Endevor web services with Java 21 and CCS Tomcat 10
search cancel

Endevor web services with Java 21 and CCS Tomcat 10

book

Article ID: 432293

calendar_today

Updated On:

Products

Endevor

Issue/Introduction

Attempting to start the Endevor web services Tomcat job WSTOMSTC, using Java 21 and CCS Tomcat 10.1.46, and run into the following error:

Feb 24, 2026 4:40:24 PM org.apache.catalina.util.LifecycleBase handleSubClassException
 SEVERE: Failed to initialize component [Connector["https-jsse-nio-8443"]]
 org.apache.catalina.LifecycleException: Protocol handler initialization failed

...

Caused by: java.lang.IllegalArgumentException: No SSLHostConfig element was found with the hostName [_default_] to match the default
 SSLHostConfigName for the connector [https-jsse-nio-8443]

 

And 

 SEVERE: Servlet [CXFServlet] in web application [/EndevorService] threw load() exception
 java.lang.ClassCastException: com.ca.endevor.cxf.EndevorCXFNonSpringServlet incompatible with jakarta.servlet.Servlet

 

 

Environment

Endevor V19

Web Services

Cause

Need to apply Endevor PTF LU15084 for CCS Tomcat 10 support and update the Web Service. This update adds Jakarta EE compatibility, which is required for CCS Tomcat 10 as Jakarta EE replaces the Java EE APIs used in previous versions of Tomcat.

Be aware that the server.xml configuration in Tomcat 10 uses a different format than Tomcat 8 and 9. Specifically, Tomcat 10 requires explicit <SSLHostConfig> and <Certificate> elements within the SSL connector configuration.

Resolution

Apply Endevor PTF LU15084. 

Then run WSTOMINS to reinstall Endevor web services by setting:

ACTION=INSTALL
CLEAN_ENDEVOR_TOMCAT_INSTANCE=Y

 

Once Web Services is successfully installed, customize server.xml SSL configuration section, notice the presence of <SSLHostConfig> and <Certificate> elements within the SSL connector.  

Additionally, for Java 11 and above, if Keyring is used for SSL configuration:

Change "safkeyring" to "safkeyringjce"                
Change the algorithm="IbmX509" to algorithm="SunX509"

 

Here is the sample SSL configuration (using Java  21, CCS Tomcat 10 and Keyring):


    <Connector port="${connector.ssl.port}" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               SSLEnabled="true" maxParameterCount="1000"
               compressibleMimeType="text/html,text/css,text/javascript"
               compression="on"
               useSendfile="false"
               acceptCount="100" scheme="https" secure="true"
               sslImplementationName="com.ca.sslsocket.CASSLImplementation" >
        <SSLHostConfig keyManagerAlgorithm="SunX509"
                       certificateVerification="false"
                       sslProtocol="TLS"
                       protocols="+TLSv1.3,+TLSv1.2,+TLSv1.1,+TLSv1" >
            <Certificate certificateKeystoreFile="safkeyringjce://KEY_RING_OWNER/KEY_RING_NAME"
                         certificateKeystoreType="JCERACFKS" />
        </SSLHostConfig>
    </Connector>

 

Powered by Wolken Software