Re: Tomcat Session issue - Session not expiring on browser close event

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kiran, On 9/7/15 12:54 PM, Kiran Badi wrote: > I have few attributes saved in session they seems to living for > close to 30 minutes which is session timeout in web xml. > > I need to kill the session once the browser closes on the client > side.

Re: HTTP 400 with Form based authentication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sreyan, On 9/9/15 9:45 AM, Christopher Schultz wrote: > On 9/7/15 2:17 PM, Sreyan Chakravarty wrote: >> I have found the cause of the problem. It seems that there is no >> null checking in the DataSourceRealm in Tomcat. What I mean is >> that if a

Fwd: HTTP 400 with Form based authentication

I have found the cause of the problem. It seems that there is no null checking in the DataSourceRealm in Tomcat. What I mean is that if a particular user does not exist in the database and is credentials are returned as a null string then no null checking is specified. I would like to open this

Re: HTTP 400 with Form based authentication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sreyan, On 9/7/15 9:56 AM, Sreyan Chakravarty wrote: > I did what you said. That is pointing the web browser to a > protected resource without authentication and then logging in. It > works perfectly IF AND ONLY IF the credentials are ABSOLUTELY >

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Igor Cicimov [mailto:icici...@gmail.com] > Sent: Tuesday, September 08, 2015 10:09 PM > To: Tomcat Users List > Subject: RE: Multiple JSESSIONID cookies being presented. > > On 09/09/2015 7:13 AM, "Jeffrey Janner"

Re: HTTP 400 with Form based authentication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sreyan, On 9/7/15 2:17 PM, Sreyan Chakravarty wrote: > I have found the cause of the problem. It seems that there is no > null checking in the DataSourceRealm in Tomcat. What I mean is that > if a particular user does not exist in the database and

Fwd: Undefined behaviour with Credential Handler

Okay is if I have stored my password in my DB with SHA256 encryption, can the credential handler declared in the realm work if the it is declared with SHA512 ? As far as I know it must be same algorithm, salt and iterations for the hash to be matched perfectly. Now take my case-: Okay this

RE: seeking help with stabilizing the persistence of a JSESSIONID

Hi, thanks for following up! No, no luck at all. The web application I'm working with is based on Apache Cocoon 2.2, so, no JSPs in sight. I am actually weighing my options, I have a choice to either pursue making the current design work (i.e. try to get the session to stick around long enough

FW: Issue in reading SSL certificate

Dear, I am facing a very peculiar issue with the SSL certificate for Tomcat7. I am using Java 7 and Tomcat 1.7.075. and facing the below issue with the SSL certificate. I have followed the below steps to generate the certificate and apply same on server.xml. Generated the CSR file by using

Re: seeking help with stabilizing the persistence of a JSESSIONID

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/4/15 4:32 PM, Pottinger, Hardy J. wrote: >> Are you using AJP or HTTP as your proxy protocol? If AJP, are >> you using tomcatAuthentication="false" on your ? I'm >> not exactly sure what happens when you do that... you might get >> a

Re: [OT] Client not loading truststore or keystore

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Diarmuid, On 9/7/15 12:29 PM, dmccrthy wrote: > You were right. The issue was with the code our vendor supplied for > the Tomcat client webapp making outbound HTTPS connections. This > was not correctly overriding classes with the result that the >

Re: FW: Issue in reading SSL certificate

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hirnya, On 9/9/15 9:49 AM, Hirnya Kaushal wrote: > I am facing a very peculiar issue with the SSL certificate for > Tomcat7. I am using Java 7 and Tomcat 1.7.075. and facing the below > issue with the SSL certificate. I have followed the below

Re: DNS is hijacked and some filty AD is added at the bottom of our webpage

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Shi, On 9/9/15 10:46 AM, shi wrote: > Hi gurus, > > We have a website running at a tomcat. Its web pages looks good. > > Recently, we, however, find some of web pages contain the filthy AD > at the bottom of the page. > > We really could not

Re: Undefined behaviour with Credential Handler

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sreyan, On 9/8/15 6:31 AM, Sreyan Chakravarty wrote: > Okay is if I have stored my password in my DB with SHA256 > encryption, can the credential handler declared in the realm work > if the it is declared with SHA512 ? No. SHA256 and SHA512

Re: Unable to get the jmx information for tomcat 8 from command line(curl command)

On 9 Sep 2015 17:59, "Christopher Schultz" wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Andrew, > > On 9/8/15 9:21 AM, Andrew M wrote: > > Any idea why it is saying "401 Unauthorized" > > > I execute the following command: curl -1 --max-time 10 -s

Re: Errors at INFO level despite "Note: further occurrences of ... errors will be logged at DEBUG level."

> On 2015-08-20, at 06:03, Konstantin Kolinko wrote: > 2015-08-19 18:21 GMT+03:00 Robert Tupelo-Schneck : >> I'm running Tomcat 8.0.24. I see lots of errors in catalina.out with lines >> like >> >> Note: further occurrences of Cookie errors

Re: ServletRequest.getRemoteHost() not working when Tomcat is behind Nginx (Nginx as a reverse proxy)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Brian, On 9/8/15 5:16 PM, Brian wrote: > mm.. ... Well, so far I have always assumed that Tomcat > itself has always made this effort (assuming that it is enabled to > do so in the connector), so that when I execute the method I'm just >

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Sent: Tuesday, September 08, 2015 4:58 PM > To: Tomcat Users List > Subject: RE: Multiple JSESSIONID cookies being presented. > > > From: Jose María Zaragoza

DNS is hijacked and some filty AD is added at the bottom of our webpage

Hi gurus, We have a website running at a tomcat. Its web pages looks good. Recently, we, however, find some of web pages contain the filthy AD at the bottom of the page. We really could not understand why there are these filthy AD at the web page. We make sure the web page doesn't contain any

Re: Unable to get the jmx information for tomcat 8 from command line(curl command)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Andrew, On 9/8/15 9:21 AM, Andrew M wrote: > Any idea why it is saying "401 Unauthorized" > I execute the following command: curl -1 --max-time 10 -s -k -u > tomcat_jmx:'eyFW$&$FvSIp#FUk' --url > https://pentagon505:8443/deploy/jmxproxy? Your

Re: seeking help with stabilizing the persistence of a JSESSIONID

On 09/09/2015 21:30, Christopher Schultz wrote: > Hardy, > > On 9/9/15 4:22 PM, Pottinger, Hardy J. wrote: >> Ha, sorry for the useless detail :-) > > It's no problem. Stymied by the effective use of class extension > features in an OO language. :) > Is that enough of a clue? >>> Ha ha ha,

Re: seeking help with stabilizing the persistence of a JSESSIONID

Oh, yeah, duh, I will look at the Tomcat source, too. Thanks! Sent from my Zact Mobile phone. Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/9/15 4:22 PM, Pottinger, Hardy J. wrote: > Ha, sorry for the useless detail :-)

Re:DNS is hijacked and some filty AD is added at the bottom of our webpage

Hi gurus, Do you have some good suggestions/solutions for my issues? Thanks, At 2015-09-09 22:46:56, "shi" wrote: Hi gurus, We have a website running at a tomcat. Its web pages looks good. Recently, we, however, find some of web pages contain the filthy AD at the

Re: seeking help with stabilizing the persistence of a JSESSIONID

Here is the web.xml for the main UI webapp https://github.com/DSpace/DSpace/blob/master/dspace-xmlui/src/main/webapp/WEB-INF/web.xml Sent from my Zact Mobile phone. Mark Thomas wrote: On 09/09/2015 21:30, Christopher Schultz wrote: > Hardy, > > On 9/9/15 4:22 PM, Pottinger,

I'm searching for a parser of JSP

Hello, I want to make the JSP code analysis tool. I'm looking for a parser for that For example , when I write a JSP source code using Eclipse, it's tool can check if there is any specific description. But , there is no appropriate parser of JSP that can be used for such purposes .I require as

Re: I'm searching for a parser of JSP

Hi Kaori I don't know a parser for traditional jsp but if you use jspx then you can use any xml parser or the JspDocumentParser provided by Apache. Kind regards Mark Lovatt markmlov...@gmail.com uk.linkedin.com/in/mmlovatt Sent from my iPhone > On 10 Sep 2015, at 06:25, 八反田 香莉

Re: Multiple JSESSIONID cookies being presented.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 9/9/15 12:08 PM, Jeffrey Janner wrote: >> -Original Message- From: Caldarale, Charles R >> [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, September 08, >> 2015 4:58 PM To: Tomcat Users List >>

Re: Multiple JSESSIONID cookies being presented.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 9/4/15 4:40 PM, Jeffrey Janner wrote: > I'm surprised that Tomcat would use the "wrong" session id for > URL-rewriting when presenting the login screen. Are you saying > that, when showing the login page for /APP2, Tomcat will: > > a.

Re: HTTP 400 with Form based authentication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sreyan, On 9/9/15 12:49 PM, Sreyan Chakravarty wrote: > Okay can you please guide me on how to log the bug. That would be > great. If possible you could do it yourself also. 1. Register for Bugzilla at bz.apache.org 2. Fill-out this form:

Re: seeking help with stabilizing the persistence of a JSESSIONID

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/9/15 4:22 PM, Pottinger, Hardy J. wrote: > Ha, sorry for the useless detail :-) It's no problem. Stymied by the effective use of class extension features in an OO language. :) >>> Is that enough of a clue? >> Ha ha ha, no

Re: HTTP 400 with Form based authentication

Okay can you please guide me on how to log the bug. That would be great. If possible you could do it yourself also. And as far as opinions go I really don't know. The whole process of Realms seem confusing to me and its overtly complicated. Thanks for testing out the issue. On Wed, Sep 9, 2015

Re: Multiple JSESSIONID cookies being presented.

2015-09-09 18:08 GMT+02:00 Jeffrey Janner : >> -Original Message- >> From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] >> Sent: Tuesday, September 08, 2015 4:58 PM >> To: Tomcat Users List >> Subject: RE: Multiple

Re: Undefined behaviour with Credential Handler

Well I guess now its confirmed that it is a bug. Do you still need the code ? On Wed, Sep 9, 2015 at 8:55 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Sreyan, > > On 9/8/15 6:31 AM, Sreyan Chakravarty wrote: > > Okay is if

Re: DNS is hijacked and some filty AD is added at the bottom of our webpage

Use dnssec. Sent by Outlook for Android On Wed, Sep 9, 2015 at 8:13 AM -0700, "shi" > wrote: Hi gurus, We have a website running at a tomcat. Its web pages looks good. Recently, we, however, find some of web

[OT] PGP for Java

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, Sorry for the off-topic post, but this community has a variety of backgrounds and I've found it to be a good place to ask questions like this. Does anyone know of a good PGP library for Java? Most of the ones I've seen are just wrappers

Re: seeking help with stabilizing the persistence of a JSESSIONID

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hardy, On 9/9/15 3:54 PM, Pottinger, Hardy J. wrote: > Well... it occurred to me that from time to time we happen to have > stack traces show up in our log files due to some error or another, > and, I could just *look* at the log files. Sure

RE: seeking help with stabilizing the persistence of a JSESSIONID

On the off chance you need the full stack trace here it is: 2015-05-29 15:07:15,216 ERROR org.dspace.app.xmlui.cocoon.DSpaceCocoonServletFilter @ Serious Error Occurred Processing Request! org.springframework.web.util.NestedServletException: Handler processing failed; nested exception is

Re: DNS is hijacked and some filty AD is added at the bottom of our webpage

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Willem, On 9/9/15 12:54 PM, Willem van Zyl wrote: > Use dnssec. Is it possible for a server to force the use of DNSSEC? Just like X.509, you need to have a chain of trust between the client and the server, and if your ISP or OS doesn't support

Re: Undefined behaviour with Credential Handler

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sryan, On 9/9/15 12:50 PM, Sreyan Chakravarty wrote: > Well I guess now its confirmed that it is a bug. Do you still need > the code ? No, I don't think I will. However, since you wrote your own CredentialHandler, you could merely patch it to

RE: seeking help with stabilizing the persistence of a JSESSIONID

Ha, sorry for the useless detail :-) >> Is that enough of a clue? >Ha ha ha, no unfortunately not: pretty much all of the authenticators >extend from AuthenticatorBase, so the only thing it tells us is that >there is at least *some* authenticator. > >If nobody else replies, I'll try to

RE: seeking help with stabilizing the persistence of a JSESSIONID

Well... it occurred to me that from time to time we happen to have stack traces show up in our log files due to some error or another, and, I could just *look* at the log files. Sure enough, here's an example of one line of interest (there are many similar ones): at