pluggabilitySkip JarScanFilter and JMX calls
Hello, I have been experimenting with the JarScanFilter setting to boost the application deployment time. When I add this: JarScanFilter pluggabilitySkip="*.jar" The JMX calls stopped working. E.g. I am seeing: javax.management.InstanceNotFoundException: Catalina_Web_Services:j2eeType=WebModule,name=//localhost/mywebapp,J2EEApplication=none,J2EEServer=none at java.management/com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getMBean(Unknown Source) ~[?:?] at java.management/com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getAttribute(Unknown Source) ~[?:?] at java.management/com.sun.jmx.mbeanserver.JmxMBeanServer.getAttribute(Unknown Source) ~[?:?] at com.myapp.findMBeanState(MyTest.java:124) ~[myapp.jar:?] Am I missing some additional configuration? Appreciate the help. Thanks, Amit
RE: pluggabilitySkip JarScanFilter and JMX calls
Thank you, Chris, for quick response. I am trying to play with the scan/skip values. https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/context/event/EventListener.html Does this @EventListener Spring annotation get affected by this pluggabilitySkip setting? Thanks, Amit -Original Message- From: Christopher Schultz Sent: Sunday, November 3, 2024 3:39 PM To: Tomcat Users List Subject: Re: pluggabilitySkip JarScanFilter and JMX calls CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you believe this is a phishing email, use the Report to Cybersecurity icon in Outlook. Amit, On 11/3/24 11:56 AM, Amit Pande wrote: > Hello, > > I have been experimenting with the JarScanFilter setting to boost the > application deployment time. > > > defaultTldScan="false" /> > > > When I add this: > JarScanFilter pluggabilitySkip="*.jar" > > The JMX calls stopped working. E.g. I am seeing: > > javax.management.InstanceNotFoundException: > Catalina_Web_Services:j2eeType=WebModule,name=//localhost/mywebapp,J2EEApplication=none,J2EEServer=none > at > java.management/com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getMBean(Unknown > Source) ~[?:?] > at > java.management/com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getAttribute(Unknown > Source) ~[?:?] > at > java.management/com.sun.jmx.mbeanserver.JmxMBeanServer.getAttribute(Unknown > Source) ~[?:?] > at com.myapp.findMBeanState(MyTest.java:124) ~[myapp.jar:?] > > Am I missing some additional configuration? > > Appreciate the help. The JarScanner does more than it looks like it does. I'm guessing that you have a component that uses something like annotation-based SomethingSomethingListener and that component is not being found and initialized when the application starts. That component probably registers your MBean with the local JMX server. Try being more restrictive with your pluggability-skipping. You might want to search all your JAR files for "*Listener.class" and let those JARs continue to be processed. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Regression in Apache Tomcat 9.0.96? Escape XML not working using taglib
вс, 3 нояб. 2024 г. в 03:46, Frankowski, Adam : > > Hi, > > > > We have noticed an issue that occurred when we attempted to upgrade to Apache > Tomcat 9.0.96. We found that the standard taglib did not properly > escape XML strings anymore. This can lead to cross-site scripting (XSS) > attacks if user input is not properly escaped. There have been numerous reports about regression with lifecycle of tags in Tomcat 9.0.96, all boiling down to https://bz.apache.org/bugzilla/show_bug.cgi?id=69399 Bug 69399 - Tag.release() called between reuses It is the first time I see a report about issues with . This has not been treated as a security issue yet. There is a workaround, see "Comment 1" in the bug report: As a workaround, one may set enablePooling to false as described in https://tomcat.apache.org/tomcat-9.0-doc/jasper-howto.html#Configuration. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: pluggabilitySkip JarScanFilter and JMX calls
Amit, On 11/3/24 11:56 AM, Amit Pande wrote: Hello, I have been experimenting with the JarScanFilter setting to boost the application deployment time. When I add this: JarScanFilter pluggabilitySkip="*.jar" The JMX calls stopped working. E.g. I am seeing: javax.management.InstanceNotFoundException: Catalina_Web_Services:j2eeType=WebModule,name=//localhost/mywebapp,J2EEApplication=none,J2EEServer=none at java.management/com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getMBean(Unknown Source) ~[?:?] at java.management/com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getAttribute(Unknown Source) ~[?:?] at java.management/com.sun.jmx.mbeanserver.JmxMBeanServer.getAttribute(Unknown Source) ~[?:?] at com.myapp.findMBeanState(MyTest.java:124) ~[myapp.jar:?] Am I missing some additional configuration? Appreciate the help. The JarScanner does more than it looks like it does. I'm guessing that you have a component that uses something like annotation-based SomethingSomethingListener and that component is not being found and initialized when the application starts. That component probably registers your MBean with the local JMX server. Try being more restrictive with your pluggability-skipping. You might want to search all your JAR files for "*Listener.class" and let those JARs continue to be processed. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
