On Fri, May 8, 2020 at 9:07 PM calder wrote:
>
> On Fri, May 8, 2020, 19:20 Robert Hicks wrote:
>>
>> I am trying to find what the password complexity can be. I've looked at
>> several hardening guides and they are all "WordsLikeThis". Does the
>> shutdown password take symbols and numbers or at
On Fri, May 8, 2020, 19:20 Robert Hicks wrote:
> I am trying to find what the password complexity can be. I've looked at
> several hardening guides and they are all "WordsLikeThis". Does the
> shutdown password take symbols and numbers or at least hyphenated words?
>
We've never had occasion to
More test info trying to isolate the problem:
Task:
developing web app project on eclipse 2019 version. main project
includes a dependent project (sub-project) on the same eclipse.
Run main app as java app:
main app vm parameters include: -Dlog4j.configurationFile,
LogManager.getLogger()
I am trying to find what the password complexity can be. I've looked at
several hardening guides and they are all "WordsLikeThis". Does the
shutdown password take symbols and numbers or at least hyphenated words?
Thanks,
Bob
Got it! Using http://jhades.github.io/ it was quick and easy to find out
that the offending class was indeed loaded from two different jar files.
After I removed one of them casting worked with no issues. I didn't know
jar hell could result in ClassCastException, but you learn something new
every
On 08.05.20 19:50, Christopher Schultz wrote:
> Olaf,
>
> On 5/8/20 13:19, Olaf Kock wrote:
>
> > You might want to hunt down duplicate classes in the JAR files on
> > your classpath. Worst case: unpack them all in temporary
> > directories and check for occurrences of the filename. Make sure
>
Hi Mark,
I also use log4j2 in my web app. dev in eclipse, when adding the log4j2
jars to tomcat 7,8, or 9 runtime, it has this problem, log4j2.xml is
provided as VM parameter. Web app firsts instantiates log4j2, and then
tries to config log4j2 again, throwing the following error due to double
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Olaf,
On 5/8/20 13:19, Olaf Kock wrote:
>
> On 08.05.20 18:23, Jonathan Yom-Tov wrote:
>> Oops, my bad But that still leaves my original issue: why do I
>> get a ClassCastException casting RedissonSessionManager to
>> RedissonSessionManager?
>
>
On 08.05.20 18:23, Jonathan Yom-Tov wrote:
> Oops, my bad But that still leaves my original issue: why do I get a
> ClassCastException casting RedissonSessionManager to
> RedissonSessionManager?
The *only* reason that I've ever seen this happens (e.g. a class can't
be typecast to a legitimate
Hi Chris,
my web app META-INF/lib has log4j jar, but CATALINA_BASE/lib does not have
log4j jar listed.
It should be double loading class issue. I need to find out how to exclude
the unwanted classloading.
-aj
On Thu, May 7, 2020 at 2:48 PM Christopher Schultz <
ch...@christopherschultz.net>
Hi Luis, good blog for logging settings. thanks.
-aj
On Thu, May 7, 2020 at 11:42 PM Luis Rodríguez Fernández
wrote:
> Hello AjChen,
>
> Here [1] you can find an example of how I configured log4j2 in tomcat 9.
> You can skip all the bla, bla, bla and go directly to the gitthub repo [2]
> and
Oops, my bad But that still leaves my original issue: why do I get a
ClassCastException casting RedissonSessionManager to
RedissonSessionManager?
On Fri, 8 May 2020, 16:56 Luis Rodríguez Fernández,
wrote:
> Hello Jonathan,
>
> It is not exactly the same :), look at the "$2" appended at the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Daniel,
On 5/8/20 04:25, daniel@dell.com wrote:
> We are changing from Nio connector to APR connector to enable FIPS
> mode in tomcat. But we hit tomcat hang issue, ssl handshake no
> response when run long time. So many close_wait in netstat
Hello Jonathan,
It is not exactly the same :), look at the "$2" appended at the end.This is
an "anonymous inner class" [1]
Cheers,
Luis
[1]
https://stackoverflow.com/questions/11388840/java-compiled-classes-contain-dollar-signs
El vie., 8 may. 2020 a las 11:52, Jonathan Yom-Tov (<
This is very odd. I ran Tomcat with -verbose:class (see relevant output
below). The class is being loaded twice from the same location, I'm
guessing by two different class loaders. How can that be?
[Loaded org.redisson.tomcat.RedissonSessionManager from
Letsencrypt.org please save me from all these
attacks.
https://owasp.org/www-community/attacks/
List of Attacks
- [Binary Planting](https://owasp.org/www-community/attacks/Binary_planting)
- [Blind SQL
Injection](https://owasp.org/www-community/attacks/Blind_SQL_Injection)
- [Blind
Dear experts:
Nowadays, we are changing from Nio connector to APR connector to enable FIPS
mode in tomcat.
But we hit tomcat hang issue, ssl handshake no response when run long time.
So many close_wait in netstat output.
Do you have any advises about that issue?
BRs
Dan
On 08.05.20 09:37, Jonathan Yom-Tov wrote:
> Thanks Mark. Just tried that. I put the redisson-tomcat jar outside of
> WEB-INF/lib and added it with scope provided. I get the exact same issue.
> What am I doing wrong?
Make sure, it's actually gone from your webapp. Depending on the
deployment
Thanks Mark. Just tried that. I put the redisson-tomcat jar outside of
WEB-INF/lib and added it with scope provided. I get the exact same issue.
What am I doing wrong?
Here's my code:
HttpSession session = httpServletRequest.getSession(false);
try {
RedissonSessionManager rsm =
Hello AjChen,
Here [1] you can find an example of how I configured log4j2 in tomcat 9.
You can skip all the bla, bla, bla and go directly to the gitthub repo [2]
and run the example to have a look at the configuration.
Note: I've been running like this for a while in production, but I do think
Hello Krishna,
Me I would point my JRE_HOME or JAVA_HOME to the new installation. You can
have a look at the section 3.2 of the RUNNING.txt [1]
Hope it helps,
Luis
[1] https://tomcat.apache.org/tomcat-9.0-doc/RUNNING.txt
El mié., 6 may. 2020 a las 11:01, André Warnier (tomcat/perl) (<
21 matches
Mail list logo