[GUMP@vmgump]: Project tomcat-native-trunk-make (in module tomcat-native-trunk) failed

2016-06-16 Thread Bill Barker 
To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-native-trunk-make has an issue affecting its community 
integration.
This issue affects 3 projects,
 and has been outstanding for 47 runs.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-native-trunk-make :  Tomcat native library using Apache Portable 
Runtime
- tomcat-native-trunk-make-install :  Tomcat native library using Apache 
Portable Runtime
- tomcat-trunk-test-apr :  Tomcat 9.x, a web server implementing the Java 
Servlet 4.0,
...


Full details are available at:

http://vmgump.apache.org/gump/public/tomcat-native-trunk/tomcat-native-trunk-make/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -INFO- Failed with reason build failed



The following work was performed:
http://vmgump.apache.org/gump/public/tomcat-native-trunk/tomcat-native-trunk-make/gump_work/build_tomcat-native-trunk_tomcat-native-trunk-make.html
Work Name: build_tomcat-native-trunk_tomcat-native-trunk-make (Type: Build)
Work ended in a state of : Failed
Elapsed: 28 secs
Command Line: make 
[Working Directory: /srv/gump/public/workspace/tomcat-native-trunk/native]
-
make[1]: Entering directory 
`/srv/gump/public/workspace/tomcat-native-trunk/native'
/bin/bash /srv/gump/public/workspace/apr-1/dest-20160617/build-1/libtool 
--silent --mode=compile gcc -g -O2 -pthread   -DHAVE_CONFIG_H  -DLINUX 
-D_REENTRANT -D_GNU_SOURCE   -g -O2 -DHAVE_OPENSSL -DHAVE_POLLSET_WAKEUP   
-I/srv/gump/public/workspace/tomcat-native-trunk/native/include 
-I/usr/lib/jvm/java-8-oracle/include -I/usr/lib/jvm/java-8-oracle/include/linux 
-I/srv/gump/public/workspace/openssl-master/dest-20160617/include  
-I/srv/gump/public/workspace/apr-1/dest-20160617/include/apr-1   -o 
src/address.lo -c src/address.c && touch src/address.lo
/bin/bash /srv/gump/public/workspace/apr-1/dest-20160617/build-1/libtool 
--silent --mode=compile gcc -g -O2 -pthread   -DHAVE_CONFIG_H  -DLINUX 
-D_REENTRANT -D_GNU_SOURCE   -g -O2 -DHAVE_OPENSSL -DHAVE_POLLSET_WAKEUP   
-I/srv/gump/public/workspace/tomcat-native-trunk/native/include 
-I/usr/lib/jvm/java-8-oracle/include -I/usr/lib/jvm/java-8-oracle/include/linux 
-I/srv/gump/public/workspace/openssl-master/dest-20160617/include  
-I/srv/gump/public/workspace/apr-1/dest-20160617/include/apr-1   -o src/bb.lo 
-c src/bb.c && touch src/bb.lo
/bin/bash /srv/gump/public/workspace/apr-1/dest-20160617/build-1/libtool 
--silent --mode=compile gcc -g -O2 -pthread   -DHAVE_CONFIG_H  -DLINUX 
-D_REENTRANT -D_GNU_SOURCE   -g -O2 -DHAVE_OPENSSL -DHAVE_POLLSET_WAKEUP   
-I/srv/gump/public/workspace/tomcat-native-trunk/native/include 
-I/usr/lib/jvm/java-8-oracle/include -I/usr/lib/jvm/java-8-oracle/include/linux 
-I/srv/gump/public/workspace/openssl-master/dest-20160617/include  
-I/srv/gump/public/workspace/apr-1/dest-20160617/include/apr-1   -o src/dir.lo 
-c src/dir.c && touch src/dir.lo
/bin/bash /srv/gump/public/workspace/apr-1/dest-20160617/build-1/libtool 
--silent --mode=compile gcc -g -O2 -pthread   -DHAVE_CONFIG_H  -DLINUX 
-D_REENTRANT -D_GNU_SOURCE   -g -O2 -DHAVE_OPENSSL -DHAVE_POLLSET_WAKEUP   
-I/srv/gump/public/workspace/tomcat-native-trunk/native/include 
-I/usr/lib/jvm/java-8-oracle/include -I/usr/lib/jvm/java-8-oracle/include/linux 
-I/srv/gump/public/workspace/openssl-master/dest-20160617/include  
-I/srv/gump/public/workspace/apr-1/dest-20160617/include/apr-1   -o 
src/error.lo -c src/error.c && touch src/error.lo
/bin/bash /srv/gump/public/workspace/apr-1/dest-20160617/build-1/libtool 
--silent --mode=compile gcc -g -O2 -pthread   -DHAVE_CONFIG_H  -DLINUX 
-D_REENTRANT -D_GNU_SOURCE   -g -O2 -DHAVE_OPENSSL -DHAVE_POLLSET_WAKEUP   
-I/srv/gump/public/workspace/tomcat-native-trunk/native/include 
-I/usr/lib/jvm/java-8-oracle/include -I/usr/lib/jvm/java-8-oracle/include/linux 
-I/srv/gump/public/workspace/openssl-master/dest-20160617/include  
-I/srv/gump/public/workspace/apr-1/dest-20160617/include/apr-1   -o src/file.lo 
-c src/file.c && touch src/file.lo
/bin/bash /srv/gump/public/workspace/apr-1/dest-20160617/build-1/libtool 
--silent --mode=compile gcc -g -O2 -pthread   -DHAVE_CONFIG_H  -DLINUX 
-D_REENTRANT -D_GNU_SOURCE   -g -O2 -DHAVE_OPENSSL -DHAVE_POLLSET_WAKEUP   
-I/srv/gump/public/workspace/tomcat-native-trunk/native/include 
-I/usr/lib/jvm/java-8-oracle/include -I/usr/lib/jvm/java-8-oracle/include/linux 
-I/srv/gump/public/workspace/openssl-master/dest-20160617/include  
-I/srv/gump/public/workspace/apr-1/dest-20160617/include/apr-1   -o src/info.lo 
-c src/info.c && touch src/info.lo
/bin/bash

r1731030 and 1731035 release timeline

2016-06-16 Thread Peter Robbins 
Hi there,

I’ve run into the WebappClassLoader jar scanning memory leak resolved by 
r1731030 and r1731035 in Tomcat 7 trunk. It appears those changes made it 
separately into both 8.0.36 and 8.5.3, but are missing from 7.0.69 and 7.0.70. 
Any idea on the timeline of when those would be released in 7.x?

Thanks,
Peter

Re: [VOTE] Release Apache Tomcat 7.0.70

2016-06-16 Thread Violeta Georgieva 
2016-06-15 22:47 GMT+03:00 Violeta Georgieva :
>
> The proposed Apache Tomcat 7.0.70 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.70/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1088/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_70/
>
> The proposed 7.0.70 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 7.0.70 Stable



> Regards,
> Violeta

svn commit: r1748720 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/filters/ java/org/apache/catalina/valves/ webapps/docs/

2016-06-16 Thread markt 
Author: markt
Date: Thu Jun 16 13:02:31 2016
New Revision: 1748720

URL: http://svn.apache.org/viewvc?rev=1748720=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57705
Add debug logging for requests denied by the remote host and remote address 
valves and filters. Based on a patch by Graham Leggett.

Modified:
tomcat/tc7.0.x/trunk/   (props changed)

tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/LocalStrings.properties
tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/RequestFilter.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/LocalStrings.properties
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RemoteHostValve.java
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jun 16 13:02:31 2016
@@ -1,3 +1,3 @@
 
/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988,1667553
 
-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702739,1702742,1702
 
744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1725974,1726171-1
 
726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750

[Bug 57705] RemoteAddrValve: no log message no explanation when valve rejects request

2016-06-16 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=57705

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #3 from Mark Thomas  ---
Thanks for the patch.

I applied a variantion that modified both the Valves and the Filters.

The new debug logging has been implemnted in:
- 9.0.x for 9.0.0.M9 onwards
- 8.5.x for 8.5.4 onwards
- 8.0.x for 8.0.37 onwards
- 7.0.x for 7.0.71 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1748718 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/filters/ java/org/apache/catalina/valves/ webapps/docs/

2016-06-16 Thread markt 
Author: markt
Date: Thu Jun 16 12:55:35 2016
New Revision: 1748718

URL: http://svn.apache.org/viewvc?rev=1748718=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57705
Add debug logging for requests denied by the remote host and remote address 
valves and filters. Based on a patch by Graham Leggett.

Modified:
tomcat/tc8.0.x/trunk/   (props changed)

tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/LocalStrings.properties
tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/RequestFilter.java
tomcat/tc8.0.x/trunk/java/org/apache/catalina/valves/LocalStrings.properties
tomcat/tc8.0.x/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java
tomcat/tc8.0.x/trunk/java/org/apache/catalina/valves/RemoteHostValve.java
tomcat/tc8.0.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jun 16 12:55:35 2016
@@ -1,2 +1,2 @@
 
/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1

svn commit: r1748716 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/filters/ java/org/apache/catalina/valves/ webapps/docs/

2016-06-16 Thread markt 
Author: markt
Date: Thu Jun 16 12:52:37 2016
New Revision: 1748716

URL: http://svn.apache.org/viewvc?rev=1748716=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57705
Add debug logging for requests denied by the remote host and remote address 
valves and filters. Based on a patch by Graham Leggett.

Modified:
tomcat/tc8.5.x/trunk/   (props changed)

tomcat/tc8.5.x/trunk/java/org/apache/catalina/filters/LocalStrings.properties
tomcat/tc8.5.x/trunk/java/org/apache/catalina/filters/RequestFilter.java
tomcat/tc8.5.x/trunk/java/org/apache/catalina/valves/LocalStrings.properties
tomcat/tc8.5.x/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java
tomcat/tc8.5.x/trunk/java/org/apache/catalina/valves/RemoteHostValve.java
tomcat/tc8.5.x/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jun 16 12:52:37 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747
 993,1748001,1748253,1748452,1748547,1748676
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501

svn commit: r1748715 - in /tomcat/trunk: java/org/apache/catalina/filters/ java/org/apache/catalina/valves/ webapps/docs/

2016-06-16 Thread markt 
Author: markt
Date: Thu Jun 16 12:48:16 2016
New Revision: 1748715

URL: http://svn.apache.org/viewvc?rev=1748715=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57705
Add debug logging for requests denied by the remote host and remote address 
valves and filters. Based on a patch by Graham Leggett.

Modified:
tomcat/trunk/java/org/apache/catalina/filters/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/filters/RequestFilter.java
tomcat/trunk/java/org/apache/catalina/valves/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java
tomcat/trunk/java/org/apache/catalina/valves/RemoteHostValve.java
tomcat/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/filters/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/LocalStrings.properties?rev=1748715=1748714=1748715=diff
==
--- tomcat/trunk/java/org/apache/catalina/filters/LocalStrings.properties 
(original)
+++ tomcat/trunk/java/org/apache/catalina/filters/LocalStrings.properties Thu 
Jun 16 12:48:16 2016
@@ -47,4 +47,6 @@ expiresFilter.invalidDurationUnit=Invali
 httpHeaderSecurityFilter.committed=Unable to add HTTP headers since response 
is already committed on entry to the HTTP header security Filter
 httpHeaderSecurityFilter.clickjack.invalid=An invalid value [{0}] was 
specified for the anti click-jacking header
 
+requestFilter.deny=Denied request for [{0}] based on property [{1}]
+
 restCsrfPreventionFilter.invalidNonce=CSRF nonce validation failed
\ No newline at end of file

Modified: tomcat/trunk/java/org/apache/catalina/filters/RequestFilter.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/RequestFilter.java?rev=1748715=1748714=1748715=diff
==
--- tomcat/trunk/java/org/apache/catalina/filters/RequestFilter.java (original)
+++ tomcat/trunk/java/org/apache/catalina/filters/RequestFilter.java Thu Jun 16 
12:48:16 2016
@@ -24,6 +24,7 @@ import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 /**
@@ -204,6 +205,10 @@ public abstract class RequestFilter exte
 chain.doFilter(request, response);
 } else {
 if (response instanceof HttpServletResponse) {
+if (getLogger().isDebugEnabled()) {
+getLogger().debug(sm.getString("requestFilter.deny",
+((HttpServletRequest) request).getRequestURI(), 
property));
+}
 ((HttpServletResponse) response).sendError(denyStatus);
 } else {
 sendErrorWhenNotHttp(response);

Modified: tomcat/trunk/java/org/apache/catalina/valves/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/LocalStrings.properties?rev=1748715=1748714=1748715=diff
==
--- tomcat/trunk/java/org/apache/catalina/valves/LocalStrings.properties 
(original)
+++ tomcat/trunk/java/org/apache/catalina/valves/LocalStrings.properties Thu 
Jun 16 12:48:16 2016
@@ -46,6 +46,7 @@ remoteIpValve.invalidPortHeader=Invalid
 
 # Request filter valve - RemoteAddrValve, RemoteHostValve
 requestFilterValve.configInvalid=One or more invalid configuration settings 
were provided for the Remote[Addr|Host]Valve which prevented the Valve and its 
parent containers from starting
+requestFilterValve.deny=Denied request for [{0}] based on property [{1}]
 
 sslValve.certError=Failed to process certificate string [{0}] to create a 
java.security.cert.X509Certificate object
 sslValve.invalidProvider=The SSL provider specified on the connector 
associated with this request of [{0}] is invalid. The certificate data could 
not be processed.

Modified: tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java?rev=1748715=1748714=1748715=diff
==
--- tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java (original)
+++ tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java Thu Jun 
16 12:48:16 2016
@@ -23,6 +23,8 @@ import javax.servlet.ServletException;
 
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
 
 
 /**
@@ -34,6 +36,9 @@ import org.apache.catalina.connector.Res
  */

Re: Avoid use of SecureRandom during server startup

2016-06-16 Thread Andy Wilkinson 
On Thu, Jun 16, 2016 at 1:03 PM, Mark Thomas  wrote:

So, while I can't guarantee the signature
> isn't going to change, I can say I am reasonably sure it won't change.
>

Good enough for me. Thanks, Mark.

Andy

Re: Avoid use of SecureRandom during server startup

2016-06-16 Thread Mark Thomas 
On 16/06/2016 12:53, Andy Wilkinson wrote:
> On Thu, Jun 16, 2016 at 12:42 PM, Mark Thomas  wrote:
> 
>> What if Boot created a custom ID generator by extending
>> StandardSessionIdGenerator and overriding startInternal() so it sets the
>> state but doesn't call getSessionId() ?
>>
>> That should only be a few lines of code for the custom generator and a
>> few lines more to set it on the Manager.
>>
> 
> That sounds like a good compromise. Despite the internal in its name, is
> startInternal considered public API such that we can be reasonably sure
> that its signature will be stable?

It isn't listed in the Release notes as one of the things we won't
change but that method is defined in LifecycleBase which is extended by
pretty much every Tomcat internal component that implements Lifecycle.
It has been unchanged since it was introduced in the Lifecycle
refactoring some 6+ years. So, while I can't guarantee the signature
isn't going to change, I can say I am reasonably sure it won't change.

Mark


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Avoid use of SecureRandom during server startup

2016-06-16 Thread Andy Wilkinson 
On Thu, Jun 16, 2016 at 12:42 PM, Mark Thomas  wrote:

> What if Boot created a custom ID generator by extending
> StandardSessionIdGenerator and overriding startInternal() so it sets the
> state but doesn't call getSessionId() ?
>
> That should only be a few lines of code for the custom generator and a
> few lines more to set it on the Manager.
>

That sounds like a good compromise. Despite the internal in its name, is
startInternal considered public API such that we can be reasonably sure
that its signature will be stable?

Andy

Re: Avoid use of SecureRandom during server startup

2016-06-16 Thread Mark Thomas 
On 16/06/2016 11:11, Andy Wilkinson wrote:

> I would be quite happy if Tomcat made it easy for an embedder to configure
> it in such a way that the use of SecureRandom during startup could be
> disabled. Spring Boot could enable this option by default thereby allowing
> users, without them configuring anything, to only pay to cost of session ID
> generation if their application actually generates a session ID.

What if Boot created a custom ID generator by extending
StandardSessionIdGenerator and overriding startInternal() so it sets the
state but doesn't call getSessionId() ?

That should only be a few lines of code for the custom generator and a
few lines more to set it on the Manager.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Avoid use of SecureRandom during server startup

2016-06-16 Thread Rémy Maucherat 
2016-06-16 12:48 GMT+02:00 Emmanuel Bourg :

> Le 16/06/2016 à 11:52, Rémy Maucherat a écrit :
>
> > Tomcat's
> > strategy avoids any risk to delay user requests, so is not effectively
> > worse than the other strategy.
>
> Maybe the SecureRandom instance could be initialized asynchronously and
> delivered through a java.util.concurrent.Future? This way it doesn't
> block the startup, and it's likely to be fully initialized when the
> first requests arrive if we consider that the startup helps generating
> more entropy.
>
> The rationale behind the change is still that if things go bad it's better
to screw up the user than have the admin do its job properly.

Rémy

svn commit: r1748685 - in /tomcat/tc7.0.x/trunk: build.properties.default res/maven/mvn.properties.default webapps/docs/changelog.xml

2016-06-16 Thread violetagg 
Author: violetagg
Date: Thu Jun 16 11:10:59 2016
New Revision: 1748685

URL: http://svn.apache.org/viewvc?rev=1748685=rev
Log:
Prep for next version

Modified:
tomcat/tc7.0.x/trunk/build.properties.default
tomcat/tc7.0.x/trunk/res/maven/mvn.properties.default
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc7.0.x/trunk/build.properties.default
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/build.properties.default?rev=1748685=1748684=1748685=diff
==
--- tomcat/tc7.0.x/trunk/build.properties.default (original)
+++ tomcat/tc7.0.x/trunk/build.properties.default Thu Jun 16 11:10:59 2016
@@ -25,7 +25,7 @@
 # - Version Control Flags -
 version.major=7
 version.minor=0
-version.build=70
+version.build=71
 version.patch=0
 version.suffix=-dev
 

Modified: tomcat/tc7.0.x/trunk/res/maven/mvn.properties.default
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/res/maven/mvn.properties.default?rev=1748685=1748684=1748685=diff
==
--- tomcat/tc7.0.x/trunk/res/maven/mvn.properties.default (original)
+++ tomcat/tc7.0.x/trunk/res/maven/mvn.properties.default Thu Jun 16 11:10:59 
2016
@@ -35,7 +35,7 @@ maven.asf.release.repo.url=https://repos
 maven.asf.release.repo.repositoryId=apache.releases
 
 # Release version info
-maven.asf.release.deploy.version=7.0.70
+maven.asf.release.deploy.version=7.0.71
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1748685=1748684=1748685=diff
==
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Thu Jun 16 11:10:59 2016
@@ -57,6 +57,8 @@
   They eventually become mixed with the numbered issues. (I.e., numbered
   issues do not "pop up" wrt. others).
 -->
+
+
 
   
 



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59655] The CookieNameValidator has issue that related to the consistency

2016-06-16 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59655

--- Comment #2 from Kyohei Nakamura  ---
Created attachment 33955
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=33955=edit
patch against trunk

Hi Mark,

Thank you for the fix.
I think this fix of changing the default to the RFC6265Validator and restoring
the description of STRICT_NAMING system property is correct, but the Javadoc of
javax.servlet.http.Cookie and the description of STRICT_NAMING system property
have not been updated.
I have attached the patch.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Avoid use of SecureRandom during server startup

2016-06-16 Thread Emmanuel Bourg 
Le 16/06/2016 à 11:52, Rémy Maucherat a écrit :

> Tomcat's
> strategy avoids any risk to delay user requests, so is not effectively
> worse than the other strategy.

Maybe the SecureRandom instance could be initialized asynchronously and
delivered through a java.util.concurrent.Future? This way it doesn't
block the startup, and it's likely to be fully initialized when the
first requests arrive if we consider that the startup helps generating
more entropy.

Emmanuel Bourg


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Avoid use of SecureRandom during server startup

2016-06-16 Thread Andy Wilkinson 
On Thu, Jun 16, 2016 at 10:52 AM, Rémy Maucherat  wrote:

You're basically asking for all products to
> behave the same because it would be nicer for your own product.


I can assure you I'm not. I simply wanted to explore the possibility of
Tomcat behaving the same way. I didn't want to prescribe a solution but you
appear to have assumed that I want to change Tomcat's default behaviour for
everyone. That's not the case.

I would be quite happy if Tomcat made it easy for an embedder to configure
it in such a way that the use of SecureRandom during startup could be
disabled. Spring Boot could enable this option by default thereby allowing
users, without them configuring anything, to only pay to cost of session ID
generation if their application actually generates a session ID.

That's fine, but choice is good.
>

Indeed it is. That's why I'd like a choice to defer the use of SecureRandom
until it's actually needed.

Andy

svn commit: r1748677 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/connector/Request.java

2016-06-16 Thread markt 
Author: markt
Date: Thu Jun 16 10:03:57 2016
New Revision: 1748677

URL: http://svn.apache.org/viewvc?rev=1748677=rev
Log:
Remove unused code

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/catalina/connector/Request.java

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jun 16 10:03:57 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747
 993,1748001,1748253,1748452,1748547
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747
 993,1748001,1748253,1748452,1748547,1748676

Modified: tomcat/tc8.5.x/trunk/java/org/apache/catalina/connector/Request.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/connector/Request.java?rev=1748677=1748676=1748677=diff
==
--- tomcat/tc8.5.x/trunk/java/org/apache/catalina/connector/Request.java 
(original)
+++

svn commit: r1748676 - /tomcat/trunk/java/org/apache/catalina/connector/Request.java

2016-06-16 Thread markt 
Author: markt
Date: Thu Jun 16 10:02:29 2016
New Revision: 1748676

URL: http://svn.apache.org/viewvc?rev=1748676=rev
Log:
Remove unused code

Modified:
tomcat/trunk/java/org/apache/catalina/connector/Request.java

Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Request.java?rev=1748676=1748675=1748676=diff
==
--- tomcat/trunk/java/org/apache/catalina/connector/Request.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Request.java Thu Jun 16 
10:02:29 2016
@@ -2629,17 +2629,10 @@ public class Request implements HttpServ
 return parametersParsed;
 }
 
-/**
- * @return true if bytes are available.
- */
-public boolean getAvailable() {
-return (inputBuffer.available() > 0);
-}
-
 
 /**
- * @return true if an attempt has been made to read the 
request body and all
- * of the request body has been read
+ * @return true if an attempt has been made to read the 
request
+ * body and all of the request body has been read.
  */
 public boolean isFinished() {
 return coyoteRequest.isFinished();



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Avoid use of SecureRandom during server startup

2016-06-16 Thread Rémy Maucherat 
2016-06-16 11:25 GMT+02:00 Andy Wilkinson :

> On Thu, Jun 16, 2016 at 10:21 AM, Rémy Maucherat  wrote:
>
> > -1, I am against fake improvements.
> >
>
> Do you consider the improvement for applications that do not use HTTP
> sessions at all to also be fake?
>
> This does not sound very realistic or common to me. There are different
products, with different behaviors, that gives users a choice. Tomcat's
strategy avoids any risk to delay user requests, so is not effectively
worse than the other strategy. You're basically asking for all products to
behave the same because it would be nicer for your own product. That's
fine, but choice is good.

Rémy

Re: Avoid use of SecureRandom during server startup

2016-06-16 Thread Andy Wilkinson 
On Thu, Jun 16, 2016 at 10:23 AM, Romain Manni-Bucau 
wrote:

> @Andy: you can use FastNonSecureRandom to disable it, should be enough for
> applications not using the session
>

Thanks for the suggestion. That's certainly an option, but it requires some
configuration that I'd like to be unnecessary. Undertow's approach has the
benefit that, without requiring any configuration changes, the cost of
using SecureRandom is only paid by applications that need it. I find that
very compelling.

Andy

Re: Avoid use of SecureRandom during server startup

2016-06-16 Thread Andy Wilkinson 
On Thu, Jun 16, 2016 at 10:21 AM, Rémy Maucherat  wrote:

> -1, I am against fake improvements.
>

Do you consider the improvement for applications that do not use HTTP
sessions at all to also be fake?

Andy

Re: Avoid use of SecureRandom during server startup

2016-06-16 Thread Romain Manni-Bucau 
@Andy: you can use FastNonSecureRandom to disable it, should be enough for
applications not using the session


Romain Manni-Bucau
@rmannibucau  |  Blog
 | Old Wordpress Blog
 | Github  |
LinkedIn  | Tomitriber
 | JavaEE Factory


2016-06-16 11:21 GMT+02:00 Rémy Maucherat :

> 2016-06-16 11:15 GMT+02:00 Andy Wilkinson :
>
> > I work on Spring Boot which uses Tomcat (or Jetty or Undertow) as an
> > embedded servlet container. We've seen a number of complaints from users
> > that their application hangs during startup, most often on a newly booted
> > VPS. The root cause is a lack of entropy which causes Tomcat's use of
> > SecureRandom for session ID generation to block.
> >
> > Users that choose to use Undertow rather than Tomcat aren't affected by
> > this problem during startup. Like Tomcat, Undertow uses SecureRandom to
> > generate session IDs. However, unlike Tomcat, Undertow does so lazily.
> This
> > defers the problem till the first request that uses a session and
> > permanently if the application does not make use of HTTP sessions.
> >
> > Can we please explore the possibility of making Tomcat behave in a
> similar
> > way to Undertow?
> >
> > -1, I am against fake improvements.
>
> Rémy
>

Re: Avoid use of SecureRandom during server startup

2016-06-16 Thread Rémy Maucherat 
2016-06-16 11:15 GMT+02:00 Andy Wilkinson :

> I work on Spring Boot which uses Tomcat (or Jetty or Undertow) as an
> embedded servlet container. We've seen a number of complaints from users
> that their application hangs during startup, most often on a newly booted
> VPS. The root cause is a lack of entropy which causes Tomcat's use of
> SecureRandom for session ID generation to block.
>
> Users that choose to use Undertow rather than Tomcat aren't affected by
> this problem during startup. Like Tomcat, Undertow uses SecureRandom to
> generate session IDs. However, unlike Tomcat, Undertow does so lazily. This
> defers the problem till the first request that uses a session and
> permanently if the application does not make use of HTTP sessions.
>
> Can we please explore the possibility of making Tomcat behave in a similar
> way to Undertow?
>
> -1, I am against fake improvements.

Rémy

Avoid use of SecureRandom during server startup

2016-06-16 Thread Andy Wilkinson 
I work on Spring Boot which uses Tomcat (or Jetty or Undertow) as an
embedded servlet container. We've seen a number of complaints from users
that their application hangs during startup, most often on a newly booted
VPS. The root cause is a lack of entropy which causes Tomcat's use of
SecureRandom for session ID generation to block.

Users that choose to use Undertow rather than Tomcat aren't affected by
this problem during startup. Like Tomcat, Undertow uses SecureRandom to
generate session IDs. However, unlike Tomcat, Undertow does so lazily. This
defers the problem till the first request that uses a session and
permanently if the application does not make use of HTTP sessions.

Can we please explore the possibility of making Tomcat behave in a similar
way to Undertow?

Thanks,
Andy