Tomcat

From John Freier
Revision as of 10:11, 28 June 2017 by Jfreier (Talk | contribs) (SSL)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Debug Mode - TOMCAT 6

To start Tomcat in debug listing mode add jpda to the argument list 

Example
In startup.bat
call "%EXECUTABLE%" jpda start %CMD_LINE_ARGS%


A Clean Up Script - TOMCAT 6

This is a clean up script to get rid of CACHE and LOGS.

%TOMCAT%/cleanup.bat 

cd c:/dev/tomcat/apache-tomcat-6.0.32

cd ./temp
rm -fr *
cd ..

cd ./work
rm -fr *
cd ..

cd ./logs
rm -fr *
cd ..

Enable Remote JMX - TOMCAT 6

To enable remote JMX follow the steps.

1. Create a file %TOMCAT%/bin/setenv.bat

2. Add the following lines. 

 REM Enable Remote JMX
 set CATALINA_OPTS=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8686 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false

Add A Classpath - TOMCAT 6

This will bring all the files in a certian director in to the tomcat classpath. Great for server side property files.

Windows

1. Create a file %TOMCAT%/bin/setenv.bat

2. Add the following lines. 

set "CLASSPATH=%CLASSPATH%;%CATALINA_HOME%/../foldername"

Unix based

1. Create a file %TOMCAT%/bin/setenv.sh

2. Add the following lines. 

 CLASSPATH=${CLASSPATH}:${CATALINA_HOME}/../properties

Increase Memmory - TOMCAT 6

This will boost the memory that Tomcat uses.

1. Create a file %TOMCAT%/bin/setenv.bat

2. Add the following lines. 

set "JAVA_OPTS=%JAVA_OPTS% -Xms1536m -Xmx1536m -XX:PermSize=128m -XX:MaxPermSize=128m -XX:NewSize=768m -XX:MaxNewSize=768m -XX:+UseParNewGC -XX:+UseTLAB -XX:+UseConcMarkSweepGC"

SSL

To create a 2 way SSL connection using tomcat spring boot.

Create CA 

 openssl req -newkey rsa:2048 -nodes -keyform PEM -keyout ca.key -x509 -days 3650 -outform PEM -out ca.cer

Create Server Key 

 openssl genrsa -out server.key 2048

Create Server signing request - * Make the unit name or common name different then CA 

 openssl req -new -key server.key -out server.req

Issue server certificate 

 openssl x509 -req -in server.req -CA ca.cer -CAkey ca.key -set_serial 100 -extensions server -days 365 -outform PEM -out server.cer

Create server *.p12 

 openssl pkcs12 -export -in server.cer -inkey server.key -chain -CAfile ca.pem -name "tomcat" -out server.p12

Create server java keystore - Tomcat java spring boot app requires that you have the p12 and keystore. I believe it uses the keystore file and not the java environment keystore, which you could use, but Ilike handling files better. 

 keytool -import -alias server -file ca.cer -storepass changeit -keystore server.keystore

Create client key. This is for 2-way ssl. 

 openssl genrsa -out client.key 2048

Create client signing request. Make sure the unit or common name is different. 

 openssl req -new -key client.key -out client.req

Issue the client certificate. 

 openssl x509 -req -in client.req -CA ca.cer -CAkey ca.key -set_serial 101 -extensions client -days 365 -outform PEM -out client.cer

Create the client p12 file. Most apps like this. 

 openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12

Spring Boot Source package com.example; 

 import org.apache.catalina.connector.Connector;
 import org.apache.coyote.http11.Http11NioProtocol;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;
 import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
 import org.springframework.context.annotation.Bean;
 
 @SpringBootApplication
 public class DemoApplication {
 
     @Value("${key:'\'}")
     private String keystoreProperty = "";
     
     @Value("${sshPort}")
     private int port = 8443;
 
     public static void main(String[] args) {
         SpringApplication.run(DemoApplication.class, args);
     }
 
     @Bean
     public EmbeddedServletContainerFactory servletContainer() {
         TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory();
         tomcat.addAdditionalTomcatConnectors(createSslConnector());
         return tomcat;
     }
 
     private Connector createSslConnector() {
 
         Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
         Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
 
         connector.setScheme("https");
         connector.setSecure(true);
         connector.setPort(port);
 
         protocol.setKeystoreFile("{path}/server.p12");
         protocol.setKeystorePass("changeit");
         protocol.setKeystoreType("PKCS12");
         protocol.setKeyAlias("tomcat");
         protocol.setTruststoreFile("{path}/tomcat.keystore");
         protocol.setTruststorePass("changeit");
         
         protocol.setSSLEnabled(true);
         protocol.setSSLVerifyClient("require");
         protocol.setSSLVerifyDepth(1);
         protocol.setSslProtocol("TLSv1");
 
         return connector;
 
     }
 
 }

Debugging To debug from the client - This will show the hand shake between client and server from the clients view. 

 openssl s_client -connect localhost:8443 -cert client.cer -key client.key -CAfile ca.cer -tls1

To debug from the server - Add the following property to tomcat or spring boot. Tomcat - add to the $TOMCAT_HOME/bin/catalinea.sh 

 JAVA_OPTS  -Djavax.net.debug=ssl

Spring Boot - Add the parameter 

 mvn spring-boot:run -Djavax.net.debug=ssl

Resources https://makandracards.com/jan0sch/24553-import-private-key-and-certificate-into-java-keystore http://prasenjitdas235.blogspot.com/2014/11/2-way-ssl-with-example.html

Retrieved from "http://wiki.johnfreier.com/index.php?title=Tomcat&oldid=842"