DO NOT REPLY [Bug 8099] - DefaultServlet looses query string information in redirect
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8099. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8099 DefaultServlet looses query string information in redirect [EMAIL PROTECTED] changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|WONTFIX | --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 07:14 --- First thanks for your quick reply. Why is my query string not URL encoded ? RFC 1738 states: Thus, only alphanumerics, the special characters $-_.+!*'(),, and reserved characters used for their reserved purposes may be used unencoded within a URL. The query string ?20 only contains alphanumerics and a reserved character so it is already URL encoded. The HTTP/1.1 specification simply states a query string as: query = *( uchar | reserved ) I could nowhere find a reference where it is stated that the query string must be of type: param1=attr1...paramN=attrN Let me explain why this is a serious problem for us. We are devloping a web content mangement system which is running a quite a few sites by now. In our system you can access a web page directly py typing http://servername/?id where id is the id of the web page (called an entry in our system). Our users are used to this and there are also a lot of URLs public which use this. So there is no way to change this for us at the moment. Apache Web Server with the old JServ handles this fine and also customers running eg. ServletExec have no problems. So the only workarounds for us at the moment is to run Tomcat with Apache which does also the job but we would like to go with simply Tomcat because of an easier configuration. The second solution is to patch Tomcat which works fine, but we don't want to do this with every Tomcat update. If you can convince me that there is a spec somewhere which states that the query string is wrong I will shut up ;-) But this is really a blocker for us. Thanks for your help. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/generators StaticInterceptor.java
Hi Bill, I'm afraid your commit won't solve the problem. As stated in the original bug report, the problem occurs when the javax.servlet.include.servlet_path attribute is _present_. I've never looked at the 3.3 source, but it seems you only changed a case when the attribute is _not_ present. Let me quickly repeat the problem: /jsp/including.jsp --- includes --- /jsp/test.jsp --- forwards to --- /html/test.html 1. When doing the forward, javax.servlet.include.servlet_path is set to /jsp/test.jsp (which is the correct behaviour). 2. Tomcat determines that /html/test.html is a static resource (also correct). 3. When serving the content, Tomcat determines the file to serve by first looking at javax.servlet.include.servlet_path and _only if this is not present_ calling getServletPath. The result is that Tomcat (at least 4.x) serves /jsp/test.jsp as a static resource (which it isn't). I still think the only way to reliably solve this problem is to introduce an additional request attribute (please look at my bugreport for details). Otherwise, you can never be sure that deeply nested include/forward calls are handled correctly. I beliebe this is a serious issue and deserves a quick - but not dirty ;-) - fix. As said before, I'll happily supply a patch (with some help, I could also do it for 3.3). However, since my proposed solution would require a lot of files to be changed, I'd first like some opinions. Could the 4.x guys please look at it? I know it's a lot to read, but the problem and proposed fix are too complex to explain in just a few lines. Best regards Andreas Junghans -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/generators StaticInterceptor.java
Hi Bill, I'm afraid your commit won't solve the problem. As stated in the original bug report, the problem occurs when the javax.servlet.include.servlet_path attribute is _present_. I've never looked at the 3.3 source, but it seems you only changed a case when the attribute is _not_ present. Let me quickly repeat the problem: /jsp/including.jsp --- includes --- /jsp/test.jsp --- forwards to --- /html/test.html 1. When doing the forward, javax.servlet.include.servlet_path is set to /jsp/test.jsp (which is the correct behaviour). 2. Tomcat determines that /html/test.html is a static resource (also correct). 3. When serving the content, Tomcat determines the file to serve by first looking at javax.servlet.include.servlet_path and _only if this is not present_ calling getServletPath. The result is that Tomcat (at least 4.x) serves /jsp/test.jsp as a static resource (which it isn't). I still think the only way to reliably solve this problem is to introduce an additional request attribute (please look at my bugreport for details). Otherwise, you can never be sure that deeply nested include/forward calls are handled correctly. I beliebe this is a serious issue and deserves a quick - but not dirty ;-) - fix. As said before, I'll happily supply a patch (with some help, I could also do it for 3.3). However, since my proposed solution would require a lot of files to be changed, I'd first like some opinions. Could the 4.x guys please look at it? I know it's a lot to read, but the problem and proposed fix are too complex to explain in just a few lines. As I stated in the comments of the bug, I don't agree with your interpretation about the JSP displaying code. Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8099] - DefaultServlet looses query string information in redirect
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8099. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8099 DefaultServlet looses query string information in redirect --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 09:25 --- Ok, ok, I've checked in the code, and the queryString doesn't have any URL decoding done (at least in Coyote). So I don't see a reason why the patch wouldn't work. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8115] - java.io.tmpdir
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8115. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8115 java.io.tmpdir [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||DUPLICATE --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 09:26 --- This has been fixed already. Creating the directory is the obvious workaround. *** This bug has been marked as a duplicate of 6400 *** -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 6400] - Tag Libraries not deploying in 4.0.2 final
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6400. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6400 Tag Libraries not deploying in 4.0.2 final [EMAIL PROTECTED] changed: What|Removed |Added CC||[EMAIL PROTECTED] --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 09:26 --- *** Bug 8115 has been marked as a duplicate of this bug. *** -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8154] New: - logrotate script in RPM rotates non-existing file
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8154.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8154
logrotate script in RPM rotates non-existing file
Summary: logrotate script in RPM rotates non-existing file
Product: Tomcat 3
Version: 3.3 Final
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Normal
Priority: Other
Component: Config
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
The /etc/logrotate.d/tomcat file installed by the RPM
refers to a non-existing file. It
doesn't have the
/var/log/tomcat directory in its path.
So instead of the
current:
/var/log/tomcat.log {
missingok
postrotate
/usr/bin/killall -HUP
httpd
endscript
}
it should contain something like this:
/var/log/tomcat/*.log
{
missingok
postrotate
/usr/bin/killall -HUP httpd
endscript
}
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/generators StaticInterceptor.java
Hi Remy, As I stated in the comments of the bug, I don't agree with your interpretation about the JSP displaying code. Sorry again for not making myself clear. To put it exact (I hope ...): There are cases in complex include/forward scenarios where Tomcat serves JSPs as static resources. So the *client browser* receives something like this as plain text: %@page language=java % % application.getRequestDispatcher(/html/test.html).forward(request, response); % %-- possible harmful information like database login information etc. may also appear here --% This was what I referred to as JSP source code. After reading your comment I noticed how ambiguous that was (sorry again). Now the question is: Is it dangerous if the client sees a JSP including all embedded scriptlets? I'd say yes since developers usually rely upon their Java/JSP code not visible to clients (e.g. because database username and password are stored there - and let's not argue whether this is good design ;-)). Best regards Andreas PS Thanks for incorporating the patch that changes the shutdown order in StandardContext. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8155] New: - Tomcat from RPM doesn't do logrotate
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8155. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8155 Tomcat from RPM doesn't do logrotate Summary: Tomcat from RPM doesn't do logrotate Product: Tomcat 3 Version: 3.3.1 Final Platform: PC OS/Version: Linux Status: NEW Severity: Normal Priority: Other Component: Config AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The RPM doesn't install a logrotate script in the /etc/logrotate.d/ directory, like the 3.3 RPM did. I think it should. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8120] - Tomcat does not work with IBM VM on Windows
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8120. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8120 Tomcat does not work with IBM VM on Windows --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 09:56 --- I'm successfully using IBM JDK and Tomcat 4.0.3 on Windows NT 4.0 (no problems at all, no changes made to the jars included). java -version says: java version 1.3.0 Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0) Classic VM (build 1.3.0, J2RE 1.3.0 IBM build cn130-20010925 (JIT enabled: jitc) ) Are you sure you don't have old jars hanging around somewhere? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 7850] - Can not access env-entries by using JNDI when Tomcat de-serializes sesssions
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7850. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7850 Can not access env-entries by using JNDI when Tomcat de-serializes sesssions [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 10:27 --- This should be fixed in the latest nightly builds. This will not be fixed in 4.0.x. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 7971] - Problems with stop() and reload() in StandardContext
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7971. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7971 Problems with stop() and reload() in StandardContext [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 10:28 --- This should be fixed in the latest nightly builds. I applied a broader version of the patch, which should fix other related issues. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets DefaultServlet.java
remm02/04/16 03:34:59
Modified:catalina/src/share/org/apache/catalina/servlets
DefaultServlet.java
Log:
- Apply patch for bug 8099.
Submitted by Jürgen Moßgraber mossgraber at iitb.fhg.de
Revision ChangesPath
1.53 +7 -21
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java
Index: DefaultServlet.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- DefaultServlet.java 16 Mar 2002 05:28:15 - 1.52
+++ DefaultServlet.java 16 Apr 2002 10:34:58 - 1.53
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java,v
1.52 2002/03/16 05:28:15 remm Exp $
- * $Revision: 1.52 $
- * $Date: 2002/03/16 05:28:15 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java,v
1.53 2002/04/16 10:34:58 remm Exp $
+ * $Revision: 1.53 $
+ * $Date: 2002/04/16 10:34:58 $
*
*
*
@@ -125,7 +125,7 @@
*
* @author Craig R. McClanahan
* @author Remy Maucherat
- * @version $Revision: 1.52 $ $Date: 2002/03/16 05:28:15 $
+ * @version $Revision: 1.53 $ $Date: 2002/04/16 10:34:58 $
*/
public class DefaultServlet
@@ -1547,23 +1547,9 @@
StringBuffer result = new StringBuffer(rewriteUrl(redirectPath));
-Enumeration enum = request.getParameterNames();
-if (enum.hasMoreElements())
-result.append(?);
-
-while (enum.hasMoreElements()) {
-String name = (String) enum.nextElement();
-String[] values = request.getParameterValues(name);
-for (int i = 0; i values.length; i++) {
-result.append(rewriteUrl(name));
-result.append(=);
-result.append(rewriteUrl(values[i]));
-if (i (values.length - 1))
-result.append();
-}
-if (enum.hasMoreElements())
-result.append();
-}
+String query = request.getQueryString ();
+if (query != null)
+result.append (?).append (query);
return result.toString();
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8099] - DefaultServlet looses query string information in redirect
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8099. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8099 DefaultServlet looses query string information in redirect [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 10:36 --- I applied the patch, after testing that the issue I mentioned did not exist. The nightly build for 04/17 will include the fix. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/generators StaticInterceptor.java
Hi Remy, As I stated in the comments of the bug, I don't agree with your interpretation about the JSP displaying code. Sorry again for not making myself clear. To put it exact (I hope ...): There are cases in complex include/forward scenarios where Tomcat serves JSPs as static resources. So the *client browser* receives something like this as plain text: I actually tried the test case (I guess I should have tried it before ...), and it didn't do what I thought it would do. This does not qualify as a security issue by my book, though (it is recommended to test your application before putting it in production). PS Thanks for incorporating the patch that changes the shutdown order in StandardContext. You also were pushing for that one ? Cool. The fix seems to be working ok. I actually changed start/stop/reload. I like safer patches a lot better in general, though ;-) Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/generators StaticInterceptor.java
Hi Remy, I actually tried the test case (I guess I should have tried it before ...), and it didn't do what I thought it would do. This does not qualify as a security issue by my book, though (it is recommended to test your application before putting it in production). Now I have a simple question: Do you think this is a Tomcat bug or not? About the security issue (or not): We _did_ test our application. We just didn't expect that a working JSP would change its behaviour just because we include it from another one! Also think about third party components. If you have a third party JSP that does a forward, you can never be sure it works within an include. The bottom line is: JSPs should _never_ be served as static content (except an application explicitly changes the .jsp mapping or serves it itself). Everything else is at least a bug. Sorry for repeating this again and again, but Orion and Resin don't have this issue and I'd love to fix Tomcat provided I get some positive feedback regarding my proposed solution. Best regards Andreas -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8119] - pageContext.getResponse().flushBuffer() result in Response that never ends and times out
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8119. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8119 pageContext.getResponse().flushBuffer() result in Response that never ends and times out [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||WONTFIX --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 11:16 --- I can confirm the bug (the HTTP response is invalid) with the HTTP/1.1 connector. It is extremely likely this won't be fixed, as the old connector is very hard to maintain. Coyote HTTP/1.1 doesn't have the bug, and generates a correct HTTP/1.1 response (using chunking). -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8099] - DefaultServlet looses query string information in redirect
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8099. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8099 DefaultServlet looses query string information in redirect --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 11:22 --- Thank you VERY much ! -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/generators StaticInterceptor.java
Hi Remy, I actually tried the test case (I guess I should have tried it before ...), and it didn't do what I thought it would do. This does not qualify as a security issue by my book, though (it is recommended to test your application before putting it in production). Now I have a simple question: Do you think this is a Tomcat bug or not? It looks like it. I have to look into the issue more, I suppose. About the security issue (or not): We _did_ test our application. We just didn't expect that a working JSP would change its behaviour just because we include it from another one! Also think about third party components. If you have a third party JSP that does a forward, you can never be sure it works within an include. The bottom line is: JSPs should _never_ be served as static content (except an application explicitly changes the .jsp mapping or serves it itself). Everything else is at least a bug. Sorry for repeating this again and again, but Orion and Resin don't have this issue and I'd love to fix Tomcat provided I get some positive feedback regarding my proposed solution. I have no opinion on it at the moment. Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
[GUMP] Build Failure - jakarta-tomcat-4.0
This email is autogenerated from the output from:
http://jakarta.apache.org/builds/gump/2002-04-16/jakarta-tomcat-4.0.html
Buildfile: build.xml
deploy-prepare:
deploy-static:
deploy:
[echo] Target: Catalina - Deploy ...
flags:
flags.display:
[echo] --- Build environment for Catalina ---
[echo] If ${property_name} is displayed, then the property is not set)
[echo] --- Build options ---
[echo] full.dist=${full.dist}
[echo] build.sysclasspath=only
[echo] compile.debug=${compile.debug}
[echo] compile.deprecation=${compile.deprecation}
[echo] compile.optimize=${compile.optimize}
[echo] --- Ant Flags ---
[echo] style task available (required)=true
[echo] --- JDK ---
[echo] jdk.1.2.present=true
[echo] jdk.1.3.present=true
[echo] jdk.1.4.present=${jdk.1.4.present}
[echo] --- Source Dependencies ---
[echo] jtc.home.present=true
[echo] --- Required Libraries ---
[echo] beanutils.present=true
[echo] collections.present=true
[echo] digester.present=true
[echo] jaxp.present=true
[echo] jndi.present=true
[echo] logging.present=true
[echo] regexp.present=true
[echo] servlet.present=true
[echo] --- Optional Libraries ---
[echo] daemon.present=${daemon.present}
[echo] dbcp.present=true
[echo] jaas.present=true
[echo] javamail.present=true
[echo] jmx.present=true
[echo] jsse.present=true
[echo] jta.present=true
[echo] junit.present=true
[echo] ldap.present=true
[echo] modeler.present=true
[echo] pool.present=true
[echo] tyrex.present=${tyrex.present}
[echo] --- Required JARs ---
[echo] jndi.jar.present(except JDK 1.3+)=true
[echo] regexp.jar.present=true
[echo] servlet.jar.present=true
[echo] xerces.jar.present(except JDK 1.4+ or xerces2)=true
[echo] xerces2.jars.present(except JDK 1.4+ or xerces1)=${xerces2.jars.present}
[echo] --- Optional JARs ---
[echo] daemon.jar.present=${daemon.jar.present}
[echo] dbcp.jar.present=true
[echo] jaas.jar.present=true
[echo] javamail.jar.present=true
[echo] jdbc20ext.jar.present=true
[echo] jmx.jar.present=${jmx.jar.present}
[echo] jta.jar.present=true
[echo] junit.jar.present=${junit.jar.present}
[echo] ldap.jar.present=true
[echo] modeler.jar.present=true
[echo] pool.jar.present=true
[echo] tyrex.jar.present=${tyrex.jar.present}
[echo] --- Conditional compilation flags ---
[echo] compile.daemon=${compile.daemon}
[echo] compile.dbcp=true
[echo] compile.jaas=true
[echo] compile.javamail=true
[echo] compile.jmx=true
[echo] compile.jndi=true
[echo] compile.jsse=true
[echo] compile.jta=true
[echo] compile.junit=true
[echo] compile.ldap=true
[echo] compile.ssi=true
[echo] compile.tyrex=${compile.tyrex}
[echo] --- Distribution flags ---
[echo] copy.daemon.jar=${copy.daemon.jar}
[echo] copy.dbcp.jar=true
[echo] copy.jaas.jar=true
[echo] copy.jdbc20ext.jar=true
[echo] copy.javamail.jar=true
[echo] copy.jmx.jar=${copy.jmx.jar}
[echo] copy.jndi.jar=${copy.jndi.jar}
[echo] copy.jta.jar=true
[echo] copy.ldap.jar=${copy.ldap.jar}
[echo] copy.logging.jar=true
[echo] copy.modeler.jar=true
[echo] copy.pool.jar=true
[echo] copy.tyrex.jar=${copy.tyrex.jar}
[echo] copy.xerces.jar=true
[echo] copy.xerces2.jars=${copy.xerces2.jars}
build-prepare:
copy-activation.jar:
[copy] Copying 1 file to
/home/rubys/jakarta/jakarta-tomcat-4.0/catalina/build/common/lib
[copy] Copying 1 file to
/home/rubys/jakarta/jakarta-tomcat-4.0/catalina/build/common/lib
copy-daemon.jar:
copy-dbcp.jar:
[copy] Copying 1 file to
/home/rubys/jakarta/jakarta-tomcat-4.0/catalina/build/common/lib
copy-jaas.jar:
[copy] Copying 1 file to
/home/rubys/jakarta/jakarta-tomcat-4.0/catalina/build/server/lib
copy-jdbc20ext.jar:
[copy] Copying 1 file to
/home/rubys/jakarta/jakarta-tomcat-4.0/catalina/build/common/lib
copy-jmx.jar:
copy-jndi.jar:
copy-jsse.jar:
copy-jta.jar:
[copy] Copying 1 file to
/home/rubys/jakarta/jakarta-tomcat-4.0/catalina/build/common/lib
copy-ldap.jar:
copy-modeler.jar:
[copy] Copying 1 file to
/home/rubys/jakarta/jakarta-tomcat-4.0/catalina/build/server/lib
copy-pool.jar:
[copy] Copying 1 file to
/home/rubys/jakarta/jakarta-tomcat-4.0/catalina/build/common/lib
copy-tyrex.jar:
copy-xerces.jar:
[copy] Copying 1 file to
/home/rubys/jakarta/jakarta-tomcat-4.0/catalina/build/common/endorsed
copy-xerces2.jars:
build-static:
build-tomcat-util:
detect:
[available] DEPRECATED - available used to override an existing property.
Build file should not reuse the same property name for different values.
build-prepare:
Bad URL on the site...
I got this while playing Jakarta's Webmaster and he is right: -Original Message- From: Michael L. Davis [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 09, 2002 3:41 PM To: [EMAIL PROTECTED] Subject: Your tomcat 4.0 example application is... uh... non existant... the servlet is a bad link and the jsp needs to be wrapped in html. http://jakarta.apache.org/tomcat/tomcat-4.0-doc/appdev/sample/web/ Onward, Mike. Have fun, Paulo Gaspar -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
TomCat web-server : problem with Japanese chars
The Web-server of TomCat does not appear to be able to resolve URLs that contain non-ASCII characters (e.g. Japanese language) correctly for all cases. We have a Win'2000 (Japanese OS) machine on which TomCat 4 is installed. If some URL contains Japanese characters like : http://localhost:8080/myapp/servlet/myservlet?name=myname Here if myname is a Japanese string, it works fine because within the servlet myservlet, we have set the encoding type to SHIFT_JIS before reading the request parameters (a feature of Servlet 2.3 API) But for a URL like : http://localhost:8080/myapp/myname.gif this does not work if myname is a Japanese string and the server responds with a 'resource not found' error. So is this a bug in TomCat or is there any solution we can implement for this ? _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: TomCat web-server : problem with Japanese chars
The Web-server of TomCat does not appear to be able to resolve URLs that contain non-ASCII characters (e.g. Japanese language) correctly for all cases. We have a Win'2000 (Japanese OS) machine on which TomCat 4 is installed. If some URL contains Japanese characters like : http://localhost:8080/myapp/servlet/myservlet?name=myname Here if myname is a Japanese string, it works fine because within the servlet myservlet, we have set the encoding type to SHIFT_JIS before reading the request parameters (a feature of Servlet 2.3 API) But for a URL like : http://localhost:8080/myapp/myname.gif this does not work if myname is a Japanese string and the server responds with a 'resource not found' error. So is this a bug in TomCat or is there any solution we can implement for this ? There is no established standard for URL char encoding, so it won't work in the real world. Tomcat (with Coyote) now defaults to UTF-8, which is the probable future standard. If the client encodes with some other charset (99% of the time, it will use the platform encoding instead), it won't work. Looking at the content-type to try to be smart is a possibility, but is also non standard. Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 7987] - Stack overflow setting an attribute from a forwarded page
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7987. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7987 Stack overflow setting an attribute from a forwarded page [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||WORKSFORME --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 14:01 --- There is apparently a loop in the forwards, for some reason. I tested with a simple JSP forward, and used a setAttribute call to make sure there wasn't an obvious bug in the Coyote adapter, and it worked fine. I'll need a test case to investigate this further. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8097] - Tomcat 4.0x can not be shut down if RMI registry is running
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8097. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8097 Tomcat 4.0x can not be shut down if RMI registry is running --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 14:01 --- I did some further investigation and found out that the RMI registry can be gracefully shutdown if the RMI object is not only unbound but also unexported. So I found a solution to my problem. Nevertheless the problem with Tomcat exists that it does not shut down if there are still threads running which are blocked (eg. blocking I/O). This could be fixed if a System.exit(0) would be added to the end of the main function in org.apache.catalina.startup.Bootstrap -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8097] - Tomcat 4.0x can not be shut down if RMI registry is running
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8097. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8097 Tomcat 4.0x can not be shut down if RMI registry is running --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 14:20 --- The VM will exit if there are only daemon threads running. Since Catalina shutdown is asynchronous, you can't add a System.exit at the end of bootstrap (well, you can, but in your own Tomcat copy). -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [GUMP] Build Failure - jakarta-tomcat-4.0
We're working on that :-)
It seems tomcat-util.jar was not available in the gump run,
hopefully next gump will see it.
Costin
On 16 Apr 2002, Craig McClanahan wrote:
This email is autogenerated from the output from:
http://jakarta.apache.org/builds/gump/2002-04-16/jakarta-tomcat-4.0.html
Buildfile: build.xml
deploy-prepare:
deploy-static:
deploy:
[echo] Target: Catalina - Deploy ...
flags:
flags.display:
[echo] --- Build environment for Catalina ---
[echo] If ${property_name} is displayed, then the property is not set)
[echo] --- Build options ---
[echo] full.dist=${full.dist}
[echo] build.sysclasspath=only
[echo] compile.debug=${compile.debug}
[echo] compile.deprecation=${compile.deprecation}
[echo] compile.optimize=${compile.optimize}
[echo] --- Ant Flags ---
[echo] style task available (required)=true
[echo] --- JDK ---
[echo] jdk.1.2.present=true
[echo] jdk.1.3.present=true
[echo] jdk.1.4.present=${jdk.1.4.present}
[echo] --- Source Dependencies ---
[echo] jtc.home.present=true
[echo] --- Required Libraries ---
[echo] beanutils.present=true
[echo] collections.present=true
[echo] digester.present=true
[echo] jaxp.present=true
[echo] jndi.present=true
[echo] logging.present=true
[echo] regexp.present=true
[echo] servlet.present=true
[echo] --- Optional Libraries ---
[echo] daemon.present=${daemon.present}
[echo] dbcp.present=true
[echo] jaas.present=true
[echo] javamail.present=true
[echo] jmx.present=true
[echo] jsse.present=true
[echo] jta.present=true
[echo] junit.present=true
[echo] ldap.present=true
[echo] modeler.present=true
[echo] pool.present=true
[echo] tyrex.present=${tyrex.present}
[echo] --- Required JARs ---
[echo] jndi.jar.present(except JDK 1.3+)=true
[echo] regexp.jar.present=true
[echo] servlet.jar.present=true
[echo] xerces.jar.present(except JDK 1.4+ or xerces2)=true
[echo] xerces2.jars.present(except JDK 1.4+ or xerces1)=${xerces2.jars.present}
[echo] --- Optional JARs ---
[echo] daemon.jar.present=${daemon.jar.present}
[echo] dbcp.jar.present=true
[echo] jaas.jar.present=true
[echo] javamail.jar.present=true
[echo] jdbc20ext.jar.present=true
[echo] jmx.jar.present=${jmx.jar.present}
[echo] jta.jar.present=true
[echo] junit.jar.present=${junit.jar.present}
[echo] ldap.jar.present=true
[echo] modeler.jar.present=true
[echo] pool.jar.present=true
[echo] tyrex.jar.present=${tyrex.jar.present}
[echo] --- Conditional compilation flags ---
[echo] compile.daemon=${compile.daemon}
[echo] compile.dbcp=true
[echo] compile.jaas=true
[echo] compile.javamail=true
[echo] compile.jmx=true
[echo] compile.jndi=true
[echo] compile.jsse=true
[echo] compile.jta=true
[echo] compile.junit=true
[echo] compile.ldap=true
[echo] compile.ssi=true
[echo] compile.tyrex=${compile.tyrex}
[echo] --- Distribution flags ---
[echo] copy.daemon.jar=${copy.daemon.jar}
[echo] copy.dbcp.jar=true
[echo] copy.jaas.jar=true
[echo] copy.jdbc20ext.jar=true
[echo] copy.javamail.jar=true
[echo] copy.jmx.jar=${copy.jmx.jar}
[echo] copy.jndi.jar=${copy.jndi.jar}
[echo] copy.jta.jar=true
[echo] copy.ldap.jar=${copy.ldap.jar}
[echo] copy.logging.jar=true
[echo] copy.modeler.jar=true
[echo] copy.pool.jar=true
[echo] copy.tyrex.jar=${copy.tyrex.jar}
[echo] copy.xerces.jar=true
[echo] copy.xerces2.jars=${copy.xerces2.jars}
build-prepare:
copy-activation.jar:
[copy] Copying 1 file to
/home/rubys/jakarta/jakarta-tomcat-4.0/catalina/build/common/lib
[copy] Copying 1 file to
/home/rubys/jakarta/jakarta-tomcat-4.0/catalina/build/common/lib
copy-daemon.jar:
copy-dbcp.jar:
[copy] Copying 1 file to
/home/rubys/jakarta/jakarta-tomcat-4.0/catalina/build/common/lib
copy-jaas.jar:
[copy] Copying 1 file to
/home/rubys/jakarta/jakarta-tomcat-4.0/catalina/build/server/lib
copy-jdbc20ext.jar:
[copy] Copying 1 file to
/home/rubys/jakarta/jakarta-tomcat-4.0/catalina/build/common/lib
copy-jmx.jar:
copy-jndi.jar:
copy-jsse.jar:
copy-jta.jar:
[copy] Copying 1 file to
/home/rubys/jakarta/jakarta-tomcat-4.0/catalina/build/common/lib
copy-ldap.jar:
copy-modeler.jar:
[copy] Copying 1 file to
/home/rubys/jakarta/jakarta-tomcat-4.0/catalina/build/server/lib
copy-pool.jar:
[copy] Copying 1 file to
/home/rubys/jakarta/jakarta-tomcat-4.0/catalina/build/common/lib
copy-tyrex.jar:
copy-xerces.jar:
[copy] Copying 1
DO NOT REPLY [Bug 8024] - Can't include entities in web.xml
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8024. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8024 Can't include entities in web.xml --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 14:35 --- Created an attachment (id=1599) The patch that fixes the bug -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8024] - Can't include entities in web.xml
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8024. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8024 Can't include entities in web.xml --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 14:37 --- Created an attachment (id=1600) A *more correct* fix to the bug... ignore the previous, this is the right one. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8097] - Tomcat 4.0x can not be shut down if RMI registry is running
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8097. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8097 Tomcat 4.0x can not be shut down if RMI registry is running --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 14:38 --- Yes, you are absolutely right. I just wanted to point out that there is a potential problem with blocking (non daemon) threads. Maybe other users stumble over the same problem. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8120] - Tomcat does not work with IBM VM on Windows
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8120. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8120 Tomcat does not work with IBM VM on Windows --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 15:13 --- IBM build cn130-20010925 indeed works. I guess I would have to upgrade to newer version. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [GUMP] Build Failure - jakarta-tomcat-4.0
By the way, gump runs are every six hours (see http://jakarta.apache.org/gump/ for details), so if you have a speculative fix that you would like to try out, make the change before a run, and check back later. Only the midnight PDT / 3.a.m. EDT runs cause nags. - Sam Ruby -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8169] New: - jsp:forward without cookies fails
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8169. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8169 jsp:forward without cookies fails Summary: jsp:forward without cookies fails Product: Tomcat 4 Version: 4.0.3 Final Platform: Other OS/Version: Linux Status: NEW Severity: Major Priority: Other Component: Servlet JSP API AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] When we switch cookies off the code: jsp:forward page='%=response.encodeRedirectUrl(/servlet/PRNJAuthenticationServlet)%' / no longer works, we get a class not found exception: java.lang.ClassNotFoundException: PRNJAuthenticationServlet;jsessionid=847C5EE33 95CFB4556DEEBBB764D52E2 The above code does work with cookies on and also when we cut and past the url into the browser. It only fails when cookies are off and the jsp envolves a redirect. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: TomCat web-server : problem with Japanese chars
I'm not sure if I am going off into 'nadda-land' but doesn't the HTTP spec specify that the Content-Type header is used in both requests and responses? So shouldn't the URL be interpreted based on that charset specified by that? eg Content-Type: text/html; charset=UTF-8 Are all valid values.. I think. (fyi I'm using the O'Reilly HTTP pocket reference and ftp://ftp.isi.edu/in-notes/rfc2616.txt to find this). - Chris. -Original Message- From: Remy Maucherat [mailto:[EMAIL PROTECTED]] Sent: 16 April 2002 14:52 To: Tomcat Developers List Subject: Re: TomCat web-server : problem with Japanese chars The Web-server of TomCat does not appear to be able to resolve URLs that contain non-ASCII characters (e.g. Japanese language) correctly for all cases. We have a Win'2000 (Japanese OS) machine on which TomCat 4 is installed. If some URL contains Japanese characters like : http://localhost:8080/myapp/servlet/myservlet?name=myname Here if myname is a Japanese string, it works fine because within the servlet myservlet, we have set the encoding type to SHIFT_JIS before reading the request parameters (a feature of Servlet 2.3 API) But for a URL like : http://localhost:8080/myapp/myname.gif this does not work if myname is a Japanese string and the server responds with a 'resource not found' error. So is this a bug in TomCat or is there any solution we can implement for this ? There is no established standard for URL char encoding, so it won't work in the real world. Tomcat (with Coyote) now defaults to UTF-8, which is the probable future standard. If the client encodes with some other charset (99% of the time, it will use the platform encoding instead), it won't work. Looking at the content-type to try to be smart is a possibility, but is also non standard. Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- NOTICE: The information contained in this electronic mail transmission is intended by Convergys Corporation for the use of the named individual or entity to which it is directed and may contain information that is privileged or otherwise confidential. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email or by telephone (collect), so that the sender's address records can be corrected. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8169] - jsp:forward without cookies fails
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8169. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8169 jsp:forward without cookies fails [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Component|Servlet JSP API |Jasper Resolution||INVALID --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 16:34 --- The URLs used in a request dispatcher must not be encoded with the session id (since it's an internal forward, the same session will still be available in the forwarded page). With cookies, the URL won't undergo any transformation, and that's why it does not break. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [GUMP] Build Failure - jakarta-tomcat-4.0
Thanks for the other tip. Are the nagoya runs still being run? The result file is currently dated 4/4/02. Cheers, Larry -Original Message- From: Sam Ruby [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 16, 2002 11:16 AM To: Tomcat Developers List Subject: RE: [GUMP] Build Failure - jakarta-tomcat-4.0 By the way, gump runs are every six hours (see http://jakarta.apache.org/gump/ for details), so if you have a speculative fix that you would like to try out, make the change before a run, and check back later. Only the midnight PDT / 3.a.m. EDT runs cause nags. - Sam Ruby -- To unsubscribe, e-mail: mailto:tomcat-dev- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [GUMP] Build Failure - jakarta-tomcat-4.0
Larry Isaacs wrote: Thanks for the other tip. Are the nagoya runs still being run? The result file is currently dated 4/4/02. Pier, do you know anything about the following? # Disabled GUMP to despool email... - Sam Ruby -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/webapps/admin/valve accessLogValve.jsp remoteAddrValve.jsp remoteHostValve.jsp requestDumperValve.jsp singleSignOnValve.jsp
manveen 02/04/16 10:04:19 Modified:webapps/admin/WEB-INF/classes/org/apache/webapp/admin ApplicationResources_en.properties TomcatTreeBuilder.java webapps/admin/WEB-INF/classes/org/apache/webapp/admin/valve DeleteValveAction.java EditValveAction.java webapps/admin/context context.jsp webapps/admin/service service.jsp webapps/admin/valve accessLogValve.jsp remoteAddrValve.jsp remoteHostValve.jsp requestDumperValve.jsp singleSignOnValve.jsp Log: Delete valve operation enabled/made available from contextand each of the valve screens. Revision ChangesPath 1.42 +1 -1 jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/ApplicationResources_en.properties Index: ApplicationResources_en.properties === RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/ApplicationResources_en.properties,v retrieving revision 1.41 retrieving revision 1.42 diff -u -r1.41 -r1.42 --- ApplicationResources_en.properties10 Apr 2002 00:37:07 - 1.41 +++ ApplicationResources_en.properties16 Apr 2002 17:04:19 - 1.42 @@ -101,7 +101,7 @@ actions.valves.create=Create New Valve actions.valves.edit=Edit Valve actions.valves.delete=Delete This Valve -actions.valves.deletes=Delete Valves +actions.valves.deletes=Delete Existing Valves actions.alias.create=Create New Aliases actions.alias.delete=Delete Aliases connector.type=Type 1.27 +7 -5 jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/TomcatTreeBuilder.java Index: TomcatTreeBuilder.java === RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/TomcatTreeBuilder.java,v retrieving revision 1.26 retrieving revision 1.27 diff -u -r1.26 -r1.27 --- TomcatTreeBuilder.java11 Apr 2002 07:44:22 - 1.26 +++ TomcatTreeBuilder.java16 Apr 2002 17:04:19 - 1.27 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/TomcatTreeBuilder.java,v 1.26 2002/04/11 07:44:22 manveen Exp $ - * $Revision: 1.26 $ - * $Date: 2002/04/11 07:44:22 $ + * $Header: /home/cvs/jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/TomcatTreeBuilder.java,v 1.27 2002/04/16 17:04:19 manveen Exp $ + * $Revision: 1.27 $ + * $Date: 2002/04/16 17:04:19 $ * * * @@ -93,7 +93,7 @@ * * @author Jazmin Jonson * @author Manveen Kaur - * @version $Revision: 1.26 $ $Date: 2002/04/11 07:44:22 $ + * @version $Revision: 1.27 $ $Date: 2002/04/16 17:04:19 $ */ @@ -411,7 +411,9 @@ EditValve.do?select= + URLEncoder.encode(valveName) + nodeLabel= + -URLEncoder.encode(nodeLabel), +URLEncoder.encode(nodeLabel) + +parent= + +URLEncoder.encode(containerName), content, false); containerNode.addChild(valveNode); 1.3 +5 -5 jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/valve/DeleteValveAction.java Index: DeleteValveAction.java === RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/valve/DeleteValveAction.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- DeleteValveAction.java12 Apr 2002 22:06:30 - 1.2 +++ DeleteValveAction.java16 Apr 2002 17:04:19 - 1.3 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/valve/DeleteValveAction.java,v 1.2 2002/04/12 22:06:30 manveen Exp $ - * $Revision: 1.2 $ - * $Date: 2002/04/12 22:06:30 $ + * $Header: /home/cvs/jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/valve/DeleteValveAction.java,v 1.3 2002/04/16 17:04:19 manveen Exp $ + * $Revision: 1.3 $ + * $Date: 2002/04/16 17:04:19 $ * * * @@ -97,7 +97,7 @@ * The codeAction/code that sets up emDelete Valves/em transactions. * * @author Manveen Kaur - * @version $Revision: 1.2 $ $Date:
Re: [GUMP] Build Failure - jakarta-tomcat-4.0
Sam Ruby [EMAIL PROTECTED] wrote: Larry Isaacs wrote: Thanks for the other tip. Are the nagoya runs still being run? The result file is currently dated 4/4/02. Pier, do you know anything about the following? # Disabled GUMP to despool email... F***... I forgot to re-enable it after the routing problems that caused a huge email backlog were solved... My mistake (never try to solve problems at 4 AM)... Pier -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/webapps/tomcat-docs/config coyote.xml jk.xml jk2.xml project.xml webapp.xml
remm02/04/16 10:48:56 Modified:webapps/tomcat-docs/config coyote.xml jk.xml jk2.xml project.xml webapp.xml Log: - Update according to some of the recent updates in the connector world. - Update the recommended connectors to be JK 2 and the new HTTP/1.1 connector. Revision ChangesPath 1.2 +2 -1 jakarta-tomcat-4.0/webapps/tomcat-docs/config/coyote.xml Index: coyote.xml === RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/config/coyote.xml,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- coyote.xml4 Apr 2002 18:16:07 - 1.1 +++ coyote.xml16 Apr 2002 17:48:56 - 1.2 @@ -269,7 +269,8 @@ attribute name=className required=true pThe fully qualified class name of the SSL server socket factory implementation class. You must specify - codeorg.apache.catalina.net.SSLServerSocketFactory/code here./p + codeorg.apache.coyote.tomcat4.CoyoteServerSocketFactory/code here. + /p /attribute attribute name=clientAuth required=false 1.7 +3 -0 jakarta-tomcat-4.0/webapps/tomcat-docs/config/jk.xml Index: jk.xml === RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/config/jk.xml,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- jk.xml9 Apr 2002 13:27:29 - 1.6 +++ jk.xml16 Apr 2002 17:48:56 - 1.7 @@ -16,6 +16,9 @@ section name=Introduction + pbIMPORTANT NOTE: The JK connector is now deprecated. Use the + Coyote JK 2 connector instead./b/p + pThe strongJK Connector/strong element represents a strongConnector/strong component that communicates with a web connector via the codeJK/code protocol (also known as the AJP protocol). 1.2 +10 -2 jakarta-tomcat-4.0/webapps/tomcat-docs/config/jk2.xml Index: jk2.xml === RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/config/jk2.xml,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- jk2.xml 25 Jan 2002 15:21:34 - 1.1 +++ jk2.xml 16 Apr 2002 17:48:56 - 1.2 @@ -90,9 +90,11 @@ subsection name=Standard Implementation pThe standard implementation of strongJK 2 Connector/strong is - strongorg.apache.jk.server.tomcat40.JkConnector/strong./p + strongorg.apache.coyote.tomcat4.CoyoteConnector/strong, but you + must specify the protocolHandlerClassName attribute (see below)./p - pstrongThis implementation supports the AJP 2.0 protocol./strong/p + pstrongThis implementation supports the AJP 1.3 and 1.4 + protocols./strong/p pIt supports the following additional attributes (in addition to the common attributes listed above):/p @@ -131,6 +133,12 @@ will create a server socket and await incoming connections. Your operating system will allow only one server application to listen to a particular port number on a particular IP address./p +/attribute + +attribute name=protocolHandlerClassName required=false + pThis attribute value must be + codeorg.apache.jk.server.JkCoyoteHandler/code to use the JK 2 + handler./p /attribute /attributes 1.10 +2 -2 jakarta-tomcat-4.0/webapps/tomcat-docs/config/project.xml Index: project.xml === RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/config/project.xml,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- project.xml 4 Apr 2002 18:16:07 - 1.9 +++ project.xml 16 Apr 2002 17:48:56 - 1.10 @@ -23,9 +23,9 @@ menu name=Connectors item name=Coyote HTTP/1.1 href=coyote.html/ -item name=JKhref=jk.html/ -item name=JK 2 href=jk2.html/ +item name=Coyote JK 2 href=jk2.html/ item name=HTTP/1.1 href=http11.html/ +item name=JKhref=jk.html/ item name=Webapphref=webapp.html/ /menu 1.3 +3 -0 jakarta-tomcat-4.0/webapps/tomcat-docs/config/webapp.xml Index: webapp.xml === RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/config/webapp.xml,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- webapp.xml4 Feb 2002 18:03:12 - 1.2 +++ webapp.xml16 Apr 2002 17:48:56 - 1.3 @@ -16,6 +16,9 @@
Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/generators StaticInterceptor.java
In 3.3, executing a forward removes the javax.servlet.include.servlet_path attribute. It's just one of the very many places that 3.3.x and Catalina are different. :-) In the 3.3.x nightly, all of your examples work as expected. - Original Message - From: Andreas Junghans [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Sent: Tuesday, April 16, 2002 1:35 AM Subject: Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/generators StaticInterceptor.java Hi Bill, I'm afraid your commit won't solve the problem. As stated in the original bug report, the problem occurs when the javax.servlet.include.servlet_path attribute is _present_. I've never looked at the 3.3 source, but it seems you only changed a case when the attribute is _not_ present. Let me quickly repeat the problem: /jsp/including.jsp --- includes --- /jsp/test.jsp --- forwards to --- /html/test.html 1. When doing the forward, javax.servlet.include.servlet_path is set to /jsp/test.jsp (which is the correct behaviour). 2. Tomcat determines that /html/test.html is a static resource (also correct). 3. When serving the content, Tomcat determines the file to serve by first looking at javax.servlet.include.servlet_path and _only if this is not present_ calling getServletPath. The result is that Tomcat (at least 4.x) serves /jsp/test.jsp as a static resource (which it isn't). I still think the only way to reliably solve this problem is to introduce an additional request attribute (please look at my bugreport for details). Otherwise, you can never be sure that deeply nested include/forward calls are handled correctly. I beliebe this is a serious issue and deserves a quick - but not dirty ;-) - fix. As said before, I'll happily supply a patch (with some help, I could also do it for 3.3). However, since my proposed solution would require a lot of files to be changed, I'd first like some opinions. Could the 4.x guys please look at it? I know it's a lot to read, but the problem and proposed fix are too complex to explain in just a few lines. Best regards Andreas Junghans -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Error running Apache 2.0 with mod_webapp.so ormod_jk-01.sobinaries
Punky Tse [EMAIL PROTECTED] wrote: [root@bicaweb_dev webapps]# $APACHE_HOME/bin/apachectl start Syntax error on line 220 of /opt/apache2/conf/httpd.conf: Cannot load /opt/apache2/modules/mod_webapp.so into server: /opt/apache2/modules /mod_webapp.so: undefined symbol: ap_table_get /opt/apache2/bin/apachectl start: httpd could not be started Hum.. seems like the pre-build binary using the older version of APR? I don't know, my recent copy of 2.0.36-dev also does not have ap_table_get() function: nm httpd | grep ap_table_get howerver, I found apr_table_get symbol in httpd instead. Anybody here in this list know if there had been such API change in APR? No, AFAIK apr_table_get never changed... What _really_ puzzles me, is that ap_table_get is used in httpd 1.3... I believe this is because he's using a module compiled for 1.3 under 2.0... Pier Pier, Yeah.. You are correct. This guy replied privately to me that mod_webapp is now working on his box after he build the source from CVS. For the pre-built binary, shouldn't we provide two sets of binaries (1.3 and 2.0), or just remove the them from the site? Before changing things, I'd like to have a couple of major updates (like the SocketPool code in)... But I have no time whatsoever now (daytime job keeps me busy 10%) Pier -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/webapps/admin/host alias.jsp host.jsp
manveen 02/04/16 11:52:32 Modified:webapps/admin/host host.jsp Added: webapps/admin/host alias.jsp Log: Added jsp for adding/viewing aliases for a host Enabled add alias operation from host Revision ChangesPath 1.12 +5 -2 jakarta-tomcat-4.0/webapps/admin/host/host.jsp Index: host.jsp === RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/admin/host/host.jsp,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- host.jsp 12 Apr 2002 22:10:32 - 1.11 +++ host.jsp 16 Apr 2002 18:52:32 - 1.12 @@ -43,11 +43,14 @@ controls:action selected=true -bean:message key=actions.available.actions/- /controls:action controls:action disabled=true - /controls:action logic:notEqual name=hostForm property=adminAction value=Create +controls:action url='%= /AddAlias.do?hostName= + + URLEncoder.encode(thisObjectName) %' +bean:message key=actions.alias.create/ +/controls:action %-- -controls:action url= bean:message key=actions.alias.create/ /controls:action controls:action url= bean:message key=actions.alias.delete/ /controls:action -controls:action - /controls:action --% +controls:action disabled=true - /controls:action controls:action url='%= /AddLogger.do?parent= + URLEncoder.encode(thisObjectName) %' bean:message key=actions.loggers.create/ 1.1 jakarta-tomcat-4.0/webapps/admin/host/alias.jsp Index: alias.jsp === !-- Standard Struts Entries -- %@ page language=java import=java.net.URLEncoder % %@ taglib uri=/WEB-INF/struts-bean.tld prefix=bean % %@ taglib uri=/WEB-INF/struts-html.tld prefix=html % %@ taglib uri=/WEB-INF/struts-logic.tld prefix=logic % %@ taglib uri=/WEB-INF/controls.tld prefix=controls % html:html locale=true %@ include file=../users/header.jsp % !-- Body -- body bgcolor=white !--Form -- html:errors/ html:form method=POST action=/SaveAlias html:hidden property=hostName/ table width=100% border=0 cellspacing=0 cellpadding=0 tr class=page-title-row td align=left nowrap div class=page-title-text align=left bean:message key=actions.alias.create/ /div /td /tr /table br table border=0 cellspacing=0 cellpadding=0 width=100% tr td div class=table-title-text bean:message key=new.alias/ /div /td /tr /table table class=back-table border=0 cellspacing=0 cellpadding=1 width=100% tr td controls:table tableStyle=front-table lineStyle=line-row controls:row header=true labelStyle=table-header-text dataStyle=table-header-text controls:label bean:message key=service.property/ /controls:label controls:data bean:message key=service.value/ /controls:data /controls:row controls:row labelStyle=table-label-text dataStyle=table-normal-text controls:label bean:message key=host.alias.name/: /controls:label controls:data html:text property=aliasName size=24 maxlength=24/ /controls:data /controls:row /controls:table /td /tr /table %@ include file=../buttons.jsp % br %-- Aliases List --% table border=0 cellspacing=0 cellpadding=0 width=100% tr td div class=table-title-text bean:message key=host.aliases/ /div /td /tr /table table class=back-table border=0 cellspacing=0 cellpadding=1 width=100% tr td table class=front-table border=1 cellspacing=0 cellpadding=0 width=100% tr class=header-row td width=27% div class=table-header-text align=leftbean:message key=host.alias.name/ /div /td /tr logic:iterate id=aliasVal name=aliasForm property=aliasVals tr td width=27% valign=top colspan=2 div class=table-normal-text %= aliasVal % /div /td /tr /logic:iterate /table /td /tr /table %@ include file=../buttons.jsp % /html:form /body /html:html -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional
cvs commit: jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/host AddAliasAction.java AliasForm.java SaveAliasAction.java
manveen 02/04/16 11:54:46
Added: webapps/admin/WEB-INF/classes/org/apache/webapp/admin/host
AddAliasAction.java AliasForm.java
SaveAliasAction.java
Log:
Added Addalias form bean.
Implemented for add alias operation (aliasses for hosts).
Revision ChangesPath
1.1
jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/host/AddAliasAction.java
Index: AddAliasAction.java
===
/*
* $Header:
/home/cvs/jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/host/AddAliasAction.java,v
1.1 2002/04/16 18:54:46 manveen Exp $
* $Revision: 1.1 $
* $Date: 2002/04/16 18:54:46 $
*
*
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 2001-2002 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
*notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
*notice, this list of conditions and the following disclaimer in
*the documentation and/or other materials provided with the
*distribution.
*
* 3. The end-user documentation included with the redistribution, if
*any, must include the following acknowlegement:
* This product includes software developed by the
*Apache Software Foundation (http://www.apache.org/).
*Alternately, this acknowlegement may appear in the software itself,
*if and wherever such third-party acknowlegements normally appear.
*
* 4. The names The Jakarta Project, Tomcat, and Apache Software
*Foundation must not be used to endorse or promote products derived
*from this software without prior written permission. For written
*permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called Apache
*nor may Apache appear in their names without prior written
*permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* http://www.apache.org/.
*
*/
package org.apache.webapp.admin.host;
import java.io.IOException;
import java.util.Locale;
import java.util.Arrays;
import java.util.ArrayList;
import javax.servlet.ServletException;
import javax.management.MBeanServer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionErrors;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.util.MessageResources;
import org.apache.webapp.admin.ApplicationServlet;
import org.apache.webapp.admin.LabelValueBean;
import org.apache.webapp.admin.Lists;
import javax.management.ObjectName;
/**
* The codeAction/code that sets up emAdd Alias/em transactions.
*
* @author Manveen Kaur
* @version $Revision: 1.1 $ $Date: 2002/04/16 18:54:46 $
*/
public class AddAliasAction extends Action {
/**
* The MBeanServer we will be interacting with.
*/
private MBeanServer mBServer = null;
/**
* The MessageResources we will be retrieving messages from.
*/
private MessageResources resources = null;
// - Public Methods
/**
* Process the
cvs commit: jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11 Http11Protocol.java
remm02/04/16 12:26:31
Modified:http11/src/java/org/apache/coyote/http11 Http11Protocol.java
Log:
- Log the attributes which are set.
Revision ChangesPath
1.5 +17 -5
jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Protocol.java
Index: Http11Protocol.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Protocol.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- Http11Protocol.java 8 Apr 2002 23:49:18 - 1.4
+++ Http11Protocol.java 16 Apr 2002 19:26:31 - 1.5
@@ -93,6 +93,7 @@
public void setAttribute( String name, Object value ) {
log.info(setAttribute + name + + value );
+attributes.put(name, value);
/*
if (maxKeepAliveRequests.equals(name)) {
maxKeepAliveRequests = Integer.parseInt((String) value.toString());
@@ -186,13 +187,14 @@
}
public void setPort( int port ) {
-log.info(setPort + port );
ep.setPort(port);
+setAttribute(port, + port);
//this.port=port;
}
public void setAddress(InetAddress ia) {
ep.setAddress( ia );
+setAttribute(address, + ia);
}
public void setHostName( String name ) {
@@ -202,52 +204,62 @@
public void setSocketFactory( String valueS ) {
socketFactoryName = valueS;
+setAttribute(socketFactory, valueS);
}
public void setSSLImplementation( String valueS) {
sslImplementationName=valueS;
+setAttribute(sslImplementation, valueS);
}
public void setTcpNoDelay( boolean b ) {
ep.setTcpNoDelay( b );
+setAttribute(tcpNoDelay, + b);
}
public void setSoLinger( int i ) {
ep.setSoLinger( i );
+setAttribute(soLinger, + i);
}
public void setSoTimeout( int i ) {
ep.setSoTimeout(i);
+setAttribute(soTimeout, + i);
}
public void setServerSoTimeout( int i ) {
- ep.setServerSoTimeout( i );
+ ep.setServerSoTimeout(i);
+setAttribute(serverSoTimeout, + i);
}
public void setKeystore( String k ) {
- attributes.put( keystore, k);
+setAttribute(keystore, k);
}
public void setKeypass( String k ) {
- attributes.put( keypass, k);
+attributes.put(keypass, k);
+//setAttribute(keypass, k);
}
public void setClientauth( String k ) {
- attributes.put( clientauth, k);
+setAttribute(clientauth, k);
}
public void setSecure( boolean b ) {
secure=b;
+setAttribute(secure, + b);
}
/** Set the maximum number of Keep-Alive requests that we will honor.
*/
public void setMaxKeepAliveRequests(int mkar) {
maxKeepAliveRequests = mkar;
+setAttribute(maxKeepAliveRequests, + mkar);
}
public void setSocketCloseDelay( int d ) {
socketCloseDelay=d;
+setAttribute(socketCloseDelay, + d);
}
private static ServerSocketFactory string2SocketFactory( String val)
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0 build.properties.sample
remm02/04/16 13:16:45
Modified:.build.properties.sample
Log:
- Update to Xerces 2.0.1.
Revision ChangesPath
1.34 +9 -9 jakarta-tomcat-4.0/build.properties.sample
Index: build.properties.sample
===
RCS file: /home/cvs/jakarta-tomcat-4.0/build.properties.sample,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- build.properties.sample 15 Apr 2002 22:54:34 - 1.33
+++ build.properties.sample 16 Apr 2002 20:16:45 - 1.34
@@ -6,7 +6,7 @@
# modules that Tomcat depends on. Copy this file to build.properties
# in the top-level source directory, and customize it as needed.
#
-# $Id: build.properties.sample,v 1.33 2002/04/15 22:54:34 remm Exp $
+# $Id: build.properties.sample,v 1.34 2002/04/16 20:16:45 remm Exp $
# -
@@ -92,17 +92,17 @@
# - Xerces XML Parser, version 1.4.4 to 2.0.0 Beta 4 -
# Note: Optional with JDK 1.4+
-xerces.home=${base.path}/xerces-1_4_4
-xerces.lib=${xerces.home}
-xerces.jar=${xerces.lib}/xerces.jar
+#xerces.home=${base.path}/xerces-1_4_4
+#xerces.lib=${xerces.home}
+#xerces.jar=${xerces.lib}/xerces.jar
-# - Xerces XML Parser, version 2.0.0 Beta 4 or later -
+# - Xerces XML Parser, version 2.0.0 or later -
# Note: Optional with JDK 1.4+, or if Xerces 1.x is present
-#xerces.home=${base.path}/xerces-2_0_0
-#xerces.lib=${xerces.home}
-#xercesImpl.jar=${xerces.lib}/xercesImpl.jar
-#xmlParserAPIs.jar=${xerces.lib}/xmlParserAPIs.jar
+xerces.home=${base.path}/xerces-2_0_1
+xerces.lib=${xerces.home}
+xercesImpl.jar=${xerces.lib}/xercesImpl.jar
+xmlParserAPIs.jar=${xerces.lib}/xmlParserAPIs.jar
# --
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/mbeans MBeanUtils.java ServerLifecycleListener.java
amyroh 02/04/16 13:27:37
Modified:catalina/src/share/org/apache/catalina/mbeans
MBeanUtils.java ServerLifecycleListener.java
Log:
Service parameter is required to find the right connector mbean to remove for
destroyMBean(connector). Temporarily connects the connector to its owning
service to get the right mbean name and disconnects.
Revision ChangesPath
1.33 +7 -5
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/mbeans/MBeanUtils.java
Index: MBeanUtils.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/mbeans/MBeanUtils.java,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- MBeanUtils.java 9 Apr 2002 23:54:35 - 1.32
+++ MBeanUtils.java 16 Apr 2002 20:27:37 - 1.33
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/mbeans/MBeanUtils.java,v
1.32 2002/04/09 23:54:35 amyroh Exp $
- * $Revision: 1.32 $
- * $Date: 2002/04/09 23:54:35 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/mbeans/MBeanUtils.java,v
1.33 2002/04/16 20:27:37 amyroh Exp $
+ * $Revision: 1.33 $
+ * $Date: 2002/04/16 20:27:37 $
*
*
*
@@ -109,7 +109,7 @@
*
* @author Craig R. McClanahan
* @author Amy Roh
- * @version $Revision: 1.32 $ $Date: 2002/04/09 23:54:35 $
+ * @version $Revision: 1.33 $ $Date: 2002/04/16 20:27:37 $
*/
public class MBeanUtils {
@@ -1277,9 +1277,10 @@
*
* @exception Exception if an MBean cannot be deregistered
*/
-public static void destroyMBean(Connector connector)
+public static void destroyMBean(Connector connector, Service service)
throws Exception {
+connector.setService(service);
String mname = createManagedName(connector);
ManagedBean managed = registry.findManagedBean(mname);
if (managed == null) {
@@ -1289,6 +1290,7 @@
if (domain == null)
domain = mserver.getDefaultDomain();
ObjectName oname = createObjectName(domain, connector);
+connector.setService(null);
mserver.unregisterMBean(oname);
}
1.22 +8 -8
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/mbeans/ServerLifecycleListener.java
Index: ServerLifecycleListener.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/mbeans/ServerLifecycleListener.java,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- ServerLifecycleListener.java 6 Mar 2002 06:49:11 - 1.21
+++ ServerLifecycleListener.java 16 Apr 2002 20:27:37 - 1.22
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/mbeans/ServerLifecycleListener.java,v
1.21 2002/03/06 06:49:11 craigmcc Exp $
- * $Revision: 1.21 $
- * $Date: 2002/03/06 06:49:11 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/mbeans/ServerLifecycleListener.java,v
1.22 2002/04/16 20:27:37 amyroh Exp $
+ * $Revision: 1.22 $
+ * $Date: 2002/04/16 20:27:37 $
*
*
*
@@ -107,7 +107,7 @@
*
* @author Craig R. McClanahan
* @author Amy Roh
- * @version $Revision: 1.21 $ $Date: 2002/03/06 06:49:11 $
+ * @version $Revision: 1.22 $ $Date: 2002/04/16 20:27:37 $
*/
public class ServerLifecycleListener
@@ -563,12 +563,12 @@
*
* @exception Exception if an exception is thrown during MBean creation
*/
-protected void destroyMBeans(Connector connector) throws Exception {
+protected void destroyMBeans(Connector connector, Service service) throws
Exception {
// deregister the MBean for the Connector itself
if (debug = 5)
log(Destroying MBean for Connector + connector);
-MBeanUtils.destroyMBean(connector);
+MBeanUtils.destroyMBean(connector, service);
}
@@ -764,7 +764,7 @@
// Deregister the MBeans for the corresponding Connectors
Connector connectors[] = service.findConnectors();
for (int j = 0; j connectors.length; j++) {
-destroyMBeans(connectors[j]);
+destroyMBeans(connectors[j], service);
}
// Deregister the MBeans for the associated Engine
@@ -1091,7 +1091,7 @@
}
if (connector.equals(propertyName)) {
if (oldValue != null) {
-destroyMBeans((Connector) oldValue);
+
Tomcat4.x/IIS confusion
Please allow me to apologize up front but I've read the bug reports (Bug #5647 ) and there seems to contradictory information on whether this is fixed or not This comment on 3/26/2002 seems most relevant: The bug was corrected in CVS version 1.7 of AJP13Request.java only - solution 1 was applied, and then removed in version 1.8. Is this really a bug or is it just a configuration management issue? It appears from CVS that version 1.7 of this file never made it into any official release and version 1.8 (with the fix removed) made it into 4.0.4 b2. So if I got this straight, the solution is in hand but there is currently no release that contains it yet. again sorry if this seems pesky..I am just trying gauge whether I should wait for another 4.0.x release or invest some time in trying build it myself. Tom D. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
[4.0-HEAD] JSP source exposure ?
Hi, I got a report about a URL based exploit against the nightly builds for TC 4 (4.0-HEAD). Basically, accessing foo.jsp%00 (or foo.jsp%00.txt) is supposed to get the source code for foo.jsp. I cannot reproduce the problem when Tomcat is running on Windows (I get a 404 for that kind of URLs). However, since I refactored the URL handling, this kind of problem may have been reintroduced. If I could get reports from people running the nightlies on Unix, that would be nice. Note: If there's a problem, it would be a good idea for the URL decoding method to complain when it encounters a null character when decoding a %xx, as I don't see a single valid use case for that (except in URL based attacks, of course). Thanks, Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11 Http11Protocol.java
remm02/04/16 14:44:34
Modified:http11/src/java/org/apache/coyote/http11 Http11Protocol.java
Log:
- Add log for more attributes.
Revision ChangesPath
1.6 +5 -0
jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Protocol.java
Index: Http11Protocol.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Protocol.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- Http11Protocol.java 16 Apr 2002 19:26:31 - 1.5
+++ Http11Protocol.java 16 Apr 2002 21:44:34 - 1.6
@@ -166,24 +166,29 @@
public void setPools( boolean t ) {
ep.setPoolOn(t);
+setAttribute(pools, + t);
}
public void setMaxThreads( int maxThreads ) {
ep.setMaxThreads(maxThreads);
+setAttribute(maxThreads, + maxThreads);
}
public void setMaxSpareThreads( int maxThreads ) {
ep.setMaxSpareThreads(maxThreads);
+setAttribute(maxSpareThreads, + maxThreads);
}
public void setMinSpareThreads( int minSpareThreads ) {
ep.setMinSpareThreads(minSpareThreads);
+setAttribute(minSpareThreads, + minSpareThreads);
}
// Tcp setup
public void setBacklog( int i ) {
ep.setBacklog(i);
+setAttribute(backlog, + i);
}
public void setPort( int port ) {
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [4.0-HEAD] JSP source exposure ?
I had a few spare minutes so I went ahead and grabbed last night's build. I ran it on Red Hat Linux 7.2 and can confirm the report. Requesting foo.jsp%00.txt gets you the source. Requesting foo.jsp%00 gets you a strange page that includes some html widgets and some of the jsp source too. Surprising (at least to me) and ugly. -David -Original Message- From: Remy Maucherat [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 16, 2002 2:18 PM To: [EMAIL PROTECTED] Subject: [4.0-HEAD] JSP source exposure ? Hi, I got a report about a URL based exploit against the nightly builds for TC 4 (4.0-HEAD). Basically, accessing foo.jsp%00 (or foo.jsp%00.txt) is supposed to get the source code for foo.jsp. I cannot reproduce the problem when Tomcat is running on Windows (I get a 404 for that kind of URLs). However, since I refactored the URL handling, this kind of problem may have been reintroduced. If I could get reports from people running the nightlies on Unix, that would be nice. Note: If there's a problem, it would be a good idea for the URL decoding method to complain when it encounters a null character when decoding a %xx, as I don't see a single valid use case for that (except in URL based attacks, of course). Thanks, Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8177] New: - HttpServlet getParameter
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8177. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8177 HttpServlet getParameter Summary: HttpServlet getParameter Product: Tomcat 4 Version: 4.0.3 Final Platform: PC OS/Version: Windows NT/2K Status: NEW Severity: Normal Priority: Other Component: Unknown AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] When an action for a form consists of the following: process?action=IsqlDataSourcesubmit=DataSourcedsn=com.microsoft.jdbc.sqlserver.SQLServerDriverjdbc:microsoft:sqlserver://rdbcci:1433;DatabaseName=Northwindrdbrdb11101800 When this form is submited, the parameters received by HttpServlet are the following (name only): com.microsoft.jdbc.sqlserver.SQLServerDriverjdbc:microsoft:sqlserver://rdbcci:1433;DatabaseName submit action They should be and were in tomcat 3 (name=value): dsn=com.microsoft.jdbc.sqlserver.SQLServerDriverjdbc:microsoft:sqlserver://rdbcci:1433;DatabaseName=Northwindrdbrdb11101800 submit=DataSource action=IsqlDataSource From testing different strings, I believe the = in: com.microsoft.jdbc.sqlserver.SQLServerDriverjdbc:microsoft:sqlserver://rdbcci:1433;DatabaseName=Northwindrdbrdb11101800 | is not handled as it was in tomcat 3. A work around is to substitute the = and then replace. I used the following form for for testing: form action=\process?action=IsqlDataSourcesubmit=DataSourcedsn=sun.jdbc.odbc.JdbcOdbcDriverjdbc:odbc:Psdemodbdbasql11101800\ method=post target=tablesFrameinput type=submit name=submit value=Switch class=Button/formform action=\process?action=IsqlDataSourcesubmit=DataSourcedsn=com.microsoft.jdbc.sqlserver.SQLServerDriverjdbc:microsoft:sqlserver://rdbcci:1433;DatabaseName=Northwindrdbrdb11101800\ method=post target=tablesFrameinput type=submit name=submit value=Switch class=Button/form -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4 CoyoteAdapter.java
remm02/04/16 14:59:36
Modified:coyote/src/java/org/apache/coyote/tomcat4 CoyoteAdapter.java
Log:
- Return 400 if there is a null byte in the decoded URI.
Revision ChangesPath
1.4 +7 -4
jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java
Index: CoyoteAdapter.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- CoyoteAdapter.java9 Apr 2002 22:27:11 - 1.3
+++ CoyoteAdapter.java16 Apr 2002 21:59:36 - 1.4
@@ -1,6 +1,6 @@
-/* * $Header:
/home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java,v
1.3 2002/04/09 22:27:11 remm Exp $
- * $Revision: 1.3 $
- * $Date: 2002/04/09 22:27:11 $
+/* * $Header:
/home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java,v
1.4 2002/04/16 21:59:36 remm Exp $
+ * $Revision: 1.4 $
+ * $Date: 2002/04/16 21:59:36 $
*
*
*
@@ -119,7 +119,7 @@
*
* @author Craig R. McClanahan
* @author Remy Maucherat
- * @version $Revision: 1.3 $ $Date: 2002/04/09 22:27:11 $
+ * @version $Revision: 1.4 $ $Date: 2002/04/16 21:59:36 $
*/
final class CoyoteAdapter
@@ -493,9 +493,12 @@
int index = 0;
// Replace '\' with '/'
+// Check for null byte
for (pos = start; pos end; pos++) {
if (b[pos] == (byte) '\\')
b[pos] = (byte) '/';
+if (b[pos] == (byte) 0)
+return false;
}
// Replace // with /
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8177] - HttpServlet getParameter
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8177. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8177 HttpServlet getParameter [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||WONTFIX --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 22:02 --- '=' is a reserved character in a URI (as well as '/' and the others, BTW), and have to be encoded. TC 3 may have handled this gracefully, but the URI is still not valid with respect to the RFC. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [4.0-HEAD] JSP source exposure ?
I had a few spare minutes so I went ahead and grabbed last night's build. I ran it on Red Hat Linux 7.2 and can confirm the report. Requesting foo.jsp%00.txt gets you the source. Requesting foo.jsp%00 gets you a strange page that includes some html widgets and some of the jsp source too. Surprising (at least to me) and ugly. Thanks. Since the problem is real, I've put in a fix (it will return 400 the way 4.0.x does). I'm not sure why it happens though. I think because the file extension is .jsp\0, it gets mapped to the default servlet, which would then attempt to serve the resource. On Windows, I was getting a 404, so my guess is that it was trying to get 'foo.jsp\0' (and failing correctly), while on Unix the file would be found (somehow). Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 4217] - Mis-named SetCharacterEncodingFilter.clas in distro
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4217. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4217 Mis-named SetCharacterEncodingFilter.clas in distro [EMAIL PROTECTED] changed: What|Removed |Added CC||[EMAIL PROTECTED] Status|RESOLVED|REOPENED Resolution|INVALID | Version|4.0.1 Final |4.0.3 Final --- Additional Comments From [EMAIL PROTECTED] 2002-04-16 22:44 --- Thank you Tim for solving my problem! I'd like to mention that this wasn't only a problem in 4.0.1 - I also had the problem with jakarta-tomcat-4.0.3.zip. I just downloaded this .ZIP again to verify that the .class file is named .clas. It has nothing to do with the tar.gz. The actual filename is over 31 characters, which is an old Mac limitation. Mac OS X supports long filenames, but apparently StuffIt Expanded 6.5 does not (at least with .ZIP files). StuffIt automatically expands what you download, so you'll have to convince people to delete all that and go to the command line (even with .ZIP!). Besides renaming the file, it may be possible to distribute it in some other format (i.e. .DMG or .SIT) that doesn't run into this limitation. There error reporting (in the default install) is really sad as well. Just a 404, until I look into the right logs, and then look into this bug database. Not listed as a common problem in the readme or anything... I tried Tomcat 4.0.1 months ago and gave up on it, then had the same problem in 4.0.3. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [4.0-HEAD] JSP source exposure ?
On Tue, 16 Apr 2002, Remy Maucherat wrote: Date: Tue, 16 Apr 2002 15:09:11 -0700 From: Remy Maucherat [EMAIL PROTECTED] Reply-To: Tomcat Developers List [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Subject: Re: [4.0-HEAD] JSP source exposure ? I had a few spare minutes so I went ahead and grabbed last night's build. I ran it on Red Hat Linux 7.2 and can confirm the report. Requesting foo.jsp%00.txt gets you the source. Requesting foo.jsp%00 gets you a strange page that includes some html widgets and some of the jsp source too. Surprising (at least to me) and ugly. Thanks. Since the problem is real, I've put in a fix (it will return 400 the way 4.0.x does). I'm not sure why it happens though. I think because the file extension is .jsp\0, it gets mapped to the default servlet, which would then attempt to serve the resource. On Windows, I was getting a 404, so my guess is that it was trying to get 'foo.jsp\0' (and failing correctly), while on Unix the file would be found (somehow). IIRC, this is the same as what we saw the last time this kind of thing showed up -- and it was ultimately because of the filesystem logic on the underlying OS. Such a runtime written in C (like most Unix stuff is) will not have any problem at all accepting foo.jsp\0 and treating it as a reference to foo.jsp -- because null bytes delimit Strings in the C I/O library. Remy Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8180] New: - ssl connection fails
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8180. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8180 ssl connection fails Summary: ssl connection fails Product: Tomcat 4 Version: Nightly Build Platform: PC OS/Version: Windows NT/2K Status: NEW Severity: Critical Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] in the Jwsdp b38, if ssl connection is enabled, tomcat can not start. It encounters a class not found exception. Catalina.start: java.lang.ClassNotFoundException: org.apache.catalina.net.SSLServerSocketFactory java.lang.ClassNotFoundException: org.apache.catalina.net.SSLServerSocketFactory at org.apache.commons.digester.Digester.createSAXException (Digester.java:1976) at org.apache.commons.digester.Digester.createSAXException (Digester.java:1996) at org.apache.commons.digester.Digester.startElement(Digester.java:1034) at org.apache.xerces.parsers.AbstractSAXParser.startElement (AbstractSAXParser.java:434) at org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement (AbstractXMLDocumentParser.java:216) at org.apache.xerces.impl.XMLNamespaceBinder.emptyElement (XMLNamespaceBinder.java:594) at org.apache.xerces.impl.dtd.XMLDTDValidator.emptyElement (XMLDTDValidator.java:817) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement (XMLDocumentFragmentScannerImpl.java:748) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher. dispatch(XMLDocumentFragmentScannerImpl.java:1454) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:333) at org.apache.xerces.parsers.StandardParserConfiguration.parse (StandardParserConfiguration.java:529) at org.apache.xerces.parsers.StandardParserConfiguration.parse (StandardParserConfiguration.java:585) at org.apache.xerces.parsers.XMLParser.parse(XMLParser.java:147) at org.apache.xerces.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1148) at org.apache.commons.digester.Digester.parse(Digester.java:1265) at org.apache.catalina.startup.Catalina.start(Catalina.java:442) at org.apache.catalina.startup.Catalina.execute(Catalina.java:397) at org.apache.catalina.startup.Catalina.process(Catalina.java:177) at java.lang.reflect.Method.invoke(Native Method) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203) at java.lang.reflect.Method.invoke(Native Method) at com.sun.launcher.Launcher.main(Launcher.java:215) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11 Http11Protocol.java
remm02/04/16 16:45:55
Modified:http11/src/java/org/apache/coyote/http11 Http11Protocol.java
Log:
- Log errors and rethrow exceptions when initializing the endpoint.
Revision ChangesPath
1.7 +7 -1
jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Protocol.java
Index: Http11Protocol.java
===
RCS file:
/home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Protocol.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- Http11Protocol.java 16 Apr 2002 21:44:34 - 1.6
+++ Http11Protocol.java 16 Apr 2002 23:45:55 - 1.7
@@ -126,6 +126,7 @@
checkSocketFactory();
} catch( Exception ex ) {
log.error( Error initializing socket factory, ex );
+throw ex;
}
if( socketFactory!=null ) {
@@ -136,7 +137,12 @@
socketFactory.setAttribute( key, v );
}
}
-ep.startEndpoint();
+try {
+ep.startEndpoint();
+} catch (Exception ex) {
+log.error(Error initializing endpoint, ex);
+throw ex;
+}
log.info( Starting on + ep.getPort() );
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 8180] - SSL connection fails
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8180. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8180 SSL connection fails [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID Summary|ssl connection fails|SSL connection fails --- Additional Comments From [EMAIL PROTECTED] 2002-04-17 00:05 --- The configuration used by the WSPACK is likely invalid. There are other bugs on the Tomcat side. Both things are normal as there is a transition to an updated version of the connector in the last few days. The issues have now been fixed in Tomcat, so fixing the configuration in WSPACK should make SSL work in the next build. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [4.0-HEAD] JSP source exposure ?
Craig R. McClanahan [EMAIL PROTECTED] wrote: IIRC, this is the same as what we saw the last time this kind of thing showed up -- and it was ultimately because of the filesystem logic on the underlying OS. Such a runtime written in C (like most Unix stuff is) will not have any problem at all accepting foo.jsp\0 and treating it as a reference to foo.jsp -- because null bytes delimit Strings in the C I/O library. This is different, BTW. Under 4.0.3 final (with the old parsing code) %00 is not translated into \0, then saving us a lot of hassle in the underlying code... Anyhow, under OS/X with HFS filesystem, something like foo.JsP returns the original source of the page... Pier -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [4.0-HEAD] JSP source exposure ?
Pier Fumagalli [EMAIL PROTECTED] wrote: Craig R. McClanahan [EMAIL PROTECTED] wrote: IIRC, this is the same as what we saw the last time this kind of thing showed up -- and it was ultimately because of the filesystem logic on the underlying OS. Such a runtime written in C (like most Unix stuff is) will not have any problem at all accepting foo.jsp\0 and treating it as a reference to foo.jsp -- because null bytes delimit Strings in the C I/O library. This is different, BTW. Under 4.0.3 final (with the old parsing code) %00 is not translated into \0, then saving us a lot of hassle in the underlying code... Anyhow, under OS/X with HFS filesystem, something like foo.JsP returns the original source of the page... BTW, give it a shot also with something like test.js%50 (on as many platform as you can)... Extension matching should be defined case insensitive in the spec... Pier -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [4.0-HEAD] JSP source exposure ?
Pier Fumagalli [EMAIL PROTECTED] wrote: Anyhow, under OS/X with HFS filesystem, something like foo.JsP returns the original source of the page... Can be fixed comparing file.getAbsolutePath() and file.getCanonicalPath(), or at least it looks like it from brief tests... Pier (time 2 go 2 bed) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspReader.java Parser.java
kinman 02/04/16 18:42:54
Modified:jasper2/src/share/org/apache/jasper/compiler JspReader.java
Parser.java
Log:
- Implemented attribute parser in Parser.java. Next step is to clean up
JspReader.java and remove now unused methods.
Revision ChangesPath
1.4 +0 -37
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspReader.java
Index: JspReader.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspReader.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- JspReader.java11 Apr 2002 18:14:03 - 1.3
+++ JspReader.java17 Apr 2002 01:42:54 - 1.4
@@ -280,43 +280,6 @@
return caw.toCharArray();
}
-/**
- * Get the text for a scripting element from the stream. It handles
- * the escape string %\.
- *
- * @param start The starting postion to read
- * @param stop The ending (exclusive) postion to read
- * @return The resultant text
- */
-char[] getScriptingText(Mark start, Mark stop) throws JasperException {
- Mark oldstart = mark();
- reset(start);
- CharArrayWriter caw = new CharArrayWriter();
- while (!stop.equals(mark())) {
- int c = nextChar();
- caw.write(c);
- if (c == '%') {
- if (stop.equals(mark()))
- break;
- int c2 = nextChar();
- if (stop.equals(mark())) {
- caw.write(c2);
- break;
- }
- int c3 = nextChar();
- if (c2 == '\\' c3 == '') {
- caw.write('');
- } else {
- caw.write(c2);
- caw.write(c3);
- }
- }
- }
- caw.close();
- reset(oldstart);
- return caw.toCharArray();
-}
-
public int peekChar() {
return current.stream[current.cursor];
}
1.3 +178 -17
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Parser.java
Index: Parser.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Parser.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- Parser.java 4 Apr 2002 02:34:01 - 1.2
+++ Parser.java 17 Apr 2002 01:42:54 - 1.3
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Parser.java,v
1.2 2002/04/04 02:34:01 kinman Exp $
- * $Revision: 1.2 $
- * $Date: 2002/04/04 02:34:01 $
+ * $Header:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Parser.java,v
1.3 2002/04/17 01:42:54 kinman Exp $
+ * $Revision: 1.3 $
+ * $Date: 2002/04/17 01:42:54 $
*
*
*
@@ -61,10 +61,12 @@
package org.apache.jasper.compiler;
import java.io.FileNotFoundException;
+import java.io.CharArrayWriter;
import java.util.Hashtable;
import javax.servlet.jsp.tagext.TagLibraryInfo;
import javax.servlet.jsp.tagext.TagInfo;
import org.xml.sax.Attributes;
+import org.xml.sax.helpers.AttributesImpl;
import org.apache.jasper.JspCompilationContext;
import org.apache.jasper.JasperException;
@@ -124,6 +126,160 @@
return page;
}
+/**
+ * Attributes ::= (S Attribute)* S?
+ */
+Attributes parseAttributes() throws JasperException {
+ AttributesImpl attrs = new AttributesImpl();
+
+ reader.skipSpaces();
+ while (parseAttribute(attrs))
+ reader.skipSpaces();
+
+ return attrs;
+}
+
+/**
+ * Attribute ::= Name S? Eq S?
+ * ( '%= RTAttributeValueDouble
+ * | '' AttributeValueDouble
+ * | '%= RTAttributeValueSingle
+ * | ' AttributeValueSingle
+ * }
+ * Note: JSP and XML spec does not allow while spaces around Eq. It is
+ * added to be backward compatible with Tomcat, and with other xml parsers.
+ */
+private boolean parseAttribute(AttributesImpl attrs) throws JasperException {
+ String name = parseName();
+ if (name == null)
+ return false;
+
+ reader.skipSpaces();
+ if (!reader.matches(=))
+ err.jspError(reader.mark(), jsp.error.attribute.noequal);
+
+ reader.skipSpaces();
+ char quote = (char) reader.nextChar();
+ if (quote != '\'' quote != '')
+ err.jspError(reader.mark(), jsp.error.attribute.noquote);
+
+ String watchString = ;
+ if
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/generators StaticInterceptor.java
billbarker02/04/16 19:41:49
Modified:src/share/org/apache/tomcat/modules/generators
StaticInterceptor.java
Log:
Preserve the query string when doing a redirect to the index page.
Reported as bug #8099 against 4.0
Reported by: Jurgen Mossgraber [EMAIL PROTECTED]
Revision ChangesPath
1.21 +6 -0
jakarta-tomcat/src/share/org/apache/tomcat/modules/generators/StaticInterceptor.java
Index: StaticInterceptor.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/generators/StaticInterceptor.java,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- StaticInterceptor.java16 Apr 2002 03:04:55 - 1.20
+++ StaticInterceptor.java17 Apr 2002 02:41:49 - 1.21
@@ -191,6 +191,9 @@
if( welcomeFile==null ! requestURI.endsWith(/) ) {
String redirectURI= requestURI + /;
redirectURI=fixURLRewriting( req, redirectURI );
+ String query = req.query().toString();
+ if( query != null !query.equals() )
+ redirectURI += ? + query;
req.setAttribute(javax.servlet.error.message,
redirectURI);
if( debug 0) log( Redirect + redirectURI );
@@ -216,6 +219,9 @@
String redirectURI=null;
redirectURI=concatPath( requestURI, welcomeFile);
redirectURI=fixURLRewriting( req, redirectURI );
+ String query = req.query().toString();
+ if( query != null !query.equals() )
+ redirectURI += ? + query;
req.setAttribute(javax.servlet.error.message,
redirectURI);
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
TC4: qn about requestdispatcher forwards and input streams
I'd appreciate it if someone can clarify whether the following is a bug in TC4 or not. I have a servlet whose doPost() implementation simply gets hold of a requestdispatcher and invokes forward() on it. The form that is posted contains a couple of name/value parameters. The forwarded-to servlet runs into an error when it tries to read data from the input stream of the request. The error is that the input stream has already been closed. o.a.c.core.ApplicationDispatcher.forward() invokes its wrapRequest() method which in turn ends up invoking ApplicationHttpRequest.setRequest() which reads the parameters (request.getParameterMap()) from the input stream and closes the input stream. The servlet spec says the following about POST data parameters. -- SRV.4.1.1 When Parameters Are Available The following are the conditions that must be met before post form data will be populated to the parameter set: 1. The request is an HTTP or HTTPS request. 2. The HTTP method is POST 3. The content type is application/x-www-form-urlencoded 4. The servlet has made an initial call of any of the getParameter family of methods on the request object. If the conditions are not met and the post form data is not included in the parameter set, the post data must still be available to the servlet via the request objects input stream. If the conditions are met, post form data will no longer be available for reading directly from the request objects input stream. --- If my understanding is right, condition #4 is not met in the ApplicationDispatcher.forward() codepath, so the parameters/data should not have been read from the input stream. (I read the request dispatcher section of the spec and it only talked about query string parameters and doesn't say what should be done to the data on the input stream.) Thanks, Arvind -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets DefaultServlet.java
billbarker02/04/16 22:49:59
Modified:catalina/src/share/org/apache/catalina/core
ApplicationHttpRequest.java
catalina/src/share/org/apache/catalina/servlets
DefaultServlet.java
Log:
Attempt to port the 3.3.x logic to 4.x.
This fixes the examples in bug #8092. I don't know what else it breaks (so I'm not
porting to the 4.0 branch). I think that this is OK, but feel free to -1 if I'm
breaking something that I shouldn't be.
Revision ChangesPath
1.11 +9 -6
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java
Index: ApplicationHttpRequest.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- ApplicationHttpRequest.java 22 Jul 2001 20:25:08 - 1.10
+++ ApplicationHttpRequest.java 17 Apr 2002 05:49:59 - 1.11
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java,v
1.10 2001/07/22 20:25:08 pier Exp $
- * $Revision: 1.10 $
- * $Date: 2001/07/22 20:25:08 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java,v
1.11 2002/04/17 05:49:59 billbarker Exp $
+ * $Revision: 1.11 $
+ * $Date: 2002/04/17 05:49:59 $
*
*
*
@@ -94,7 +94,7 @@
* keep these two classes in synchronization when making changes!
*
* @author Craig R. McClanahan
- * @version $Revision: 1.10 $ $Date: 2001/07/22 20:25:08 $
+ * @version $Revision: 1.11 $ $Date: 2002/04/17 05:49:59 $
*/
class ApplicationHttpRequest extends HttpServletRequestWrapper {
@@ -513,8 +513,11 @@
Enumeration names = request.getAttributeNames();
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
-Object value = request.getAttribute(name);
-attributes.put(name, value);
+if( ! ( Globals.REQUEST_URI_ATTR.equals(name) ||
+Globals.SERVLET_PATH_ATTR.equals(name) ) ) {
+Object value = request.getAttribute(name);
+attributes.put(name, value);
+}
}
}
1.54 +5 -5
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java
Index: DefaultServlet.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -r1.53 -r1.54
--- DefaultServlet.java 16 Apr 2002 10:34:58 - 1.53
+++ DefaultServlet.java 17 Apr 2002 05:49:59 - 1.54
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java,v
1.53 2002/04/16 10:34:58 remm Exp $
- * $Revision: 1.53 $
- * $Date: 2002/04/16 10:34:58 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java,v
1.54 2002/04/17 05:49:59 billbarker Exp $
+ * $Revision: 1.54 $
+ * $Date: 2002/04/17 05:49:59 $
*
*
*
@@ -125,7 +125,7 @@
*
* @author Craig R. McClanahan
* @author Remy Maucherat
- * @version $Revision: 1.53 $ $Date: 2002/04/16 10:34:58 $
+ * @version $Revision: 1.54 $ $Date: 2002/04/17 05:49:59 $
*/
public class DefaultServlet
@@ -1163,7 +1163,7 @@
// Checking If headers
boolean included =
-(request.getAttribute(Globals.REQUEST_URI_ATTR) != null);
+(request.getAttribute(Globals.CONTEXT_PATH_ATTR) != null);
if (!included
!checkIfHeaders(request, response, resourceInfo)) {
return;
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
