embedded, not local

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|

embedded, not local

Rob Sargent
Yep, me again.

Inching along here, unable as yet to re-create ssl traffic when not on
localhost. Moving from my basement (localhost) where ssl worked using

    SGSSRVR_keystoreFile     = /home/rob/Downloads/tomcat/localhost-rsa.jks
    SGSSRVR_truststoreFile      =
    /home/rob/Downloads/tomcat/localhost-rsa-cert.pem
    SGSSRVR_storeType     = JKS

to my office with three separate machines where I can better impersonate
AWS.
Following Chris's adivce (since I've been given the green light to
self-sign)

    | Most people just want to mint a key+cert and have Tomcat use that
    for TLS. You can do that very simply:
    | $ keytool -genkey -keyalg RSA -sigalg SHA256withRSA -keysize 4096
    -alias ${HOSTNAME} -keystore ${HOSTNAME}.p12 -storetype PKCS12 -ext
    san=dns:${HOSTNAME}
    | Fill-out all the stuff. This gives you a new RSA key and a
    self-signed certificate. If self-signed is okay with you, you are done.

I put in my fully qualified hostname("k1"), and added the full path of
the .p12 file to my configuration props

    SGSSRVR_keystoreFile           = /home/u0138544/aws/deploy/server/k1.p12
    SGSSRVR_keystoreAlias         = k1
    SGSSRVR_keystorePwd          = as-assigned
    SGSSRVR_truststoreFile         = /home/u0138544/aws/deploy/server/k1.p12
    SGSSRVR_truststoreAlias       = k1
    SGSSRVR_truststorePwd        = as-assigned
    ##(with and without)
    SGSSRVR_storeType        = PCKS12 (JKStoo)

and pick those up as follows (including trying only key and only trust
portions)

         done = done && connector.setProperty("sslProtocol", "TLS");
         done = done && connector.setProperty("keyAlias",
    System.getProperty("SGSSRVR_keystoreAlias"));
         done = done && connector.setProperty("keystorePass",
    System.getProperty("SGSSRVR_keystorePwd"));
         done = done && connector.setProperty("keystoreFile",
    keyFile.getAbsolutePath());
         done = done && connector.setProperty("keystoreType",
    System.getProperty("SGSSRVR_storeType"));

         done = done && connector.setProperty("truststoreType",
    System.getProperty("SGSSRVR_storeType"));
         done = done && connector.setProperty("truststoreFile",
    trustFile.getAbsolutePath());
         done = done && connector.setProperty("truststorePassword",
    System.getProperty("SGSSRVR_truststorePwd"));   //always false
         done = done && connector.setProperty("truststoreAlias",
    System.getProperty("SGSSRVR_truststoreAlias"));  //always false

         done = done && connector.setProperty("SSLEnabled", "true");
         done = done && connector.setProperty("clientAuth", "false");
         done = done && connector.setProperty("maxThreads", "200");
         done = done && connector.setProperty("SSLEnabled", "true");

         if (! done) {
           System.out.println("Some problem(s) in connector setup");
         }

If anyone can tell me where I've gone wrong (again) I'm all ears.






Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Luis Rodríguez Fernández
Hello Rob,

Do you have a stacktrace or error message that you can share?

Cheers,

Luis




El lun, 15 feb 2021 a las 1:26, Rob Sargent (<[hidden email]>)
escribió:

> Yep, me again.
>
> Inching along here, unable as yet to re-create ssl traffic when not on
> localhost. Moving from my basement (localhost) where ssl worked using
>
>     SGSSRVR_keystoreFile     = /home/rob/Downloads/tomcat/localhost-rsa.jks
>     SGSSRVR_truststoreFile      =
>     /home/rob/Downloads/tomcat/localhost-rsa-cert.pem
>     SGSSRVR_storeType     = JKS
>
> to my office with three separate machines where I can better impersonate
> AWS.
> Following Chris's adivce (since I've been given the green light to
> self-sign)
>
>     | Most people just want to mint a key+cert and have Tomcat use that
>     for TLS. You can do that very simply:
>     | $ keytool -genkey -keyalg RSA -sigalg SHA256withRSA -keysize 4096
>     -alias ${HOSTNAME} -keystore ${HOSTNAME}.p12 -storetype PKCS12 -ext
>     san=dns:${HOSTNAME}
>     | Fill-out all the stuff. This gives you a new RSA key and a
>     self-signed certificate. If self-signed is okay with you, you are done.
>
> I put in my fully qualified hostname("k1"), and added the full path of
> the .p12 file to my configuration props
>
>     SGSSRVR_keystoreFile           =
> /home/u0138544/aws/deploy/server/k1.p12
>     SGSSRVR_keystoreAlias         = k1
>     SGSSRVR_keystorePwd          = as-assigned
>     SGSSRVR_truststoreFile         =
> /home/u0138544/aws/deploy/server/k1.p12
>     SGSSRVR_truststoreAlias       = k1
>     SGSSRVR_truststorePwd        = as-assigned
>     ##(with and without)
>     SGSSRVR_storeType        = PCKS12 (JKStoo)
>
> and pick those up as follows (including trying only key and only trust
> portions)
>
>          done = done && connector.setProperty("sslProtocol", "TLS");
>          done = done && connector.setProperty("keyAlias",
>     System.getProperty("SGSSRVR_keystoreAlias"));
>          done = done && connector.setProperty("keystorePass",
>     System.getProperty("SGSSRVR_keystorePwd"));
>          done = done && connector.setProperty("keystoreFile",
>     keyFile.getAbsolutePath());
>          done = done && connector.setProperty("keystoreType",
>     System.getProperty("SGSSRVR_storeType"));
>
>          done = done && connector.setProperty("truststoreType",
>     System.getProperty("SGSSRVR_storeType"));
>          done = done && connector.setProperty("truststoreFile",
>     trustFile.getAbsolutePath());
>          done = done && connector.setProperty("truststorePassword",
>     System.getProperty("SGSSRVR_truststorePwd"));   //always false
>          done = done && connector.setProperty("truststoreAlias",
>     System.getProperty("SGSSRVR_truststoreAlias"));  //always false
>
>          done = done && connector.setProperty("SSLEnabled", "true");
>          done = done && connector.setProperty("clientAuth", "false");
>          done = done && connector.setProperty("maxThreads", "200");
>          done = done && connector.setProperty("SSLEnabled", "true");
>
>          if (! done) {
>            System.out.println("Some problem(s) in connector setup");
>          }
>
> If anyone can tell me where I've gone wrong (again) I'm all ears.
>
>
>
>
>
>
>

--

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett
Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Rob Sargent
Luis,
Not a peep.  Not in IntelliJ, nor from startup script (with zero output
redirects). It works (on localhost:16004 and on k1:16004 (fully
qualified), but only http, not https.  The browser shows "This site
can’t provide a secure connection" and not much from chrome inspect:
request: "Referrer Policy: strict-origin-when-cross-origin"
response: "Failed to load response data"

Thanks
rjs

On 2/15/21 2:14 AM, Luis Rodríguez Fernández wrote:

> Hello Rob,
>
> Do you have a stacktrace or error message that you can share?
>
> Cheers,
>
> Luis
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Luis Rodríguez Fernández
mmm, I see...

- May I ask you to run ` openssl s_client -showcerts -connect
localhost:16004` to check that your tomcat connector has started? You
should get an output like `Verify return code: 18 (self signed certificate)`
- Having a look at what your browser is saying I have the feeling that your
issue is not 100% SSL/TLS related but more CORS related stuff...

Cheers,

Luis

El lun, 15 feb 2021 a las 16:18, Rob Sargent (<[hidden email]>)
escribió:

> Luis,
> Not a peep.  Not in IntelliJ, nor from startup script (with zero output
> redirects). It works (on localhost:16004 and on k1:16004 (fully
> qualified), but only http, not https.  The browser shows "This site
> can’t provide a secure connection" and not much from chrome inspect:
> request: "Referrer Policy: strict-origin-when-cross-origin"
> response: "Failed to load response data"
>
> Thanks
> rjs
>
> On 2/15/21 2:14 AM, Luis Rodríguez Fernández wrote:
> > Hello Rob,
> >
> > Do you have a stacktrace or error message that you can share?
> >
> > Cheers,
> >
> > Luis
> >
> >
> >
>
>

--

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett
Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Rob Sargent
openssl s_client -showcerts -connect k1:16004
CONNECTED(00000003)
139674280387904:error:1408F10B:SSL routines:ssl3_get_record:wrong
version number:../ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 312 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

Is it the version mismatch, or am I back in CORShell?


On 2/15/21 11:12 AM, Luis Rodríguez Fernández wrote:

> mmm, I see...
>
> - May I ask you to run ` openssl s_client -showcerts -connect
> localhost:16004` to check that your tomcat connector has started? You
> should get an output like `Verify return code: 18 (self signed certificate)`
> - Having a look at what your browser is saying I have the feeling that your
> issue is not 100% SSL/TLS related but more CORS related stuff...
>
> Cheers,
>
> Luis
>
> El lun, 15 feb 2021 a las 16:18, Rob Sargent (<[hidden email]>)
> escribió:
>
>> Luis,
>> Not a peep.  Not in IntelliJ, nor from startup script (with zero output
>> redirects). It works (on localhost:16004 and on k1:16004 (fully
>> qualified), but only http, not https.  The browser shows "This site
>> can’t provide a secure connection" and not much from chrome inspect:
>> request: "Referrer Policy: strict-origin-when-cross-origin"
>> response: "Failed to load response data"
>>
>> Thanks
>> rjs
>>
>> On 2/15/21 2:14 AM, Luis Rodríguez Fernández wrote:
>>> Hello Rob,
>>>
>>> Do you have a stacktrace or error message that you can share?
>>>
>>> Cheers,
>>>
>>> Luis
>>>
>>>
>>>
>>

Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Christopher Schultz-2
Rob,

On 2/15/21 13:41, Rob Sargent wrote:

> openssl s_client -showcerts -connect k1:16004
> CONNECTED(00000003)
> 139674280387904:error:1408F10B:SSL routines:ssl3_get_record:wrong
> version number:../ssl/record/ssl3_record.c:331:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 5 bytes and written 312 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> Early data was not sent
> Verify return code: 0 (ok)
> ---
>
> Is it the version mismatch, or am I back in CORShell?

Try this:

$ openssl s_client -showcerts -connect k1:16004 -tls1_2

Check the port? Remember that TLS is enabled on one port (Connector)
while plaintext is on another port (Connector). So switch from plaintext
to TLS you will need to change port numbers in your s_client connection
string (and browser).

How many connectors are you configuring? And how? Your code only shows
configuring a local "connector" reference, but not where it came from,
if it was added to the server component, etc.

-chris

> On 2/15/21 11:12 AM, Luis Rodríguez Fernández wrote:
>> mmm, I see...
>>
>> - May I ask you to run ` openssl s_client -showcerts -connect
>> localhost:16004` to check that your tomcat connector has started? You
>> should get an output like `Verify return code: 18 (self signed
>> certificate)`
>> - Having a look at what your browser is saying I have the feeling that
>> your
>> issue is not 100% SSL/TLS related but more CORS related stuff...
>>
>> Cheers,
>>
>> Luis
>>
>> El lun, 15 feb 2021 a las 16:18, Rob Sargent (<[hidden email]>)
>> escribió:
>>
>>> Luis,
>>> Not a peep.  Not in IntelliJ, nor from startup script (with zero output
>>> redirects). It works (on localhost:16004 and on k1:16004 (fully
>>> qualified), but only http, not https.  The browser shows "This site
>>> can’t provide a secure connection" and not much from chrome inspect:
>>> request: "Referrer Policy: strict-origin-when-cross-origin"
>>> response: "Failed to load response data"
>>>
>>> Thanks
>>> rjs
>>>
>>> On 2/15/21 2:14 AM, Luis Rodríguez Fernández wrote:
>>>> Hello Rob,
>>>>
>>>> Do you have a stacktrace or error message that you can share?
>>>>
>>>> Cheers,
>>>>
>>>> Luis
>>>>
>>>>
>>>>
>>>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Rob Sargent
Thanks again, Chris,

On 2/15/21 1:32 PM, Christopher Schultz wrote:
>
> Try this:
>
> $ openssl s_client -showcerts -connect k1:16004 -tls1_2
>
openssl s_client -showcerts -connect k1:16004 -tls1_2
CONNECTED(00000003)
140444510528832:error:1408F10B:SSL routines:ssl3_get_record:wrong
version number:../ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 217 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
     Protocol  : TLSv1.2
     Cipher    : 0000
     Session-ID:
     Session-ID-ctx:
     Master-Key:
     PSK identity: None
     PSK identity hint: None
     SRP username: None
     Start Time: 1613429202
     Timeout   : 7200 (sec)
     Verify return code: 0 (ok)
     Extended master secret: no
---


> Check the port? Remember that TLS is enabled on one port (Connector)
> while plaintext is on another port (Connector). So switch from
> plaintext to TLS you will need to change port numbers in your s_client
> connection string (and browser).
>
> How many connectors are you configuring? And how? Your code only shows
> configuring a local "connector" reference, but not where it came from,
> if it was added to the server component, etc.
>
I'm not following perfectly.  I did localhost lookup at Luis's
suggestion, but I name k1 in all my code/runs.
Do I have to add a doOptions handler in my servlets to handle prefight?



This is my Connector generation and consumption code:

         Service service = embeddedTomcat.getService();
         service.addConnector(addTLSConnector(tomcatPort));

        private Connector addTLSConnector(int tcport) {
          Connector connector = new Connector();
          addTLSConnector(connector, tcport);
          return connector;
        }
       private Connector addTLSConnector(Connector connector, int tcport) {
         File keyFile = new File
    (System.getProperty("SGSSRVR_keystoreFile"));
         if (! keyFile.exists()) throw new RuntimeException("where's the
    keystore?");
         File trustFile = new File
    (System.getProperty("SGSSRVR_truststoreFile"));
         if (! trustFile.exists()) throw new RuntimeException("where's
    the truststore?");
         boolean done = true;
         connector.setPort(tcport);
         connector.setSecure(true);
         connector.setScheme(System.getProperty("SGSSRVR_scheme"));
         //done = done && connector.setProperty("protocol", "HTTP/1.1");
         done = done && connector.setProperty("sslProtocol", "TLS");
         done = done &&
    connector.setProperty("address",System.getProperty("SGSSRVR_hostaddr"));
         done = done && connector.setProperty("keyAlias",
    System.getProperty("SGSSRVR_keystoreAlias"));
         done = done && connector.setProperty("keystorePass",
    System.getProperty("SGSSRVR_keystorePwd"));
         done = done && connector.setProperty("keystoreFile",
    keyFile.getAbsolutePath());
         done = done && connector.setProperty("keystoreType",
    System.getProperty("SGSSRVR_storeType"));
    //    done = done && connector.setProperty("truststoreType",
    System.getProperty("SGSSRVR_storeType"));
    //    done = done && connector.setProperty("truststoreFile",
    trustFile.getAbsolutePath());
    //    done = done && connector.setProperty("truststoreAlias",
    System.getProperty("SGSSRVR_truststoreAlias"));
    //    done = done && connector.setProperty("truststorePassword",
    System.getProperty("SGSSRVR_truststorePwd"));

         done = done && connector.setProperty("clientAuth", "false");
         done = done && connector.setProperty("maxThreads", "200");
         done = done && connector.setProperty("SSLEnabled", "true");
         if (! done) {
           System.out.println("Some problem(s) in connector setup");
         }
         return connector;
       }

with comments on trust or key lines or neither.  trust.Alias and
trust.pass, in either order, always fail (seen in IntelliJ when 'done'
flips to false)

and the properties are sent in from files:

    SGSSRVR_socketPort        = 16004
    SGSSRVR_scheme            = https
    SGSSRVR_databaseConnection    = jdbc:postgresql://%s:%d/%s
    SGSSRVR_emergencyJsonDir    = /home/u0138544/aws/deploy/crash/
    SGSSRVR_ContextRootDir         =
    /home/u0138544/aws/deploy/webroot/tomcat.16004/work/Tomcat/k1
    SGSSRVR_dbTestUser        = viv
    SGSSRVR_dbTestDb        = postgres
    SGSSRVR_databasePort        = 5432
    SGSSRVR_databaseHost        = k2
    SGSSRVR_roleExtension        = _notnull
    SGSSRVR_expansionStep        = 5
    SGSSRVR_hostaddr            = k1
    SGSSRVR_keystoreFile        = /home/u0138544/aws/deploy/server/k1.p12
    SGSSRVR_keystoreAlias        = k1
    SGSSRVR_keystorePwd            = changeit
    SGSSRVR_truststoreFile        = /home/u0138544/aws/deploy/server/k1.p12
    SGSSRVR_truststoreAlias        = k1
    SGSSRVR_truststorePwd          = changeit
    SGSSRVR_storeType        = PKCS


I'm only calling the connector generator once.




> -chris
>

Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Rob Sargent
I added a CORS filter to my /sgs/WEB-INF/web.xml.  [1]
In hopes of getting some logs out of tomcat I have added a Valve to
/sgs/META-INF/context.xml [2]

Neither of these has had in affect.  I see no logs and I still hit the
maybe-cors problem.

I have two tomcat connectivity checks: one is a anonymous servlet at
"/monitor" and the other is a servlet in my webapp doing helloWorld duty
on "/sgs/webmonitor".  Both localhost and k1 still happy on http, not
https for both endpoints, with and without the lastest xml additions.

rjs

[1]
<filter>
     <filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
     <init-param>
       <param-name>cors.allowed.origins</param-name>
<param-value>https://www.apache.org</param-value>
     </init-param>
     <init-param>
       <!-- TODO: will need to make this aws-vpn -->
       <param-name>cors.allowed.origins</param-name>
       <param-value>https://hci.utah.edu</param-value>
     </init-param>
     <init-param>
       <param-name>cors.allowed.methods</param-name>
       <param-value>GET,POST,OPTIONS,PUT</param-value>
     </init-param>
     <init-param>
       <param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
     </init-param>
     <init-param>
<param-name>cors.support.credentials</param-name>
       <param-value>false</param-value>
     </init-param>
     <init-param>
       <param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin</param-value>
     </init-param>
   </filter>
   <filter-mapping>
     <filter-name>CorsFilter</filter-name>
     <url-pattern>/sgs/*</url-pattern>
   </filter-mapping>

[2]
   <context-param>
     <description>Enable debugging for the application</description>
     <param-name>debug</param-name>
     <param-value>true</param-value>
   </context-param>
   <Valve
       className="org.apache.catalina.valves.AccessLogValve"
       prefix="sgs_access">
   </Valve>

On 2/15/21 4:26 PM, Rob Sargent wrote:
> Thanks again, Chris,
>
> On 2/15/21 1:32 PM, Christopher Schultz wrote:
>>
>> Try this:
>>
>> $ openssl s_client -showcerts -connect k1:16004 -tls1_2
>>
>

Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Christopher Schultz-2
In reply to this post by Rob Sargent
Rob,

On 2/15/21 18:26, Rob Sargent wrote:

> Thanks again, Chris,
>
> On 2/15/21 1:32 PM, Christopher Schultz wrote:
>>
>> Try this:
>>
>> $ openssl s_client -showcerts -connect k1:16004 -tls1_2
>>
> openssl s_client -showcerts -connect k1:16004 -tls1_2
> CONNECTED(00000003)
> 140444510528832:error:1408F10B:SSL routines:ssl3_get_record:wrong
> version number:../ssl/record/ssl3_record.c:331:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 5 bytes and written 217 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
>      Protocol  : TLSv1.2
>      Cipher    : 0000
>      Session-ID:
>      Session-ID-ctx:
>      Master-Key:
>      PSK identity: None
>      PSK identity hint: None
>      SRP username: None
>      Start Time: 1613429202
>      Timeout   : 7200 (sec)
>      Verify return code: 0 (ok)
>      Extended master secret: no
> ---
>
>
>> Check the port? Remember that TLS is enabled on one port (Connector)
>> while plaintext is on another port (Connector). So switch from
>> plaintext to TLS you will need to change port numbers in your s_client
>> connection string (and browser).
>>
>> How many connectors are you configuring? And how? Your code only shows
>> configuring a local "connector" reference, but not where it came from,
>> if it was added to the server component, etc.
>>
> I'm not following perfectly.  I did localhost lookup at Luis's
> suggestion, but I name k1 in all my code/runs.
> Do I have to add a doOptions handler in my servlets to handle prefight?
>
>
>
> This is my Connector generation and consumption code:
>
>          Service service = embeddedTomcat.getService();
>          service.addConnector(addTLSConnector(tomcatPort));
>
>         private Connector addTLSConnector(int tcport) {
>           Connector connector = new Connector();
>           addTLSConnector(connector, tcport);
>           return connector;
>         }
>        private Connector addTLSConnector(Connector connector, int tcport) {
>          File keyFile = new File
>     (System.getProperty("SGSSRVR_keystoreFile"));
>          if (! keyFile.exists()) throw new RuntimeException("where's the
>     keystore?");
>          File trustFile = new File
>     (System.getProperty("SGSSRVR_truststoreFile"));
>          if (! trustFile.exists()) throw new RuntimeException("where's
>     the truststore?");
>          boolean done = true;
>          connector.setPort(tcport);
>          connector.setSecure(true);
>          connector.setScheme(System.getProperty("SGSSRVR_scheme"));
>          //done = done && connector.setProperty("protocol", "HTTP/1.1");
>          done = done && connector.setProperty("sslProtocol", "TLS");
>          done = done &&
>    
> connector.setProperty("address",System.getProperty("SGSSRVR_hostaddr"));
>          done = done && connector.setProperty("keyAlias",
>     System.getProperty("SGSSRVR_keystoreAlias"));
>          done = done && connector.setProperty("keystorePass",
>     System.getProperty("SGSSRVR_keystorePwd"));
>          done = done && connector.setProperty("keystoreFile",
>     keyFile.getAbsolutePath());
>          done = done && connector.setProperty("keystoreType",
>     System.getProperty("SGSSRVR_storeType"));
>     //    done = done && connector.setProperty("truststoreType",
>     System.getProperty("SGSSRVR_storeType"));
>     //    done = done && connector.setProperty("truststoreFile",
>     trustFile.getAbsolutePath());
>     //    done = done && connector.setProperty("truststoreAlias",
>     System.getProperty("SGSSRVR_truststoreAlias"));
>     //    done = done && connector.setProperty("truststorePassword",
>     System.getProperty("SGSSRVR_truststorePwd"));
>
>          done = done && connector.setProperty("clientAuth", "false");
>          done = done && connector.setProperty("maxThreads", "200");
>          done = done && connector.setProperty("SSLEnabled", "true");
>          if (! done) {
>            System.out.println("Some problem(s) in connector setup");
>          }
>          return connector;
>        }
>
> with comments on trust or key lines or neither.  trust.Alias and
> trust.pass, in either order, always fail (seen in IntelliJ when 'done'
> flips to false)
>
> and the properties are sent in from files:
>
>     SGSSRVR_socketPort        = 16004
>     SGSSRVR_scheme            = https
>     SGSSRVR_databaseConnection    = jdbc:postgresql://%s:%d/%s
>     SGSSRVR_emergencyJsonDir    = /home/u0138544/aws/deploy/crash/
>     SGSSRVR_ContextRootDir         =
>     /home/u0138544/aws/deploy/webroot/tomcat.16004/work/Tomcat/k1
>     SGSSRVR_dbTestUser        = viv
>     SGSSRVR_dbTestDb        = postgres
>     SGSSRVR_databasePort        = 5432
>     SGSSRVR_databaseHost        = k2
>     SGSSRVR_roleExtension        = _notnull
>     SGSSRVR_expansionStep        = 5
>     SGSSRVR_hostaddr            = k1
>     SGSSRVR_keystoreFile        = /home/u0138544/aws/deploy/server/k1.p12
>     SGSSRVR_keystoreAlias        = k1
>     SGSSRVR_keystorePwd            = changeit
>     SGSSRVR_truststoreFile        = /home/u0138544/aws/deploy/server/k1.p12
>     SGSSRVR_truststoreAlias        = k1
>     SGSSRVR_truststorePwd          = changeit
>     SGSSRVR_storeType        = PKCS

No warnings or anything like that in your logs? Are you even logging
anything? I see some weird things in your config that I would usually
expect to cause a WARN or worse log message to be emitted:

SGSSRVR_hostaddr is being used to set the "address" property, which is
usually an IP address for an interface. I'm not sure what happens if you
hand a string to setProperty on that.

SGSSRVR_storeType refers to a type that is not valid. You probably meant
PKCS12. The trailing "12" is pretty important.

If you launch your Tomcat server and then connect via JMX, are you able
to see the various settings that you have attempted to set on your
connector? E.g. SSLEnabled="true"?

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Rob Sargent
Thanks, Chris,

Complete radio silence when running from command line [1][2] with a
startup script and running in IntelliJ [3]. (I wish I could make the
same /mistake/ with jOOQ;) ) I have managed to get access-logging started.

The only warning I get (cmdline) is from the jvm

    WARNING: An illegal reflective access operation has occurred
    WARNING: Illegal reflective access by
    org.apache.catalina.loader.WebappClassLoaderBase
    (file:/home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/9.0.43/1d102277426bdd5b12f048731a91665bb69347d1/tomcat-embed-core-9.0.43.jar)
    to field java.io.ObjectStreamClass$Caches.localDescs
    WARNING: Please consider reporting this to the maintainers of
    org.apache.catalina.loader.WebappClassLoaderBase
    WARNING: Use --illegal-access=warn to enable warnings of further
    illegal reflective access operations
    WARNING: All illegal access operations will be denied in a future
    release

but I'm sure that's not news.

I use logback in my main app

    import org.slf4j.Logger;
    import org.slf4j.LoggerFactory;


       private final static Logger logger =
    LoggerFactory.getLogger(SGSSelector.class);

I actually have storeType set to PCKS12.  I had also tried JKS and
edited that out in the emial.  Very sorry for the sloppiness - Paused to
check CK v. KC.  No noise from setting it to JKS.

[1] My start-up script

    #!/bin/bash -e
    export CATALINA_HOME=$HOME/aws/deploy/webroot/
    export CATALINA_BASE=$CATALINA_HOME
    export
    SGSWEBDIR=$CATALINA_HOME/tomcat.16004/work/Tomcat/kispiox.hci.utah.edu
    if [[ "$1"x == "x" ]]
    then
         if [[ ! -e $$SGSWEBDIR ]]
         then
             mkdir -p $SGSWEBDIR/sgs
         else
             echo clean out sgs app
             rm -rf $SGSWEBDIR/sgs
         fi

         cp
    /home/u0138544/gits/java/gitlab/gtdb/webapp/build/libs/sgs-1.0.war
    $SGSWEBDIR/sgs/sgs.war
         cd $SGSWEBDIR/sgs
         jar -xf sgs.war
         cd $CATALINA_BASE

         sed -i -f $HOME/aws/deploy/bin/context.sed
    $SGSWEBDIR/sgs/META-INF/context.xml >
    $SGSWEBDIR/sgs/META-INF/context.xml
         awk -f ~/aws/deploy/bin/webxml.awk --assign=PILIST="$1"
    $HOME/aws/deploy/bin/context.sed $SGSWEBDIR/sgs/WEB-INF/web.xml >
    $SGSWEBDIR/sgs/WEB-INF/web.xml.pi
         mv $SGSWEBDIR/sgs/WEB-INF/web.xml.pi $SGSWEBDIR/sgs/WEB-INF/web.xml
    fi
    . $HOME/aws/deploy/bin/cp4.sh
    cd $CATALINA_BASE
    java --enable-preview edu.utah.camplab.server.SGSSelector
    $HOME/aws/deploy/bin/selector.properties

[2] My classpath, very much in dev-land, pointing to working trees
(mains) and such to match gradle tasks

    export CLASSPATH=\
    /home/u0138544/gits/java/gitlab/gtdb/sgsaas/build/classes/java/main:\
    /home/u0138544/gits/java/gitlab/gtdb/transport/build/classes/java/main:\
    /home/u0138544/gits/java/gitlab/gtdb/tools/build/classes/java/main:\
    /home/u0138544/gits/java/gitlab/gtdb/jooq/build/classes/java/main:\
    /home/u0138544/gits/java/gitlab/gtdb/anno/build/classes/java/main:\
    /home/u0138544/.m2/repository/org/slf4j/slf4j-api/1.7.7/slf4j-api-1.7.7.jar:\
    /home/u0138544/.m2/repository/jpsgcs/jpsgcs/3.2.1-2/jpsgcs-3.2.1-2.jar:\
    /home/u0138544/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar:\
    /home/u0138544/.m2/repository/com/jonoler/longpowerset/longpowerset/1.0/longpowerset-1.0.jar:\
    /home/u0138544/.m2/repository/ch/qos/logback/logback-core/1.1.2/logback-core-1.1.2.jar:\
    /home/u0138544/.m2/repository/ch/qos/logback/logback-classic/1.1.2/logback-classic-1.1.2.jar:\
    /home/u0138544/.m2/repository/ch/qos/logback/logback-access/1.1.2/logback-access-1.1.2.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/software.amazon.ion/ion-java/1.0.2/ee9dacea7726e495f8352b81c12c23834ffbc564/ion-java-1.0.2.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.reactivestreams/reactive-streams/1.0.2/323964c36556eb0e6209f65c1cef72b53b461ab8/reactive-streams-1.0.2.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.postgresql/postgresql/42.2.18/a0a9c1d43c7727eeaf1b729477891185d3c71751/postgresql-42.2.18.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.jooq/jooq/3.14.7/46dd951bc6607d32c249bf3fea36038754c38905/jooq-3.14.7.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.jooq/jooq-meta/3.14.7/641e452aaa99ba24feec658147d81d4be7a11c90/jooq-meta-3.14.7.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.jooq/jooq-codegen/3.14.7/982bafbd5edf574bed4aab98ca7176c7e84d729/jooq-codegen-3.14.7.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.eclipse.jdt/ecj/3.18.0/4d5d0911b30db24c8eb844702c8adf8e434314ff/ecj-3.18.0.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.codehaus.groovy/groovy-all/2.4.7/c5371aaa20bcdca1175d9477fc0811f4fd99b68a/groovy-all-2.4.7.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat/tomcat-juli/9.0.43/e2599f71cf62e647f103996df3a102556da7c590/tomcat-juli-9.0.43.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat/tomcat-jdbc/9.0.43/67687234747df658dd3df3ebfc0b1d059013f55b/tomcat-jdbc-9.0.43.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat/tomcat-dbcp/9.0.43/a1eed9903a7834391f779a846a132348fee4a6fc/tomcat-dbcp-9.0.43.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat/tomcat-annotations-api/9.0.43/43fc4b2ab28610ab89617b5d142777b7b14c433e/tomcat-annotations-api-9.0.43.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-logging-juli/9.0.0.M6/2b083aa89d92ce10356158da1e643f8a8e890b49/tomcat-embed-logging-juli-9.0.0.M6.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-jasper/9.0.43/2139aa6213720ea485971473566a6f27270b7584/tomcat-embed-jasper-9.0.43.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-el/9.0.43/c30e2febc79367e22147ad45e5d4f4e0eafb96c1/tomcat-embed-el-9.0.43.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/9.0.43/1d102277426bdd5b12f048731a91665bb69347d1/tomcat-embed-core-9.0.43.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.httpcomponents/httpcore/4.4.13/853b96d3afbb7bf8cc303fe27ee96836a10c1834/httpcore-4.4.13.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.httpcomponents/httpclient/4.5.13/e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cada/httpclient-4.5.13.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-pool2/2.7.0/7f9ccfaaf76b0ba8b4200480971a170364a9c361/commons-pool2-2.7.0.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-dbcp2/2.7.0/ac3c5077659b4b9140e8fa63e855e0437fe94357/commons-dbcp2-2.7.0.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/net.sf.jopt-simple/jopt-simple/4.9/ee9e9eaa0a35360dcfeac129ff4923215fd65904/jopt-simple-4.9.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/joda-time/joda-time/2.8.1/f5bfc718c95a7b1d3c371bb02a188a4df18361a9/joda-time-2.8.1.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/javax.xml.bind/jaxb-api/2.3.1/8531ad5ac454cc2deb9d4d32c40c4d7451939b5d/jaxb-api-2.3.1.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/javax.servlet/javax.servlet-api/3.1.0/3cd63d075497751784b2fa84be59432f4905bf7c/javax.servlet-api-3.1.0.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/javax.servlet.jsp/javax.servlet.jsp-api/2.3.3/81191ab80e342912dc9cea735c30ff4eddc64de3/javax.servlet.jsp-api-2.3.3.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/javax.activation/javax.activation-api/1.2.0/85262acf3ca9816f9537ca47d5adeabaead7cb16/javax.activation-api-1.2.0.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/commons-codec/commons-codec/1.11/3acb4705652e16236558f0f4f2192cc33c3bd189/commons-codec-1.11.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.11.4/ce6fc76bba06623720e5a9308386b6ae74753f4d/jackson-datatype-jsr310-2.11.4.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-cbor/2.6.7/ba9e74b11135b18248e960df657a2b86ae77a079/jackson-dataformat-cbor-2.6.7.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.11.4/5d9f3d441f99d721b957e3497f0a6465c764fad4/jackson-databind-2.11.4.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-core/2.11.4/593f7b18bab07a76767f181e2a2336135ce82cc4/jackson-core-2.11.4.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-annotations/2.11.4/2c3f5c079330f3a01726686a078979420f547ae4/jackson-annotations-2.11.4.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/com.amazonaws/jmespath-java/1.11.948/58aad4b21afa6bbf9201ef72e0cbf1be55e014c/jmespath-java-1.11.948.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/com.amazonaws/aws-java-sdk-s3/1.11.948/c535da366416881a3953b13bfcce69e092769b27/aws-java-sdk-s3-1.11.948.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/com.amazonaws/aws-java-sdk-kms/1.11.948/fbdc7595e018c4f062c17f0112b19a22e98784c/aws-java-sdk-kms-1.11.948.jar:\
    /home/u0138544/.gradle/caches/modules-2/files-2.1/com.amazonaws/aws-java-sdk-core/1.11.948/ec11559a3b4a08390f015f206c7efe31ef0e6122/aws-java-sdk-core-1.11.948.jar

[3] IntelliJ settings for same

    working dir: /home/u0138544/aws/deploy/webroot
    env vars:
    CATALINA_HOME=/home/u0138544/aws/deploy/webroot;CATALINA_BASE=/home/u0138544/aws/deploy/webroot
    -cp sgs.sgsaas.main #pulls from the gradle build(s)


Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Rob Sargent
I'm managed to open the flood gates.  Will report soon.

On 2/16/21 11:25 AM, Rob Sargent wrote:

> Thanks, Chris,
>
> Complete radio silence when running from command line [1][2] with a
> startup script and running in IntelliJ [3]. (I wish I could make the
> same /mistake/ with jOOQ;) ) I have managed to get access-logging
> started.
>
> The only warning I get (cmdline) is from the jvm
>
>    WARNING: An illegal reflective access operation has occurred
>    WARNING: Illegal reflective access by
>    org.apache.catalina.loader.WebappClassLoaderBase
> (file:/home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/9.0.43/1d102277426bdd5b12f048731a91665bb69347d1/tomcat-embed-core-9.0.43.jar)
>    to field java.io.ObjectStreamClass$Caches.localDescs
>    WARNING: Please consider reporting this to the maintainers of
>    org.apache.catalina.loader.WebappClassLoaderBase
>    WARNING: Use --illegal-access=warn to enable warnings of further
>    illegal reflective access operations
>    WARNING: All illegal access operations will be denied in a future
>    release
>
> but I'm sure that's not news.
>
> I use logback in my main app
>
>    import org.slf4j.Logger;
>    import org.slf4j.LoggerFactory;
>
>
>       private final static Logger logger =
>    LoggerFactory.getLogger(SGSSelector.class);
>
> I actually have storeType set to PCKS12.  I had also tried JKS and
> edited that out in the emial.  Very sorry for the sloppiness - Paused
> to check CK v. KC.  No noise from setting it to JKS.
>
> [1] My start-up script
>
>    #!/bin/bash -e
>    export CATALINA_HOME=$HOME/aws/deploy/webroot/
>    export CATALINA_BASE=$CATALINA_HOME
>    export
> SGSWEBDIR=$CATALINA_HOME/tomcat.16004/work/Tomcat/kispiox.hci.utah.edu
>    if [[ "$1"x == "x" ]]
>    then
>         if [[ ! -e $$SGSWEBDIR ]]
>         then
>             mkdir -p $SGSWEBDIR/sgs
>         else
>             echo clean out sgs app
>             rm -rf $SGSWEBDIR/sgs
>         fi
>
>         cp
> /home/u0138544/gits/java/gitlab/gtdb/webapp/build/libs/sgs-1.0.war
>    $SGSWEBDIR/sgs/sgs.war
>         cd $SGSWEBDIR/sgs
>         jar -xf sgs.war
>         cd $CATALINA_BASE
>
>         sed -i -f $HOME/aws/deploy/bin/context.sed
>    $SGSWEBDIR/sgs/META-INF/context.xml >
>    $SGSWEBDIR/sgs/META-INF/context.xml
>         awk -f ~/aws/deploy/bin/webxml.awk --assign=PILIST="$1"
>    $HOME/aws/deploy/bin/context.sed $SGSWEBDIR/sgs/WEB-INF/web.xml >
>    $SGSWEBDIR/sgs/WEB-INF/web.xml.pi
>         mv $SGSWEBDIR/sgs/WEB-INF/web.xml.pi
> $SGSWEBDIR/sgs/WEB-INF/web.xml
>    fi
>    . $HOME/aws/deploy/bin/cp4.sh
>    cd $CATALINA_BASE
>    java --enable-preview edu.utah.camplab.server.SGSSelector
>    $HOME/aws/deploy/bin/selector.properties
>
> [2] My classpath, very much in dev-land, pointing to working trees
> (mains) and such to match gradle tasks
>
>    export CLASSPATH=\
> /home/u0138544/gits/java/gitlab/gtdb/sgsaas/build/classes/java/main:\
> /home/u0138544/gits/java/gitlab/gtdb/transport/build/classes/java/main:\
> /home/u0138544/gits/java/gitlab/gtdb/tools/build/classes/java/main:\
> /home/u0138544/gits/java/gitlab/gtdb/jooq/build/classes/java/main:\
> /home/u0138544/gits/java/gitlab/gtdb/anno/build/classes/java/main:\
> /home/u0138544/.m2/repository/org/slf4j/slf4j-api/1.7.7/slf4j-api-1.7.7.jar:\
> /home/u0138544/.m2/repository/jpsgcs/jpsgcs/3.2.1-2/jpsgcs-3.2.1-2.jar:\
> /home/u0138544/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar:\
> /home/u0138544/.m2/repository/com/jonoler/longpowerset/longpowerset/1.0/longpowerset-1.0.jar:\
> /home/u0138544/.m2/repository/ch/qos/logback/logback-core/1.1.2/logback-core-1.1.2.jar:\
> /home/u0138544/.m2/repository/ch/qos/logback/logback-classic/1.1.2/logback-classic-1.1.2.jar:\
> /home/u0138544/.m2/repository/ch/qos/logback/logback-access/1.1.2/logback-access-1.1.2.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/software.amazon.ion/ion-java/1.0.2/ee9dacea7726e495f8352b81c12c23834ffbc564/ion-java-1.0.2.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.reactivestreams/reactive-streams/1.0.2/323964c36556eb0e6209f65c1cef72b53b461ab8/reactive-streams-1.0.2.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.postgresql/postgresql/42.2.18/a0a9c1d43c7727eeaf1b729477891185d3c71751/postgresql-42.2.18.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.jooq/jooq/3.14.7/46dd951bc6607d32c249bf3fea36038754c38905/jooq-3.14.7.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.jooq/jooq-meta/3.14.7/641e452aaa99ba24feec658147d81d4be7a11c90/jooq-meta-3.14.7.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.jooq/jooq-codegen/3.14.7/982bafbd5edf574bed4aab98ca7176c7e84d729/jooq-codegen-3.14.7.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.eclipse.jdt/ecj/3.18.0/4d5d0911b30db24c8eb844702c8adf8e434314ff/ecj-3.18.0.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.codehaus.groovy/groovy-all/2.4.7/c5371aaa20bcdca1175d9477fc0811f4fd99b68a/groovy-all-2.4.7.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat/tomcat-juli/9.0.43/e2599f71cf62e647f103996df3a102556da7c590/tomcat-juli-9.0.43.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat/tomcat-jdbc/9.0.43/67687234747df658dd3df3ebfc0b1d059013f55b/tomcat-jdbc-9.0.43.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat/tomcat-dbcp/9.0.43/a1eed9903a7834391f779a846a132348fee4a6fc/tomcat-dbcp-9.0.43.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat/tomcat-annotations-api/9.0.43/43fc4b2ab28610ab89617b5d142777b7b14c433e/tomcat-annotations-api-9.0.43.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-logging-juli/9.0.0.M6/2b083aa89d92ce10356158da1e643f8a8e890b49/tomcat-embed-logging-juli-9.0.0.M6.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-jasper/9.0.43/2139aa6213720ea485971473566a6f27270b7584/tomcat-embed-jasper-9.0.43.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-el/9.0.43/c30e2febc79367e22147ad45e5d4f4e0eafb96c1/tomcat-embed-el-9.0.43.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/9.0.43/1d102277426bdd5b12f048731a91665bb69347d1/tomcat-embed-core-9.0.43.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.httpcomponents/httpcore/4.4.13/853b96d3afbb7bf8cc303fe27ee96836a10c1834/httpcore-4.4.13.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.httpcomponents/httpclient/4.5.13/e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cada/httpclient-4.5.13.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-pool2/2.7.0/7f9ccfaaf76b0ba8b4200480971a170364a9c361/commons-pool2-2.7.0.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-dbcp2/2.7.0/ac3c5077659b4b9140e8fa63e855e0437fe94357/commons-dbcp2-2.7.0.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/net.sf.jopt-simple/jopt-simple/4.9/ee9e9eaa0a35360dcfeac129ff4923215fd65904/jopt-simple-4.9.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/joda-time/joda-time/2.8.1/f5bfc718c95a7b1d3c371bb02a188a4df18361a9/joda-time-2.8.1.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/javax.xml.bind/jaxb-api/2.3.1/8531ad5ac454cc2deb9d4d32c40c4d7451939b5d/jaxb-api-2.3.1.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/javax.servlet/javax.servlet-api/3.1.0/3cd63d075497751784b2fa84be59432f4905bf7c/javax.servlet-api-3.1.0.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/javax.servlet.jsp/javax.servlet.jsp-api/2.3.3/81191ab80e342912dc9cea735c30ff4eddc64de3/javax.servlet.jsp-api-2.3.3.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/javax.activation/javax.activation-api/1.2.0/85262acf3ca9816f9537ca47d5adeabaead7cb16/javax.activation-api-1.2.0.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/commons-codec/commons-codec/1.11/3acb4705652e16236558f0f4f2192cc33c3bd189/commons-codec-1.11.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.11.4/ce6fc76bba06623720e5a9308386b6ae74753f4d/jackson-datatype-jsr310-2.11.4.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-cbor/2.6.7/ba9e74b11135b18248e960df657a2b86ae77a079/jackson-dataformat-cbor-2.6.7.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.11.4/5d9f3d441f99d721b957e3497f0a6465c764fad4/jackson-databind-2.11.4.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-core/2.11.4/593f7b18bab07a76767f181e2a2336135ce82cc4/jackson-core-2.11.4.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-annotations/2.11.4/2c3f5c079330f3a01726686a078979420f547ae4/jackson-annotations-2.11.4.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/com.amazonaws/jmespath-java/1.11.948/58aad4b21afa6bbf9201ef72e0cbf1be55e014c/jmespath-java-1.11.948.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/com.amazonaws/aws-java-sdk-s3/1.11.948/c535da366416881a3953b13bfcce69e092769b27/aws-java-sdk-s3-1.11.948.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/com.amazonaws/aws-java-sdk-kms/1.11.948/fbdc7595e018c4f062c17f0112b19a22e98784c/aws-java-sdk-kms-1.11.948.jar:\
> /home/u0138544/.gradle/caches/modules-2/files-2.1/com.amazonaws/aws-java-sdk-core/1.11.948/ec11559a3b4a08390f015f206c7efe31ef0e6122/aws-java-sdk-core-1.11.948.jar
>
> [3] IntelliJ settings for same
>
>    working dir: /home/u0138544/aws/deploy/webroot
>    env vars:
> CATALINA_HOME=/home/u0138544/aws/deploy/webroot;CATALINA_BASE=/home/u0138544/aws/deploy/webroot
>    -cp sgs.sgsaas.main #pulls from the gradle build(s)
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Rob Sargent
The logging so far has told me only that my port 16004 is in use, but at
outset it clearly is not according to netstat or ss.  Is tomcat opening
that port before the call to "tomcat.start(); tomcat.getServer().await():"?



On 2/16/21 12:04 PM, Rob Sargent wrote:
> I'm managed to open the flood gates.  Will report soon.
>

Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Rob Sargent
Sorry, meant to show the log:

    Feb 16, 2021 1:06:59 PM org.apache.coyote.AbstractProtocol init
    INFO: Initializing ProtocolHandler ["http-nio-16004"]
    Feb 16, 2021 1:06:59 PM org.apache.coyote.AbstractProtocol init
    INFO: Initializing ProtocolHandler ["https-jsse-nio-16004"]
    Feb 16, 2021 1:06:59 PM org.apache.catalina.util.LifecycleBase
    handleSubClassException
    SEVERE: Failed to initialize component [Connector[HTTP/1.1-16004]]
    org.apache.catalina.LifecycleException: Protocol handler
    initialization failed
         at
    org.apache.catalina.connector.Connector.initInternal(Connector.java:1049)
         at
    org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
         at
    org.apache.catalina.core.StandardService.initInternal(StandardService.java:558)
         at
    org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
         at
    org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1045)
         at
    org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
         at
    org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:173)
         at org.apache.catalina.startup.Tomcat.start(Tomcat.java:486)
    ===>    at
    edu.utah.camplab.server.SGSSelector.kickOff(SGSSelector.java:172)
         at edu.utah.camplab.server.SGSSelector.run(SGSSelector.java:184)
         at java.base/java.lang.Thread.run(Thread.java:832)
    Caused by: java.net.BindException: Address already in use
         at java.base/sun.nio.ch.Net.bind0(Native Method)
         at java.base/sun.nio.ch.Net.bind(Net.java:550)
         at
    java.base/sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:249)
         at
    org.apache.tomcat.util.net.NioEndpoint.initServerSocket(NioEndpoint.java:277)
         at
    org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:241)
         at
    org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1193)
         at
    org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1206)
         at
    org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:597)
         at
    org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80)
         at
    org.apache.catalina.connector.Connector.initInternal(Connector.java:1046)
         ... 10 more

    ===>       embeddedTomcat.start();


On 2/16/21 1:02 PM, Rob Sargent wrote:

> The logging so far has told me only that my port 16004 is in use, but
> at outset it clearly is not according to netstat or ss.  Is tomcat
> opening that port before the call to "tomcat.start();
> tomcat.getServer().await():"?
>
>
>
> On 2/16/21 12:04 PM, Rob Sargent wrote:
>> I'm managed to open the flood gates.  Will report soon.
>>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Christopher Schultz-2
In reply to this post by Rob Sargent
Rob,

On 2/16/21 15:02, Rob Sargent wrote:
> The logging so far has told me only that my port 16004 is in use, but at
> outset it clearly is not according to netstat or ss.  Is tomcat opening
> that port before the call to "tomcat.start(); tomcat.getServer().await():"?

It it says "port in use" then first stop your application, then make
sure all other processes that may have bound that port are stopped.
Maybe it's been failing because you have effectively been changing
nothing (because some older process is still holding onto the port).

-chris


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Rob Sargent
Rebooted desktop k1.  I get port in use first time I start my server
(shell).


On 2/16/21 1:26 PM, Christopher Schultz wrote:

> Rob,
>
> On 2/16/21 15:02, Rob Sargent wrote:
>> The logging so far has told me only that my port 16004 is in use, but
>> at outset it clearly is not according to netstat or ss.  Is tomcat
>> opening that port before the call to "tomcat.start();
>> tomcat.getServer().await():"?
>
> It it says "port in use" then first stop your application, then make
> sure all other processes that may have bound that port are stopped.
> Maybe it's been failing because you have effectively been changing
> nothing (because some older process is still holding onto the port).
>
> -chris
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Rob Sargent
change port assignment (16005) and restarted server.  port in use.


On 2/16/21 2:36 PM, Rob Sargent wrote:

> Rebooted desktop k1.  I get port in use first time I start my server
> (shell).
>
>
> On 2/16/21 1:26 PM, Christopher Schultz wrote:
>> Rob,
>>
>> On 2/16/21 15:02, Rob Sargent wrote:
>>> The logging so far has told me only that my port 16004 is in use,
>>> but at outset it clearly is not according to netstat or ss.  Is
>>> tomcat opening that port before the call to "tomcat.start();
>>> tomcat.getServer().await():"?
>>
>> It it says "port in use" then first stop your application, then make
>> sure all other processes that may have bound that port are stopped.
>> Maybe it's been failing because you have effectively been changing
>> nothing (because some older process is still holding onto the port).
>>
>> -chris
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Noelette Stout
I'm kinda new to this, but it looks like you're trying to start http and
https on the same port.

Feb 16, 2021 1:06:59 PM org.apache.coyote.AbstractProtocol init
    INFO: Initializing ProtocolHandler ["http-nio-16004"]
    Feb 16, 2021 1:06:59 PM org.apache.coyote.AbstractProtocol init
    INFO: Initializing ProtocolHandler ["https-jsse-nio-16004"]

In my (admittedly limited) experience, they need to be on separate ports.

just my 2 cents

On Tue, Feb 16, 2021 at 2:39 PM Rob Sargent <[hidden email]> wrote:

> change port assignment (16005) and restarted server.  port in use.
>
>
> On 2/16/21 2:36 PM, Rob Sargent wrote:
> > Rebooted desktop k1.  I get port in use first time I start my server
> > (shell).
> >
> >
> > On 2/16/21 1:26 PM, Christopher Schultz wrote:
> >> Rob,
> >>
> >> On 2/16/21 15:02, Rob Sargent wrote:
> >>> The logging so far has told me only that my port 16004 is in use,
> >>> but at outset it clearly is not according to netstat or ss.  Is
> >>> tomcat opening that port before the call to "tomcat.start();
> >>> tomcat.getServer().await():"?
> >>
> >> It it says "port in use" then first stop your application, then make
> >> sure all other processes that may have bound that port are stopped.
> >> Maybe it's been failing because you have effectively been changing
> >> nothing (because some older process is still holding onto the port).
> >>
> >> -chris
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [hidden email]
> >> For additional commands, e-mail: [hidden email]
> >>
> >
> >
>
>

--
Noelette Stout

ITS Enterprise Applications - Application Administrator - Senior

Business Administration Building, Rm 109L
921 South 8th Ave 8037
Idaho State University
Pocatello ID 83209
E-mail: stounoel "at" isu "dot" edu
Desk: 208-282-2554
Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Mark Thomas-2
On February 16, 2021 10:00:01 PM UTC, Noelette Stout <[hidden email]> wrote:

>I'm kinda new to this, but it looks like you're trying to start http
>and
>https on the same port.
>
>Feb 16, 2021 1:06:59 PM org.apache.coyote.AbstractProtocol init
>    INFO: Initializing ProtocolHandler ["http-nio-16004"]
>    Feb 16, 2021 1:06:59 PM org.apache.coyote.AbstractProtocol init
>    INFO: Initializing ProtocolHandler ["https-jsse-nio-16004"]
>
>In my (admittedly limited) experience, they need to be on separate
>ports.

+1. That is clearly the problem given those log messages.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Rob Sargent
Ah, yes, a stray Constuctor() left lying around.
Thank you!  I am now down to dealing with https mis-configurations,
which puts me squarely back to the future.

Ever grateful,
rjs

On 2/16/21 3:27 PM, Mark Thomas wrote:

> On February 16, 2021 10:00:01 PM UTC, Noelette Stout <[hidden email]> wrote:
>> I'm kinda new to this, but it looks like you're trying to start http
>> and
>> https on the same port.
>>
>> Feb 16, 2021 1:06:59 PM org.apache.coyote.AbstractProtocol init
>>     INFO: Initializing ProtocolHandler ["http-nio-16004"]
>>     Feb 16, 2021 1:06:59 PM org.apache.coyote.AbstractProtocol init
>>     INFO: Initializing ProtocolHandler ["https-jsse-nio-16004"]
>>
>> In my (admittedly limited) experience, they need to be on separate
>> ports.
> +1. That is clearly the problem given those log messages.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

Reply | Threaded
Open this post in threaded view
|

Re: embedded, not local

Rob Sargent
Other than the browsers not trusting my self-signed cert I think I'm now
in the business of impersonation AWS ;)

Thanks to all I've bothered,
rjs

On 2/16/21 7:50 PM, Rob Sargent wrote:

> Ah, yes, a stray Constuctor() left lying around.
> Thank you!  I am now down to dealing with https mis-configurations,
> which puts me squarely back to the future.
>
> Ever grateful,
> rjs
>
> On 2/16/21 3:27 PM, Mark Thomas wrote:
>> On February 16, 2021 10:00:01 PM UTC, Noelette Stout
>> <[hidden email]> wrote:
>>> I'm kinda new to this, but it looks like you're trying to start http
>>> and
>>> https on the same port.
>>>
>>> Feb 16, 2021 1:06:59 PM org.apache.coyote.AbstractProtocol init
>>>     INFO: Initializing ProtocolHandler ["http-nio-16004"]
>>>     Feb 16, 2021 1:06:59 PM org.apache.coyote.AbstractProtocol init
>>>     INFO: Initializing ProtocolHandler ["https-jsse-nio-16004"]
>>>
>>> In my (admittedly limited) experience, they need to be on separate
>>> ports.
>> +1. That is clearly the problem given those log messages.
>>
>> Mark
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>
>