You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "James H. H. Lampert" <ja...@touchtonecorp.com> on 2020/01/07 02:10:41 UTC

Curl problem with reloadSslHostConfigs, Re: Let's Encrypt with Tomcat?

Dear Mr. Schultz, et al.:

The manager password on this Tomcat server has an embedded curly brace, 
and an embedded question mark.

If I do this (the names have been changed to protect the innocent, and 
the -k!)

> curl -k "https://foo:b?a{r@localhost:8443/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocolHandler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22&op=reloadSslHostConfigs"

I get curl: (3) [globbing] unmatched brace in column xx

If I change the curly brace to "%7B," I get:

> curl -k "https://foo:b?a%7Br@localhost:8443/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocolHandler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22&op=reloadSslHostConfigs"

I get curl: (3) Port number ended with 'n'

And if I put the user-ID and password in with a -u clause on curl, 
rather than in the URL itself, I get "Unauthorized."

What is wrong here? Are there characters it simply can't tolerate in 
passwords, even if URL-escaped?

Or do I need to give the manager user an additional role? Currently, I have:
<user username="foo" password="b?a{r" roles="manager-gui"/>

--
JHHL

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Curl problem with reloadSslHostConfigs, Re: Let's Encrypt with Tomcat?

Posted by Christopher Schultz <ch...@christopherschultz.net>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

James,

On 1/6/20 9:10 PM, James H. H. Lampert wrote:
> Dear Mr. Schultz, et al.:
> 
> The manager password on this Tomcat server has an embedded curly
> brace, and an embedded question mark.
> 
> If I do this (the names have been changed to protect the innocent,
> and the -k!)
> 
>> curl -k 
>> "https://foo:b?a{r@localhost:8443/manager/jmxproxy?invoke=Catalina%3A
type%3DProtocolHandler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22&op=relo
adSslHostConfigs"
>>
>
>> 
> I get curl: (3) [globbing] unmatched brace in column xx
> 
> If I change the curly brace to "%7B," I get:
> 
>> curl -k 
>> "https://foo:b?a%7Br@localhost:8443/manager/jmxproxy?invoke=Catalina%
3Atype%3DProtocolHandler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22&op=re
loadSslHostConfigs"
>>
>
>> 
> I get curl: (3) Port number ended with 'n'
> 
> And if I put the user-ID and password in with a -u clause on curl, 
> rather than in the URL itself, I get "Unauthorized."
> 
> What is wrong here? Are there characters it simply can't tolerate
> in passwords, even if URL-escaped?
> 
> Or do I need to give the manager user an additional role?
> Currently, I have: <user username="foo" password="b?a{r"
> roles="manager-gui"/>

You need another role. The role necessary for jmxproxy is "manager-jmx".

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4Up+EACgkQHPApP6U8
pFjy0xAAmwbNbBSnW5mydxPPSD5OXyJW13wmLtZy2BoMyV5E6HR9wu/u79i27VbI
qfNoIMk3K1wAKNTzuBOtM+cUgXaiFBZeehXuN9lF2AvqiOnp948n3JXrY2JvAovk
Adr3tsx+21nZgNVaVTsEezdKcad+odCRVWER52eVKdnz8In3oh4bWXOEcHQ6T22o
/o+JvQY0kjrRFGMWGHGUu7EvtzM+zawf3RDMuRD2xdhMv3MWhH5o5nrt4DalglUU
qhvZQ5RfVcjMNC43clCjdRhoz7hhCAkf6GTCkqQmVGW0KYP4x8yGxM2NFV0ft8Vc
/DJiy3h3rX6j4lE1c7XXDksUqfPx70h8RJ1ApzcYumXrGxHDUsvYzkuzsGQCBMSF
5qo1lRCgK+qaITNuc9nZIhKdtai3iojjCUr0VNN9+3wI61rNBlncPyIRrNJR2pS7
m6IeML1cKxE7c4sWr7Th4egM+NOX65E4oyv1X6vqpWZYL5TrB2Eys+zcPdG981KI
OF06FybbBW4XDpyv9ECTE9gmtqiw0LYLTz8bg9ytRqOfCgSCmUxVzIc9CTk0glgZ
3AJA8QElFlibnORB7rD1nagDBO4VYmcSXnttHrXf47jjtchWEF+cI24IUUZnbWKb
+yVgFfBJS4mqIIe7IvxYjL2I2bMTx+FWGf7erAm+/WYbMt8DAEE=
=bHGS
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Curl problem with reloadSslHostConfigs, Re: Let's Encrypt with Tomcat?

Posted by Zahid Rahman <za...@gmail.com>.

https://stackoverflow.com/questions/17560858/command-prompt-having-trouble-escaping-quotes-and-braces

You can use curl -g to turn off globbing:

On Tue, 7 Jan 2020, 02:11 James H. H. Lampert, <ja...@touchtonecorp.com>
wrote:

> Dear Mr. Schultz, et al.:
>
> The manager password on this Tomcat server has an embedded curly brace,
> and an embedded question mark.
>
> If I do this (the names have been changed to protect the innocent, and
> the -k!)
>
> > curl -k "https://foo:b?a{r@localhost
> :8443/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocolHandler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22&op=reloadSslHostConfigs"
>
> I get curl: (3) [globbing] unmatched brace in column xx
>
> If I change the curly brace to "%7B," I get:
>
> > curl -k "https://foo:b?a%7Br@localhost
> :8443/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocolHandler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22&op=reloadSslHostConfigs"
>
> I get curl: (3) Port number ended with 'n'
>
> And if I put the user-ID and password in with a -u clause on curl,
> rather than in the URL itself, I get "Unauthorized."
>
> What is wrong here? Are there characters it simply can't tolerate in
> passwords, even if URL-escaped?
>
> Or do I need to give the manager user an additional role? Currently, I
> have:
> <user username="foo" password="b?a{r" roles="manager-gui"/>
>
> --
> JHHL
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>