrace later. The error on
 console did not give more than what I paste. And since the errror
 seems like it can't even start the server, I doubt more info from log.
 But I will check later.
 -Z



 On 8/6/08, Mark Thomas [EMAIL PROTECTED] wrote:

 Zemian Deng wrote:

 Hello list,

 When I try the following it works with tomcat-6.0.14, but failed on
 tomcat-6.0.18

 $ mkdir -p /tmp/mybase/conf
 $ cp /opt/apache-tomcat-6.0.18/conf/server.xml /tmp/mybase/conf
 $ export CATALINA_BASE=/tmp/mybase
 $ /opt/apache-tomcat-6.0.18/bin/catalina.sh run
 Using CATALINA_BASE:   /tmp/mytomcatbase
 Using CATALINA_HOME:   /opt/apache-tomcat-6.0.18
 Using CATALINA_TMPDIR: /tmp/mytomcatbase/temp
 Using JRE_HOME:
 /System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Home
 Exception in thread main java.lang.NoClassDefFoundError:

 Is this a bug?

 It would help if you provided more of the stack trace.

 Mark


 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]




-- 
Sweet - a Scala web framework:
http://code.google.com/p/sweetscala

Re: Setting CATALINA_BASE failed with tomcat-6.0.18

2008-08-06 Thread Zemian Deng 
am I sure? I think it is.

Well, I gave explicit 4 little instructions to repeat exactly what I found.

I read your post and by simply touch/create a empty file under
$CATALINA_BASE/conf/logging.properties and that indeed fixed the problem and
server starts up fine.

So call it same problem or not, it's up to you guys. All I am saying is that
using the CATALINA_BASE doesn't work with 6.0.18, but worked previously.

-Zemian

On Wed, Aug 6, 2008 at 5:45 PM, Rainer Jung [EMAIL PROTECTED] wrote:

 Are we sure, that you experience the same problem? In other words, is
 CATALINA_HOME/conf/logging.properties missing in your setup and does the
 suggested workaround to catalina.sh solve the problem for you?

 Regards,

 Rainer

 Zemian Deng schrieb:
  Hum... so it is a confirmed bug then. I don't see a ticket open on those
  threads. Should I create one?
 
  On Wed, Aug 6, 2008 at 11:14 AM, Rainer Jung [EMAIL PROTECTED]
 wrote:
 
  See also
 
  http://marc.info/?t=12180313421r=1w=2
 
  Regards,
 
  Rainer
 
  Zemian Deng schrieb:
 
   Hi Mark, I am away from a computer now. But the steps I gave to
  reproduce out of default download is only 4 steps!!!
 
  You can't see error using that?
 
  I guess I can check the log for the stacktrace later. The error on
  console did not give more than what I paste. And since the errror
  seems like it can't even start the server, I doubt more info from log.
  But I will check later.
  -Z
 
 
 
  On 8/6/08, Mark Thomas [EMAIL PROTECTED] wrote:
 
  Zemian Deng wrote:
 
  Hello list,
 
  When I try the following it works with tomcat-6.0.14, but failed on
  tomcat-6.0.18
 
  $ mkdir -p /tmp/mybase/conf
  $ cp /opt/apache-tomcat-6.0.18/conf/server.xml /tmp/mybase/conf
  $ export CATALINA_BASE=/tmp/mybase
  $ /opt/apache-tomcat-6.0.18/bin/catalina.sh run
  Using CATALINA_BASE:   /tmp/mytomcatbase
  Using CATALINA_HOME:   /opt/apache-tomcat-6.0.18
  Using CATALINA_TMPDIR: /tmp/mytomcatbase/temp
  Using JRE_HOME:
  /System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Home
  Exception in thread main java.lang.NoClassDefFoundError:
 
  Is this a bug?
 
  It would help if you provided more of the stack trace.
 
  Mark
 
  -
  To start a new topic, e-mail: users@tomcat.apache.org
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]

 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]




-- 
Sweet - a Scala web framework:
http://code.google.com/p/sweetscala

Re: Setting CATALINA_BASE failed with tomcat-6.0.18

2008-08-06 Thread Zemian Deng 
Hi Mark, I am away from a computer now. But the steps I gave to
reproduce out of default download is only 4 steps!!!

You can't see error using that?

I guess I can check the log for the stacktrace later. The error on
console did not give more than what I paste. And since the errror
seems like it can't even start the server, I doubt more info from log.
But I will check later.
-Z



On 8/6/08, Mark Thomas [EMAIL PROTECTED] wrote:
 Zemian Deng wrote:
 Hello list,

 When I try the following it works with tomcat-6.0.14, but failed on
 tomcat-6.0.18

 $ mkdir -p /tmp/mybase/conf
 $ cp /opt/apache-tomcat-6.0.18/conf/server.xml /tmp/mybase/conf
 $ export CATALINA_BASE=/tmp/mybase
 $ /opt/apache-tomcat-6.0.18/bin/catalina.sh run
 Using CATALINA_BASE:   /tmp/mytomcatbase
 Using CATALINA_HOME:   /opt/apache-tomcat-6.0.18
 Using CATALINA_TMPDIR: /tmp/mytomcatbase/temp
 Using JRE_HOME:
 /System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Home
 Exception in thread main java.lang.NoClassDefFoundError:

 Is this a bug?

 It would help if you provided more of the stack trace.

 Mark



 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]




-- 
Sweet - a Scala web framework:
http://code.google.com/p/sweetscala

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Setting CATALINA_BASE failed with tomcat-6.0.18

2008-08-05 Thread Zemian Deng 
Hello list,

When I try the following it works with tomcat-6.0.14, but failed on
tomcat-6.0.18

$ mkdir -p /tmp/mybase/conf
$ cp /opt/apache-tomcat-6.0.18/conf/server.xml /tmp/mybase/conf
$ export CATALINA_BASE=/tmp/mybase
$ /opt/apache-tomcat-6.0.18/bin/catalina.sh run
Using CATALINA_BASE:   /tmp/mytomcatbase
Using CATALINA_HOME:   /opt/apache-tomcat-6.0.18
Using CATALINA_TMPDIR: /tmp/mytomcatbase/temp
Using JRE_HOME:
/System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Home
Exception in thread main java.lang.NoClassDefFoundError:

Is this a bug?

-- 
Sweet - a Scala web framework:
http://code.google.com/p/sweetscala

link to Tomcat6 bug list

2008-05-13 Thread Zemian Deng 
Hi,

The bug report interface here:
https://issues.apache.org/bugzilla/query.cgi?product=Tomcat%206
will only display a specific word search. Is there a canned report URL
for showing all open issues for Tomcat6?

-- 
Thanks,
Zemian Deng

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

what's your best way to redeploy webapp with least amount of downtime?

2008-03-28 Thread Zemian Deng 
Hello list,

I have two instances of Tomcat running the same webapp behind a load
balancer. My current redeployment method is just simply shut one instance
down(undeploy), replace warfile, deploy latest war back online, and then
proceed to the seond instance.

This works most of the time, but for those users who are happens on the
instances I shut down, they lost the session at best, and lost a form
submission while middle of request at worst.

Can you share your story of how you solve your redeployment problem to keep
max availability of your webapp?

Thanks,
Zemian Deng

tomcat6 vs tomcat5 peformance

2008-03-28 Thread Zemian Deng 
Hello,

I did a load test on a single, static html (13K of text, few small images,
and a stylesheet) request on both default setup of tocmat6.0.14 and
tomcat5.5.23, and the result shown tomcat5.5 is twice as fast as the
tomcat6!

Is this a known fact? How should I tune tomcat6 to catch up with tomcat5 on
this static page?

-- 
Thanks,
Zemian Deng

Re: what's your best way to redeploy webapp with least amount of downtime?

2008-03-28 Thread Zemian Deng 
Hi Mark,
How do you - disable worker1 and still let Tomcat1 to process remaining
requests? I guess I am not sure what worker1 is, where to disable that.
Can you explain little more on this?

Yes, I have heard of LambdaProbe. I will check this out in more detail
later.

Thanks for sharing.
-Z

On Fri, Mar 28, 2008 at 9:53 AM, Mark Thomas [EMAIL PROTECTED] wrote:

 Zemian Deng wrote:
  Can you share your story of how you solve your redeployment problem to
 keep
  max availability of your webapp?

 1. Write stateless apps and where you can't, use sticky sessions and
 clustering.

 2. When upgrading. I:
  - disable worker1
  - wait for all requests on Tomcat 1 to complete (LambdaProbe is great for
 monitoring this and a bunch of other stuff)
  - upgrade Tomcat 1
  - enable worker 1
  - repeat for worker 2

 Using this approach I never had any downtime associated with an upgrade.
 There were plenty of other causes of downtime ;), but upgrade wasn't one
 of
 them.

 Mark


 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]




-- 
Thanks,
Zemian Deng