AW: catalina.policy file not available Tomcat 11.0.0

2025-02-11 Thread Thomas Hoffmann (Speed4Trade GmbH) 
Hello Ivano,

it seems more like a decision from java side:
https://snyk.io/de/blog/securitymanager-removed-java/


> -Ursprüngliche Nachricht-
> Von: Ivano Luberti 
> Gesendet: Dienstag, 11. Februar 2025 13:33
> An: users@tomcat.apache.org
> Betreff: Re: catalina.policy file not available Tomcat 11.0.0
> 
> Hi Mark, any link to read the reason of this decision?
> 
> 
> Il 11-Feb-25 13:03, Mark Thomas ha scritto:
> > On 11/02/2025 10:53, S Abirami wrote:
> >> Hi All,
> >>
> >> Tomcat catalina.policy file is not available from Tomcat 11.0.0.
> >> Is there any specific reason for the removal?
> >
> > Support for running under a SecurityManager has been removed.
> >
> > Mark
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> --
> 
> Archimede Informatica tratta i dati personali in conformità a quanto
> stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno
> 2003 n. 196
> per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
> Informativa completa
>  nali.pdf>
> 
> Il contenuto di questo messaggio e dei suoi eventuali allegati è riservato.
> Nel caso in cui Lei non sia il destinatario, La preghiamo di contattare
> telefonicamente o via e-mail il mittente ai recapiti sopra indicati e di
> cancellare il messaggio e gli eventuali allegati dal Suo sistema senza farne
> copia o diffonderli. Le opinioni espresse sono quelle dell'autore e non
> rappresentano necessariamente quelle della Società.
> This message and any attachment are confidential.If you are not the
> intended recipient, please telephone or email the sender and delete this
> message and any attachment from your system. If you are not the intended
> recipient you must not copy this message or attachment or disclose the
> contents to any other person. Any opinions presented are solely those of
> the author and do not necessarily represent those of the Company.
> 
> dott. Ivano Mario Luberti
> 
> Archimede Informatica società cooperativa a r. l.
> Via Gereschi 36, 56127 Pisa
> 
> tel.: +39 050/580959
> 
> web: www.archicoop.it
> linkedin: www.linkedin.com/in/ivanoluberti
> facebook: www.facebook.com/archimedeinformaticapisa/

Re: Reg: Tomcat temp file deletion

2025-02-11 Thread Christopher Schultz 

Mark,

On 2/7/25 3:42 AM, Mark Thomas wrote:

On 06/02/2025 19:25, Jalaj Asher wrote:

Hello,
Is it ok to delete files from tomcat/temp folder  while the tomcat is 
running ?


Generally, no. There are instances where that will break things.

It may be possible to delete some files safely - although that begs the 
question why isn't Tomcat deleting them itself once they are no longer 
needed.


It required to restart the tomcats post deletion of the files in 
tomcat/temp folder  or should it be deleted only post stopping the 
tomcat service ?


The safe way is:
- stop Tomcat
- empty temp
- start Tomcat


If the application writes to the temp dir and then reads that file back, 
will Tomcat's Resources implementation(s) cache information about those 
files? If so... is there a facility through which an application can 
delete one of those files and also update the Resources' view of it 
(e.g. purge it from cache)?


-chris


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: catalina.policy file not available Tomcat 11.0.0

2025-02-11 Thread Rémy Maucherat 
On Tue, Feb 11, 2025 at 1:41 PM Thomas Hoffmann (Speed4Trade GmbH)
 wrote:
>
> Hello Ivano,
>
> it seems more like a decision from java side:
> https://snyk.io/de/blog/securitymanager-removed-java/

Indeed: https://openjdk.org/jeps/411

Tomcat is apparently one of the very few comprehensive security
manager users out there.

Rémy

>
> > -Ursprüngliche Nachricht-
> > Von: Ivano Luberti 
> > Gesendet: Dienstag, 11. Februar 2025 13:33
> > An: users@tomcat.apache.org
> > Betreff: Re: catalina.policy file not available Tomcat 11.0.0
> >
> > Hi Mark, any link to read the reason of this decision?
> >
> >
> > Il 11-Feb-25 13:03, Mark Thomas ha scritto:
> > > On 11/02/2025 10:53, S Abirami wrote:
> > >> Hi All,
> > >>
> > >> Tomcat catalina.policy file is not available from Tomcat 11.0.0.
> > >> Is there any specific reason for the removal?
> > >
> > > Support for running under a SecurityManager has been removed.
> > >
> > > Mark
> > >
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > >
> > --
> >
> > Archimede Informatica tratta i dati personali in conformità a quanto
> > stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno
> > 2003 n. 196
> > per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
> > Informativa completa
> >  > nali.pdf>
> >
> > Il contenuto di questo messaggio e dei suoi eventuali allegati è riservato.
> > Nel caso in cui Lei non sia il destinatario, La preghiamo di contattare
> > telefonicamente o via e-mail il mittente ai recapiti sopra indicati e di
> > cancellare il messaggio e gli eventuali allegati dal Suo sistema senza farne
> > copia o diffonderli. Le opinioni espresse sono quelle dell'autore e non
> > rappresentano necessariamente quelle della Società.
> > This message and any attachment are confidential.If you are not the
> > intended recipient, please telephone or email the sender and delete this
> > message and any attachment from your system. If you are not the intended
> > recipient you must not copy this message or attachment or disclose the
> > contents to any other person. Any opinions presented are solely those of
> > the author and do not necessarily represent those of the Company.
> >
> > dott. Ivano Mario Luberti
> >
> > Archimede Informatica società cooperativa a r. l.
> > Via Gereschi 36, 56127 Pisa
> >
> > tel.: +39 050/580959
> >
> > web: www.archicoop.it
> > linkedin: www.linkedin.com/in/ivanoluberti
> > facebook: www.facebook.com/archimedeinformaticapisa/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Custom error page for invalid mutual authentication (TLS)

2025-02-11 Thread Christopher Schultz 

Sebastian,

On 2/7/25 4:37 PM, Sebastian Trost wrote:
if updating your application is out of the question, I'm guessing that 
there is no way to achieve this.


If updating your application is an option, you can set the clientAuth 
attribute of your connector to 'want' instead of 'true' and then try to 
detect within your app, if the client provided a valid certificate and 
redirect them to an error page if that is not the case.


Source: https://stackoverflow.com/a/46488689/1180010


+1

If the TLS handshake fails (because the certs are unacceptable to one 
party or the other), then there is no HTTP connection available to send 
a custom error page. It's entirely up to the application on the client 
end to describe the failure to the user.


If, instead, you relax the handshake requirements (clientAuth=want) then 
you have the opportunity to complete the handshake but then refuse the 
user via HTTP. It's a lot more work, but it's definitely possible.


-chris


On 06.02.2025 18:59, Peter Rader wrote:

Hi,


I have a website that use mutual authentication for over 100 persons very
successfull since years.

Sometimes a client-certificate in the truststore of the server must be
deactivated, maybe the person died or his/her device got pinched.

As soon as the user access the website using a browser who has the client
certificate installed in the certificate-store of the browser, the 
website is
unavailable. Fair enougth! A generic website is displayed in the 
browser. For
firefox the message "SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT" appears. 
Thats fair

and good.

However, is there a way to have a custom website instead of the browser's
built-in error-page?


Kind regards

Peter Rader
--
Fachinformatiker AE / IT Software Developer
Peter Rader
Wilsnacker Strasse 17
10559 Berlin - GERMANY
Tel: 0049 (0)30 / 6 29 33 29 6
Fax: 0049 (0)30 / 6 29 33 29 6
Handy: 0049 (0)176 / 87 521 576
Handy: 0049 (0)176 / 47 876 303

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat `11.0.3` embedded fails to start with `InaccessibleObjectException`

2025-02-11 Thread Jack Green 
When you try to start `11.0.3` via:
```
new Tomcat();
```

An error is thrown:
```
Exception in thread "main" java.lang.ExceptionInInitializerError
at TomcatReproducer.main(TomcatReproducer.java:6)
Caused by: java.lang.reflect.InaccessibleObjectException: Unable to make field 
static final boolean java.io.FileSystem.useCanonCaches accessible: module 
java.base does not "opens java.io " to unnamed module @5a4041cc
at 
java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:354)
at 
java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:297)
at 
java.base/java.lang.reflect.Field.checkCanSetAccessible(Field.java:178)
at java.base/java.lang.reflect.Field.setAccessible(Field.java:172)
at org.apache.tomcat.util.compat.JreCompat.(JreCompat.java:87)
... 1 more
```

And Tomcat fails to start.

This does _not_ affect `11.0.2` and appears to be introduced in 
https://github.com/apache/tomcat/commit/bda730151a77a959e851104fe35e8c40ae6045d5.

`org.apache.tomcat.util.compat.JreCompat` tries to make 
`java.io.FileSystem.useCanonCaches` accessible via reflection, which fails due 
to module accessibility. There is a `catch` for `ReflectiveOperationException` 
& `IllegalArgumentException`, but `InaccessibleObjectException` is neither of 
those.

You can _probably_ workaround the issue by adding an `--add-opens` VM argument 
but this isn’t ideal, especially for a patch release.

Re: Tomcat 11 and JDK 17 Upgraded from Tomcat 9 & JDK 8

2025-02-11 Thread Christopher Schultz 

Abirami,

On 2/10/25 6:14 AM, S Abirami wrote:

We are deploying webservices SOAP using embedded tomcat. It worked fine with JDK 8 
& tomcat 10.
After upgrading to JDK 17 with tomcat 11, webservices generate source failed 
first then I utilized Metrowebservices and Jax-ws related jars to solve the 
issue.
I heard there are lot of jars removed in jdk 17 related to webservices SOAP.
Now the tomcat server is up and running. But the webservice URL launch provides 
404 error.

There is no error (or) exception in log. Hence enabled debug message found some 
classnotfoundexception as below.


The log you are seeing is just showing that Tomcat has failed to detect 
the presence of Java 19 or later. Tomcat does things slightly 
differently depending upon which version of Java it's running on, and so 
it's performing version-detection during startup.


Tomcat detects Java 19 by looking for a newly-introduced class in Java 
19: java.lang.WrongThreadException[1]. If that class isn't found, then 
the Java version is older than 19. As a debugging aid, Tomcat is logging 
that fact to the logger, but it doesn't represent an error in Tomcat. 
Tomcat 11 runs fine on Java versions down to 17.


If you are trying to look for root-causes of your SOAP and other RPC 
operations failing, this is not the source of them.


-chris

[1] 
https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/lang/WrongThreadException.html



-Original Message-
From: Rémy Maucherat 
Sent: Monday, February 10, 2025 4:20 PM
To: Tomcat Users List 
Subject: Re: Tomcat 11 and JDK 17 Upgraded from Tomcat 9 & JDK 8

On Mon, Feb 10, 2025 at 11:41 AM S Abirami  
wrote:


Hi Remm,

Our application uses both standalone and Embedded Tomcat. Hence pointing all 
the Standalone jars as the class path for Embedded tomcat also.
In which jar it will be available in standalone.

Regards,
Abirami.S

-Original Message-
From: Rémy Maucherat 
Sent: Monday, February 10, 2025 3:38 PM
To: Tomcat Users List 
Subject: Re: Tomcat 11 and JDK 17 Upgraded from Tomcat 9 & JDK 8

On Mon, Feb 10, 2025 at 10:46 AM S Abirami  
wrote:


Hi ,

I am using a embedded tomcat while the below mentioned exception is
thrown when starting the Embedded tomcat server when upgrading To
Tomcat 11 and JDK 17 Upgraded from Tomcat 9 & JDK 8


This is debug logging, so no problem. However there's still another
problem: no strings available (the LocalStrings.properties files), so no error 
message is visible. For example tomcat-embed-core.jar has them.


The base strings (LocalStrings.properties) are bundled into the JAR itself. For 
example for this compat class, the tomcat-util.jar has it.
So what is going on here ?

Rémy


Rémy



Time: 2025-02-10 10:27:41.415, Level: FINE, Logger:
org.apache.tomcat.util.compat.Jre19Compat
org.apache.tomcat.util.compat.Jre19Compat 
- null
java.lang.ClassNotFoundException: java.lang.WrongThreadException
 at 
java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
 at 
java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
 at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:525)
 at java.base/java.lang.Class.forName0(Native Method)
 at java.base/java.lang.Class.forName(Class.java:375)
 at 
org.apache.tomcat.util.compat.Jre19Compat.(Jre19Compat.java:37)
 at org.apache.tomcat.util.compat.JreCompat.(JreCompat.java:55)
 at org.apache.catalina.startup.Tomcat.(Tomcat.java:1192)
 at cmg.protocols.http.EmbeddedTomcat.(EmbeddedTomcat.java:131)
 at 
cmg.protocols.http.EmbeddedTomcat.getInstance(EmbeddedTomcat.java:599)
 at cmg.protocols.http.TomcatController.(TomcatController.java:57)
 at 
cmg.protocols.http.TomcatController.getInstance(TomcatController.java:70)
 at 
cmg.stdapp.webservices.frontend.WebServicesFE.localInitialize(WebServicesFE.java:235)
 at cmg.services.ActivityImpl.initialize(ActivityImpl.java:158)
 at 
cmg.services.ConfigurableNodeImplLauncher$InitializerLauncherThread.run(ConfigurableNodeImplLauncher.java:408)
 at 
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
 at 
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
 at java.base/java.lang.Thread.run(Thread.java:840)
--
Time: 2025-02-10 10:27:41.415, Level: FINE, Logger:
org.apache.tomcat.util.compat.Jre21Compat
org.apache.tomcat.util.compat.Jre21Compat 
- null
java.lang.ClassNotFoundException: java.lang.Thread$Builder
 at 
java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
 at 
java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
 at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:525)
 at java.base/java.lang.Class.forName0(Native

Re: Tomcat `11.0.3` embedded fails to start with `InaccessibleObjectException`

2025-02-11 Thread Daniel Skiles 
I'm seeing the same thing in tomcat 10.1.35 with openjdk version "17.0.13"
2024-10-15

On Tue, Feb 11, 2025 at 8:00 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Jack,
>
> On 2/11/25 5:56 AM, Jack Green wrote:
> > When you try to start `11.0.3` via:
> > ```
> > new Tomcat();
> > ```
> >
> > An error is thrown:
> > ```
> > Exception in thread "main" java.lang.ExceptionInInitializerError
> >   at TomcatReproducer.main(TomcatReproducer.java:6)
> > Caused by: java.lang.reflect.InaccessibleObjectException: Unable to make
> field static final boolean java.io.FileSystem.useCanonCaches accessible:
> module java.base does not "opens java.io " to unnamed
> module @5a4041cc
> >   at
> java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:354)
> >   at
> java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:297)
> >   at
> java.base/java.lang.reflect.Field.checkCanSetAccessible(Field.java:178)
> >   at java.base/java.lang.reflect.Field.setAccessible(Field.java:172)
> >   at
> org.apache.tomcat.util.compat.JreCompat.(JreCompat.java:87)
> >   ... 1 more
> > ```
> >
> > And Tomcat fails to start.
> >
> > This does _not_ affect `11.0.2` and appears to be introduced in
> https://github.com/apache/tomcat/commit/bda730151a77a959e851104fe35e8c40ae6045d5
> .
> >
> > `org.apache.tomcat.util.compat.JreCompat` tries to make
> `java.io.FileSystem.useCanonCaches` accessible via reflection, which fails
> due to module accessibility. There is a `catch` for
> `ReflectiveOperationException` & `IllegalArgumentException`, but
> `InaccessibleObjectException` is neither of those.
> >
> > You can _probably_ workaround the issue by adding an `--add-opens` VM
> argument but this isn’t ideal, especially for a patch release.
>
> Which version of Java is this?
>
> -chris
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: catalina.policy file not available Tomcat 11.0.0

2025-02-11 Thread Ivano Luberti 

Hi Mark, any link to read the reason of this decision?


Il 11-Feb-25 13:03, Mark Thomas ha scritto:

On 11/02/2025 10:53, S Abirami wrote:

Hi All,

Tomcat catalina.policy file is not available from Tomcat 11.0.0.
Is there any specific reason for the removal?


Support for running under a SecurityManager has been removed.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


--

Archimede Informatica tratta i dati personali in conformità a quanto
stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno 
2003 n. 196

per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
Informativa completa 



Il contenuto di questo messaggio e dei suoi eventuali allegati è 
riservato. Nel caso in cui Lei non sia il destinatario, La preghiamo di 
contattare telefonicamente o via e-mail il mittente ai recapiti sopra 
indicati e di cancellare il messaggio e gli eventuali allegati dal Suo 
sistema senza farne copia o diffonderli. Le opinioni espresse sono 
quelle dell'autore e non rappresentano necessariamente quelle della Società.
This message and any attachment are confidential.If you are not the 
intended recipient, please telephone or email the sender and delete this 
message and any attachment from your system. If you are not the intended 
recipient you must not copy this message or attachment or disclose the 
contents to any other person. Any opinions presented are solely those of 
the author and do not necessarily represent those of the Company.


dott. Ivano Mario Luberti

Archimede Informatica società cooperativa a r. l.
Via Gereschi 36, 56127 Pisa

tel.: +39 050/580959

web: www.archicoop.it
linkedin: www.linkedin.com/in/ivanoluberti
facebook: www.facebook.com/archimedeinformaticapisa/

Re: REG: Version stability of Tomcat 9.0.96

2025-02-11 Thread Christopher Schultz 

Jason,

On 2/7/25 6:53 AM, Jason Wee wrote:

Why not use releaseTag with 2 arguments? That 3 arguments method is
deprecated in tomcat9.0.98 anyway...sooner it will be removed...


This isn't really an application issue. The application isn't calling 
releaseTag() itself; the JSP compiler generated that code from the 
application's JSP source.


It's an issue with Tomcat changing the way a specific method-call is 
generated by the JSP compiler, and the operators not re-pre-compiling 
their JSPs for the new version of Tomcat. The solution is to 
force-recompile the JSP.


No error would be occurring if we (Tomcat) had been more careful about 
making this change.


-chris


On Fri, Feb 7, 2025 at 5:55 PM Konstantin Kolinko
 wrote:


чт, 6 февр. 2025 г. в 16:42, Divyabharathi Sundaram
:


Stacktraces
org.apache.jasper.JasperException: javax.servlet.ServletException: 
java.lang.NoSuchMethodError: 
org.apache.jasper.runtime.JspRuntimeLibrary.releaseTag(Ljavax/servlet/jsp/tagext/Tag;Lorg/apache/tomcat/InstanceManager;Z)V
 
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:623)


If your team has observed the above NoSuchMethodError, it is a symptom
that their update procedure is flawed: they forget to recompile their
JSPsfor the new version of Tomcat.

In essence that means that any changes that affect java code
generation for JSPs in the Jasper component (the JSP engine) of Tomcat
are not picked up by your upgrade procedure. Those include a bug that
introduced CVE-2024-52318 as well as a fix for it.

See:
https://tomcat.apache.org/security-9.html

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Reg: Tomcat temp file deletion

2025-02-11 Thread Mark Thomas 

On 11/02/2025 12:42, Christopher Schultz wrote:

Mark,

On 2/7/25 3:42 AM, Mark Thomas wrote:

On 06/02/2025 19:25, Jalaj Asher wrote:

Hello,
Is it ok to delete files from tomcat/temp folder  while the tomcat is 
running ?


Generally, no. There are instances where that will break things.

It may be possible to delete some files safely - although that begs 
the question why isn't Tomcat deleting them itself once they are no 
longer needed.


It required to restart the tomcats post deletion of the files in 
tomcat/temp folder  or should it be deleted only post stopping the 
tomcat service ?


The safe way is:
- stop Tomcat
- empty temp
- start Tomcat


If the application writes to the temp dir and then reads that file back, 
will Tomcat's Resources implementation(s) cache information about those 
files?


No.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat `11.0.3` embedded fails to start with `InaccessibleObjectException`

2025-02-11 Thread Christopher Schultz 

Jack,

On 2/11/25 5:56 AM, Jack Green wrote:

When you try to start `11.0.3` via:
```
new Tomcat();
```

An error is thrown:
```
Exception in thread "main" java.lang.ExceptionInInitializerError
at TomcatReproducer.main(TomcatReproducer.java:6)
Caused by: java.lang.reflect.InaccessibleObjectException: Unable to make field static final 
boolean java.io.FileSystem.useCanonCaches accessible: module java.base does not "opens 
java.io " to unnamed module @5a4041cc
at 
java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:354)
at 
java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:297)
at 
java.base/java.lang.reflect.Field.checkCanSetAccessible(Field.java:178)
at java.base/java.lang.reflect.Field.setAccessible(Field.java:172)
at org.apache.tomcat.util.compat.JreCompat.(JreCompat.java:87)
... 1 more
```

And Tomcat fails to start.

This does _not_ affect `11.0.2` and appears to be introduced in 
https://github.com/apache/tomcat/commit/bda730151a77a959e851104fe35e8c40ae6045d5.

`org.apache.tomcat.util.compat.JreCompat` tries to make 
`java.io.FileSystem.useCanonCaches` accessible via reflection, which fails due to 
module accessibility. There is a `catch` for `ReflectiveOperationException` & 
`IllegalArgumentException`, but `InaccessibleObjectException` is neither of those.

You can _probably_ workaround the issue by adding an `--add-opens` VM argument 
but this isn’t ideal, especially for a patch release.


Which version of Java is this?

-chris


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: REG: Version stability of Tomcat 9.0.96

2025-02-11 Thread Jason Wee 
opsie.. I suppose they can find a workaround for their solution

On Tue, Feb 11, 2025 at 8:55 PM Christopher Schultz
 wrote:
>
> Jason,
>
> On 2/7/25 6:53 AM, Jason Wee wrote:
> > Why not use releaseTag with 2 arguments? That 3 arguments method is
> > deprecated in tomcat9.0.98 anyway...sooner it will be removed...
>
> This isn't really an application issue. The application isn't calling
> releaseTag() itself; the JSP compiler generated that code from the
> application's JSP source.
>
> It's an issue with Tomcat changing the way a specific method-call is
> generated by the JSP compiler, and the operators not re-pre-compiling
> their JSPs for the new version of Tomcat. The solution is to
> force-recompile the JSP.
>
> No error would be occurring if we (Tomcat) had been more careful about
> making this change.
>
> -chris
>
> > On Fri, Feb 7, 2025 at 5:55 PM Konstantin Kolinko
> >  wrote:
> >>
> >> чт, 6 февр. 2025 г. в 16:42, Divyabharathi Sundaram
> >> :
> >>>
> >>> Stacktraces
> >>> org.apache.jasper.JasperException: javax.servlet.ServletException: 
> >>> java.lang.NoSuchMethodError: 
> >>> org.apache.jasper.runtime.JspRuntimeLibrary.releaseTag(Ljavax/servlet/jsp/tagext/Tag;Lorg/apache/tomcat/InstanceManager;Z)V
> >>>  
> >>> org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:623)
> >>
> >> If your team has observed the above NoSuchMethodError, it is a symptom
> >> that their update procedure is flawed: they forget to recompile their
> >> JSPsfor the new version of Tomcat.
> >>
> >> In essence that means that any changes that affect java code
> >> generation for JSPs in the Jasper component (the JSP engine) of Tomcat
> >> are not picked up by your upgrade procedure. Those include a bug that
> >> introduced CVE-2024-52318 as well as a fix for it.
> >>
> >> See:
> >> https://tomcat.apache.org/security-9.html
> >>
> >> Best regards,
> >> Konstantin Kolinko
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

catalina.policy file not available Tomcat 11.0.0

2025-02-11 Thread S Abirami 
Hi All,

Tomcat catalina.policy file is not available from Tomcat 11.0.0.
Is there any specific reason for the removal?

Regards,
Abirami.S

Re: Tomcat `11.0.3` embedded fails to start with `InaccessibleObjectException`

2025-02-11 Thread Daniel Skiles 
I was able to work around it on 17.0.13 by adding --add-opens=java.base/
java.io=ALL-UNNAMED to my startup script.

On Tue, Feb 11, 2025 at 11:23 AM Daniel Skiles 
wrote:

> I'm seeing the same thing in tomcat 10.1.35 with openjdk version "17.0.13"
> 2024-10-15
>
> On Tue, Feb 11, 2025 at 8:00 AM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> Jack,
>>
>> On 2/11/25 5:56 AM, Jack Green wrote:
>> > When you try to start `11.0.3` via:
>> > ```
>> > new Tomcat();
>> > ```
>> >
>> > An error is thrown:
>> > ```
>> > Exception in thread "main" java.lang.ExceptionInInitializerError
>> >   at TomcatReproducer.main(TomcatReproducer.java:6)
>> > Caused by: java.lang.reflect.InaccessibleObjectException: Unable to
>> make field static final boolean java.io.FileSystem.useCanonCaches
>> accessible: module java.base does not "opens java.io "
>> to unnamed module @5a4041cc
>> >   at
>> java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:354)
>> >   at
>> java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:297)
>> >   at
>> java.base/java.lang.reflect.Field.checkCanSetAccessible(Field.java:178)
>> >   at java.base/java.lang.reflect.Field.setAccessible(Field.java:172)
>> >   at
>> org.apache.tomcat.util.compat.JreCompat.(JreCompat.java:87)
>> >   ... 1 more
>> > ```
>> >
>> > And Tomcat fails to start.
>> >
>> > This does _not_ affect `11.0.2` and appears to be introduced in
>> https://github.com/apache/tomcat/commit/bda730151a77a959e851104fe35e8c40ae6045d5
>> .
>> >
>> > `org.apache.tomcat.util.compat.JreCompat` tries to make
>> `java.io.FileSystem.useCanonCaches` accessible via reflection, which fails
>> due to module accessibility. There is a `catch` for
>> `ReflectiveOperationException` & `IllegalArgumentException`, but
>> `InaccessibleObjectException` is neither of those.
>> >
>> > You can _probably_ workaround the issue by adding an `--add-opens` VM
>> argument but this isn’t ideal, especially for a patch release.
>>
>> Which version of Java is this?
>>
>> -chris
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>

Re: Tomcat `11.0.3` embedded fails to start with `InaccessibleObjectException`

2025-02-11 Thread David P. Caldwell 
Also experiencing this with Java 17. but not Java 8, 11, or 21.

Example run: 
https://github.com/davidpcaldwell/slime/actions/runs/13268650799/job/37043056764

- David.

On Tue, Feb 11, 2025 at 11:23 AM Daniel Skiles
 wrote:
>
> I'm seeing the same thing in tomcat 10.1.35 with openjdk version "17.0.13"
> 2024-10-15
>
> On Tue, Feb 11, 2025 at 8:00 AM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
> > Jack,
> >
> > On 2/11/25 5:56 AM, Jack Green wrote:
> > > When you try to start `11.0.3` via:
> > > ```
> > > new Tomcat();
> > > ```
> > >
> > > An error is thrown:
> > > ```
> > > Exception in thread "main" java.lang.ExceptionInInitializerError
> > >   at TomcatReproducer.main(TomcatReproducer.java:6)
> > > Caused by: java.lang.reflect.InaccessibleObjectException: Unable to make
> > field static final boolean java.io.FileSystem.useCanonCaches accessible:
> > module java.base does not "opens java.io " to unnamed
> > module @5a4041cc
> > >   at
> > java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:354)
> > >   at
> > java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:297)
> > >   at
> > java.base/java.lang.reflect.Field.checkCanSetAccessible(Field.java:178)
> > >   at java.base/java.lang.reflect.Field.setAccessible(Field.java:172)
> > >   at
> > org.apache.tomcat.util.compat.JreCompat.(JreCompat.java:87)
> > >   ... 1 more
> > > ```
> > >
> > > And Tomcat fails to start.
> > >
> > > This does _not_ affect `11.0.2` and appears to be introduced in
> > https://github.com/apache/tomcat/commit/bda730151a77a959e851104fe35e8c40ae6045d5
> > .
> > >
> > > `org.apache.tomcat.util.compat.JreCompat` tries to make
> > `java.io.FileSystem.useCanonCaches` accessible via reflection, which fails
> > due to module accessibility. There is a `catch` for
> > `ReflectiveOperationException` & `IllegalArgumentException`, but
> > `InaccessibleObjectException` is neither of those.
> > >
> > > You can _probably_ workaround the issue by adding an `--add-opens` VM
> > argument but this isn’t ideal, especially for a patch release.
> >
> > Which version of Java is this?
> >
> > -chris
> >
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: catalina.policy file not available Tomcat 11.0.0

2025-02-11 Thread Mark Thomas 

On 11/02/2025 10:53, S Abirami wrote:

Hi All,

Tomcat catalina.policy file is not available from Tomcat 11.0.0.
Is there any specific reason for the removal?


Support for running under a SecurityManager has been removed.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

HTTP/2 support in Tomcat

2025-02-11 Thread Amit Pande 
Hello,

Am planning to update the Tomcat configuration to support HTTP/2.

Wanted to understand the difference between

  nested 
within the HTTP/1.1 connector

Vs

Supporting protocol=org.apache.coyote.http2.Http2Protocol in the connector 
configuration.

As I understand using the upgrade protocol mechanism allows to fallback on HTTP 
1.1 in case the client and server don't agree on HTTP2. Is this right 
understanding?

Were there any other design considerations to support HTTP/2 via upgrade 
protocol mechanisms? My apologies but I didn't find details around this.

Thanks,
Amit

Re: HTTP/2 support in Tomcat

2025-02-11 Thread Chuck Caldarale 


> On 2025 Feb 11, at 19:21, Amit Pande  wrote:
> 
> Am planning to update the Tomcat configuration to support HTTP/2.
> 
> Wanted to understand the difference between
> 
>   nested 
> within the HTTP/1.1 connector
> 
> Vs
> 
> Supporting protocol=org.apache.coyote.http2.Http2Protocol in the connector 
> configuration.


I don’t see anywhere in the documentation for supported Tomcat levels where the 
“protocol=…Http2Protocol” setting is allowed. Where did you come up with that?


> As I understand using the upgrade protocol mechanism allows to fallback on 
> HTTP 1.1 in case the client and server don't agree on HTTP2. Is this right 
> understanding?


Yes - hence the  element within the  element rather 
than an additional protocol attribute.


> Were there any other design considerations to support HTTP/2 via upgrade 
> protocol mechanisms? My apologies but I didn't find details around this.


That question is a bit vague…

  - Chuck


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat `11.0.3` embedded fails to start with `InaccessibleObjectException`

2025-02-11 Thread David P. Caldwell 
Note that I am experiencing this with Tomcat 9.0.99. So it seems the
recent point releases are all affected.

On Tue, Feb 11, 2025 at 12:56 PM David P. Caldwell
 wrote:
>
> Also experiencing this with Java 17. but not Java 8, 11, or 21.
>
> Example run: 
> https://github.com/davidpcaldwell/slime/actions/runs/13268650799/job/37043056764
>
> - David.
>
> On Tue, Feb 11, 2025 at 11:23 AM Daniel Skiles
>  wrote:
> >
> > I'm seeing the same thing in tomcat 10.1.35 with openjdk version "17.0.13"
> > 2024-10-15
> >
> > On Tue, Feb 11, 2025 at 8:00 AM Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> > > Jack,
> > >
> > > On 2/11/25 5:56 AM, Jack Green wrote:
> > > > When you try to start `11.0.3` via:
> > > > ```
> > > > new Tomcat();
> > > > ```
> > > >
> > > > An error is thrown:
> > > > ```
> > > > Exception in thread "main" java.lang.ExceptionInInitializerError
> > > >   at TomcatReproducer.main(TomcatReproducer.java:6)
> > > > Caused by: java.lang.reflect.InaccessibleObjectException: Unable to make
> > > field static final boolean java.io.FileSystem.useCanonCaches accessible:
> > > module java.base does not "opens java.io " to unnamed
> > > module @5a4041cc
> > > >   at
> > > java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:354)
> > > >   at
> > > java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:297)
> > > >   at
> > > java.base/java.lang.reflect.Field.checkCanSetAccessible(Field.java:178)
> > > >   at java.base/java.lang.reflect.Field.setAccessible(Field.java:172)
> > > >   at
> > > org.apache.tomcat.util.compat.JreCompat.(JreCompat.java:87)
> > > >   ... 1 more
> > > > ```
> > > >
> > > > And Tomcat fails to start.
> > > >
> > > > This does _not_ affect `11.0.2` and appears to be introduced in
> > > https://github.com/apache/tomcat/commit/bda730151a77a959e851104fe35e8c40ae6045d5
> > > .
> > > >
> > > > `org.apache.tomcat.util.compat.JreCompat` tries to make
> > > `java.io.FileSystem.useCanonCaches` accessible via reflection, which fails
> > > due to module accessibility. There is a `catch` for
> > > `ReflectiveOperationException` & `IllegalArgumentException`, but
> > > `InaccessibleObjectException` is neither of those.
> > > >
> > > > You can _probably_ workaround the issue by adding an `--add-opens` VM
> > > argument but this isn’t ideal, especially for a patch release.
> > >
> > > Which version of Java is this?
> > >
> > > -chris
> > >
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > >
> > >

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org