Re: svn commit: r1763403 - in /tomcat/tc8.5.x/trunk: ./ bin/ conf/ java/org/apache/catalina/webresources/ java/org/apache/catalina/webresources/war/ java/org/apache/tomcat/util/buf/ java/org/apache/to
On 05/10/2016 12:32, Mark Thomas wrote: > On 05/10/2016 12:21, Konstantin Kolinko wrote: >> 2016-10-05 13:48 GMT+03:00: >>> Author: markt >>> Date: Wed Oct 5 10:48:51 2016 >>> New Revision: 1763403 >>> >>> URL: http://svn.apache.org/viewvc?rev=1763403=rev >>> Log: >>> Refactor the web resources handling to use the Tomcat specific >>> 'war:file:...' URL protocol... >>> Modified: tomcat/tc8.5.x/trunk/bin/catalina.bat >>> URL: >>> http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/bin/catalina.bat?rev=1763403=1763402=1763403=diff >>> == >>> --- tomcat/tc8.5.x/trunk/bin/catalina.bat (original) >>> +++ tomcat/tc8.5.x/trunk/bin/catalina.bat Wed Oct 5 10:48:51 2016 >>> @@ -201,6 +201,10 @@ set JSSE_OPTS="-Djdk.tls.ephemeralDHKeyS >>> :gotJsseOpts >>> set "JAVA_OPTS=%JAVA_OPTS% %JSSE_OPTS%" >>> >>> +rem Register custom URL handlers >>> +rem Do this here so they can be used in the security policy >> >> Maybe clarify "they"? s/they/war: URLs/ > > Will do. Fixed. >>> +set "JAVA_OPTS=%JAVA_OPTS% >>> -Djava.protocol.handler.pkgs=org.apache.catalina.webresources" >>> + >>> if not "%LOGGING_CONFIG%" == "" goto noJuliConfig >>> set LOGGING_CONFIG=-Dnop >>> if not exist "%CATALINA_BASE%\conf\logging.properties" goto noJuliConfig >>> >> >> Will Tomcat start without above change? (Is it only necessary when >> running with a Security Manager, and policy file uses war: URLs)? > > Yes, Tomcat will start unless you are using a SecurityManager that uses > "war:..." URLs. > >> 1. I am concerned about running Tomcat as service. (I do not see >> changes to tomcat.nsi and to service.bat here). > > Fair point. I'll take a look. We don't configure a security manager so not an issue. >> 3. daemon.sh was not updated as well. Again, we don't configure a security manager so not an issue. Should we ever add running under a security manger as an option for the installer or the daemon then we'd need to take account of this. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1763403 - in /tomcat/tc8.5.x/trunk: ./ bin/ conf/ java/org/apache/catalina/webresources/ java/org/apache/catalina/webresources/war/ java/org/apache/tomcat/util/buf/ java/org/apache/to
On 05/10/2016 12:21, Konstantin Kolinko wrote: > 2016-10-05 13:48 GMT+03:00: >> Author: markt >> Date: Wed Oct 5 10:48:51 2016 >> New Revision: 1763403 >> >> URL: http://svn.apache.org/viewvc?rev=1763403=rev >> Log: >> Refactor the web resources handling to use the Tomcat specific >> 'war:file:...' URL protocol to refer to WAR files and their contents rather >> than the standard 'jar:file:...' form since some components of the JRE, such >> as JAR verification, give unexpected results when the standard form is used. >> A side-effect of the refactoring is that when using packed WARs, it is now >> possible to reference a WAR and/or specific JARs within a WAR in the >> security policy file used when running under a SecurityManager. >> >> Added: >> >> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResource.java >> - copied unchanged from r1763377, >> tomcat/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResource.java >> >> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResourceSet.java >> - copied unchanged from r1763377, >> tomcat/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResourceSet.java >> >> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/WarResource.java >> - copied unchanged from r1763377, >> tomcat/trunk/java/org/apache/catalina/webresources/WarResource.java >> >> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/WarResourceSet.java >> - copied unchanged from r1763377, >> tomcat/trunk/java/org/apache/catalina/webresources/WarResourceSet.java >> Modified: >> tomcat/tc8.5.x/trunk/ (props changed) >> tomcat/tc8.5.x/trunk/bin/catalina.bat >> tomcat/tc8.5.x/trunk/bin/catalina.sh >> tomcat/tc8.5.x/trunk/build.xml >> tomcat/tc8.5.x/trunk/conf/catalina.policy >> >> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarResource.java >> >> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarResourceSet.java >> >> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarWarResource.java >> >> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/StandardRoot.java >> >> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/war/Handler.java >> >> tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/war/WarURLConnection.java >> tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/buf/UriUtil.java >> tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/scan/JarFactory.java >> >> tomcat/tc8.5.x/trunk/test/org/apache/catalina/loader/TestWebappClassLoader.java >> tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml >> tomcat/tc8.5.x/trunk/webapps/docs/security-manager-howto.xml >> >> Propchange: tomcat/tc8.5.x/trunk/ >> -- >> --- svn:mergeinfo (original) >> +++ svn:mergeinfo Wed Oct 5 10:48:51 2016 >> >> Modified: tomcat/tc8.5.x/trunk/bin/catalina.bat >> URL: >> http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/bin/catalina.bat?rev=1763403=1763402=1763403=diff >> == >> --- tomcat/tc8.5.x/trunk/bin/catalina.bat (original) >> +++ tomcat/tc8.5.x/trunk/bin/catalina.bat Wed Oct 5 10:48:51 2016 >> @@ -201,6 +201,10 @@ set JSSE_OPTS="-Djdk.tls.ephemeralDHKeyS >> :gotJsseOpts >> set "JAVA_OPTS=%JAVA_OPTS% %JSSE_OPTS%" >> >> +rem Register custom URL handlers >> +rem Do this here so they can be used in the security policy > > Maybe clarify "they"? s/they/war: URLs/ Will do. >> +set "JAVA_OPTS=%JAVA_OPTS% >> -Djava.protocol.handler.pkgs=org.apache.catalina.webresources" >> + >> if not "%LOGGING_CONFIG%" == "" goto noJuliConfig >> set LOGGING_CONFIG=-Dnop >> if not exist "%CATALINA_BASE%\conf\logging.properties" goto noJuliConfig >> > > Will Tomcat start without above change? (Is it only necessary when > running with a Security Manager, and policy file uses war: URLs)? Yes, Tomcat will start unless you are using a SecurityManager that uses "war:..." URLs. > 1. I am concerned about running Tomcat as service. (I do not see > changes to tomcat.nsi and to service.bat here). Fair point. I'll take a look. > 2. I am concerned about running Tomcat in Eclipse IDE. It runs as a > java application (with a set of options), and the question is whether > it can run with old configuration as long as war: URLs are not used in > policy file, or people have to add the above -D to theirs. As with the batch files, it will work unless a security manager is used with a policy that uses "war:..." URLs. Given that you need to add properties to enable the security manager, I'm not overly concerned about this use case. > 3. daemon.sh was not updated as well. I'll look at that as well. Thanks for the review. Mark - To
Re: svn commit: r1763403 - in /tomcat/tc8.5.x/trunk: ./ bin/ conf/ java/org/apache/catalina/webresources/ java/org/apache/catalina/webresources/war/ java/org/apache/tomcat/util/buf/ java/org/apache/to
2016-10-05 13:48 GMT+03:00: > Author: markt > Date: Wed Oct 5 10:48:51 2016 > New Revision: 1763403 > > URL: http://svn.apache.org/viewvc?rev=1763403=rev > Log: > Refactor the web resources handling to use the Tomcat specific 'war:file:...' > URL protocol to refer to WAR files and their contents rather than the > standard 'jar:file:...' form since some components of the JRE, such as JAR > verification, give unexpected results when the standard form is used. A > side-effect of the refactoring is that when using packed WARs, it is now > possible to reference a WAR and/or specific JARs within a WAR in the security > policy file used when running under a SecurityManager. > > Added: > > tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResource.java > - copied unchanged from r1763377, > tomcat/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResource.java > > tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResourceSet.java > - copied unchanged from r1763377, > tomcat/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResourceSet.java > > tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/WarResource.java > - copied unchanged from r1763377, > tomcat/trunk/java/org/apache/catalina/webresources/WarResource.java > > tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/WarResourceSet.java > - copied unchanged from r1763377, > tomcat/trunk/java/org/apache/catalina/webresources/WarResourceSet.java > Modified: > tomcat/tc8.5.x/trunk/ (props changed) > tomcat/tc8.5.x/trunk/bin/catalina.bat > tomcat/tc8.5.x/trunk/bin/catalina.sh > tomcat/tc8.5.x/trunk/build.xml > tomcat/tc8.5.x/trunk/conf/catalina.policy > > tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarResource.java > > tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarResourceSet.java > > tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarWarResource.java > > tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/StandardRoot.java > > tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/war/Handler.java > > tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/war/WarURLConnection.java > tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/buf/UriUtil.java > tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/scan/JarFactory.java > > tomcat/tc8.5.x/trunk/test/org/apache/catalina/loader/TestWebappClassLoader.java > tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml > tomcat/tc8.5.x/trunk/webapps/docs/security-manager-howto.xml > > Propchange: tomcat/tc8.5.x/trunk/ > -- > --- svn:mergeinfo (original) > +++ svn:mergeinfo Wed Oct 5 10:48:51 2016 > > Modified: tomcat/tc8.5.x/trunk/bin/catalina.bat > URL: > http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/bin/catalina.bat?rev=1763403=1763402=1763403=diff > == > --- tomcat/tc8.5.x/trunk/bin/catalina.bat (original) > +++ tomcat/tc8.5.x/trunk/bin/catalina.bat Wed Oct 5 10:48:51 2016 > @@ -201,6 +201,10 @@ set JSSE_OPTS="-Djdk.tls.ephemeralDHKeyS > :gotJsseOpts > set "JAVA_OPTS=%JAVA_OPTS% %JSSE_OPTS%" > > +rem Register custom URL handlers > +rem Do this here so they can be used in the security policy Maybe clarify "they"? s/they/war: URLs/ > +set "JAVA_OPTS=%JAVA_OPTS% > -Djava.protocol.handler.pkgs=org.apache.catalina.webresources" > + > if not "%LOGGING_CONFIG%" == "" goto noJuliConfig > set LOGGING_CONFIG=-Dnop > if not exist "%CATALINA_BASE%\conf\logging.properties" goto noJuliConfig > Will Tomcat start without above change? (Is it only necessary when running with a Security Manager, and policy file uses war: URLs)? 1. I am concerned about running Tomcat as service. (I do not see changes to tomcat.nsi and to service.bat here). 2. I am concerned about running Tomcat in Eclipse IDE. It runs as a java application (with a set of options), and the question is whether it can run with old configuration as long as war: URLs are not used in policy file, or people have to add the above -D to theirs. 3. daemon.sh was not updated as well. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1763403 - in /tomcat/tc8.5.x/trunk: ./ bin/ conf/ java/org/apache/catalina/webresources/ java/org/apache/catalina/webresources/war/ java/org/apache/tomcat/util/buf/ java/org/apache/tomcat
Author: markt Date: Wed Oct 5 10:48:51 2016 New Revision: 1763403 URL: http://svn.apache.org/viewvc?rev=1763403=rev Log: Refactor the web resources handling to use the Tomcat specific 'war:file:...' URL protocol to refer to WAR files and their contents rather than the standard 'jar:file:...' form since some components of the JRE, such as JAR verification, give unexpected results when the standard form is used. A side-effect of the refactoring is that when using packed WARs, it is now possible to reference a WAR and/or specific JARs within a WAR in the security policy file used when running under a SecurityManager. Added: tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResource.java - copied unchanged from r1763377, tomcat/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResource.java tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResourceSet.java - copied unchanged from r1763377, tomcat/trunk/java/org/apache/catalina/webresources/AbstractSingleArchiveResourceSet.java tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/WarResource.java - copied unchanged from r1763377, tomcat/trunk/java/org/apache/catalina/webresources/WarResource.java tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/WarResourceSet.java - copied unchanged from r1763377, tomcat/trunk/java/org/apache/catalina/webresources/WarResourceSet.java Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/bin/catalina.bat tomcat/tc8.5.x/trunk/bin/catalina.sh tomcat/tc8.5.x/trunk/build.xml tomcat/tc8.5.x/trunk/conf/catalina.policy tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarResource.java tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarResourceSet.java tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/JarWarResource.java tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/StandardRoot.java tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/war/Handler.java tomcat/tc8.5.x/trunk/java/org/apache/catalina/webresources/war/WarURLConnection.java tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/buf/UriUtil.java tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/scan/JarFactory.java tomcat/tc8.5.x/trunk/test/org/apache/catalina/loader/TestWebappClassLoader.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml tomcat/tc8.5.x/trunk/webapps/docs/security-manager-howto.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed Oct 5 10:48:51 2016 @@ -1 +1 @@ -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747