You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by "at.silk" <at...@everis.com> on 2013/11/29 14:55:14 UTC

Tomcat exception in CoyoteAdapter

Hi,

I'm a senior consultant and I contact you to talk about an exception that we receive in a Tomcat class.

Few days ago we get an error in an application integrated with Tomcat. The exception is raised by Tomcat so a blank page is displayed in our portal application.
We have tried to get information about it but we don't find any solution, so we would like to know if you are aware about this issue. 

The exception is related to session expiration, and concretely is produced in this section:
 [org\apache\catalina\connector\CoyoteAdapter.java]
      Method parseSessionSslId:
	request.setRequestedSessionId(request.getAttribute(SSLSupport.SESSION_ID_KEY).toString());
	request.setRequestedSessionSSL(true);

The exception is raised when the session id is empty due to we have an expired session. We have protected with a try catch this code section and now our application does not receive the error and we can see our page displayed, obviously with the invalid session.

Context:
- Tomcat version: 7.0.25
- OS: Linux distribution
- Liferay 6.1GA1 portal integrated with Tomcat
- We don't negotiate user session by the sessionid with the cookie but with the certificate.
- Tomcat server.xml configuration:
	<!-- Define an AJP 1.3 Connector on port 8009 -->
	<Connector URIEncoding="UTF-8" port="8009" protocol="AJP/1.3" redirectPort="8080" scheme="http" secure="false" />
	<!-- Define an AJP 1.3 Connector on port 8010 -->
	<Connector URIEncoding="UTF-8" port="8010" protocol="AJP/1.3" redirectPort="8443" scheme="https" secure="true" />
	<Connector URIEncoding="UTF-8" port="8080" connectionTimeout="20000" protocol="HTTP/1.1"/>
	<Connector URIEncoding="UTF-8" port="8443" protocol="HTTP/1.1" SSLEnabled="true" clientAuth="false" keystoreFile="xxx" keystorePass="yyy" keystoreType="PKCS12" maxThreads="150" scheme="https" secure="true" sslProtocol="TLS"/>     


Do you think that it could be considered for next Tomcat versions?

Thanks. Kind regards,
AT Silk.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

RE: Tomcat exception in CoyoteAdapter

Posted by "Caldarale, Charles R" <Ch...@unisys.com>.

> From: Mark Thomas [mailto:markt@apache.org] 
> Subject: Re: Tomcat exception in CoyoteAdapter

> > <!-- Define an AJP 1.3 Connector on port 8009 -->
> > <Connector URIEncoding="UTF-8" port="8009" protocol="AJP/1.3" 
> > redirectPort="8080" scheme="http" secure="false"
 . . .
> > <Connector URIEncoding="UTF-8" port="8080" connectionTimeout="20000"
> > protocol="HTTP/1.1"/>

> With a better explanation of what is going on and why this is a Tomcat bug, maybe.

Note the likely invalid <Connector> configuration, where the AJP redirectPort is for a non-SSL <Connector>.

It's also rather odd to have two AJP connectors, one on port 8009, the other on 8010.

And of course, this discussion should be on the users' list, not here.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: Tomcat exception in CoyoteAdapter

Posted by Mark Thomas <ma...@apache.org>.

On 29/11/2013 13:55, at.silk wrote:
> Hi,
> 
> I'm a senior consultant and I contact you to talk about an exception
> that we receive in a Tomcat class.
> 
> Few days ago we get an error in an application integrated with
> Tomcat. The exception is raised by Tomcat so a blank page is
> displayed in our portal application. We have tried to get information
> about it but we don't find any solution, so we would like to know if
> you are aware about this issue.
> 
> The exception is related to session expiration, and concretely is
> produced in this section: 
> [org\apache\catalina\connector\CoyoteAdapter.java] Method
> parseSessionSslId: 
> request.setRequestedSessionId(request.getAttribute(SSLSupport.SESSION_ID_KEY).toString());
>
> request.setRequestedSessionSSL(true);
> 
> The exception is raised when the session id is empty due to we have
> an expired session.

How is that possible? If there is no SSL session the client should not
be able to send a request to Tomcat since that would mean that the HTTPS
connection had not been established. Since this code is only triggered
when parsing a request from the client this error should never be observed.

> We have protected with a try catch this code
> section and now our application does not receive the error and we can
> see our page displayed, obviously with the invalid session.
> 
> Context: - Tomcat version: 7.0.25 - OS: Linux distribution - Liferay
> 6.1GA1 portal integrated with Tomcat - We don't negotiate user
> session by the sessionid with the cookie but with the certificate. -
> Tomcat server.xml configuration: <!-- Define an AJP 1.3 Connector on
> port 8009 --> <Connector URIEncoding="UTF-8" port="8009"
> protocol="AJP/1.3" redirectPort="8080" scheme="http" secure="false"
> /> <!-- Define an AJP 1.3 Connector on port 8010 --> <Connector
> URIEncoding="UTF-8" port="8010" protocol="AJP/1.3"
> redirectPort="8443" scheme="https" secure="true" /> <Connector
> URIEncoding="UTF-8" port="8080" connectionTimeout="20000"
> protocol="HTTP/1.1"/> <Connector URIEncoding="UTF-8" port="8443"
> protocol="HTTP/1.1" SSLEnabled="true" clientAuth="false"
> keystoreFile="xxx" keystorePass="yyy" keystoreType="PKCS12"
> maxThreads="150" scheme="https" secure="true" sslProtocol="TLS"/>
> 
> Do you think that it could be considered for next Tomcat versions?

Based on the information provided to date, no. With a better explanation
of what is going on and why this is a Tomcat bug, maybe.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org