Endevor web services with Java 21 and CCS Tomcat 10
search cancel

Endevor web services with Java 21 and CCS Tomcat 10

book

Article ID: 432293

calendar_today

Updated On:

Products

Endevor

Issue/Introduction

Attempting to start the Endevor web services Tomcat job WSTOMSTC, using Java 21 and CCS Tomcat 10.1.46, and run into the following error:

Feb 24, 2026 4:40:24 PM org.apache.catalina.util.LifecycleBase handleSubClassException
 SEVERE: Failed to initialize component [Connector["https-jsse-nio-8443"]]
 org.apache.catalina.LifecycleException: Protocol handler initialization failed

...

Caused by: java.lang.IllegalArgumentException: No SSLHostConfig element was found with the hostName [_default_] to match the default
 SSLHostConfigName for the connector [https-jsse-nio-8443]

 

And 

 SEVERE: Servlet [CXFServlet] in web application [/EndevorService] threw load() exception
 java.lang.ClassCastException: com.ca.endevor.cxf.EndevorCXFNonSpringServlet incompatible with jakarta.servlet.Servlet

 

 

Environment

All support Endevor Releases

Web Services

Cause

This error indicates that Endevor web services currently lack Jakarta EE compatibility. This is required for CCS Tomcat 10, as Jakarta EE replaces the Java EE APIs used in previous versions of Tomcat.

Be aware that the server.xml configuration in Tomcat 10 uses a different format than Tomcat 8 and 9. Specifically, Tomcat 10 requires explicit <SSLHostConfig> and <Certificate> elements within the SSL connector configuration.

Resolution

Apply Endevor PTF
- LU15084 for V19
- LU15085 for V18.1

Then run WSTOMINS to reinstall Endevor web services by setting:

ACTION=INSTALL
CLEAN_ENDEVOR_TOMCAT_INSTANCE=Y

 

Once Web Services is successfully installed, customize server.xml SSL configuration section, notice the presence of <SSLHostConfig> and <Certificate> elements within the SSL connector.  

 

Here is the sample SSL configuration (using Java  21, CCS Tomcat 10 and software Keyring):


    <Connector port="${connector.ssl.port}" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               SSLEnabled="true" maxParameterCount="1000"
               compressibleMimeType="text/html,text/css,text/javascript"
               compression="on"
               useSendfile="false"
               acceptCount="100" scheme="https" secure="true"
               sslImplementationName="com.ca.sslsocket.CASSLImplementation" >
        <SSLHostConfig keyManagerAlgorithm="SunX509"
                       certificateVerification="false"
                       sslProtocol="TLS"
                       protocols="+TLSv1.3,+TLSv1.2,+TLSv1.1,+TLSv1" >
            <Certificate certificateKeystoreFile="safkeyringjce://KEY_RING_OWNER/KEY_RING_NAME"
                         certificateKeystoreType="JCERACFKS" />
        </SSLHostConfig>
    </Connector>

 

Additional Information

Check the Endevor documentation for the compatible CCS versions and the related Endevor PTF requirements.  

 

SSL Configuration in server.xml (for Tomcat 9, 10, using Keyring):

- To reference a software keyring, use: safkeyringjce://OWNER/KEYRING
- To reference a hardware keyring, use: safkeyringjcecca://OWNER/KEYRING
- Additionally, ensure that the algorithm is updated from IbmX509 to SunX509 

Powered by Wolken Software