Hi,
I've just wrote a unit test to verify this bug has fixed
(http://issues.apache.org/bugzilla/show_bug.cgi?id=33463). But looking
at the code in StandardContext:
4276 // Stop our application listeners
4277 listenerStop();
4278
4279 // Clear all
Remy Maucherat wrote:
Jean-Francois Arcand wrote:
Without access log valve, we are 20% faster. With the ByteBuffer one,
13%.
There are 3 access log valves ;) Maybe you should give a chart.
I did formally benchmark
+ FastCommonAccessLogValve
+ ByteBufferAccessLogValve
I didn't bother about
Remy Maucherat wrote:
Jean-Francois Arcand wrote:
Yes, I can explore that. I will re-add the writerThread for now since
the current implementation doesn't work since the byteBuffer will
never be flushed. This is temporary. Again, consider this valve as
exploration.
I do agree to some extent
Remy Maucherat wrote:
[EMAIL PROTECTED] wrote:
jfarcand2004/11/19 08:46:27
Modified:catalina/src/conf server.xml
catalina/src/share/org/apache/catalina/valves
mbeans-descriptors.xml
Added: catalina/src/share/org/apache/catalina/valves
Remy Maucherat wrote:
Jean-Francois Arcand wrote:
Actually, my next steps is to allows empty field in
catalina.properties, which will disable the mechanism (next commit
:-)). Right now you can only disable the mechanism by removing the
catalina.properties or if you use the Embedded interfance
Remy Maucherat wrote:
Jean-Francois Arcand wrote:
BTW, there's no way you get +13% over the fast access logger, since
it has about 6% overhead on a static file test (compared with 25-30%
for the normal one) ;)
Well, it approx. 20% without valve.
I can't understand what you mean here.
Without
Remy Maucherat wrote:
Jean-Francois Arcand wrote:
It's not useless. Normal permissions are still turned on. It's only
the package protection that is disabled. When disabled, Tomcat 5 is as
unsecure as Tomcat 4 in term of sniffing/loading classes, but still
secure in term of browsing the file
Bill Barker wrote:
@@ -1012,13 +1041,12 @@
DummyResponse res = new DummyResponse();
if( System.getSecurityManager() != null) {
-Class[] classType = new
Class[]{ServletRequest.class,
-
ServletResponse.class};
-
Remy Maucherat wrote:
Jean-Francois Arcand wrote:
Bill Barker wrote:
This can't possibly be thread-safe (and the changes to ACF look
dubious as
well).
Hum...I did run a lot of stress tests that target the same servlet
(ex: trade2 benchmarks) without seeing anything like that. I
Costin Manolache wrote:
Mladen Turk wrote:
Shapira, Yoav wrote:
http://www.theserverside.com/talks/VendorPerspectives/Mainsoft/interview
.tss
Yes, indeed :)
Almost a year ago I proposed a project that would enable Tomcat to
seemesly integrate the legacy code. Something like moving the
perspective
Hi,
Tomcat behaviour is the right one (I've sopken with the spec lead). File
a bug against your Container (or move to Tomcat :-) )
Thanks
-- Jeanfrancois
[EMAIL PROTECTED] wrote:
I recognized a behaviour in Tomcat (version 4.1.29) and would like to no if
you
think this behaviour is a
Hi,
take a look at the current open bugs and submits patches. Someday one of
us will propose you as committer, after looking at your patches :-)
Thanks
-- Jeanfrancois
Felipe Leme wrote:
Hi,
My name is Felipe and I just joined the devs list recently, as I would
like to more involved with
Nelson, Luke wrote:
I tested it and it didn't throw the exception indicated earlier in this thread. I would rather this part of the patch be replaced with something more robust. There really isn't a need to test for the timeout as we should be able to know how the session expired by the
Shapira, Yoav wrote:
Hi,
Supposedly J2EE 1.4 has now gone final and been released.
Not yet :-)
Yet the link
on java.sun.com hot downloads section still says J2EE 1.4 Beta 2. The
JSR pages for 152 and 154 on www.jcp.org say Final Approval Ballot is
completed, so I suppose the spec are indeed
Brian Stansberry wrote:
At 11:56 AM 11/24/2003 -0600, you wrote:
I have tried applying the patch, and I found three problems with it.
First, its removal of a session from the SingleSignOnEntry object causes
an IndexOutOfBounds exception. Second, the method for determining
whether the user
+1
-- Jeanfrancois
Remy Maucherat wrote:
Hi,
I'd like to nominate Mark Thomas as a Tomcat committer. He has
contibuted a significant amount of fixes already, and does what nobody
else does: roam Bugzila to fix older issues and cleanup the database.
He has special interest in the WebDAV
+1
-- Jeanfrancois
Henri Gomez wrote:
Hi to all,
I would like to propose you a new tomcat commiter, Kurt Miller
which as proposed many usefull patches for JK2.
Since we want to deprecated jk and focus jk2, we need
more people involved on jk2.
Vote please.
ballot
Release 4.1.29 as Stable ?
[ ] Yes
[ ] No
/ballot
ballot
Release 5.0.14 as Beta ?
[X] Yes
[ ] No
/ballot
I've ran the Servlet/JSP tcks on 5.0.14 and they all passes (with and
without SecurityManager). Validation is still working (wow 1 month
without breaking...do not update xerces ;-)
I'm also having trouble those days when building the nightly build. It
seems when you log in using anoncvs, you don't get all the source code.
I have to use my account in order to make it work
Anyone have such problem?
-- Jeanfrancois
Mark W. Webb wrote:
I am looking for a doc that
The Embedded.main has been removed a long time ago (at the time of
introducing JMX). As for the sh/bat, I did remove the option2 days
ago (just browse the list). The JMX approach is in my opinion a good
alternative:
Remy Maucherat wrote:
Jean-Francois Arcand wrote:
The Embedded.main has been removed a long time ago (at the time of
introducing JMX). As for the sh/bat, I did remove the option2
days ago (just browse the list). The JMX approach is in my opinion a
good alternative:
http
Hi,
The catalina.sh/bat script still include the embedded option (BTW no
longer works since the Embedded class is not in bootstrap.jar). Do we
still want to support that option or should I remove it from the script?
Thanks,
-- Jeanfrancois
Henri Gomez wrote:
I traced TC 5.0 and Digester and suspect what could be the problem
with external entities when only SYTEM is defined ie :
!ENTITY appset1 SYSTEM appset1.xml
!ENTITY appset2 SYSTEM appset2.xml
In Digester.java, at least in the 1.5 release, resolveEntity return
null if publicId
Henri Gomez wrote:
Remy Maucherat a écrit :
Glenn Nielsen wrote:
Henri Gomez wrote:
Remy Maucherat a écrit :
Henri Gomez wrote:
No reply for this request ?
Should I assume I could start to work on settings the currentWorking
dir at web.xml dir location at web.xml parsing time ?
I
Hi,
building from scratch I'm getting:
BUILD FAILED
file:/disk/raid0/home/jfarcand/jakarta-tomcat/jakarta-tomcat-5/build.xml:147: Warning:
Could not find file /home/jfarcand/jakarta-tomcat/commons-daemon/commons-daemon.jar to
copy.
I've seens some change recently related to daemon. Where is
I would be interested to:
- implement jsr115 as an optional feature (based on a previous
discussion with Costin on this thread (that may bring Costing back :-) ).
- turn SecurityManager on by default ( already proposed by Costin
sometime ago if I remember).
- improve xml parsing performance
Henri Gomez wrote:
Henri Gomez a écrit :
3. Provide a complete working configuration example for a cluster of
tomcat servers with a front-end tomcat as well, i.e. a pure
tomcat-only
solution. We already have the jvmRoute mechanism, but I think it
needs
more examples/documentation so that
Bill Barker wrote:
By the way, is there any plan to certify Tomcat 5? As everyone knows, Sun
controls the RI now. While it's rumored to be based on Tomcat code, that's
not the same thing. Also, as everyone knows, Geronimo is planning to test
the Sun/Apache agreement by getting the test-suite
Remy Maucherat wrote:
[EMAIL PROTECTED] wrote:
jfarcand2003/09/23 14:37:01
Modified:catalina/src/share/org/apache/catalina/startup
ContextConfig.java TldConfig.java Log: Revert my previous patch since
it force validation even when the value is set to false (for schema).
I didn't
Remy Maucherat wrote:
ballot
[ ] Alpha
[X ] Beta
/ballot
-- Jeanfrancois
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Filip Hanik wrote:
and clustering :)
True. But I will try to speak about things that I know (or seems to know ;-)). For
sure I will at least add it to the what's new list.
Thanks,
-- Jeanfrancois
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: Tomcat Developers
Seems my apache/sun email are blocked when I reply. :-(
Remy Maucherat wrote:
ballot
[X] Alpha
[ ] Beta
/ballot
When turning the security manager on:
java.security.AccessControlException: access denied (java.io.FilePermission
Bill Barker wrote:
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Monday, August 25, 2003 12:32 AM
Subject: Re: [VOTE] 5.0.9 stability rating
Bill Barker wrote:
Tim Funk wrote:
Installed 5.0.9 from exe
Bill Barker wrote:
- Original Message -
From: Jean-Francois Arcand [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Monday, August 25, 2003 6:20 AM
Subject: Re: [VOTE] 5.0.9 stability rating
Bill Barker wrote:
- Original Message -
From: Remy
Remy Maucherat wrote:
ballot
[ ] Alpha
[X ] Beta
/ballot
Except for validation (which I'm still investigating (try to create
smaller test case for the Xerces folks)
-- Jeanfrancois
-
To unsubscribe, e-mail: [EMAIL
Remy Maucherat wrote:
Jean-Francois Arcand wrote:
+1. There is 1 bug in bugtraq currently open about *.jsp url mapping
that I need to investigate (I'm not sure yet it's a bug) but I hope to
have a fix before Sunday.
And what would the bug be ?
(I think I know the mapper code far better than
+1. There is 1 bug in bugtraq currently open about *.jsp url mapping
that I need to investigate (I'm not sure yet it's a bug) but I hope to
have a fix before Sunday.
-- Jeanfrancois
Remy Maucherat wrote:
Hi,
I plan to make a new build available by Sunday. Comments ? Any issues
which would
Remy Maucherat wrote:
ballot
[X ] Alpha
[ ] Beta
/ballot
pleaPlease vote :)/plea
Add comments if needed.
(1) Xerces validation doesn't work (seems the way we load the DTD is
incorrect, producing the current error...but wait, we never know with
Xerces ;-) ). Since validation was by default
Remy Maucherat wrote:
Jean-Francois Arcand wrote:
Hi,
I've just realized that when you install Tomcat 5 from a fresh
workspace, Xerces is not copied under common/endorsed. I don't
remember what was the decision regarding Xerces. Have we decide to
completely remove it? If yes, then we shoud
Oups I've missed the discussion . There is a 1.4.2 bug found by Remy
(and reported in bugtraq as 4895132. I'm not sure you can access the
bug). The workaround is to add the following property when starting Tomcat:
-Dsun.io.useCanonCaches=false
Can you try it and see if that fixe the problem (I
+1.
If he like Xerces, he can jump on that side too ;-)
-- Jeanfrancois
Remy Maucherat wrote:
I'd like to nominate Eric Carmichael as a committer on the Tomcat
project. Eric has been steadily supplying quality patches to the new
Jasper which will implement the JSP 2.0 specification, and has
Remy Maucherat wrote:
Jean-Francois Arcand wrote:
Remy Maucherat wrote:
ballot
[X ] Alpha
[ ] Beta
/ballot
pleaPlease vote :)/plea
Add comments if needed.
(1) Xerces validation doesn't work (seems the way we load the DTD is
incorrect, producing the current error...but wait, we never know
Hi,
I've just realized that when you install Tomcat 5 from a fresh
workspace, Xerces is not copied under common/endorsed. I don't remember
what was the decision regarding Xerces. Have we decide to completely
remove it? If yes, then we shoud remove the dependency in
build.properties and
Hi Jean-Frederic,
the current source have:
int dot = name.lastIndexOf('.');
if (securityManager != null) {
if (dot = 0) {
try {
// Do not call the security manager since by
default, we grant that package.
if
Finaly...
Remy Maucherat wrote:
[ ] Alpha
[ ] Beta
[X] Stable
-- Jeanfrancois
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Bill Barker wrote:
Tomcat doesn't adhere to the (new) requirements in the 2.4 Servlet-Spec for
handling the case of Overlapping Constraints:
spec-quote version=2.4 pfd3 section=12.8.1
When a url-pattern and http-method pair occurs in multiple security
constraints, the
applicable constraints (on
+1
Remy Maucherat wrote:
To be able to reach beta quality around the end of this month, a new
milestone will need to be released at the end of this week (and more
generally, I think a one milestone per week schedule can't hurt when
trying to go to beta - even if we end up missing the deadline
Hi,
I'm currently doing a very basic test:
[EMAIL PROTECTED] jfarcand]$ wget http://localhost:8080/
--20:59:22-- http://localhost:8080/
= `index.html'
Resolving localhost... done.
Connecting to localhost[127.0.0.1]:8080... connected.
HTTP request sent, awaiting response... 400 No
Remy Maucherat wrote:
[EMAIL PROTECTED] wrote:
jfarcand2003/07/22 21:02:29
Modified:catalina/src/share/org/apache/coyote/tomcat5
MapperListener.java
Log:
When using the embedded interface (or jmx directly), context are
never removed because of this
Remy Maucherat wrote:
Remy Maucherat wrote:
- daemon: Home of Mladen's procrun, a very promising exe wrapper for
Java programs on Windows; this also contains a Unix wrapper for Java
programs; the Unix wrapper could be advertised as the recommended
solution to run Tomcat on 80 on Unix, and
Remy Maucherat wrote:
Jean-Francois Arcand wrote:
OK, let's try to describe the problem. First, here is the stack trace
the application is throwing when running:
java.lang.NullPointerException
at
org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute(CoyoteRequestFaca
de.java:271
Remy Maucherat wrote:
[EMAIL PROTECTED] wrote:
jfarcand2003/06/06 12:04:51
Modified:catalina/src/share/org/apache/coyote/tomcat5
CoyoteRequest.java
Log:
Revert the patch until I come with a better solution.
I'd like to be convinced there's a bug here ;-)
OK, let's try to describe the problem. First, here is the stack trace
the application is throwing when running:
java.lang.NullPointerException
at
org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute(CoyoteRequestFaca
de.java:271)
at
Remy Maucherat wrote:
Costin Manolache wrote:
Remy Maucherat wrote:
- modeler: Basis for Tomcat 5 JMX features, with a lot of new
impressively efficient functionality since release 1.0; again, a
critical component [Costin (do you have enough time to continue being
the RM of that component ?)]
Tim Funk wrote:
The dtd in
jakarta-servletapi-5\jsr154\examples\WEB-INF\web.xml
says:
!DOCTYPE web-app
PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN
http://java.sun.com/dtd/web-app_2_3.dtd;
Is this right?
Yes it is. The examples doesn't contains any new 2.4 features. Of
Remy Maucherat wrote:
[EMAIL PROTECTED] wrote:
jfarcand2003/05/28 21:13:24
Modified:catalina/src/share/org/apache/catalina/core
StandardContext.java
Log:
Revert back my latest changes since it did not fix the problem
completely.
Don't worry about that
Wait :-)
I still did not ran all the tests that I have, specially the lovely XML
schema one. It seems to work fine when validation is turned off, but I
would like to be sure...mayb we can start using it with Tomcat 5 and
change Tomcat 4.1.x once we are sure it work.
-- Jeanfrancois
Costin Manolache wrote:
Jean-Francois Arcand wrote:
Because the xerces version bundled with 1.4 is an older one, doesn't
support XML schema properly, and contains bugs (and is not as performant
as the 2.x version)
Isn't Crimson in JDK1.4 ? I remember we decided to disable XML schema
Costin Manolache wrote:
Remy Maucherat wrote:
Could I get some details on that filter/facade bug ?
Yes, Filter.init() is called with the Context object instead of the
facade. While Servlet.init() is called correctly.
This may allow access to the internals, and is just weird (
Remy Maucherat wrote:
Costin Manolache wrote:
Remy Maucherat wrote:
Could I get some details on that filter/facade bug ?
Yes, Filter.init() is called with the Context object instead of the
facade. While Servlet.init() is called correctly.
This may allow access to the internals, and is
Because the xerces version bundled with 1.4 is an older one, doesn't
support XML schema properly, and contains bugs (and is not as performant
as the 2.x version)
-- Jeanfrancois
David Thielen wrote:
thanks - dave
-
To
Remy Maucherat wrote:
Jean-Francois Arcand wrote:
Hi Remy,
the servlet doesn't compile with JDK 1.3.x :
StatusManagerServlet.java:274: cannot resolve symbol
[javac] symbol : method maxMemory ()
[javac] location: class java.lang.Runtime
[javac] writer.print
Hi Remy,
the servlet doesn't compile with JDK 1.3.x :
StatusManagerServlet.java:274: cannot resolve symbol
[javac] symbol : method maxMemory ()
[javac] location: class java.lang.Runtime
[javac] writer.print(Runtime.getRuntime().maxMemory());
[javac]
ballot
[ ] Alpha
[ ] Beta
[X ] Stable (GA)
/ballot
-- Jeanfrancois
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
From your description, everything seems fine. Does the error occurs
only inside Tomcat or if you parse your file using the command line if
also choke?
-- Jeanfrancois
Bill Barker wrote:
I've been trying to set up a CLIENT-CERT authentication for MemoryRealm (one
of the few that handles it :).
Hi,
the nightly scriptm who starts from a clean workspace, fail with the
following:
downloadfile:
[mkdir] Created dir: /home/jfarcand/jakarta-tomcat/tyrex-1.0
[get] Getting: http://telia.dl.sourceforge.net/sourceforge/tyrex/tyrex-1.0.jar
init:
[mkdir] Created dir:
Hi Henry, a couple of comment about your translation :-)
[EMAIL PROTECTED] wrote:
hgomez 2002/10/31 01:34:44
Added: catalina/src/share/org/apache/naming
LocalStrings_fr.properties
catalina/src/share/org/apache/naming/resources
Hi Henry,
more translation recommendations ;-)
[EMAIL PROTECTED] wrote:
hgomez 2002/10/31 01:34:29
Added: catalina/src/share/org/apache/catalina/users
LocalStrings_fr.properties
catalina/src/share/org/apache/catalina/valves
Craig R. McClanahan wrote:
On Thu, 31 Oct 2002, Jean-Francois Arcand wrote:
De toute petite corrections ;-) ... ah ces Quebbecois!
Is this going to be as bad as American versus British English speakers?
:-)
Mostly...but I'm in minority againts all the French peoples on the list
Renato wrote:
Hi all,
( sorry to post here... in users list nobody answered )
One of my users is asking for the following permission in his context
java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.realm)
He is using
are available under
http://javaweb.sfbay.sun.com/~ja120114/security-audit/SecurityAudit.html
Let me know if something is missing.
Thanks,
-- jeanfrancois
--
To unsubscribe, e-mail: mailto:tomcat-dev-unsubscribe;jakarta.apache.org
For additional commands, e-mail:
Oups..wrong list...sorry.
-- Jeanfrancois
Jean-Francois Arcand wrote:
are available under
http://javaweb.sfbay.sun.com/~ja120114/security-audit/SecurityAudit.html
Let me know if something is missing.
Thanks,
-- jeanfrancois
--
To unsubscribe, e-mail:
mailto:tomcat-dev-unsubscribe
Bob Herrmann wrote:
On Mon, 2002-10-28 at 05:07, Remy Maucherat wrote:
New Tomcat 5.0 docs online (linked from the main Tomcat page):
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/index.html
New building documentation:
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/BUILDING.txt
Aditya wrote:
Glenn,
On Thu, Oct 24, 2002 at 10:03:47AM -, [EMAIL PROTECTED] wrote:
This must be a problem in your local system configuration.
Check the unix file ownerhsip and permissions for test2.new.
I've done that and the fact is that it works fine without the security
Hi,
testing package protection, I have come to the following conclusion:
Packages that we can protect against access
--
o.a.catalina
o.a.jasper
o.a.jsp
o.a.jk
Packages that we can protect against definition
Remy Maucherat wrote:
Jean-Francois Arcand wrote:
Hi,
testing package protection, I have come to the following conclusion:
Packages that we can protect against access
--
o.a.catalina
o.a.jasper
o.a.jsp
o.a.jk
Packages that we can protect against
Hi,
In StandardClassLoader, starting line 815, the SecurityManager is invoked:
// (.5) Permission to access this class when using a SecurityManager
if (securityManager != null) {
int i = name.lastIndexOf('.');
if (i = 0) {
try {
Foget that email. The problem is in front of the computer, not in the
class ;-)
-- Jeanfrancois
Jean-Francois Arcand wrote:
Hi,
In StandardClassLoader, starting line 815, the SecurityManager is
invoked:
// (.5) Permission to access this class when using a
SecurityManager
Hi,
is method o.a.c.http11.Http11Processor.addFilter used by Tomcat 3.x? The
method is not used in 4.1.X and 5, and I would like to remove it. The
method gives direct access to Class.forName, and this is a lightweight
security issue.
Thanks,
-- Jeanfrancois
--
To unsubscribe, e-mail:
HI,
just a quick update with Xerces 2.2. Two weeks ago, I tough I've found
the problem Tomcat was having with Xerces 2,2 (by replacing struts.jar
file with the 1.1 beta version, the bug did not show up again). I did
some tests last week and the bug starts to re-appear, but not all the
time
+1
He is quite impressive on tomcat-users list
-- Jeanfrancois
Bob Herrmann wrote:
Mladen's word is enough for me.
+1 for John Turner
Cheers,
-bob
On Fri, 2002-10-18 at 15:11, Mladen Turk wrote:
Hi,
I'd like to propose John Turner [Jturner at AAS.com]
as a new Tomcat committer.
He
Hi,
I got the following error when I start Tomcat with the
o.a.c.session.PersistentManager manager:
ServerLifecycleListener: createMBeans: MBeanException
java.lang.Exception: ManagedBean is not found with PersistentManager
at
Hi,
I got the following error when I start Tomcat with the
o.a.c.session.PersistentManager manager:
ServerLifecycleListener: createMBeans: MBeanException
java.lang.Exception: ManagedBean is not found with PersistentManager
at
Sorry for the second postmy mail server is having problems
Jean-Francois Arcand wrote:
Hi,
I got the following error when I start Tomcat with the
o.a.c.session.PersistentManager manager:
ServerLifecycleListener: createMBeans: MBeanException
java.lang.Exception: ManagedBean
OK, I have committed the change, do testing, and try to hack the code I
just wrote. Of course, more testing will be appreciated :-)
-- Jeanfrancois
Glenn Nielsen wrote:
Jean-Francois Arcand wrote:
Glenn Nielsen wrote:
Costin Manolache wrote:
I'm in the middle on this one - but I
?
-1 for changing/removing the doPrivileged()
Other voices?
Regards,
Glenn
Thanks,
-- Jeanfrancois
Jean-Francois Arcand wrote:
Hi,
In o.a.c.tomcat5.CoyoteRequest (same in tomcat4), there is a
doPrivilege block that grant the doGetSession method. This method
delegate
including security policy permissions required
for managing/persisting those sessions.
Costin
Jean-Francois Arcand wrote:
Glenn Nielsen wrote:
The doPrivileged() for getting a session is in the CoyoteRequest
public getSession()
method which is implemented as required by ServletRequest
Hi,
I've re-factored Catalina.java and CatalinaService.java and merge the
security code into a single class: o.a.c.security.SecurityConfig. This
class will manage all the package access/definition security properties.
Actually, the list of package access/definition are harcoded in that
Glenn Nielsen wrote:
Jean-Francois Arcand wrote:
Hi,
I've re-factored Catalina.java and CatalinaService.java and merge the
security code into a single class: o.a.c.security.SecurityConfig.
This class will manage all the package access/definition security
properties.
Works for me
The appropriate forum for that type of questions will be first under
tomcat-user mailling list :-)
I've just rename one of my war
wiponline.war
file without any problems. So it is not related to Tomcat. Maybe you JDK
have a bug?
-- Jeanfrancois
Markus Zänglein wrote:
HI
I was faced
HI,
is somebody aware why package org.apache.coyote.* and
org.apache.tomcat.* are not protected againts package insertion/access
in Catalina.java. What is the reasons? Actually, classes are not
available to a Webapp (the Classloader is taking care of it) but when
Tomcat is embedded in an app
Hi Glenn,
should it be org.apache.tomcat.util instead of org.apache.util ?
Thanks,
-- Jeanfrancois
[EMAIL PROTECTED] wrote:
glenn 2002/10/15 13:33:19
Modified:catalina/src/share/org/apache/catalina/startup Catalina.java
CatalinaService.java
Log:
Add
Hi,
In o.a.c.tomcat5.CoyoteRequest (same in tomcat4), there is a doPrivilege
block that grant the doGetSession method. This method delegate the logic
to the o.a.c.Manager instance. A Manager can (but it's not required)
uses a o.a.c.Store object . The Manager and the Store object may need
Costin Manolache wrote:
I would like to propose a new mailing list.
The list will be closed to commiters only. The main purpose
will be discussions of security and other special issues.
This should avoid [Cc] threads.
The main target should be active commiters - so it should
start empty.
Hi Remy,
when you start with the SecurityManager, the following exception is thrown.
java.lang.ClassNotFoundException:
org.apache.catalina.connector.HttpRequestBase$Privilege
dGetSession
at
org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.j
ava:890)
ballot
[ X ] Remove deprecated org.apache.catalina.connector components from
the j-t-catalina module
[ ] Leave them in
/ballot
-- Jeanfrancois
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Hi,
with Tomcat 4.1.12, Xerces 2.2 is throwing the following exception:
org.xml.sax.SAXParseException: The string -- is not permitted within
comments.
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
This is a bug in the org.apache.struts.digester.Digester class. If
private stuff?)
Does anyone publish a security checklist list like this?
Blah Blah,
-bob
On Tue, 2002-10-08 at 16:36, Jean-Francois Arcand wrote:
Hi,
I'm looking to do a Security Audit on the current Tomcat 5.0 codebase. I
would like to collect as more as information as where
Hi,
I'm looking to do a Security Audit on the current Tomcat 5.0 codebase. I
would like to collect as more as information as where you think I should
look at (code, security hole, etc.). I'm planning to do the audit using
the default SecurityManager. Rigth now, I have started looking at:
-
Costin Manolache wrote:
Remy Maucherat wrote:
If the EG prefers features over portability - then we need to find a
way to create a distribution without JSP ( is this possible ?) and maybe
compensate by including cocoon or velocity.
Personally, I would support 1.3 (and 1.2 assuming
1 - 100 of 133 matches
Mail list logo