David, The change of the http://geronimo.apache.org/xml/ns/web/jetty/config-1.0 namespace is now causing the test-jetty failure in trunk builds. It looks like the old ../jetty/config-1.0 namespace is not being automatically upgraded to .../jetty/config-1.0.1 namespace.
Here's the geronimo-web.xml file for this test: http://svn.apache.org/viewvc/geronimo/server/trunk/testsuite/web-testsuite/test-jetty/src/main/webapp/WEB-INF/geronimo-web.xml?content-type=text%2Fplain&view=co Thanks, Jarek On Jan 9, 2008 8:04 PM, <[EMAIL PROTECTED]> wrote: > Author: djencks > Date: Wed Jan 9 17:03:50 2008 > New Revision: 610624 > > URL: http://svn.apache.org/viewvc?rev=610624&view=rev > Log: > GERONIMO-3738 Expose new compactPath (or, expose security vulns) jetty > parameter > > Added: > > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-2.0.2.xsd > (contents, props changed) > - copied, changed from r610611, > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-2.0.1.xsd > > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-config-1.0.1.xsd > (contents, props changed) > - copied, changed from r610611, > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-config-1.0.xsd > Removed: > > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-2.0.1.xsd > > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-config-1.0.xsd > Modified: > > geronimo/server/trunk/framework/modules/geronimo-deployment/src/main/java/org/apache/geronimo/deployment/xmlbeans/XmlBeansUtil.java > > geronimo/server/trunk/plugins/j2ee/geronimo-naming-builder/src/main/xsd/geronimo-naming-1.2.xsd > > geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/xsd/geronimo-security-1.2.xsd > > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java > > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsdconfig/xmlconfig.xml > > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/test/resources/plans/plan4-converted.xml > > geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyWebAppContext.java > > geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/AbstractWebModuleTest.java > > Modified: > geronimo/server/trunk/framework/modules/geronimo-deployment/src/main/java/org/apache/geronimo/deployment/xmlbeans/XmlBeansUtil.java > URL: > http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-deployment/src/main/java/org/apache/geronimo/deployment/xmlbeans/XmlBeansUtil.java?rev=610624&r1=610623&r2=610624&view=diff > ============================================================================== > --- > geronimo/server/trunk/framework/modules/geronimo-deployment/src/main/java/org/apache/geronimo/deployment/xmlbeans/XmlBeansUtil.java > (original) > +++ > geronimo/server/trunk/framework/modules/geronimo-deployment/src/main/java/org/apache/geronimo/deployment/xmlbeans/XmlBeansUtil.java > Wed Jan 9 17:03:50 2008 > @@ -71,10 +71,12 @@ > > NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/j2ee/web-1.2";, > "http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1";); > > NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/j2ee/web-2.0";, > "http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1";); > NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/web/jetty";, > "http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.1";); > - > NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.1";, > "http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.1";); > - > NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.2";, > "http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.1";); > - > NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0";, > "http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.1";); > - > NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/web/jetty/config";, > "http://geronimo.apache.org/xml/ns/j2ee/web/jetty/config-1.0";); > + > NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.1";, > "http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.2";); > + > NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.2";, > "http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.2";); > + > NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0";, > "http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.2";); > + > NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.1";, > "http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.2";); > + > NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/web/jetty/config";, > "http://geronimo.apache.org/xml/ns/j2ee/web/jetty/config-1.0.1";); > + > NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/web/jetty/config-1.0";, > "http://geronimo.apache.org/xml/ns/j2ee/web/jetty/config-1.0.1";); > > NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/web/tomcat";, > "http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-2.0.1";); > > NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.1";, > "http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-2.0.1";); > > NAMESPACE_UPDATES.put("http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.2";, > "http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-2.0.1";); > > Modified: > geronimo/server/trunk/plugins/j2ee/geronimo-naming-builder/src/main/xsd/geronimo-naming-1.2.xsd > URL: > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-naming-builder/src/main/xsd/geronimo-naming-1.2.xsd?rev=610624&r1=610623&r2=610624&view=diff > ============================================================================== > --- > geronimo/server/trunk/plugins/j2ee/geronimo-naming-builder/src/main/xsd/geronimo-naming-1.2.xsd > (original) > +++ > geronimo/server/trunk/plugins/j2ee/geronimo-naming-builder/src/main/xsd/geronimo-naming-1.2.xsd > Wed Jan 9 17:03:50 2008 > @@ -29,7 +29,7 @@ > schema will never be used directly but its elements are used in > geronimo-application-client-2.0.xsd, geronimo-connector-1.2.xsd, > geronimo-web-2.0.1.xsd, geronimo-tomcat-2.0.1.xsd, and > - geronimo-jetty-2.0.1.xsd. All the schema's or plans using > elements of > + geronimo-jetty-2.0.2.xsd. All the schema's or plans using > elements of > this schema must specify the top level element with one of the > namespace specified as > "http://geronimo.apache.org/xml/ns/j2ee/naming-1.2";. The default > > Modified: > geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/xsd/geronimo-security-1.2.xsd > URL: > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/xsd/geronimo-security-1.2.xsd?rev=610624&r1=610623&r2=610624&view=diff > ============================================================================== > --- > geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/xsd/geronimo-security-1.2.xsd > (original) > +++ > geronimo/server/trunk/plugins/j2ee/geronimo-security-builder/src/main/xsd/geronimo-security-1.2.xsd > Wed Jan 9 17:03:50 2008 > @@ -32,7 +32,7 @@ > elements. This schema will never be used directly but its > elements > are used in geronimo-application-client-2.0.xsd, > geronimo-connector-1.2.xsd, geronimo-web-2.0.1.xsd, > - geronimo-tomcat-2.0.1.xsd, and geronimo-jetty-2.0.1.xsd. All the > schemas > + geronimo-tomcat-2.0.1.xsd, and geronimo-jetty-2.0.2.xsd. All the > schemas > or plans using elements of this schema must specify the top level > element with one of the namespace specified as > "http://geronimo.apache.org/xml/ns/j2ee/security-1.2";. The > default > > Modified: > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java > URL: > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java?rev=610624&r1=610623&r2=610624&view=diff > ============================================================================== > --- > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java > (original) > +++ > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/java/org/apache/geronimo/jetty6/deployment/JettyModuleBuilder.java > Wed Jan 9 17:03:50 2008 > @@ -480,6 +480,11 @@ > configureSecurityRealm(earContext, webApp, jettyWebApp, > webModuleData, securityRoles, rolePermissions); > } > > + //See Jetty-386, GERONIMO-3738 > + if (jettyWebApp.getCompactPath()) { > + webModuleData.setAttribute("compactPath", Boolean.TRUE); > + } > + > //TODO this may definitely not be the best place for this! > for (ModuleBuilderExtension mbe : moduleBuilderExtensions) { > mbe.addGBeans(earContext, module, cl, repository); > > Copied: > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-2.0.2.xsd > (from r610611, > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-2.0.1.xsd) > URL: > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-2.0.2.xsd?p2=geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-2.0.2.xsd&p1=geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-2.0.1.xsd&r1=610611&r2=610624&rev=610624&view=diff > ============================================================================== > --- > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-2.0.1.xsd > (original) > +++ > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-2.0.2.xsd > Wed Jan 9 17:03:50 2008 > @@ -18,8 +18,8 @@ > > <!-- $Rev$ $Date$ --> > > -<xs:schema xmlns:web="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.1"; > - targetNamespace="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.1"; > +<xs:schema xmlns:web="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.2"; > + targetNamespace="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.2"; > xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.2"; > xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2"; > xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-2.0"; > @@ -180,7 +180,16 @@ > </xs:documentation> > </xs:annotation> > </xs:element> > - > + <xs:element name="compact-path" type="xs:boolean" minOccurs="0"> > + <xs:annotation> > + <xs:documentation> > + See Jetty-386. Setting this to true makes paths > like http://localhost:8080/test//favicon.ico > + act the same as > http://localhost:8080/test/favicon.ico. Setting this to true is likely to > result > + in a security vulnerability such as exposing static > content in WEB-INF and behind security constraints. > + </xs:documentation> > + </xs:annotation> > + </xs:element> > + > <xs:group ref="naming:jndiEnvironmentRefsGroup"> > <xs:annotation> > <xs:documentation> > > Propchange: > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-2.0.2.xsd > ------------------------------------------------------------------------------ > svn:eol-style = native > > Propchange: > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-2.0.2.xsd > ------------------------------------------------------------------------------ > svn:keywords = Date Author Id Revision HeadURL > > Propchange: > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-2.0.2.xsd > ------------------------------------------------------------------------------ > svn:mime-type = text/xml > > Copied: > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-config-1.0.1.xsd > (from r610611, > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-config-1.0.xsd) > URL: > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-config-1.0.1.xsd?p2=geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-config-1.0.1.xsd&p1=geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-config-1.0.xsd&r1=610611&r2=610624&rev=610624&view=diff > ============================================================================== > --- > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-config-1.0.xsd > (original) > +++ > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-config-1.0.1.xsd > Wed Jan 9 17:03:50 2008 > @@ -16,8 +16,8 @@ > limitations under the License. > --> > > -<xs:schema > xmlns:jetty="http://geronimo.apache.org/xml/ns/web/jetty/config-1.0"; > - targetNamespace="http://geronimo.apache.org/xml/ns/web/jetty/config-1.0"; > +<xs:schema > xmlns:jetty="http://geronimo.apache.org/xml/ns/web/jetty/config-1.0.1"; > + > targetNamespace="http://geronimo.apache.org/xml/ns/web/jetty/config-1.0.1"; > xmlns:xs="http://www.w3.org/2001/XMLSchema"; > elementFormDefault="qualified" > attributeFormDefault="unqualified" version="1.0"> > > @@ -31,7 +31,7 @@ > specified as > xmlns="http://geronimo.apache.org/xml/ns/j2ee/jetty-config-1.0";. > The > default location for this document is > - > http://geronimo.apache.org/schemas-1.2/geronimo-jetty-config-1.0.xsd > + > http://geronimo.apache.org/schemas-1.2/geronimo-jetty-config-1.0.1.xsd > </xs:documentation> > </xs:annotation> > <xs:element name="jetty" type="jetty:jetty-configType"> > @@ -72,6 +72,15 @@ > name of the clustering implementation > (org.codehaus.wadi.jetty5.JettyManager) used by this > web > application. > + </xs:documentation> > + </xs:annotation> > + </xs:element> > + <xs:element name="compact-path" type="xs:boolean" minOccurs="0"> > + <xs:annotation> > + <xs:documentation> > + See Jetty-386. Setting this to true makes paths > like http://localhost:8080/test//favicon.ico > + act the same as > http://localhost:8080/test/favicon.ico. Setting this to true is likely to > result > + in a security vulnerability such as exposing static > content in WEB-INF and behind security constraints. > </xs:documentation> > </xs:annotation> > </xs:element> > > Propchange: > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-config-1.0.1.xsd > ------------------------------------------------------------------------------ > svn:eol-style = native > > Propchange: > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-config-1.0.1.xsd > ------------------------------------------------------------------------------ > svn:keywords = Date Author Id Revision HeadURL > > Propchange: > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsd/geronimo-jetty-config-1.0.1.xsd > ------------------------------------------------------------------------------ > svn:mime-type = text/xml > > Modified: > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsdconfig/xmlconfig.xml > URL: > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsdconfig/xmlconfig.xml?rev=610624&r1=610623&r2=610624&view=diff > ============================================================================== > --- > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsdconfig/xmlconfig.xml > (original) > +++ > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/main/xsdconfig/xmlconfig.xml > Wed Jan 9 17:03:50 2008 > @@ -18,11 +18,11 @@ > --> > <!-- @version $Rev$ $Date$ --> > <xb:config xmlns:xb="http://www.bea.com/2002/09/xbean/config";> > - <xb:namespace > uri="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.1";> > + <xb:namespace > uri="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.2";> > > <xb:package>org.apache.geronimo.xbeans.geronimo.web.jetty</xb:package> > <xb:prefix>Jetty</xb:prefix> > </xb:namespace> > - <xb:namespace > uri="http://geronimo.apache.org/xml/ns/web/jetty/config-1.0";> > + <xb:namespace > uri="http://geronimo.apache.org/xml/ns/web/jetty/config-1.0.1";> > > <xb:package>org.apache.geronimo.xbeans.geronimo.web.jetty.config</xb:package> > <xb:prefix>Ger</xb:prefix> > </xb:namespace> > > Modified: > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/test/resources/plans/plan4-converted.xml > URL: > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/test/resources/plans/plan4-converted.xml?rev=610624&r1=610623&r2=610624&view=diff > ============================================================================== > --- > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/test/resources/plans/plan4-converted.xml > (original) > +++ > geronimo/server/trunk/plugins/jetty/geronimo-jetty6-builder/src/test/resources/plans/plan4-converted.xml > Wed Jan 9 17:03:50 2008 > @@ -15,7 +15,7 @@ > See the License for the specific language governing permissions and > limitations under the License. > --> > -<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.1"; > +<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.2"; > xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2";> > > <dep:environment> > > Modified: > geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyWebAppContext.java > URL: > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyWebAppContext.java?rev=610624&r1=610623&r2=610624&view=diff > ============================================================================== > --- > geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyWebAppContext.java > (original) > +++ > geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyWebAppContext.java > Wed Jan 9 17:03:50 2008 > @@ -117,6 +117,8 @@ > Authenticator authenticator, > String realmName, > Map<String, String> tagLibMap, > + boolean compactPath, > + > int sessionTimeoutSeconds, > SessionHandlerFactory handlerFactory, > PreHandlerFactory preHandlerFactory, > @@ -169,6 +171,8 @@ > ServletHandler servletHandler = new ServletHandler(); > > webAppContext = new TwistyWebAppContext(securityHandler, > sessionHandler, servletHandler, null); > + //See Jetty-386. Setting this to true can expose secured content. > + webAppContext.setCompactPath(compactPath); > > //wrap the web app context with the jndi handler > GeronimoUserTransaction userTransaction = new > GeronimoUserTransaction(transactionManager); > @@ -559,6 +563,7 @@ > infoBuilder.addAttribute("applicationManagedSecurityResources", > Set.class, true); > > infoBuilder.addAttribute("contextPath", String.class, true); > + infoBuilder.addAttribute("compactPath", boolean.class, true); > > infoBuilder.addAttribute("workDir", String.class, true); > infoBuilder.addReference("Host", Host.class, "Host"); > @@ -606,6 +611,7 @@ > "authenticator", > "realmName", > "tagLibMap", > + "compactPath", > GBEAN_ATTR_SESSION_TIMEOUT, > GBEAN_REF_SESSION_HANDLER_FACTORY, > GBEAN_REF_PRE_HANDLER_FACTORY, > > Modified: > geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/AbstractWebModuleTest.java > URL: > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/AbstractWebModuleTest.java?rev=610624&r1=610623&r2=610624&view=diff > ============================================================================== > --- > geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/AbstractWebModuleTest.java > (original) > +++ > geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/AbstractWebModuleTest.java > Wed Jan 9 17:03:50 2008 > @@ -106,6 +106,7 @@ > authenticator, > realmName, > null, > + false, > 0, > sessionHandlerFactory, > preHandlerFactory, > > >
