tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mekkelsen Madden, Steve" <Steve.MekkelsenMad...@pega.com>
Subject RE: SSL/TLS 8.5.3 upgrade from 8.0.32 using NIO2 url encoding issues
Date Wed, 06 Jul 2016 20:22:58 GMT
Here is the image I tried attaching.  Sorry about that.  https://ibin.co/2n9zIx3n9qUH.jpg


Regards,

Steve Mekkelsen Madden  |  Systems Engineer Fellow / DBA / Certified Scrum Master  | GCS
|  Pegasystems Inc.
Office: (617) 866.6023 | Mobile: (828) 729.9948 | Email: steve.mekkelsen.madden@pega.com |
www.pega.com


-----Original Message-----
From: Mekkelsen Madden, Steve 
Sent: Wednesday, July 06, 2016 3:44 PM
To: users@tomcat.apache.org
Subject: RE: SSL/TLS 8.5.3 upgrade from 8.0.32 using NIO2 url encoding issues

Thanks Felix. See below


-----Original Message-----
From: Felix Schumacher [mailto:felix.schumacher@internetallee.de]
Sent: Wednesday, July 06, 2016 3:29 PM
To: users@tomcat.apache.org
Subject: Re: SSL/TLS 8.5.3 upgrade from 8.0.32 using NIO2 url encoding issues

Am 06.07.2016 um 19:14 schrieb Mekkelsen Madden, Steve:
> This particular issue has raised a lot of issues in-house and we would greatly appreciate
a response from someone having more details on why NIO2 no longer works.
>
> Thanks!
>
>
> -----Original Message-----
> From: Mekkelsen Madden, Steve
> Sent: Friday, July 01, 2016 12:56 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: SSL/TLS 8.5.3 upgrade from 8.0.32 using NIO2 url encoding 
> issues
>
> Hi all,
>
> Is anyone aware of why after upgrading from Tomcat 8.0.32x64 (Windows) to 8.5.3x64 using
the connector protocol of: protocol="org.apache.coyote.http11.Http11Nio2Protocol"  fails with
url encoding errors?  Once it was changed back to protocol="org.apache.coyote.http11.Http11NioProtocol"
all the errors stopped.  This completely broke the application and made it unusable as the
xml being returned was not decoded and resulted in sax parse exceptions with our AJAX connections.
  I haven't found anything related to the protocol changing, only the parameters for the SSL/TLS
attributes which are in place and work.  It's almost like it's blocking the requests when
it should be unblocking the requests?  Thanks!!
Have you tried to compare the responses, that you get through the two connectors? Especially
the characters before the xml prolog would be interesting.
Do you get the same errors, when you are requesting the url without tls?

Regards,
  Felix

Steve: We did not try turning off TLS in this case since this is what was already enabled
in Production and required due to servers being accessible outside the network.  What the
engineer found is that Fiddler showed all XML content (all the strings) that is being sent
to and from the server were being encoded.  However, the XML content in fiddler does not have
the encoded content.  I've attached a screenshot showing the request if that helps.

>
> Database Type: Oracle 12c Linux x64
> Driver used: ojdbc7.jar
> Connector attribute: 	
> <Connector port="8443"
> 	protocol="org.apache.coyote.http11.Http11NioProtocol"
> 	maxThreads="150" disableUploadTimeout="true"
> 	SSLEnabled="true"
> 	sslDefaultHost="vgcspsteste1.rpega.com">
> 	 <SSLHostConfig hostName="ourserver.com">
> 		<Certificate certificateKeystoreFile="D:\certificates\ourcert.keystore" certificateKeystorePassword="*******"
certificateKeyAlias="ourAlias" type="RSA"/>
> 	 </SSLHostConfig>
> 	</Connector>
> An example of the error looks like the below:
> 23 Jun 2016 01:28:39,731 [sl-nio2-8443-exec-11] (ngineinterface.service.HttpAPI) ERROR:
Error adopting XML from post data com.pega.pegarules.pub.clipboard.InvalidStreamError: InvalidStream
com.pega.pegarules.data.internal.clipboard.XMLStream.newStream(String, StorageStream)	sax
parse error: Content is not allowed in prolog.
> From: (H64E3757ED751A9AEE78817056219F4F9:10.224.243.66)
> 	at com.pega.pegarules.data.internal.clipboard.XMLStream.newStream(XMLStream.java:477)
> 	at com.pega.pegarules.data.internal.clipboard.XMLStream.newStream(XMLStream.java:432)
> 	at com.pega.pegarules.data.internal.clipboard.ClipboardPageImpl.adoptXMLForm(ClipboardPageImpl.java:818)
> 	at com.pega.pegarules.session.internal.engineinterface.service.HttpAPI.mapInputData(HttpAPI.java:2481)
> 	at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.activityExecutionProlog(EngineAPI.java:554)
> 	at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.processRequestInner(EngineAPI.java:388)
> 	at sun.reflect.GeneratedMethodAccessor90.invoke(Unknown Source)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.lang.reflect.Method.invoke(Method.java:498)
> 	at com.pega.pegarules.session.internal.PRSessionProviderImpl.performTargetActionWithLock(PRSessionProviderImpl.java:1277)
> 	at com.pega.pegarules.session.internal.PRSessionProviderImpl.doWithRequestorLocked(PRSessionProviderImpl.java:1015)
> 	at com.pega.pegarules.session.internal.PRSessionProviderImpl.doWithRequestorLocked(PRSessionProviderImpl.java:848)
> 	at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.processRequest(EngineAPI.java:331)
> 	at com.pega.pegarules.session.internal.engineinterface.service.HttpAPI.invoke(HttpAPI.java:817)
> 	at com.pega.pegarules.session.internal.engineinterface.etier.impl.EngineImpl._invokeEngine_privact(EngineImpl.java:327)
> 	at com.pega.pegarules.session.internal.engineinterface.etier.impl.EngineImpl.invokeEngine(EngineImpl.java:270)
> 	at com.pega.pegarules.session.internal.engineinterface.etier.impl.EngineImpl.invokeEngine(EngineImpl.java:247)
> 	at com.pega.pegarules.priv.context.JNDIEnvironment.invokeEngineInner(JNDIEnvironment.java:278)
> 	at com.pega.pegarules.priv.context.JNDIEnvironment.invokeEngine(JNDIEnvironment.java:223)
> 	at com.pega.pegarules.web.impl.WebStandardImpl.makeEtierRequest(WebStandardImpl.java:574)
> 	at com.pega.pegarules.web.impl.WebStandardImpl.doPost(WebStandardImpl.java:374)
> 	at sun.reflect.GeneratedMethodAccessor89.invoke(Unknown Source)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.lang.reflect.Method.invoke(Method.java:498)
> 	at com.pega.pegarules.internal.bootstrap.PRBootstrap.invokeMethod(PRBootstrap.java:338)
> 	at com.pega.pegarules.internal.bootstrap.PRBootstrap.invokeMethodPropagatingThrowable(PRBootstrap.java:379)
> 	at com.pega.pegarules.boot.internal.extbridge.AppServerBridgeToPega.invokeMethodPropagatingThrowable(AppServerBridgeToPega.java:216)
> 	at com.pega.pegarules.boot.internal.extbridge.AppServerBridgeToPega.invokeMethod(AppServerBridgeToPega.java:265)
> 	at com.pega.pegarules.internal.web.servlet.WebStandardBoot.doPost(WebStandardBoot.java:118)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
> 	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
> 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
> 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
> 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
> 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:522)
> 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
> 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
> 	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
> 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
> 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
> 	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1110)
> 	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> 	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785)
> 	at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1627)
> 	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
> 	at org.apache.tomcat.util.net.AbstractEndpoint.processSocket(AbstractEndpoint.java:803)
> 	at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$4.completed(Nio2Endpoint.java:639)
> 	at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$4.completed(Nio2Endpoint.java:617)
> 	at org.apache.tomcat.util.net.SecureNio2Channel$1.completed(SecureNio2Channel.java:873)
> 	at org.apache.tomcat.util.net.SecureNio2Channel$1.completed(SecureNio2Channel.java:806)
> 	at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
> 	at sun.nio.ch.Invoker$2.run(Invoker.java:218)
> 	at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> 	at java.lang.Thread.run(Thread.java:745)
> Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is
not allowed in prolog.
> 	at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:203)
> 	at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:177)
> 	at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400)
> 	at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327)
> 	at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1438)
> 	at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:999)
> 	at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:606)
> 	at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510)
> 	at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:848)
> 	at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:777)
> 	at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
> 	at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)
> 	at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)
> 	at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl.parse(SAXParserImpl.java:327)
> 	at com.pega.pegarules.data.internal.clipboard.XMLStream.newStream(XMLStream.java:475)
> 	... 60 more
>
> Thanks,
>
> Steve Mekkelsen Madden  |  Systems Engineer Fellow / DBA / Certified Scrum Master  |
GCS |  Pegasystems Inc.
> Office: (617) 866.6023 | Mobile: (828) 729.9948 | Email: 
> steve.mekkelsen.madden@pega.com | www.pega.com
>
> Pega Discovery Network | Support Community | My Support Portal | 
> Contact Support
>
>    Pega Can | Evolve Your CRM | www.pega.com/PegaCan
>          
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message