java.lang.IllegalArgumentException: Cookie name version is a reserved token
Getting the following error, I've heard that it is something to do with brower sending more than one cookie back to the servlet. This there any fix for this at the moment ? java.lang.IllegalArgumentException: Cookie name version is a reserved token at javax.servlet.http.Cookie.init(Cookie.java:185) at org.apache.tomcat.util.RequestUtil.processCookies(RequestUtil.java:189) at org.apache.tomcat.core.RequestImpl.getCookieCount(RequestImpl.java:494) at org.apache.tomcat.session.StandardSessionInterceptor.requestMap(StandardSessionInterceptor.java:145) at org.apache.tomcat.core.ContextManager.processRequest(ContextManager.java:820) at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:771) at org.apache.tomcat.core.ContextManager.service(ContextManager.java:743) at org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processConnection(Ajp12ConnectionHandler.java:166) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498) at java.lang.Thread.run(Thread.java:484) Using jakarta-tomcat-3.2.2b1 apache-1.3.12-2 mod_jk
RE: java.lang.IllegalArgumentException: Cookie name version is a reserved token
me being stupid. Found the problem, I had a cookie name called 'version' -Original Message-From: Ron Pitts [mailto:[EMAIL PROTECTED]]Sent: 28 February 2001 11:36To: [EMAIL PROTECTED]Subject: java.lang.IllegalArgumentException: Cookie name version is a reserved token Getting the following error, I've heard that it is something to do with brower sending more than one cookie back to the servlet. This there any fix for this at the moment ? java.lang.IllegalArgumentException: Cookie name version is a reserved token at javax.servlet.http.Cookie.init(Cookie.java:185) at org.apache.tomcat.util.RequestUtil.processCookies(RequestUtil.java:189) at org.apache.tomcat.core.RequestImpl.getCookieCount(RequestImpl.java:494) at org.apache.tomcat.session.StandardSessionInterceptor.requestMap(StandardSessionInterceptor.java:145) at org.apache.tomcat.core.ContextManager.processRequest(ContextManager.java:820) at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:771) at org.apache.tomcat.core.ContextManager.service(ContextManager.java:743) at org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processConnection(Ajp12ConnectionHandler.java:166) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498) at java.lang.Thread.run(Thread.java:484) Using jakarta-tomcat-3.2.2b1 apache-1.3.12-2 mod_jk
FW: [PATCH] session attribute unbound
Just received that from Mr Frey Thibault It fixes a serious problem with session in end of life -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 28, 2001 3:49 PM To: [EMAIL PROTECTED] Subject: [PATCH] session attribute unbound When Tomcat3.3m1 unbounds a session attribute, it send a corrupted session facade to the listener. Servlet22Interceptor.java.diff - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Tomcat 4 build from CVS watchdog test fails
The following watchdog test fails with the latest build of Tomcat 4 from CVS. FAIL GET /servlet-tests/ServletContextGetInitParameterNamesTest HTTP/1.0 Regards, Glenn -- Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder| MOREnet System Programming | * if iz ina coment. | Missouri Research and Education Network | */ | -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: How can I become a developer
Hi, I have been following the messages from this thread. I have also been thinking of trying to join this group. I have read all the documentation, the open-source articles, etc. It occurs to me that the only way to join is to find a problem by running it on your own system through various personallized test, and then informing the group of the problem, and then coming up with your own solution. Is this the only way, or have I missed a note as to were a log of existing problems is that I can choose from and start working on? Thanks Gareth Jon Stevens [EMAIL PROTECTED] on 27/02/2001 23:10:34 Please respond to [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: Subject: Re: How can I become a developer on 2/26/01 8:37 PM, "jerry123" [EMAIL PROTECTED] wrote: Hi guys, I want to be a developer in your team. Could you tell me how to do it?. Thanks a lot. Michael http://jakarta.apache.org/site/getinvolved.html -jon -- If you come from a Perl or PHP background, JSP is a way to take your pain to new levels. --Anonymous http://jakarta.apache.org/velocity/ http://java.apache.org/turbine/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: FW: [advanced-servlets] Session Load Balancing (was: To avoid
Jason, Yes, and the way I've seen people solve this issue is to make each server constantly replicate its sessions to another server so that any session's state is stored in two servers (not just one). For example, if you've got four servers, A, B, C, and D, you configure A to replicate to B, B to replicate to C, C to replicate to D, and D to replicate to A. Then the "composite ID" would contain the primary server tag, secondary server tag, and the session ID, like: A:B:sessionXXX. So, if server A went down, the load balancer could still get session info from server B, and at the same time let server D know that A is down and to replicate to B until further notice. Nh. This is once again only making sure a majority of the sessions are saved in a rotation. A lot of work for very little real fault tolerance. Also I think your english up there indicates a solution that causes tremendous hysterysis amongst the servers. This also works when each server replicates sessions to more than one backup server so that you've got even higher fault tolerance (but you'll probably never need that level of fault tolerance). Now you may have something: a seperate, parallel, session cluster. -- Jason Brittain -- Nick Bauman - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Tomcat3.3m1 javadoc
Hi folks! Thanks to Costin Manolache's ftp space, you can now browse the Tomcat 3.3m1 class diagrams and javadoc online. All you need is a Java-enabled browser (if you want to browse class diagrams) or a common browser (to view just the javadoc). Please report problems with the diagrams, missing classes, etc. to: [EMAIL PROTECTED] Un saludo, Alex. http://nagoya.apache.org/~costin/tomcat3 Sorry, I don't have an index.html in ~costin. I'll create a better directory later ( right now viewing the core diagram is locking my browser :-) Costin On Wed, 21 Feb 2001, Alex Fernndez wrote: Hi Costin! I haven't found any place to post the javadoc + class diagrams. The free hosters with big space (it's about 12 MB) don't have ftp access, at least the ones I found. Shall I send it to you? Un saludo, Alex. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: Tomcat3.3m1 javadoc
Whohoo, really nice AlexGracias.. Saludos , Ignacio J. Ortega -Mensaje original- De: Alex Fernndez [mailto:[EMAIL PROTECTED]] Enviado el: mircoles 28 de febrero de 2001 17:06 Para: [EMAIL PROTECTED] Asunto: Tomcat3.3m1 javadoc Hi folks! Thanks to Costin Manolache's ftp space, you can now browse the Tomcat 3.3m1 class diagrams and javadoc online. All you need is a Java-enabled browser (if you want to browse class diagrams) or a common browser (to view just the javadoc). Please report problems with the diagrams, missing classes, etc. to: [EMAIL PROTECTED] Un saludo, Alex. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: How can I become a developer
Hi Gareth! I'm sure someone more knowledgeable will correct me if I'm wrong -- I'll offer you what I've found out. [EMAIL PROTECTED] wrote: Hi, I have been following the messages from this thread. I have also been thinking of trying to join this group. So are many of us. However, it seems that this works like secret societies: they must appoint you to be a committer ;) Anyway, no need to commit (that is, full access to the CVS tree) to join in all the fun. All you have to do is spot a problem you'd like solved, and Just Do It!(tm) I have read all the documentation, the open-source articles, etc. The best place to start, to get a feeling of the thing yourself, is the source code itself. There's about 40K lines right now in 3.3m1, so take it easy. Perhaps the class diagrams will help you to start: http://nagoya.apache.org/~costin/tomcat3 It occurs to me that the only way to join is to find a problem by running it on your own system through various personallized test, and then informing the group of the problem, and then coming up with your own solution. You don't need personalized tests, just use your servlets or JSP application. If you don't have one, now is the time to begin! Is this the only way, or have I missed a note as to were a log of existing problems is that I can choose from and start working on? I think I read somewhere that the most important thing was to have fun, sorry I cannot remember the exact source. So you can pick from existing bug-reports, build a challenging and complicated system, write javadoc or user documentation, do some code-reviewing, build new test suites... Whatever you feel you're better at. Again, please note that I'm also learning how the whole thing works, so take my opinions cum mica salis (that's what english folks would say "with a grain of salt" :) Un saludo, Alex. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: How can I become a developer
There is a bugzilla bug database for Tomcat at: http://nagoya.apache.org/buzilla/ I'm not sure if they are all for Tomcat, but there is a query engine attached to it. Steve -Original Message- From: Alex Fernndez [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 28, 2001 9:15 AM To: [EMAIL PROTECTED] Subject: Re: How can I become a developer Hi Gareth! I'm sure someone more knowledgeable will correct me if I'm wrong -- I'll offer you what I've found out. [EMAIL PROTECTED] wrote: Hi, I have been following the messages from this thread. I have also been thinking of trying to join this group. So are many of us. However, it seems that this works like secret societies: they must appoint you to be a committer ;) Anyway, no need to commit (that is, full access to the CVS tree) to join in all the fun. All you have to do is spot a problem you'd like solved, and Just Do It!(tm) I have read all the documentation, the open-source articles, etc. The best place to start, to get a feeling of the thing yourself, is the source code itself. There's about 40K lines right now in 3.3m1, so take it easy. Perhaps the class diagrams will help you to start: http://nagoya.apache.org/~costin/tomcat3 It occurs to me that the only way to join is to find a problem by running it on your own system through various personallized test, and then informing the group of the problem, and then coming up with your own solution. You don't need personalized tests, just use your servlets or JSP application. If you don't have one, now is the time to begin! Is this the only way, or have I missed a note as to were a log of existing problems is that I can choose from and start working on? I think I read somewhere that the most important thing was to have fun, sorry I cannot remember the exact source. So you can pick from existing bug-reports, build a challenging and complicated system, write javadoc or user documentation, do some code-reviewing, build new test suites... Whatever you feel you're better at. Again, please note that I'm also learning how the whole thing works, so take my opinions cum mica salis (that's what english folks would say "with a grain of salt" :) Un saludo, Alex. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: How can I become a developer
IMHO, the best way to become a tomcat developer is to resolve your own problems and itches related with tomcat. If it works fine for you and you don't need anything - then just use it :-) There are many areas where we need help - and you don't have to be an expert in tomcat to help. Try to install it - is it simple enough ? Do you find the documentation confusing ? - then try to make it better. Try to use it - can it integrate with your existing infrastructure ? If not, try to make a module ( for example to authenticate against whatever is used on your network ). Is it easy to configure ? If not, either send documentations or fixes to improve that. Is it fast enough ? In general - find something that bothers your, and fix it. Right now what bothers me is: - fixing the bugs from the database - configuration - I want it to be easier to set up and manage - scalability - what happens if you have 500 webapps ? - facade23 Costin I have been following the messages from this thread. I have also been thinking of trying to join this group. I have read all the documentation, the open-source articles, etc. It occurs to me that the only way to join is to find a problem by running it on your own system through various personallized test, and then informing the group of the problem, and then coming up with your own solution. Is this the only way, or have I missed a note as to were a log of existing problems is that I can choose from and start working on? Thanks Gareth Jon Stevens [EMAIL PROTECTED] on 27/02/2001 23:10:34 Please respond to [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: Subject: Re: How can I become a developer on 2/26/01 8:37 PM, "jerry123" [EMAIL PROTECTED] wrote: Hi guys, I want to be a developer in your team. Could you tell me how to do it?. Thanks a lot. Michael http://jakarta.apache.org/site/getinvolved.html -jon -- If you come from a Perl or PHP background, JSP is a way to take your pain to new levels. --Anonymous http://jakarta.apache.org/velocity/ http://java.apache.org/turbine/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
How to use JCE in Tomcat?
Hi, our application needs to use JCE1.2.1 to check the registeration information. the JCE api is provided by SUN Cor. after compiled, when i test the program in main(), it's quite well. but when it runs on Tomcat, exception was thrown though i have already added it into Tomcat's /lib folder or JRE's /lib folder: java.lang.ExceptionInInitializerError: java.lang.SecurityException: Cannot set up certs for trusted CAs at javax.crypto.b.([DashoPro-V1.2-120198]) at javax.crypto.Cipher.getInstance([DashoPro-V1.2-120198]) at com.iei.gms.util.License.validLicenseKey(License.java:282) at GMS.login.doService(login.java:100) at GMS.login.doPost(login.java:135) any response is highly respected Jasmine - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: How can I become a developer
The best place to start, to get a feeling of the thing yourself, is the source code itself. There's about 40K lines right now in 3.3m1, so take it easy. Perhaps the class diagrams will help you to start: http://nagoya.apache.org/~costin/tomcat3 And since I don't have an index.html, the diagrams and docs are all contributed by Alex, I just saved them in my public_html. I think I read somewhere that the most important thing was to have fun, sorry I cannot remember the exact source. So you can pick from existing bug-reports, build a challenging and complicated system, write javadoc or user documentation, do some code-reviewing, build new test suites... Whatever you feel you're better at. +1 ! ( either have fun or get a paycheck :-) Costin ( having fun ) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
[PATCH] Bug 463
Hi, I attached a patch for Bug 463. See more information at: http://nagoya.betaversion.org/bugzilla/show_bug.cgi?id=463 Thanks! --- KareEmail [EMAIL PROTECTED] patch463 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
[PATCH] Bug 691
Hi, I attached a patch for Bug 691. See more information at: http://nagoya.betaversion.org/bugzilla/show_bug.cgi?id=691 Thanks! --- KareEmail [EMAIL PROTECTED] patch691 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
[PATCH] session attribute unbound
When tomcat3.3m1 unbounds a session attribute, it send a corrupted session facade to the listener. -- Jusqu'à 60 heures gratuites pour toute souscription à l'un des nouveaux Forfaits Liberty Surf http://register.libertysurf.fr/subscribe_fr/signup.php3 Servlet22Interceptor.java.diff - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
[PATCH] Bug 748
Hi, I attached a patch for Bug 748. See more information at: http://nagoya.betaversion.org/bugzilla/show_bug.cgi?id=748 Thanks! --- KareEmail [EMAIL PROTECTED] patch748 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: Infinite recursion with errorPage blow's out JVM
Thanks - no problem! --- "Pier P. Fumagalli" [EMAIL PROTECTED] wrote: Tory Stephen Toupin [EMAIL PROTECTED] wrote: I'm having trouble accessing Bugzilla, so for give the post if this is a known bug. Sorry, the RC script launching HTTPd at boot has been removed somehow... And after the many reboots we had today, I forgot to check the HTTP daemon :( Sorry for the inconvenience... Pier -- Pier P. Fumagalli mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: [PATCH] session attribute unbound
Thank You For Your Mail, Keep In Touch By Sending More With Thanks And Regards, Sajid Rahman M M.M.A Hostel Mothi Nagar B'lore - 2 Get free email and a permanent address at http://www.netaddress.com
How do I configure tomcat 3.2.1 for SSL only?
I'd like tomcat to only respond to SSL requests; the port 80 homepage will just be a link to the secured area. The virtual hosts documentation http://jakarta.apache.org/tomcat/jakarta-tomcat/src/doc/tomcat-apache-howto.html#virtual_hosting assumes different hosts have different names, but my SSL and non-SSL vhosts in httpd.conf have the same name. How do I differentiate? Do I have to set the 'main' (insecure) ServerName to something like myhost-insecure.domain.dom, and set 'ServerName myhost.domain.dom' inside the SSL vhost? Please tell me there's a better way. Also, the example of how to configure server.xml shows the text from httpd.conf instead; this sounds familiar. Does anyone have the right text to go into that box? Thx, Chris Pepper Next, you need to configure Tomcat's server.xml file. Option 2 - Same Tomcat for all Virtual Hosts (server.xml) [ snip! ] # Minimalistic Virtual Host configuration VirtualHost 192.168.0.1 ServerName host1 DocumentRoot /web/host1/html ApJServMount /servlet /ROOT Directory "/web/host1/html/WEB-INF" Options None Deny from all /Directory /VirtualHost VirtualHost 192.168.0.1 ServerName host2 DocumentRoot /web/host2/html ApJServMount /servlet /ROOT Directory "/web/host2/html/WEB-INF" Options None Deny from all /Directory /VirtualHost [ snip! ] -- Chris Pepper: http://www.reppep.com/~pepper/ Rockefeller U Computing Services: http://www.rockefeller.edu/ Mac OS X Software: http://www.mosxsw.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: FW: [advanced-servlets] Session Load Balancing (was: To avoid
Nick Bauman wrote: Jason, Yes, and the way I've seen people solve this issue is to make each server constantly replicate its sessions to another server so that any session's state is stored in two servers (not just one). For example, if you've got four servers, A, B, C, and D, you configure A to replicate to B, B to replicate to C, C to replicate to D, and D to replicate to A. Then the "composite ID" would contain the primary server tag, secondary server tag, and the session ID, like: A:B:sessionXXX. So, if server A went down, the load balancer could still get session info from server B, and at the same time let server D know that A is down and to replicate to B until further notice. Nh. This is once again only making sure a majority of the sessions are saved in a rotation. A lot of work for very little real fault tolerance. Sorry to say, but the folks at BEA disagree with you -- this is exactly what Weblogic does to facilitate distributed HTTP sessions. In-memory replication to a selected "buddy" server is pretty fast and fault tolerant enough for most failures. It can also ensure no single point of failure. Also I think your english up there indicates a solution that causes tremendous hysterysis amongst the servers. How so? This also works when each server replicates sessions to more than one backup server so that you've got even higher fault tolerance (but you'll probably never need that level of fault tolerance). Now you may have something: a seperate, parallel, session cluster. Anyone could sure do it that way. But, I'm not sure that separating it out from the servers themselves could add much fault tolerance since the cons to doing this seem to be about as large as the pros. It seems to me that making it part of the servers (the servlet containers, for instance) would work just as well. -- Jason Brittain Software Engineer, Olliance Inc.http://www.Olliance.com Current Maintainer, Locomotive Project http://www.Locomotive.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util SimplePool.java
larryi 01/02/28 11:21:23 Modified:src/share/org/apache/tomcat/util Tag: tomcat_32 SimplePool.java Log: Applied patch to race condition. Bugzilla Bug #728. Submitted by: [EMAIL PROTECTED] Similar changes were already present in MAIN branch. This patch cleaned the code up a little better. Will update the MAIN branch to match these changes. Revision ChangesPath No revision No revision 1.3.2.1 +22 -24 jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SimplePool.java Index: SimplePool.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SimplePool.java,v retrieving revision 1.3 retrieving revision 1.3.2.1 diff -u -r1.3 -r1.3.2.1 --- SimplePool.java 2000/05/26 17:32:17 1.3 +++ SimplePool.java 2001/02/28 19:21:22 1.3.2.1 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SimplePool.java,v 1.3 2000/05/26 17:32:17 costin Exp $ - * $Revision: 1.3 $ - * $Date: 2000/05/26 17:32:17 $ + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SimplePool.java,v 1.3.2.1 2001/02/28 19:21:22 larryi Exp $ + * $Revision: 1.3.2.1 $ + * $Date: 2001/02/28 19:21:22 $ * * * @@ -63,11 +63,6 @@ package org.apache.tomcat.util; -import java.util.zip.*; -import java.net.*; -import java.util.*; -import java.io.*; - /** * Simple object pool. Based on ThreadPool and few other classes * @@ -83,12 +78,16 @@ private Object pool[]; private int max; -private int minSpare; -private int maxSpare; - private int current=-1; Object lock; +public static final int DEFAULT_SIZE=16; + +public SimplePool() { + this.max=DEFAULT_SIZE; + pool=new Object[max]; + lock=new Object(); +} public SimplePool(int max) { this.max=max; @@ -103,33 +102,32 @@ * Add the object to the pool, silent nothing if the pool is full */ public void put(Object o) { - int idx=-1; synchronized( lock ) { - if( current max ) - idx=++current; + if( current (max-1) ) { + current += 1; + pool[current] = o; +} } - if( idx 0 ) - pool[idx]=o; } /** * Get an object from the pool, null if the pool is empty. */ public Object get() { - int idx=-1; + Object item = null; synchronized( lock ) { - if( current = 0 ) - idx=current--; + if( current = 0 ) { + item = pool[current]; + current -= 1; + } } - if( idx = 0 ) - return pool[idx]; - return null; + return item; } -/** Return the size of the pool +/** + * Return the size of the pool */ public int getMax() { return max; } - } - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util/collections SimplePool.java
larryi 01/02/28 11:24:35 Modified:src/share/org/apache/tomcat/util/collections SimplePool.java Log: Updated to match the patch made to the tomcat_32 version. That patch cleaned up the code a little better. Submitted by: [EMAIL PROTECTED] Revision ChangesPath 1.2 +16 -21 jakarta-tomcat/src/share/org/apache/tomcat/util/collections/SimplePool.java Index: SimplePool.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/collections/SimplePool.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- SimplePool.java 2000/12/07 19:52:51 1.1 +++ SimplePool.java 2001/02/28 19:24:32 1.2 @@ -1,4 +1,8 @@ /* + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/collections/SimplePool.java,v 1.2 2001/02/28 19:24:32 larryi Exp $ + * $Revision: 1.2 $ + * $Date: 2001/02/28 19:24:32 $ + * * * * The Apache Software License, Version 1.1 @@ -59,11 +63,6 @@ package org.apache.tomcat.util.collections; -import java.util.zip.*; -import java.net.*; -import java.util.*; -import java.io.*; - /** * Simple object pool. Based on ThreadPool and few other classes * @@ -79,9 +78,6 @@ private Object pool[]; private int max; -private int minSpare; -private int maxSpare; - private int current=-1; Object lock; @@ -106,12 +102,11 @@ * Add the object to the pool, silent nothing if the pool is full */ public void put(Object o) { - int idx=-1; synchronized( lock ) { - if( current max - 1 ) - idx=++current; - if( idx = 0 ) - pool[idx]=o; + if( current (max-1) ) { + current += 1; + pool[current] = o; +} } } @@ -119,20 +114,20 @@ * Get an object from the pool, null if the pool is empty. */ public Object get() { - int idx=-1; + Object item = null; synchronized( lock ) { - if( current = 0 ) - idx=current--; - if( idx = 0 ) - return pool[idx]; + if( current = 0 ) { + item = pool[current]; + current -= 1; + } } - return null; + return item; } -/** Return the size of the pool +/** + * Return the size of the pool */ public int getMax() { return max; } - } - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/server Ajp13.java
costin 01/02/28 11:41:24 Modified:src/share/org/apache/tomcat/modules/server Ajp13.java Log: Thanks again, Dan. I'll be running a number of tests with ajp13 after M2, it seems there are some issues related with multi processor machines and special configurations, and if we want ajp13 to be the default protocol for 3.3 it's important to make sure it works in all cases. Revision ChangesPath 1.17 +3 -3 jakarta-tomcat/src/share/org/apache/tomcat/modules/server/Ajp13.java Index: Ajp13.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/server/Ajp13.java,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- Ajp13.java2001/02/27 05:28:08 1.16 +++ Ajp13.java2001/02/28 19:41:23 1.17 @@ -376,14 +376,14 @@ if(contentLength 0) { req.setContentLength( contentLength ); /* Read present data */ - int err = receive(msg); + int err = receive(inBuf); if(err 0) { return 500; } - blen = msg.peekInt(); + blen = inBuf.peekInt(); pos = 0; - msg.getBytes(bodyBuff); + inBuf.getBytes(bodyBuff); } return 200; // Success - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
HTTP Status Codes and Error Pages
I can't tell if this is a bug or intended behavior: I have a servlet that acts as the error page for my webapp. Note that this is set up using the web.xml file, not the errorPage directive in the JSPs (if that makes any difference?) When there is an error (say 500 Internal Server Error), it returns a WML page saying things went wrong. This page is being properly generated, but the HTTP response code being sent along with it is "200 OK"! The request attribute java.servlet.error.status_code is set to 500, as I would expect. Calling response.setStatus(500) in the error servlet changes nothing. This is the response I get, headers included: HTTP/1.0 200 OK Content-Type: text/vnd.wap.wml;charset=UTF-8 Cache-Control: no-cache Servlet-Engine: Tomcat Web Server/3.2 (final) (JSP 1.1; Servlet 2.2; Java 1.3.0; SunOS 5.8 sparc; java.vendor=Sun Microsystems Inc.) ?xml version="1.0"? !DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml" wml card title="Error 500" id="error" do label="Back" type="prev" prev/ /do p We're sorry, your request could be fulfilled. br/ 500 Internal Server Error /p /card /wml - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/tests/webpages/WEB-INF test-tomcat.xml
larryi 01/02/28 12:35:16 Modified:src/tests/webpages/WEB-INF test-tomcat.xml Log: Was testing with Tomcat 3.2 and forgot to update the cookie which Tomcat 3.3 uses. Revision ChangesPath 1.25 +2 -2 jakarta-tomcat/src/tests/webpages/WEB-INF/test-tomcat.xml Index: test-tomcat.xml === RCS file: /home/cvs/jakarta-tomcat/src/tests/webpages/WEB-INF/test-tomcat.xml,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- test-tomcat.xml 2001/02/23 21:45:46 1.24 +++ test-tomcat.xml 2001/02/28 20:35:15 1.25 @@ -16,7 +16,7 @@ early tests. -- - property name="revision" value="$Revision: 1.24 $" / + property name="revision" value="$Revision: 1.25 $" / property name="host" value="127.0.0.1" / property name="port" value="8080" / property name="outputType" value="text" / @@ -445,7 +445,7 @@ httpRequest path="/test/servlet/dispatch.IncludeJspWithSession HTTP/1.0" / httpStatusMatch match="200" / responseMatch match="This is an inner file"/ - headerMatch name="Set-Cookie2" value="JSESSIONID=" / + headerMatch name="Set-Cookie" value="JSESSIONID=" / /httpClient /target - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/session SimpleSessionStore.java
larryi 01/02/28 12:38:59 Modified:src/share/org/apache/tomcat/modules/session SimpleSessionStore.java Log: Fix bug where created session is immediately recycled. Submitted by: William Barker Revision ChangesPath 1.10 +0 -1 jakarta-tomcat/src/share/org/apache/tomcat/modules/session/SimpleSessionStore.java Index: SimpleSessionStore.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/session/SimpleSessionStore.java,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- SimpleSessionStore.java 2001/02/27 18:23:01 1.9 +++ SimpleSessionStore.java 2001/02/28 20:38:58 1.10 @@ -426,7 +426,6 @@ if (session == null) { session = new ServerSession(); session.setManager( this ); - recycled.put( session ); } // XXX can return MessageBytes !!! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/facade22/org/apache/tomcat/facade Servlet22Interceptor.java
larryi 01/02/28 12:43:58 Modified:src/facade22/org/apache/tomcat/facade Servlet22Interceptor.java Log: Fix bug where sessionState() method uses an HttpSessionFacade that isn't guarateed to be valid. Submitted by: Frey Thibault Revision ChangesPath 1.12 +19 -3 jakarta-tomcat/src/facade22/org/apache/tomcat/facade/Servlet22Interceptor.java Index: Servlet22Interceptor.java === RCS file: /home/cvs/jakarta-tomcat/src/facade22/org/apache/tomcat/facade/Servlet22Interceptor.java,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- Servlet22Interceptor.java 2001/02/17 07:08:18 1.11 +++ Servlet22Interceptor.java 2001/02/28 20:43:58 1.12 @@ -173,7 +173,15 @@ newState==ServerSession.STATE_EXPIRED ) { // generate "unbould" events when the session is suspended or - // expired + // expired : + + // Session facades are managed by the request facades. + // So, the facade returned at this point by the method getFacade() + // of ServerSession is not valid : it could refer to a session facade + // that is unused, or used by a request facade for another server session. + // That's why we have to manage our own facade. + HttpSessionFacade sessionFacade = new HttpSessionFacade(); + Vector removed=new Vector(); Enumeration e = sess.getAttributeNames(); // announce all values with listener that we'll remove them @@ -181,14 +189,22 @@ String key = (String) e.nextElement(); Object value = sess.getAttribute(key); - HttpSession httpSess=(HttpSession)sess.getFacade(); + sessionFacade.setRealSession(sess); if( value instanceof HttpSessionBindingListener) { ((HttpSessionBindingListener) value).valueUnbound - (new HttpSessionBindingEvent(httpSess , key)); + (new HttpSessionBindingEvent(sessionFacade , key)); removed.addElement( key ); } + + // prevents a session crossover + sess.setFacade( null ); } + + // helps garbage collector + sessionFacade.recycle(); + sessionFacade = null; + // remove e=removed.elements(); while( e.hasMoreElements() ) { - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: cvs commit: jakarta-tomcat/src/facade22/org/apache/tomcat/facade Servlet22Interceptor.java
Thank You For Your Mail, Keep In Touch By Sending More With Thanks And Regards, Sajid Rahman M M.M.A Hostel Mothi Nagar B'lore - 2 Get free email and a permanent address at http://www.netaddress.com
Re: cvs commit:jakarta-tomcat/src/facade22/org/apache/tomcat/facadeServlet22Interceptor.java
Sajid Rahman [EMAIL PROTECTED] wrote: Thank You For Your Mail, Keep In Touch By Sending More With Thanks And Regards, Sajid Rahman M M.M.A Hostel Mothi Nagar B'lore - 2 I'm going to unsubscribe him, as this one seems to be an autoresponder and we don't want to be bothered (or do we? :) Pier -- Pier Fumagalli http://www.betaversion.org/ mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
PathInfo and PathTranslated return NULL
My fellow developers; I've just joined the list and haven't been able to find a reference to this problem, so excuse me if this has already been discussed. My servlets need to make decisions based on the URL passed in. Is ServletPath a reliable substitute? Is there a fix for PathInfo and PathTranslated. I also have some servlet code that I'd like to migrate into Tomcat. I'll discuss what it does in another posting, after I learn the rules for code submission. Thanks; -Chris Running Tomcat 3.2.1 - PathInfo and PathTranslated return NULL regardless of the URL passed in. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Future of the isapi redirector
I noticed that isapi_redirect.dll uses ajp12, but ajp13 is already out (and better than ajp12), and there are talks of ajp14 and mod_webapp and other new Connector ideas... What is the current future Connector plan for IIS? Will IIS support these new protocols anytime soon? Thanks, Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/jasper/src/share/org/apache/jasper/servlet JspServlet.java
glenn 01/02/28 14:05:52 Modified:jasper/src/share/org/apache/jasper/servlet JspServlet.java Log: Fix preload of a jasper JspServlet inner class Revision ChangesPath 1.14 +2 -2 jakarta-tomcat-4.0/jasper/src/share/org/apache/jasper/servlet/JspServlet.java Index: JspServlet.java === RCS file: /home/cvs/jakarta-tomcat-4.0/jasper/src/share/org/apache/jasper/servlet/JspServlet.java,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- JspServlet.java 2001/02/19 01:14:23 1.13 +++ JspServlet.java 2001/02/28 22:05:52 1.14 @@ -323,9 +323,9 @@ parentClassLoader.loadClass( basePackage + "runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper"); parentClassLoader.loadClass( basePackage + -"servlet.JspServlet$JspServletWrapper"); -parentClassLoader.loadClass( basePackage + "runtime.ServletResponseWrapperInclude"); + this.getClass().getClassLoader().loadClass( basePackage + +"servlet.JspServlet$JspServletWrapper"); } catch (ClassNotFoundException ex) { System.out.println( "Jasper JspServlet preload of class failed: " + - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: Future of the isapi redirector
Can anyone verify this? The "Tomcat IIS HowTo" document says that the isapi redirector uses ajp12 and makes no mention of mod_jk or any other protocols. The mod_jk howto says only that it supports "many web servers" and only explicitly mentions Apache 1.3 and Apache 2.0, and something about a "head start" on IIS and Netscape? This could mean anything... does anyone know the scoop? Thanks, Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 01, 2001 7:01 AM To: '[EMAIL PROTECTED]' Subject: Re: Future of the isapi redirector I noticed that isapi_redirect.dll uses ajp12, but ajp13 is already out (and better than ajp12), and there are talks of ajp14 and mod_webapp and other new Connector ideas... Are you sure ? I thought isapi_redirect is built from the same sources as mod_jk, and has all the protocols ( ajp12, ajp13 and jni ) in it. Ajp14 and the port of mod_webapp are not yet part of mod_jk, but that's independent of the isapi/nsapi/mod_ layer. What is the current future Connector plan for IIS? Will IIS support these new protocols anytime soon? At the same time with Apache, NES and AOLserver, as long as at least someone is using IIS and is willing to help building and testing. But carefull with "support" - Apache is the only server where most questions can be answered, and "supported" in the sense that we are confident we can test/reproduce/verify/fix. We do our best to support other servers. Costin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: HTTP Status Codes and Error Pages
Here is some more info on this problem. I'm seem to be having some problems with the respnse getting committed too early. It still seems wrong that an error page ever get returned with status code 200 though. 1) client makes request to Tomcat 2) Tomcat calls service() on my main servlet 3) servlet does an include() on some (possibly non-existant) JSP 4) JSP file does not exist (expected) 5) FileNotFoundException thrown from include() 6) main servlet catches exception 7) main servlet calls sendError() 8) sendError throws IllegalStateException (response already committed) 9) my error servlet gets called 10) error page get generated and sent to client with HTTP status 200 OK The RequestDispatcher.include() method calls flushBuffer(), which commits the response. This seems to mean that if you have a servlet which includes a JSP, any errors that occur can never be handled properly. Yikes! Code comments indicate that this flushBuffer() is not required by the spec, but is instead there to work around a problem with the session interceptor (BugRat bug #316). -- Ethan -Original Message- From: Ethan Wallwork [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 28, 2001 1:03 PM To: Tomcat-Dev Subject: HTTP Status Codes and Error Pages I can't tell if this is a bug or intended behavior: I have a servlet that acts as the error page for my webapp. Note that this is set up using the web.xml file, not the errorPage directive in the JSPs (if that makes any difference?) When there is an error (say 500 Internal Server Error), it returns a WML page saying things went wrong. This page is being properly generated, but the HTTP response code being sent along with it is "200 OK"! The request attribute java.servlet.error.status_code is set to 500, as I would expect. Calling response.setStatus(500) in the error servlet changes nothing. This is the response I get, headers included: HTTP/1.0 200 OK Content-Type: text/vnd.wap.wml;charset=UTF-8 Cache-Control: no-cache Servlet-Engine: Tomcat Web Server/3.2 (final) (JSP 1.1; Servlet 2.2; Java 1.3.0; SunOS 5.8 sparc; java.vendor=Sun Microsystems Inc.) ?xml version="1.0"? !DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml" wml card title="Error 500" id="error" do label="Back" type="prev" prev/ /do p We're sorry, your request could be fulfilled. br/ 500 Internal Server Error /p /card /wml - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: [advanced-servlets] Session Load Balancing (was: To avoid Duplicate Login)
on 2/26/01 1:58 AM, Pier P. Fumagalli at [EMAIL PROTECTED] wrote: Really interesting, when thinking about load balancing... By the way, most of the things talked about there *have* been done in one place or another -- though almost always as part of a custom site solution for big sites that do such things as "proprietary trade secrets". Most cases I've seen bury the fact that its being done by using the first x bytes of the cookie to determine session affinity and not using something so obvious as www1:asdf -- the reason they do this isn't to encrypt data, but to keep their competitors to figure out how they get better performance. :) .duncan -- James Duncan Davidson http://x180.net/ !try; do(); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: [report] Classloading problems between Catalina and Cocoon
on 2/27/01 7:57 AM, Pier P. Fumagalli at [EMAIL PROTECTED] wrote: Now, since Forte/NetBeans is now part of Sun, I believe that the best way to go is to have the two teams to talk together (not really easy as I know you're in Czechoslovakia and we are in California :) Duncan, can you help out? I'll see what I can do. Be forewarned, forward progress will take at least a week to start seeing. I'll just liase with a subset of this group though. .duncan -- James Duncan Davidson http://x180.net/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/share/org/apache/jasper/runtime BodyContentImpl.java
nacho 01/02/28 16:59:54 Modified:src/share/org/apache/jasper/runtime BodyContentImpl.java Log: [PATCH] custom tag performance problem Submitted by Casey Lucas [[EMAIL PROTECTED]] Revision ChangesPath 1.7 +5 -7 jakarta-tomcat/src/share/org/apache/jasper/runtime/BodyContentImpl.java Index: BodyContentImpl.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/jasper/runtime/BodyContentImpl.java,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- BodyContentImpl.java 1999/11/13 00:32:51 1.6 +++ BodyContentImpl.java 2001/03/01 00:59:54 1.7 @@ -107,19 +107,19 @@ //Need to re-allocate the buffer since it is to be //unbounded according to the updated spec.. -char[] tmp = new char [bufferSize]; - System.arraycopy(cb, 0, tmp, 0, cb.length); +char[] tmp = null; //XXX Should it be multiple of DEFAULT_BUFFER_SIZE?? if (len = Constants.DEFAULT_BUFFER_SIZE) { - cb = new char [bufferSize + Constants.DEFAULT_BUFFER_SIZE]; + tmp = new char [bufferSize + Constants.DEFAULT_BUFFER_SIZE]; bufferSize += Constants.DEFAULT_BUFFER_SIZE; } else { - cb = new char [bufferSize + len]; + tmp = new char [bufferSize + len]; bufferSize += len; } - System.arraycopy(tmp, 0, cb, 0, tmp.length); + System.arraycopy(cb, 0, tmp, 0, cb.length); + cb = tmp; tmp = null; } @@ -499,8 +499,6 @@ public void clear() throws IOException { synchronized (lock) { -cb = new char [Constants.DEFAULT_BUFFER_SIZE]; - bufferSize = Constants.DEFAULT_BUFFER_SIZE; nextChar = 0; } } - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/jasper/src/bin jasper.bat jasper.sh
remm01/02/28 17:30:14 Modified:jasper/src/bin jasper.bat jasper.sh Log: - Fix Jasper scripts to reflect the changes in the directory structure. Also add fix to run on Cygwin. Patch submitted by Steve Downey steve.downey at netfolio.com Revision ChangesPath 1.3 +3 -1 jakarta-tomcat-4.0/jasper/src/bin/jasper.bat Index: jasper.bat === RCS file: /home/cvs/jakarta-tomcat-4.0/jasper/src/bin/jasper.bat,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- jasper.bat2000/09/05 01:04:54 1.2 +++ jasper.bat2001/03/01 01:30:13 1.3 @@ -11,7 +11,7 @@ rem JAVA_HOME rem Must point at your Java Development Kit installation. rem -rem $Id: jasper.bat,v 1.2 2000/09/05 01:04:54 craigmcc Exp $ +rem $Id: jasper.bat,v 1.3 2001/03/01 01:30:13 remm Exp $ rem --- rem - Save Environment Variables That May Change -- @@ -41,6 +41,8 @@ rem FIXME below set CLASSPATH=%JASPER_HOME%\classes for %%i in (%JASPER_HOME%\lib\*.jar) do call %JASPER_HOME%\bin\jpappend.bat %%i +for %%i in (%JASPER_HOME%\jasper\*.jar) do call %JASPER_HOME%\bin\jpappend.bat %%i +set CLASSPATH=%CLASSPATH%;%JASPER_HOME%\bin\servlet.jar echo Using CLASSPATH: %CLASSPATH% rem - Execute The Requested Command --- 1.2 +29 -4 jakarta-tomcat-4.0/jasper/src/bin/jasper.sh Index: jasper.sh === RCS file: /home/cvs/jakarta-tomcat-4.0/jasper/src/bin/jasper.sh,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- jasper.sh 2000/08/12 00:52:05 1.1 +++ jasper.sh 2001/03/01 01:30:13 1.2 @@ -13,14 +13,33 @@ # JAVA_HOME # Must point at your Java Development Kit installation. # -# $Id: jasper.sh,v 1.1 2000/08/12 00:52:05 pierred Exp $ +# $Id: jasper.sh,v 1.2 2001/03/01 01:30:13 remm Exp $ # - # - Verify and Set Required Environment Variables - -if [ "$JASPER_HOME" = "" ] ; then - JASPER_HOME=`pwd` +if [ -z "$JASPER_HOME" ] ; then + ## resolve links - $0 may be a link to home + PRG=$0 + progname=`basename $0` + + while [ -h "$PRG" ] ; do +ls=`ls -ld "$PRG"` +link=`expr "$ls" : '.*- \(.*\)$'` +if expr "$link" : '.*/.*' /dev/null; then + PRG="$link" +else + PRG="`dirname $PRG`/$link" +fi + done + + JASPER_HOME_1=`dirname "$PRG"`/.. + echo "Guessing JASPER_HOME from catalina.sh to ${JASPER_HOME_1}" +if [ -d ${JASPER_HOME_1}/conf ] ; then + JASPER_HOME=${JASPER_HOME_1} + echo "Setting JASPER_HOME to $JASPER_HOME" +fi fi if [ "$JASPER_OPTS" = "" ] ; then @@ -37,9 +56,15 @@ # FIXME CP=$JASPER_HOME/dummy # FIXME below CP=$CP:$JASPER_HOME/classes -for i in $JASPER_HOME/lib/*.jar ; do +for i in $JASPER_HOME/lib/*.jar $JASPER_HOME/jasper/*.jar ; do CP=$CP:$i done + +# convert the existing path to windows +if [ "$OSTYPE" = "cygwin32" ] || [ "$OSTYPE" = "cygwin" ] ; then + CP=`cygpath --path --windows "$CP"` + JASPER_HOME=`cygpath --path --windows "$JASPER_HOME"` +fi echo Using CLASSPATH: $CP - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: [Security Issue] Sessions are visible across multiple clients
Probably partially resolved by the patch I forward previously. From M. Frey La prise de conscience de votre propre ignorance est un grand pas vers la connaissance. -- Benjamin Disraeli -Original Message- From: Amrhein, Thomas [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 28, 2001 5:59 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Security Issue] Sessions are visible across multiple clients Hi all, one session can be visible on multiple clients!! THIS IS A BIG SECURITY PROBLEM! Someone opens his webbrowser and has the session of somebody else. So critical data could be viewed without permission. Somebody can act as somebody else. What's wrong with tomcat's session-handling? I wrote a web application which can reproduce this. I'm working with Tomcat 3.3m1 on WinNT4. On 3.2 I have the same problems sometimes with our application but it is not reproducable there. To reproduce this: - put sessiontest.war in %TOMCAT_HOME%/webapps/ - start Tomcat - open browser1 (Netscape 4.7 or IE5) on machine1 (close it before if it's already open) - locate browser1 on http://yourtomcat/sessiontest/index.jsp (a cookie will be set) - browser1: login with name for example 'Testuser1' - browser1: show settings (The name is displayed) - open browser2 on machine2 (close it before if it's already open) - locate browser2 on http://yourtomcat/sessiontest/index.jsp (a cookie will be set) Browser2 now sees the same content like browser1 (logged in as Testuser1). Look for the sourcecode in the .war. All objects are session-bound. Normally you should not be logged in. Remember that you are on different machines! They should have different cookies, different sessions, different usernames. Sometimes but not often, they have the same Session-ID (I can not reproduce this). Bug #723: sessions are not properly recycled Perhaps my issue belongs to this. I've seen different bugs reported but not solved belonging to session-handling. #131,152,183,189,267,429,723,731 Can somebody reproduce this behaviour somewhere else? And can this behaviour also happen in Tomcat 3.2/3.2.1 (I don't know the code)? regards, Thomas PS: I'm new to tomcat-dev-mailinglist (two or three hours) to stay tuned. Perhaps it's already discussed and patched. Please inform me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: [Security Issue] Sessions are visible across multiple clients
It has more to do with a bug in SimpleSessionStore.java. It recycles the session on create, so then the instance is re-used for the next new session. I've patched it via: *** SimpleSessionStore.java.origMon Feb 26 14:59:53 2001 --- SimpleSessionStore.java Wed Feb 28 09:36:40 2001 *** *** 426,432 if (session == null) { session = new ServerSession(); session.setManager( this ); - recycled.put( session ); } // XXX can return MessageBytes !!! --- 426,431 - Original Message - From: "GOMEZ Henri" [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, February 28, 2001 8:59 AM Subject: RE: [Security Issue] Sessions are visible across multiple clients Probably partially resolved by the patch I forward previously. From M. Frey La prise de conscience de votre propre ignorance est un grand pas vers la connaissance. -- Benjamin Disraeli -Original Message- From: Amrhein, Thomas [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 28, 2001 5:59 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Security Issue] Sessions are visible across multiple clients Hi all, one session can be visible on multiple clients!! THIS IS A BIG SECURITY PROBLEM! Someone opens his webbrowser and has the session of somebody else. So critical data could be viewed without permission. Somebody can act as somebody else. What's wrong with tomcat's session-handling? I wrote a web application which can reproduce this. I'm working with Tomcat 3.3m1 on WinNT4. On 3.2 I have the same problems sometimes with our application but it is not reproducable there. To reproduce this: - put sessiontest.war in %TOMCAT_HOME%/webapps/ - start Tomcat - open browser1 (Netscape 4.7 or IE5) on machine1 (close it before if it's already open) - locate browser1 on http://yourtomcat/sessiontest/index.jsp (a cookie will be set) - browser1: login with name for example 'Testuser1' - browser1: show settings (The name is displayed) - open browser2 on machine2 (close it before if it's already open) - locate browser2 on http://yourtomcat/sessiontest/index.jsp (a cookie will be set) Browser2 now sees the same content like browser1 (logged in as Testuser1). Look for the sourcecode in the .war. All objects are session-bound. Normally you should not be logged in. Remember that you are on different machines! They should have different cookies, different sessions, different usernames. Sometimes but not often, they have the same Session-ID (I can not reproduce this). Bug #723: sessions are not properly recycled Perhaps my issue belongs to this. I've seen different bugs reported but not solved belonging to session-handling. #131,152,183,189,267,429,723,731 Can somebody reproduce this behaviour somewhere else? And can this behaviour also happen in Tomcat 3.2/3.2.1 (I don't know the code)? regards, Thomas PS: I'm new to tomcat-dev-mailinglist (two or three hours) to stay tuned. Perhaps it's already discussed and patched. Please inform me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
[Security Issue] Sessions are visible across multiple clients
Hi all, one session can be visible on multiple clients!! THIS IS A BIG SECURITY PROBLEM! Someone opens his webbrowser and has the session of somebody else. So critical data could be viewed without permission. Somebody can act as somebody else. What's wrong with tomcat's session-handling? I wrote a web application which can reproduce this. I'm working with Tomcat 3.3m1 on WinNT4. On 3.2 I have the same problems sometimes with our application but it is not reproducable there. To reproduce this: - put sessiontest.war in %TOMCAT_HOME%/webapps/ - start Tomcat - open browser1 (Netscape 4.7 or IE5) on machine1 (close it before if it's already open) - locate browser1 on http://yourtomcat/sessiontest/index.jsp (a cookie will be set) - browser1: login with name for example 'Testuser1' - browser1: show settings (The name is displayed) - open browser2 on machine2 (close it before if it's already open) - locate browser2 on http://yourtomcat/sessiontest/index.jsp (a cookie will be set) Browser2 now sees the same content like browser1 (logged in as Testuser1). Look for the sourcecode in the .war. All objects are session-bound. Normally you should not be logged in. Remember that you are on different machines! They should have different cookies, different sessions, different usernames. Sometimes but not often, they have the same Session-ID (I can not reproduce this). Bug #723: sessions are not properly recycled Perhaps my issue belongs to this. I've seen different bugs reported but not solved belonging to session-handling. #131,152,183,189,267,429,723,731 Can somebody reproduce this behaviour somewhere else? And can this behaviour also happen in Tomcat 3.2/3.2.1 (I don't know the code)? regards, Thomas PS: I'm new to tomcat-dev-mailinglist (two or three hours) to stay tuned. Perhaps it's already discussed and patched. Please inform me. sessiontest.war - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
[Tomcat 4.x] SSI package
Attatched is a _very_ early release of the SSI package. It's just the initial framework and one working SSI command 'fsize' which returns a file's size. Looks like this: '!--#fsize virtual="/tomcat.gif"--' I appologize for the path in the Zipfile, for some reason Winzip screwed up my path. Anyway this is how the file layout should look like once deployed. catalina \ - servlets / SsiInvokerServlet.java | \ - util / ssi / SsiCommand.java SsiConfig.java SsiEcho.java SsiExec.java SsiFlastmod.java SsiFsize.java SsiInclude.java To try it out map e.g "*.shtml" to the SsiInvoker in web.xml. ---8- !-- The SSI invoker servlet -- servlet servlet-namessi/servlet-name servlet-classorg.apache.catalina.servlets.SsiInvokerServlet/servlet-class init-param param-namedebug/param-name param-value1/param-value /init-param load-on-startup5/load-on-startup /servlet !-- The mapping for the SSI servlet -- !-- Comment this out if you do not want "jsp" service -- servlet-mapping servlet-namessi/servlet-name url-pattern*.shtml/url-pattern /servlet-mapping ---8- I'd love constructive critic on design issues as well as eventual performance issues or bugs. I'll try and finish the other ones soon and have the whole package up to a "final/production" status. ..bip tomcat-4.x.SSI.zip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Bugzilla #512 is Bunk
The following bug is not a bug: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=512 In httpd.conf, you cannot do this: VirtualHost blah normal config for VirtualHost ... Include /usr/local/jakarta-tomcat/conf/mod_jk.conf-auto /VirtualHost There are three main purposes of including mod_jk.conf-auto: (1) To get the mod_jk Apache Module loaded, as follows: LoadModule jk_module libexec/mod_jk.so (2) To configure Apache for your Tomcat Contexts using Alias, Location, and Directory Apache Directives (3) To configure mod_jk itself using all the directives starting with Jk (JkWorkersFile, JkLogFile, JkMount, etc). The first (1) Apache directive is the problem: the LoadModule directive is illegal within the VirtualHost context. (See http://httpd.apache.org/docs/mod/mod_so.html#loadmodule ) The directives in (2) are definitely legal, but I don't know about those in (3) since they are custom. Does anyone know whether these would work within the VirtualHost context? The bug was reported by someone using Apache 1.3.14; they recieved a core dump dereferencing a null pointer to something that was supposed to contain Apache configuration info (a jk_server_conf_t). I am using Apache 1.3.17; I recieved this polite and informative (wow, from open source software?) error message: sudo /usr/local/apache/bin/apachectl startssl Syntax error on line 8 of /usr/local/tomcat/conf/mod_jk.conf-auto: LoadModule cannot occur within VirtualHost section /usr/local/apache/bin/apachectl startssl: httpd could not be started Provided that the custom directives (3) will work within a VirtualHost context, the solution to this problem is to create a custom configuration file based on mod_jk.conf-auto, move the LoadModule directive into it, and then Include it from within your VirtualHost context. If the directives (3) do work, another option would be for Tomcat to change the code to not generate the LoadModule directive, which prevents this level of configurability, and just make people type it in. Hope this is helpful, Steve Jones - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: [Tomcat 4.x] SSI package
Attatched is a _very_ early release of the SSI package. It's just the initial framework and one working SSI command 'fsize' which returns a file's size. Looks like this: '!--#fsize virtual="/tomcat.gif"--' I appologize for the path in the Zipfile, for some reason Winzip screwed up my path. Anyway this is how the file layout should look like once deployed. catalina \ - servlets / SsiInvokerServlet.java | \ - util / ssi / SsiCommand.java SsiConfig.java SsiEcho.java SsiExec.java SsiFlastmod.java SsiFsize.java SsiInclude.java That looks good :-) Note : You don't need to use the Resources to access the content length. I suggest using ServletContext.getResource(path).openConnection().getContentLength() instead. To access content, you should use ServletContext.getResourceAsStream(path). Remy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Hook to bootstrap in Tomcat
Does anyone know how to bootstrap my own classes when start Tomcat. Does Tomcat actually provide a hook for that? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]