Re: How to turn up logging for tomcat-embed-core in SpringBoot

I've managed to find a solution that works. The info I found has me using the "log4j-jul" bridge (and excluding spring-boot-starter-logging from spring-boot-starter-web), which redirects from jul to log4j, which effectively redirects to logback, which allows me to configure loggers in the same plac

Re: How to resolve 403 forbidden error in Tomcat level

Jagadish, On 8/30/24 10:52, jagadish sahu wrote:> Please find the attached text screenshot as you requested. Okay, I'm going to be perfectly honest: I'm not going to download and read all those attachments. That's why I asked for plain-text. If someone else is willing to go through all that

Re: How to resolve 403 forbidden error in Tomcat level

Jadgish, please don't attach any .doc- or similar files. Don't send screenshots of text. Send texts within the body of the email. Sebastian On 03.09.2024 17:05, jagadish sahu wrote: Hi Team, Any update on this? Thanks, Jagadish On Fri, Aug 30, 2024 at 8:22 PM jagadish sahu wrote: Hi Ch

Re: How to resolve 403 forbidden error in Tomcat level

Hi Team, Any update on this? Thanks, Jagadish On Fri, Aug 30, 2024 at 8:22 PM jagadish sahu wrote: > Hi Christopher and Team, > > Please find the attached text screenshot as you requested. > > Thanks, > Jagadish > > > > > On Fri, Aug 30, 2024 at 3:37 AM Christopher Schultz < > ch...@christophe

Re: How to resolve 403 forbidden error in Tomcat level

Jadgish, This list does not accept image attachments. We are not seeing what you are posting. Please post text-only. -chris On 8/29/24 11:01, jagadish sahu wrote: Hi Team and Christopher, We have attached a 403 error screenshot with full information. The error seems to be generated from Tom

Re: How to resolve 403 forbidden error in Tomcat level

Hi Team and Christopher, We have attached a 403 error screenshot with full information. The error seems to be generated from Tomcat level. We don't have any changes in the java code and our application is working as expected in Tomcat 9.0.14. After upgrading to latest version Tomcat,we have been

Re: How to resolve 403 forbidden error in Tomcat level

Jagdesh, On 8/29/24 06:29, jagadish sahu wrote: We have tested our application in Apache tomcat 9.0.14. It is working as expected, After upgrading from 9.0.14 to the latest versions it is not working.   When we leave the session for 30 mins, we will get some warning like due to an inactive

Re: How to resolve 403 forbidden error in Tomcat level

http://www.catb.org/~esr/faqs/smart-questions.html On 28/08/2024 17:02, jagadish sahu wrote: Hi Team, I am getting an error 403 forbidden error in my application. I want to fix errors in Tomcat level. Anything I need to change in tomcat level. I am using tomcat 9.0.91. Thank you Jagadish

Re: How to Prevent Dynamic Code manipulation via Java Attach API for Tomcat

Bhavesh, On 8/15/24 14:49, Bhavesh Mistry wrote: I recently came to know that with Java Attach API, anyone with access can attach to a local process and manipulate Java Byte code. For example, password harvesting is attached to the Filter Chain. https://github.com/rebeyond/memShell What I foun

Re: How to Prevent Dynamic Code manipulation via Java Attach API for Tomcat

There's just so many bad practices here... First, a production machine should not have debugging enabled. Problem solved. Second, a development machine with debugging enabled should not be exposed to the internet. Problem solved. Next, someone would have to gain access to the machine to do

Re: How to Call a Java Class in JSP

Many thanks Sebastian, I was over-complicating what appears to be a fairly straightforward matter. Alan. On 03/08/2024 17:51, Sebastian Trost wrote: Alan, On 03.08.2024 18:19, Alan Masters wrote: This is the extract from the logs:     03-Aug-2024 15:15:16.500 SEVERE [http-nio-8080-exec-10

Re: How to Call a Java Class in JSP

> On Aug 3, 2024, at 11:51, Sebastian Trost > wrote: > > On 03.08.2024 18:19, Alan Masters wrote: >> >> This is the extract from the logs: >> >>03-Aug-2024 15:15:16.500 SEVERE [http-nio-8080-exec-10] >>org.apache.catalina.startup.ExpandWar.copy Error copying >>[C:\Program >>

Re: How to Call a Java Class in JSP

Alan, On 03.08.2024 18:19, Alan Masters wrote: This is the extract from the logs: 03-Aug-2024 15:15:16.500 SEVERE [http-nio-8080-exec-10] org.apache.catalina.startup.ExpandWar.copy Error copying [C:\Program Files\apache-tomcat-9.0.91\apache-tomcat-9.0.91\webapps\Downloads\Calc

Re: How to Call a Java Class in JSP

Thanks Sebastian, I created the WAR file using the Eclipse Export to WAR file with the project selected This is the extract from the logs: 03-Aug-2024 15:15:16.500 SEVERE [http-nio-8080-exec-10] org.apache.catalina.startup.ExpandWar.copy Error copying [C:\Program Files\apache-tomc

Re: How to Call a Java Class in JSP

Alan, On 03.08.2024 17:33, Alan Masters wrote: Hello, I am attempting to revise on JSP which I used as a full time developer before my retirement over 8 years ago. The article How to Call a Java Class in JSP

Re: how to use provider with java 18 , différent from java 11

Aughra, On 7/27/24 10:32, aughra wrote: Hello everyone, Maybe this question has been asked many times, but I have a problem that I can't find a solution for,. To summarize, I have: A Java program WAR on Tomcat, and Tomcat must contain a provider to call an encryption module to obtain keys.

Re: How to comment out JSP directives

Those are XML / HTML comments. Try using JSP comments to wrap what you want to comment out: <%-- --%> On Tue, Jul 2, 2024 at 4:40 PM Aryeh Friedman wrote: > When I do the following the include is still done short of rewriting > it to not be a include how do I comment it out correctly: > > > >

Re: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS

set the certificateKeystorePassword and/or truststorePassword Connector attribute (as appropriate) to the empty string ("") " Note this last item. I'm not sure if it is required in your particular case. -chris --------

Re: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS

On 25/06/2024 14:27, Gavioto 🕵 wrote: - how are are starting Tomcat?   Tomcat is starting as a service with "Domain\account1$" (Managed Service Account) - is Tomcat installed as a Windows service?   Yes - which account is Tomcat running under?   "Domain\account1$" (Managed Service

RE: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS

15:27 Para: users@tomcat.apache.org Asunto: RE: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS - how are are starting Tomcat?   Tomcat is starting as a service with "Domain\account1$" (Managed Service Account) - is Tomcat insta

Re: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS

On Tue, Jun 25, 2024 at 9:14 AM david w wrote: I've had the same experience, but with a regular AD service account, not an > MSA. > The account needs to have local administrator rights for the certificate > to be found and used; setting ACL on the keystores is not enough. > 1) The standard on thi

Re: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS

esday, June 25, 2024 3:27:12 PM To: users@tomcat.apache.org Subject: RE: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS - how are are starting Tomcat?   Tomcat is starting as a service with "Domain\account1$" (Managed Service Accoun

RE: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS

ng to the user who is running the Tomcat Service. In this case, the Managed Service Account. De: Mark Thomas Enviado: martes, 25 de junio de 2024 12:51 Para: users@tomcat.apache.org Asunto: Re: How to configure Tomcat with a Managed Service Account when using

Re: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS

A few questions: - how are are starting Tomcat? - is Tomcat installed as a Windows service? - which account is Tomcat running under? There are a few references to "user" in your question. It is not clear if this is: - the user administering a Tomcat service - a user that is starting Tomcat f

RE: [EXT]Re: how to define database resource in just context.xml or server.xml

nt: Sunday, March 31, 2024 1:55 PM To: users@tomcat.apache.org Subject: Re: [EXT]Re: how to define database resource in just context.xml or server.xml On 29/03/2024 21:58, Christopher Schultz wrote: > Rick, > > On 3/29/24 14:33, Rick Noel wrote: >> Our application is really a sui

Re: [EXT]Re: how to define database resource in just context.xml or server.xml

want to provide the same resource link to all web applications rather than have to specify it in each web application. Mark -chris -Original Message- From: Christopher Schultz Sent: Friday, March 29, 2024 2:21 PM To: Tomcat Users List ; Rick Noel Subject: Re: [EXT]Re: how to d

Re: [EXT]Re: how to define database resource in just context.xml or server.xml

Users List ; Rick Noel Subject: Re: [EXT]Re: how to define database resource in just context.xml or server.xml Rick, On 3/29/24 11:56, Rick Noel wrote: If have the resource defined in CATALINA_BASE/conf/context.xml And CATALINA_BASE/conf/server.xml You really shouldn't have anything

RE: FW: [EXT]Re: how to define database resource in just context.xml or server.xml

: users@tomcat.apache.org Subject: Re: FW: [EXT]Re: how to define database resource in just context.xml or server.xml Rick, On 3/29/24 14:05, Rick Noel wrote: > Chris, > > I found I could use a ResourceLink element and put it in my context.xml file. > The name in that ResourceLink is

RE: [EXT]Re: how to define database resource in just context.xml or server.xml

List ; Rick Noel Subject: Re: [EXT]Re: how to define database resource in just context.xml or server.xml Rick, On 3/29/24 11:56, Rick Noel wrote: > If have the resource defined in > CATALINA_BASE/conf/context.xml > And > CATALINA_BASE/conf/server.xml You really shouldn't hav

Re: FW: [EXT]Re: how to define database resource in just context.xml or server.xml

rce" /> And snippet from my server.xml is. Rick Noel Systems Programmer | Westwood One rn...@westwoodone.com -Original Message- From: Rick Noel Sent: Friday, March 29, 2024 11:57 AM To: Tomcat Users List Subject: RE: [EXT]Re: how to define dat

Re: [EXT]Re: how to define database resource in just context.xml or server.xml

web.xml. Doing all this will make upgrading Tomcat much easier. -chris -Original Message- From: Christopher Schultz Sent: Friday, March 29, 2024 11:47 AM To: users@tomcat.apache.org Subject: [EXT]Re: how to define database resource in just context.xml or server.xml Rick, On 3/29/24 09:

FW: [EXT]Re: how to define database resource in just context.xml or server.xml

: [EXT]Re: how to define database resource in just context.xml or server.xml If have the resource defined in CATALINA_BASE/conf/context.xml And CATALINA_BASE/conf/server.xml Rick Noel Systems Programmer | Westwood One rn...@westwoodone.com -Original Message- From: Christopher Schultz Sent

RE: [EXT]Re: how to define database resource in just context.xml or server.xml

: [EXT]Re: how to define database resource in just context.xml or server.xml Rick, On 3/29/24 09:48, Rick Noel wrote: > Can someone tell me why I need to have my database source defined in > both my context.xml and server.xml? I thought we are suppose to define > it in only one locat

Re: how to define database resource in just context.xml or server.xml

Rick, On 3/29/24 09:48, Rick Noel wrote: Can someone tell me why I need to have my database source defined in both my context.xml and server.xml? I thought we are suppose to define it in only one location? It's definitely not a requirement to specify it in both places. I can only log into my a

Re: how to reload SSL certificates without restarting Tomcat

Jerry, On 3/11/24 14:51, Jerry Lin wrote: Hi Chris, There is also this: https://tomcat.apache.org/presentations.html#latest-lets-encrypt It's very LE-focused, but it shows you how to programmatically trigger a reload. Thanks for your presentation and script. We are using Let's Encrypt, so

Re: how to reload SSL certificates without restarting Tomcat

Hi Chris, There is also this: > https://tomcat.apache.org/presentations.html#latest-lets-encrypt > > It's very LE-focused, but it shows you how to programmatically trigger a > reload. > Thanks for your presentation and script. We are using Let's Encrypt, so your material is quite relevant. Jerry

Re: how to reload SSL certificates without restarting Tomcat

Jerry, On 3/10/24 16:00, Jerry Lin wrote: Hi Chuck, Presumably, you mean “not behind https", since “Apache” refers to the organization that develops and maintains a plethora of software products. Yes, “not behind https" (I meant not behind an Apache HTTP server) you can configure the TLS

Re: how to reload SSL certificates without restarting Tomcat

> On Mar 10, 2024, at 15:00, Jerry Lin wrote: > > Hi Chuck, > > Presumably, you mean “not behind https", since “Apache” refers to the >> organization that develops and maintains a plethora of software products. >> > Spell checker got me - I meant “httpd”, not “https”. - Chuck -

Re: how to reload SSL certificates without restarting Tomcat

Hi Chuck, Presumably, you mean “not behind https", since “Apache” refers to the > organization that develops and maintains a plethora of software products. > Yes, “not behind https" (I meant not behind an Apache HTTP server) > you can configure the TLS config listener: > > > https://tomcat.apac

Re: how to reload SSL certificates without restarting Tomcat

> On Mar 10, 2024, at 12:39, Jerry Lin wrote: > > For those of us with a publicly accessible instance of Tomcat (e.g. not > behind Apache), is there a good way of having a renewed SSL/HTTPS > certificate take effect without restarting Tomcat? Presumably, you mean “not behind https", since “Apac

Re: How to properly enable logging in "org.apache.catalina.core.StandardContext"

David, On 2/29/24 13:21, David Karr wrote: In our SpringBoot services, we sometimes run into situations where we get an exception like this: org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.boot.web.server.WebServerExce

Re: How does the user principal get set on the servlet container session?

On 01/02/2024 17:48, Ryanesch@yahoo wrote: On Feb 1, 2024, at 10:34 AM, Mark Thomas wrote: On 31/01/2024 00:15, Ryan Esch wrote: From what I understand, the container knows if a user is authenticated by using the session id passed to it and then looking up the user principal. If this

Re: How does the user principal get set on the servlet container session?

> > On Feb 1, 2024, at 10:34 AM, Mark Thomas wrote: > > On 31/01/2024 00:15, Ryan Esch wrote: >> From what I understand, the container knows if a user is authenticated by >> using the session id passed to it and then looking up the user principal. If >> this is non-null, the user is authent

Re: How does the user principal get set on the servlet container session?

On 31/01/2024 00:15, Ryan Esch wrote: From what I understand, the container knows if a user is authenticated by using the session id passed to it and then looking up the user principal. If this is non-null, the user is authenticated. I am using web.xml with security constraints and UsersRoleL

Re: How does the user principal get set on the servlet container session?

What should happen if session.getAttribute("javax.security.auth.subject") returns a non-null value? -Terence Bandoian On 1/30/2024 5:15 PM, Ryan Esch wrote: >From what I understand, the container knows if a user is authenticated by using the session id passed to it and then looking up the us

Re: How to access the request URL in a custom valve implementation?

See AbstractAccessLogValve (which AccessLogValve overrides) Then you could override AbstractAccessLogValve.createAccessLogElement() which has case 'q': return new QueryElement(); To possible do doing something like case 'q': return new ObfuscatedQueryElemen

Re: How to access the request URL in a custom valve implementation?

I want to obfuscate values of query params for certain URLs, however, I would still like to log the request. Therefore, I cannot use the existing conditionif/conditionunless attributes that AccessLogValve provides. Sincerely, Manak Bisht On Fri, Jan 26, 2024 at 6:18 PM Mark Thomas wrote: > On 2

Re: How to access the request URL in a custom valve implementation?

On 26/01/2024 10:46, Manak Bisht wrote: Hi, I am trying to extend the AccessLogValve to modify logging behaviour for certain URLs. However, I don't have access to the request object in the AccessLogValve API. So, I am left with regex matching on the CharArrayWriter message object. Is there a bett

Re: How to access the request URL in a custom valve implementation?

My bad - AccessLogValve also supports that feature too - *%{xxx}r* write value of ServletRequest attribute with name xxx (escaped if required, value ?? if request is null) https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Access_Logging -Tim On Fri, Jan 26, 2024 at 7:23 AM Tim F

Re: How to access the request URL in a custom valve implementation?

It depends on what you are trying to accomplish. ExtendedAccessLogValve is a little more flexible where you can write out arbitrary request attributes but still format the request like the standard access log. So you could have a filter set the value and not need to write your own access logger. -

Re: How to get Remote user value in Apache

Koustav, On 11/29/23 10:22, Naha, Koustav wrote: I am using Apache(2.4) in the front end and Jboss(7.4) in the backend. The page is coming up and after giving the user id and password it is being authenticated. next is when we go to some create function which takes the REMOTE_USER value and inse

RE: How to custom java program to decrypt keystore password in Tomcat 10.1.15

k you for your cooperation. > -Original Message- > From: Mark Thomas > Sent: Friday, October 27, 2023 3:45 AM > To: users@tomcat.apache.org > Subject: Re: How to custom java program to decrypt keystore password in > Tomcat 10.1.15 > > On 26/10/2023 11:05, yan

Re: How to custom java program to decrypt keystore password in Tomcat 10.1.15

yanyizhong and Mark, On 10/27/23 04:44, Mark Thomas wrote: On 26/10/2023 11:05, yanyizhong wrote: Hi Tomcat team, Version: Tomcat 10.1.15 I am trying to upgrade Tomcat from version 9.0.56 into 10.1.15, and found that there is no setKeystorePass(String) method in tomcat 10.1.15. As we wa

Re: How to custom java program to decrypt keystore password in Tomcat 10.1.15

On 26/10/2023 11:05, yanyizhong wrote: Hi Tomcat team, Version: Tomcat 10.1.15 I am trying to upgrade Tomcat from version 9.0.56 into 10.1.15, and found that there is no setKeystorePass(String) method in tomcat 10.1.15. As we want to use the custom keystore encryption password in server.xm

Re: How to setup Apache web server for a Tomcat deployed Spring application

Martin, On 9/15/23 14:48, Martin Moore wrote: I have a situation where I want to call an Tomcat deployed Spring application remotely without adding the port number (8080), I had tried to use 80 in Connector but wasn't able to connect to it when outside the LAN. What's the motivation, here? It

Re: How to integrate alternative SSLContext?

Hi Mark, On Thu, Aug 24, 2023 at 7:26 AM Mark Thomas wrote: > >> You shouldn't need a custom connector. As things stand currently, you > >> would need a custom SSLImplementation although you should be able to > >> extend the exising JSSE support for most of that. > > > > How can I take the defau

Re: How to integrate alternative SSLContext?

On 23/08/2023 14:20, John Jiang wrote: Hi Mark, Thanks for your reply! On Thu, Aug 24, 2023 at 12:15 AM Mark Thomas wrote: On 23/08/2023 00:44, John Jiang wrote: Hi, I'm using tomcat-embed-core 9.0.78 + OpenJDK 11.o.19. My project needs a custom javax.net.ssl.SSLContext implementation. Why

Re: How to integrate alternative SSLContext?

Hi Mark, Thanks for your reply! On Thu, Aug 24, 2023 at 12:15 AM Mark Thomas wrote: > On 23/08/2023 00:44, John Jiang wrote: > > Hi, > > I'm using tomcat-embed-core 9.0.78 + OpenJDK 11.o.19. > > My project needs a custom javax.net.ssl.SSLContext implementation. > > Why? What problem are you tryi

Re: How to integrate alternative SSLContext?

On 23/08/2023 00:44, John Jiang wrote: Hi, I'm using tomcat-embed-core 9.0.78 + OpenJDK 11.o.19. My project needs a custom javax.net.ssl.SSLContext implementation. Why? What problem are you trying to solve? How can I integrate this custom SSLContext to the embedded Tomcat server? I don't fin

Re: How to implement a cluster with static membership when the StaticMembershipService does not exist in tomcat 8.5?

On 12/06/2023 21:04, Manak Bisht wrote: But then why do both of them exist in later tomcat versions? *StaticMembershipInterceptor *is not deprecated. In tomcat 9 (example - https://people.apache.org/~markt/dev/server-static-cluster-example.xml), only StaticMembershipService seems to be used. Do t

Re: How to implement a cluster with static membership when the StaticMembershipService does not exist in tomcat 8.5?

But then why do both of them exist in later tomcat versions? *StaticMembershipInterceptor *is not deprecated. In tomcat 9 (example - https://people.apache.org/~markt/dev/server-static-cluster-example.xml), only StaticMembershipService seems to be used. Do they serve different purposes? Is there som

Re: How to implement a cluster with static membership when the StaticMembershipService does not exist in tomcat 8.5?

On 12/06/2023 07:33, Manak Bisht wrote: I am trying to implement a cluster with static members in tomcat 8. However, according to the documentation, StaticMembershipService only exists in tomcat 9

Re: How to setup client certificate based authentication in Tomcat 9

Omkar, On 5/3/23 00:28, Patkar Omkar Anant wrote: The server A where tomcat is running... it hosts a REST based application (BPMN based called Camunda ... it’s a 3rd party application). For e.g., when an application wants to trigger a workflow or BPMN deployed in Camunda, then they will fire t

RE: How to setup client certificate based authentication in Tomcat 9

- From: Christopher Schultz Sent: Wednesday, April 26, 2023 10:28 PM To: users@tomcat.apache.org Subject: Re: How to setup client certificate based authentication in Tomcat 9 Parkar, On 4/26/23 10:34, Patkar Omkar Anant wrote: > I am a bit newbie to this domain of client certific

Re: How to setup client certificate based authentication in Tomcat 9

Parkar, On 4/26/23 10:34, Patkar Omkar Anant wrote: I am a bit newbie to this domain of client certificate-based authentication. We have two applications … A(server) and B(client). Web application A runs on Apache Tomcat 9.0.52. (it’s a REST API based application). Application B invokes the res

Re: How to have a custom classloader outside Tomcat's own lib-dir?

Guten Tag Thorsten Schöning, am Montag, 17. April 2023 um 13:16 schrieben Sie: >> common.loader=[...],"${catalina.base}/lib_custom/*.jar" >> common.loader=[...],"${catalina.home}/lib_custom/*.jar" >> common.loader=[...],"${catalina.base}/lib_custom/custom.jar" >> common.loader=[...],"${catalina.ho

Re: How to have a custom classloader outside Tomcat's own lib-dir?

he.org Subject: Re: How to have a custom classloader outside Tomcat's own lib-dir? On 16/04/2023 12: 36, Thorsten Schöning wrote: > Hi everyone, > > I have some app consisting of a directory layout with some bundled > Tomcat, containing at least one exploded webapp. For various

Re: How to have a custom classloader outside Tomcat's own lib-dir?

Guten Tag Mark Thomas, am Montag, 17. April 2023 um 12:13 schrieben Sie: > What are those reasons? I'm wondering if the reasons have any impact on the > answer. Unlikely, it's about business logic. The custom classloader uses some custom config file to maintain additional JARs for the classloade

Re: How to have a custom classloader outside Tomcat's own lib-dir?

On 16/04/2023 12:36, Thorsten Schöning wrote: Hi everyone, I have some app consisting of a directory layout with some bundled Tomcat, containing at least one exploded webapp. For various reasons, What are those reasons? I'm wondering if the reasons have any impact on the answer. that webba

Re: how to make tomcat 9 remember which application where stopped before shutdown

Thanks Mark. I have to move a few applications from one tomcat to another. The new tomcat is ready and the applications are already deployed but working on test data. Now i would like to, one application at a time, switch them to production data. Say I have applications A.0, A.1, A.2, B.0,

Re: how to make tomcat 9 remember which application where stopped before shutdown

On 20/03/2023 10:09, Ivano Luberti wrote: Hi all , I would like to find a way to start tomcat with all the application stopped except the manager. My colleagues made a test manually  stopping an application and restarting tomcat. After the service restarted the application was up and running

Re: How to configure and verified chain certificat

Olivier, On 3/14/23 10:07, Olivier Studer wrote: I use Tomcat 9 version. I have configured the server.xml as following to use certificate signed. But I have an error with openssl command to verify it is correctly configured. Command and output: echo | openssl s_client -showcerts -connect se

Re: How to update tomcat to user different version of commons-fileupload

is this the right doc for configure DataSource Resource? https://tomcat.apache.org/tomcat-9.0-doc/jndi-datasource-examples-howto.html From: Mark Thomas Sent: Saturday, February 25, 2023 10:01 AM To: users@tomcat.apache.org Subject: Re: How to update tomcat to

Re: How to update tomcat to user different version of commons-fileupload

On 25/02/2023 17:28, Ph. Dinh wrote: Hi, Is there a way to try different versions of commons-fileupload (i.e 1.3, 1.4, and 1.5) on a Tomcat server (either 9.0 or 10.x)? Drop the necessary JARs (commons-dbcp, commons-pool) into $CATALINA_BASE/lib and then configure your DataSource Resource to

Re: How can I extend AceessLogValue

Hello, On 2/2/23 08:00, shallowinggg wrote: traceId has in request header, but it is encrypted, I need to parse it. %{xxx}i can get header, but encrypted value How about writing a Filter which takes the value from the header, decrypts it, and then puts the unencrypted value into a request-at

Re: How can I extend AceessLogValue

traceId has in request header, but it is encrypted, I need to parse it. %{xxx}i can get header, but encrypted value > > 在 2023年2月2日，16:33，Mark Thomas 写道： > > On 02/02/2023 07:57, shallowinggg wrote: >> I want to print skywalking traceId in tomcat access log, how to extend >> AceessLogVal

Re: How can I extend AceessLogValue

On 02/02/2023 07:57, shallowinggg wrote: I want to print skywalking traceId in tomcat access log, how to extend AceessLogValue class or any other solutions?? Might be easier to put the traceId into a session or request attribute and then use the standard AccessLogValve functionality to log th

Re: How to debug 404s / How to enable error log

ср, 1 февр. 2023 г. в 00:04, Michael B Allen : > > This is embarrassing. I have apparently forgotten how to operate Tomcat. > Welcome! The main help file for running Tomcat is RUNNING.txt, with additional information in webapps/docs/setup.html and webapps/docs/windows-service-howto.html > I just

Re: How-To apply Tomcat patch

Thanks Chris.. I use the windows installer downloaded from tomcat.apache.org ( apache-tomcat-9.0.70.exe ) -Original Message- From: Tomcat Users List Sent: Jan 17, 2023 9:18 AM To: Subject: Re: How-To apply Tomcat patch Linwood, On 1/17/23 09:03, Linwood Doty wrote: > We have Apa

Re: How-To apply Tomcat patch

Linwood, On 1/17/23 09:03, Linwood Doty wrote: We have Apache Tomcat 9.0.65 and need to apply .70 patch . 1. Is it necessary to uninstall current Tomcat installation and reinstall with latest target patch - or is there a way to just apply the patch ? environment Windows 2012, Tomcat is used fo

Re: how to block bad request?

Hi Mark, Thank you. I enabled debugging and able to reproduce (close to matching, but not exact same output) send null byte $ echo -e '\x00' | nc myhost.com 80 HTTP/1.1 400 Content-Type: text/html;charset=utf-8 Co

Re: how to block bad request?

Mark, Jason, On 1/4/23 09:07, Mark Thomas wrote: On 04/01/2023 04:09, Jason Wee wrote: Hi, Happy new year everyone. Background of my production setup. Using tomcat 10 and in linux environment, using the following accesslog valve %a %{X-Forwarded-For}i %h %l %u %t '%r' %s %b '%{Referer}i' '%{

Re: how to block bad request?

On 04/01/2023 04:09, Jason Wee wrote: Hi, Happy new year everyone. Background of my production setup. Using tomcat 10 and in linux environment, using the following accesslog valve %a %{X-Forwarded-For}i %h %l %u %t '%r' %s %b '%{Referer}i' '%{User-Agent}i' %D %S api.access_log.2022-12-20.txt:

Re: How to set Ciphers in Server.xml Tomcat 10.1.zz

Yes, I had to install Java 11 On Thu, 24 Nov 2022, 00:42 Shawn Heisey, wrote: > On 11/23/22 14:12, Edwin Mwangi wrote: > > I need help with the correct parameter for setting Ciphers in Apache > Tomcat > > 10.1.2, in the previous version 9 i would use the parameter below > > > > ciphers="TLS_RSA_

Re: How to set Ciphers in Server.xml Tomcat 10.1.zz

On 11/23/22 14:46, Chuck Caldarale wrote: On Nov 23, 2022, at 22:41, Shawn Heisey wrote: I am betting that Java is just refusing to use those ciphers because they are known to be weak. Hopefully an expert can tell me if I am giving incorrect information here. The reported error was the fail

Re: How to set Ciphers in Server.xml Tomcat 10.1.zz

> On Nov 23, 2022, at 22:41, Shawn Heisey wrote: > > I am betting that Java is just refusing to use those ciphers because they are > known to be weak. Hopefully an expert can tell me if I am giving incorrect > information here. The reported error was the failure to set the non-existent prop

Re: How to set Ciphers in Server.xml Tomcat 10.1.zz

On 11/23/22 14:12, Edwin Mwangi wrote: I need help with the correct parameter for setting Ciphers in Apache Tomcat 10.1.2, in the previous version 9 i would use the parameter below ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA" However when I set the same in Apache Tomcat 1

Re: How to set Ciphers in Server.xml Tomcat 10.1.zz

> On Nov 23, 2022, at 22:12, Edwin Mwangi wrote: > > I need help with the correct parameter for setting Ciphers in Apache Tomcat > 10.1.2, in the previous version 9 i would use the parameter below > > ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA" > > However when I set

Re: How do auth-method BASIC and DIGEST play together with some credential helper?

Thorsten, On 11/16/22 02:36, Thorsten Schöning wrote: Guten Tag Christopher Schultz, am Mittwoch, 16. November 2022 um 04:17 schrieben Sie: You should double-check the definition of "compliant to CIS benchmark spec" because there is no way in hell that HTTP DIGEST is required.[...] The spec

Re: How do auth-method BASIC and DIGEST play together with some credential helper?

Guten Tag Christopher Schultz, am Mittwoch, 16. November 2022 um 04:17 schrieben Sie: > You should double-check the definition of "compliant to CIS > benchmark spec" because there is no way in hell that HTTP DIGEST is > required.[...] The spec doesn't tell me exactly to use auth-method DIGEST, bu

Re: How do auth-method BASIC and DIGEST play together with some credential helper?

Thorsten, On 11/15/22 15:29, Thorsten Schöning wrote: Guten Tag Mark Thomas, am Dienstag, 15. November 2022 um 20:44 schrieben Sie: Assuming digesting passwords with one round of MD5 and no salt isn't acceptable (I'd be surprised if it was) then you are probably looking at HTTPS + BASIC + PBKD

Re: How do auth-method BASIC and DIGEST play together with some credential helper?

Guten Tag Mark Thomas, am Dienstag, 15. November 2022 um 20:44 schrieben Sie: > Assuming digesting passwords with one round of MD5 and no salt > isn't acceptable (I'd be surprised if it was) then you are probably > looking at HTTPS + BASIC + PBKDF2WithHmacSHA512. Thanks for that clarification, it

Re: How do auth-method BASIC and DIGEST play together with some credential helper?

Sorry, you are correct. There is no way to use PBKDF2WithHmacSHA512 in a Realm along with HTTP DIGEST auth. If you want to use HTTP DIGEST auth and digested passwords on the server you have to use, quoting the Tomcat docs, "one iteration of the MD5 algorithm with no salt". RFC 7616 has added

Re: How do auth-method BASIC and DIGEST play together with some credential helper?

Guten Tag Mark Thomas, am Dienstag, 15. November 2022 um 18:36 schrieben Sie: > Please go and read my email - and the links I provided - again. I did, so feel free to tell me how I tell my browser to use my plain-text password as PBKDF2WithHmacSHA512 digest with 10 iterations, a key length of

Re: How do auth-method BASIC and DIGEST play together with some credential helper?

On 15/11/2022 17:07, Thorsten Schöning wrote: Guten Tag Mark Thomas, am Dienstag, 15. November 2022 um 12:51 schrieben Sie: In short, the digested value you save as the user credential is one of the inputs the client uses when calculating the value to use in the authorization header.[...] My

Re: How do auth-method BASIC and DIGEST play together with some credential helper?

Guten Tag Mark Thomas, am Dienstag, 15. November 2022 um 12:51 schrieben Sie: > In short, the digested value you save as the user credential is one > of the inputs the client uses when calculating the value to use in > the authorization header.[...] My client is a browser and that asks me for pla

Re: How do auth-method BASIC and DIGEST play together with some credential helper?

On 15/11/2022 10:20, Thorsten Schöning wrote: So, is it even possible to use SecretKeyCredentialHandler and auth-method DIGEST together or am I required to use BASIC? If DIGEST is supported, how does that and credential helper work together without plain-text password available at the server a

Re: HOW TO ENABLE LDAPS ON TOMCAT 8.5

bH) wrote: Hello, -Ursprüngliche Nachricht- Von: rakesh meka Gesendet: Sonntag, 18. September 2022 22:57 An: Tomcat Users List Betreff: Re: HOW TO ENABLE LDAPS ON TOMCAT 8.5 Hi Thomas, Thanks your so much for the quick response and help. Having read all the response clearly once again.Not sure if

Re: HOW TO ENABLE LDAPS ON TOMCAT 8.5

gliche Nachricht- > > Von: rakesh meka > > Gesendet: Sonntag, 18. September 2022 22:57 > > An: Tomcat Users List > > Betreff: Re: HOW TO ENABLE LDAPS ON TOMCAT 8.5 > > > > Hi Thomas, > > > > Thanks your so much for the quick response and help. >

Re: HOW TO ENABLE LDAPS ON TOMCAT 8.5

Rakesh, On 9/17/22 23:02, rakesh meka wrote: Currently of the application is deplye Don the tomcat 8.5 uses LDAP protocol for AD authentication of sap users. I need to change the LDAP to LDAPS. So I installed domain certificate using keytool. But when i change the port number to 636 I see an err

  1   2   3   4   5   6   7   8   9   10   >