Tomcat 8.5.4, Backup Manager and Serializable objects in httpSession

2017-05-29 Thread Jared Walker
Hello, I have a question about how BackupManager enforces or performs session replication. I have added print outs to the serializing methods of an object I'm binding to the http session. When I run a simple test (login to the server, shut it down, then try to refresh) I do not stay logged in.

QUIC

2017-05-29 Thread Einav Hollander
Hello, Are there plans to support the QUIC protocol in Apache Tomcat? When? Thanks, Einav

Re: Passing client certificate through Nginx to Tomcat SSL Valve

2017-05-29 Thread Mark Thomas
On 29/05/17 17:02, Christopher Schultz wrote: > Mark, > > On 5/29/17 11:40 AM, Christopher Schultz wrote: >> Mark, > >> On 6/23/16 7:58 AM, Mark Thomas wrote: >>> On a related topic, I wonder how tolerant >>> CertificateFactory.generateCertificate() is since that will have >>> an impact on

Re: trimSpaces removing whitespace from html

2017-05-29 Thread Mark Thomas
On 29/05/17 13:00, Konstantin Kolinko wrote: > 2017-05-29 11:43 GMT+03:00 Mark Thomas : >> On 26/05/17 21:33, Christopher Schultz wrote: >>> Would it be reasonable to change trimSpaces so that spaces within >>> element attributes would be normalized to a single space, and

Re: Passing client certificate through Nginx to Tomcat SSL Valve

2017-05-29 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 5/29/17 11:40 AM, Christopher Schultz wrote: > Mark, > > On 6/23/16 7:58 AM, Mark Thomas wrote: >> On a related topic, I wonder how tolerant >> CertificateFactory.generateCertificate() is since that will have >> an impact on exactly how

Re: Considering @serverEndPoint url for routing the request , if the request is of ws:// type

2017-05-29 Thread Bhuvan Gupta
Mark, >>Explicitly declare Tomcat's WebSocket filter and ensure it is the first filter in the processing chain. Can you please give a sample , how to create such filter. I looked into the documentation , but cant find it On Sun, May 28, 2017 at 3:44 PM, Mark Thomas wrote: >

Re: Passing client certificate through Nginx to Tomcat SSL Valve

2017-05-29 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 6/23/16 7:58 AM, Mark Thomas wrote: > On a related topic, I wonder how tolerant > CertificateFactory.generateCertificate() is since that will have > an impact on exactly how smart the SSLValve needs to be. Tested with Oracle Java

Re: Security Headers Implementation in Tomcat 6.x version

2017-05-29 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mohammad, On 5/29/17 7:34 AM, Shaik, Mohammad N. wrote: > Based on your inputs, we are thinking to put Apache httpd in front > of Tomcat 6 server, since our header configuration is going to be > static. This might not be a bad idea for a number

Re: Passing client certificate through Nginx to Tomcat SSL Valve

2017-05-29 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Lucas, On 5/27/17 9:41 AM, Lucas Ventura Carro wrote: >> On 23/06/2016 12:58, Mark Thomas wrote: Smarter sounds good to >> me. Why not try and write a patch for this? > > I work faster with github pull-requests :) >

Re: trimSpaces removing whitespace from html

2017-05-29 Thread Konstantin Kolinko
2017-05-29 11:43 GMT+03:00 Mark Thomas : > On 26/05/17 21:33, Christopher Schultz wrote: >> Mark, >> >> On 5/26/17 6:59 AM, Mark Thomas wrote: >>> On 26/05/17 10:15, David Kavanagh wrote: Hey guys, Thanks for getting back to me. I didn't realise that the

Re: trimSpaces removing whitespace from html

2017-05-29 Thread David Kavanagh
Here is the link to the enhancement request. https://bz.apache.org/bugzilla/show_bug.cgi?id=45931 Thanks On 29 May 2017 at 13:32, David Kavanagh wrote: > > > On 29 May 2017 at 10:43, Mark Thomas wrote: > >> On 26/05/17 21:33, Christopher Schultz

RE: Security Headers Implementation in Tomcat 6.x version

2017-05-29 Thread Shaik, Mohammad N.
Hello Olaf, Thanks for your response! Based on your inputs, we are thinking to put Apache httpd in front of Tomcat 6 server, since our header configuration is going to be static. Can you please help us in identifying which version of Apache HTTP Server we can use for Tomcat 6 version? Also,

Re: trimSpaces removing whitespace from html

2017-05-29 Thread David Kavanagh
On 29 May 2017 at 10:43, Mark Thomas wrote: > On 26/05/17 21:33, Christopher Schultz wrote: > > Mark, > > > > On 5/26/17 6:59 AM, Mark Thomas wrote: > >> On 26/05/17 10:15, David Kavanagh wrote: > >>> Hey guys, > >>> > >>> Thanks for getting back to me. I didn't realise that

Re: trimSpaces removing whitespace from html

2017-05-29 Thread Mark Thomas
On 26/05/17 21:33, Christopher Schultz wrote: > Mark, > > On 5/26/17 6:59 AM, Mark Thomas wrote: >> On 26/05/17 10:15, David Kavanagh wrote: >>> Hey guys, >>> >>> Thanks for getting back to me. I didn't realise that the >>> attachments would be stripped.> Here are the two files in full. > >>

Re: trimSpaces removing whitespace from html

2017-05-29 Thread Mark Thomas
On 29/05/17 09:09, David Kavanagh wrote: > On 26 May 2017 at 22:33, Christopher Schultz > wrote: > > Mark, > > On 5/26/17 6:59 AM, Mark Thomas wrote: This is a potential use case for a recently closed (as WONTFIX) enhancement request:

Re: Security Headers Implementation in Tomcat 6.x version

2017-05-29 Thread Olaf Kock
Am 29.05.2017 um 07:59 schrieb Shaik, Mohammad N.: > We are using Tomcat 6.x version and we need to implement the following > headers in our environment. > > Headers: > 1) Strict-Transport-Security > 2) Content-Security-Policy > > 7) X-Robots-Tag > > When I checked the Tomcat 6 version

Re: How to implement Security Headers in Tomcat 6

2017-05-29 Thread manjesh
If the technology is java/j2ee then you can implements some sort of servlet filter where you can manipulate the HTTP response to add these headers for each outgoing response. I believe other platforms like .Net should also support similar feature to customize the request and response objects.

Re: trimSpaces removing whitespace from html

2017-05-29 Thread David Kavanagh
On 26 May 2017 at 22:33, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Mark, > > On 5/26/17 6:59 AM, Mark Thomas wrote: > > On 26/05/17 10:15, David Kavanagh wrote: > >> Hey guys, > >> > >> Thanks for getting back to me. I didn't

Change of status code for ClientAbortExceptions - bug?

2017-05-29 Thread Thomas Eliassen
Hi, Since https://bz.apache.org/bugzilla/show_bug.cgi?id=60718 (r1783148 in  tc8.5.x), ClientAbortExceptions are logged in the access log as status 500, changed from the previous status 200. Is this actually the desired behaviour? It doesn't seem appropriate to log a 500 as this isn't

How to implement Security Headers in Tomcat 6

2017-05-29 Thread Shaik, Mohammad N.
Hello, Can someone please let me know if the following headers are compatible with Tomcat 6.x version? If yes, then how do we enable them? Headers: 1) Strict-Transport-Security 2) Content-Security-Policy 3) Public-Key-Pins 4) X-Frame-Options 5) X-XSS-Protection 6) X-Content-Type-Options 7)

AW: Autodeploy servlets below webapps folder

2017-05-29 Thread Gubler, Ruediger
Hi, we have several servlets in webapps which are used by every project. We will move some third party servlets containg project spezific data into the project folder without and further config (autodeploy). With your suggestion we must generate a host for every project on the dev server