https://bz.apache.org/bugzilla/show_bug.cgi?id=63287

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Thanks for the report.

Reviewing the individual reports I think there is a little to much focus on
similarity of code and not enough focus on similarity of function. To put it
another way, an invalid charset may be a minor issue when provided as part of a
user request but a significant issue if a security realm is configured to
digest passwords using an invalid encoding.

For report 1, a better comparison would be how the MemoryUserDatabase handles a
missing/invalid tomcat-users.xml file. Also, there are other error conditions
earlier in JAASMemoryLoginModule that should be treated in a consistent manner.

For report 2, an argument could be made that AccessLogValve should use WARN but
it isn't a very strong argument. For Response, an invalid encoding may not be
an error so WARN seems right. I think there is a case for making
MessageDigestCredentialHandler and Connector ERROR.

For report 3, I agree they should be the same buy I'd switch to WARN since
cluster nodes going down isn't unexpected.

Fixed in master for 9.0.18 onwards.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to