Hello there,
My two cents: we have ORDS 20 over tomcat 9.0.41 authenticating against
keycloak IdP, however using SAML [1]. In tomcat we have the keycloak
connector [2] and for the APEX integration I developed a simple valve [3]
that injects a header with the username. This header is used by the AP
Hello Leo,
You can add your custom header in the response via the
HttpServletResponse.addHeader() [1] method.
Hope it helps,
Luis
[1]
https://tomcat.apache.org/tomcat-8.5-doc/servletapi/javax/servlet/http/HttpServletResponse.html#addHeader(java.lang.String,%20java.lang.String)
El lun, 17
Hello Chris,
- Manually create DOM: agree with you, I would not go in that direction. I
did it years ago when I developed a logout servlet for weblogic. You can
have a look at the code here [1] and feel my pain :)
- Library: I remember testing opensaml [2], it was the most popular at that
time but
Hello Patrick,
Check if you have also the webapps/manager/META-INF/context.xml By default
that RemoteAddrValve [1] configuration only allows connections from the
same host.
Cheers,
Luis
[1]
https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/valves/RemoteAddrValve.html
El mié, 24
Hello Susan,
org.apache.catalina.realm.JNDIRealm used the container log so
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = ALL
should give you some more details. By default these logs go to
the localhost.-MM-DD.log, if you want to print them in the console you
can always
Hello Ravi,
Here [1] upi can find an example of tomcat 9 + log4j2.
Hope it helps,
Luis
[1] https://github.com/lurodrig/log4j2-in-tomcat
El mié, 24 feb 2021 a las 17:09, Ravi Kumar ()
escribió:
> Hi Mark,
>
> Thanks for the suggestion and help. We will review and revert .
>
> Thanks again.
> R
Hello,
- server.xml templating + docker: nice solution Martynas, we are doing
basically the same but with shell envsubst
- TC virtual-host creation: perhaps you can make use of the
https://tomcat.apache.org/tomcat-9.0-doc/html-host-manager-howto.html
Cheers,
Luis
El mié, 24 feb 2021 a las 0:51,
04 (fully
> qualified), but only http, not https. The browser shows "This site
> can’t provide a secure connection" and not much from chrome inspect:
> request: "Referrer Policy: strict-origin-when-cross-origin"
> response: "Failed to load response data"
>
Hello Rob,
Do you have a stacktrace or error message that you can share?
Cheers,
Luis
El lun, 15 feb 2021 a las 1:26, Rob Sargent ()
escribió:
> Yep, me again.
>
> Inching along here, unable as yet to re-create ssl traffic when not on
> localhost. Moving from my basement (localhost) where s
Hello Suvendu,
I've never used the
"org.apache.catalina.mbeans.JmxRemoteLifecycleListener", I would advise you
to continue using the JVM startup options for JMX [1]
Martynas: the JPDA port is using to enable debugging in your java process
and be able to connect to it, e.g. via your favourite IDE.
, 14 ene 2021 a las 17:04, Mark Thomas () escribió:
> On 14/01/2021 15:52, Luis Rodríguez Fernández wrote:
> > Hello there,
> >
> > I am trying to enable debug for
> > the org.apache.catalina.authenticator.SingleSignOn valve. In my
> > ${CATALINA_BASE}/c
Hello there,
I am trying to enable debug for
the org.apache.catalina.authenticator.SingleSignOn valve. In my
${CATALINA_BASE}/conf/logging.properties I have set
java.util.logging.ConsoleHandler.level = ALL
.../...
org.apache.catalina.authenticator.SingleSignOn.level = ALL
In my ${CATALINA_BASE}/
Hello there,
Sounds good!
For the authentication of our tomcat applications we rely on a SSO solution
(keycloak) using standards like SAML and OpenIDConnect. Maybe a session
about this can fit in the event. I would be interested in what other folks
are doing in this field.
Thanks,
Luis
E
Hello Chris,
I can suggest you Keycloak [1]. It supports OIDC (extension of OAUTH2) [2],
it has adapters for apache tomcat [3] and it is quite easy to start with. I
made a little proof of concept protecting the good and old /manager tomcat
application using the "Client Credentials Flow". My setup
Hello David,
That error usually happens when the java process (tomcat) can not access
the truststore file. May I ask you to check permissions and ownership of
the truststore file? You can always add -Djavax.net.debug=all to your
CATALINA_OPTS, it will give you way more information about the issue.
Hello Chris,
Yes, I do agree that / docs do not look very
clear. We after different test ended up with configurations like this one
(${CATALINA_BASE}/conf/context.xml)
or this other one (${CATALINA_BASE}/conf/catalina.properties)
tomcat.util.scan.StandardJarScanFilter.jarsToSkip=*.*
for d
Hello Naveen,
Recently we have had a similar issue migrating a webapp from another
application server to tomcat. We solved it specifying
UTF-8 in the
web.xml descriptor.
You can read here [1] the long story :)
Hope it helps,
Luis
[1] https://cwiki.apache.org/confluence/display/TOMCAT/Character
Hello Abirami,
Well, strict does what it promises, so if those third-party rest services
were expecting some cookies that now are not being sent by the browser, it
is normal that they do not work as expected.
Internal implementation: sure! You can always have a look at the code of
the different C
Hello Amit,
Well, your approach will work. Personally, I do not like very much to parse
logs. We, for instance, in our tomcat instances we provide an application
that queries the status of the deployed apps, see below.
If you have control in the code of "AAA" application I would suggest you
to i
Hello Jonathan,
It is not exactly the same :), look at the "$2" appended at the end.This is
an "anonymous inner class" [1]
Cheers,
Luis
[1]
https://stackoverflow.com/questions/11388840/java-compiled-classes-contain-dollar-signs
El vie., 8 may. 2020 a las 11:52, Jonathan Yom-Tov (<
jonathan.yo
Hello AjChen,
Here [1] you can find an example of how I configured log4j2 in tomcat 9.
You can skip all the bla, bla, bla and go directly to the gitthub repo [2]
and run the example to have a look at the configuration.
Note: I've been running like this for a while in production, but I do think
th
Hello Krishna,
Me I would point my JRE_HOME or JAVA_HOME to the new installation. You can
have a look at the section 3.2 of the RUNNING.txt [1]
Hope it helps,
Luis
[1] https://tomcat.apache.org/tomcat-9.0-doc/RUNNING.txt
El mié., 6 may. 2020 a las 11:01, André Warnier (tomcat/perl) (<
a...
Hello Megha,
I am afraid that with that information you can not be sure if your webapp
has been deployed or not. Maybe you can have a look at the manager app of
your tomcat [1] instance (http://localhost:8080/manager), or query for the
state of the applications using the jmxproxyservlet (
http://l
Hello Kushagra,
Regarding the supported platform matrix [1] it looks like the tomcat
version should be Tomcat 8.5.28
Hope it helps,
Luis
[1]
https://docs.alfresco.com/process-services1.10/concepts/supported-platforms.html
El jue., 9 abr. 2020 a las 9:53, Kushagra Bindal ()
escribió:
> Hi
Hello Arnaud,
If jmxproxy does not work for you perhaps you can give a try to jolokia
[1]. It accepts JSON POST requests [2] that can implement your scenario.
The installation is quite straight-forward, simply deploy it as a .war or
attach it as an agent to your JVM.
Hope it helps,
Luis
[1] htt
Grande Brian, congrats!
Sorry, I've just read your message, a bit late to the party: time ago I had
cooked a tomcat9 container + log4j2 with a sample spring-boot app deployed.
You can have a look here [1]
Cheers,
Luis
[1]
https://db-blog.web.cern.ch/blog/luis-rodriguez-fernandez/2019-03-keeping
Hello Stephane,
> moving authentication at tomcat level with an openid Realm
If I understand you correctly you want to make the authentication process
in tomcat instead of delegating in your apache proxy, don't you ? I would
have a look then at the tomcat keycloak adapter [1]. Me I am using the S
Hello M. Manna,
I do think HttpSession.getAttributeNames(), HttpSession.getAttribute(name)
should be good enough for debugging your issue. You can have a look at the
good and classic examples servlet [1] included in every tomcat distribution.
If you want to be sure what server is serving your req
Hello Crista,
I do think that you can have more chances of get an answer for this in the
Oracle Community [1]
Anyway this is how our tns entries [2] looks like for our Oracle Databases:
TNS_ENTRY_1_PROD=(
DESCRIPTION=
Hello Léa,
mmm, this does not look like a tomcat issue. Perhaps you can find more help
to your issue in the eclipse mailing lists:
https://accounts.eclipse.org/mailing-list
Hope it helps,
Luis
El mié., 22 ene. 2020 a las 13:10, Lmhelp1 () escribió:
> Hello,
>
> I am using Tomcat v9.0 anddeploy
Hi Mark,
I 've been using tomcat for many years and the cases were I had to modify
the http connector defaults were very rare. I would go for the simplest
solution.
Hope it helps and thank you so mch to you and the rest of the
committers!
Luis
El jue., 12 dic. 2019 a las 6:25, Ari
Hello Jerry,
To be tested, but perhaps connectionProperties can help you on this? [1]
Hope it helps,
Luis
[1] https://tomcat.apache.org/tomcat-9.0-doc/jdbc-pool.html
El jue., 5 dic. 2019 a las 19:42, Jerry Malcolm ()
escribió:
> I'm trying to add some code to monitor my jdbc data connection p
Hello Tom,
Hard to say what´s happening without some realm logging. You can have a
look here [1].
Hope it helps,
Luis
[1]
https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat
El vie., 18 oct. 2019 a las 18:54, Tom Povey ()
escribió:
> Thanks Olaf,
>
> Typo in m
Hello M.Manna,
Yes, probably SESSIONS.ser can give you an idea. Maybe if you want to get
more accurate results perhaps you can
1. Do it yourself via JMX [1]
2. Give a try to psi-probe [2], it seems that it has everything that you
need
Hope it helps,
Luis
[1]
https://stackoverflow.com/questions
Hello Akram,
If you can not put the jars inside each webapp perhaps you could define a
shared.loader in your catalina.properties [1]. It works for us.
Hope it helps,
Luis
[1]
https://tomcat.apache.org/tomcat-9.0-doc/class-loader-howto.html#Advanced_configuration
El mar., 16 abr. 2019 a l
PS_INTL_FIELD_USER_MIA]
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.realm.RealmBase.hasResourcePermission No role found:
> TOPS_INTL_FIELD_USER_MIA
> > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8]
> org.apache.catalina.au
Hello Gary,
I would recommend you to add some debug to your JNDIReam [1]. For debugging
your ldap search filters ldapsearch can be your friend [2] :)
Hope it helps,
Luis
[1]
https://stackoverflow.com/questions/12311496/how-to-debug-realm-feature-in-tomcat
[2]
https://access.redhat.com/documenta
Hello Jerry,
Sure, you can always set the path of your cookies to "/" via the
cookie-config element [1] in your web.xml descriptor:
/
Or via your context.xml [2]
Hope it helps,
Luis
[1]
https://javaee.github.io/servlet-spec/downloads/servlet-4.0/servlet
Hello Jerry,
> I'm using single sign-on
Do you mean tomcat Single Sign On valve? [1], a third party solution or
your custom implementation? That can change the game completely :)
> some RewriteRules in httpd
Can you share them? That could change the game also :)
Cheers,
Luis
[1]
https://tomc
Hello Richard,
In my experience the best is to "start simple". I would have a look at the
apache tomcat doc [1], configure your pool with a minimal setup and test.
Everything depends on your application workload, how your queries looks
like, etc, so I am afraid that there are no "silver bullets"
Hello Peter,
I am bit confused: you get the forbidden error after a successful login in
the third party product? Is that third party product installed in a
different machine? Which product? Is any kind of SSO solution (keycloak,
Microsoft ASDF, OpenAM...)? May I ask you to describe a bit your scen
Hello Rajendra,
For instance if you are using MYSQL a validationQuery="l" in your
datasource configuration [1] plus the magic autoreconnect parameter in the
URL can do the trick for you. However this can have side effects (see the
mysql autoreconnect description).
In my experience the cheapest op
Thanks for sharing Chris.
BTW: I've checked the one in Berlin [1]. Do you have an idea when the call
for abstracts will be open?
Thanks in advance,
Luis
[1] https://apachecon.com/aceu19/index.html
El mié., 13 mar. 2019 a las 2:31, Christopher Schultz (<
ch...@christopherschultz.net>) escribió:
Hello Faisal,
It looks like your problem is more related with your hikari connection pool
than with tomcat itself. I would recommend you to double check your hikari
configuration properties. Pay specially attention on how you are
configuring your connection pool (minimum and maximum size, timeout,
Hello Arnaud,
mmm, nothing stops you from create your custom mbean interface that wraps
your datasource.
>From Tomcat 8.5 doc "The connection pool object exposes an MBean that can
be registered" [1] Perhaps you could start having a look here. Nevertheless
may I ask you what is your use case for t
Hello Adlet,
Regarding the deployment of spring in tomcat: I would recommend you to
keep the application libraries (spring and others) in your WEB-INF/lib. You
can have a look at this fantastic tutorial [1].
About websockets: keep in mind that tomcat has out-of-the-box websocket
support. Neverth
Hello Richard,
Yes, Christopher is right, with such configuration all the requests will be
upgraded to ws. Digging down in my old apache conf I found something like
this:
ProxyPass /WinCCOAWebUI/ui
ws://db-00032:13122/WinCCOAWebUI/ui
ProxyPassReverse /WinCCOAWebUI/
Hello Christophe,
Very interesting, thanks!
Would it be possible in your scenario to export the certificates from the
wallet and import them to a different keystore (PCKS12 or JKS)? You can
have a look at [1]
Hope it helps,
Luis
[1]
https://blogs.oracle.com/dev2dev/ssl-connection-to-oracle-db-
Hello Baron,
There are no dumb questions, no worries :)
Are you referring to the $CATALINA_BASE/conf/web.xml by chance? This is the
default web.xml [1] that defines default values for all the webapps
deployed in your tomcat server. Me personally I rarely modify it.
Me, as a sample web.xml I usu
Hello Ian,
Perhaps you are trying something like this? <%@ page
import="java.lang.Math" %>
You have very nice and simple jsp examples inside the examples application
of any tomcat distribution. E.g.
${CATALINA_BASE}webapps/examples/jsp/tagplugin/foreach.jsp
Hope it helps,
Luis
El vie., 12 oct
Hello Christopher,
It makes sense, thank you very much for your advice!
Cheers,
Luis
El lun., 1 oct. 2018 a las 20:39, Christopher Schultz (<
ch...@christopherschultz.net>) escribió:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Luis,
>
> On 10/1/18
Hello Loai,
Agree with Christopher, you have to fix your client. Just get the root
Certificate Authority public key and import it in your client truststore.
If you did not change it the client (java) the default keystore is located
in $JAVA_HOME/jre/lib/security/cacerts. Something like:
keytool
Hello Karen,
May I ask you what exactly you try to do:
- Deploy locally
- Deploy remotely
- Debug locally
- Debug remotely
- Other...
Eclipse version? Other plugins or tools (e.g. maven)?
Thanks,
Luis
El sáb., 22 sept. 2018 a las 0:52, Igal Sapir ()
escribió:
> On 9/21/2018 12:45 PM, André W
Cool, thanks! +1 for the makebase utility!
Cheers,
Luis
El mié., 5 sept. 2018 a las 12:26, Ivan Serdyuk (<
local.tourist.k...@gmail.com>) escribió:
>
> https://www.facebook.com/pg/Kyiv-Scala-Group-223492434893596/posts/?ref=page_internal
> -
> posted here.
>
> On Wed, Sep 5, 2018 at 1:16 PM Iva
Hello Chris,
Definitely you have to increase the logging level. If your tomcat instance
is using JULI and you suspect from struts perhaps you could try to increase
the debugging level of struts in your
$CATALINA_BASE/conf/logging.properties:
org.apache.struts.level=FINE or FINEST
Hope it helps,
Hello Noel,
mmm, perhaps you could consider to use spring-boot for this. It provides a
nice out-of-the-box embedded tomcat:
https://spring.io/blog/2014/03/07/deploying-spring-boot-applications
Hope it helps,
Luis
2018-08-03 7:06 GMT+02:00 noel joseph :
> Hey Chris,
>
> This is my code...
>
> p
Hello Masber,
In order to get accurate answers it would be helpful if you could provide
details like:
- Platform details: OS, jdk/jre, apache-tomcat version...
- "I went through documentation" which one? perhaps
https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#CORS_Filter
- "my web cli
Hello Alain,
/Library/Tomcat/bin/catalina.sh jpda start should be good enough. If you
have a look at the tomcat command line process are the JPDA options
enabled? E.g.:
$ $CATALINA_HOME/bin/catalina.sh jpda start
$ ps -ef | grep --color dt_socket
lurodrig 13522 2883 6 13:58 pts/500:00:04
Hello Alex,
It looks like you are missing the getSession() method there:
HttpServletRequest#getSession()#setAttribute("mykey", clientObjectHere);
please have a look at [1]
Hope it helps,
Luis
[1]
https://tomcat.apache.org/tomcat-9.0-doc/servletapi/javax/servlet/http/HttpServletRequest.html#getS
Hello Danesh
Perhaps you could look for any of your tomcat connector ports, ask for the
process that is listening and kill it:
$ ppid=`lsof -i:8080 -Fp | grep p`
$ pid=`echo ${ppid#p*}`
$ kill $pid
Probably you can find something more elegant but the idea could be this
one...
Hope it helps,
Lu
Hello Sandeep,
Both keycloack saml adapter [1] or the servlet filter[2] work for me
out-of-the-box.
I am using tomcat 9.0.5
Cheers,
Luis
[1]
https://www.keycloak.org/docs/latest/securing_apps/index.html#_saml-tomcat-adapter
[2]
https://www.keycloak.org/docs/latest/securing_apps/index.html#jav
Hello Arnold,
In this type of issues you should get something like this in the
catalina.out:
ERROR
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager] -
HTMLManager: FAIL - Deploy Upload Failed, Exception:
[org.apache.tomcat.util.http.fileupload.FileUploadBase$SizeLimitExceed
Hello Laurie,
I do think that you are missing your cn in the query:
/usr/bin/ldapsearch -x -h myhost.com -b "OU=Workgroups,DC=cern,DC=ch"
"(member:X.X.XXX.X.X.X.:=cn=lurodrig,ou=users,ou=organic
units,DC=myorganization,dc=com)" cn
Hope it helps,
Luis
2018-05-22 22:34 GMT+02:00 Laurie
Hello Chris,
You can have a look here:
https://logging.apache.org/log4j/2.x/log4j-appserver/index.html
Hope it helps,
Luis
2018-05-18 19:55 GMT+02:00 George Stanchev :
> Depends on what you're asking. If you're asking to use log4j to capture
> Tomcat logging, then the answer is - you can't but
Hello Xavier,
Perhaps you can have a look here:
https://wiki.apache.org/tomcat/Specifications.
Me, I have:
javax
javaee-web-api
7.0
provided
Hope it helps,
Luis
2018-05-09 16:35 GMT+02:00 Xavier Dupont :
> Hi guys.
>
> If I want t
Hello Martin,
If you use the default tomcat logging [1] probably setting
org.apache.catalina.ha.level = FINE or FINEST
in your $CATALINA_BASE/conf/logging.properties will give you the
information you need.
Hope it helps,
Luis
[1] https://tomcat.apache.org/tomcat-7.0-doc/logging.html
2
Empty while, simple and beautiful!
Agree on that. I did not think about the examples exposure...
Thanks!
2018-04-24 15:29 GMT+02:00 Mark Thomas :
> On 23/04/18 14:42, Luis Rodríguez Fernández wrote:
> > Hello Mark,
> >
> > Thank you for sharing the materials!
> >
&
Hello Mark,
Thank you for sharing the materials!
https://apache.github.io/tomcat-training/courses/tomcat-for-administrators.html#/132
Do you have such .jsp anywhere? Would it make sense to add it as part of
the /examples/jsp/ of tomcat distribution?
Thanks in advance,
Luis
2018-04-23 15:15 GMT
Hello Zahi,
As it is said in http://tomcat.apache.org/lists.html "Please format your
messages as plain text, not HTML. Do not send attachments, as they are
likely to be removed and ignored by the mailing list server."
Just copy and paste the content of your xml files should be enough :)
Cheers,
cher <
felix.schumac...@internetallee.de>:
> Hi Luis,
>
>
> Am 05.04.2018 18:50, schrieb Luis Rodríguez Fernández:
>
>> Hello Suvendu,
>>
>> May I ask you to share your JNDIRealm configuration?
>>
>> For me something like this
Hello Suvendu,
May I ask you to share your JNDIRealm configuration?
For me something like this works:
Hope it helps,
Luis
2018-04-05 15:32 GMT+02:00 Suvendu Sekhar Mondal :
> Hello Everyone,
>
> Recently in one of our environments I am seeing following log in
> Catalina.out. It seem
:
cern.ch.sso.sp.filters.decorators.SsoAisFilter
And yes, in the past I used to turn it off, leaving only the catalina.out
and catalina. $(date).log
Cheers,
Luis
2018-04-03 14:56 GMT+02:00 Coty Sutherland :
> On Tue, Apr 3, 2018 at 8:47 AM, Luis Rodríguez Fernández
> wrote:
> > Hello there,
> >
> > I'
Hello there,
I've realized that if I make a typo in my declaration I get
something in the catalina.out like:
Apr 03, 2018 2:27:01 PM org.apache.catalina.core.StandardContext
startInternal
SEVERE: One or more Filters failed to start. Full details will be found in
the appropriate container log fil
73 matches
Mail list logo
