#StackBounty: #nginx #proxy #tomcat #rewrite Nginx rewrite .jsp extension and proxy to tomcat

Bounty: 100

Outgoing

How can i create a Nginx rewrite rule in the appropriate server block, that takes any URL ending on .jsp and removes the .jsp extension after retrieving the correct .jsp page from the tomcat server, but before sending the response to the client?

Incoming

How can i create a Nginx rewrite rule in the appropriate server block, that takes any URL that does not end on .do and add a .jsp extension, after receiving a HTTP request, but before fetching the .jsp file from the tomcat server. And than follow the outgoing rewrite rule to remove the extension again before sending response?

Test

I tried to play around with the following

server {
        listen 443 ssl;
        server_name www.test.local test.local;

        location / {
                if ($request_uri ~ ^/(.*).jsp$) {
                        return 302 /$1;
                }
                try_files $uri.jsp @proxy;
        }

        location @proxy {
                proxy_pass http://websites/;
                include proxy_params;
        }
}

Nginx removes the .jsp extension, but it also sends the request to Tomcat without the .jsp extension, so tomcat does not know what to look for and returns a 404.

As far as i can tell, Nginx is not asking Tomcat do you have a $uri.jsp page but is instead asking if tomcat has a $uri page (without .jsp extension).

As far as i can read and understand try_files syntax is

try_files [Location[file, folder]] [fallback[file, folder, HTTP code]]

But the official documentation does not say (as far as i can find) how to instruct Nginx to (in this case) ask the proxy for the different files and folders to try, but is instead quering its own local root location for $uri.jsp and than using @proxy as fallback.


Get this bounty!!!

#StackBounty: #apache #tomcat #webserver #reverse-proxy #httpserver http configuration to connect different type of backened app server…

Bounty: 50

I have a apache http server that acts as proxy to connect to backened app servers.

e.g. MachineA(https) -> MachineB(http:reverseproxy) -> MachineCn(http:App)

Here MachineA(Public_lb) port 9002 is mapped with MachineB(internal apache) port 7777.

In backened, I have different application servers running

for e.g.

  1. MachineC1 -> Weblogic
  2. MachineC2 -> Tomcat
  3. MachineC3 -> NodeJS
  4. MachineC4 -> Flask

Here there is single servername(MachineA: public_facing_lb) and port(9002). Here is my existing configuration in MachineB(apache reverseproxy server)looks like which works fine now for all weblogic connections. But when I add the proxy for other apps, it never works properly.

What I am doing wrong here ?

LoadModule weblogic_module   "/u01/oracle/ohssa/ohs/modules/mod_wl_ohs.so"

RewriteEngine On
    RewriteCond %{HTTPS} on
    RewriteRule ^$ http://%{HTTP_HOST} [L,R]



    <IfModule mod_weblogic.c>
       NameVirtualHost *:7777
      <VirtualHost *:7777>
        ServerName https://public_facing_lb:9002
        RewriteEngine       On
        RewriteOptions inherit
        RewriteRule ^/$ /pod/reactaphome [PT]
        Debug ALL
        MatchExpression /
        DebugConfigInfo ON
        WLLogFile /var/log/httpd/wlproxy-qa.log
        KeepAliveEnabled ON
        KeepAliveSecs  15
        WLProxySSLPassThrough ON
        ProxyPreserveHost On


     <Location /pod/reactapp1>
       ProxyPass  http://nodejssrv1:1337
       ProxyPassReverse  http://nodejssrv1:1337
     </Location>

     <Location /pod/flaskapp1>
       ProxyPass  http://flasksrv1:8080
       ProxyPassReverse  http://flasksrv1:8080
     </Location>

     <Location /pod/tomcatapp1>
       ProxyPass  http://tomcatsrv1:8080
       ProxyPassReverse  http://tomcatsrv1:8080
     </Location>

     <Location /pod/console>
        SetHandler weblogic-handler
        WebLogicHost wlssrv1
        WeblogicPort 7001
        WLSRequest On
        ProxyPass  http://wlssrv1:7001/console
        ProxyPassReverse http://wlssrv1:7001/console
     </Location>
        SetHandler weblogic-handler
        WebLogicHost wlssrv1
        WeblogicPort 7001
        ProxyPass /pod/wlsapp1 http://wlssrv1:7001/wlsapp1
        ProxyPassReverse /pod/wlsapp1 http://wlssrv1:7001/wlsapp1
        ProxyPass /pod/wlsapp2 http://wlssrv1:7001/wlsapp2
        ProxyPassReverse /pod/wlsapp2 http://wlssrv1:7001/wlsapp2
        ProxyPass /pod/wlsapp3 http://wlssrv1:7001/wlsapp3
        ProxyPassReverse /pod/wlsapp3 http://wlssrv1:7001/wlsapp3

        ProxyPass /wlsapphome/global http://wlssrv1:7001/resources/getGlobalAppsList
        ProxyPassReverse /wlsapphome/global http://wlssrv1:7001/resources/getGlobalAppsList
        ProxyPass /wlsapphome http://wlssrv1:7001/resources/getAppsList
        ProxyPassReverse /wlsapphome http://wlssrv1:7001/resources/getAppsList

     </VirtualHost>
    </IfModule> 

I might be doing mistake in putting the other app config inside the weblogic if module.
If I am creating multiple virtual hosts, at any point of time only the first virtualhost works.

Do I need to load modules for tomcat, nodejs and flask to communicate, as the pages get loaded broken. Like mod_wl_ohs used for weblogic ?


Get this bounty!!!

#StackBounty: #java #angular #google-chrome #tomcat #jersey Server Sent Events not working in Chrome

Bounty: 50

i am developing a web application with angular 4 and java. I am using server sent events to send some text data to the frontend. In the backend i am using jersey and this is my backend code

eventOutput.write(new OutboundEvent.Builder()
       .id(decodedToken)
       .name("responseBody")
       .data(String.class, respBody.toString()).build());

Frontend i am using angular 4 and the code looks like

var evtSource = new EventSource("url");
 source.addEventListener('eventName', (event) => {
    console.log(event);
});

Everything works fine in Mozilla firefox. When i use chrome with tomcat and windows everything works fine. But with tomcat+linux and chrome, i see the error in the console.as

EventSource’s response has a charset (“iso-8859-1”) that is not UTF-8.
Aborting the connection.

What could be the issue. What is the fix? Please help. Any help would be appreciated. Thanks.


Get this bounty!!!

#StackBounty: #java #spring #tomcat #ubuntu-12.04 #tomcat9 After a while, Tomcat ceases working with other APIs

Bounty: 50

I’m trying to make the project more stable. The problem is that at some point there is a situation in which all the code that uses communication with other APIs ceases to work. Until I reboot the tomcat, what I have to do every few hours (from 4 hours to several minutes, it seems to depend on the number of users). At the same time, the code that accepts GET (or any other) request and does not contact other servers during its activity – it continues to work. Communication with other servers is lost and other projects on this server.

The server Ubuntu 12.04, nginx 1.12.0, tomcat 9.0.0.M26.
The server has 12 small projects on java.
Spring 5.0.4.RELEASE, hibernate 5.2.16.Final, (PostgreSQL) 9.6.3

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException

org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:982)
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

I also get many other errors in different places and different types, most often NPE (because due to lack of communication the object I wanted from another server = null), sometimes I get an HttpClientErrorException and status 400, although the remote server always responds on similar requests by the status of 200.
On my local tomcat, I never got a similar situation. I have been suffering for a long time with this problem, the situation is getting worse (more users – it breaks faster), I will be grateful for any advice. I apologize for Google translate.

Thread dump from jstack –
threaddumps.log

jvisualvm

Below is jvisualvm threads at the time the code does not work

jvisualvm threads

jvisualvm threads

jvisualvm threads

Thread dump a few seconds before everything breaks

Thread dump at the time the code does not work


Get this bounty!!!

#StackBounty: #java #tomcat #csrf #csrf-protection #nonce Tomcat 8.5 anti-CSRF nonce not being generated

Bounty: 50

I have a web application that runs on Tomcat 8.5. I would like to update the application to rely on Tomcats native anti-CSRF tokens to protect key POST requests on the web app. I have done quite of bit of researched and followed a number of example yet I still cannot seem to get this to work.

web.xml:

<filter>
    <filter-name>CSRFPreventionFilter</filter-name>
    <filter-class> org.apache.catalina.filters.CsrfPreventionFilter </filter-class>
    <init-param>
        <param-name>entryPoints</param-name>
        <param-value>appNameRemoved/login.jsp</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>CSRFPreventionFilter</filter-name>
    <url-pattern>/appNameRemoved/folder1/*</url-pattern>
</filter-mapping>

So at face value this appears to work. Any attempt to access a URL inside of folder1 is denied with a 403 (good). The issue arises when I try to generate the nonce value to allow authorized parties to access the privileaged area.

In my main.jsp (JSP opened after logging in on entry-point login.jsp), I have the following Java code to try to generate the nonce value:

String antiCSRF = response.encodeURL("/appNameRemoved/folder1/delete");

The issue is, the value generated is simply

"/appNameRemoved/folder1/delete" 

rather than an expected URL (as seen by other peoples examles) such as:

"/appNameRemoved/folder1/delete?org.apache.catalina.filters.CSRF_NONCE=CB5C65E1D87A39D5557D6BCBC24E54A9"

Hence my question, why is response.encodeURL() not actually encoding the URL with the nonce value even though as far as I can see, the filter is setup correctly and checking for nonce’s when accessing the privileged URL’s.

Thanks!


Get this bounty!!!

#StackBounty: #java #multithreading #tomcat #tomcat7 #jvisualvm Memory leak when redeploying application in Tomcat

Bounty: 50

I have WebApplication which is deployed in Tomcat 7.0.70. I simulated the following situation:

  1. I created the heap dump.
  2. Then I sent the Http request and in service’s method I printed the current thread and its classLoader. And then I invoked Thread.currentThread.sleep(10000).
  3. And at the same moment I clicked ‘undeploy this application’ in Tomcat’s admin page.
  4. I created new heap dump.
  5. After some minutes I created new hep dump.

RESULTS

Thread dump

On the following screen you can see that after I clicked “redeploy”, all threads (which were associated with this web application) were killed except the thread “http-apr-8081-exec-10”. As I set Tomcat’s attribute “renewThreadsWhenStoppingContext == true”, so you can see that after some time this thread (“http-apr-8081-exec-10”) was killed and new thread (http-apr-8081-exec-11) was created instead of it. So I didn’t expect to have the old WCL after creation of heap dump 3, because there are not any old threads or objects.

enter image description here

Heapd dump 1

On the following two screens you can see that when the application was running there was only one WCL(its parameter “started” = true).
And the thread “http-apr-8081-exec-10” had the contextClassLoader = URLClassLoader ( because it was in the Tomcat’s pool).
I’m speaking only about this thread because you will able to see that this thread will handle my future HTTP request.

enter image description here

enter image description here

Sending HTTP request

Now I send the HTTP request and in my code I get information about the current thread.You can see that my request is being handled by the thread “http-apr-8081-exec-10”

дек 23, 2016 9:28:16 AM c.c.c.f.s.r.ReportGenerationServiceImpl INFO:  request has been handled in 
   thread = http-apr-8081-exec-10,  its contextClassLoader = WebappClassLoader
   context: /hdi
   delegate: false
   repositories:
   /WEB-INF/classes/
   ----------> Parent Classloader: java.net.URLClassLoader@4162ca06

Then I click “Redeploy my web application” and I get the following message in console.

 дек 23, 2016 9:28:27 AM org.apache.catalina.loader.WebappClassLoaderBase clearReferencesThreads
 SEVERE: The web application [/hdi] appears to have started a thread named [http-apr-8081-exec-10] but has failed to stop it. This is very likely to create a memory leak.

Heapd dump 2

On the following screens you can see that there are two instances WebAppClassLoader. One of them( number #1) is old( its attribute “started” = false).
And the WCL #2 was created after redeploying application (its attribute “started” = true).
And the thread we review has contextClassLoader = “org.apache.catalina.loader.WebappClassLoader”.
Why? I expected to see contextClassLoader = “java.net.URLClassLoader” (after all, when any thread finishes its work it is returned to the Tomcat’s pool
and its attribute “contextClassLoader” is set to any base classloader).

enter image description here

enter image description here

enter image description here

Heapd dump 3

You can see that there isn’t thread “http-apr-8081-exec-10”, but there is thread “http-apr-8081-exec-11” and it has contextClassLoader = “WebappClassLoader”
(Why not URLClassLoader?).

In the end we have the following: there is thread “http-apr-8081-exec-11” which has the ref to the WebappClassLoader #1.
And obviosly when I make “Nearest GC Root” on the WCL #1 I will see the ref to the thread 11.

enter image description here

enter image description here

Questions.

How can I forcibly say to Tomcat to return old value contextClassLoader (URLClassLoader) after thread will finish its work?

How can I make sure Tomcat doesn’t copy old value “contextClassLoader” during the thread renewal?

Maybe, do you know other way to resolve my problem?


Get this bounty!!!

#StackBounty: #java #tomcat #cpu-usage #windows-server-2012-r2 #tomcat9 Standalone tomcat 9 spikes CPU to 50% every 10 seconds while my…

Bounty: 100

i am using Tomcat 9.0.0.M22 with jdk1.8.0_131 on windows server 2012 R2 and i have a sprinboot web application deployed on it, the issue is that every 10 seconds the commons daemon service runner spikes the cpu to 50% although my deployed web application is idle then decreases to 0% and this behavior continue to happen every 10 seconds.

in my application i don’t have any job that runs every 10 seconds, and also when i run my web application on tomcat from eclipse i didn’t notice the same behavior, so i am guessing that this is a tomcat built in thread, so i was wondering if any one has encountered this issue before can guide me to a solution.

please advise, thanks


Get this bounty!!!

#StackBounty: #tomcat #java #database #cpu-usage #memory-usage Tomcat consuming more Memory after Application Data is added .

Bounty: 50

A Tomcat Server suddenly shows an increment of 2 GB memory consumption after adding more data into the Application or Application Oracle Database. What I mean is that after restart Tomcat is normal but after a few hours it shows approx. 2000MB of Memory space . There are 4 Servers and the numbers are close in all the four . Before the data adjoined it was behaving appropriate . Please some one could specify whether this more data in Database which is causing the problem or something else needs to be looked into ??

Parallelly the CPU wait cycles have increased during this time frame .


Get this bounty!!!

#StackBounty: #java #maven #tomcat Apache Tomcat Maven plugin war not found

Bounty: 100

I’m following the documentation here but I end up with a jar that doesn’t find the war to execute. Here’s the error:

java.io.FileNotFoundException: C:UsersortizjDocumentsNetBeansProjectsvalida
tion-managerValidation-Manager-Webtarget.extractwebappsROOT.war (The system
 cannot find the file specified)

For some reason the war file is not added to the jar so it fails when it’s extracting it.

ROOT.war exists and is present in the target folder.

Here’s the relevant POM contents:

<profile>
    <id>installer</id>
    <properties>
        <original.finalName>${project.build.finalName}</original.finalName>
    </properties>
    <build>
        <finalName>ROOT</finalName>
        <plugins>
            <plugin>
                <groupId>org.apache.tomcat.maven</groupId>
                <artifactId>tomcat7-maven-plugin</artifactId>
                <version>2.2</version>
                <executions>
                    <execution>
                        <id>tomcat-run</id>
                        <goals>
                            <goal>exec-war-only</goal>
                        </goals>
                        <phase>package</phase>
                        <configuration>
                            <path>/</path>
                            <enableNaming>false</enableNaming>
                            <finalName>${original.finalName}-demo.jar</finalName>
                            <charset>utf-8</charset>
                            <httpPort>9078</httpPort>
                            <contextFile>${project.basedir}srcmainjavawebappMETA-INFcontext.xml</contextFile>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
</profile>


Get this bounty!!!