Skip to main content

Tomcat RCE Vulnerability via JSP Upload Bypass

By Apache TomEE, Open Source, Tomcat, TomEE No Comments

Tomitribe’s Jonathan Gallimore (@jongallimore) explains how easy it is to exploit a simple configuration vulnerability in Apache Tomcat and take over your entire server. He also explains how easy it is to prevent this from happening with a simple configuration change. This is an older exploit but one that may not be patched on your own installation. Watch the video to ensure you are protected! Tomitribe’s Enterprise Support service works with Sonatype to monitor all reported vulnerabilities to Tomcat, TomEE, and ActiveMQ to help protect our customers from malicious hackers. Learn more about how we help protect our customers here.

Read More

Singleton Session Beans: Eager initialization and ordering

By Apache TomEE, Jakarta EE, Java EE, TomEE No Comments

Tomitribe support customers often use Java Singleton EJBs, and while powerful the sequence of startup and initialize can be confusing. This tutorial will help explain how Singleton EJB’s can be eagerly initialized at application startup and how we can define a priority during this process. Review EJB Annotations Before jumping into the code let’s do a recap of the following annotations used in this blog post: @Singleton Component-defining annotation for a singleton session bean. @Startup Marks a singleton bean for eager initialization during the application startup sequence. @DependsOn Used to express an initialization dependency between singleton components. The container ensures…

Read More

CRUD with TomEE, MicroProfile, and REST

By Apache TomEE, Java EE, MicroProfile, Open Source, TomEE 3 Comments
In this article, we are going to learn how to create a REST API using Java EE 8, MicroProfile, Hibernate, PostgreSQL and the TomEE application server. It's really easy and fun to develop Java EE 8 applications. Tools You Will Need: Maven 3.3+ JDK 1.8 PostgreSQL Note: We will not go through the process of how to install the needed tools in this tutorial. Generate the Project We will use the MicroProfile starter to generate our application. Go to start.microprofile.io and enter the details as follows: groupId: org.superbiz artifactId: blog MicroProfile Version: 2.0.1 MicroProfile Server: Apache TomEE 8.0.0-M2 Examples for...
Read More

The Flexibility and Power of MDBs, Illustrated

By ActiveMQ, Apache TomEE, Open Source, TomEE No Comments

Tomitribe supports many organizations that use Message-Driven Beans in production with TomEE. This post is derived from experience working with those organizations to improve their system performance and software architecture. Previously we published a MDB tutorial followed by a deeper dive in the article “MBD-to-MDB Messaging: Harness the Power of the River Delta“. This week we’ll provide an illustrated example of how MDBs can work together to create flexible and powerful messaging system. JMS The Java Messaging Service (JMS) is a standard for sending messages between clients using a messaging broker. The concepts behind JMS, queues, and topics are explained…

Read More

Upgrading TomEE: Keeping jettison as the JSON provider in JAX-RS

By Apache TomEE, Java EE, Open Source, TomEE No Comments

In this article, we are going to learn how to configure on TomEE 7.x or later with the legacy JSON provider used by TomEE 1.7.x. This scenario is useful when you are migrating JAX-RS based applications and want to keep the legacy JSON processing from the Jettison library (v1.3.7) used by TomEE 1.7.x. Since TomEE 7.x, The Johnzon library has been the default provider because it implements the JSON-P_1.1 (JSR-353) and JSON-B_1.0 (JSR-367) specifications. Application and Server configurations In order to enable Jettison as the JSON provider for TomEE 7.x or later you need to execute the following changes: In…

Read More

MBD-to-MDB Messaging: Harness the Power of the River Delta

By ActiveMQ, Apache TomEE, Open Source, TomEE No Comments

Tomitribe supports many of organizations that use ActiveMQ, JMS, and Message-Driven Beans in production with TomEE. This post is derived from experience working with those organizations to improve their system performance and software architecture. The idea behind yesterday’s MDB tutorial was to divide up the work of spidering a web page among three different MDBs each with a specific purpose. This division of labor is an important concept in messaging in general and MDBs in particular. This article shows how MDBs can communicate with outside applications as well as other MDBs in a Java EE application server. This latter capability,…

Read More

5 Minutes or Less: Message-Driven Beans with ActiveMQ and TomEE

By ActiveMQ, Apache TomEE, Open Source, TomEE 6 Comments

Tomitribe supports many of organizations that use ActiveMQ, JMS, and Message-Driven Beans in production with TomEE. This post is derived from experience working with those organizations to improve their system performance and software architecture. When you have finished the tutorial you may be interested in a deeper discussion of what the tutorial is designed to teach you about MDBs. For that, proceed to “MBD-to-MDB Messaging: Harness the Power of the River Delta” which explains how MDBs can be used to create a river delta-like architecture. The tutorial contains three MDBs and one stand-alone JMS client. The purpose of the system…

Read More

Debug mode in Docker for Tomcat and TomEE

By Apache TomEE, Docker, ES, Open Source, Tomcat, TomEE One Comment

Remote debugging is a common practice for troubleshooting issues in software development. If you are using Tomcat or TomEE with Docker containers as part of your stack you can find various techniques to enable debug capabilities in these types of containers: 1. Create a custom Docker image by extending an existing official one[1] 2. Extensive customization of CATALINA_OPSTS[2] However, both approaches require extra steps in some scenarios. Below I share the simplest method I have used to do remote debugging in Apache Tomcat and Apache TomEE with a Docker image: $ $ docker run -it -p 8080:8080 -p 8000:8000 -e…

Read More

Free Cookbook of 166 Java EE Code Examples

By Apache TomEE, Jakarta EE, Java EE, Open Source, TomEE No Comments

A point of pride for the TomEE community is a large library of examples contained in the TomEE GitHub project. Whenever you clone or otherwise download the TomEE GitHub project you get nearly fourteen dozen examples you can review and run to learn more, not just about TomEE, but Java EE in general. The examples are like a free, code-centric cookbook that covers everything from programming a simple Java web application to CDI interceptors, to WebSockets with TLS Security. With 166 coded examples to choose from it seems there is something for everyone. Getting started with TomEE and running its…

Read More

Docker y debug de Apache Tomcat y TomEE

By Apache TomEE, Docker, ES, Open Source, Tomcat, TomEE No Comments

El debug remoto es una práctica común para investigación de problemas de microservicios. Si estas utilizando contenedores Docker Apache Tomcat o Apache TomEE, en la web puedes encontrar varias técnicas como lo son: 1. Extender una imagen oficial y personalizar[1] 2. Utilizar personalización extensiva de CATALINA_OPTS[2] Sin embargo ambos enfoques requieren extra pasos aplicables para algunos escenarios. A continuación les comparto la forma más sencilla que he utilizado para poder hacer debug remoto en Apache Tomcat y Apache TomEE: $ $ docker run -it -p 8080:8080 -p 8000:8000 -e CATALINA_OPTS=”-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8000″ tomcat:9.0.17-jre11 Anatomía de las opciones utilizadas: docker run Comando para…

Read More