[NOD32: deleted] Re: Your document
Your document is attached. Notification from NOD32 Warning: ADESGO's Antivirus System for Linux Mail Server found the following infiltrations in this message: part000.txt - is OK your_document.pif - Win32/Netsky.D worm - unable to clean - deleted http://www.nod32.com
Re: Here is the document
Please have a look at the attached file. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Your text
Here is the file. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
hey you
Norton AntiVirus gelöscht1.txt Description: plain/text - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: hey you
... Este es un mensaje automático de uno de nuestros servidores; en ningún caso tiene que ver con nuestra política anti-spam y sí con el recipiente final de mensajes dirigidos a cuentas de correo inexistentes de dominios alojados en nuestros servidores. Si piensa que no debe recibirlo, si tiene alguna cuestión sobre spam o simplemente quiere contactar con nosotros sobre cualquier asunto, por favor, diríjase a http://soporte.net y utilice el formulario de contacto. Estaremos deseosos de atenderle. Equipo de Soporte Técnico de Soporte-NET ... This is an automatic message of one of our servers; it has nothing to do with our anti-spam policy. In fact, it\\\'s the final recipient of messages sent to an inexistent e-mail account. If you think you shouldn\\\'t receive this message, or have any question about spam, or just want to contact us regarding any issue, please do it via the web form at http://soporte.net We\\\'ll be pleased to assist you. Soporte-NET Support Team - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: hey you
... Este es un mensaje automático de uno de nuestros servidores; en ningún caso tiene que ver con nuestra política anti-spam y sí con el recipiente final de mensajes dirigidos a cuentas de correo inexistentes de dominios alojados en nuestros servidores. Si piensa que no debe recibirlo, si tiene alguna cuestión sobre spam o simplemente quiere contactar con nosotros sobre cualquier asunto, por favor, diríjase a http://soporte.net y utilice el formulario de contacto. Estaremos deseosos de atenderle. Equipo de Soporte Técnico de Soporte-NET ... This is an automatic message of one of our servers; it has nothing to do with our anti-spam policy. In fact, it\\\'s the final recipient of messages sent to an inexistent e-mail account. If you think you shouldn\\\'t receive this message, or have any question about spam, or just want to contact us regarding any issue, please do it via the web form at http://soporte.net We\\\'ll be pleased to assist you. Soporte-NET Support Team - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: Re: hey you
... Este es un mensaje automático de uno de nuestros servidores; en ningún caso tiene que ver con nuestra política anti-spam y sí con el recipiente final de mensajes dirigidos a cuentas de correo inexistentes de dominios alojados en nuestros servidores. Si piensa que no debe recibirlo, si tiene alguna cuestión sobre spam o simplemente quiere contactar con nosotros sobre cualquier asunto, por favor, diríjase a http://soporte.net y utilice el formulario de contacto. Estaremos deseosos de atenderle. Equipo de Soporte Técnico de Soporte-NET ... This is an automatic message of one of our servers; it has nothing to do with our anti-spam policy. In fact, it\\\'s the final recipient of messages sent to an inexistent e-mail account. If you think you shouldn\\\'t receive this message, or have any question about spam, or just want to contact us regarding any issue, please do it via the web form at http://soporte.net We\\\'ll be pleased to assist you. Soporte-NET Support Team - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: Re: Re: hey you
... Este es un mensaje automático de uno de nuestros servidores; en ningún caso tiene que ver con nuestra política anti-spam y sí con el recipiente final de mensajes dirigidos a cuentas de correo inexistentes de dominios alojados en nuestros servidores. Si piensa que no debe recibirlo, si tiene alguna cuestión sobre spam o simplemente quiere contactar con nosotros sobre cualquier asunto, por favor, diríjase a http://soporte.net y utilice el formulario de contacto. Estaremos deseosos de atenderle. Equipo de Soporte Técnico de Soporte-NET ... This is an automatic message of one of our servers; it has nothing to do with our anti-spam policy. In fact, it\\\'s the final recipient of messages sent to an inexistent e-mail account. If you think you shouldn\\\'t receive this message, or have any question about spam, or just want to contact us regarding any issue, please do it via the web form at http://soporte.net We\\\'ll be pleased to assist you. Soporte-NET Support Team - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: Re: Re: Re: hey you
... Este es un mensaje automático de uno de nuestros servidores; en ningún caso tiene que ver con nuestra política anti-spam y sí con el recipiente final de mensajes dirigidos a cuentas de correo inexistentes de dominios alojados en nuestros servidores. Si piensa que no debe recibirlo, si tiene alguna cuestión sobre spam o simplemente quiere contactar con nosotros sobre cualquier asunto, por favor, diríjase a http://soporte.net y utilice el formulario de contacto. Estaremos deseosos de atenderle. Equipo de Soporte Técnico de Soporte-NET ... This is an automatic message of one of our servers; it has nothing to do with our anti-spam policy. In fact, it\\\'s the final recipient of messages sent to an inexistent e-mail account. If you think you shouldn\\\'t receive this message, or have any question about spam, or just want to contact us regarding any issue, please do it via the web form at http://soporte.net We\\\'ll be pleased to assist you. Soporte-NET Support Team - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: Re: Re: Re: Re: hey you
... Este es un mensaje automático de uno de nuestros servidores; en ningún caso tiene que ver con nuestra política anti-spam y sí con el recipiente final de mensajes dirigidos a cuentas de correo inexistentes de dominios alojados en nuestros servidores. Si piensa que no debe recibirlo, si tiene alguna cuestión sobre spam o simplemente quiere contactar con nosotros sobre cualquier asunto, por favor, diríjase a http://soporte.net y utilice el formulario de contacto. Estaremos deseosos de atenderle. Equipo de Soporte Técnico de Soporte-NET ... This is an automatic message of one of our servers; it has nothing to do with our anti-spam policy. In fact, it\\\'s the final recipient of messages sent to an inexistent e-mail account. If you think you shouldn\\\'t receive this message, or have any question about spam, or just want to contact us regarding any issue, please do it via the web form at http://soporte.net We\\\'ll be pleased to assist you. Soporte-NET Support Team - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: Re: Re: Re: Re: Re: hey you
... Este es un mensaje automático de uno de nuestros servidores; en ningún caso tiene que ver con nuestra política anti-spam y sí con el recipiente final de mensajes dirigidos a cuentas de correo inexistentes de dominios alojados en nuestros servidores. Si piensa que no debe recibirlo, si tiene alguna cuestión sobre spam o simplemente quiere contactar con nosotros sobre cualquier asunto, por favor, diríjase a http://soporte.net y utilice el formulario de contacto. Estaremos deseosos de atenderle. Equipo de Soporte Técnico de Soporte-NET ... This is an automatic message of one of our servers; it has nothing to do with our anti-spam policy. In fact, it\\\'s the final recipient of messages sent to an inexistent e-mail account. If you think you shouldn\\\'t receive this message, or have any question about spam, or just want to contact us regarding any issue, please do it via the web form at http://soporte.net We\\\'ll be pleased to assist you. Soporte-NET Support Team - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: Re: Re: Re: Re: Re: Re: hey you
... Este es un mensaje automático de uno de nuestros servidores; en ningún caso tiene que ver con nuestra política anti-spam y sí con el recipiente final de mensajes dirigidos a cuentas de correo inexistentes de dominios alojados en nuestros servidores. Si piensa que no debe recibirlo, si tiene alguna cuestión sobre spam o simplemente quiere contactar con nosotros sobre cualquier asunto, por favor, diríjase a http://soporte.net y utilice el formulario de contacto. Estaremos deseosos de atenderle. Equipo de Soporte Técnico de Soporte-NET ... This is an automatic message of one of our servers; it has nothing to do with our anti-spam policy. In fact, it\\\'s the final recipient of messages sent to an inexistent e-mail account. If you think you shouldn\\\'t receive this message, or have any question about spam, or just want to contact us regarding any issue, please do it via the web form at http://soporte.net We\\\'ll be pleased to assist you. Soporte-NET Support Team - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: Re: Re: Re: Re: Re: Re: Re: hey you
... Este es un mensaje automático de uno de nuestros servidores; en ningún caso tiene que ver con nuestra política anti-spam y sí con el recipiente final de mensajes dirigidos a cuentas de correo inexistentes de dominios alojados en nuestros servidores. Si piensa que no debe recibirlo, si tiene alguna cuestión sobre spam o simplemente quiere contactar con nosotros sobre cualquier asunto, por favor, diríjase a http://soporte.net y utilice el formulario de contacto. Estaremos deseosos de atenderle. Equipo de Soporte Técnico de Soporte-NET ... This is an automatic message of one of our servers; it has nothing to do with our anti-spam policy. In fact, it\\\'s the final recipient of messages sent to an inexistent e-mail account. If you think you shouldn\\\'t receive this message, or have any question about spam, or just want to contact us regarding any issue, please do it via the web form at http://soporte.net We\\\'ll be pleased to assist you. Soporte-NET Support Team - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: hey you
... Este es un mensaje automático de uno de nuestros servidores; en ningún caso tiene que ver con nuestra política anti-spam y sí con el recipiente final de mensajes dirigidos a cuentas de correo inexistentes de dominios alojados en nuestros servidores. Si piensa que no debe recibirlo, si tiene alguna cuestión sobre spam o simplemente quiere contactar con nosotros sobre cualquier asunto, por favor, diríjase a http://soporte.net y utilice el formulario de contacto. Estaremos deseosos de atenderle. Equipo de Soporte Técnico de Soporte-NET ... This is an automatic message of one of our servers; it has nothing to do with our anti-spam policy. In fact, it\\\'s the final recipient of messages sent to an inexistent e-mail account. If you think you shouldn\\\'t receive this message, or have any question about spam, or just want to contact us regarding any issue, please do it via the web form at http://soporte.net We\\\'ll be pleased to assist you. Soporte-NET Support Team - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
single percent sign in a parameter causes an exception report detailing tomcat version
Guys, We've had a pen test done on one of the apps we look after and they an issue which I'd like a little guidance on ... (Accept that these guys are specifically sending iffy requests to cause the system to break or detail what versions of the code is being used to provide ways of hacking in ..) If you have a page that does request.getParameter(paramName) and you specify page.jsp?paramName=% The result is an exception report that details what version of tomcat you are running (I've tried this with 4.1.29 and it does make a wonderful exception report!) Anyone seen this before ? Anyone got a fix ? Thanks David -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Autoreply: single percent sign in a parameter causes an exception report detailing tomcat version
Hello, Due to the increased volume of SPAM this mailbox has been closed. Please contact us via http://www.directxtras.com/ContactUS.asp We apology for the inconvenience. Best Regards, -- The DirectXtras Team - DirectXtras - Xtra Power for Director and Authorware - http://www.directxtras.com Sites with something to say - http://www.SpeaksForItself.com - Your message reads: Received: from mail.apache.org (unverified [208.185.179.12]) by mail2.intermedia.net (Rockliffe SMTPRA 4.5.6) with SMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Fri, 16 Apr 2004 03:09:54 -0700 Received: (qmail 87620 invoked by uid 500); 16 Apr 2004 10:09:31 - Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk List-Unsubscribe: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] List-Help: mailto:[EMAIL PROTECTED] List-Post: mailto:[EMAIL PROTECTED] List-Id: Tomcat Developers List tomcat-dev.jakarta.apache.org Reply-To: Tomcat Developers List [EMAIL PROTECTED] Delivered-To: mailing list [EMAIL PROTECTED] Received: (qmail 87603 invoked from network); 16 Apr 2004 10:09:31 - Received: from unknown (HELO loninmrp0.uk.db.com) (160.83.52.97) by daedalus.apache.org with SMTP; 16 Apr 2004 10:09:31 - Received: from sdbo1003.db.com by loninmrp0.uk.db.com id i3GA9hKt031914; Fri, 16 Apr 2004 11:09:44 +0100 Subject: single percent sign in a parameter causes an exception report detailing tomcat version To: Tomcat Developers List [EMAIL PROTECTED] X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: [EMAIL PROTECTED] From: David Cassidy [EMAIL PROTECTED] Date: Fri, 16 Apr 2004 11:09:42 +0100 X-MIMETrack: Serialize by Router on sdbo1003/DMGUK/DeuBaInt/DeuBa(5012HF499 | November 14, 2003) at 16/04/2004 11:09:47 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Guys, We've had a pen test done on one of the apps we look after and they an issue which I'd like a little guidance on ... (Accept that these guys are specifically sending iffy requests to cause the system to break or detail what versions of the code is being used to provide ways of hacking in ..) If you have a page that does request.getParameter(paramName) and you specify page.jsp?paramName=% The result is an exception report that details what version of tomcat you are running (I've tried this with 4.1.29 and it does make a wonderful exception report!) Anyone seen this before ? Anyone got a fix ? Thanks David -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28417] - Context descriptors in appBase do not get deployed
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28417. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28417 Context descriptors in appBase do not get deployed --- Additional Comments From [EMAIL PROTECTED] 2004-04-16 10:27 --- I'm curiuos as to why context descriptors now have to be in $CATALINA_HOME/conf/ [enginename]/[hostname] (on in META-INF) since TC4.1 supported them anywhere. Apparently we were the only ones to use this 'feature' (or was it a bug?) in 4.1. I guess I have no choice but it was nice to remove all app-specific directives/files from the tomcat tree without having to store it in the WAR if that is how you want to setup your web apps. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Autoreply: DO NOT REPLY [Bug 28417] - Context descriptors in appBase do not get deployed
Hello, Due to the increased volume of SPAM this mailbox has been closed. Please contact us via http://www.directxtras.com/ContactUS.asp We apology for the inconvenience. Best Regards, -- The DirectXtras Team - DirectXtras - Xtra Power for Director and Authorware - http://www.directxtras.com Sites with something to say - http://www.SpeaksForItself.com - Your message reads: Received: from mail.apache.org (unverified [208.185.179.12]) by mail2.intermedia.net (Rockliffe SMTPRA 4.5.6) with SMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Fri, 16 Apr 2004 03:26:51 -0700 Received: (qmail 19660 invoked by uid 500); 16 Apr 2004 10:26:28 - Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk List-Unsubscribe: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] List-Help: mailto:[EMAIL PROTECTED] List-Post: mailto:[EMAIL PROTECTED] List-Id: Tomcat Developers List tomcat-dev.jakarta.apache.org Reply-To: Tomcat Developers List [EMAIL PROTECTED] Delivered-To: mailing list [EMAIL PROTECTED] Received: (qmail 19600 invoked from network); 16 Apr 2004 10:26:28 - Received: from unknown (HELO exchange.sun.com) (192.18.33.10) by daedalus.apache.org with SMTP; 16 Apr 2004 10:26:28 - Received: (qmail 9891 invoked by uid 50); 16 Apr 2004 10:27:27 - Date: 16 Apr 2004 10:27:27 - Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: Subject: DO NOT REPLY [Bug 28417] - Context descriptors in appBase do not get deployed X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28417. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28417 Context descriptors in appBase do not get deployed --- Additional Comments From [EMAIL PROTECTED] 2004-04-16 10:27 --- I'm curiuos as to why context descriptors now have to be in $CATALINA_HOME/conf/ [enginename]/[hostname] (on in META-INF) since TC4.1 supported them anywhere. Apparently we were the only ones to use this 'feature' (or was it a bug?) in 4.1. I guess I have no choice but it was nice to remove all app-specific directives/files from the tomcat tree without having to store it in the WAR if that is how you want to setup your web apps. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/util ExtensionValidator.java
remm2004/04/16 04:01:11
Modified:catalina/src/share/org/apache/catalina/util
ExtensionValidator.java
Log:
- Avoid NPE if there are no extensions.
Revision ChangesPath
1.12 +2 -6
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/util/ExtensionValidator.java
Index: ExtensionValidator.java
===
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/util/ExtensionValidator.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- ExtensionValidator.java 10 Apr 2004 23:39:40 - 1.11
+++ ExtensionValidator.java 16 Apr 2004 11:01:11 - 1.12
@@ -63,7 +63,7 @@
StringManager.getManager(org.apache.catalina.util);
private static HashMap containerAvailableExtensions = null;
-private static ArrayList containerManifestResources = null;
+private static ArrayList containerManifestResources = new ArrayList();
private static ResourceBundle messages = null;
@@ -209,16 +209,12 @@
* @param jarFile The system JAR whose manifest to add
*/
public static void addSystemResource(File jarFile) throws IOException {
-
Manifest manifest = getManifest(new FileInputStream(jarFile));
if (manifest != null) {
ManifestResource mre
= new ManifestResource(jarFile.getAbsolutePath(),
manifest,
ManifestResource.SYSTEM);
-if (containerManifestResources == null) {
-containerManifestResources = new ArrayList();
-}
containerManifestResources.add(mre);
}
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: single percent sign in a parameter causes an exception report detailing tomcat version
Hi, Thanks for providing some amusement on my Friday morning ;) This is not a known issue because it's not an issue. Knowing tomcat's version number won't help you because there are no version-specific tomcat security holes. Furthermore, all of tomcat's built-in error pages have the exact version, i.e. even mishaps like 404's give the same result as your test. So this is not special to the % parameter either. Yoav Shapira Millennium Research Informatics -Original Message- From: David Cassidy [mailto:[EMAIL PROTECTED] Sent: Friday, April 16, 2004 6:10 AM To: Tomcat Developers List Subject: single percent sign in a parameter causes an exception report detailing tomcat version Guys, We've had a pen test done on one of the apps we look after and they an issue which I'd like a little guidance on ... (Accept that these guys are specifically sending iffy requests to cause the system to break or detail what versions of the code is being used to provide ways of hacking in ..) If you have a page that does request.getParameter(paramName) and you specify page.jsp?paramName=% The result is an exception report that details what version of tomcat you are running (I've tried this with 4.1.29 and it does make a wonderful exception report!) Anyone seen this before ? Anyone got a fix ? Thanks David -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e- mail is strictly forbidden. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: single percent sign in a parameter causes an exception report detailing tomcat version
still makes a nasty mess on your screen :) They also discovered that if you pass 7,600 bytes as the value for a GET parameter that mod_jk1 tells you the server is down. When you see reports from 'pen testers' with this is you know they are clutching at straws its a boring friday ! David Shapira, Yoav [EMAIL PROTECTED]To: Tomcat Developers List [EMAIL PROTECTED] .comcc: Subject: RE: single percent sign in a parameter causes an exception report detailing tomcat version 16/04/2004 13:52 Please respond to Tomcat Developers List Hi, Thanks for providing some amusement on my Friday morning ;) This is not a known issue because it's not an issue. Knowing tomcat's version number won't help you because there are no version-specific tomcat security holes. Furthermore, all of tomcat's built-in error pages have the exact version, i.e. even mishaps like 404's give the same result as your test. So this is not special to the % parameter either. Yoav Shapira Millennium Research Informatics -Original Message- From: David Cassidy [mailto:[EMAIL PROTECTED] Sent: Friday, April 16, 2004 6:10 AM To: Tomcat Developers List Subject: single percent sign in a parameter causes an exception report detailing tomcat version Guys, We've had a pen test done on one of the apps we look after and they an issue which I'd like a little guidance on ... (Accept that these guys are specifically sending iffy requests to cause the system to break or detail what versions of the code is being used to provide ways of hacking in ..) If you have a page that does request.getParameter(paramName) and you specify page.jsp?paramName=% The result is an exception report that details what version of tomcat you are running (I've tried this with 4.1.29 and it does make a wonderful exception report!) Anyone seen this before ? Anyone got a fix ? Thanks David -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e- mail is strictly forbidden. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. - To
RE: single percent sign in a parameter causes an exception report detailing tomcat version
Hi, still makes a nasty mess on your screen :) That's subjective: I tend to like all the information I can get, but then again I'm a developer. The error pages at least are easily customizable (including in a global way for the tomcat server admin) to include or not include whatever you want. They also discovered that if you pass 7,600 bytes as the value for a GET parameter that mod_jk1 tells you the server is down. Now that's a good one! I don't use mod_jk but that's a cool find. If you haven't already, you should enter the full test details in Bugzilla so we can reproduce and fix it. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: single percent sign in a parameter causes an exception report detailing tomcat version
its very very easy to replicate. Seems there is a buffer in jk_ajp_common.c line 383 ? which gives a Error ajp_marshal_into_msgb - Error appending the query string in the jk.log file ! Just do testpage.jsp?param= and make the value 7600 'A's long ! I've tried customizing the error page for the single percent sign problem with a status code 500 but it doesn't seem to work :( any ideas ? Thanks David Shapira, Yoav [EMAIL PROTECTED]To: Tomcat Developers List [EMAIL PROTECTED] .comcc: Subject: RE: single percent sign in a parameter causes an exception report detailing tomcat version 16/04/2004 14:16 Please respond to Tomcat Developers List Hi, still makes a nasty mess on your screen :) That's subjective: I tend to like all the information I can get, but then again I'm a developer. The error pages at least are easily customizable (including in a global way for the tomcat server admin) to include or not include whatever you want. They also discovered that if you pass 7,600 bytes as the value for a GET parameter that mod_jk1 tells you the server is down. Now that's a good one! I don't use mod_jk but that's a cool find. If you haven't already, you should enter the full test details in Bugzilla so we can reproduce and fix it. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Changes for 5.0.23
Personally, I am done (and it was faster than what I expected, which is cool). Hopefully, I didn't break cookies. The new exception chaining (I call that nested exceptions, usually) is useful for debugging, obviously. Rémy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: single percent sign in a parameter causes an exception report detailing tomcat version
David Cassidy wrote: its very very easy to replicate. Seems there is a buffer in jk_ajp_common.c line 383 ? which gives a Error ajp_marshal_into_msgb - Error appending the query string in the jk.log file ! Just do testpage.jsp?param= and make the value 7600 'A's long ! I've tried customizing the error page for the single percent sign problem with a status code 500 but it doesn't seem to work :( any ideas ? Thanks David Shapira, Yoav [EMAIL PROTECTED]To: Tomcat Developers List [EMAIL PROTECTED] .comcc: Subject: RE: single percent sign in a parameter causes an exception report detailing tomcat version 16/04/2004 14:16 Please respond to Tomcat Developers List Hi, still makes a nasty mess on your screen :) That's subjective: I tend to like all the information I can get, but then again I'm a developer. The error pages at least are easily customizable (including in a global way for the tomcat server admin) to include or not include whatever you want. They also discovered that if you pass 7,600 bytes as the value for a GET parameter that mod_jk1 tells you the server is down. Strange Apache should tell something like Request-URI Too Large. (414). Now that's a good one! I don't use mod_jk but that's a cool find. If you haven't already, you should enter the full test details in Bugzilla so we can reproduce and fix it. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28441] New: - HTTP 500 editing Context
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28441. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28441 HTTP 500 editing Context Summary: HTTP 500 editing Context Product: Tomcat 5 Version: 5.0.18 Platform: PC OS/Version: Linux Status: NEW Severity: Normal Priority: Other Component: Webapps:Administration AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] I have a context called accounting with the following entry in server.xml: Context path=/accounting docbase=accounting Realm className=org.apache.catalina.realm.DataSourceRealm debug=99 dataSourceName=jdbc/accountingDB digest=md5 userTable=employee userNameCol=employee_id userCredCol=password userRoleTable=role roleNameCol=role/ Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=accounting.log suffix=.txt timestamp=true/ /Context The entire application works well. But if i try to use the Tomcat Administrator for editing the DataSources or Realms of this context i get an HTTP 500 error. The jdbc/accountingDB ressource is defined in GlobalNamingResources. Editing this works well. The errors are: For editing the contexts DataSources: javax.servlet.ServletException: Exception retrieving attribute 'driverClassName' org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:867) org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:800) admin.resources.listDataSources_jsp._jspService(listDataSources_jsp.java:429) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:133) javax.servlet.http.HttpServlet.service(HttpServlet.java:856) org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1069) org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:455) org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:279) org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) javax.servlet.http.HttpServlet.service(HttpServlet.java:743) javax.servlet.http.HttpServlet.service(HttpServlet.java:856) org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1069) org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:455) org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:279) org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) javax.servlet.http.HttpServlet.service(HttpServlet.java:743) javax.servlet.http.HttpServlet.service(HttpServlet.java:856) For editing the contexts realms: HTTP Status 500 - Error retrieving attribute className type Status report message Error retrieving attribute className description The server encountered an internal error (Error retrieving attribute className) that prevented it from fulfilling this request. Apache Tomcat/5.0.18 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Unavailable until the 28th...
Hi, FYI, I'll be unavailable until the 28th, so if I'm not voting on something or otherwise not participating in an important discussion, that's why ;) Yoav Shapira Millennium Research Informatics This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet JspServlet.java
luehe 2004/04/16 14:50:49
Modified:jasper2/src/share/org/apache/jasper/servlet JspServlet.java
Log:
Moved check for JSP resource existence into synchronized block (if
JspServletWrapper==null), to avoid having multiple threads check for it simultaneously
Revision ChangesPath
1.35 +14 -12
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JspServlet.java
Index: JspServlet.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JspServlet.java,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- JspServlet.java 17 Mar 2004 19:23:05 - 1.34
+++ JspServlet.java 16 Apr 2004 21:50:49 - 1.35
@@ -252,21 +252,23 @@
JspServletWrapper wrapper =
(JspServletWrapper) rctxt.getWrapper(jspUri);
if (wrapper == null) {
-// First check if the requested JSP page exists, to avoid
-// creating unnecessary directories and files.
-InputStream resourceStream = context.getResourceAsStream(jspUri);
-if (resourceStream == null) {
-response.sendError(HttpServletResponse.SC_NOT_FOUND, jspUri);
-return;
-} else {
-try {
-resourceStream.close();
-} catch(IOException e) { /* ignore */ }
-}
-boolean isErrorPage = exception != null;
synchronized(this) {
wrapper = (JspServletWrapper) rctxt.getWrapper(jspUri);
if (wrapper == null) {
+// Check if the requested JSP page exists, to avoid
+// creating unnecessary directories and files.
+InputStream resourceStream =
+context.getResourceAsStream(jspUri);
+if (resourceStream == null) {
+response.sendError(HttpServletResponse.SC_NOT_FOUND,
+ jspUri);
+return;
+} else {
+try {
+resourceStream.close();
+} catch(IOException e) { /* ignore */ }
+}
+boolean isErrorPage = exception != null;
wrapper = new JspServletWrapper(config, options, jspUri,
isErrorPage, rctxt);
rctxt.addWrapper(jspUri,wrapper);
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 28441] - HTTP 500 editing Context
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=28441. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=28441 HTTP 500 editing Context [EMAIL PROTECTED] changed: What|Removed |Added Severity|Normal |Enhancement Status|NEW |ASSIGNED --- Additional Comments From [EMAIL PROTECTED] 2004-04-16 22:48 --- DataSourceRealm is not supported in admin webapp currently. Only UserDatabaseRealm, JNDIRealm, JDBCRealm, and MemoryRealm are supported. I'll go ahead and add DataSourceRealm to admin, hence changing it to enhancement. Regarding context datasources, it works fine for me. Can you attach the full server.xml? Probably something wrong with your DataSource definition. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet JspServlet.java JspServletWrapper.java mbeans-descriptors.xml
luehe 2004/04/16 16:01:29
Modified:jasper2/src/share/org/apache/jasper/compiler
JspRuntimeContext.java
jasper2/src/share/org/apache/jasper/servlet JspServlet.java
JspServletWrapper.java mbeans-descriptors.xml
Log:
Added number of JSPs that have been *re*loaded to set of monitorable attributes
Revision ChangesPath
1.22 +26 -2
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspRuntimeContext.java
Index: JspRuntimeContext.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspRuntimeContext.java,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- JspRuntimeContext.java17 Mar 2004 19:23:03 - 1.21
+++ JspRuntimeContext.java16 Apr 2004 23:01:29 - 1.22
@@ -60,6 +60,11 @@
// Logger
private static Log log = LogFactory.getLog(JspRuntimeContext.class);
+/*
+ * Counts how many times the webapp's JSPs have been reloaded.
+ */
+private int jspReloadCount;
+
/**
* Preload classes required at runtime by a JSP servlet so that
* we don't get a defineClassInPackage security exception.
@@ -165,7 +170,7 @@
*/
private String threadName = JspRuntimeContext;
-// -- Protected Methods
+// -- Public Methods
/**
* Add a new JspServletWrapper.
@@ -251,6 +256,25 @@
((JspServletWrapper) servlets.next()).destroy();
}
}
+
+/**
+ * Increments the JSP reload counter.
+ */
+public void incrementJspReloadCount() {
+synchronized(this) {
+jspReloadCount++;
+}
+}
+
+/**
+ * Gets the current value of the JSP reload counter.
+ *
+ * @return The current value of the JSP reload counter
+ */
+public int getJspReloadCount() {
+return jspReloadCount;
+}
+
// Private Methods
1.36 +14 -1
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JspServlet.java
Index: JspServlet.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JspServlet.java,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- JspServlet.java 16 Apr 2004 21:50:49 - 1.35
+++ JspServlet.java 16 Apr 2004 23:01:29 - 1.36
@@ -89,13 +89,26 @@
* the number of JSPs that have been loaded into the webapp with which
* this JspServlet is associated.
*
- * This info may be used for monitoring purposes.
+ * pThis info may be used for monitoring purposes.
*
* @return The number of JSPs that have been loaded into the webapp with
* which this JspServlet is associated
*/
public int getJspCount() {
return this.rctxt.getJspCount();
+}
+
+
+/**
+ * Gets the number of JSPs that have been reloaded.
+ *
+ * pThis info may be used for monitoring purposes.
+ *
+ * @return The number of JSPs (in the webapp with which this JspServlet is
+ * associated) that have been reloaded
+ */
+public int getJspReloadCount() {
+return this.rctxt.getJspReloadCount();
}
1.34 +7 -1
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JspServletWrapper.java
Index: JspServletWrapper.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/JspServletWrapper.java,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- JspServletWrapper.java17 Mar 2004 19:23:05 - 1.33
+++ JspServletWrapper.java16 Apr 2004 23:01:29 - 1.34
@@ -140,7 +140,13 @@
}
theServlet.init(config);
-firstTime = false;
+
+if (!firstTime) {
+ctxt.getRuntimeContext().incrementJspReloadCount();
+} else {
+firstTime = false;
+}
+
reload = false;
}
}
1.2 +4 -0
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/servlet/mbeans-descriptors.xml
Index: mbeans-descriptors.xml
===
RCS
cvs commit: jakarta-tomcat-catalina/webapps/manager/WEB-INF/classes/org/apache/catalina/manager StatusTransformer.java
luehe 2004/04/16 16:08:55
Modified:webapps/manager/WEB-INF/classes/org/apache/catalina/manager
StatusTransformer.java
Log:
Added number of JSPs that have been *re*loaded to set of monitorable attributes
Revision ChangesPath
1.17 +3 -1
jakarta-tomcat-catalina/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/StatusTransformer.java
Index: StatusTransformer.java
===
RCS file:
/home/cvs/jakarta-tomcat-catalina/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/StatusTransformer.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- StatusTransformer.java20 Mar 2004 01:36:18 - 1.16
+++ StatusTransformer.java16 Apr 2004 23:08:55 - 1.17
@@ -683,6 +683,8 @@
writer.print(br);
writer.print( JSPs loaded: );
writer.print(mBeanServer.getAttribute(objectName, jspCount));
+writer.print( JSPs reloaded: );
+writer.print(mBeanServer.getAttribute(objectName, jspReloadCount));
} else if (mode == 1) {
// for now we don't write out anything
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspDocumentParser.java
kinman 2004/04/16 16:22:30
Modified:jasper2/src/share/org/apache/jasper/compiler
JspDocumentParser.java
Log:
- Fix a bug where a custom tag with tagdependent body type is not
handled correctly in XML syntax. The fix would have been trivial if not
for the cases where jsp:attribute and/or jsp:body is present.
Revision ChangesPath
1.79 +97 -10
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspDocumentParser.java
Index: JspDocumentParser.java
===
RCS file:
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspDocumentParser.java,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -r1.78 -r1.79
--- JspDocumentParser.java13 Apr 2004 22:55:50 - 1.78
+++ JspDocumentParser.java16 Apr 2004 23:22:30 - 1.79
@@ -102,13 +102,18 @@
private boolean directivesOnly;
private boolean isTop;
+// Nesting level of Tag dependent bodies
+private int tagDependentNesting = 0;
+// Flag set to delay incrmenting tagDependentNesting until jsp:body
+// is first encountered
+private boolean tagDependentPending = false;
+
/*
* Constructor
*/
public JspDocumentParser(
ParserController pc,
String path,
-JarFile jarFile,
boolean isTagFile,
boolean directivesOnly) {
this.parserController = pc;
@@ -139,7 +144,7 @@
throws JasperException {
JspDocumentParser jspDocParser =
-new JspDocumentParser(pc, path, jarFile, isTagFile, directivesOnly);
+new JspDocumentParser(pc, path, isTagFile, directivesOnly);
Node.Nodes pageNodes = null;
try {
@@ -324,7 +329,52 @@
Node node = null;
-if (JSP_URI.equals(uri)) {
+if (tagDependentPending JSP_URI.equals(uri)
+ localName.equals(BODY_ACTION)) {
+tagDependentNesting++;
+current =
+parseStandardAction(
+qName,
+localName,
+nonTaglibAttrs,
+nonTaglibXmlnsAttrs,
+taglibAttrs,
+startMark,
+current);
+tagDependentPending = false;
+return;
+}
+
+if (tagDependentPending JSP_URI.equals(uri)
+ localName.equals(ATTRIBUTE_ACTION)) {
+current =
+parseStandardAction(
+qName,
+localName,
+nonTaglibAttrs,
+nonTaglibXmlnsAttrs,
+taglibAttrs,
+startMark,
+current);
+return;
+}
+
+if (tagDependentPending) {
+tagDependentPending = false;
+tagDependentNesting++;
+}
+
+if (tagDependentNesting 0) {
+node =
+new Node.UninterpretedTag(
+qName,
+localName,
+nonTaglibAttrs,
+nonTaglibXmlnsAttrs,
+taglibAttrs,
+startMark,
+current);
+} else if (JSP_URI.equals(uri)) {
node =
parseStandardAction(
qName,
@@ -357,17 +407,15 @@
current);
} else {
// custom action
-Node.CustomTag custom = (Node.CustomTag) node;
- String bodyType;
- if (custom.getTagInfo() != null) {
- bodyType = custom.getTagInfo().getBodyContent();
- } else {
- bodyType = custom.getTagFileInfo().getTagInfo().getBodyContent();
- }
+ String bodyType = getBodyType((Node.CustomTag) node);
+
if (scriptlessBodyNode == null
bodyType.equalsIgnoreCase(TagInfo.BODY_CONTENT_SCRIPTLESS)) {
scriptlessBodyNode = node;
}
+else if
(TagInfo.BODY_CONTENT_TAG_DEPENDENT.equalsIgnoreCase(bodyType)) {
+tagDependentPending = true;
+}
}
}
@@ -425,6 +473,22 @@
}
}
}
+
+if (!isAllSpace tagDependentPending) {
+tagDependentPending = false;
+tagDependentNesting++;
+}
+
+if (tagDependentNesting 0) {
+if (charBuffer.length() 0) {
+new Node.TemplateText(charBuffer.toString(), startMark, current);
+
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm mbeans-descriptors.xml
amyroh 2004/04/16 19:50:26
Modified:catalina/src/share/org/apache/catalina/mbeans
MBeanFactory.java mbeans-descriptors.xml
catalina/src/share/org/apache/catalina/realm
mbeans-descriptors.xml
Log:
Add DataSourceRealm support in admin webapp.
Revision ChangesPath
1.24 +36 -1
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/mbeans/MBeanFactory.java
Index: MBeanFactory.java
===
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/mbeans/MBeanFactory.java,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- MBeanFactory.java 24 Mar 2004 20:00:22 - 1.23
+++ MBeanFactory.java 17 Apr 2004 02:50:26 - 1.24
@@ -45,6 +45,7 @@
import org.apache.catalina.logger.FileLogger;
import org.apache.catalina.logger.SystemErrLogger;
import org.apache.catalina.logger.SystemOutLogger;
+import org.apache.catalina.realm.DataSourceRealm;
import org.apache.catalina.realm.JDBCRealm;
import org.apache.catalina.realm.JNDIRealm;
import org.apache.catalina.realm.MemoryRealm;
@@ -340,6 +341,40 @@
}
+/**
+ * Create a new DataSource Realm.
+ *
+ * @param parent MBean Name of the associated parent component
+ *
+ * @exception Exception if an MBean cannot be created or registered
+ */
+public String createDataSourceRealm(String parent, String dataSourceName,
+String roleNameCol, String userCredCol, String userNameCol,
+String userRoleTable, String userTable) throws Exception {
+
+// Create a new DataSourceRealm instance
+DataSourceRealm realm = new DataSourceRealm();
+ realm.setDataSourceName(dataSourceName);
+ realm.setRoleNameCol(roleNameCol);
+ realm.setUserCredCol(userCredCol);
+ realm.setUserNameCol(userNameCol);
+realm.setUserRoleTable(userRoleTable);
+realm.setUserTable(userTable);
+
+// Add the new instance to its parent component
+ObjectName pname = new ObjectName(parent);
+ContainerBase containerBase = getParentContainerFromParent(pname);
+// Add the new instance to its parent component
+containerBase.setRealm(realm);
+// Return the corresponding MBean name
+ObjectName oname = realm.getObjectName();
+if (oname != null) {
+return (oname.toString());
+} else {
+return null;
+}
+
+}
/**
* Create a new DefaultContext.
1.25 +30 -0
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/mbeans/mbeans-descriptors.xml
Index: mbeans-descriptors.xml
===
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/mbeans/mbeans-descriptors.xml,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- mbeans-descriptors.xml19 Aug 2003 16:13:37 - 1.24
+++ mbeans-descriptors.xml17 Apr 2004 02:50:26 - 1.25
@@ -35,6 +35,36 @@
type=int/
/operation
+operation name=createDataSourceRealm
+ description=Create a new DataSource Realm
+ impact=ACTION
+ returnType=java.lang.String
+ parameter name=parent
+ description=MBean Name of the associated parent component
+ type=java.lang.String/
+ parameter name=dataSourceName
+ description=The JNDI named JDBC DataSource
+ type=java.lang.String/
+ parameter name=roleNameCol
+ description=The column in the user role table that names a role
+ type=java.lang.String/
+ parameter name=userCredCol
+ description=The column in the user table that holds the user's
+credentials
+ type=java.lang.String/
+ parameter name=userNameCol
+ description=The column in the user table that holds the user's
+username
+ type=java.lang.String/
+ parameter name=userRoleTable
+ description=The table that holds the relation between user's and
+roles
+ type=java.lang.String/
+ parameter name=userTable
+ description=The table that holds user data
+ type=java.lang.String/
+/operation
+
operation name=createDefaultContext
description=Create a new DefaultContext
impact=ACTION
1.4 +5 -0
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/mbeans-descriptors.xml
Index:
cvs commit: jakarta-tomcat-catalina/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/realm AddRealmAction.java EditRealmAction.java
amyroh 2004/04/16 19:50:41
Modified:webapps/admin/WEB-INF struts-config.xml
webapps/admin/WEB-INF/classes/org/apache/webapp/admin
ApplicationResources.properties
webapps/admin/WEB-INF/classes/org/apache/webapp/admin/realm
AddRealmAction.java EditRealmAction.java
Log:
Add DataSourceRealm support in admin webapp.
Revision ChangesPath
1.6 +14 -0 jakarta-tomcat-catalina/webapps/admin/WEB-INF/struts-config.xml
Index: struts-config.xml
===
RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/admin/WEB-INF/struts-config.xml,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- struts-config.xml 31 Jul 2003 15:39:13 - 1.5
+++ struts-config.xml 17 Apr 2004 02:50:41 - 1.6
@@ -56,6 +56,9 @@
!-- = Realm Module = --
+form-bean name=dataSourceRealmForm
+type=org.apache.webapp.admin.realm.DataSourceRealmForm/
+
form-bean name=jdbcRealmForm
type=org.apache.webapp.admin.realm.JDBCRealmForm/
@@ -288,6 +291,10 @@
!-- Realm Module == --
+forwardname=DataSourceRealm
+path=/realm/dataSourceRealm.jsp
+redirect=false/
+
forwardname=JDBCRealm
path=/realm/jdbcRealm.jsp
redirect=false/
@@ -663,6 +670,13 @@
type=org.apache.webapp.admin.realm.SaveUserDatabaseRealmAction
name=userDatabaseRealmForm
input=/realm/userDatabaseRealm.jsp
+ scope=session/
+
+ !-- Perform Save DataSource Realm transaction --
+actionpath=/SaveDataSourceRealm
+ type=org.apache.webapp.admin.realm.SaveDataSourceRealmAction
+ name=dataSourceRealmForm
+ input=/realm/dataSourceRealm.jsp
scope=session/
!-- Perform Save JDBC Realm transaction --
1.3 +7 -0
jakarta-tomcat-catalina/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/ApplicationResources.properties
Index: ApplicationResources.properties
===
RCS file:
/home/cvs/jakarta-tomcat-catalina/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/ApplicationResources.properties,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- ApplicationResources.properties 9 Apr 2004 17:35:33 - 1.2
+++ ApplicationResources.properties 17 Apr 2004 02:50:41 - 1.3
@@ -226,6 +226,7 @@
error.jdbcrealm=Error occured during setting JDBCRealm.
error.jndirealm=Error occured during setting JNDIRealm.
error.userdbrealm=Error occured during setting UserdatabaseRealm.
+error.datasourcerealm=Error occured during setting DataSourceRealm.
error.realmName.bad=Invalid realm name {0}
error.realmName.required=liRealm Name required./li
error.realmName.exists=liA realm already exists./li
@@ -266,6 +267,9 @@
realm.userPassword=User Password
realm.userPattern=User Pattern
realm.userSearch=User Search
+realm.dataSourceName=DataSource Name
+realm.localDataSource=Local DataSource
+realm.userCredCol=User Credential Column
valve.access.properties=Access Logger Properties
valve.request.properties=Request Filter Properties
valve.single.properties=Single SignOn Valve Properties
@@ -310,6 +314,9 @@
error.connPassword.required=liConnection password is required./li
error.connURL.required=liConnection URL is required./li
error.connName.required=liConnection name is required./li
+error.dataSourceName.required=liDataSource name is required./li
+error.userCredCol.required=liUser credential is required./li
+error.userRoleTable.required=liUser role table is required./li
# -- Server Module --
server.service.treeBuilder.subtreeNode=Service
1.7 +29 -5
jakarta-tomcat-catalina/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/realm/AddRealmAction.java
Index: AddRealmAction.java
===
RCS file:
/home/cvs/jakarta-tomcat-catalina/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/realm/AddRealmAction.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- AddRealmAction.java 27 Feb 2004 14:59:03 - 1.6
+++ AddRealmAction.java 17 Apr 2004 02:50:41 - 1.7
@@ -82,17 +82,18 @@
// Fill in the form values for display and editing
-String realmTypes[] = new String[4];
+String realmTypes[] = new String[5];
realmTypes[0] = UserDatabaseRealm;
realmTypes[1] = JNDIRealm;
cvs commit: jakarta-tomcat-catalina/webapps/admin/realm dataSourceRealm.jsp
amyroh 2004/04/16 19:53:17
Added: webapps/admin/WEB-INF/classes/org/apache/webapp/admin/realm
DataSourceRealmForm.java
SaveDataSourceRealmAction.java
webapps/admin/realm dataSourceRealm.jsp
Log:
Add DataSourceRealm support in admin webapp.
Revision ChangesPath
1.1
jakarta-tomcat-catalina/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/realm/DataSourceRealmForm.java
Index: DataSourceRealmForm.java
===
/*
* Copyright 2001,2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the License);
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an AS IS BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.webapp.admin.realm;
import javax.servlet.http.HttpServletRequest;
import org.apache.struts.action.ActionError;
import org.apache.struts.action.ActionErrors;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionMapping;
import java.net.InetAddress;
import java.util.List;
import org.apache.webapp.admin.ApplicationServlet;
import org.apache.webapp.admin.LabelValueBean;
/**
* Form bean for the datasource realm page.
*
* @author Amy Roh
* @version $Revision: 1.1 $ $Date: 2004/04/17 02:53:17 $
*/
public final class DataSourceRealmForm extends RealmForm {
// - Instance Variables
/**
* The text for the JNDI named JDBC DataSource for your database.
*/
private String dataSourceName = null;
/**
* The text for the digest.
*/
private String digest = null;
/**
* The text for if the DataSource is local to the webapp.
*/
private String localDataSource = false;
/**
* The text for the roleNameCol.
*/
private String roleNameCol = null;
/**
* The text for the userCredCol.
*/
private String userCredCol = null;
/**
* The text for the userNameCol.
*/
private String userNameCol = null;
/**
* The text for the userRoleTable.
*/
private String userRoleTable = null;
/**
* The text for the user table.
*/
private String userTable = null;
// - Properties
/**
* Return the dataSourceName.
*/
public String getDataSourceName() {
return this.dataSourceName;
}
/**
* Set the dataSourceName.
*/
public void setDataSourceName(String dataSourceName) {
this.dataSourceName = dataSourceName;
}
/**
* Return the digest.
*/
public String getDigest() {
return this.digest;
}
/**
* Set the digest.
*/
public void setDigest(String digest) {
this.digest = digest;
}
/**
* Return the localDataSource.
*/
public String getLocalDataSource() {
return this.localDataSource;
}
/**
* Set the localDataSource.
*/
public void setLocalDataSource(String localDataSource) {
this.localDataSource = localDataSource;
}
/**
* Return the roleNameCol.
*/
public String getRoleNameCol() {
return this.roleNameCol;
}
/**
* Set the roleNameCol.
*/
public void setRoleNameCol(String roleNameCol) {
this.roleNameCol = roleNameCol;
}
/**
* Return the userCredCol.
*/
public String getUserCredCol() {
return this.userCredCol;
}
/**
* Set the userCredCol.
*/
public void setUserCredCol(String userCredCol) {
this.userCredCol = userCredCol;
}
/**
* Return the userNameCol.
*/
public String getUserNameCol() {
return this.userNameCol;
}
/**
* Set the userNameCol.
*/
[GUMP@lsd]: jakarta-tomcat-5/jakarta-tomcat-5 failed
To whom it may engage... This is an automated request, but not an unsolicited one. For help understanding the request please visit http://gump.apache.org/nagged.html, and/or contact [EMAIL PROTECTED] Project jakarta-tomcat-5 has an issue affecting its community integration, and has been outstanding for 7 runs. The current state is 'Failed', for reason 'Build Failed' Full details are available at: http://lsd.student.utwente.nl/gump/jakarta-tomcat-5/jakarta-tomcat-5/index.html, however some snippets follow: - - - - - -- -- G U M P Gump provided these annotations: - Info - Jar [servlets-default.jar] identifier set to jar basename: [servlets-default] - Info - Jar [naming-common.jar] identifier set to jar basename: [naming-common] - Info - Jar [naming-resources.jar] identifier set to jar basename: [naming-resources] - Info - Jar [catalina.jar] identifier set to jar basename: [catalina] - Info - Jar [bootstrap.jar] identifier set to jar basename: [bootstrap] - Info - Jar [servlets-common.jar] identifier set to jar basename: [servlets-common] - Info - Jar [servlets-invoker.jar] identifier set to jar basename: [servlets-invoker] - Info - Dependency on javamail exists, no need to add for property mail.jar. - Info - Dependency on jaf exists, no need to add for property activation.jar. - Info - Dependency on jakarta-servletapi-5-servlet exists, no need to add for property servlet-api.jar. - Info - Dependency on jakarta-servletapi-5-jsp exists, no need to add for property jsp-api.jar. - Info - Dependency on xml-xerces exists, no need to add for property xercesImpl.jar. - Info - Dependency on xml-xerces exists, no need to add for property xmlParserAPIs.jar. - Info - Dependency on jakarta-tomcat-util exists, no need to add for property tomcat-util.jar. - Info - Dependency on commons-el exists, no need to add for property commons-el.jar. - Info - Dependency on commons-logging exists, no need to add for property commons-logging-api.jar. - Info - Dependency on commons-modeler exists, no need to add for property commons-modeler.jar. - Info - Dependency on ant exists, no need to add for property ant.home. - Info - Dependency on jsse exists, no need to add for property jsse.home. - Info - Dependency on jmx exists, no need to add for property jmx.home. - Info - Dependency on jmx exists, no need to add for property jmx.jar. - Info - Dependency on jmx exists, no need to add for property jmx-tools.jar. - Info - Dependency on jndi exists, no need to add for property jndi.home. - Info - Dependency on jakarta-regexp exists, no need to add for property regexp.home. - Info - Dependency on jakarta-regexp exists, no need to add for property regexp.jar. - Info - Dependency on javamail exists, no need to add for property mail.home. - Info - Dependency on jakarta-tomcat-coyote exists, no need to add for property tomcat-coyote.home. - Info - Dependency on jakarta-tomcat-jasper_tc5 exists, no need to add for property jasper.home. - Info - Dependency on jaf exists, no need to add for property activation.home. - Info - Dependency on commons-modeler exists, no need to add for property commons-modeler.home. - Info - Dependency on commons-daemon exists, no need to add for property commons-daemon.jsvc.tar.gz. - Info - Dependency on jakarta-struts exists, no need to add for property struts.home. - Info - Enable debug output, due to a sequence of 6 previous errors. - Info - Failed with reason build failed - - - - - -- -- G U M P Gump performed this work: http://lsd.student.utwente.nl/gump/jakarta-tomcat-5/jakarta-tomcat-5/gump_work/build_jakarta-tomcat-5_jakarta-tomcat-5.html Work Name: build_jakarta-tomcat-5_jakarta-tomcat-5 (Type: Build) State: Failed Elapsed: 0 hours, 1 minutes, 7 seconds Command Line: java -Djava.awt.headless=true -Xbootclasspath/p:/data3/gump/xml-xerces2/java/build/xercesImpl.jar:/data3/gump/xml-xerces2/java/build/xml-apis.jar:/data3/gump/xml-xalan/java/build/xalan-unbundled.jar:/data3/gump/xml-commons/java/external/build/xml-apis.jar org.apache.tools.ant.Main -debug -Dgump.merge=/data3/gump/gump-install/work/merge.xml -Dbuild.sysclasspath=only -Dtomcat33.home=*Unset* -Djsp-api.jar=/data3/gump/jakarta-servletapi-5/jsr152/dist/lib/jsp-api.jar -Dtomcat-coyote.home=/data3/gump/jakarta-tomcat-connectors/coyote -Djndi.jar=/data3/gump/opt/jndi1_2_1/lib/jndi.jar -Dsite2.home=/data3/gump/jakarta-site2 -DxmlParserAPIs.jar=/data3/gump/xml-xerces2/java/build/xercesImpl.jar -Dactivation.home=/data3/gump/opt/jaf-1.0.1 -Djmx.home=/data3/gump/opt/jmx-1_2-ri -Djdbc20ext.jar=/data3/gump/opt/jdbc2_0/jdbc2_0-stdext.jar -Djmx-tools.jar=/data3/gump/opt/jmx-1_2-ri/lib/jmxtools.jar -Dregexp.jar=/data3/gump/jakarta-regexp/build/jakarta-regexp-20040417.jar -Dmail.home=/data3/gump/opt/javamail-1.3 -Dant.home=/data3/gump/ant/dist -Dcommons-modeler.home=/data3/gump/jakarta-commons/modeler
