Tomitribe’s Jonathan Gallimore (@jongallimore) explains how easy it is to exploit a simple configuration vulnerability in Apache Tomcat and take over your entire server. He also explains how easy it is to prevent this from happening with a simple configuration change. This is an older exploit but one that may not be patched on your own installation. Watch the video to ensure you are protected! Tomitribe’s Enterprise Support service works with Sonatype to monitor all reported vulnerabilities to Tomcat, TomEE, and ActiveMQ to help protect our customers from malicious hackers. Learn more about how we help protect our customers here.
Tomitribe support customers often use Java Singleton EJBs, and while powerful the sequence of startup and initialize can be confusing. This tutorial will help explain how Singleton EJB’s can be eagerly initialized at application startup and how we can define a priority during this process. Review EJB Annotations Before jumping into the code let’s do a recap of the following annotations used in this blog post: @Singleton Component-defining annotation for a singleton session bean. @Startup Marks a singleton bean for eager initialization during the application startup sequence. @DependsOn Used to express an initialization dependency between singleton components. The container ensures…
Tomitribe supports many organizations that use Message-Driven Beans in production with TomEE. This post is derived from experience working with those organizations to improve their system performance and software architecture. Previously we published a MDB tutorial followed by a deeper dive in the article “MBD-to-MDB Messaging: Harness the Power of the River Delta“. This week we’ll provide an illustrated example of how MDBs can work together to create flexible and powerful messaging system. JMS The Java Messaging Service (JMS) is a standard for sending messages between clients using a messaging broker. The concepts behind JMS, queues, and topics are explained…
In this article, we are going to learn how to configure on TomEE 7.x or later with the legacy JSON provider used by TomEE 1.7.x. This scenario is useful when you are migrating JAX-RS based applications and want to keep the legacy JSON processing from the Jettison library (v1.3.7) used by TomEE 1.7.x. Since TomEE 7.x, The Johnzon library has been the default provider because it implements the JSON-P_1.1 (JSR-353) and JSON-B_1.0 (JSR-367) specifications. Application and Server configurations In order to enable Jettison as the JSON provider for TomEE 7.x or later you need to execute the following changes: In…
Tomitribe supports many of organizations that use ActiveMQ, JMS, and Message-Driven Beans in production with TomEE. This post is derived from experience working with those organizations to improve their system performance and software architecture. The idea behind yesterday’s MDB tutorial was to divide up the work of spidering a web page among three different MDBs each with a specific purpose. This division of labor is an important concept in messaging in general and MDBs in particular. This article shows how MDBs can communicate with outside applications as well as other MDBs in a Java EE application server. This latter capability,…
Tomitribe supports many of organizations that use ActiveMQ, JMS, and Message-Driven Beans in production with TomEE. This post is derived from experience working with those organizations to improve their system performance and software architecture. When you have finished the tutorial you may be interested in a deeper discussion of what the tutorial is designed to teach you about MDBs. For that, proceed to “MBD-to-MDB Messaging: Harness the Power of the River Delta” which explains how MDBs can be used to create a river delta-like architecture. The tutorial contains three MDBs and one stand-alone JMS client. The purpose of the system…
Remote debugging is a common practice for troubleshooting issues in software development. If you are using Tomcat or TomEE with Docker containers as part of your stack you can find various techniques to enable debug capabilities in these types of containers: 1. Create a custom Docker image by extending an existing official one[1] 2. Extensive customization of CATALINA_OPSTS[2] However, both approaches require extra steps in some scenarios. Below I share the simplest method I have used to do remote debugging in Apache Tomcat and Apache TomEE with a Docker image: $ $ docker run -it -p 8080:8080 -p 8000:8000 -e…
A point of pride for the TomEE community is a large library of examples contained in the TomEE GitHub project. Whenever you clone or otherwise download the TomEE GitHub project you get nearly fourteen dozen examples you can review and run to learn more, not just about TomEE, but Java EE in general. The examples are like a free, code-centric cookbook that covers everything from programming a simple Java web application to CDI interceptors, to WebSockets with TLS Security. With 166 coded examples to choose from it seems there is something for everyone. Getting started with TomEE and running its…
El debug remoto es una práctica común para investigación de problemas de microservicios. Si estas utilizando contenedores Docker Apache Tomcat o Apache TomEE, en la web puedes encontrar varias técnicas como lo son: 1. Extender una imagen oficial y personalizar[1] 2. Utilizar personalización extensiva de CATALINA_OPTS[2] Sin embargo ambos enfoques requieren extra pasos aplicables para algunos escenarios. A continuación les comparto la forma más sencilla que he utilizado para poder hacer debug remoto en Apache Tomcat y Apache TomEE: $ $ docker run -it -p 8080:8080 -p 8000:8000 -e CATALINA_OPTS=”-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8000″ tomcat:9.0.17-jre11 Anatomía de las opciones utilizadas: docker run Comando para…