https://bz.apache.org/bugzilla/show_bug.cgi?id=63287
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Thanks for the report.
Reviewing the individual reports I think there is a little to much focus on
similarity of code and not enough focus on similarity of function. To put it
another way, an invalid charset may be a minor issue when provided as part of a
user request but a significant issue if a security realm is configured to
digest passwords using an invalid encoding.
For report 1, a better comparison would be how the MemoryUserDatabase handles a
missing/invalid tomcat-users.xml file. Also, there are other error conditions
earlier in JAASMemoryLoginModule that should be treated in a consistent manner.
For report 2, an argument could be made that AccessLogValve should use WARN but
it isn't a very strong argument. For Response, an invalid encoding may not be
an error so WARN seems right. I think there is a case for making
MessageDigestCredentialHandler and Connector ERROR.
For report 3, I agree they should be the same buy I'd switch to WARN since
cluster nodes going down isn't unexpected.
Fixed in master for 9.0.18 onwards.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
