Re: How to turn up logging for tomcat-embed-core in SpringBoot

I've managed to find a solution that works. The info I found has me using the "log4j-jul" bridge (and excluding spring-boot-starter-logging from spring-boot-starter-web), which redirects from jul to log4j, which effectively redirects to logback, which allows me to configure loggers in the same plac

How to turn up logging for tomcat-embed-core in SpringBoot

This is an issue I've tried to pursue multiple times in the past, and each time I've given up and used an awkward solution that won't work in the current situation I'm seeing this. I thought perhaps I had asked it here before, but I don't see it in the archives. We have a couple hundred Java Sp

Re: DIGEST auth in Tomcat 9 — browsers sending SHA-256 to MD5 server, how to adapt?

Lloyd, On 12/13/24 2:41 PM, DIGLLOYD wrote: Agreed, it is probably pointless to support SHA-256, given the hard requirement of supporting MD5 in older browsers for many years to come. OTOH, running any kind of DIGEST over TLS and storing zero sensitive info on server is completely acceptable fo

Re: DIGEST auth in Tomcat 9 — browsers sending SHA-256 to MD5 server, how to adapt?

Agreed, it is probably pointless to support SHA-256, given the hard requirement of supporting MD5 in older browsers for many years to come. OTOH, running any kind of DIGEST over TLS and storing zero sensitive info on server is completely acceptable for my own use case. > On Dec 13, 2024, at 11:

Re: DIGEST auth in Tomcat 9 — browsers sending SHA-256 to MD5 server, how to adapt?

Lloyd, On 12/13/24 2:32 PM, DIGLLOYD wrote: Yes, it is returning the digest without modification. That’s not the issue. There are three options: (1) require MD5 only (2) require SHA-256 only (3) allow either MD5 or SHA-256 #2 is not an option since some browsers (eg Safari) do not yet support

Re: DIGEST auth in Tomcat 9 — browsers sending SHA-256 to MD5 server, how to adapt?

Yes, it is returning the digest without modification. That’s not the issue. There are three options: (1) require MD5 only (2) require SHA-256 only (3) allow either MD5 or SHA-256 #2 is not an option since some browsers (eg Safari) do not yet support SHA-256. And SHA-256 will never be supported o

Re: DIGEST auth in Tomcat 9 — browsers sending SHA-256 to MD5 server, how to adapt?

Lloyd, On 12/13/24 11:47 AM, DIGLLOYD wrote: BTW, I was able to support *both* MD5 and SHA-256 in my subclass of org.apache.catalina.realm.RealmBase ISSUE: org.apache.catalina.realm.RealmBas.getPassword(final String username) affords no means to know *which* algorithm ie which digest to ret

Re: DIGEST auth in Tomcat 9 — browsers sending SHA-256 to MD5 server, how to adapt?

Thank you Mark. DIGEST, and in Tomcat 9 (not 11). Not sure if 9 vs 11 matters. Sure enough, I missed “algorithms” attribute in . Having that config for ~15 years and then having things start to fail led me down the wrong path it seem. I did 3 things wrong: - just did not see “algorithms”

Re: DIGEST auth in Tomcat 9 — browsers sending SHA-256 to MD5 server, how to adapt?

BTW, I was able to support *both* MD5 and SHA-256 in my subclass of org.apache.catalina.realm.RealmBase ISSUE: org.apache.catalina.realm.RealmBas.getPassword(final String username) affords no means to know *which* algorithm ie which digest to return. I dealt with this by subclassing org.apach

Re: DIGEST auth in Tomcat 9 — browsers sending SHA-256 to MD5 server, how to adapt?

On 13/12/2024 00:39, DIGLLOYD wrote: ISSUE: users cannot login to my site. CAUSE: Firefox and Chrome are sending SHA-256 DIGEST auth, which is MD5 (Safari uses MD5 which is working fine) Details: - Tomcat 9.0.98 - DIGEST auth using MD5 - has been working for 15+ years just fine. - have read all

Re: DIGEST auth in Tomcat 9 — browsers sending SHA-256 to MD5 server, how to adapt?

Lloyd, On 13.12.2024 01:39, DIGLLOYD wrote: ISSUE: users cannot login to my site. CAUSE: Firefox and Chrome are sending SHA-256 DIGEST auth, which is MD5 (Safari uses MD5 which is working fine) Details: - Tomcat 9.0.98 - DIGEST auth using MD5 - has been working for 15+ years just fine. What ex

DIGEST auth in Tomcat 9 — browsers sending SHA-256 to MD5 server, how to adapt?

ISSUE: users cannot login to my site. CAUSE: Firefox and Chrome are sending SHA-256 DIGEST auth, which is MD5 (Safari uses MD5 which is working fine) Details: - Tomcat 9.0.98 - DIGEST auth using MD5 - has been working for 15+ years just fine. - have read all available Tomcat docs, searched web fo

AW: How to resolve 403 forbidden error in Tomcat level

nt > Gesendet: Donnerstag, 5. September 2024 04:36 > An: users@tomcat.apache.org > Betreff: Re: How to resolve 403 forbidden error in Tomcat level > > > > > On 9/3/24 11:22, Christopher Schultz wrote: > > Jagadish, > > > > On 8/30/24 10:52, jagad

Re: How to resolve 403 forbidden error in Tomcat level

Jagadish, On 8/30/24 10:52, jagadish sahu wrote:> Please find the attached text screenshot as you requested. Okay, I'm going to be perfectly honest: I'm not going to download and read all those attachments. That's why I asked for plain-text. If someone else is willing to go through all that

Re: How to resolve 403 forbidden error in Tomcat level

Jadgish, please don't attach any .doc- or similar files. Don't send screenshots of text. Send texts within the body of the email. Sebastian On 03.09.2024 17:05, jagadish sahu wrote: Hi Team, Any update on this? Thanks, Jagadish On Fri, Aug 30, 2024 at 8:22 PM jagadish sahu wrote: Hi Ch

Re: How to resolve 403 forbidden error in Tomcat level

Hi Team, Any update on this? Thanks, Jagadish On Fri, Aug 30, 2024 at 8:22 PM jagadish sahu wrote: > Hi Christopher and Team, > > Please find the attached text screenshot as you requested. > > Thanks, > Jagadish > > > > > On Fri, Aug 30, 2024 at 3:37 AM Christopher Schultz < > ch...@christophe

Re: How to resolve 403 forbidden error in Tomcat level

Jadgish, This list does not accept image attachments. We are not seeing what you are posting. Please post text-only. -chris On 8/29/24 11:01, jagadish sahu wrote: Hi Team and Christopher, We have attached a 403 error screenshot with full information. The error seems to be generated from Tom

AW: How to resolve 403 forbidden error in Tomcat level

Hello Jagadish, > Von: jagadish sahu > Gesendet: Donnerstag, 29. August 2024 17:02 > An: Tomcat Users List ; Christopher Schultz > > Betreff: Re: How to resolve 403 forbidden error in Tomcat level > > Hi Team and Christopher, > > We have attached a 403 error scree

Re: How to resolve 403 forbidden error in Tomcat level

Hi Team and Christopher, We have attached a 403 error screenshot with full information. The error seems to be generated from Tomcat level. We don't have any changes in the java code and our application is working as expected in Tomcat 9.0.14. After upgrading to latest version Tomcat,we have been

Re: How to resolve 403 forbidden error in Tomcat level

Jagdesh, On 8/29/24 06:29, jagadish sahu wrote: We have tested our application in Apache tomcat 9.0.14. It is working as expected, After upgrading from 9.0.14 to the latest versions it is not working.   When we leave the session for 30 mins, we will get some warning like due to an inactive

How to resolve 403 forbidden error in Tomcat level

Hi Team, We have tested our application in Apache tomcat 9.0.14. It is working as expected, After upgrading from 9.0.14 to the latest versions it is not working. When we leave the session for 30 mins, we will get some warning like due to an inactive session, you can click on Ok to continue the

Re: How to resolve 403 forbidden error in Tomcat level

http://www.catb.org/~esr/faqs/smart-questions.html On 28/08/2024 17:02, jagadish sahu wrote: Hi Team, I am getting an error 403 forbidden error in my application. I want to fix errors in Tomcat level. Anything I need to change in tomcat level. I am using tomcat 9.0.91. Thank you Jagadish

How to resolve 403 forbidden error in Tomcat level

Hi Team, I am getting an error 403 forbidden error in my application. I want to fix errors in Tomcat level. Anything I need to change in tomcat level. I am using tomcat 9.0.91. Thank you Jagadish

Re: How to Prevent Dynamic Code manipulation via Java Attach API for Tomcat

found is to run JVM with *-XX:+DisableAttachMechanism*, but the problem it will disable jstack,jcmd, etc all debug tools that are needed to debug Application issues. Do you guys any recommendations and how to add authentication to Java Attach API? Java Attach API requires one of the following: 1

Re: How to Prevent Dynamic Code manipulation via Java Attach API for Tomcat

ebug tools that are needed to debug Application issues. Do you guys any recommendations and how to add authentication to Java Attach API? Any pointers would be really helpful and suggestions. Thanks, Bhavesh -- George Sexton (303) 438 9585 x102 MH Sof

How to Prevent Dynamic Code manipulation via Java Attach API for Tomcat

run JVM with *-XX:+DisableAttachMechanism*, but the problem it will disable jstack,jcmd, etc all debug tools that are needed to debug Application issues. Do you guys any recommendations and how to add authentication to Java Attach API? Any pointers would be really helpful and suggestions. Thanks

Re: How to Call a Java Class in JSP

Many thanks Sebastian, I was over-complicating what appears to be a fairly straightforward matter. Alan. On 03/08/2024 17:51, Sebastian Trost wrote: Alan, On 03.08.2024 18:19, Alan Masters wrote: This is the extract from the logs:     03-Aug-2024 15:15:16.500 SEVERE [http-nio-8080-exec-10

Re: How to Call a Java Class in JSP

> On Aug 3, 2024, at 11:51, Sebastian Trost > wrote: > > On 03.08.2024 18:19, Alan Masters wrote: >> >> This is the extract from the logs: >> >>03-Aug-2024 15:15:16.500 SEVERE [http-nio-8080-exec-10] >>org.apache.catalina.startup.ExpandWar.copy Error copying >>[C:\Program >>

Re: How to Call a Java Class in JSP

Alan, On 03.08.2024 18:19, Alan Masters wrote: This is the extract from the logs: 03-Aug-2024 15:15:16.500 SEVERE [http-nio-8080-exec-10] org.apache.catalina.startup.ExpandWar.copy Error copying [C:\Program Files\apache-tomcat-9.0.91\apache-tomcat-9.0.91\webapps\Downloads\Calc

Re: How to Call a Java Class in JSP

used as a full time developer before my retirement over 8 years ago. The article How to Call a Java Class in JSP <https://www.javaguides.net/2019/01/how-to-call-java-class-in-jsp.html#google_vignette> provides a simple example of the code, but avoids explaining how to deploy to Tomca

Re: How to Call a Java Class in JSP

Alan, On 03.08.2024 17:33, Alan Masters wrote: Hello, I am attempting to revise on JSP which I used as a full time developer before my retirement over 8 years ago. The article How to Call a Java Class in JSP <https://www.javaguides.net/2019/01/how-to-call-java-class-in-jsp.h

How to Call a Java Class in JSP

Hello, I am attempting to revise on JSP which I used as a full time developer before my retirement over 8 years ago. The article How to Call a Java Class in JSP <https://www.javaguides.net/2019/01/how-to-call-java-class-in-jsp.html#google_vignette> provides a simple example of the cod

Re: how to use provider with java 18 , différent from java 11

actory.java:112) - Loading crypt module. DEBUG [main] (SecurityModuleFactory.java:125) - -> SunPKCS11-crypt Security.java:125) DEBUG [main] (SecurityModule.java:59) - Creating HardwareSecurityModule crypt crypt - Beginning listKeys (SecurityModule.java:121) - name = riri So my library works... *My

how to use provider with java 18 , différent from java 11

ctory.java:112) - Loading crypt module.  DEBUG [main] (SecurityModuleFactory.java:125) - -> SunPKCS11-crypt  Security.java:125)  DEBUG [main] (SecurityModule.java:59) - Creating HardwareSecurityModule crypt  crypt - Beginning listKeys  (SecurityModule.java:121) - name = riri  So my library works...

Re: How to comment out JSP directives

Those are XML / HTML comments. Try using JSP comments to wrap what you want to comment out: <%-- --%> On Tue, Jul 2, 2024 at 4:40 PM Aryeh Friedman wrote: > When I do the following the include is still done short of rewriting > it to not be a include how do I comment it o

How to comment out JSP directives

When I do the following the include is still done short of rewriting it to not be a include how do I comment it out correctly: -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org - To unsubscribe, e-mail: users

Re: Tomcat 10.1.25 - How to enable access to the "/examples/jsp/security/protected/index.jsp"?

Hi, I think that I found the problem. The web.xml file has and auth-constraint: ``` tomcat role1 ``` If I log in as a user that has one of those roles, then the access is successful ! Jim On Mon, Jul 1, 2024 at 5:59 PM o haya wrote: > Hi, > > I just deployed Tomcat 10.1.25 to my Windows

Tomcat 10.1.25 - How to enable access to the "/examples/jsp/security/protected/index.jsp"?

Hi, I just deployed Tomcat 10.1.25 to my Windows machine, and I want to test the FORMS example (/examples/jsp/security/protected/index.jsp) , but I am getting a 403 error: "You are not authorized to view this page. By default the examples web application is only accessible from a browser running

Re: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS

on is useful to crate a Use Case in the wiki.* Some doubts are in the air yet, but it is essentially possible for Tomcat to work with this. Two questions thats remaining for the future: * How to disable or bypass the Windows Security dialog? Is it possible to disable for specific U

Re: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS

On 25/06/2024 14:27, Gavioto 🕵 wrote: - how are are starting Tomcat?   Tomcat is starting as a service with "Domain\account1$" (Managed Service Account) - is Tomcat installed as a Windows service?   Yes - which account is Tomcat running under?   "Domain\acco

RE: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS

d with Tomcat 9.0.63 * Tested in Windows 2019 Thank you for your support. Hope this information is useful to crate a Use Case in the wiki. Some doubts are in the air yet, but it is essentially possible for Tomcat to work with this. Two questions thats remaining for the future: * How to disable o

Re: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS

On Tue, Jun 25, 2024 at 9:14 AM david w wrote: I've had the same experience, but with a regular AD service account, not an > MSA. > The account needs to have local administrator rights for the certificate > to be found and used; setting ACL on the keystores is not enough. > 1) The standard on thi

Re: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS

esday, June 25, 2024 3:27:12 PM To: users@tomcat.apache.org Subject: RE: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS - how are are starting Tomcat?   Tomcat is starting as a service with "Domain\account1$" (Managed Service Accoun

RE: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS

- how are are starting Tomcat?   Tomcat is starting as a service with "Domain\account1$" (Managed Service Account) - is Tomcat installed as a Windows service?   Yes - which account is Tomcat running under?   "Domain\account1$" (Managed Service Account) It is

Re: How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS

A few questions: - how are are starting Tomcat? - is Tomcat installed as a Windows service? - which account is Tomcat running under? There are a few references to "user" in your question. It is not clear if this is: - the user administering a Tomcat service - a user that is start

How to configure Tomcat with a Managed Service Account when using LocalMachine certificates for TLS

ice account, it seems can access to the Certificate Storage, in other case, the previous Stack Trace is generated. - Unless I gave local Admin rights, apache opens port 8443, but doesn't respond to requests on 8443 when testing and no error in logs appears. What is the question is "How

RE: [EXT]Re: how to define database resource in just context.xml or server.xml

nt: Sunday, March 31, 2024 1:55 PM To: users@tomcat.apache.org Subject: Re: [EXT]Re: how to define database resource in just context.xml or server.xml On 29/03/2024 21:58, Christopher Schultz wrote: > Rick, > > On 3/29/24 14:33, Rick Noel wrote: >> Our application is really a sui

Re: [EXT]Re: how to define database resource in just context.xml or server.xml

want to provide the same resource link to all web applications rather than have to specify it in each web application. Mark -chris -Original Message- From: Christopher Schultz Sent: Friday, March 29, 2024 2:21 PM To: Tomcat Users List ; Rick Noel Subject: Re: [EXT]Re: how to d

Re: [EXT]Re: how to define database resource in just context.xml or server.xml

Users List ; Rick Noel Subject: Re: [EXT]Re: how to define database resource in just context.xml or server.xml Rick, On 3/29/24 11:56, Rick Noel wrote: If have the resource defined in CATALINA_BASE/conf/context.xml And CATALINA_BASE/conf/server.xml You really shouldn't have anything

RE: FW: [EXT]Re: how to define database resource in just context.xml or server.xml

: users@tomcat.apache.org Subject: Re: FW: [EXT]Re: how to define database resource in just context.xml or server.xml Rick, On 3/29/24 14:05, Rick Noel wrote: > Chris, > > I found I could use a ResourceLink element and put it in my context.xml file. > The name in that ResourceLink is

RE: [EXT]Re: how to define database resource in just context.xml or server.xml

List ; Rick Noel Subject: Re: [EXT]Re: how to define database resource in just context.xml or server.xml Rick, On 3/29/24 11:56, Rick Noel wrote: > If have the resource defined in > CATALINA_BASE/conf/context.xml > And > CATALINA_BASE/conf/server.xml You really shouldn't hav

Re: FW: [EXT]Re: how to define database resource in just context.xml or server.xml

rce" /> And snippet from my server.xml is. Rick Noel Systems Programmer | Westwood One rn...@westwoodone.com -Original Message- From: Rick Noel Sent: Friday, March 29, 2024 11:57 AM To: Tomcat Users List Subject: RE: [EXT]Re: how to define dat

Re: [EXT]Re: how to define database resource in just context.xml or server.xml

web.xml. Doing all this will make upgrading Tomcat much easier. -chris -Original Message- From: Christopher Schultz Sent: Friday, March 29, 2024 11:47 AM To: users@tomcat.apache.org Subject: [EXT]Re: how to define database resource in just context.xml or server.xml Rick, On 3/29/24 09:

FW: [EXT]Re: how to define database resource in just context.xml or server.xml

: [EXT]Re: how to define database resource in just context.xml or server.xml If have the resource defined in CATALINA_BASE/conf/context.xml And CATALINA_BASE/conf/server.xml Rick Noel Systems Programmer | Westwood One rn...@westwoodone.com -Original Message- From: Christopher Schultz Sent

RE: [EXT]Re: how to define database resource in just context.xml or server.xml

: [EXT]Re: how to define database resource in just context.xml or server.xml Rick, On 3/29/24 09:48, Rick Noel wrote: > Can someone tell me why I need to have my database source defined in > both my context.xml and server.xml? I thought we are suppose to define > it in only one locat

Re: how to define database resource in just context.xml or server.xml

Rick, On 3/29/24 09:48, Rick Noel wrote: Can someone tell me why I need to have my database source defined in both my context.xml and server.xml? I thought we are suppose to define it in only one location? It's definitely not a requirement to specify it in both places. I can only log into my a

how to define database resource in just context.xml or server.xml

Hello, Can someone tell me why I need to have my database source defined in both my context.xml and server.xml? I thought we are suppose to define it in only one location? I can only log into my app if I have it defined in both my context.xml and server.xml Below is my database resource as

Re: how to reload SSL certificates without restarting Tomcat

Jerry, On 3/11/24 14:51, Jerry Lin wrote: Hi Chris, There is also this: https://tomcat.apache.org/presentations.html#latest-lets-encrypt It's very LE-focused, but it shows you how to programmatically trigger a reload. Thanks for your presentation and script. We are using Let's E

Re: how to reload SSL certificates without restarting Tomcat

Hi Chris, There is also this: > https://tomcat.apache.org/presentations.html#latest-lets-encrypt > > It's very LE-focused, but it shows you how to programmatically trigger a > reload. > Thanks for your presentation and script. We are using Let's Encrypt, so your m

Re: how to reload SSL certificates without restarting Tomcat

tions.html#latest-lets-encrypt It's very LE-focused, but it shows you how to programmatically trigger a reload. Chuck's reference to the auto-reloading is even better if you don't mind the background process checking for you, instead of proactively-trigge

Re: how to reload SSL certificates without restarting Tomcat

> On Mar 10, 2024, at 15:00, Jerry Lin wrote: > > Hi Chuck, > > Presumably, you mean “not behind https", since “Apache” refers to the >> organization that develops and maintains a plethora of software products. >> > Spell checker got me - I meant “httpd”, not “https”. - Chuck -

Re: how to reload SSL certificates without restarting Tomcat

Hi Chuck, Presumably, you mean “not behind https", since “Apache” refers to the > organization that develops and maintains a plethora of software products. > Yes, “not behind https" (I meant not behind an Apache HTTP server) > you can configure the TLS config listener: > > > https://tomcat.apac

Re: how to reload SSL certificates without restarting Tomcat

> On Mar 10, 2024, at 12:39, Jerry Lin wrote: > > For those of us with a publicly accessible instance of Tomcat (e.g. not > behind Apache), is there a good way of having a renewed SSL/HTTPS > certificate take effect without restarting Tomcat? Presumably, you mean “not behind https", since “Apac

AW: how to reload SSL certificates without restarting Tomcat

I would have several parallel productive instances, and renew them in sequence to be always online -> on connection will be interrupted with the customer. Best Alex -Ursprüngliche Nachricht- Von: Jerry Lin Gesendet: Sonntag, 10. März 2024 18:40 An: users@tomcat.apache.org Betreff:

how to reload SSL certificates without restarting Tomcat

Hello, For those of us with a publicly accessible instance of Tomcat (e.g. not behind Apache), is there a good way of having a renewed SSL/HTTPS certificate take effect without restarting Tomcat? Thank you, Jerry

Re: How to properly enable logging in "org.apache.catalina.core.StandardContext"

org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat It doesn't provide any meaningful root cause. I've googled how to get more verbosity from this, but the results are so varied and often conflicting, and I've never found a strategy that works. It appears that the logger used in Catalina

How to properly enable logging in "org.apache.catalina.core.StandardContext"

doesn't provide any meaningful root cause. I've googled how to get more verbosity from this, but the results are so varied and often conflicting, and I've never found a strategy that works. It appears that the logger used in Catalina is not directly compatible with logback, or I

How to deal with beans.xml during process of GraalVM native image build?

Within a spring framework application, it uses beanx.xml to define a bean names "GreetingService": And this bean is being called as below: === ApplicationContext context = new ClassPathXmlApplicationContext("config/beans.xml"

Re: How does the user principal get set on the servlet container session?

this is non-null, the user is authenticated. I am using web.xml with security constraints and UsersRoleLoginModule defined in jaas.conf which is working fine. I want to add an additional method of login. How do I set the principal on the session in my custom login module? Is this a JAAS login

Re: How does the user principal get set on the servlet container session?

this is non-null, the user is authenticated. I am using web.xml with >> security constraints and UsersRoleLoginModule defined in jaas.conf which is >> working fine. I want to add an additional method of login. >> How do I set the principal on the session in my custom login module? &g

Re: How does the user principal get set on the servlet container session?

UsersRoleLoginModule defined in jaas.conf which is working fine. I want to add an additional method of login. How do I set the principal on the session in my custom login module? Is this a JAAS login module or something else? I have tried a number of things, including: HttpSession session

Re: How does the user principal get set on the servlet container session?

ooking up the user principal. If this is non-null, the user is authenticated. I am using web.xml with security constraints and UsersRoleLoginModule defined in jaas.conf which is working fine. I want to add an additional method of login. How do I set the principal on the session in my custom login m

How does the user principal get set on the servlet container session?

in jaas.conf which is working >fine. I want to add an additional method of login. How do I set the principal on the session in my custom login module? I have tried a number of things, including: HttpSession session = request.getSession(); // Retrieve or create the Subject Subject sub

Re: How to access the request URL in a custom valve implementation?

See AbstractAccessLogValve (which AccessLogValve overrides) Then you could override AbstractAccessLogValve.createAccessLogElement() which has case 'q': return new QueryElement(); To possible do doing something like case 'q': return new ObfuscatedQueryElemen

Re: How to access the request URL in a custom valve implementation?

I want to obfuscate values of query params for certain URLs, however, I would still like to log the request. Therefore, I cannot use the existing conditionif/conditionunless attributes that AccessLogValve provides. Sincerely, Manak Bisht On Fri, Jan 26, 2024 at 6:18 PM Mark Thomas wrote: > On 2

Re: How to access the request URL in a custom valve implementation?

On 26/01/2024 10:46, Manak Bisht wrote: Hi, I am trying to extend the AccessLogValve to modify logging behaviour for certain URLs. However, I don't have access to the request object in the AccessLogValve API. So, I am left with regex matching on the CharArrayWriter message object. Is there a bett

Re: How to access the request URL in a custom valve implementation?

My bad - AccessLogValve also supports that feature too - *%{xxx}r* write value of ServletRequest attribute with name xxx (escaped if required, value ?? if request is null) https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Access_Logging -Tim On Fri, Jan 26, 2024 at 7:23 AM Tim F

Re: How to access the request URL in a custom valve implementation?

It depends on what you are trying to accomplish. ExtendedAccessLogValve is a little more flexible where you can write out arbitrary request attributes but still format the request like the standard access log. So you could have a filter set the value and not need to write your own access logger. -

How to access the request URL in a custom valve implementation?

Hi, I am trying to extend the AccessLogValve to modify logging behaviour for certain URLs. However, I don't have access to the request object in the AccessLogValve API. So, I am left with regex matching on the CharArrayWriter message object. Is there a better way to do this? Sincerely, Manak Bisht

Re: JSP EL - How to

Thanks for the reply Chuck Caldarale. I am really confused here, would you be able to provide me with a link to a EL tutorial. Thanks in advance. On 2023-12-18 11:04 a.m., Mark Thomas wrote: Chuck Caldarale -- ArbolOne.ca Using Fire Fox and Thunderbird. ArbolOne is composed of students and v

Re: JSP EL - How to

17 Dec 2023 21:31:10 Chuck Caldarale : On Dec 16, 2023, at 23:05, Arbol One wrote: Hello. In my NetBeans IDE, I have a ANT web project, to which I have added under Libraries the JSTL 1.2.7 - jstl-impl.jar and the JSTL 1.2.7 - jstl-api.jar libraries. However, when adding this code :

Re: JSP EL - How to

> On Dec 16, 2023, at 23:05, Arbol One wrote: > > Hello. > > In my NetBeans IDE, I have a ANT web project, to which I have added under > Libraries the JSTL 1.2.7 - jstl-impl.jar and the JSTL 1.2.7 - jstl-api.jar > libraries. However, when adding this code : > > * > Hello JSP EL! > * Ta

JSP EL - How to

Hello. In my NetBeans IDE, I have a ANT web project, to which I have added under Libraries the JSTL 1.2.7 - jstl-impl.jar and the JSTL 1.2.7 - jstl-api.jar libraries. However, when adding this code : * Hello JSP EL! * Although it rebuilds properly, I get the following error message

Re: I can't find how to stop TOMCAT during INITIALIZATION phase

All, On 12/15/23 03:29, Simon Matter wrote: Hi, Our question is: 1. It is possible to stop tomcat during initialization phase? 2. If yes how and if not are any plans to implement it in future versions? It seems to me that my solutions for now are: 1. sending SIGKILL signal to tomcat (this

Re: I can't find how to stop TOMCAT during INITIALIZATION phase

Hi, > > Our question is: > 1. It is possible to stop tomcat during initialization phase? > 2. If yes how and if not are any plans to implement it in future versions? > > It seems to me that my solutions for now are: > 1. sending SIGKILL signal to tomcat (this is ver

I can't find how to stop TOMCAT during INITIALIZATION phase

Hello, I have searched inside TOMCAT (for the moment version 10.1.x but seems to be present in all versions) how to stop TOMCAT during INITIALIZATION phase and I can't find any method how to do it. Tomcat seems to have 3 ways to stop it: 1. Sending SHUTDOWN command over the control port s

Re: How to get Remote user value in Apache

Tomcat)? How are Apache httpd and JBoss/Tomcat connected to each other? The answer depends on exactly how you are doing that. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail

How to get Remote user value in Apache

Hi all, I am using Apache(2.4) in the front end and Jboss(7.4) in the backend. The page is coming up and after giving the user id and password it is being authenticated. next is when we go to some create function which takes the REMOTE_USER value and inserts into the database. Here we are not

Re: Java/Tomcat is being killed by the Linux OOM killer for using a huge amount of RAM. How can I know what was going on inside my app (& Tomcat & the JVM) to make that happen?

native-heap and not Java-heap. What does 'top' say? You are looking for the "RES" (Resident Size) and "VIRT" (Virtual Size) numbers. That's what the process is REALLY using. How big is your physical RAM? What does this output while running your application (aft

Java/Tomcat is being killed by the Linux OOM killer for using a huge amount of RAM. How can I know what was going on inside my app (& Tomcat & the JVM) to make that happen?

t. Was it my application? If it was my application (and I have to assume it was), how/why was it using all that RAM? What were the objects, threads, etc that were involved in the crash? What part of the heap memory was using all that RAM? This can happen at any time, like at 4am so I can not run to

Re:RE: How to custom java program to decrypt keystore password in Tomcat 10.1.15

It is soloved by implement the PropertySource, thank you very much for all your help. At 2023-10-28 01:06:03, "Mcalexander, Jon J." wrote: >You could look at how TC Server does this. Their tcserver.jar has an >encoder/decoder in it and the class is loaded as a

RE: How to custom java program to decrypt keystore password in Tomcat 10.1.15

You could look at how TC Server does this. Their tcserver.jar has an encoder/decoder in it and the class is loaded as a digester in the Catalina.properties. It relies on having a prefix on the encoded value that would subsequently be decoded and the property value replaced with the decoded

Re: How to custom java program to decrypt keystore password in Tomcat 10.1.15

want to use the custom keystore encryption password in server.xml like this: chiphhers="TLS_ECDHE_RSA_WITH_AES_123_GCM_SHA256"    keystoreFile="E:\tes.jks"    keystorePass="xsdfdfdsfdfxdf(encryption password)"    keystoreType"JKS" /> And this &qu

Re: How to custom java program to decrypt keystore password in Tomcat 10.1.15

server.xml like this: And this "encrypted" password is "decrypted" how? https://cwiki.apache.org/confluence/display/TOMCAT/Password (Hint: this is a waste of time from a security perspective.) If you can find a way to make this work then you are welcome to use it but I am sure

How to custom java program to decrypt keystore password in Tomcat 10.1.15

Hi Tomcat team, Version: Tomcat 10.1.15 I am trying to upgrade Tomcat from version 9.0.56 into 10.1.15, and found that there is no setKeystorePass(String) method in tomcat 10.1.15. As we want to use the custom keystore encryption password in server.xml like this: And the java class tes

Re: How to setup Apache web server for a Tomcat deployed Spring application

that makes this a little difficult to interpret. To note that on the local machine tomcat returns the app through http://localhost:8080/app/login <http://localhost:8080/qadat/login> How to make the app requests proxied so that name1.domain. <http://qadat.qfls.idealab.unical.it/>com/a

How to setup Apache web server for a Tomcat deployed Spring application

gin <http://localhost:8080/qadat/login> ProxyPassReverse /app/login http://localhost:8080/app/login <http://localhost:8080/qadat/login> To note that on the local machine tomcat returns the app through http://localhost:8080/app/login <http://localhost:8080/qadat/login> How to m

Re: How to integrate alternative SSLContext?

Hi Mark, On Thu, Aug 24, 2023 at 7:26 AM Mark Thomas wrote: > >> You shouldn't need a custom connector. As things stand currently, you > >> would need a custom SSLImplementation although you should be able to > >> extend the exising JSSE support for most of

Re: How to integrate alternative SSLContext?

ation. Why? What problem are you trying to solve? My project needs alternative cipher suites, EC group and signature scheme. How can I integrate this custom SSLContext to the embedded Tomcat server? I don't find any convenient API for this case. Do I have to provide a new SSLImplementation

Re: How to integrate alternative SSLContext?

; > Why? What problem are you trying to solve? > My project needs alternative cipher suites, EC group and signature scheme. > > How can I integrate this custom SSLContext to the embedded Tomcat > > server? > > I don't find any convenient API for this case. > > Do

  1   2   3   4   5   6   7   8   9   10   >