Tomcat password visible in TOMCAT STDERR
search cancel

Tomcat password visible in TOMCAT STDERR

book

Article ID: 251920

calendar_today

Updated On:

Products

COMMON SERVICES FOR Z/OS

Issue/Introduction

In the STDERR of the TOMCAT STC, the content of the Tomcat configuration dataset, server.xml is displayed in plain text and therefore the password of the TOMCAT is also displayed. 

<Certificate type="RSA" certificateKeystorePassword="displayed-password"                                                                               
certificateKeystoreFile="/keystore/displayed_keystore"                                                                    
 certificateKeyAlias="displayed-certificate"                                                                                                                          
 />    


Environment

COMMON SERVICES 15.0 - z/OS supported releases - 

Resolution

In $CATALINA_BASE/conf/logging.properties add this line: 
org.apache.catalina.startup.Catalina.level = WARNING


Then in the member of the dataset associated to the STDENV DD, add these java options: 

IJO="$IJO -Djava.util.logging.config.file=$CATALINA_BASE/conf/logging.properties"
IJO="$IJO -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager"


This should leave the contents of server.xml out of the joblog.  However, this will also suppress these messages:

Server initialization in [] milliseconds
Server startup in [] milliseconds 

After these modifications, the content of the server.xml and the keystore should no longer be displayed in the log.

In addition, even if the following boot information:

Server initialization in [] milliseconds
Server startup in [] milliseconds

no longer appear, the line: 

17.05.51 STC43769 BPXM023I (XXXX) CATC0002I CA-CCS Tomcat started in: 11113 ms (Apache Tomcat/9.0.56)

always appears, which allows to confirm that Tomcat has started correctly.