Java App Servers

Java application servers that support the Java EE platform and features include JOnAS from Object Web, WildFly (formerly JBoss AS) from JBoss, Geronimo from Apache, TomEE from Apache, Resin Java Application Server from Caucho Technology, Blazix from Desiderata Software, Enhydra Server from Enhydra.org, and GlassFish from Oracle. Commercial Java app servers include WebLogic by Oracle, WebSphere from IBM and the open source JBoss Enterprise Application Platform (JBoss EAP) by Red Hat.

Share tech news, updates, or what's on your mind.

Sign up to Post

we installed tomcat apache in windows server in -C:\   ,  Drive.
For better management we planning to move to D: Drive.

Please advise the steps needed to achive for the same
0
Learn Ruby Fundamentals
LVL 13
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

I had this question after viewing Triggering a shell command from a java servlet 30 minutes after the http call.

Hi,

In this how do I set up a timeout for the thread after the thread is spawned. I am noticing that in my app the thread is getting stuck due to some other issues. And I need to setup a timeout property for the thread

thanks
-anshu
0
I am trying to load some .cer files in to a java .keystore file, using the keytool command. For one of the .cer file, I am expecting to import it as a PrivateKeyEntry. However, the result of "keytool -list" command shows that all certificate are imported as trustedCertEntry.

In the "keytool -importcert" command I toggled off the -trustcacerts (idea from https://stackoverflow.com/questions/24974324/import-certificate-as-privatekeyentry ), but it didn't make a difference on the result for me.

Can you help me on clarifying these questions:
1. can "keytool -importcert" import PrivateKeyEntry into the .keystore file?
2. Is the type (PrivateKeyEntry/trustedCertEntry) of the imported certificates in .keystore decided by the way of importing? or by the .cer file itself?
3. If decided by the way of importing, how to do that?
4. If by the .cer file itself, how to check which type it is?

Thank you!
0
We get a lot of repeated errors in Weblogic logs that seem to start at about the same time as when a non-credential (& non-bruteforce) external penetration testing (using Nessus) started:

<Jan 15, 2019 5:12:36 AM SGT> <Warning> <Socket> <BEA-000450> <Socket 1,544 internal data record unavailable (probable closure due idle timeout), event re
ceived -32>
<Jan 15, 2019 5:12:36 AM SGT> <Warning> <Socket> <BEA-000450> <Socket 1,546 internal data record unavailable (probable closure due idle timeout), event re
ceived -32>
Hibernate: SELECT AAAA_CO_CD  from YYYYYY_COMPANY  where CO_CD = ?


https://support.oracle.com/knowledge/Middleware/1052919_1.html
Above link (which I don't have a login to Oracle) appears to indicate load testing could trigger BEA-000450 errors :
Anyone encountered this?

a) how can the penetration test proceed further?  By limiting the non-intrusive scan to 1 thread (we've reduced from 10 to 5)?
b) is there any patch or ways to fix this?
0
We have found Apache Struts Ver 1.x (yes, these are obsolete versions) bundled
with our Oracle Weblogic & Tomcat (& possibly in Oracle Financials which we're
reviewing).

Our apps colleagues said the applications don't make use of the Struts (though
we can't say with 100% certainty if any of the apps modules developed by past
app developers who had left did call the struts.jar).

Q1:
Does the presence of struts.* mean we are vulnerable or WL or Tomcat have to
call them (or in the codes, there are references to struts) for it to be vulnerable?

Q2:
What's the best practice?  To deinstall struts (since our apps colleagues said it's
not being used) or to upgrade to current version that offers patches (& keep
patching them)?

Q3:
To deinstall struts for WL, Tomcat & Oracle Financials, do we just remove the
struts.* files or is there a recommended way to deinstall?  We're on Solaris
10 and RHEL6
0
I created a  JSP page to upload files from this  example:
https://www.javacodegeeks.com/2013/08/file-upload-example-in-servlet-and-jsp.html

I followed this to the T and it comes back with this error message after I click on upload. I have enclosed the complete source int the ZIP with the pom file

Here is the error:

HTTP Status 500 – Internal Server Error
Type Exception Report

Message Error instantiating servlet class [FileUploadHandler]

Description The server encountered an unexpected condition that prevented it from fulfilling the request.

Exception

javax.servlet.ServletException: Error instantiating servlet class [FileUploadHandler]
      org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496)
      org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
      org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
      org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
      org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
      org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
      org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
      org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1468)
      org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
      …
0
I want http://server.mydomain.org to take me straight to the java app.
What do I need to do to make that happen?

http://server.mydomain.org takes me to the Tomcat GUI.
http://server.mydomain.org/javaapp takes me to the java app.

i'm using this conf file.  It's the only site enabled.
<VirtualHost server.mydomain.org>
ServerName server.mydomain.org
ServerAlias server.mydomain.org
ProxyRequests off
ProxyPreserveHost on
ProxyPass / http://server.mydomain.org:8080/
ProxyPassReverse / http://server.mydomain.org:8080/
</VirtualHost>


The usual stuff. This is not enabled.
000-default
<VirtualHost *80>
#ServerName www.example.com  commented out.
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR]/error.log
CustomLog $[APACHE_LOG_DIR]/access.log combined
</VirtualHOst>

#vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Java 1.8.0
Tomcat 9.0.12
Apache 2.4
Debian 9.5

I have read doc's from Apache, and several from Digital Ocean, and others.
I just don't get it.
0
Whi can iam confirm a java script in any other mobile device and any other emaaddress and run it confidentialy please suggest me that what is the process to run the files that can,t be support the device.thease are the files mean java files or non supported files system can,t be display like zip files,axp,jpg,txt,docx,xisx,pdf,or more forms files.or a video format files that can be have to downloaded queue but system does not support to play and run thank you again
0
please advise the clear steps..
How to make log rotation by file size in apache-tomcat
0
I have a java project(using struts) running under weblogic app server in production without any problem. however, after i migrate it to the Tomcat app server, it always report the following error message for a specific action.

Error creating form bean of class org.apache.commons.beanutils.LazyDynaBean
java.lang.NoClassDefFoundError: org/apache/commons/validator/ValidatorException
      at org.apache.struts.config.FormBeanConfig.createActionForm(FormBeanConfig.java:219)
      at org.apache.struts.util.RequestUtils.createActionForm(RequestUtils.java:292)
      at org.apache.struts.util.RequestUtils.createActionForm(RequestUtils.java:191)

the tomcat server enviroment is below:

[root@server85 logs]# cat catalina.out 
01-Sep-2018 19:25:25.637 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version:        Apache Tomcat/9.0.5
01-Sep-2018 19:25:25.639 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Feb 6 2018 21:42:23 UTC
01-Sep-2018 19:25:25.639 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number:         9.0.5.0
01-Sep-2018 19:25:25.639 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Linux
01-Sep-2018 19:25:25.639 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            4.1.12-94.3.9.el7uek.x86_64
01-Sep-2018 19:25:25.639 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          

Open in new window

0
Announcing the Winners!
LVL 13
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

Q1:
What's the criteria / justifications for installing a WAF?
We were asked why there's a need & justify.

Q2:
So if we have a web server that is served to the public/Internet,
that's when we need one or even if there's applications server
such as java app servers (eg: Weblogic, Glassfish, JBoss), it's
applicable as well?

Q3:
Or as long as there's "Web application servers", WAF is
applicable & what's a "Web application servers"

Q4:
It's basically to circumvent applications vulnerabilities (eg: those
listed by OWASP)?  

Q5:
If applications are already coded strictly according to Secure
Coding (XSS, injection, CSRF, inputs validation, ...), do we still
need a WAF?  I've heard WAF protects against DDoS as well
but the ISP we hosted our web services already offerred
DDoS protection
0
Current:

CATALINA_OPTS="-Xmx14g \
-XX:MaxPermSize=4g \
-Xms8g \
-Denv=live \
-DcreditpalEnv=live \
-Djavax.net.ssl.keyStore=/opt/tomcat-deploy/val-conf/xer_certificate.p12 \
-Djavax.net.ssl.keyStorePassword=Monday \
-Djavax.net.ssl.keyStoreType=PKCS12 \
-Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=8085 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=true  \
-Dcom.sun.management.jmxremote.password.file=/opt/tomcat-deploy/conf/jmxremote.password \
-Dcom.sun.management.jmxremote.access.file=/opt/tomcat-deploy/conf/jmxremote.access"



I need to add an additional keyStoreType which will be PKCS7.

Proposed...

CATALINA_OPTS="-Xmx14g \
-XX:MaxPermSize=4g \
-Xms8g \
-Denv=live \
-DcreditpalEnv=live \
-Djavax.net.ssl.keyStore=/opt/tomcat-deploy/val-conf/xer_certificate.p12 \
-Djavax.net.ssl.keyStore=/opt/tomcat-deploy/val-conf/blah_certificate.p7b \
-Djavax.net.ssl.keyStorePassword=Monday \
-Djavax.net.ssl.keyStoreType=PKCS12 \
-Djavax.net.ssl.keyStoreType=PKCS7 \
-Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=8085 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=true  \
-Dcom.sun.management.jmxremote.password.file=/opt/tomcat-deploy/conf/jmxremote.password \
-Dcom.sun.management.jmxremote.access.file=/opt/tomcat-deploy/conf/jmxremote.access"

Will the proposed config changes cause any issues?
0
Hi Team,

According to my work, I have to run 7000+ sql statements in DB2 .I have the java code of the same.But by default DB2 java can only run 1338 dynamic statements at one time.
So what I was doing that Split the input data (7000 + ) into mulitiple txt files and run program more than 7 times .Each time I have to change the input path file.

Now  instead of running program 7+ times and manually changing input path everytime,I m trying to dynamically read all the input files from that folder.
Here I am attaching a part of my program only..only the method to read input file.
Below is the code for single input file case. Assume I have files named as a.txt,b.txt,c.txt.....etc.
Text file contains data in the below format:-
----------------------
abc-465747        
dfr-756372
---------------------
Existing code which executes fine  for single input file

declared input file path
static String fileName="C:\\Users\\john\\Desktop\\policies.txt";

Open in new window


main method.
 public static void main(String[] args)
        
    {
    Pre pd = new Pre();
   
      
    pd.read_Policy_list_file(fileNames);

//other methods as a part of my work
}

Open in new window


read+policy method
public void read_Policy_list_file (String fileName)
		{
			try
			{
				BufferedReader br = new BufferedReader(new FileReader(fileName));
				try {
				    StringBuilder sb = new StringBuilder();
				    String line = br.readLine();

				    while (line != null) 
				    {
				    
				

Open in new window

0
Hi,
I was making a spring web application. Where there are lot of handlers for GET request etc.
One thing came to my mind -
Suppose I make a GET request from my chrome browser from a particular tab.
And then in the response i add some values which gets back to this same chrome tab and machine.
How exactly does that happen.
How does a response object gets linked to a particular tab in a chrome broswer.

Also is it possible to send a response object without receiving a request object from spring to a particular machine and application.
I guess it should not be possible... But what makes it impossible.
Thanks
0
I need to secure a Glassfish Server in a Windows environment, it's running version Payara 4.1, I've requested the certificate using OpenSSL and now have the certificate from the provider GeoTrust but i'm struggling to now secure the web app.
0
hi am in window 7 having this error The JDK wasn't found in directory C:\PROGRA~1\Java\jdk1.6.0_43. am not able to install or untill the java software am geting this error
error3
0
I am trying below example

https://examples.javacodegeeks.com/enterprise-java/jms/apache-activemq-hello-world-example/


When i try to run the MEssageSender class how it ran even though there is existing Queue on ActiveMQ called JCG_QUEUE

package com.activemq.sender;

import javax.jms.Connection;
import javax.jms.ConnectionFactory;
import javax.jms.Destination;
import javax.jms.JMSException;
import javax.jms.MessageProducer;
import javax.jms.Session;
import javax.jms.TextMessage;

import org.apache.activemq.ActiveMQConnection;
import org.apache.activemq.ActiveMQConnectionFactory;

public class MessageSender {
	
	//URL of the JMS server. DEFAULT_BROKER_URL will just mean that JMS server is on localhost
	private static String url = ActiveMQConnection.DEFAULT_BROKER_URL;
	
	// default broker URL is : tcp://localhost:61616"
	private static String subject = "JCG_QUEUE"; // Queue Name.You can create any/many queue names as per your requirement.	
	
	public static void main(String[] args) throws JMSException {		
		// Getting JMS connection from the server and starting it
		ConnectionFactory connectionFactory = new ActiveMQConnectionFactory(url);
		Connection connection = connectionFactory.createConnection();
		connection.start();
		
		//Creating a non transactional session to send/receive JMS message.
		Session session = connection.createSession(false,
				Session.AUTO_ACKNOWLEDGE);	
		
		//Destination represents here our queue 'JCG_QUEUE' on the JMS server. 
		//The 

Open in new window

0
Hello all,

Currently, i am using smb server but now I want to change it into afp server.

what will be the exact way to change it and connect using afp server?

currently these library are used in the project:
import jcifs.smb.NtlmPasswordAuthentication;
import jcifs.smb.SmbFile;


Thanks in advance.

Regards
Amzad
1
Does some sort of it security baseline / hardening / security best practice document/check list for Jetty already exist?

If so where can it be found?
0
OWASP: Avoiding Hacker Tricks
LVL 13
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

I am using Active MQ 5.13.1 and Master/Slave Active MQ topology configured.
Slave node is getting stopped when database switch happens.

<-- Wrapper Stopped

Tried following auto reconnect configuration, from activemq.xml but no luck

     <persistenceAdapter>
                   			
    			<jdbcPersistenceAdapter dataDirectory="activemq-data" dataSource="#mssql-ds" lockKeepAlivePeriod="5000" > 
    				<locker>
    					<database-locker lockAcquireSleepInterval="30000" />
    				</locker>
    			</jdbcPersistenceAdapter>
    		</persistenceAdapter>

Open in new window

0
tomcat wont start in debug

where as tomcat is staring fine in regular mode.

i increased time out from 45 to 450 still similar error.

Server Tomcat v8.0 Server at localhost was unable to start within 450 seconds. If the server requires more time, try increasing the timeout in the server editor.
i wonder why server starts in regular mode but takes forever to start in debug mode.

regular startup happens in 10 seconds asap.

Aug 14, 2017 5:40:21 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'source' to 'org.eclipse.jst.jee.server:wsdlfirstws' did not find a matching property.
Aug 14, 2017 5:40:21 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server version:        Apache Tomcat/8.0.39
Aug 14, 2017 5:40:21 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server built:          Nov 9 2016 08:48:39 UTC
Aug 14, 2017 5:40:21 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Server number:         8.0.39.0
Aug 14, 2017 5:40:21 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: OS Name:               Windows 10
Aug 14, 2017 5:40:21 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: OS Version:            10.0
Aug 14, 2017 5:40:21 PM org.apache.catalina.startup.VersionLoggerListener log
INFO: Architecture:          amd64
Aug 14, 2017 5:40:21 PM org.apache.catalina.startup.VersionLoggerListener log…
0
Hello,
I am using javascript on frevvo.
How can I find cell value when a row is clicked on a table.

Regards
0
padserver/padErr.txt

==> /usr/local/pad/padserver/padOut.txt <==

---- java.library.path   ../lib/dll;/usr/local/pad\lib\dll\sys32

---- java.ext.dirs   /usr/java/jdk1.7.0_79/jre/lib/ext:/usr/local/pad/lib/ext



 checkFileInPath jspWin.dll   exists false

 checkFileInPath x25lyra.dll   exists false




==> /usr/local/pad/padserver/padErr.txt <==

java.lang.OutOfMemoryError: Java heap space

java.lang.OutOfMemoryError: Java heap space

java.lang.OutOfMemoryError: Java heap space

java.lang.OutOfMemoryError: Java heap space

java.lang.OutOfMemoryError: Java heap space

java.lang.OutOfMemoryError: Java heap space

java.lang.OutOfMemoryError: Java heap space

java.lang.OutOfMemoryError: Java heap space

java.lang.OutOfMemoryError: Java heap space

java.lang.OutOfMemoryError: Java heap space


Hi Experts

we get above Java heap space error on our servers due to this we face other issues on server. kindly help.
0
What does the "Wrap JDBC Objects " mean in GlassFish under Navigate to JDBC -> Connection Pools -> Derby Pool In the advanced tab ? When should it be enabled  ?

Thx
0
Hi,

In eclipse i have TestWeb project with bunch of jsp and html files in eclipse. I right clicked on it and copied. Then i pasted then eclipse asked name TestWeb2 ok? i said yes. I created TestWeb2. Now when i try to run TestWeb 2 tomcat9 complains

Could not publish server configuration for Tomcat v9.0 Server at localhost.
Multiple Contexts have a path of "/TestWeb".

how to change the context name or path so that i can run TestWeb2 project as well in tomcat ?
please advise
0

Java App Servers

Java application servers that support the Java EE platform and features include JOnAS from Object Web, WildFly (formerly JBoss AS) from JBoss, Geronimo from Apache, TomEE from Apache, Resin Java Application Server from Caucho Technology, Blazix from Desiderata Software, Enhydra Server from Enhydra.org, and GlassFish from Oracle. Commercial Java app servers include WebLogic by Oracle, WebSphere from IBM and the open source JBoss Enterprise Application Platform (JBoss EAP) by Red Hat.

Top Experts In
Java App Servers
<
Monthly
>