Tomcat version: 8.0.24
OS RHEL 6.6
Just one war file (ascws.war) is deployed under it. We are seeing
intermittent failure while deploying war file, tomcat logs indicates (zip
file is empty) exception is mentioned below.
We have verified file is correct (non zero), and only way to recover from
er
Hi.
I have been following this thread loosely, and I have nothing about Tomcat authentication
per se, but maybe now may be the moment to suggest another approach : why not use an
Apache httpd as a front-end to Apache Tomcat, do the user authentication/authorization at
the Apache httpd level (i
I have Tomcat 7.0.42 on a Windows 2008R2 server. I’m pretty new to Tomcat.
It uses Java JDK and is configured with a standard JSSE SSL certificate.
How do I upgrade Java on an existing Tomcat server? All the documentation
is for configuring new installations.
I can repeat the whole installa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hardy,
On 9/10/15 5:08 PM, Pottinger, Hardy J. wrote:
> I can see in our log files that we log the session ID as part of
> the authentication process so it's probable that our
> authentication code needs a bit more work to accommodate the
> chan
I can see in our log files that we log the session ID as part of the
authentication process so it's probable that our authentication code needs
a bit more work to accommodate the changing session ID. I'll see if I can
figure it out.
From: Christopher
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hardy,
On 9/10/15 3:36 PM, Pottinger, Hardy J. wrote:
>> putting Serializable objects in the session is surely a good
>> idea in general.
>
> I agree, especially, as you mention, if we intend to distribute
> sessions among various containers.
>
>
"Feel free to do that. You'll have to implement a lot of plumbing code
yourself to use Apache Shiro. (It seems like Tomcat ought to support
Shiro, eh? Maybe we should get together with them to build an
out-of-the-box configurable component in Tomcat)."
Well I don't know that but you people could t
>putting Serializable objects in the session is surely a good idea
>in general.
I agree, especially, as you mention, if we intend to distribute sessions among
various containers.
>Tomcat's session-fixation-prevention amounts to changing the session
>identifier while keeping the session in-tact.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hardy,
On 9/10/15 1:00 PM, Pottinger, Hardy J. wrote:
> The session attribute we are creating to hold the flag to indicate
> the session is "interrupted"... is not serializable... which I
> think means that, when the new session is created as part o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jeffrey,
On 9/10/15 12:26 PM, Jeffrey Janner wrote:
> Thanks for all the help guys. I think I've sussed out what is
> going on here. Now just have to get the Dev guys to address it.
>
> After spending a good bit of time clearing and watching cooki
Hi, in helping a colleague diagnose another problem for another servlet, I was
using PsiProbe, and I noticed that it has session diagnostics. Doh! I promptly
fired up PsiProbe on my Tomcat server, returning to this JSESSIONID issue, and
watched the session get created as part of a password chall
> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
> Subject: RE: Multiple JSESSIONID cookies being presented.
> I checked the error.jsp file and it does have session=true set, and if the
> icon file
> is missing, the error.jsp is definitely being sent.
> So it looks like the possible
On 10-09-15 17:43, Christopher Schultz wrote:
> Martijn,
>
> On 9/10/15 7:39 AM, Martijn Bos wrote:
>> I think I "solved" it myself.
>
>> My problem was that when I deployed a webaap on one of the
>> cluster-members it didn't get deployed on the other member. I did
>> this with the manager web
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Wednesday, September 09, 2015 1:50 PM
> To: Tomcat Users List
> Subject: Re: Multiple JSESSIONID cookies being presented.
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Jeffrey,
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 9/10/15 8:10 AM, Sreyan Chakravarty wrote:
> Yes but that requires implementing your own credential handler.
Sorry, I thought you had implemented your own credential handler.
> But the default one will still have the bug.
Oh, I was jus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Martijn,
On 9/10/15 7:39 AM, Martijn Bos wrote:
> I think I "solved" it myself.
>
> My problem was that when I deployed a webaap on one of the
> cluster-members it didn't get deployed on the other member. I did
> this with the manager web-applicat
On 9/9/2015 8:46 AM, shi wrote:
Hi gurus,
We have a website running at a tomcat. Its web pages looks good.
Recently, we, however, find some of web pages contain the filthy AD at the
bottom of the page.
Here are the ways this could be happening:
1. Your server is compromised and it's your s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 9/9/15 9:43 PM, Pottinger, Hardy J. wrote:
> It doesn't matter which Authenticator is installed, they all behave
> the same way. The user name from httpd is used to populate the
> remote user name and the user principal and the user princip
Reported as Bug 58244 - two way SSL loses client certificate after a few
requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=58244
David Balažic
> -Original Message-
> From: David Balažic
> Sent: 7. August 2015 17:38
> To: users@tomcat.apache.org
> Subject: Firefox SSL with APR - l
Yes but that requires implementing your own credential handler. But the
default one will still have the bug. Right now I am thinking of using an
authentication framework like Apache Shiro.
On Thu, Sep 10, 2015 at 1:48 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP
Hi all,
I think I "solved" it myself.
My problem was that when I deployed a webaap on one of the
cluster-members it didn't get deployed on the other member.
I did this with the manager web-application.
However when I drop a war-file in the watchDir of the farmWarDeployer it
gets deployed to the
21 matches
Mail list logo
