How can we upgrade the WCC Tomcat server on Linux
search cancel

How can we upgrade the WCC Tomcat server on Linux

book

Article ID: 186688

calendar_today

Updated On:

Products

CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - System Agent (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) Workload Automation Agent Autosys Workload Automation

Issue/Introduction

Actual WCC Tomcat server is 8.5.37. We require to upgrade the Tomcat server to minimum version 8.5.50 to address some vulnerabilities that are fixed in this version.

Environment

Release : 11.4

Component : WORKLOAD CONTROL CENTER

Resolution

These steps are for Linux only.

Please follow below steps for custom upgrade of WCC Tomcat and Tomcat_32 server.

1. Stop the WCC services
 
 
2. Take a backup of $CA_WCC_INSTALL_LOCATION/tomcat

mv $CA_WCC_INSTALL_LOCATION/tomcat $CA_WCC_INSTALL_LOCATION/tomcat.old

 

3. Take a backup of $CA_WCC_INSTALL_LOCATION/tomcat_32

mv $CA_WCC_INSTALL_LOCATION/tomcat_32 $CA_WCC_INSTALL_LOCATION/tomcat_32.old

 

4. Download newer (for example 8.5.50) tomcat tar file and extract it at $CA_WCC_INSTALL_LOCATION

tar -xvf apache-tomcat-8.5.50.tar.gz
mv apache-tomcat-8.5.50 tomcat

    Repeat same step for Tomcat_32

tar -xvf apache-tomcat-8.5.50.tar.gz
mv apache-tomcat-8.5.50 tomcat_32
 
 
5. Copy “CA-wcc” directory from $CA_WCC_INSTALL_LOCATION/tomcat.old/bin to $CA_WCC_INSTALL_LOCATION/tomcat

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/bin/CA-wcc $CA_WCC_INSTALL_LOCATION/tomcat/bin/

 
6. Copy “wrapper” directory from $CA_WCC_INSTALL_LOCATION/tomcat.old/bin to $CA_WCC_INSTALL_LOCATION/tomcat/bin

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/bin/wrapper $CA_WCC_INSTALL_LOCATION/tomcat/bin/

    Repeat this step again from tomcat_32.old to tomcat_32

 
7. Copy “log4j.properties” file from $CA_WCC_INSTALL_LOCATION/tomcat.old/conf to $CA_WCC_INSTALL_LOCATION/tomcat/conf

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/conf/log4j.properties $CA_WCC_INSTALL_LOCATION/tomcat/conf/

    Repeat this step again from tomcat_32.old to tomcat_32

 

8. Copy “wrapper.conf” file from $CA_WCC_INSTALL_LOCATION/tomcat.old/conf to $CA_WCC_INSTALL_LOCATION/tomcat/conf

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/conf/wrapper.conf $CA_WCC_INSTALL_LOCATION/tomcat/conf/

    Repeat this step again from tomcat_32.old to tomcat_32

 

9. Replace “catalina.properties” file existing in $CA_WCC_INSTALL_LOCATION/tomcat/conf with $CA_WCC_INSTALL_LOCATION/tomcat.old/conf

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/conf/catalina.properties $CA_WCC_INSTALL_LOCATION/tomcat/conf/

    Repeat this step again from tomcat_32.old to tomcat_32

 

10. Replace “context.xml” file existing in $CA_WCC_INSTALL_LOCATION/tomcat/conf with $CA_WCC_INSTALL_LOCATION/tomcat.old/conf

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/conf/context.xml $CA_WCC_INSTALL_LOCATION/tomcat/conf/

      Repeat this step again from tomcat_32.old to tomcat_32

 

11. Copy below jar files from tomcat.lib/lib to tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/access*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/apache-mime4j-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/asm-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/bc-fips-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/commons-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/db-resources-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/derbyclient-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/eclipselink-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/eem-safex-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/flow-model-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/hazelcast-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/httpclient-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/httpcore-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/httpmime-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/jcip-annotations-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/jpa-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/json-smart-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/log4j-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/mssql-jdbc-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/nimbus-jose-jwt-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/not-yet-commons-ssl-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/ojdbc7-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/security-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/snakeyaml-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/ujccapi-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/libwrapper-linux-*.so $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/wrapper.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/xercesImpl-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/xml-apis-*.jar $CA_WCC_INSTALL_LOCATION/tomcat/lib

cp $CA_WCC_INSTALL_LOCATION/tomcat.old/lib/wrapper $CA_WCC_INSTALL_LOCATION/tomcat/lib/

      Repeat this step again to copy all the jars from tomcat_32.old to tomcat_32

Example:  cp $CA_WCC_INSTALL_LOCATION/tomcat_32.old/lib/wrapper $CA_WCC_INSTALL_LOCATION/tomcat_32/lib/

 

12. Delete the folders present in $CA_WCC_INSTALL_LOCATION/tomcat/webapps

rm -rf $CA_WCC_INSTALL_LOCATION/tomcat/webapps/*

      Repeat this step again with tomcat_32

 

13. Copy the webapps folder from $CA_WCC_INSTALL_LOCATION/tomcat.old/ to $CA_WCC_INSTALL_LOCATION/tomcat/

cp -a $CA_WCC_INSTALL_LOCATION/tomcat.old/webapps/. $CA_WCC_INSTALL_LOCATION/tomcat/webapps/

      Repeat this step again from tomcat_32.old to tomcat_32

 

Tomcat changes

14. Following changes to be made for $CA_WCC_INSTALL_LOCATION/tomcat/conf/web.xml
 
  • Replace

<!--

    <filter>

        <filter-name>httpHeaderSecurity</filter-name>

        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>

        <async-supported>true</async-supported>

    </filter>

-->

 With

<filter>

        <filter-name>httpHeaderSecurity</filter-name>

        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>

        <init-param>

            <param-name>hstsEnabled</param-name>

            <param-value>true</param-value>

        </init-param>

        <init-param>

            <param-name>hstsMaxAgeSeconds</param-name>

            <param-value>31536000</param-value>

        </init-param>

        <init-param>

            <param-name>antiClickJackingEnabled</param-name>

            <param-value>false</param-value>

        </init-param>

        <init-param>

            <param-name>blockContentTypeSniffingEnabled</param-name>

            <param-value>true</param-value>

        </init-param>

        <init-param>

            <param-name>xssProtectionEnabled</param-name>

            <param-value>true</param-value>

        </init-param>

        <async-supported>true</async-supported>

    </filter>

 

  • Replace

<!--

    <filter-mapping>

        <filter-name>httpHeaderSecurity</filter-name>

        <url-pattern>/*</url-pattern>

        <dispatcher>REQUEST</dispatcher>

    </filter-mapping>

-->

With

<filter-mapping>

        <filter-name>httpHeaderSecurity</filter-name>

        <url-pattern>/*</url-pattern>

        <dispatcher>REQUEST</dispatcher>

    </filter-mapping>

 

  • Replace

<mime-mapping>

        <extension>otf</extension>

        <mime-type>font/otf</mime-type>

    </mime-mapping>

 With

    <mime-mapping>

        <extension>otf</extension>

        <mime-type>application/x-font-otf</mime-type>

    </mime-mapping>

 

  • Replace

<mime-mapping>

        <extension>ttc</extension>

        <mime-type>font/collection</mime-type>

    </mime-mapping>

    <mime-mapping>

        <extension>ttf</extension>

        <mime-type>font/ttf</mime-type>

    </mime-mapping>

With

<mime-mapping>

        <extension>ttc</extension>

        <mime-type>application/x-font-ttf</mime-type>

    </mime-mapping>

    <mime-mapping>

        <extension>ttf</extension>

        <mime-type>application/x-font-ttf</mime-type>

    </mime-mapping>

 

  • Replace

<mime-mapping>

        <extension>woff</extension>

        <mime-type>font/woff</mime-type>

    </mime-mapping>

    <mime-mapping>

        <extension>woff2</extension>

        <mime-type>font/woff2</mime-type>

    </mime-mapping>

With

    <mime-mapping>

        <extension>woff</extension>

        <mime-type>application/x-font-woff</mime-type>

    </mime-mapping>

 

15. Changes in in $CA_WCC_INSTALL_LOCATION/tomcat/conf/server.xml
 
Note: please use a xml-editor to edit the server.xml file as it will makes things easier to change rather than using 'vi' editor
 
  • Delete the commented lines (<!-- and -->) inside Server start and end tag (<Server>…</Server>)
     Note: Purpose is to remove all comment lines to get a cleaner server.xml file.
 
 
  • Replace
  •  

<Server port="8005" shutdown="SHUTDOWN">      (8005 is the port)

With

<Server port="8005" shutdown="">

 

  • Replace

<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

With

<Listener className="com.ca.wcc.cluster.resources.WccGlobalResourcesLifecycleListener"/>

       

  • Replace content between <GlobalNamingResources> … </GlobalNamingResources>
Example:

  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

With  content within <GlobalNamingResources> … </GlobalNamingResources> in $CA_WCC_INSTALL_LOCATION/tomcat.old/conf/server.xml

Example: 

   <GlobalNamingResources>
         <Resource auth="Container" factory="org.apache.naming.factory.BeanFactory"
                name="bean/JFMBeanFactory" type="com.ca.wcc.db.jdm.JobFlowModel" />

         <Resource name="bean/AccessProviderFactory_WCC" auth="Container"
               type="com.ca.uejm.access.authentication.IAccessProvider" factory="com.ca.wcc.access.resources.WccAccessProviderFactory" />
 
         <Resource name="bean/AccessProviderFactory_AUTOSYS" auth="Container"
               type="com.ca.uejm.access.authentication.IAccessProvider" factory="com.ca.wcc.access.resources.AutosysAccessProviderFactory" />
   
          <Resource name="jdbc/wccDatabase" prefix="wcc"
               factory="org.apache.naming.factory.BeanFactory" auth="Container" type="com.ca.wcc.dbresource.datasource.WccDataSource" />

          <Resource name="jdbc/reportingDatabase" prefix="reporting"
                factory="org.apache.naming.factory.BeanFactory" auth="Container" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
   
          <Resource name="bean/clusterInstance" auth="Container"
               type="com.hazelcast.core.HazelcastInstance" factory="com.ca.wcc.cluster.resources.WccClusterProviderFactory" clusterConnection="client" />
 </GlobalNamingResources>

 

  • Replace <Connector> tags            (There may be multiple)
Example:

    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

With <Connector> from $CA_WCC_INSTALL_LOCATION/tomcat.old/conf/server.xml

Example:

  <Connector acceptCount="100" clientAuth="false"
   disableUploadTimeout="true" enableLookups="false"
   keystoreFile="/opt/CA/WorkloadCC/data/config/.keystore"
   maxThreads="150" minSpareThreads="25"
   port="8443" scheme="https" secure="true"
   protocol="HTTP/1.1" SSLEnabled="true" sslProtocol="TLS"
   URIEncoding="UTF-8" compression="on" keystorePass="changeit" keyAlias="tomcat"
   compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css,application/x-javascript,application/javascript,application/json"
   useSendfile="false"
   server="WCC" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" />

Note: lines in red might be different in your environment

 

  • Replace <Engine name="Catalina" defaultHost="localhost">
....
....   
</Engine>

Example:

    <Engine name="Catalina" defaultHost="localhost">
       <Realm className="org.apache.catalina.realm.LockOutRealm">
         <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>
      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
      </Host>
    </Engine>

With <Engine name="Catalina" defaulthost="localhost">  from $CA_WCC_INSTALL_LOCATION/tomcat.old/conf/server.xml

....
....   
</Engine>
 
Example:

  <Engine name="Catalina" defaultHost="localhost">
   <Host name="localhost" appBase="webapps" unpackWARs="false" autoDeploy="false" deployOnStartup="false"  startStopThreads="8"
    errorReportValveClass="com.ca.wcc.catalina.WccReportErrorValve"   >

    <Valve className="com.ca.wcc.catalina.EncodingValve" encoding="UTF-8" />
    <Valve className="com.ca.wcc.catalina.ContentSecurityPolicyValve" enable="true" value="default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self' blob:;"/>

    <!--  WCC contextes 
    Note: it would be better to get rid of the resourceLinks but i dont know how
    -->
    <Context path="/wcc/doc" docBase="../../doc" cookies="false" />

    <Context path="/wcc/1collector" docBase="collector" >
     <Manager className="com.ca.wcc.catalina.session.WCCSessionManager"/>
     <ResourceLink name="bean/JFMBeanFactory" global="bean/JFMBeanFactory" type="com.ca.wcc.db.jdm.JobFlowModel" />
     <ResourceLink name="jdbc/reportingDatabase" global="jdbc/reportingDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
     <ResourceLink name="jdbc/wccDatabase" global="jdbc/wccDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
     <ResourceLink name="bean/AccessProviderFactory_WCC" global="bean/AccessProviderFactory_WCC" type="com.ca.uejm.access.authentication.IAccessProvider" />
     <ResourceLink name="bean/AccessProviderFactory_AUTOSYS" global="bean/AccessProviderFactory_AUTOSYS" type="com.ca.uejm.access.authentication.IAccessProvider" />
     <ResourceLink name="bean/clusterInstance" global="bean/clusterInstance" type="com.hazelcast.core.HazelcastInstance" />
    </Context>
    <Context path="/wcc/app-editor" docBase="app-editor" >
       <Manager className="com.ca.wcc.catalina.session.WCCSessionManager"/>
       <ResourceLink name="bean/JFMBeanFactory" global="bean/JFMBeanFactory" type="com.ca.wcc.db.jdm.JobFlowModel" />
       <ResourceLink name="jdbc/reportingDatabase" global="jdbc/reportingDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="jdbc/wccDatabase" global="jdbc/wccDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="bean/AccessProviderFactory_WCC" global="bean/AccessProviderFactory_WCC" type="com.ca.uejm.access.authentication.IAccessProvider" />
       <ResourceLink name="bean/AccessProviderFactory_AUTOSYS" global="bean/AccessProviderFactory_AUTOSYS" type="com.ca.uejm.access.authentication.IAccessProvider" />
       <ResourceLink name="bean/clusterInstance" global="bean/clusterInstance" type="com.hazelcast.core.HazelcastInstance" />
    </Context>
    <Context path="/wcc/castylesr5.1.3" docBase="castylesr5.1.3" >
       <Manager className="com.ca.wcc.catalina.session.WCCSessionManager"/>
       <ResourceLink name="bean/JFMBeanFactory" global="bean/JFMBeanFactory" type="com.ca.wcc.db.jdm.JobFlowModel" />
       <ResourceLink name="jdbc/reportingDatabase" global="jdbc/reportingDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="jdbc/wccDatabase" global="jdbc/wccDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="bean/AccessProviderFactory_WCC" global="bean/AccessProviderFactory_WCC" type="com.ca.uejm.access.authentication.IAccessProvider" />
       <ResourceLink name="bean/AccessProviderFactory_AUTOSYS" global="bean/AccessProviderFactory_AUTOSYS" type="com.ca.uejm.access.authentication.IAccessProvider" />
       <ResourceLink name="bean/clusterInstance" global="bean/clusterInstance" type="com.hazelcast.core.HazelcastInstance" />
     </Context>
    <Context path="/wcc/configuration" docBase="configuration" >
       <Manager className="com.ca.wcc.catalina.session.WCCSessionManager"/>
       <ResourceLink name="bean/JFMBeanFactory" global="bean/JFMBeanFactory" type="com.ca.wcc.db.jdm.JobFlowModel" />
       <ResourceLink name="jdbc/reportingDatabase" global="jdbc/reportingDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="jdbc/wccDatabase" global="jdbc/wccDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="bean/AccessProviderFactory_WCC" global="bean/AccessProviderFactory_WCC" type="com.ca.uejm.access.authentication.IAccessProvider" />
       <ResourceLink name="bean/AccessProviderFactory_AUTOSYS" global="bean/AccessProviderFactory_AUTOSYS" type="com.ca.uejm.access.authentication.IAccessProvider" />
          <ResourceLink name="bean/clusterInstance" global="bean/clusterInstance" type="com.hazelcast.core.HazelcastInstance" />
    </Context>
    <Context path="/wcc/ecli" docBase="ecli" >
       <Manager className="com.ca.wcc.catalina.session.WCCSessionManager"/>
       <ResourceLink name="bean/JFMBeanFactory" global="bean/JFMBeanFactory" type="com.ca.wcc.db.jdm.JobFlowModel" />
       <ResourceLink name="jdbc/reportingDatabase" global="jdbc/reportingDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="jdbc/wccDatabase" global="jdbc/wccDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="bean/AccessProviderFactory_WCC" global="bean/AccessProviderFactory_WCC" type="com.ca.uejm.access.authentication.IAccessProvider" />
       <ResourceLink name="bean/AccessProviderFactory_AUTOSYS" global="bean/AccessProviderFactory_AUTOSYS" type="com.ca.uejm.access.authentication.IAccessProvider" />
          <ResourceLink name="bean/clusterInstance" global="bean/clusterInstance" type="com.hazelcast.core.HazelcastInstance" />
    </Context>
    <Context path="/wcc/forecast" docBase="forecast" >
       <Manager className="com.ca.wcc.catalina.session.WCCSessionManager"/>
       <ResourceLink name="bean/JFMBeanFactory" global="bean/JFMBeanFactory" type="com.ca.wcc.db.jdm.JobFlowModel" />
       <ResourceLink name="jdbc/reportingDatabase" global="jdbc/reportingDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="jdbc/wccDatabase" global="jdbc/wccDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="bean/AccessProviderFactory_WCC" global="bean/AccessProviderFactory_WCC" type="com.ca.uejm.access.authentication.IAccessProvider" />
       <ResourceLink name="bean/AccessProviderFactory_AUTOSYS" global="bean/AccessProviderFactory_AUTOSYS" type="com.ca.uejm.access.authentication.IAccessProvider" />
          <ResourceLink name="bean/clusterInstance" global="bean/clusterInstance" type="com.hazelcast.core.HazelcastInstance" />
    </Context>
    <Context path="/wcc/jsc-rest" docBase="jsc-rest" >
       <Manager className="com.ca.wcc.catalina.session.WCCSessionManager"/>
       <ResourceLink name="bean/JFMBeanFactory" global="bean/JFMBeanFactory" type="com.ca.wcc.db.jdm.JobFlowModel" />
       <ResourceLink name="jdbc/reportingDatabase" global="jdbc/reportingDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="jdbc/wccDatabase" global="jdbc/wccDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="bean/AccessProviderFactory_WCC" global="bean/AccessProviderFactory_WCC" type="com.ca.uejm.access.authentication.IAccessProvider" />
       <ResourceLink name="bean/AccessProviderFactory_AUTOSYS" global="bean/AccessProviderFactory_AUTOSYS" type="com.ca.uejm.access.authentication.IAccessProvider" />
          <ResourceLink name="bean/clusterInstance" global="bean/clusterInstance" type="com.hazelcast.core.HazelcastInstance" />
    </Context>
    <Context path="/wcc/monitoring" docBase="monitoring" >
       <Manager className="com.ca.wcc.catalina.session.WCCSessionManager"/>
       <ResourceLink name="bean/JFMBeanFactory" global="bean/JFMBeanFactory" type="com.ca.wcc.db.jdm.JobFlowModel" />
       <ResourceLink name="jdbc/reportingDatabase" global="jdbc/reportingDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="jdbc/wccDatabase" global="jdbc/wccDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="bean/AccessProviderFactory_WCC" global="bean/AccessProviderFactory_WCC" type="com.ca.uejm.access.authentication.IAccessProvider" />
       <ResourceLink name="bean/AccessProviderFactory_AUTOSYS" global="bean/AccessProviderFactory_AUTOSYS" type="com.ca.uejm.access.authentication.IAccessProvider" />
          <ResourceLink name="bean/clusterInstance" global="bean/clusterInstance" type="com.hazelcast.core.HazelcastInstance" />
    </Context>
    <Context path="/wcc/quick-edit" docBase="quick-edit" >
       <Manager className="com.ca.wcc.catalina.session.WCCSessionManager"/>
       <ResourceLink name="bean/JFMBeanFactory" global="bean/JFMBeanFactory" type="com.ca.wcc.db.jdm.JobFlowModel" />
       <ResourceLink name="jdbc/reportingDatabase" global="jdbc/reportingDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="jdbc/wccDatabase" global="jdbc/wccDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="bean/AccessProviderFactory_WCC" global="bean/AccessProviderFactory_WCC" type="com.ca.uejm.access.authentication.IAccessProvider" />
       <ResourceLink name="bean/AccessProviderFactory_AUTOSYS" global="bean/AccessProviderFactory_AUTOSYS" type="com.ca.uejm.access.authentication.IAccessProvider" />
          <ResourceLink name="bean/clusterInstance" global="bean/clusterInstance" type="com.hazelcast.core.HazelcastInstance" />
    </Context>
    <Context path="/wcc/quickview" docBase="quickview" >
       <Manager className="com.ca.wcc.catalina.session.WCCSessionManager"/>
       <ResourceLink name="bean/JFMBeanFactory" global="bean/JFMBeanFactory" type="com.ca.wcc.db.jdm.JobFlowModel" />
       <ResourceLink name="jdbc/reportingDatabase" global="jdbc/reportingDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="jdbc/wccDatabase" global="jdbc/wccDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="bean/AccessProviderFactory_WCC" global="bean/AccessProviderFactory_WCC" type="com.ca.uejm.access.authentication.IAccessProvider" />
       <ResourceLink name="bean/AccessProviderFactory_AUTOSYS" global="bean/AccessProviderFactory_AUTOSYS" type="com.ca.uejm.access.authentication.IAccessProvider" />
          <ResourceLink name="bean/clusterInstance" global="bean/clusterInstance" type="com.hazelcast.core.HazelcastInstance" />
    </Context>
    <Context path="/wcc/reporting-rest" docBase="reporting-rest" >
       <Manager className="com.ca.wcc.catalina.session.WCCSessionManager"/>
       <ResourceLink name="bean/JFMBeanFactory" global="bean/JFMBeanFactory" type="com.ca.wcc.db.jdm.JobFlowModel" />
       <ResourceLink name="jdbc/reportingDatabase" global="jdbc/reportingDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="jdbc/wccDatabase" global="jdbc/wccDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="bean/AccessProviderFactory_WCC" global="bean/AccessProviderFactory_WCC" type="com.ca.uejm.access.authentication.IAccessProvider" />
       <ResourceLink name="bean/AccessProviderFactory_AUTOSYS" global="bean/AccessProviderFactory_AUTOSYS" type="com.ca.uejm.access.authentication.IAccessProvider" />
          <ResourceLink name="bean/clusterInstance" global="bean/clusterInstance" type="com.hazelcast.core.HazelcastInstance" />
    </Context>
    <Context path="/wcc/resources" docBase="resources" >
       <Manager className="com.ca.wcc.catalina.session.WCCSessionManager"/>
       <ResourceLink name="bean/JFMBeanFactory" global="bean/JFMBeanFactory" type="com.ca.wcc.db.jdm.JobFlowModel" />
       <ResourceLink name="jdbc/reportingDatabase" global="jdbc/reportingDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="jdbc/wccDatabase" global="jdbc/wccDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="bean/AccessProviderFactory_WCC" global="bean/AccessProviderFactory_WCC" type="com.ca.uejm.access.authentication.IAccessProvider" />
       <ResourceLink name="bean/AccessProviderFactory_AUTOSYS" global="bean/AccessProviderFactory_AUTOSYS" type="com.ca.uejm.access.authentication.IAccessProvider" />
       <ResourceLink name="bean/clusterInstance" global="bean/clusterInstance" type="com.hazelcast.core.HazelcastInstance" />
    </Context>   
    <Context path="/wcc/rest" docBase="rest" >
       <Manager className="com.ca.wcc.catalina.session.WCCSessionManager"/>
       <ResourceLink name="bean/JFMBeanFactory" global="bean/JFMBeanFactory" type="com.ca.wcc.db.jdm.JobFlowModel" />
       <ResourceLink name="jdbc/reportingDatabase" global="jdbc/reportingDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="jdbc/wccDatabase" global="jdbc/wccDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="bean/AccessProviderFactory_WCC" global="bean/AccessProviderFactory_WCC" type="com.ca.uejm.access.authentication.IAccessProvider" />
       <ResourceLink name="bean/AccessProviderFactory_AUTOSYS" global="bean/AccessProviderFactory_AUTOSYS" type="com.ca.uejm.access.authentication.IAccessProvider" />
          <ResourceLink name="bean/clusterInstance" global="bean/clusterInstance" type="com.hazelcast.core.HazelcastInstance" />
    </Context>
    <Context path="/wcc/ui" docBase="wcc" >
       <Manager className="com.ca.wcc.catalina.session.WCCSessionManager"/>
       <ResourceLink name="bean/JFMBeanFactory" global="bean/JFMBeanFactory" type="com.ca.wcc.db.jdm.JobFlowModel" />
       <ResourceLink name="jdbc/reportingDatabase" global="jdbc/reportingDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="jdbc/wccDatabase" global="jdbc/wccDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
       <ResourceLink name="bean/AccessProviderFactory_WCC" global="bean/AccessProviderFactory_WCC" type="com.ca.uejm.access.authentication.IAccessProvider" />
       <ResourceLink name="bean/AccessProviderFactory_AUTOSYS" global="bean/AccessProviderFactory_AUTOSYS" type="com.ca.uejm.access.authentication.IAccessProvider" />
          <ResourceLink name="bean/clusterInstance" global="bean/clusterInstance" type="com.hazelcast.core.HazelcastInstance" />
    </Context>
    <Context path="/wcc/asi" docBase="asi" >
     <Manager className="com.ca.wcc.catalina.session.WCCSessionManager"/>
     <ResourceLink name="jdbc/wccDatabase" global="jdbc/wccDatabase" type="com.ca.wcc.dbresource.datasource.WccDataSource" />
     <ResourceLink name="bean/clusterInstance" global="bean/clusterInstance" type="com.hazelcast.core.HazelcastInstance" />
    </Context>
    <!-- end of  WCC contextes -->
    
    <!-- the root context is used for having  a nice 404 and redirecting -->
    <Context path="/" docBase="ROOT" ></Context>

   </Host>
  </Engine>

 Note: Please check if there is any customizations for these tags.

 

Tomcat 32 bit changes

16. Copy “CA-wcc-services” from $CA_WCC_INSTALL_LOCATION/tomcat_32.old/bin to $CA_WCC_INSTALL_LOCATION/tomcat_32/bin/

cp $CA_WCC_INSTALL_LOCATION/tomcat_32.old/bin/CA-wcc-services $CA_WCC_INSTALL_LOCATION/tomcat_32/bin/

 

17. Changes in $CA_WCC_INSTALL_LOCATION/tomcat_32/conf/web.xml
 
  • Replace

<mime-mapping>

        <extension>otf</extension>

        <mime-type>font/otf</mime-type>

    </mime-mapping>

With

    <mime-mapping>

        <extension>otf</extension>

        <mime-type>application/x-font-otf</mime-type>

    </mime-mapping>

 

  • Replace

<mime-mapping>

        <extension>ttc</extension>

        <mime-type>font/collection</mime-type>

    </mime-mapping>

    <mime-mapping>

        <extension>ttf</extension>

        <mime-type>font/ttf</mime-type>

    </mime-mapping>

With

<mime-mapping>

        <extension>ttc</extension>

        <mime-type>application/x-font-ttf</mime-type>

    </mime-mapping>

    <mime-mapping>

        <extension>ttf</extension>

        <mime-type>application/x-font-ttf</mime-type>

    </mime-mapping>

 

  • Replace

<mime-mapping>

        <extension>woff</extension>

        <mime-type>font/woff</mime-type>

    </mime-mapping>

    <mime-mapping>

        <extension>woff2</extension>

        <mime-type>font/woff2</mime-type>

    </mime-mapping> 

With    

<mime-mapping>

        <extension>woff</extension>

        <mime-type>application/x-font-woff</mime-type>

    </mime-mapping> 

 

18. Changes in $CA_WCC_INSTALL_LOCATION/tomcat_32/conf/server.xml
 
Note: please use a xml-editor to edit the server.xml file as it will makes things easier to change rather than using 'vi' editor
 
  • Delete the commented lines (<!-- and -->) inside Server start and end tag (<Server>…</Server>)
    Note: Purpose is to remove all comment lines to get a cleaner server.xml file.
 
 
  • Replace

<Server port="8005" shutdown="SHUTDOWN">               (8005 is the server port)

  with

<Server port="10133" shutdown="">                                   (10133 is the server port)

 

  • Replace

<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

with

<Listener className="com.ca.wcc.cluster.resources.WccGlobalResourcesLifecycleListener"/>

 

  • Replace content within  <GlobalNamingResources> … </GlobalNamingResources>
Example:

  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

With content within <GlobalNamingResources> … </GlobalNamingResources> in $CA_WCC_INSTALL_LOCATION/tomcat_32.old/conf/server.xml

Example: 

  <GlobalNamingResources>
         <Resource name="jdbc/wccDatabase" prefix="wcc"
                 factory="org.apache.naming.factory.BeanFactory" auth="Container"
                 type="com.ca.wcc.dbresource.datasource.WccDataSource" />

        <Resource name="jdbc/reportingDatabase" prefix="reporting"
               factory="org.apache.naming.factory.BeanFactory" auth="Container"
               type="com.ca.wcc.dbresource.datasource.WccDataSource" />
  
          <Resource name="bean/clusterInstance" auth="Container"
               type="com.hazelcast.core.HazelcastInstance" factory="com.ca.wcc.cluster.resources.WccClusterProviderFactory" clusterConnection="instance" />
  </GlobalNamingResources>

 

  • Replace <Connector> tags            (There may be multiple)
Example:

    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

With <Connector> from $CA_WCC_INSTALL_LOCATION/tomcat_32.old/conf/server.xml

Example:

  <Connector acceptCount="100" clientAuth="false" address="127.0.0.1"
            disableUploadTimeout="true" enableLookups="false"
            maxThreads="400" minSpareThreads="25" port="10132" scheme="http"
            protocol="HTTP/1.1" URIEncoding="UTF-8" compression="on"
            compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css,application/x-javascript" 
            server="WCC" />

  • Replace <Engine name="Catalina" defaultHost="localhost">
Example:


<Engine name="Catalina" defaultHost="localhost">

....
....
</Engine>

with <Engine name="Catalina" defaultHost="localhost"> from $CA_WCC_INSTALL_LOCATION/tomcat_32.old/conf/server.xml

Example:

  <Engine name="Catalina" defaultHost="localhost">
          <Host name="localhost" appBase="webapps" unpackWARs="true"
                autoDeploy="true" startStopThreads="4">
          </Host>
  </Engine>

Note: Please check if there is any customizations for these tags.

 

19. Change owner to tomcat and tomcat_32 folders
 

chown -R wcc tomcat
chown -R wcc tomcat_32

chgrp -R wcc tomcat
chgrp -R wcc tomcat_32

chmod 0750 $CA_WCC_INSTALL_LOCATION/tomcat/bin/CA-wcc*
chmod 0750 $CA_WCC_INSTALL_LOCATION/tomcat_32/bin/CA-wcc*

chown root  $CA_WCC_INSTALL_LOCATION/tomcat/bin/CA-wcc*
chown root  $CA_WCC_INSTALL_LOCATION/tomcat_32/bin/CA-wcc*

chmod -R 700 $CA_WCC_INSTALL_LOCATION/tomcat/conf
chmod -R 700 $CA_WCC_INSTALL_LOCATION/tomcat_32/conf

 

20. Start the WCC services.

 

 

 

Additional Information

You can find more information on tomcat vulnerabilities on following url

Apache Tomcat 8.x vulnerabilities

 

Powered by Wolken Software