https://bz.apache.org/bugzilla/show_bug.cgi?id=63287
Mark Thomas <ma...@apache.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Mark Thomas <ma...@apache.org> --- Thanks for the report. Reviewing the individual reports I think there is a little to much focus on similarity of code and not enough focus on similarity of function. To put it another way, an invalid charset may be a minor issue when provided as part of a user request but a significant issue if a security realm is configured to digest passwords using an invalid encoding. For report 1, a better comparison would be how the MemoryUserDatabase handles a missing/invalid tomcat-users.xml file. Also, there are other error conditions earlier in JAASMemoryLoginModule that should be treated in a consistent manner. For report 2, an argument could be made that AccessLogValve should use WARN but it isn't a very strong argument. For Response, an invalid encoding may not be an error so WARN seems right. I think there is a case for making MessageDigestCredentialHandler and Connector ERROR. For report 3, I agree they should be the same buy I'd switch to WARN since cluster nodes going down isn't unexpected. Fixed in master for 9.0.18 onwards. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org