[GitHub] [tomcat] martin-g commented on a change in pull request #452: Introduce logs in RestCsrfPreventionFilter to improve troubleshooting.
martin-g commented on a change in pull request #452: URL: https://github.com/apache/tomcat/pull/452#discussion_r715524193 ## File path: java/org/apache/catalina/filters/RestCsrfPreventionFilter.java ## @@ -217,6 +238,10 @@ public boolean apply(HttpServletRequest request, HttpServletResponse response) { } storeNonceToResponse(response, Constants.CSRF_REST_NONCE_HEADER_NAME, nonceFromSessionStr); +if (log.isDebugEnabled()) { +log.debug("CSRF Fetch request is succesfully handled - nonce is added to the response." Review comment: succes`s`fully ## File path: java/org/apache/catalina/filters/RestCsrfPreventionFilter.java ## @@ -155,17 +160,29 @@ protected void storeNonceToSession(HttpSession session, String key, Object value @Override public boolean apply(HttpServletRequest request, HttpServletResponse response) throws IOException { +String nonceFromRequest = extractNonceFromRequest(request); +HttpSession session = request.getSession(false); +String nonceFromSession = extractNonceFromSession(session, +Constants.CSRF_REST_NONCE_SESSION_ATTR_NAME); if (isValidStateChangingRequest( -extractNonceFromRequest(request), -extractNonceFromSession(request.getSession(false), -Constants.CSRF_REST_NONCE_SESSION_ATTR_NAME))) { +nonceFromRequest, +nonceFromSession)) { return true; } storeNonceToResponse(response, Constants.CSRF_REST_NONCE_HEADER_NAME, Constants.CSRF_REST_NONCE_HEADER_REQUIRED_VALUE); response.sendError(getDenyStatus(), sm.getString("restCsrfPreventionFilter.invalidNonce")); +if (log.isErrorEnabled()) { Review comment: I agree with @ChristopherSchultz ! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Additional clean-up after removal of APR
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 015c48b Additional clean-up after removal of APR 015c48b is described below commit 015c48b6b537ea3e329a5f23bb68be052b1b0221 Author: Mark Thomas AuthorDate: Fri Sep 24 12:59:19 2021 +0100 Additional clean-up after removal of APR --- java/org/apache/tomcat/util/net/Nio2Endpoint.java | 6 +- java/org/apache/tomcat/util/net/NioEndpoint.java | 6 +- .../apache/tomcat/util/net/SocketWrapperBase.java | 22 +- 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/java/org/apache/tomcat/util/net/Nio2Endpoint.java b/java/org/apache/tomcat/util/net/Nio2Endpoint.java index f80dd5d..2c56ddd 100644 --- a/java/org/apache/tomcat/util/net/Nio2Endpoint.java +++ b/java/org/apache/tomcat/util/net/Nio2Endpoint.java @@ -1531,12 +1531,8 @@ public class Nio2Endpoint extends AbstractJsseEndpoint } -/** - * {@inheritDoc} - * @param clientCertProvider Ignored for this implementation - */ @Override -public SSLSupport getSslSupport(String clientCertProvider) { +public SSLSupport getSslSupport() { if (getSocket() instanceof SecureNioChannel) { SecureNioChannel ch = (SecureNioChannel) getSocket(); return ch.getSSLSupport(); diff --git a/java/org/apache/tomcat/util/net/SocketWrapperBase.java b/java/org/apache/tomcat/util/net/SocketWrapperBase.java index 117bce8..27660fc 100644 --- a/java/org/apache/tomcat/util/net/SocketWrapperBase.java +++ b/java/org/apache/tomcat/util/net/SocketWrapperBase.java @@ -788,7 +788,27 @@ public abstract class SocketWrapperBase { */ public abstract void doClientAuth(SSLSupport sslSupport) throws IOException; -public abstract SSLSupport getSslSupport(String clientCertProvider); +/** + * Obtain an SSLSupport instance for this socket. + * + * @param clientCertProvider The name of the client certificate provider to + * use. Only used by APR/native. + * + * @return An SSLSupport instance for this socket. + * + * @deprecated Will be removed in Tomcat 10.1.x onwards + */ +@Deprecated +public SSLSupport getSslSupport(String clientCertProvider) { +return getSslSupport(); +} + +/** + * Obtain an SSLSupport instance for this socket. + * + * @return An SSLSupport instance for this socket. + */ +public abstract SSLSupport getSslSupport(); // --- NIO 2 style APIs - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Avoid using deprecated method
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 7f8f1ca Avoid using deprecated method 7f8f1ca is described below commit 7f8f1ca9a0ee8bfd5d7da563b287038abecfbf42 Author: Mark Thomas AuthorDate: Fri Sep 24 13:01:18 2021 +0100 Avoid using deprecated method --- java/org/apache/coyote/AbstractProtocol.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/java/org/apache/coyote/AbstractProtocol.java b/java/org/apache/coyote/AbstractProtocol.java index 630ea90..c8af0d2 100644 --- a/java/org/apache/coyote/AbstractProtocol.java +++ b/java/org/apache/coyote/AbstractProtocol.java @@ -853,8 +853,7 @@ public abstract class AbstractProtocol implements ProtocolHandler, } } -processor.setSslSupport( - wrapper.getSslSupport(getProtocol().getClientCertProvider())); +processor.setSslSupport(wrapper.getSslSupport()); // Associate the processor with the connection wrapper.setCurrentProcessor(processor); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Remove deprecated method
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 4e96884 Remove deprecated method 4e96884 is described below commit 4e96884d2e7464e8654b5e06a3c5be24213c56b8 Author: Mark Thomas AuthorDate: Fri Sep 24 13:01:39 2021 +0100 Remove deprecated method --- java/org/apache/tomcat/util/net/SocketWrapperBase.java | 15 --- 1 file changed, 15 deletions(-) diff --git a/java/org/apache/tomcat/util/net/SocketWrapperBase.java b/java/org/apache/tomcat/util/net/SocketWrapperBase.java index 27660fc..f96ddc2 100644 --- a/java/org/apache/tomcat/util/net/SocketWrapperBase.java +++ b/java/org/apache/tomcat/util/net/SocketWrapperBase.java @@ -791,21 +791,6 @@ public abstract class SocketWrapperBase { /** * Obtain an SSLSupport instance for this socket. * - * @param clientCertProvider The name of the client certificate provider to - * use. Only used by APR/native. - * - * @return An SSLSupport instance for this socket. - * - * @deprecated Will be removed in Tomcat 10.1.x onwards - */ -@Deprecated -public SSLSupport getSslSupport(String clientCertProvider) { -return getSslSupport(); -} - -/** - * Obtain an SSLSupport instance for this socket. - * * @return An SSLSupport instance for this socket. */ public abstract SSLSupport getSslSupport(); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated (a7550fb -> 92e139a)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from a7550fb Fix incorrect indent new 27f14e3 Additional clean-up after removal of APR new 92e139a Backport deprecation The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/coyote/AbstractProtocol.java | 2 ++ java/org/apache/tomcat/util/net/AprEndpoint.java | 6 ++ java/org/apache/tomcat/util/net/Nio2Endpoint.java | 6 +- java/org/apache/tomcat/util/net/NioEndpoint.java | 6 +- .../apache/tomcat/util/net/SocketWrapperBase.java | 22 +- 5 files changed, 31 insertions(+), 11 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Backport deprecation
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 92e139a5876448b36f60294776d5a48f1df48db1 Author: Mark Thomas AuthorDate: Fri Sep 24 13:06:02 2021 +0100 Backport deprecation --- java/org/apache/coyote/AbstractProtocol.java | 2 ++ java/org/apache/tomcat/util/net/AprEndpoint.java | 6 ++ 2 files changed, 8 insertions(+) diff --git a/java/org/apache/coyote/AbstractProtocol.java b/java/org/apache/coyote/AbstractProtocol.java index a8b65db..58acf7d 100644 --- a/java/org/apache/coyote/AbstractProtocol.java +++ b/java/org/apache/coyote/AbstractProtocol.java @@ -764,6 +764,7 @@ public abstract class AbstractProtocol implements ProtocolHandler, } +@SuppressWarnings("deprecation") @Override public SocketState process(SocketWrapperBase wrapper, SocketEvent status) { if (getLog().isDebugEnabled()) { @@ -859,6 +860,7 @@ public abstract class AbstractProtocol implements ProtocolHandler, } } +// Can switch to non-deprecated version in Tomcat 10.1.x processor.setSslSupport( wrapper.getSslSupport(getProtocol().getClientCertProvider())); diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java index b523c6c..f2e3973 100644 --- a/java/org/apache/tomcat/util/net/AprEndpoint.java +++ b/java/org/apache/tomcat/util/net/AprEndpoint.java @@ -2578,6 +2578,12 @@ public class AprEndpoint extends AbstractEndpoint implements SNICallB @Override +public SSLSupport getSslSupport() { +throw new UnsupportedOperationException(); +} + + +@Override public void doClientAuth(SSLSupport sslSupport) throws IOException { long socket = getSocket().longValue(); // Configure connection to require a certificate. This requires a - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: Additional clean-up after removal of APR
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 27f14e32bd43b4471617269f0857e418c089bb0e Author: Mark Thomas AuthorDate: Fri Sep 24 12:59:19 2021 +0100 Additional clean-up after removal of APR --- java/org/apache/tomcat/util/net/Nio2Endpoint.java | 6 +- java/org/apache/tomcat/util/net/NioEndpoint.java | 6 +- .../apache/tomcat/util/net/SocketWrapperBase.java | 22 +- 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/java/org/apache/tomcat/util/net/Nio2Endpoint.java b/java/org/apache/tomcat/util/net/Nio2Endpoint.java index 8c3f561..3ac5324 100644 --- a/java/org/apache/tomcat/util/net/Nio2Endpoint.java +++ b/java/org/apache/tomcat/util/net/Nio2Endpoint.java @@ -1531,12 +1531,8 @@ public class Nio2Endpoint extends AbstractJsseEndpoint } -/** - * {@inheritDoc} - * @param clientCertProvider Ignored for this implementation - */ @Override -public SSLSupport getSslSupport(String clientCertProvider) { +public SSLSupport getSslSupport() { if (getSocket() instanceof SecureNioChannel) { SecureNioChannel ch = (SecureNioChannel) getSocket(); return ch.getSSLSupport(); diff --git a/java/org/apache/tomcat/util/net/SocketWrapperBase.java b/java/org/apache/tomcat/util/net/SocketWrapperBase.java index 117bce8..27660fc 100644 --- a/java/org/apache/tomcat/util/net/SocketWrapperBase.java +++ b/java/org/apache/tomcat/util/net/SocketWrapperBase.java @@ -788,7 +788,27 @@ public abstract class SocketWrapperBase { */ public abstract void doClientAuth(SSLSupport sslSupport) throws IOException; -public abstract SSLSupport getSslSupport(String clientCertProvider); +/** + * Obtain an SSLSupport instance for this socket. + * + * @param clientCertProvider The name of the client certificate provider to + * use. Only used by APR/native. + * + * @return An SSLSupport instance for this socket. + * + * @deprecated Will be removed in Tomcat 10.1.x onwards + */ +@Deprecated +public SSLSupport getSslSupport(String clientCertProvider) { +return getSslSupport(); +} + +/** + * Obtain an SSLSupport instance for this socket. + * + * @return An SSLSupport instance for this socket. + */ +public abstract SSLSupport getSslSupport(); // --- NIO 2 style APIs - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated (0004b62 -> f14610e)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 0004b62 Fix incorrect indent new 7746fbc Additional clean-up after removal of APR new f14610e Backport deprecation The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/coyote/AbstractProtocol.java | 2 ++ java/org/apache/tomcat/util/net/AprEndpoint.java | 6 ++ java/org/apache/tomcat/util/net/Nio2Endpoint.java | 6 +- java/org/apache/tomcat/util/net/NioEndpoint.java | 6 +- .../apache/tomcat/util/net/SocketWrapperBase.java | 22 +- 5 files changed, 31 insertions(+), 11 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Backport deprecation
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit f14610e7237db303ca9bdffe3371f8a80d83aa72 Author: Mark Thomas AuthorDate: Fri Sep 24 13:06:02 2021 +0100 Backport deprecation --- java/org/apache/coyote/AbstractProtocol.java | 2 ++ java/org/apache/tomcat/util/net/AprEndpoint.java | 6 ++ 2 files changed, 8 insertions(+) diff --git a/java/org/apache/coyote/AbstractProtocol.java b/java/org/apache/coyote/AbstractProtocol.java index c8b4a94..c7042e1 100644 --- a/java/org/apache/coyote/AbstractProtocol.java +++ b/java/org/apache/coyote/AbstractProtocol.java @@ -787,6 +787,7 @@ public abstract class AbstractProtocol implements ProtocolHandler, } +@SuppressWarnings("deprecation") @Override public SocketState process(SocketWrapperBase wrapper, SocketEvent status) { if (getLog().isDebugEnabled()) { @@ -882,6 +883,7 @@ public abstract class AbstractProtocol implements ProtocolHandler, } } +// Can switch to non-deprecated version in Tomcat 10.1.x processor.setSslSupport( wrapper.getSslSupport(getProtocol().getClientCertProvider())); diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java index 3c2f68a..9cdf9de 100644 --- a/java/org/apache/tomcat/util/net/AprEndpoint.java +++ b/java/org/apache/tomcat/util/net/AprEndpoint.java @@ -2574,6 +2574,12 @@ public class AprEndpoint extends AbstractEndpoint implements SNICallB @Override +public SSLSupport getSslSupport() { +throw new UnsupportedOperationException(); +} + + +@Override public void doClientAuth(SSLSupport sslSupport) throws IOException { long socket = getSocket().longValue(); // Configure connection to require a certificate. This requires a - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: Additional clean-up after removal of APR
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 7746fbcd250739fbb54e423cdccfb67880ffe78c Author: Mark Thomas AuthorDate: Fri Sep 24 12:59:19 2021 +0100 Additional clean-up after removal of APR --- java/org/apache/tomcat/util/net/Nio2Endpoint.java | 6 +- java/org/apache/tomcat/util/net/NioEndpoint.java | 6 +- .../apache/tomcat/util/net/SocketWrapperBase.java | 22 +- 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/java/org/apache/tomcat/util/net/Nio2Endpoint.java b/java/org/apache/tomcat/util/net/Nio2Endpoint.java index 56d7295..88f0382 100644 --- a/java/org/apache/tomcat/util/net/Nio2Endpoint.java +++ b/java/org/apache/tomcat/util/net/Nio2Endpoint.java @@ -1581,12 +1581,8 @@ public class Nio2Endpoint extends AbstractJsseEndpoint } -/** - * {@inheritDoc} - * @param clientCertProvider Ignored for this implementation - */ @Override -public SSLSupport getSslSupport(String clientCertProvider) { +public SSLSupport getSslSupport() { if (getSocket() instanceof SecureNioChannel) { SecureNioChannel ch = (SecureNioChannel) getSocket(); return ch.getSSLSupport(); diff --git a/java/org/apache/tomcat/util/net/SocketWrapperBase.java b/java/org/apache/tomcat/util/net/SocketWrapperBase.java index 008715e..81a89e3 100644 --- a/java/org/apache/tomcat/util/net/SocketWrapperBase.java +++ b/java/org/apache/tomcat/util/net/SocketWrapperBase.java @@ -818,7 +818,27 @@ public abstract class SocketWrapperBase { */ public abstract void doClientAuth(SSLSupport sslSupport) throws IOException; -public abstract SSLSupport getSslSupport(String clientCertProvider); +/** + * Obtain an SSLSupport instance for this socket. + * + * @param clientCertProvider The name of the client certificate provider to + * use. Only used by APR/native. + * + * @return An SSLSupport instance for this socket. + * + * @deprecated Will be removed in Tomcat 10.1.x onwards + */ +@Deprecated +public SSLSupport getSslSupport(String clientCertProvider) { +return getSslSupport(); +} + +/** + * Obtain an SSLSupport instance for this socket. + * + * @return An SSLSupport instance for this socket. + */ +public abstract SSLSupport getSslSupport(); // --- NIO 2 style APIs - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Implement the new connection ID and request ID API for Servlet 6.0
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new b7c05a8 Implement the new connection ID and request ID API for Servlet 6.0 b7c05a8 is described below commit b7c05a8f60003c42e6f367bf307188ce391dbad2 Author: Mark Thomas AuthorDate: Fri Sep 24 18:30:24 2021 +0100 Implement the new connection ID and request ID API for Servlet 6.0 --- java/jakarta/el/ImportHandler.java | 1 + java/jakarta/servlet/ServletConnection.java| 95 +++ java/jakarta/servlet/ServletRequest.java | 48 java/jakarta/servlet/ServletRequestWrapper.java| 36 ++ java/org/apache/catalina/Globals.java | 16 --- java/org/apache/catalina/connector/Request.java| 48 .../apache/catalina/connector/RequestFacade.java | 19 +++ java/org/apache/coyote/AbstractProcessor.java | 37 +++--- java/org/apache/coyote/ActionCode.java | 13 ++- java/org/apache/coyote/Request.java| 39 ++- java/org/apache/coyote/ajp/AjpProcessor.java | 7 ++ java/org/apache/coyote/http11/Http11Processor.java | 7 ++ .../coyote/http2/Http2AsyncUpgradeHandler.java | 4 +- java/org/apache/coyote/http2/Http2Protocol.java| 4 +- .../apache/coyote/http2/Http2UpgradeHandler.java | 20 +++- java/org/apache/coyote/http2/StreamProcessor.java | 18 +-- .../tomcat/util/net/ServletConnectionImpl.java | 55 + .../apache/tomcat/util/net/SocketWrapperBase.java | 30 + .../catalina/filters/TesterHttpServletRequest.java | 16 +++ .../apache/coyote/http2/TestAbstractStream.java| 130 +++-- webapps/docs/changelog.xml | 4 + 21 files changed, 553 insertions(+), 94 deletions(-) diff --git a/java/jakarta/el/ImportHandler.java b/java/jakarta/el/ImportHandler.java index 138a6da..b824d5d 100644 --- a/java/jakarta/el/ImportHandler.java +++ b/java/jakarta/el/ImportHandler.java @@ -54,6 +54,7 @@ public class ImportHandler { servletClassNames.add("RequestDispatcher"); servletClassNames.add("Servlet"); servletClassNames.add("ServletConfig"); +servletClassNames.add("ServletConnection"); servletClassNames.add("ServletContainerInitializer"); servletClassNames.add("ServletContext"); servletClassNames.add("ServletContextAttributeListener"); diff --git a/java/jakarta/servlet/ServletConnection.java b/java/jakarta/servlet/ServletConnection.java new file mode 100644 index 000..97ded16 --- /dev/null +++ b/java/jakarta/servlet/ServletConnection.java @@ -0,0 +1,95 @@ +/* +* Licensed to the Apache Software Foundation (ASF) under one or more +* contributor license agreements. See the NOTICE file distributed with +* this work for additional information regarding copyright ownership. +* The ASF licenses this file to You under the Apache License, Version 2.0 +* (the "License"); you may not use this file except in compliance with +* the License. You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package jakarta.servlet; + +/** + * Provides information about the connection made to the Servlet container. This + * interface is intended primarily for debugging purposes and as such provides + * the raw information as seen by the container. Unless explicitly stated + * otherwise in the Javadoc for a method, no adjustment is made for the presence + * of reverse proxies or similar configurations. + * + * @since Servlet 6.0 + */ +public interface ServletConnection { + +/** + * Obtain a unique (within the lifetime of the JVM) identifier string for + * the network connection to the JVM that is being used for the + * {@code ServletRequest} from which this {@code ServletConnection} was + * obtained. + * + * There is no defined format for this string. The format is implementation + * dependent. + * + * @return A unique identifier for the network connection + */ +String getConnectionId(); + +/** + * Obtain the name of the protocol as presented to the server after the + * removal, if present, of any TLS or similar encryption. This may not be + * the same as the protocol seen by the application. For example, a reverse + * proxy may present AJP whereas the application will see HTTP 1.1. + * + * If the protocol has an entry in the https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype
Re: [tomcat] branch main updated: Implement the new connection ID and request ID API for Servlet 6.0
On 24/09/2021 18:30, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new b7c05a8 Implement the new connection ID and request ID API for Servlet 6.0 Doing some simple testing locally highlighted something interesting. The Coyote Request gets recycled twice for most requests. Once when the HTTP request is complete and once when the Processor is recycled just before the socket is added to the Poller. I took a look to see if I could convince myself that one of these could be removed. The first is definitely required for pipelined requests. The second looks to be required for some error conditions. If anyone fancies a brain teaser then finding a way to have just one call to Request.recycle() might keep you entertained for a while ;) Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Implement the new connection ID and request ID API for Servlet 6.0
Mark, I haven't looked at the patch yet but I was thinking about this since you mentioned it at ApacheCon. Many load-balancers and other similar network systems are capable of generating their own request-identifiers and sending them as request headers to origin servers. I think it would make sense to allow the user to either use a container-generated request identifier (as you have implemented it) or to allow a (trusted) upstream component to provide one to the container. WDYT? -chris On 9/24/21 13:30, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new b7c05a8 Implement the new connection ID and request ID API for Servlet 6.0 b7c05a8 is described below commit b7c05a8f60003c42e6f367bf307188ce391dbad2 Author: Mark Thomas AuthorDate: Fri Sep 24 18:30:24 2021 +0100 Implement the new connection ID and request ID API for Servlet 6.0 --- java/jakarta/el/ImportHandler.java | 1 + java/jakarta/servlet/ServletConnection.java| 95 +++ java/jakarta/servlet/ServletRequest.java | 48 java/jakarta/servlet/ServletRequestWrapper.java| 36 ++ java/org/apache/catalina/Globals.java | 16 --- java/org/apache/catalina/connector/Request.java| 48 .../apache/catalina/connector/RequestFacade.java | 19 +++ java/org/apache/coyote/AbstractProcessor.java | 37 +++--- java/org/apache/coyote/ActionCode.java | 13 ++- java/org/apache/coyote/Request.java| 39 ++- java/org/apache/coyote/ajp/AjpProcessor.java | 7 ++ java/org/apache/coyote/http11/Http11Processor.java | 7 ++ .../coyote/http2/Http2AsyncUpgradeHandler.java | 4 +- java/org/apache/coyote/http2/Http2Protocol.java| 4 +- .../apache/coyote/http2/Http2UpgradeHandler.java | 20 +++- java/org/apache/coyote/http2/StreamProcessor.java | 18 +-- .../tomcat/util/net/ServletConnectionImpl.java | 55 + .../apache/tomcat/util/net/SocketWrapperBase.java | 30 + .../catalina/filters/TesterHttpServletRequest.java | 16 +++ .../apache/coyote/http2/TestAbstractStream.java| 130 +++-- webapps/docs/changelog.xml | 4 + 21 files changed, 553 insertions(+), 94 deletions(-) diff --git a/java/jakarta/el/ImportHandler.java b/java/jakarta/el/ImportHandler.java index 138a6da..b824d5d 100644 --- a/java/jakarta/el/ImportHandler.java +++ b/java/jakarta/el/ImportHandler.java @@ -54,6 +54,7 @@ public class ImportHandler { servletClassNames.add("RequestDispatcher"); servletClassNames.add("Servlet"); servletClassNames.add("ServletConfig"); +servletClassNames.add("ServletConnection"); servletClassNames.add("ServletContainerInitializer"); servletClassNames.add("ServletContext"); servletClassNames.add("ServletContextAttributeListener"); diff --git a/java/jakarta/servlet/ServletConnection.java b/java/jakarta/servlet/ServletConnection.java new file mode 100644 index 000..97ded16 --- /dev/null +++ b/java/jakarta/servlet/ServletConnection.java @@ -0,0 +1,95 @@ +/* +* Licensed to the Apache Software Foundation (ASF) under one or more +* contributor license agreements. See the NOTICE file distributed with +* this work for additional information regarding copyright ownership. +* The ASF licenses this file to You under the Apache License, Version 2.0 +* (the "License"); you may not use this file except in compliance with +* the License. You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package jakarta.servlet; + +/** + * Provides information about the connection made to the Servlet container. This + * interface is intended primarily for debugging purposes and as such provides + * the raw information as seen by the container. Unless explicitly stated + * otherwise in the Javadoc for a method, no adjustment is made for the presence + * of reverse proxies or similar configurations. + * + * @since Servlet 6.0 + */ +public interface ServletConnection { + +/** + * Obtain a unique (within the lifetime of the JVM) identifier string for + * the network connection to the JVM that is being used for the + * {@code ServletRequest} from which this {@code ServletConnection} was + * obtained. + * + * There is no defined format for this string. The format is implementation +
[tomcat] branch master created (now b7c1897)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git. at b7c1897 Fix typo No new revisions were added by this update. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Add support for OpenSSL 3.1.x to unit tests
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new b22d93f Add support for OpenSSL 3.1.x to unit tests b22d93f is described below commit b22d93f6f66b53319757cd226c32942882e77b38 Author: Mark Thomas AuthorDate: Fri Sep 24 19:19:08 2021 +0100 Add support for OpenSSL 3.1.x to unit tests --- test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java index 9dafe46..cc91d47 100644 --- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java +++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java @@ -49,7 +49,10 @@ public class TesterOpenSSL { } catch (IOException e) { versionString = ""; } -if (versionString.startsWith("OpenSSL 3.0.0")) { +if (versionString.startsWith("OpenSSL 3.1.0")) { +// Note: Gump currently tests 10.x with OpenSSL 3.1.x +VERSION = 30100; +} else if (versionString.startsWith("OpenSSL 3.0.0")) { // Note: Gump currently tests 10.x with OpenSSL 3.0.x VERSION = 3; } else if (versionString.startsWith("OpenSSL 1.1.1")) { @@ -337,7 +340,7 @@ public class TesterOpenSSL { // Explicit OpenSSL path may also need explicit lib path // (e.g. Gump needs this) openSSLLibPath = openSSLPath.substring(0, openSSLPath.lastIndexOf('/')); -openSSLLibPath = openSSLLibPath + "/../lib:" + openSSLLibPath + "/../lib64"; +openSSLLibPath = openSSLLibPath + "/../:" + openSSLLibPath + "/../lib:" + openSSLLibPath + "/../lib64"; } List cmd = new ArrayList<>(); cmd.add(openSSLPath); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Implement the new connection ID and request ID API for Servlet 6.0
Mark, Sorry for the top-post but this is quite a long patch and it will be easier to find my comments up here. When generating the String value for the request identifier, you could use: private String requestId = Long.toHexString(requestIdGenerator.getAndIncrement()); This would produce smaller strings, use slightly less CPU, and then nobody cares whether the value is - or +. This field cannot be FINAL because request objects can be re-used. Okay. Should the new request-id be generated during recycle() or during another time? Is there a method which is always called to re-commission a Request object? If so, I think it would make more sense to leave the requestId alone in recycle() and allocate the new request-id in that other method. In cases where there are use-after-recycle errors in an application, having the old request-id might be helpful in debugging. -chris On 9/24/21 13:30, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new b7c05a8 Implement the new connection ID and request ID API for Servlet 6.0 b7c05a8 is described below commit b7c05a8f60003c42e6f367bf307188ce391dbad2 Author: Mark Thomas AuthorDate: Fri Sep 24 18:30:24 2021 +0100 Implement the new connection ID and request ID API for Servlet 6.0 --- java/jakarta/el/ImportHandler.java | 1 + java/jakarta/servlet/ServletConnection.java| 95 +++ java/jakarta/servlet/ServletRequest.java | 48 java/jakarta/servlet/ServletRequestWrapper.java| 36 ++ java/org/apache/catalina/Globals.java | 16 --- java/org/apache/catalina/connector/Request.java| 48 .../apache/catalina/connector/RequestFacade.java | 19 +++ java/org/apache/coyote/AbstractProcessor.java | 37 +++--- java/org/apache/coyote/ActionCode.java | 13 ++- java/org/apache/coyote/Request.java| 39 ++- java/org/apache/coyote/ajp/AjpProcessor.java | 7 ++ java/org/apache/coyote/http11/Http11Processor.java | 7 ++ .../coyote/http2/Http2AsyncUpgradeHandler.java | 4 +- java/org/apache/coyote/http2/Http2Protocol.java| 4 +- .../apache/coyote/http2/Http2UpgradeHandler.java | 20 +++- java/org/apache/coyote/http2/StreamProcessor.java | 18 +-- .../tomcat/util/net/ServletConnectionImpl.java | 55 + .../apache/tomcat/util/net/SocketWrapperBase.java | 30 + .../catalina/filters/TesterHttpServletRequest.java | 16 +++ .../apache/coyote/http2/TestAbstractStream.java| 130 +++-- webapps/docs/changelog.xml | 4 + 21 files changed, 553 insertions(+), 94 deletions(-) diff --git a/java/jakarta/el/ImportHandler.java b/java/jakarta/el/ImportHandler.java index 138a6da..b824d5d 100644 --- a/java/jakarta/el/ImportHandler.java +++ b/java/jakarta/el/ImportHandler.java @@ -54,6 +54,7 @@ public class ImportHandler { servletClassNames.add("RequestDispatcher"); servletClassNames.add("Servlet"); servletClassNames.add("ServletConfig"); +servletClassNames.add("ServletConnection"); servletClassNames.add("ServletContainerInitializer"); servletClassNames.add("ServletContext"); servletClassNames.add("ServletContextAttributeListener"); diff --git a/java/jakarta/servlet/ServletConnection.java b/java/jakarta/servlet/ServletConnection.java new file mode 100644 index 000..97ded16 --- /dev/null +++ b/java/jakarta/servlet/ServletConnection.java @@ -0,0 +1,95 @@ +/* +* Licensed to the Apache Software Foundation (ASF) under one or more +* contributor license agreements. See the NOTICE file distributed with +* this work for additional information regarding copyright ownership. +* The ASF licenses this file to You under the Apache License, Version 2.0 +* (the "License"); you may not use this file except in compliance with +* the License. You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package jakarta.servlet; + +/** + * Provides information about the connection made to the Servlet container. This + * interface is intended primarily for debugging purposes and as such provides + * the raw information as seen by the container. Unless explicitly stated + * otherwise in the Javadoc for a method, no adjustment is made for the presence + * of reverse proxies or similar configurations. + * + * @since Se
[tomcat] branch 10.0.x updated: Add support for OpenSSL 3.1.x to unit tests
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.0.x by this push: new c9b14f7 Add support for OpenSSL 3.1.x to unit tests c9b14f7 is described below commit c9b14f71c6315becc3dcfb212d47721941a59947 Author: Mark Thomas AuthorDate: Fri Sep 24 19:19:08 2021 +0100 Add support for OpenSSL 3.1.x to unit tests --- test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java index 9dafe46..cc91d47 100644 --- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java +++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java @@ -49,7 +49,10 @@ public class TesterOpenSSL { } catch (IOException e) { versionString = ""; } -if (versionString.startsWith("OpenSSL 3.0.0")) { +if (versionString.startsWith("OpenSSL 3.1.0")) { +// Note: Gump currently tests 10.x with OpenSSL 3.1.x +VERSION = 30100; +} else if (versionString.startsWith("OpenSSL 3.0.0")) { // Note: Gump currently tests 10.x with OpenSSL 3.0.x VERSION = 3; } else if (versionString.startsWith("OpenSSL 1.1.1")) { @@ -337,7 +340,7 @@ public class TesterOpenSSL { // Explicit OpenSSL path may also need explicit lib path // (e.g. Gump needs this) openSSLLibPath = openSSLPath.substring(0, openSSLPath.lastIndexOf('/')); -openSSLLibPath = openSSLLibPath + "/../lib:" + openSSLLibPath + "/../lib64"; +openSSLLibPath = openSSLLibPath + "/../:" + openSSLLibPath + "/../lib:" + openSSLLibPath + "/../lib64"; } List cmd = new ArrayList<>(); cmd.add(openSSLPath); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Add support for OpenSSL 3.1.x to unit tests
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 7d03135 Add support for OpenSSL 3.1.x to unit tests 7d03135 is described below commit 7d03135e3ff7d1f518ceb8e9f740d290969c63b5 Author: Mark Thomas AuthorDate: Fri Sep 24 19:19:08 2021 +0100 Add support for OpenSSL 3.1.x to unit tests --- test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java index 9dafe46..cc91d47 100644 --- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java +++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java @@ -49,7 +49,10 @@ public class TesterOpenSSL { } catch (IOException e) { versionString = ""; } -if (versionString.startsWith("OpenSSL 3.0.0")) { +if (versionString.startsWith("OpenSSL 3.1.0")) { +// Note: Gump currently tests 10.x with OpenSSL 3.1.x +VERSION = 30100; +} else if (versionString.startsWith("OpenSSL 3.0.0")) { // Note: Gump currently tests 10.x with OpenSSL 3.0.x VERSION = 3; } else if (versionString.startsWith("OpenSSL 1.1.1")) { @@ -337,7 +340,7 @@ public class TesterOpenSSL { // Explicit OpenSSL path may also need explicit lib path // (e.g. Gump needs this) openSSLLibPath = openSSLPath.substring(0, openSSLPath.lastIndexOf('/')); -openSSLLibPath = openSSLLibPath + "/../lib:" + openSSLLibPath + "/../lib64"; +openSSLLibPath = openSSLLibPath + "/../:" + openSSLLibPath + "/../lib:" + openSSLLibPath + "/../lib64"; } List cmd = new ArrayList<>(); cmd.add(openSSLPath); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Add support for OpenSSL 3.1.x to unit tests
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new d994418 Add support for OpenSSL 3.1.x to unit tests d994418 is described below commit d994418b581938ba5f14bbd16de2551f42c4 Author: Mark Thomas AuthorDate: Fri Sep 24 19:19:08 2021 +0100 Add support for OpenSSL 3.1.x to unit tests --- test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java index 9dafe46..cc91d47 100644 --- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java +++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java @@ -49,7 +49,10 @@ public class TesterOpenSSL { } catch (IOException e) { versionString = ""; } -if (versionString.startsWith("OpenSSL 3.0.0")) { +if (versionString.startsWith("OpenSSL 3.1.0")) { +// Note: Gump currently tests 10.x with OpenSSL 3.1.x +VERSION = 30100; +} else if (versionString.startsWith("OpenSSL 3.0.0")) { // Note: Gump currently tests 10.x with OpenSSL 3.0.x VERSION = 3; } else if (versionString.startsWith("OpenSSL 1.1.1")) { @@ -337,7 +340,7 @@ public class TesterOpenSSL { // Explicit OpenSSL path may also need explicit lib path // (e.g. Gump needs this) openSSLLibPath = openSSLPath.substring(0, openSSLPath.lastIndexOf('/')); -openSSLLibPath = openSSLLibPath + "/../lib:" + openSSLLibPath + "/../lib64"; +openSSLLibPath = openSSLLibPath + "/../:" + openSSLLibPath + "/../lib:" + openSSLLibPath + "/../lib64"; } List cmd = new ArrayList<>(); cmd.add(openSSLPath); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Remove incorrect comment
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new e11f2ef Remove incorrect comment e11f2ef is described below commit e11f2ef103fa32eb7ea1243e272dc5d6cf39e91a Author: Mark Thomas AuthorDate: Fri Sep 24 19:22:20 2021 +0100 Remove incorrect comment --- test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 1 - 1 file changed, 1 deletion(-) diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java index cc91d47..88d2b46 100644 --- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java +++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java @@ -53,7 +53,6 @@ public class TesterOpenSSL { // Note: Gump currently tests 10.x with OpenSSL 3.1.x VERSION = 30100; } else if (versionString.startsWith("OpenSSL 3.0.0")) { -// Note: Gump currently tests 10.x with OpenSSL 3.0.x VERSION = 3; } else if (versionString.startsWith("OpenSSL 1.1.1")) { // LTS - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Remove incorrect comment
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.0.x by this push: new 3b3cf12 Remove incorrect comment 3b3cf12 is described below commit 3b3cf12dd8de767cc6fef1d750b173162277048f Author: Mark Thomas AuthorDate: Fri Sep 24 19:22:20 2021 +0100 Remove incorrect comment --- test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 1 - 1 file changed, 1 deletion(-) diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java index cc91d47..88d2b46 100644 --- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java +++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java @@ -53,7 +53,6 @@ public class TesterOpenSSL { // Note: Gump currently tests 10.x with OpenSSL 3.1.x VERSION = 30100; } else if (versionString.startsWith("OpenSSL 3.0.0")) { -// Note: Gump currently tests 10.x with OpenSSL 3.0.x VERSION = 3; } else if (versionString.startsWith("OpenSSL 1.1.1")) { // LTS - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Remove incorrect comment
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new d01cf5a Remove incorrect comment d01cf5a is described below commit d01cf5a069e714ef9d3cf8f05e160b4308f7595d Author: Mark Thomas AuthorDate: Fri Sep 24 19:22:20 2021 +0100 Remove incorrect comment --- test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 1 - 1 file changed, 1 deletion(-) diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java index cc91d47..88d2b46 100644 --- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java +++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java @@ -53,7 +53,6 @@ public class TesterOpenSSL { // Note: Gump currently tests 10.x with OpenSSL 3.1.x VERSION = 30100; } else if (versionString.startsWith("OpenSSL 3.0.0")) { -// Note: Gump currently tests 10.x with OpenSSL 3.0.x VERSION = 3; } else if (versionString.startsWith("OpenSSL 1.1.1")) { // LTS - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Remove incorrect comment
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new efd7c27 Remove incorrect comment efd7c27 is described below commit efd7c277917e1529186a9c524b616b436b74a962 Author: Mark Thomas AuthorDate: Fri Sep 24 19:22:20 2021 +0100 Remove incorrect comment --- test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 1 - 1 file changed, 1 deletion(-) diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java index cc91d47..88d2b46 100644 --- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java +++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java @@ -53,7 +53,6 @@ public class TesterOpenSSL { // Note: Gump currently tests 10.x with OpenSSL 3.1.x VERSION = 30100; } else if (versionString.startsWith("OpenSSL 3.0.0")) { -// Note: Gump currently tests 10.x with OpenSSL 3.0.x VERSION = 3; } else if (versionString.startsWith("OpenSSL 1.1.1")) { // LTS - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Implement the new connection ID and request ID API for Servlet 6.0
On 24/09/2021 19:03, Christopher Schultz wrote: Mark, I haven't looked at the patch yet but I was thinking about this since you mentioned it at ApacheCon. Many load-balancers and other similar network systems are capable of generating their own request-identifiers and sending them as request headers to origin servers. I think it would make sense to allow the user to either use a container-generated request identifier (as you have implemented it) or to allow a (trusted) upstream component to provide one to the container. WDYT? I don't think that covers all use cases as it requires the successful parsing of the incoming request. Users are free to log multiple IDs from different sources if that makes sense for their environment. These IDs are primarily to fill the gap that there wasn't IDs from the container perspective. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Implement the new connection ID and request ID API for Servlet 6.0
On 24/09/2021 19:21, Christopher Schultz wrote: Mark, Sorry for the top-post but this is quite a long patch and it will be easier to find my comments up here. No problem. Makes sense. When generating the String value for the request identifier, you could use: private String requestId = Long.toHexString(requestIdGenerator.getAndIncrement()); This would produce smaller strings, use slightly less CPU, and then nobody cares whether the value is - or +. Excellent. I like it. I'll make the change. We might need those extra 3,000,000 years before failover ;) Should the new request-id be generated during recycle() or during another time? Is there a method which is always called to re-commission a Request object? If so, I think it would make more sense to leave the requestId alone in recycle() and allocate the new request-id in that other method. Not sure. I'll take a look. In cases where there are use-after-recycle errors in an application, having the old request-id might be helpful in debugging. I think that could go either way. The ID changing as soon as recycle is called might make use after recycle easier to spot. The more I think about this, the more I think changing ID on recycle is the way to go but I am prepared to be convinced otherwise. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Use base 16 rather than base 10 for IDs. Marginally faster and no -ve
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 0608beb Use base 16 rather than base 10 for IDs. Marginally faster and no -ve 0608beb is described below commit 0608beb7fa910b67d2833a197539048222c76d45 Author: Mark Thomas AuthorDate: Fri Sep 24 19:41:21 2021 +0100 Use base 16 rather than base 10 for IDs. Marginally faster and no -ve --- java/org/apache/coyote/Request.java| 2 +- java/org/apache/tomcat/util/net/SocketWrapperBase.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/java/org/apache/coyote/Request.java b/java/org/apache/coyote/Request.java index 2bbabaf..d9d0732 100644 --- a/java/org/apache/coyote/Request.java +++ b/java/org/apache/coyote/Request.java @@ -793,7 +793,7 @@ public final class Request { available = 0; sendfile = true; -requestId = Long.toString(requestIdGenerator.getAndIncrement()); +requestId = Long.toHexString(requestIdGenerator.getAndIncrement()); serverCookies.recycle(); parameters.recycle(); diff --git a/java/org/apache/tomcat/util/net/SocketWrapperBase.java b/java/org/apache/tomcat/util/net/SocketWrapperBase.java index 4b26219..2ab32ef 100644 --- a/java/org/apache/tomcat/util/net/SocketWrapperBase.java +++ b/java/org/apache/tomcat/util/net/SocketWrapperBase.java @@ -137,7 +137,7 @@ public abstract class SocketWrapperBase { readPending = null; writePending = null; } -connectionId = Long.toString(connectionIdGenerator.getAndIncrement()); +connectionId = Long.toHexString(connectionIdGenerator.getAndIncrement()); } public E getSocket() { - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Implement the new connection ID and request ID API for Servlet 6.0
Mark, On 9/24/21 14:39, Mark Thomas wrote: On 24/09/2021 19:21, Christopher Schultz wrote: Mark, Sorry for the top-post but this is quite a long patch and it will be easier to find my comments up here. No problem. Makes sense. When generating the String value for the request identifier, you could use: private String requestId = Long.toHexString(requestIdGenerator.getAndIncrement()); This would produce smaller strings, use slightly less CPU, and then nobody cares whether the value is - or +. Excellent. I like it. I'll make the change. We might need those extra 3,000,000 years before failover ;) Should the new request-id be generated during recycle() or during another time? Is there a method which is always called to re-commission a Request object? If so, I think it would make more sense to leave the requestId alone in recycle() and allocate the new request-id in that other method. Not sure. I'll take a look. In cases where there are use-after-recycle errors in an application, having the old request-id might be helpful in debugging. I think that could go either way. The ID changing as soon as recycle is called might make use after recycle easier to spot. The more I think about this, the more I think changing ID on recycle is the way to go but I am prepared to be convinced otherwise. How about requestId = -1 on recycle (and create) but set it to a definite value when it's "in service"? -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org