-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff,
On 8/29/12 4:54 PM, Jeffrey Janner wrote: > Looking at that code, it looks like the only way to set the file is > to change it there and recompile. Not at all: you should be able to configure the Manager by setting attributes on the <Manager> element in your context.xml. If you don't already have one, add one and then set the randomFile attribute to whatever you want. > The <manager> element doesn't have anything to do with the session > manager. Er, it has everything to do with it. <Manager> configures the session manager. If you don't believe me, read the documentation and/or the code. > What we really need is a way for Tomcat to understand that it's on > windows and automatically use that java.security routine you > mentioned. It will. You created a zero-length file in C:\dev\urandom and it's causing a one-time error message. Don't do that! > Even a way of setting the filepath as null in the server.xml or > context.xml would probably be helpful. You could do that, or you could set it to a path that points to nothing. Under normal circumstances, you wouldn't find a C:\dev\urandom file in a Microsoft Windows environment, so the default automatically falls-back to java.security.SecureRandom. Why don't you just remove that file? > Not that it's really that big a deal. Apparently, from my > testing, it only happens twice/context at startup. It should happen once, but I suppose anything is possible -- especially if you have an ... odd deployment configuration. > My real problem is somewhere else. On login, we call > request.getSession, which I'm pretty sure is generating a new > sessionid (verified by turning off cookies), and thus generating > the first PNF. On bad login credentials, we invalidate() the > session, which I'm guessing is doing the second PNF. Invalidating the session shouldn't require any entropy to be read, so I wouldn't expect any failure. > Overall, I'm thinking nothing to worry about, right? If I were you, I'd delete the file and move on with my life: the error message will go away and otherwise the system will operate exactly as before. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlA+g+kACgkQ9CaO5/Lv0PDhuACfaQ4v0010KLSlJAdCowaV3Hzh e/AAn1TC3demwBOsqs8NEIDgMJLjk+P+ =G/Aa -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
