Am 11.01.16 um 22:05 schrieb Mark Thomas:
Found on
http://www.tomcatexpert.com/blog/2011/04/25/session-fixation-protection
the description how to switch the "feature" off.
I will file two bugs soon describing the issues I had. Hopefully they
will be fixed.
1.) if using HttpServetRequest.logi
On 12/01/2016 11:06, Thomas Scheffler wrote:
> Am 11.01.16 um 22:05 schrieb Mark Thomas:
>>>
>>> >>changeSessionIdOnAuthentication="false" />
>>>
>>> Found on
>>> http://www.tomcatexpert.com/blog/2011/04/25/session-fixation-protection
>>> the description how to switch the "feature" off.
>>>
>>>
All:
I'm trying to set up clientAuth SSL connection between a batch process and
Tomcat (7.0.55, Java 8 64-bit server). One-way SSL works wonderfully. I set up
a server certificate (self-signed) and used this configuration in Tomcat
(server.xml):
In the client, I used
java -cp ws-client.
On 1/12/2016 12:01 AM, Rahul Singh wrote:
Hello Apache Tomcat team,
Sending again with some corrections,
File upload in my application(Tomcat 7.0.54 Struts: 2.3.24 JAVA: openJDK
1.7.79) is not successful for greater than 2 gb. After previous discussion here
on previous thread, I migrated my
Am 12.01.16 um 13:24 schrieb Mark Thomas:
On 12/01/2016 11:06, Thomas Scheffler wrote:
Am 11.01.16 um 22:05 schrieb Mark Thomas:
Found on
http://www.tomcatexpert.com/blog/2011/04/25/session-fixation-protection
the description how to switch the "feature" off.
I will file two bugs soon descri
Sory for missing information
My tomcat is 8.0 , Debian 7.
Tomcat is in front of my app using Grails+Vaadin for interface.
This annotation where will be used in Grails.conf ?
From: Kyohei Nakamura
Sent: Tuesday, January 12, 2016 7:44 AM
To: Tomcat Users Li
Thomas
> -Original Message-
> From: Olaf Kock [mailto:tom...@olafkock.de]
> Sent: Monday, January 11, 2016 4:12 PM
> To: Tomcat Users List
> Subject: Re: Tomcat 8.0.30 Session lost
>
> Well, at least you do a bit of protection instead of just disabling the
> session fixation security fi
On 12/01/2016 13:03, Thomas Scheffler wrote:
> Am 12.01.16 um 13:24 schrieb Mark Thomas:
>> On 12/01/2016 11:06, Thomas Scheffler wrote:
>>> Am 11.01.16 um 22:05 schrieb Mark Thomas:
For the first the description above isn't clear enough to be sure
exactly what you are asking for. Howe
Thomas,
On 1/12/16 8:03 AM, Thomas Scheffler wrote:
> Am 12.01.16 um 13:24 schrieb Mark Thomas:
>> On 12/01/2016 11:06, Thomas Scheffler wrote:
>>> Am 11.01.16 um 22:05 schrieb Mark Thomas:
>
> className="org.apache.catalina.authenticator.BasicAuthenticator"
> changeSessionIdO
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Native 1.2.4 stable.
The key features of this release are:
- Improvements to renegotiation
Note that, unless a regression is discovered in 1.2.x, users should now
be using 1.2.x in preference to 1.1.x.
Please refer to t
I am integrating Tomcat with the IBM CLM 6.0.1 collaboration tools. Per IBM's
installation instructions, I downloaded and extracted Tomcat 7.0.59 to my
server.
I am successfully able to start the Tomcat server from the command line using
the batch files provided by the IBM application (C:\Prog
Olaf,
On 1/11/16 4:12 PM, Olaf Kock wrote:
> Well, at least you do a bit of protection instead of just disabling the
> session fixation security filter. However, be aware that potentially
> many people might come from the same IP address - either because it's a
> NATing home router or a big compan
Am 12.01.16 um 14:41 schrieb Mark Thomas:
1.) are not required as every request belonging to the same session are
already authenticated. After login() other request of the same session
will not return 'null' on getRemoteUser() or getUserPrincipal()
2.) are not required, as authenticate() use the
Becky,
On 1/12/16 10:42 AM, McDermott, Becky wrote:
> I am integrating Tomcat with the IBM CLM 6.0.1 collaboration tools. Per
> IBM's installation instructions, I downloaded and extracted Tomcat 7.0.59 to
> my server.
>
> I am successfully able to start the Tomcat server from the command line
David,
On 1/12/16 7:43 AM, David Sills wrote:
> All:
>
> I'm trying to set up clientAuth SSL connection between a batch process and
> Tomcat (7.0.55, Java 8 64-bit server). One-way SSL works wonderfully. I set
> up a server certificate (self-signed) and used this configuration in Tomcat
> (ser
I used the Java options provided by IBM. Since Tomcat will successfully start
using the startup batch files, I assume that these settings are fine. I've
tried playing with the settings and cannot get it to work either. I seems like
it's some sort of weird Windows thing.
I have successfully c
Christopher:
Thank you for your prompt reply.
The client does seem to need a trust store when dealing with a self-signed
certificate from the server, as otherwise it tries to create a chain back to an
implicitly trusted CA. I agree, with a commercial certificate this would not be
necessary, as
On 12.01.2016 12:06, Thomas Scheffler wrote:
Am 11.01.16 um 22:05 schrieb Mark Thomas:
Found on
http://www.tomcatexpert.com/blog/2011/04/25/session-fixation-protection
the description how to switch the "feature" off.
I will file two bugs soon describing the issues I had. Hopefully they
will
Oh, and by the way, it turns out I'm using Java 6, not 8. Not that that should
make a huge difference, but our client is a bit behind the times.
-Original Message-
From: David Sills [mailto:dsi...@datasourceinc.com]
Sent: Tuesday, January 12, 2016 11:35 AM
To: Tomcat Users List
Subject:
I'm hitting an error, and I'm not sure how to fix it. The environment is:
OS: Ubuntu Linux
Tomcat: 6.0.44
JVM: Sun 1.6.0.22
CATALINA_HOME/CATALINA_BASE configuration
The client reports that this system has worked in the past. Their
original production system was running 6.0.18 using a distribu
On 1/12/2016 10:57 AM, Thomas Scheffler wrote:
Am 12.01.16 um 14:41 schrieb Mark Thomas:
1.) are not required as every request belonging to the same session
are
already authenticated. After login() other request of the same session
will not return 'null' on getRemoteUser() or getUserPrincipal()
On 12/01/2016 16:04, McDermott, Becky wrote:
> I used the Java options provided by IBM. Since Tomcat will successfully
> start using the startup batch files, I assume that these settings are fine.
> I've tried playing with the settings and cannot get it to work either. I
> seems like it's som
Hi Christopher,
Thanks for reminding me of my extra doubt that I missed writing of in
the first post:
Picking up on AOL: If I'm on proxy1 now, with many other users - will I
stay on that proxy for a long time? Or will I be loadbalanced to many
other proxies during my visit on the site? There's no
On 12/01/2016 16:39, David Sills wrote:
> Oh, and by the way, it turns out I'm using Java 6, not 8. Not that that
> should make a huge difference, but our client is a bit behind the times.
Are you sure the right certs are in the right stores?
If all the certs are self-signed then:
The trust sto
On 12/01/2016 16:40, George Sexton wrote:
> I'm hitting an error, and I'm not sure how to fix it. The environment is:
>
Check the JARs in WEB-INF/lib for any javax.servlet classes. There
should not be any. You might as well check WEB-INF/classes while you are
at it.
If any JARs have been added t
I am definitely not a Java/Tomcat expert so I appreciate the info. I have 10GB
of RAM and only 1.2 GB is in use when I try to start the tomcat service.
I downloaded from:
http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.59/bin/?cm_mc_uid=36937329763514476995925&cm_mc_sid_5020=1450452120
Mark,
On 1/12/16 12:01 PM, Mark Thomas wrote:
> On 12/01/2016 16:39, David Sills wrote:
>> Oh, and by the way, it turns out I'm using Java 6, not 8. Not that that
>> should make a huge difference, but our client is a bit behind the times.
>
> Are you sure the right certs are in the right stores?
Mark,
On 1/12/16 12:03 PM, Mark Thomas wrote:
> On 12/01/2016 16:40, George Sexton wrote:
>> I'm hitting an error, and I'm not sure how to fix it. The environment is:
>
> Check the JARs in WEB-INF/lib for any javax.servlet classes. There
> should not be any. You might as well check WEB-INF/classe
On 12/01/2016 17:10, McDermott, Becky wrote:
> I am definitely not a Java/Tomcat expert so I appreciate the info. I have
> 10GB of RAM and only 1.2 GB is in use when I try to start the tomcat service.
OK. You should be OK then but you never know. One thing to try is lower
settings to see if you
David,
On 1/12/16 11:34 AM, David Sills wrote:
> The client does seem to need a trust store when dealing with a
> self-signed certificate from the server, as otherwise it tries to
> create a chain back to an implicitly trusted CA. I agree, with a
> commercial certificate this would not be necessar
On 12.01.2016 18:29, Mark Thomas wrote:
On 12/01/2016 17:10, McDermott, Becky wrote:
I am definitely not a Java/Tomcat expert so I appreciate the info. I have 10GB
of RAM and only 1.2 GB is in use when I try to start the tomcat service.
OK. You should be OK then but you never know. One thing
I will try both sides in Java 8. Our client, however, still has to use Java 6
(government sigh...). But at least if the same problem occurs, I'll know
what's going on. And I'll check the certificates, though I was exceedingly
careful during the setup and checked everything once already.
---
One question as I try this - how to get logging at the debug level for the
handshake process? I have tried setting everything in logging.properties to
FINEST, but it makes no difference.
-Original Message-
From: David Sills [mailto:dsi...@datasourceinc.com]
Sent: Tuesday, January 12, 20
You can enable jvm level TLS debug: -Djavax.net.debug=all
See this site for more information:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html
Dave Tauzell | Senior Software Engineer | Surescripts
O: 651.855.3042 | www.surescripts.com | dave.tauz...@suresc
On 12/01/2016 15:57, Thomas Scheffler wrote:
> What I read in the specification is that a *fix* could be implemented
> that would a allow the bug to disappear. The third point above, changing
> the sessionId only if the user is "new" to the session, would fix the
> problem, could be integrated easi
On 1/12/2016 10:04 AM, McDermott, Becky wrote:
I used the Java options provided by IBM. Since Tomcat will successfully start
using the startup batch files, I assume that these settings are fine. I've
tried playing with the settings and cannot get it to work either. I seems like
it's some so
Hi,
>Define "Not successful"? Exceptions thrown? File truncated? Upload
>never starts? Never finishes?
Not successful :
Request Never finishes, we have trace the HttpServlet request object and
request.getContentLength return 0 in case when file size is >=2GB,
No exception thrown, as well a
37 matches
Mail list logo
