How to set -Dorg.apache.el.parser.COERCE_TO_ZERO=false programmatically

You can set the system properties programmatically using System#setProperty(). System.setProperty(“org.apache.el.parser.COERCE_TO_ZERO”, “false”); However, you need to ensure that this is been set before JSF/EL ever get initialized. Best place would be a ServletContextListener. public class Config implements ServletContextListener { @Override public void contextInitialized(ServletContextEvent event) { System.setProperty(“org.apache.el.parser.COERCE_TO_ZERO”, “false”); } @Override public void contextDestroyed(ServletContextEvent event) { // NOOP … Read more

Is security-constraint configuration for Tomcat mandatory?

No, it’s not necessary. It means that your web application only available through HTTPS (and not available through HTTP). If you omit the <transport-guarantee>CONFIDENTIAL</transport-guarantee> tag (or the whole <security-constraint>) your application will be available through both HTTP and HTTPS. If your web.xml contains <transport-guarantee>CONFIDENTIAL</transport-guarantee> Tomcat automatically redirects the requests to the SSL port if you … Read more

Using Apache httpclient for https

I put together this test app to reproduce the issue using the HTTP testing framework from the Apache HttpClient package: ClassLoader cl = HCTest.class.getClassLoader(); URL url = cl.getResource(“test.keystore”); KeyStore keystore = KeyStore.getInstance(“jks”); char[] pwd = “nopassword”.toCharArray(); keystore.load(url.openStream(), pwd); TrustManagerFactory tmf = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm()); tmf.init(keystore); TrustManager[] tm = tmf.getTrustManagers(); KeyManagerFactory kmfactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm()); kmfactory.init(keystore, pwd); … Read more

How to avoid storing passwords in the clear for tomcat’s server.xml Resource definition of a DataSource?

As said before encrypting passwords is just moving the problem somewhere else. Anyway, it’s quite simple. Just write a class with static fields for your secret key and so on, and static methods to encrypt, decrypt your passwords. Encrypt your password in Tomcat’s configuration file (server.xml or yourapp.xml…) using this class. And to decrypt the … Read more

How does Tomcat locate the webapps directory?

It can be changed in the $CATALINA_BASE/conf/server.xml in the <Host />. See the Tomcat documentation, specifically the section in regards to the Host container: Tomcat 6 Configuration Tomcat 7 Configuration The default is webapps relative to the $CATALINA_BASE. An absolute pathname can be used.

Tomcat: Cache-Control

Since Tomcat 7 there is a container provided expires filter that may help. See: Tomcat 10: Tomcat 9: Tomcat 8: Tomcat 7: Tomcat 6 (unofficial backport): ExpiresFilter is a Java Servlet API port of Apache mod_expires. This filter controls the setting of the Expires HTTP header and the max-age directive … Read more

Tomcat – CATALINA_BASE and CATALINA_HOME variables

If you are running multiple instances of Tomcat on a single host you should set CATALINA_BASE to be equal to the …/tomcat_instance1 or …/tomcat_instance2 directory as appropriate for each instance and the CATALINA_HOME environment variable to the common Tomcat installation whose files will be shared between the two instances. The CATALINA_BASE environment is optional if … Read more