Hi calder,
> Am 13.05.2020 um 04:59 schrieb calder :
>
> On Tue, May 12, 2020, 21:48 kohmoto wrote:
>
>> Hi, Calder,
>>
>> Thank you for your prompt reply.
>> I think Tomcat binary files all have root priviledges.
>> Should these priviledges should be changed to user priviledges?
>>
>
>
>
Hi, Calder,
Thank you again for your prompt reply.
I will study these documents you kindly shows.
Thank you.
Yours truly,
Kazuhiko Kohmoto
On 2020/05/13 11:59, calder wrote:
Yes.
There is a "Tomcat Security" guide at the Tomcat website.
Also, Mulesoft has a good guide
https://www.mulesof
On Tue, May 12, 2020, 21:48 kohmoto wrote:
> Hi, Calder,
>
> Thank you for your prompt reply.
> I think Tomcat binary files all have root priviledges.
> Should these priviledges should be changed to user priviledges?
>
Yes.
There is a "Tomcat Security" guide at the Tomcat website. Also, Mules
Hi, Calder,
Thank you for your prompt reply.
I think Tomcat binary files all have root priviledges.
Should these priviledges should be changed to user priviledges?
Your truly,
Kazuhiko Kohmoto
On 2020/05/13 11:17, calder wrote:
If TC, running as root, is ever compromised, the compromising user
On Tue, May 12, 2020, 19:58 kohmoto wrote:
>
> On 2020/05/13 0:47, John Larsen wrote:
> > I wouldnt recommend running tomcat as root
>
> Actually I run Tomcat as root. Your recommendation seems
> against my practice. It would be appreciated if you would
> advice me about points not running as roo
Hi, John,
Actually I run Tomcat as root. Your recommendation seems
against my practice. It would be appreciated if you would
advice me about points not running as root.
Thank you.
Yours truly,
Kazuhiko Kohmto
On 2020/05/13 0:47, John Larsen wrote:
I wouldnt recommend running tomcat as root
On Tue, May 12, 2020 at 4:30 PM Patrick Baldwin
wrote:
> On Tue, May 12, 2020 at 5:13 PM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
[snip]
> > There is no catalina.sh that I can find. When I googled that, I found:
> https://forums.centos.org/viewtopic.php?t=54207
> > You shoul
On Tue, May 12, 2020 at 5:13 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Patrick,
>
> On 5/12/20 17:08, Patrick Baldwin wrote:
> > 102$ sudo service tomcat start Redirecting to /bin/systemctl start
> > tomcat.service
>
> Uhh
On Tue, May 12, 2020, 16:13 Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Patrick,
>
> On 5/12/20 17:08, Patrick Baldwin wrote:
> > 102$ sudo service tomcat start Redirecting to /bin/systemctl start
> > tomcat.service
>
> Uhh, do
On Tue, May 12, 2020, 16:08 Patrick Baldwin
wrote:
> On Tue, May 12, 2020 at 5:07 PM calder wrote:
>
> > On Tue, May 12, 2020, 15:49 Patrick Baldwin
> > wrote:
> >
> > > I turned off systemd for tomcat:
> > >
> > > 84$ sudo systemctl disable tomcat
> >
> > [ snip ]
> >
> > > Restarted tomcat,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Patrick,
On 5/12/20 17:08, Patrick Baldwin wrote:
> 102$ sudo service tomcat start Redirecting to /bin/systemctl start
> tomcat.service
Uhh, doesn't that just call systemd?
Are you sure it's restarting at all?
If you launch Tomcat with catalina.s
102$ sudo service tomcat start
Redirecting to /bin/systemctl start tomcat.service
On Tue, May 12, 2020 at 5:07 PM calder wrote:
> On Tue, May 12, 2020, 15:49 Patrick Baldwin
> wrote:
>
> > I turned off systemd for tomcat:
> >
> > 84$ sudo systemctl disable tomcat
>
>
>
> [ snip ]
>
> > Restarte
On Tue, May 12, 2020, 15:49 Patrick Baldwin
wrote:
> I turned off systemd for tomcat:
>
> 84$ sudo systemctl disable tomcat
[ snip ]
> Restarted tomcat, and it still runs for about 2 minutes then throws
that java.lang.OutOfMemoryError: Java heap space error and dies.
And how are you star
I turned off systemd for tomcat:
84$ sudo systemctl disable tomcat
[sudo] password:
Removed symlink /etc/systemd/system/multi-user.target.wants/tomcat.service.
Verified the setenv.sh file:
93$ ls -l /usr/share/tomcat/bin/setenv.sh
-rw-rw-r--. 1 root tomcat 110 May 11 12:56 /usr/share/tomcat/bin/
Chris,
On 5/12/2020 1:25 PM, Christopher Schultz wrote:
> Mark,
>
> On 5/12/20 16:14, Mark Eggers wrote:
>> Chris,
>
>> On 5/12/2020 12:55 PM, Christopher Schultz wrote:
>>> Jonathan,
>>>
>>> On 5/12/20 11:20, Jonathan Yom-Tov wrote:
The problem is that my application is running on AWS whic
On Tue, May 12, 2020, 13:48 calder wrote:
>
> [ snip ]
>
Does their Tomcat use Systemd?
> If yes, then look for the Systemd unit file - default should be
> /etc/systemd/system/tomcat.service
> that's where they will add an entry like (or modify the existing)
> [ ... ]
> Environment='CATALIN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 5/12/20 16:14, Mark Eggers wrote:
> Chris,
>
> On 5/12/2020 12:55 PM, Christopher Schultz wrote:
>> Jonathan,
>>
>> On 5/12/20 11:20, Jonathan Yom-Tov wrote:
>>> The problem is that my application is running on AWS which
>>> apparently does
The permission change is a temporary one while we try and figure out why
this isn't working.
On Tue, May 12, 2020 at 4:07 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> John, Patrick,
>
> On 5/12/20 11:47, John Larsen wrote:
>
Chris,
On 5/12/2020 12:55 PM, Christopher Schultz wrote:
> Jonathan,
>
> On 5/12/20 11:20, Jonathan Yom-Tov wrote:
>> The problem is that my application is running on AWS which
>> apparently doesn't support multicasting so I can't use Tomcat's
>> DeltaManager.
>
> The membership-manager is separ
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
John, Patrick,
On 5/12/20 11:47, John Larsen wrote:
> Should be chmod 644 and also I wouldnt recommend running tomcat as
> root.
It's not clear that Tomcaat is running as root, but it IS clear that
setenv.sh is writable by ANYBODY and likely run by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jonathan,
On 5/12/20 14:19, Jonathan Yom-Tov wrote:
> Thanks Mark. I've tried to use Redisson, it would've been the
> perfect solution for this except for the fact that my session
> object is a deep tree which is mutated in many areas of the code.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jonathan,
On 5/12/20 11:20, Jonathan Yom-Tov wrote:
> The problem is that my application is running on AWS which
> apparently doesn't support multicasting so I can't use Tomcat's
> DeltaManager.
The membership-manager is separate from the replicati
On Tue, May 12, 2020 at 10:28 AM Patrick Baldwin
wrote:
>
> I've gotten passed an odd (to me, anyway) issue with one of our clients
> CentOS systems.
>
> When our webapp starts running, tomcat dies shortly thereafter with an
> OutOfMemoryError. This apparently just started a few days ago.
>
> Sys
On 12/05/2020 18:38, Jonathan Yom-Tov wrote:
> I'm trying to use PersistentManager with FileStore to load sessions from
> disk. Serialization goes ok but when the session is loaded I get an
> exception deserializing one of my application's classes.
>
> [2020-05-12 09:08:52] [SEVERE] Session:
> 632
Thanks Mark. I've tried to use Redisson, it would've been the perfect
solution for this except for the fact that my session object is a deep tree
which is mutated in many areas of the code. So what happens is that as one
request is changing the session state another will persist its session to
Redi
Jonathan,
On 5/12/2020 8:20 AM, Jonathan Yom-Tov wrote:
> The problem is that my application is running on AWS which apparently
> doesn't support multicasting so I can't use Tomcat's DeltaManager. I
> thought of using one of the Store implementations for
PersistentManager but
> that has the issues
I'm trying to use PersistentManager with FileStore to load sessions from
disk. Serialization goes ok but when the session is loaded I get an
exception deserializing one of my application's classes.
[2020-05-12 09:08:52] [SEVERE] Session:
6325A48BA1D2FC79105C7F4B0A76CB74.worker1;
java.lang.ClassNot
Should be chmod 644 and also I wouldnt recommend running tomcat as root.
John Larsen
On Tue, May 12, 2020 at 9:28 AM Patrick Baldwin
wrote:
> I've gotten passed an odd (to me, anyway) issue with one of our clients
> CentOS systems.
>
> When our webapp starts running, tomcat dies shortly there
Thanks!
Dream * Excel * Explore * Inspire
Jon McAlexander
Asst Vice President
Middleware Product Engineering
Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508
jonmcalexan...@w
I've gotten passed an odd (to me, anyway) issue with one of our clients
CentOS systems.
When our webapp starts running, tomcat dies shortly thereafter with an
OutOfMemoryError. This apparently just started a few days ago.
System info:
Tomcat Version: Apache Tomcat/7.0.76
JVM version: 1.8.0_191-
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.55.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers t
On 12/05/2020 16:12, jonmcalexan...@wellsfargo.com.INVALID wrote:
> Is 8.5.55 also coming today?
It is. Just writing the announcement.
Mark
>
>
> Dream * Excel * Explore * Inspire
> Jon McAlexander
> Asst Vice President
>
> Middleware Product Engineering
> Enterprise CIO | Platform Services
The problem is that my application is running on AWS which apparently
doesn't support multicasting so I can't use Tomcat's DeltaManager. I
thought of using one of the Store implementations for PersistentManager but
that has the issues which I mentioned earlier. My aim is to get to the
point where I
Is 8.5.55 also coming today?
Dream * Excel * Explore * Inspire
Jon McAlexander
Asst Vice President
Middleware Product Engineering
Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2
There is typo in title: should be 9.0.35
(from mobile, sorry for typos)
On Tue, May 12, 2020, 22:09 Mark Thomas wrote:
> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 9.0.35.
>
> Apache Tomcat 9 is an open source software implementation of the Java
> Servlet, Ja
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.35.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.35 is a bugfix and feat
On 12/05/2020 15:47, Garret Wilson wrote:
> Thanks for the announcement.
>
> Is there any rough timeline or roadmap for a stable and/or release
> version of Tomcat 10? (Sorry if this has been discussed here already.)
That depends on the timeline for Jakarta EE 9. Once that has a final
release (ho
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jonathan,
On 5/12/20 05:51, Jonathan Yom-Tov wrote:
> I have an application which changes the state of user sessions in
> lots of places in the code. Is it possible to do a seamless switch
> of Tomcat servers, preserving all sessions?
>
> I know I c
Thanks for the announcement.
Is there any rough timeline or roadmap for a stable and/or release
version of Tomcat 10? (Sorry if this has been discussed here already.)
I'm in no rush. I just have an application with embedded Tomcat which is
due for another release soon, and I wondered whether
It was actually one of mine. I put a jar file under lib/ that I forgot had
the offending class packaged into it.
On Tue, May 12, 2020 at 5:13 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Jonathan,
>
> On 5/8/20 15:03, Jona
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jonathan,
On 5/8/20 15:03, Jonathan Yom-Tov wrote:
> Got it! Using http://jhades.github.io/ it was quick and easy to
> find out that the offending class was indeed loaded from two
> different jar files. After I removed one of them casting worked
> w
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.0.0-M5.
Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specificat
I have an application which changes the state of user sessions in lots of
places in the code. Is it possible to do a seamless switch of Tomcat
servers, preserving all sessions?
I know I can use PersistentManager to persist sessions and load them. I can
think of two strategies:
1. Persist sessi
43 matches
Mail list logo
