RE: context.xml under META-INF was not working

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

RE: context.xml under META-INF was not working

S Abirami-2
Hi All,

I want to configure SameSite attribute to the specific web-application.
For that, I have updated the context.xml of specific web application located in <App_Folder>/META-INF/context.xml

<CookieProcessor sameSiteCookies="strict"/>


It is not working. Only the changes in global context.xml is working. Please guide to solve the issue.

Regards,
Abirami.S
Reply | Threaded
Open this post in threaded view
|

Re: context.xml under META-INF was not working

markt
On 11/06/2020 11:42, S Abirami wrote:
> Hi All,
>
> I want to configure SameSite attribute to the specific web-application.
> For that, I have updated the context.xml of specific web application located in <App_Folder>/META-INF/context.xml
>
> <CookieProcessor sameSiteCookies="strict"/>
>
>
> It is not working. Only the changes in global context.xml is working. Please guide to solve the issue.

What is the full contents of <App_Folder>/META-INF/context.xml

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: context.xml under META-INF was not working

S Abirami-2
Hi Mark,

The below is the content of the context.xml

<?xml version="1.0" encoding="UTF-8"?>
<Context>
<CookieProcessor sameSiteCookies="strict"/>
</Context>

Regards,
Abirami.S
-----Original Message-----
From: Mark Thomas <[hidden email]>
Sent: Thursday, June 11, 2020 5:12 PM
To: [hidden email]
Subject: Re: context.xml under META-INF was not working

On 11/06/2020 11:42, S Abirami wrote:
> Hi All,
>
> I want to configure SameSite attribute to the specific web-application.
> For that, I have updated the context.xml of specific web application located in <App_Folder>/META-INF/context.xml
>
> <CookieProcessor sameSiteCookies="strict"/>
>
>
> It is not working. Only the changes in global context.xml is working. Please guide to solve the issue.

What is the full contents of <App_Folder>/META-INF/context.xml

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: context.xml under META-INF was not working

markt
On 11/06/2020 12:46, S Abirami wrote:
> Hi Mark,
>
> The below is the content of the context.xml
>
> <?xml version="1.0" encoding="UTF-8"?>
> <Context>
> <CookieProcessor sameSiteCookies="strict"/>
> </Context>

That looks OK.

What Tomcat version are you using?

What do the logs say when the application is deployed? That will tell
you where it is being deployed from which might suggest why that file
isn't taking effect.

Mark


>
> Regards,
> Abirami.S
> -----Original Message-----
> From: Mark Thomas <[hidden email]>
> Sent: Thursday, June 11, 2020 5:12 PM
> To: [hidden email]
> Subject: Re: context.xml under META-INF was not working
>
> On 11/06/2020 11:42, S Abirami wrote:
>> Hi All,
>>
>> I want to configure SameSite attribute to the specific web-application.
>> For that, I have updated the context.xml of specific web application located in <App_Folder>/META-INF/context.xml
>>
>> <CookieProcessor sameSiteCookies="strict"/>
>>
>>
>> It is not working. Only the changes in global context.xml is working. Please guide to solve the issue.
>
> What is the full contents of <App_Folder>/META-INF/context.xml
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: context.xml under META-INF was not working

S Abirami-2
Hi Mark,

We are using Apache Tomcat 9.0.33.
I am not seeing any exception regarding it.

In our application the web-application will not be located under the CATALINA_HOME/webapps location.
We placed in other location and mentioned the path in context tag with attributes path and docBase in server.xml .Here ,we mentioned the deployOnStartUp as false.
Hence, I have created META-INF directory under the App_folder and created the context.xml and MANIFEST.MF files.

Regarding logs, I could see only the below messages

WARNING: Match [Server/Service/Engine/Host/Context] failed to set property [antiJARLocking] to [false]
WARNING: Match [Context/Manager] failed to set property [randomClass] to [java.security.SecureRandom]
SEVERE: Unknown default host [localhost] for service [StandardService[Catalina]]. Tomcat will not be able process HTTP/1.0 requests that do not specify a host name.


Regards,
Abirami.S

-----Original Message-----
From: Mark Thomas <[hidden email]>
Sent: Thursday, June 11, 2020 7:27 PM
To: [hidden email]
Subject: Re: context.xml under META-INF was not working

On 11/06/2020 12:46, S Abirami wrote:
> Hi Mark,
>
> The below is the content of the context.xml
>
> <?xml version="1.0" encoding="UTF-8"?> <Context> <CookieProcessor
> sameSiteCookies="strict"/> </Context>

That looks OK.

What Tomcat version are you using?

What do the logs say when the application is deployed? That will tell you where it is being deployed from which might suggest why that file isn't taking effect.

Mark


>
> Regards,
> Abirami.S
> -----Original Message-----
> From: Mark Thomas <[hidden email]>
> Sent: Thursday, June 11, 2020 5:12 PM
> To: [hidden email]
> Subject: Re: context.xml under META-INF was not working
>
> On 11/06/2020 11:42, S Abirami wrote:
>> Hi All,
>>
>> I want to configure SameSite attribute to the specific web-application.
>> For that, I have updated the context.xml of specific web application
>> located in <App_Folder>/META-INF/context.xml
>>
>> <CookieProcessor sameSiteCookies="strict"/>
>>
>>
>> It is not working. Only the changes in global context.xml is working. Please guide to solve the issue.
>
> What is the full contents of <App_Folder>/META-INF/context.xml
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: context.xml under META-INF was not working

markt
On June 11, 2020 2:32:51 PM UTC, S Abirami <[hidden email]> wrote:
>Hi Mark,
>
>We are using Apache Tomcat 9.0.33.
>I am not seeing any exception regarding it.

That isn't what I asked. I asked for the log messages .

Fortunately, you have provided the information I was looking for below.

>In our application the web-application will not be located under the
>CATALINA_HOME/webapps location.
>We placed in other location and mentioned the path in context tag with
>attributes path and docBase in server.xml .

It is strongly recommended you don't define Context elements in server.xml as they only way to change them us to restart Tomcat.

> Here ,we mentioned the
>deployOnStartUp as false.
>Hence, I have created META-INF directory under the App_folder and
>created the context.xml and MANIFEST.MF files.

That won't work. The Context element in server.xml will be used. Either edit the Context in server.xml or, better, move the Context definitions to $CATALINA_BASE/conf/<engine name>/<host name>/

Mark

>
>Regarding logs, I could see only the below messages
>
>WARNING: Match [Server/Service/Engine/Host/Context] failed to set
>property [antiJARLocking] to [false]
>WARNING: Match [Context/Manager] failed to set property [randomClass]
>to [java.security.SecureRandom]
>SEVERE: Unknown default host [localhost] for service
>[StandardService[Catalina]]. Tomcat will not be able process HTTP/1.0
>requests that do not specify a host name.
>
>
>Regards,
>Abirami.S
>
>-----Original Message-----
>From: Mark Thomas <[hidden email]>
>Sent: Thursday, June 11, 2020 7:27 PM
>To: [hidden email]
>Subject: Re: context.xml under META-INF was not working
>
>On 11/06/2020 12:46, S Abirami wrote:
>> Hi Mark,
>>
>> The below is the content of the context.xml
>>
>> <?xml version="1.0" encoding="UTF-8"?> <Context> <CookieProcessor
>> sameSiteCookies="strict"/> </Context>
>
>That looks OK.
>
>What Tomcat version are you using?
>
>What do the logs say when the application is deployed? That will tell
>you where it is being deployed from which might suggest why that file
>isn't taking effect.
>
>Mark
>
>
>>
>> Regards,
>> Abirami.S
>> -----Original Message-----
>> From: Mark Thomas <[hidden email]>
>> Sent: Thursday, June 11, 2020 5:12 PM
>> To: [hidden email]
>> Subject: Re: context.xml under META-INF was not working
>>
>> On 11/06/2020 11:42, S Abirami wrote:
>>> Hi All,
>>>
>>> I want to configure SameSite attribute to the specific
>web-application.
>>> For that, I have updated the context.xml of specific web application
>
>>> located in <App_Folder>/META-INF/context.xml
>>>
>>> <CookieProcessor sameSiteCookies="strict"/>
>>>
>>>
>>> It is not working. Only the changes in global context.xml is
>working. Please guide to solve the issue.
>>
>> What is the full contents of <App_Folder>/META-INF/context.xml
>>
>> Mark
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [hidden email]
>For additional commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: context.xml under META-INF was not working

S Abirami-2
Hi Mark,

We don't have concern regarding the restart of tomcat for the changes in context.xml. As our web application is mainly used to launch only the standalone application.
I have updated Cookieprocessor entry under the context tag in server.xml specific to the application context path and it is working fine.

But, I could see that tenable detects that all other web application also has the SameSite attribute even though I have mentioned only in the specific application context.
It is really surprising me . But,  contrast ZAP tool reports for other application it doesn't have SameSite attribute.


Regards,
Abirami.S

-----Original Message-----
From: Mark Thomas <[hidden email]>
Sent: Thursday, June 11, 2020 8:19 PM
To: Tomcat Users List <[hidden email]>
Subject: RE: context.xml under META-INF was not working

On June 11, 2020 2:32:51 PM UTC, S Abirami <[hidden email]> wrote:
>Hi Mark,
>
>We are using Apache Tomcat 9.0.33.
>I am not seeing any exception regarding it.

That isn't what I asked. I asked for the log messages .

Fortunately, you have provided the information I was looking for below.

>In our application the web-application will not be located under the
>CATALINA_HOME/webapps location.
>We placed in other location and mentioned the path in context tag with
>attributes path and docBase in server.xml .

It is strongly recommended you don't define Context elements in server.xml as they only way to change them us to restart Tomcat.

> Here ,we mentioned the
>deployOnStartUp as false.
>Hence, I have created META-INF directory under the App_folder and
>created the context.xml and MANIFEST.MF files.

That won't work. The Context element in server.xml will be used. Either edit the Context in server.xml or, better, move the Context definitions to $CATALINA_BASE/conf/<engine name>/<host name>/

Mark

>
>Regarding logs, I could see only the below messages
>
>WARNING: Match [Server/Service/Engine/Host/Context] failed to set
>property [antiJARLocking] to [false]
>WARNING: Match [Context/Manager] failed to set property [randomClass]
>to [java.security.SecureRandom]
>SEVERE: Unknown default host [localhost] for service
>[StandardService[Catalina]]. Tomcat will not be able process HTTP/1.0
>requests that do not specify a host name.
>
>
>Regards,
>Abirami.S
>
>-----Original Message-----
>From: Mark Thomas <[hidden email]>
>Sent: Thursday, June 11, 2020 7:27 PM
>To: [hidden email]
>Subject: Re: context.xml under META-INF was not working
>
>On 11/06/2020 12:46, S Abirami wrote:
>> Hi Mark,
>>
>> The below is the content of the context.xml
>>
>> <?xml version="1.0" encoding="UTF-8"?> <Context> <CookieProcessor
>> sameSiteCookies="strict"/> </Context>
>
>That looks OK.
>
>What Tomcat version are you using?
>
>What do the logs say when the application is deployed? That will tell
>you where it is being deployed from which might suggest why that file
>isn't taking effect.
>
>Mark
>
>
>>
>> Regards,
>> Abirami.S
>> -----Original Message-----
>> From: Mark Thomas <[hidden email]>
>> Sent: Thursday, June 11, 2020 5:12 PM
>> To: [hidden email]
>> Subject: Re: context.xml under META-INF was not working
>>
>> On 11/06/2020 11:42, S Abirami wrote:
>>> Hi All,
>>>
>>> I want to configure SameSite attribute to the specific
>web-application.
>>> For that, I have updated the context.xml of specific web application
>
>>> located in <App_Folder>/META-INF/context.xml
>>>
>>> <CookieProcessor sameSiteCookies="strict"/>
>>>
>>>
>>> It is not working. Only the changes in global context.xml is
>working. Please guide to solve the issue.
>>
>> What is the full contents of <App_Folder>/META-INF/context.xml
>>
>> Mark
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [hidden email]
>For additional commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: context.xml under META-INF was not working

markt
On 11/06/2020 16:09, S Abirami wrote:
> Hi Mark,
>
> We don't have concern regarding the restart of tomcat for the changes in context.xml. As our web application is mainly used to launch only the standalone application.
> I have updated Cookieprocessor entry under the context tag in server.xml specific to the application context path and it is working fine.

OK.

> But, I could see that tenable detects that all other web application also has the SameSite attribute even though I have mentioned only in the specific application context.
> It is really surprising me . But,  contrast ZAP tool reports for other application it doesn't have SameSite attribute.

Sounds like you need to report a bug to tenable.

Mark


>
>
> Regards,
> Abirami.S
>
> -----Original Message-----
> From: Mark Thomas <[hidden email]>
> Sent: Thursday, June 11, 2020 8:19 PM
> To: Tomcat Users List <[hidden email]>
> Subject: RE: context.xml under META-INF was not working
>
> On June 11, 2020 2:32:51 PM UTC, S Abirami <[hidden email]> wrote:
>> Hi Mark,
>>
>> We are using Apache Tomcat 9.0.33.
>> I am not seeing any exception regarding it.
>
> That isn't what I asked. I asked for the log messages .
>
> Fortunately, you have provided the information I was looking for below.
>
>> In our application the web-application will not be located under the
>> CATALINA_HOME/webapps location.
>> We placed in other location and mentioned the path in context tag with
>> attributes path and docBase in server.xml .
>
> It is strongly recommended you don't define Context elements in server.xml as they only way to change them us to restart Tomcat.
>
>> Here ,we mentioned the
>> deployOnStartUp as false.
>> Hence, I have created META-INF directory under the App_folder and
>> created the context.xml and MANIFEST.MF files.
>
> That won't work. The Context element in server.xml will be used. Either edit the Context in server.xml or, better, move the Context definitions to $CATALINA_BASE/conf/<engine name>/<host name>/
>
> Mark
>
>>
>> Regarding logs, I could see only the below messages
>>
>> WARNING: Match [Server/Service/Engine/Host/Context] failed to set
>> property [antiJARLocking] to [false]
>> WARNING: Match [Context/Manager] failed to set property [randomClass]
>> to [java.security.SecureRandom]
>> SEVERE: Unknown default host [localhost] for service
>> [StandardService[Catalina]]. Tomcat will not be able process HTTP/1.0
>> requests that do not specify a host name.
>>
>>
>> Regards,
>> Abirami.S
>>
>> -----Original Message-----
>> From: Mark Thomas <[hidden email]>
>> Sent: Thursday, June 11, 2020 7:27 PM
>> To: [hidden email]
>> Subject: Re: context.xml under META-INF was not working
>>
>> On 11/06/2020 12:46, S Abirami wrote:
>>> Hi Mark,
>>>
>>> The below is the content of the context.xml
>>>
>>> <?xml version="1.0" encoding="UTF-8"?> <Context> <CookieProcessor
>>> sameSiteCookies="strict"/> </Context>
>>
>> That looks OK.
>>
>> What Tomcat version are you using?
>>
>> What do the logs say when the application is deployed? That will tell
>> you where it is being deployed from which might suggest why that file
>> isn't taking effect.
>>
>> Mark
>>
>>
>>>
>>> Regards,
>>> Abirami.S
>>> -----Original Message-----
>>> From: Mark Thomas <[hidden email]>
>>> Sent: Thursday, June 11, 2020 5:12 PM
>>> To: [hidden email]
>>> Subject: Re: context.xml under META-INF was not working
>>>
>>> On 11/06/2020 11:42, S Abirami wrote:
>>>> Hi All,
>>>>
>>>> I want to configure SameSite attribute to the specific
>> web-application.
>>>> For that, I have updated the context.xml of specific web application
>>
>>>> located in <App_Folder>/META-INF/context.xml
>>>>
>>>> <CookieProcessor sameSiteCookies="strict"/>
>>>>
>>>>
>>>> It is not working. Only the changes in global context.xml is
>> working. Please guide to solve the issue.
>>>
>>> What is the full contents of <App_Folder>/META-INF/context.xml
>>>
>>> Mark
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [hidden email]
>>> For additional commands, e-mail: [hidden email]
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [hidden email]
>>> For additional commands, e-mail: [hidden email]
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]