subject:"svn commit\: r1763403 \- in \/tomcat\/tc8.5.x\/trunk\: .\/ bin\/ conf\/ java\/org\/apache\/catalina\/webresources\/ java\/org\/apache\/catalina\/webresources\/war\/ java\/org\/apache\/tomcat\/util\/buf\/ java\/org\/apache\/to"

Re: svn commit: r1763403 - in /tomcat/tc8.5.x/trunk: ./ bin/ conf/ java/org/apache/catalina/webresources/ java/org/apache/catalina/webresources/war/ java/org/apache/tomcat/util/buf/ java/org/apache/to

2016-10-05 Thread Mark Thomas

On 05/10/2016 12:32, Mark Thomas wrote:
> On 05/10/2016 12:21, Konstantin Kolinko wrote:
>> 2016-10-05 13:48 GMT+03:00  :
>>> Author: markt
>>> Date: Wed Oct  5 10:48:51 2016
>>> New Revision: 1763403
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1763403=rev
>>> Log:
>>> Refactor the web resources handling to use the Tomcat specific 
>>> 'war:file:...' URL protocol...



>>> Modified: tomcat/tc8.5.x/trunk/bin/catalina.bat
>>> URL: 
>>> http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/bin/catalina.bat?rev=1763403=1763402=1763403=diff
>>> ==
>>> --- tomcat/tc8.5.x/trunk/bin/catalina.bat (original)
>>> +++ tomcat/tc8.5.x/trunk/bin/catalina.bat Wed Oct  5 10:48:51 2016
>>> @@ -201,6 +201,10 @@ set JSSE_OPTS="-Djdk.tls.ephemeralDHKeyS
>>>  :gotJsseOpts
>>>  set "JAVA_OPTS=%JAVA_OPTS% %JSSE_OPTS%"
>>>
>>> +rem Register custom URL handlers
>>> +rem Do this here so they can be used in the security policy
>>
>> Maybe clarify "they"?  s/they/war: URLs/
> 
> Will do.

Fixed.

>>> +set "JAVA_OPTS=%JAVA_OPTS% 
>>> -Djava.protocol.handler.pkgs=org.apache.catalina.webresources"
>>> +
>>>  if not "%LOGGING_CONFIG%" == "" goto noJuliConfig
>>>  set LOGGING_CONFIG=-Dnop
>>>  if not exist "%CATALINA_BASE%\conf\logging.properties" goto noJuliConfig
>>>
>>
>> Will Tomcat start without above change? (Is it only necessary when
>> running with a Security Manager, and policy file uses war: URLs)?
> 
> Yes, Tomcat will start unless you are using a SecurityManager that uses
> "war:..." URLs.
> 
>> 1. I am concerned about running Tomcat as service. (I do not see
>> changes to tomcat.nsi and to service.bat here).
> 
> Fair point. I'll take a look.

We don't configure a security manager so not an issue.

>> 3. daemon.sh was not updated as well.

Again, we don't configure a security manager so not an issue.

Should we ever add running under a security manger as an option for the
installer or the daemon then we'd need to take account of this.

Mark


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1763403 - in /tomcat/tc8.5.x/trunk: ./ bin/ conf/ java/org/apache/catalina/webresources/ java/org/apache/catalina/webresources/war/ java/org/apache/tomcat/util/buf/ java/org/apache/to

2016-10-05 Thread Mark Thomas

On 05/10/2016 12:21, Konstantin Kolinko wrote:
> 2016-10-05 13:48 GMT+03:00  :
>> Author: markt
>> Date: Wed Oct  5 10:48:51 2016
>> New Revision: 1763403
>>
>> URL: http://svn.apache.org/viewvc?rev=1763403=rev
>> Log:
>> Refactor the web resources handling to use the Tomcat specific 
>> 'war:file:...' URL protocol to refer to WAR files and their contents rather 
>> than the standard 'jar:file:...' form since some components of the JRE, such 
>> as JAR verification, give unexpected results when the standard form is used. 
>> A side-effect of the refactoring is that when using packed WARs, it is now 
>> possible to reference a WAR and/or specific JARs within a WAR in the 
>> security policy file used when running under a SecurityManager.
>>
>> Added:
>> 
>> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResource.java
>>   - copied unchanged from r1763377, 
>> tomcat/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResource.java
>> 
>> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResourceSet.java
>>   - copied unchanged from r1763377, 
>> tomcat/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResourceSet.java
>> 
>> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/WarResource.java
>>   - copied unchanged from r1763377, 
>> tomcat/trunk/java/org/apache/catalina/webresources/WarResource.java
>> 
>> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/WarResourceSet.java
>>   - copied unchanged from r1763377, 
>> tomcat/trunk/java/org/apache/catalina/webresources/WarResourceSet.java
>> Modified:
>> tomcat/tc8.5.x/trunk/   (props changed)
>> tomcat/tc8.5.x/trunk/bin/catalina.bat
>> tomcat/tc8.5.x/trunk/bin/catalina.sh
>> tomcat/tc8.5.x/trunk/build.xml
>> tomcat/tc8.5.x/trunk/conf/catalina.policy
>> 
>> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarResource.java
>> 
>> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarResourceSet.java
>> 
>> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarWarResource.java
>> 
>> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/StandardRoot.java
>> 
>> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/war/Handler.java
>> 
>> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/war/WarURLConnection.java
>> tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/buf/UriUtil.java
>> tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/scan/JarFactory.java
>> 
>> tomcat/tc8.5.x/trunk/test/org/apache/catalina/loader/TestWebappClassLoader.java
>> tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
>> tomcat/tc8.5.x/trunk/webapps/docs/security-manager-howto.xml
>>
>> Propchange: tomcat/tc8.5.x/trunk/
>> --
>> --- svn:mergeinfo (original)
>> +++ svn:mergeinfo Wed Oct  5 10:48:51 2016
>>
>> Modified: tomcat/tc8.5.x/trunk/bin/catalina.bat
>> URL: 
>> http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/bin/catalina.bat?rev=1763403=1763402=1763403=diff
>> ==
>> --- tomcat/tc8.5.x/trunk/bin/catalina.bat (original)
>> +++ tomcat/tc8.5.x/trunk/bin/catalina.bat Wed Oct  5 10:48:51 2016
>> @@ -201,6 +201,10 @@ set JSSE_OPTS="-Djdk.tls.ephemeralDHKeyS
>>  :gotJsseOpts
>>  set "JAVA_OPTS=%JAVA_OPTS% %JSSE_OPTS%"
>>
>> +rem Register custom URL handlers
>> +rem Do this here so they can be used in the security policy
> 
> Maybe clarify "they"?  s/they/war: URLs/

Will do.

>> +set "JAVA_OPTS=%JAVA_OPTS% 
>> -Djava.protocol.handler.pkgs=org.apache.catalina.webresources"
>> +
>>  if not "%LOGGING_CONFIG%" == "" goto noJuliConfig
>>  set LOGGING_CONFIG=-Dnop
>>  if not exist "%CATALINA_BASE%\conf\logging.properties" goto noJuliConfig
>>
> 
> Will Tomcat start without above change? (Is it only necessary when
> running with a Security Manager, and policy file uses war: URLs)?

Yes, Tomcat will start unless you are using a SecurityManager that uses
"war:..." URLs.

> 1. I am concerned about running Tomcat as service. (I do not see
> changes to tomcat.nsi and to service.bat here).

Fair point. I'll take a look.

> 2. I am concerned about running Tomcat in Eclipse IDE. It runs as a
> java application (with a set of options), and the question is whether
> it can run with old configuration as long as war: URLs are not used in
> policy file, or people have to add the above -D to theirs.

As with the batch files, it will work unless a security manager is used
with a policy that uses "war:..." URLs. Given that you need to add
properties to enable the security manager, I'm not overly concerned
about this use case.

> 3. daemon.sh was not updated as well.

I'll look at that as well.

Thanks for the review.

Mark


-
To

Re: svn commit: r1763403 - in /tomcat/tc8.5.x/trunk: ./ bin/ conf/ java/org/apache/catalina/webresources/ java/org/apache/catalina/webresources/war/ java/org/apache/tomcat/util/buf/ java/org/apache/to

2016-10-05 Thread Konstantin Kolinko

2016-10-05 13:48 GMT+03:00  :
> Author: markt
> Date: Wed Oct  5 10:48:51 2016
> New Revision: 1763403
>
> URL: http://svn.apache.org/viewvc?rev=1763403=rev
> Log:
> Refactor the web resources handling to use the Tomcat specific 'war:file:...' 
> URL protocol to refer to WAR files and their contents rather than the 
> standard 'jar:file:...' form since some components of the JRE, such as JAR 
> verification, give unexpected results when the standard form is used. A 
> side-effect of the refactoring is that when using packed WARs, it is now 
> possible to reference a WAR and/or specific JARs within a WAR in the security 
> policy file used when running under a SecurityManager.
>
> Added:
> 
> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResource.java
>   - copied unchanged from r1763377, 
> tomcat/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResource.java
> 
> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResourceSet.java
>   - copied unchanged from r1763377, 
> tomcat/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResourceSet.java
> 
> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/WarResource.java
>   - copied unchanged from r1763377, 
> tomcat/trunk/java/org/apache/catalina/webresources/WarResource.java
> 
> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/WarResourceSet.java
>   - copied unchanged from r1763377, 
> tomcat/trunk/java/org/apache/catalina/webresources/WarResourceSet.java
> Modified:
> tomcat/tc8.5.x/trunk/   (props changed)
> tomcat/tc8.5.x/trunk/bin/catalina.bat
> tomcat/tc8.5.x/trunk/bin/catalina.sh
> tomcat/tc8.5.x/trunk/build.xml
> tomcat/tc8.5.x/trunk/conf/catalina.policy
> 
> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarResource.java
> 
> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarResourceSet.java
> 
> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarWarResource.java
> 
> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/StandardRoot.java
> 
> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/war/Handler.java
> 
> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/war/WarURLConnection.java
> tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/buf/UriUtil.java
> tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/scan/JarFactory.java
> 
> tomcat/tc8.5.x/trunk/test/org/apache/catalina/loader/TestWebappClassLoader.java
> tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
> tomcat/tc8.5.x/trunk/webapps/docs/security-manager-howto.xml
>
> Propchange: tomcat/tc8.5.x/trunk/
> --
> --- svn:mergeinfo (original)
> +++ svn:mergeinfo Wed Oct  5 10:48:51 2016
>
> Modified: tomcat/tc8.5.x/trunk/bin/catalina.bat
> URL: 
> http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/bin/catalina.bat?rev=1763403=1763402=1763403=diff
> ==
> --- tomcat/tc8.5.x/trunk/bin/catalina.bat (original)
> +++ tomcat/tc8.5.x/trunk/bin/catalina.bat Wed Oct  5 10:48:51 2016
> @@ -201,6 +201,10 @@ set JSSE_OPTS="-Djdk.tls.ephemeralDHKeyS
>  :gotJsseOpts
>  set "JAVA_OPTS=%JAVA_OPTS% %JSSE_OPTS%"
>
> +rem Register custom URL handlers
> +rem Do this here so they can be used in the security policy

Maybe clarify "they"?  s/they/war: URLs/

> +set "JAVA_OPTS=%JAVA_OPTS% 
> -Djava.protocol.handler.pkgs=org.apache.catalina.webresources"
> +
>  if not "%LOGGING_CONFIG%" == "" goto noJuliConfig
>  set LOGGING_CONFIG=-Dnop
>  if not exist "%CATALINA_BASE%\conf\logging.properties" goto noJuliConfig
>

Will Tomcat start without above change? (Is it only necessary when
running with a Security Manager, and policy file uses war: URLs)?

1. I am concerned about running Tomcat as service. (I do not see
changes to tomcat.nsi and to service.bat here).

2. I am concerned about running Tomcat in Eclipse IDE. It runs as a
java application (with a set of options), and the question is whether
it can run with old configuration as long as war: URLs are not used in
policy file, or people have to add the above -D to theirs.

3. daemon.sh was not updated as well.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1763403 - in /tomcat/tc8.5.x/trunk: ./ bin/ conf/ java/org/apache/catalina/webresources/ java/org/apache/catalina/webresources/war/ java/org/apache/tomcat/util/buf/ java/org/apache/tomcat

2016-10-05 Thread markt

Author: markt
Date: Wed Oct  5 10:48:51 2016
New Revision: 1763403

URL: http://svn.apache.org/viewvc?rev=1763403=rev
Log:
Refactor the web resources handling to use the Tomcat specific 'war:file:...' 
URL protocol to refer to WAR files and their contents rather than the standard 
'jar:file:...' form since some components of the JRE, such as JAR verification, 
give unexpected results when the standard form is used. A side-effect of the 
refactoring is that when using packed WARs, it is now possible to reference a 
WAR and/or specific JARs within a WAR in the security policy file used when 
running under a SecurityManager.

Added:

tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResource.java
  - copied unchanged from r1763377, 
tomcat/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResource.java

tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResourceSet.java
  - copied unchanged from r1763377, 
tomcat/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResourceSet.java
tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/WarResource.java
  - copied unchanged from r1763377, 
tomcat/trunk/java/org/apache/catalina/webresources/WarResource.java

tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/WarResourceSet.java
  - copied unchanged from r1763377, 
tomcat/trunk/java/org/apache/catalina/webresources/WarResourceSet.java
Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/bin/catalina.bat
tomcat/tc8.5.x/trunk/bin/catalina.sh
tomcat/tc8.5.x/trunk/build.xml
tomcat/tc8.5.x/trunk/conf/catalina.policy
tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarResource.java

tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarResourceSet.java

tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarWarResource.java
tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/StandardRoot.java
tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/war/Handler.java

tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/war/WarURLConnection.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/buf/UriUtil.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/scan/JarFactory.java

tomcat/tc8.5.x/trunk/test/org/apache/catalina/loader/TestWebappClassLoader.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
tomcat/tc8.5.x/trunk/webapps/docs/security-manager-howto.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Oct  5 10:48:51 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747

Re: svn commit: r1763403 - in /tomcat/tc8.5.x/trunk: ./ bin/ conf/ java/org/apache/catalina/webresources/ java/org/apache/catalina/webresources/war/ java/org/apache/tomcat/util/buf/ java/org/apache/to

Re: svn commit: r1763403 - in /tomcat/tc8.5.x/trunk: ./ bin/ conf/ java/org/apache/catalina/webresources/ java/org/apache/catalina/webresources/war/ java/org/apache/tomcat/util/buf/ java/org/apache/to

Re: svn commit: r1763403 - in /tomcat/tc8.5.x/trunk: ./ bin/ conf/ java/org/apache/catalina/webresources/ java/org/apache/catalina/webresources/war/ java/org/apache/tomcat/util/buf/ java/org/apache/to

svn commit: r1763403 - in /tomcat/tc8.5.x/trunk: ./ bin/ conf/ java/org/apache/catalina/webresources/ java/org/apache/catalina/webresources/war/ java/org/apache/tomcat/util/buf/ java/org/apache/tomcat

4 matches

Site Navigation

Mail list logo

Footer information