RE: [JK2] new uriMap using hostname:port
-Original Message- From: Dmitry Letin [mailto:[EMAIL PROTECTED]] :-) [uri:*] alias=localhost debug=10 [uri:www.i-com.com:80] debug=10 If the 80 is default server port then you have to ommit it Simply use the [uri:www.i-com.com] The port directive is used for non default ports only. MT. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: cvs commit: jakarta-tomcat-connectors/jk/native2/common jk_uriEnv.c
OK will make the uri parser on my own. Not such a big deal. -Original Message- From: news [mailto:[EMAIL PROTECTED]] On Behalf Of Costin Manolache As I mentioned, I prefer doing this _after_ jk2.0 ( i.e. the first milestone), possibly in a branch. MT -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12945] New: - JSP Compilation errors: jars in WEB-INF/lib and classes in WEB-INF/classes not in classpath
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12945. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12945 JSP Compilation errors: jars in WEB-INF/lib and classes in WEB-INF/classes not in classpath Summary: JSP Compilation errors: jars in WEB-INF/lib and classes in WEB-INF/classes not in classpath Product: Tomcat 4 Version: 4.1.12 Platform: PC OS/Version: Windows NT/2K Status: NEW Severity: Critical Priority: Other Component: Jasper 2 AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Hi. Yesterday I downloaded the tar.gz'ipped version for Tomcat 4.1.12 and discovered that the problem showed in bug # 12387 was still present. The problem is that Jasper compiler still creates an internal classpath with a / heading that variable which leads to a compilation error for those JSP pages that were not yet compiled before. I implemented a servlet that showed all context properties at runtime and this is what I got: AttributeNames: + Attribute[0]: org.apache.catalina.WELCOME_FILES : [Ljava.lang.String;@dada24 + Attribute[1]: javax.servlet.context.tempdir : C:\Tomcat-4.1.12 \work\Standalone\localhost\WGFAQ + Attribute[2]: org.apache.catalina.resources : org.apache.naming.resources.ProxyDirContext@2798e7 + Attribute[3]: org.apache.catalina.jsp_classpath : /C:/Tomcat- 4.1.12/webapps/WGFAQ/WEB-INF/classes/;C:/Tomcat- 4.1.12/common/endorsed/xercesImpl.jar;C:/Tomcat- 4.1.12/common/endorsed/xmlParserAPIs.jar;C:/Tomcat- 4.1.12/common/lib/activation.jar;C:/Tomcat-4.1.12/common/lib/ant.jar;C:/Tomcat- 4.1.12/common/lib/commons-collections.jar;C:/Tomcat-4.1.12/common/lib/commons- dbcp.jar;C:/Tomcat-4.1.12/common/lib/commons-logging-api.jar;C:/Tomcat- 4.1.12/common/lib/commons-pool.jar;C:/Tomcat- 4.1.12/common/lib/cos.jar;C:/Tomcat-4.1.12/common/lib/iText.jar;C:/Tomcat- 4.1.12/common/lib/jacob.jar;C:/Tomcat-4.1.12/common/lib/jasper- compiler.jar;C:/Tomcat-4.1.12/common/lib/jasper-runtime.jar;C:/Tomcat- 4.1.12/common/lib/jdbc2_0-stdext.jar;C:/Tomcat- 4.1.12/common/lib/jndi.jar;C:/Tomcat-4.1.12/common/lib/jt400.jar;C:/Tomcat- 4.1.12/common/lib/jta.jar;C:/Tomcat-4.1.12/common/lib/mail.jar;C:/Tomcat- 4.1.12/common/lib/mysql.jar;C:/Tomcat-4.1.12/common/lib/naming- common.jar;C:/Tomcat-4.1.12/common/lib/naming-factory.jar;C:/Tomcat- 4.1.12/common/lib/naming-resources.jar;C:/Tomcat-4.1.12/common/lib/servlet.jar As you can see, attribute #4: org.apache.catalina.jsp_classpath starts with /C: that can leads to a bug at runtime. The jasper-compiler.jar file, attached in the bug mentioned before, solved the problem for Tomcat 4.1.10, but the problem is still in this new release. That was all. Thanks a lot for your great job. --- Arturo García Martín -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12945] - JSP Compilation errors: jars in WEB-INF/lib and classes in WEB-INF/classes not in classpath
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12945. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12945 JSP Compilation errors: jars in WEB-INF/lib and classes in WEB-INF/classes not in classpath [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||WORKSFORME Summary|JSP Compilation errors: jars|JSP Compilation errors: jars |in WEB-INF/lib and classes |in WEB-INF/lib and classes |in WEB-INF/classes not in |in WEB-INF/classes not in |classpath |classpath --- Additional Comments From [EMAIL PROTECTED] 2002-09-24 07:23 --- Well, sorry, but the JAR attached to the bug report is included in the new release. I also have tested the release, and it works fine for me. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12945] - JSP Compilation errors: jars in WEB-INF/lib and classes in WEB-INF/classes not in classpath
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12945. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12945 JSP Compilation errors: jars in WEB-INF/lib and classes in WEB-INF/classes not in classpath --- Additional Comments From [EMAIL PROTECTED] 2002-09-24 07:35 --- FYI, the jasper-compiler.jar does not generate the org.apache.catalina.jsp_classpath variable, but actually parses it. So the / prefix (which is a valid Java file path, although it happened to be confusing Ant in 4.1.10, which was causing bug 12387) is still already there no matter what. I have Tomcat running as a service from my M: HD, and the admin webapp is running fine (that uses /WEB-INF/lib) as well as the JSP examples (that uses /WEB-INF/classes). If you had it working fine with 4.1.10 + the fixed JAR, then it has to be an installation error of some sort. Note: 4.1.12 is not out yet; at this point they are still candidate binaries. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Re: Using a tomcat 4.0 connector with tomcat 4.1
Sounds helpful, thanks Amy, but introduces some issues. In the last few weeks we developed three connectors and it will be more in future. 1. My main question is, why isn't mbeans-descriptors.xml part of the configuration directory? 2. For me it looks like i have to rebuild tomcat to get my connector known. Do i miss something? Haug You can either add a mbean description for your connector similar to other Connectors in o.a.c.mbeans.mbeans-descriptors.xml or disable the two JMX supporting Listeners (ServerLifecycleListener and GlobalResourcesLifecycleListener)in server.xml if you don't want the JMX support. I'd recommend adding something like this in mbeans-descriptors.xml so tomcat starts smoothly without complaining mbean not found for your connector. mbean name=MyXyConnector className=org.apache.catalina.mbeans.ConnectorMBean description=MyXyConnector domain=Catalina group=Connector type=org.apache.coyote.tomcat4.MyXyConnector /mbean Amy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Using a tomcat 4.0 connector with tomcat 4.1
[EMAIL PROTECTED] wrote: Sounds helpful, thanks Amy, but introduces some issues. In the last few weeks we developed three connectors and it will be more in future. 1. My main question is, why isn't mbeans-descriptors.xml part of the configuration directory? 2. For me it looks like i have to rebuild tomcat to get my connector known. Do i miss something? Yes, you can specify using an external descriptors file (although this is undocumented). Add a descriptors attribute to the ServerLifecycleListener element. The value should be the path (for the classloader, so put your file somewhere in server/classes) to your resource. You can specify multiple ones by using a ';' path separator. The file themselves should have the same DTD as mbeans-descriptors.xml. Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/native2/common jk_uriEnv.c
mturk 2002/09/24 00:52:09 Modified:jk/native2/common jk_uriEnv.c Log: Enable compiling withouth APR. Revision ChangesPath 1.29 +31 -26jakarta-tomcat-connectors/jk/native2/common/jk_uriEnv.c Index: jk_uriEnv.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/common/jk_uriEnv.c,v retrieving revision 1.28 retrieving revision 1.29 diff -u -r1.28 -r1.29 --- jk_uriEnv.c 23 Sep 2002 22:15:04 - 1.28 +++ jk_uriEnv.c 24 Sep 2002 07:52:09 - 1.29 @@ -69,9 +69,8 @@ #include jk_uriMap.h #include jk_registry.h -#ifdef HAS_APR +#if HAS_APR #include apr_uri.h - /** Parse the name: VHOST/PATH @@ -119,45 +118,51 @@ } return JK_ERR; } - #else -/* Old version, deprecated - used only if APR is not available - */ static int jk2_uriEnv_parseName( jk_env_t *env, jk_uriEnv_t *uriEnv, char *name) { -char *n=name; -char *slash=strchr( name, '/' ); - -/* fprintf( stderr, XXX parseURI %s\n, name ); */ - -if( slash==NULL ) { +char *uri = NULL; +char *colon; +char host[1024]; +char path[1024]; + +strcpy(host, name); +colon = strchr(host, ':'); +if (colon != NULL) { +++colon; +uri = strchr(colon, '/'); +} +else +uri = strchr(host, '/'); +if (!uri) { /* That's a virtual host definition ( no actual mapping, just global * settings like aliases, etc */ -uriEnv-match_type= MATCH_TYPE_HOST; -if( name[0]=='\0' ) { -uriEnv-virtual=NULL; /* for the default host */ -} else { -uriEnv-virtual=name; -} + +uriEnv-match_type = MATCH_TYPE_HOST; +if (colon) +uriEnv-port = atoi(colon); +uriEnv-virtual = uriEnv-pool-pstrdup(env, uriEnv-pool, host); return JK_OK; } - +strcpy(path, uri); +if (colon) { +*uri = '\0'; +uriEnv-port = atoi(colon); +} /* If it doesn't start with /, it must have a vhost */ -if( *name != '/' ) { -uriEnv-virtual=uriEnv-pool-calloc( env, uriEnv-pool, slash - name + 2 ); -strncpy( uriEnv-virtual, name, slash-name ); +if (strlen(host)) { +uriEnv-virtual = uriEnv-pool-calloc( env, uriEnv-pool, strlen(host) + 1 ); +strncpy(uriEnv-virtual, name, strlen(host)); } +else +uriEnv-virtual = *; -n=slash; - -uriEnv-uri=uriEnv-pool-pstrdup(env, uriEnv-pool, n); - return JK_OK; } +#endif /* HAS_APR */ -#endif static void * JK_METHOD jk2_uriEnv_getAttribute(jk_env_t *env, jk_bean_t *bean, char *name ) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/native2/common jk_uriEnv.c
mturk 2002/09/24 00:58:22 Modified:jk/native2/common jk_uriEnv.c Log: Should be #ifdef HAS_APR not #if HAS_APR Revision ChangesPath 1.30 +1 -1 jakarta-tomcat-connectors/jk/native2/common/jk_uriEnv.c Index: jk_uriEnv.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/common/jk_uriEnv.c,v retrieving revision 1.29 retrieving revision 1.30 diff -u -r1.29 -r1.30 --- jk_uriEnv.c 24 Sep 2002 07:52:09 - 1.29 +++ jk_uriEnv.c 24 Sep 2002 07:58:22 - 1.30 @@ -69,7 +69,7 @@ #include jk_uriMap.h #include jk_registry.h -#if HAS_APR +#ifdef HAS_APR #include apr_uri.h /** Parse the name: VHOST/PATH -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/webapps/ROOT index.html
remm2002/09/24 01:32:43 Modified:catalina/src/share/org/apache/catalina Tag: tomcat_40_branch Globals.java catalina/src/share/org/apache/catalina/servlets Tag: tomcat_40_branch InvokerServlet.java webapps/ROOT Tag: tomcat_40_branch index.html Added: .Tag: tomcat_40_branch RELEASE-NOTES-4.0.5.txt Log: - Version update. Revision ChangesPath No revision No revision 1.1.2.1 +286 -0jakarta-tomcat-4.0/Attic/RELEASE-NOTES-4.0.5.txt No revision No revision 1.39.2.24 +5 -5 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/Globals.java Index: Globals.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/Globals.java,v retrieving revision 1.39.2.23 retrieving revision 1.39.2.24 diff -u -r1.39.2.23 -r1.39.2.24 --- Globals.java 11 Jun 2002 05:00:40 - 1.39.2.23 +++ Globals.java 24 Sep 2002 08:32:42 - 1.39.2.24 @@ -219,7 +219,7 @@ /** * The descriptive information about this server and version. */ -public static final String SERVER_INFO = Apache Tomcat/4.0.5-dev; +public static final String SERVER_INFO = Apache Tomcat/4.0.5; /** No revision No revision 1.13.2.3 +11 -4 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/InvokerServlet.java Index: InvokerServlet.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets/InvokerServlet.java,v retrieving revision 1.13.2.2 retrieving revision 1.13.2.3 diff -u -r1.13.2.2 -r1.13.2.3 --- InvokerServlet.java 16 Feb 2002 01:09:51 - 1.13.2.2 +++ InvokerServlet.java 24 Sep 2002 08:32:43 - 1.13.2.3 @@ -319,6 +319,13 @@ } else { pathInfo = ; } + +if (servletClass.startsWith(org.apache.catalina)) { +response.sendError(HttpServletResponse.SC_NOT_FOUND, + inRequestURI); +return; +} + if (debug = 1) log(Processing servlet ' + servletClass + ' with path info ' + pathInfo + '); No revision No revision 1.29.2.23 +2 -2 jakarta-tomcat-4.0/webapps/ROOT/Attic/index.html Index: index.html === RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/ROOT/Attic/index.html,v retrieving revision 1.29.2.22 retrieving revision 1.29.2.23 diff -u -r1.29.2.22 -r1.29.2.23 --- index.html11 Jun 2002 05:01:06 - 1.29.2.22 +++ index.html24 Sep 2002 08:32:43 - 1.29.2.23 @@ -44,7 +44,7 @@ td align=left valign=top table trtd align=left valign=topbTomcat/b/td/tr -trtd align=left valign=topbVersion 4.0.5 Dev/b/td/tr +trtd align=left valign=topbVersion 4.0.5/b/td/tr /table /td td align=righta href=http://jakarta.apache.org/;img src=jakarta-banner.gif height=100 width=350 border=0 alt=The Jakarta Project/a/td @@ -138,7 +138,7 @@ p align=rightfont size=-1img src=tomcat-power.gif width=77 height=80/fontbr nbsp; -font size=-1Copyright copy; 1999-2001 Apache Software Foundation/fontbr +font size=-1Copyright copy; 1999-2002 Apache Software Foundation/fontbr font size=-1All Rights Reserved/font br nbsp;/p p align=rightnbsp;/p -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: problems compiling tomcat-connectors w/ make
Again, the first error message I get is: configure: error: can't locate /usr/src/apache/apache_1.3.26/ Incidentally, I tried the native (not native2) and it works fine. I'm sure JF will fix it quickly. I'm using DSO (--with-apxs) and never tried static build ;[ -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina Globals.java
remm2002/09/24 01:34:40 Modified:catalina/src/share/org/apache/catalina Tag: tomcat_40_branch Globals.java Log: - Revert version number. Revision ChangesPath No revision No revision 1.39.2.25 +5 -5 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/Globals.java Index: Globals.java === RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/Globals.java,v retrieving revision 1.39.2.24 retrieving revision 1.39.2.25 diff -u -r1.39.2.24 -r1.39.2.25 --- Globals.java 24 Sep 2002 08:32:42 - 1.39.2.24 +++ Globals.java 24 Sep 2002 08:34:40 - 1.39.2.25 @@ -219,7 +219,7 @@ /** * The descriptive information about this server and version. */ -public static final String SERVER_INFO = Apache Tomcat/4.0.5; +public static final String SERVER_INFO = Apache Tomcat/4.0.6-dev; /** -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/webapps/ROOT index.html
remm2002/09/24 01:35:10 Modified:webapps/ROOT Tag: tomcat_40_branch index.html Log: - Revert version number. Revision ChangesPath No revision No revision 1.29.2.24 +1 -1 jakarta-tomcat-4.0/webapps/ROOT/Attic/index.html Index: index.html === RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/ROOT/Attic/index.html,v retrieving revision 1.29.2.23 retrieving revision 1.29.2.24 diff -u -r1.29.2.23 -r1.29.2.24 --- index.html24 Sep 2002 08:32:43 - 1.29.2.23 +++ index.html24 Sep 2002 08:35:09 - 1.29.2.24 @@ -44,7 +44,7 @@ td align=left valign=top table trtd align=left valign=topbTomcat/b/td/tr -trtd align=left valign=topbVersion 4.0.5/b/td/tr +trtd align=left valign=topbVersion 4.0.6 Dev/b/td/tr /table /td td align=righta href=http://jakarta.apache.org/;img src=jakarta-banner.gif height=100 width=350 border=0 alt=The Jakarta Project/a/td -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0 RELEASE-NOTES-4.1.txt
remm2002/09/24 01:35:49 Modified:.RELEASE-NOTES-4.1.txt Log: - Update release notes. Revision ChangesPath 1.22 +29 -4 jakarta-tomcat-4.0/RELEASE-NOTES-4.1.txt Index: RELEASE-NOTES-4.1.txt === RCS file: /home/cvs/jakarta-tomcat-4.0/RELEASE-NOTES-4.1.txt,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- RELEASE-NOTES-4.1.txt 23 Sep 2002 00:32:46 - 1.21 +++ RELEASE-NOTES-4.1.txt 24 Sep 2002 08:35:48 - 1.22 @@ -177,7 +177,9 @@ [4.1.11] Administration Webapp: Fix adding a context with the administration webapp. -[4.1.12] Fix SSL-cert authentication when using the Coyote Connector. +[4.1.12] Administration Webapp: + Complete support for DefaultContext. + -- Catalina Bug Fixes: @@ -440,6 +442,17 @@ caseSensitive flag rather than on the path separator. Most Unix OSes can set that to false. +[4.1.12] SSLAuthenticator: + Add back client authentication support. + +[4.1.12] SECURITY: + Disable InvokerServlet in the default webapp configuration, + and restrict the servlets it can invoke. + +[4.1.12] #12286 + JDBCStore: + Fix NPE on shutdown. + Jasper Bug Fixes: @@ -610,6 +623,9 @@ [4.1.11] JspServletWrapper: Fix Jasper when development option is set to false. +[4.1.12] JspRuntimeContext: + Add permission to allow reading the work directory. + KNOWN ISSUES IN THIS RELEASE: @@ -626,6 +642,7 @@ * Using Jasper 1 with Tomcat 4.1 * Administrartion web application * Symlinking static resources +* Enabling invoker servlet - @@ -813,7 +830,15 @@ Unix symlinks will not work when used in a web application to link resources located outside the web application root directory. -This behavior will be made optional in an upcoming version of Tomcat 4.1, but -will be the default one. +This behavior is optional, and the allowLinking flag may be used to disable +the check. + +Enabling invoker servlet: + + +Starting with Tomcat 4.1.12, the invoker servlet is no longer available by +default in all webapp. Enabling it for all webapps is possible by editing +$CATALINA_HOME/conf/web.xml to uncomment the /servlet/* servlet-mapping +definition. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [POLL] Tomcat 3.3.2 updates
Larry Isaacs wrote: Hi Henri, I would prefer to minimize the impact of upgrading from 3.3.1 to 3.3.2. I agree with Costin that using 4 with documentation on the steps to enable the MxInterceptor would be a resonable way to implement this. So I'll have to take a look at MxInterceptor to see if nothing is broken ... BTW, I could spend sometimes to play ClassLoader, making MxInterceptor loading mx4j/mx4-tools from container ClassLoader but I need some advices. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/native2/common jk_channel_socket.c
mturk 2002/09/24 02:05:50 Modified:jk/native2/common jk_channel_socket.c Log: Resolve (I hope) the WIN32 reported bug 12346. Caused by the connection refusing on TC side during high load. If the TC refuses connection keep trying instead of returng error. Revision ChangesPath 1.39 +4 -3 jakarta-tomcat-connectors/jk/native2/common/jk_channel_socket.c Index: jk_channel_socket.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/common/jk_channel_socket.c,v retrieving revision 1.38 retrieving revision 1.39 diff -u -r1.38 -r1.39 --- jk_channel_socket.c 8 Jul 2002 13:41:30 - 1.38 +++ jk_channel_socket.c 24 Sep 2002 09:05:50 - 1.39 @@ -312,11 +312,12 @@ #ifdef WIN32 if(SOCKET_ERROR == ret) { -errno = WSAGetLastError() - WSABASEERR; +errno = WSAGetLastError(); } -#endif /* WIN32 */ - +} while (ret == -1 errno == WSAECONNREFUSED); +#else } while (-1 == ret EINTR == errno); +#endif /* WIN32 */ /* Check if we connected */ if(ret != 0 ) { -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12947] New: - #include sys/filio.h in jk/native2/common/jk_channel_socket.c
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12947. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12947 #include sys/filio.h in jk/native2/common/jk_channel_socket.c Summary: #include sys/filio.h in jk/native2/common/jk_channel_socket.c Product: Tomcat 4 Version: 4.1.10 Platform: Sun OS/Version: Solaris Status: UNCONFIRMED Severity: Normal Priority: Other Component: Connector:Coyote JK 2 AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] ioctl constant FIONBIO will not be found unless your include filio.h in jk/native2/common/jk_channel_socket.c like #include sys/filio.h -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12945] - JSP Compilation errors: jars in WEB-INF/lib and classes in WEB-INF/classes not in classpath
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12945. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12945 JSP Compilation errors: jars in WEB-INF/lib and classes in WEB-INF/classes not in classpath --- Additional Comments From [EMAIL PROTECTED] 2002-09-24 09:46 --- Created an attachment (id=3189) Files used to reproduce the failure, server configuration and server logs -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12945] - JSP Compilation errors: jars in WEB-INF/lib and classes in WEB-INF/classes not in classpath
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12945. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12945 JSP Compilation errors: jars in WEB-INF/lib and classes in WEB-INF/classes not in classpath [EMAIL PROTECTED] changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|WORKSFORME | --- Additional Comments From [EMAIL PROTECTED] 2002-09-24 09:48 --- In order to reproduce the failure with Tomcat 4.1.12 I followed these steps: 1.- Downloaded file: jakarta-tomcat-4.1.12.tar.gz File size: 5.714.133 bytes 2.- Extracted (unzipped) to folder: C:\Tomcat-4.1.12 [TOMCAT_HOME == CATALINA_HOME] 3.- Created the following files into TOMCAT_HOME (C:\Tomcat-4.1.12): + environ.cmd + InstallTomcatAsWinNTService.cmd + shutdown.cmd + startup.cmd + UninstallTomcatAsWinNTService.cmd 4.- Executed: InstallTomcatAsWinNTService.cmd + C:\Tomcat-4.1.12InstallTomcatAsWinNTService.cmd + C:\Tomcat-4.1.12\bin\Tomcat.exe -install Apache Tomcat 4.1.12 C:\j2sdk14\jre\bin\server\jvm.dll -Djava.class.path=C:\Tomcat-4.1.12 \bin\bootstrap.jar -Dcatalina.home=C:\Tomcat-4.1.12 -start org.apache.catalina.startup.BootstrapService -method main -params start -stop org.apache.catalina.startup.BootstrapService -method main -params stop -out C:\Tomcat-4.1.12\logs\stdout.log -err C:\Tomcat-4.1.12\logs\stderr.log + The service was successfully installed. + C:\Tomcat-4.1.12 5.- Started Tomcat with: C:\Tomcat-4.1.12\startup.cmd ( This first time execution created some extra folders, as you know :^) Tested its execution by accesing to a sample JSP (numberguess) under /examples context: Ok. Stopped Tomcat with: C:\Tomcat-4.1.12\shutdown.cmd 6.- Started WinNT Service: Apache Tomcat 4.1.12 with: net start Apache Tomcat 4.1.12 Tested its execution by accesing to a sample JSP (date snoop) under /examples context: FAIL. Stopped WinNT Service: Apache Tomcat 4.1.12 with: net stop Apache Tomcat 4.1.12 7.- Edited %TOMCAT_HOME%\conf\server.xml and set all debug=0 values to: debug=99 Edited %TOMCAT_HOME%\conf\web.xml and set all debug values to: 99 Deleted all log files Deleted all fles under: %TOMCAT_HOME%\work\Standalone\localhost 8.- Started WinNT Service: Apache Tomcat 4.1.12 with: net start Apache Tomcat 4.1.12 Tested its execution by accesing to a sample JSP (carts checkbox error) under /examples context: FAIL. Stopped WinNT Service: Apache Tomcat 4.1.12 with: net stop Apache Tomcat 4.1.12 Moved log files to NTService folder under logs. 9.- Started Tomcat with: C:\Tomcat-4.1.12\startup.cmd Tested its execution by accesing to a sample JSP (carts checkbox error) under /examples context: FAIL. Stopped Tomcat with: C:\Tomcat-4.1.12\shutdown.cmd Moved log files to StandAlone folder under logs. 10.- Generated: Files.zip with all files under \conf and \logs folders, and also the MSDOS scripts in %TOMCAT_HOME%. It looks like the NT Service fails to find something to work fine. Maybe that the NT Service Install command needs to be passed extra info regarding where is ant, some library, or whatever, but started Tomcat as a Stand Alone task from command line, does not fails. Attached I posted a ZIP file with all needed archives to test my installation. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12945] - JSP Compilation errors: jars in WEB-INF/lib and classes in WEB-INF/classes not in classpath
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12945. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12945 JSP Compilation errors: jars in WEB-INF/lib and classes in WEB-INF/classes not in classpath [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||WORKSFORME --- Additional Comments From [EMAIL PROTECTED] 2002-09-24 09:56 --- Sorry, but I simply do not have time to help you debug or check whether or not your configuration. The idea is that a similar configuration is working fine for me (XP / JDK 1.4 / Tomcat installed through the installer). Could you please try the default configuration and installation ? Do NOT use the .tar.gz when using Windows, unless you know what you are doing. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/xdocs faq.xml
hgomez 2002/09/24 03:23:51 Modified:jk/xdocs faq.xml Log: Add information about MMNB (Magic Module Number bump) of Apache 2.0 Revision ChangesPath 1.4 +2 -2 jakarta-tomcat-connectors/jk/xdocs/faq.xml Index: faq.xml === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/xdocs/faq.xml,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- faq.xml 20 Sep 2002 21:35:31 - 1.3 +++ faq.xml 24 Sep 2002 10:23:51 - 1.4 @@ -220,7 +220,7 @@ subsection name=Apache 2.0 complains about incorrect module version p Since Apache 2.0 API still change often, the Apache 2.0 teams decide to put in headers of compiled modules the -Apache 2.0 version used to compile the module. +Apache 2.0 version used to compile the module. This check is called Magic Module Number bump. /p p At start time Apache 2.0 check that version in modules headers and stop if it detect that a module was compiled -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/xdocs/jk aphowto.xml
hgomez 2002/09/24 03:49:03 Modified:jk/xdocs/jk aphowto.xml Log: Use MOD_JK SVRPGM as mod_jk module for iSeries when rebuilding it from Apache sources (IBM use QZTCJK). Revision ChangesPath 1.11 +1 -1 jakarta-tomcat-connectors/jk/xdocs/jk/aphowto.xml Index: aphowto.xml === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/xdocs/jk/aphowto.xml,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- aphowto.xml 20 Sep 2002 21:35:30 - 1.10 +++ aphowto.xml 24 Sep 2002 10:49:03 - 1.11 @@ -858,7 +858,7 @@ note5250Launch the build/note5250 type5250CALL MOD_JK/BLDJK/type5250br/ note5250If the build if successfull, copy the new mod_jk module/note5250 -type5250CRTDUPOBJ OBJ(MOD_JK) FROMLIB(MOD_JK) OBJTYPE(*SRVPGM) TOLIB(QHTTPSVR) NEWOBJ(MODJK)/type5250 +type5250CRTDUPOBJ OBJ(MOD_JK) FROMLIB(MOD_JK) OBJTYPE(*SRVPGM) TOLIB(QHTTPSVR) NEWOBJ(MOD_JK)/type5250 /screen5250 p Next, you should restart your Apache 2.0 server and enjoy this piece of OpenSource on iSeries. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
JK 1.2.0 tag
JTC will be tagged JK_1_2_0 by 17h CET. Regards -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
JK2 2.0.0 Release proposal
Hi, Since there is no major showstoppers and a) The vhosts should work now b) Socket BUG 12346 is solved Here is the release plan: 1. 09/25/2002 - Freeze the further development. 2. 09/26/2002 - If there is no major bugs tag the release as JK2_2_0_0 3. 09/26/2002 - Prepare the source release (zip and tar.gz) Start building binaries (What platforms?) Platform WIN32 (I can do that): mod_jk2/Apache2.0.40 (or 2.0.42 if released). mod_jk2/Apache1.3.26/APRAPR_UTIL from 2.0.40 i_r2.dll/APRAPR-UTIL from 2.0.40 Any one wish to make binaries for other platforms? 4. 09/27/2002 - Should be all over at http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk2/release/v 2.0.0/ Comments and thoughts? MT. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
how many committers?
Hi, Can someone tell me how many committers there are on: - Tomcat 3.x - Tomcat 4.x - Tomcat 5.x Thanks -Vincent Note: I have not found a way to access the CVS avail file in /home/cvs (it seems I don't have the rights). -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
[SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability
A security vulnerability has been confirmed to exist in all Apache Tomcat 4.x releases (including Tomcat 4.0.4 and Tomcat 4.1.10), which allows to use a specially crafted URL to return the unprocessed source of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security constraint, without the need for being properly authenticated. The cause - Using the invoker servlet in conjunction with the default servlet (responsible for handling static content in Tomcat) triggers this vulnerability. This particular configuration is available in the default Tomcat configuration. Workarounds --- An easy workaround exists for existing Tomcat installations, by disabling the invoker servlet in the default webapp configuration. In the $CATALINA_HOME/conf/web.xml file (on Windows, %CATALINA_HOME%\conf\web.xml), comment out or remove the following XML fragment: servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping Releases The Apache Tomcat Team announces the immediate availability of new releases which include a fix to the invoker servlet. Apache Tomcat 4.1.12 Stable: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/ Apache Tomcat 4.0.5: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/ Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12952] New: - Documentation error for Tyrex Connection Pooling
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12952. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12952 Documentation error for Tyrex Connection Pooling Summary: Documentation error for Tyrex Connection Pooling Product: Tomcat 4 Version: 4.1.10 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: Webapps:Documentation AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Resource name=my-datasource auth=Container type=tyrex.resource.Resource/ ResourceParams name=my-datasource parameter namename/name valuemyDataSource/name /parameter /ResourceParams Notice the value is closed by name rather than value -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/webapps/tomcat-docs jndi-datasource-examples-howto.xml
remm2002/09/24 05:12:22 Modified:webapps/tomcat-docs jndi-datasource-examples-howto.xml Log: - Fix incorrect XML. - Submitted by matt at raibledesigns.com Revision ChangesPath 1.6 +1 -1 jakarta-tomcat-4.0/webapps/tomcat-docs/jndi-datasource-examples-howto.xml Index: jndi-datasource-examples-howto.xml === RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/jndi-datasource-examples-howto.xml,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- jndi-datasource-examples-howto.xml30 Aug 2002 13:41:25 - 1.5 +++ jndi-datasource-examples-howto.xml24 Sep 2002 12:12:22 - 1.6 @@ -613,7 +613,7 @@ lt;ResourceParams name=my-datasourcegt; lt;parametergt; lt;namegt;namelt;/namegt; -lt;valuegt;myDataSourcelt;/namegt; +lt;valuegt;myDataSourcelt;/valuegt; lt;/parametergt; lt;/ResourceParamsgt; /source -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: JK2 2.0.0 Release proposal
Mladen Turk wrote: Hi, Since there is no major showstoppers and a) The vhosts should work now b) Socket BUG 12346 is solved Here is the release plan: 1. 09/25/2002 - Freeze the further development. 2. 09/26/2002 - If there is no major bugs tag the release as JK2_2_0_0 3. 09/26/2002 - Prepare the source release (zip and tar.gz) Start building binaries (What platforms?) +1 Platform WIN32 (I can do that): mod_jk2/Apache2.0.40 (or 2.0.42 if released). mod_jk2/Apache1.3.26/APRAPR_UTIL from 2.0.40 i_r2.dll/APRAPR-UTIL from 2.0.40 Any one wish to make binaries for other platforms? Linux i386 and may be cygwin also 4. 09/27/2002 - Should be all over at http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk2/release/v 2.0.0/ Comments and thoughts? Let's go, JK 1.2.0 should be out tomorrow -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/webapps/docs jndi-datasource-examples-howto.xml
remm2002/09/24 05:13:17 Modified:webapps/docs jndi-datasource-examples-howto.xml Log: - Fix incorrect XML. - Submitted by matt at raibledesigns.com Revision ChangesPath 1.3 +1 -1 jakarta-tomcat-catalina/webapps/docs/jndi-datasource-examples-howto.xml Index: jndi-datasource-examples-howto.xml === RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/jndi-datasource-examples-howto.xml,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- jndi-datasource-examples-howto.xml30 Jul 2002 03:58:28 - 1.2 +++ jndi-datasource-examples-howto.xml24 Sep 2002 12:13:16 - 1.3 @@ -485,7 +485,7 @@ lt;ResourceParams name=my-datasourcegt; lt;parametergt; lt;namegt;namelt;/namegt; -lt;valuegt;myDataSourcelt;/namegt; +lt;valuegt;myDataSourcelt;/valuegt; lt;/parametergt; lt;/ResourceParamsgt; /source -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
System.out.println() calls in servlet init methods
Can someone tell me why System.out.println() calls in the init methods of servlets do not make it out to the console at all. They will make it into a log file but never print to the console itself. System.out.println() calls in the doGet and doPost print out to the console as expected. Thanks, John -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12953] New: - Taglib support broken
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12953. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12953 Taglib support broken Summary: Taglib support broken Product: Tomcat 4 Version: 4.1.9 Platform: PC OS/Version: Other Status: NEW Severity: Critical Priority: Other Component: Jasper 2 AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] It seems that the taglib support is totally broken in Tomcat 4.1. Tag setter methods are not correctly called prior to calling the startTag() method of the Tags. This worked seamlessly in Tomcat 4.0.4. See http://www.iternum.com/i3test for a web app that shows this behavior. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability
Would the following be vulnerable? 1) Use Jk only 2) do NOT use -- JkMount /servlet/* loadbalancer 3) But the invoker mapping is enabled Would they be vulnerable? I personally don't see a security flaw in this config. But does Jk also look for the text jsessionid being passed in the URL and automagically pass it along to tomcat? AFAIK - I thought a Rewrite rule needed to be added to have that behavior. Remy Maucherat wrote: A security vulnerability has been confirmed to exist in all Apache Tomcat 4.x releases (including Tomcat 4.0.4 and Tomcat 4.1.10), which allows to use a specially crafted URL to return the unprocessed source of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security constraint, without the need for being properly authenticated. The cause - Using the invoker servlet in conjunction with the default servlet (responsible for handling static content in Tomcat) triggers this vulnerability. This particular configuration is available in the default Tomcat configuration. Workarounds --- An easy workaround exists for existing Tomcat installations, by disabling the invoker servlet in the default webapp configuration. In the $CATALINA_HOME/conf/web.xml file (on Windows, %CATALINA_HOME%\conf\web.xml), comment out or remove the following XML fragment: servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping Releases The Apache Tomcat Team announces the immediate availability of new releases which include a fix to the invoker servlet. Apache Tomcat 4.1.12 Stable: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/ Apache Tomcat 4.0.5: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/ Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12953] - Taglib support broken
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12953. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12953 Taglib support broken [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Additional Comments From [EMAIL PROTECTED] 2002-09-24 12:34 --- Thhas been fixed already. Please try not to file obvious duplicates. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] commit new Tomcat 4 SecurityManager XML Policy code toCVS
Comments intermixed below. Costin Manolache wrote: Glenn Nielsen wrote: Tomcat SecurityManager XML Policy configuration --- I have finished implementing support within Tomcat for using XML based security policy files. This was proposed and discussed on the list back 3-4 months ago. I would like to commit this to the jakarta-tomcat-4.0 CVS HEAD and have it included in future 4.1.x releases. Initially it could be listed as either experimental, alpha, or beta. Whichever we decide. - This new feature is fully backward compatible with current methods of using catalina.policy. Use of the XML based policy is invoked by using the -security-xml startup option instead of -security. - Catalina can be compiled without support for use of an XML policy. To build with support for an XML policy the Castor XML Schema jar file and the Jakarta ORO jar files must both be present. http://castor.exolab.org/ http://jakarta.apache.org/oro/ Here is a URL to the updated Security Manager HOW-TO which documents the new XML Policy features. http://duke.more.net/~glenn/tomcat-docs/security-manager-howto.html#Optional%20XML%20Policy%20Configuration Please review the above before voting. If you are interested in looking at the code before I commit I could create a patch file with all the changes against jakarta-tomcat-4.0 CVS HEAD and make it available. Just let me know. Here is a ballot. I would prefer not creating a Tomcat 4.2 development branch yet, that just adds more CVS branches to commit bug fixes to. ballot [ ] commit XML Policy source to jakarta-tomcat-4.0 HEAD and include it in future release of Tomcat 4.1.x [ ] commit to CVS but don't add to the next release [ ] create a Tomcat 4.2 development branch and commit there (Ugh!) [ ] -1 Don't commit to CVS (Please explain why) /ballot I'm -0 on adding yet another config file - WEB-INF/policy.xml is also strange as webapps ( which shouldn't be trusted ) get to set the security policy. This is very tricky - and will need a lot of review. Using Tomcat with the XML based policy file is optional, so it is another config file only if it is being used. And I tried to provide good documentation on how to use it. /WEB-INF/policy.xml works. The code is pretty straightforward. Only those permissions which the global policy.xml allow can be configured in the web app. This is done using the Permissions.implies() method. And the web app can only configure permissions for code sources that exist within its context directory. I plan on putting this into production and I am very paranoid when it comes to security. However I'm -1 on adding deps on castor and doing schema validations - at least at this stage ( and after the experience we had with web.xml schemas ). Castor is very nice, but is also a big thing. What experience was it that we had with web.xml schemas? I have used Castor on other projects. It does more than validation, it is also used to generate Java source code when Tomcat is built for the XML Schema elements. Tomcat on a production system already takes up a huge amount of resources (memory), I don't think the extra memory required by Castor classes would be noticed. And those resources would only get used if you use the XML based policy files. The current policy file is standard and likely to be understood by tools. XML may be in theory easier, however I doubt too many tools understand this particular DTD. So I prefer keeping the current file format as default, at least until a standard security policy DTD is defined ( standard == we're not the only ones using it :-). The current policy file also has its limitations. This new policy.xml is more intutitive to configure. Any tool which understands XML can be used to configure your XML Policy files, such as XML Spy. The JVM itself anticipated a need for alternative application specific Policy implementations and has the hooks for doing it. Are you aware of anyone working on a new standard? Is there a JSR? If you need this functionality - I would propose making it a separate module ( sort of add-on to tomcat ), instead of bundling it with tomcat by default. This isn't just for me. The type of features the XML Policy code add have been requested in discussions I have had about the Java SecurityManager at ApacheCon and JavaOne. There currently are no official Tomcat add on modules. Everything comes bundled with it. There have been discussions about this, the end result being that it is easier for the user if everything is bundled together. There are a number of Tomcat features that I don't use such as webdav, ssi, and cgi to name a few. I just remove those things I don't need. If you don't need to use the policy based XML, don't use it. Regards, Glenn -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] commit new Tomcat 4 SecurityManager XML Policy code toCVS
Costin Manolache wrote: Glenn Nielsen wrote: ballot [ ] commit XML Policy source to jakarta-tomcat-4.0 HEAD and include it in future release of Tomcat 4.1.x [X] commit to CVS but don't add to the next release [ ] create a Tomcat 4.2 development branch and commit there (Ugh!) [ ] -1 Don't commit to CVS (Please explain why) /ballot I'm -0 on adding yet another config file - WEB-INF/policy.xml is also strange as webapps ( which shouldn't be trusted ) get to set the security policy. This is very tricky - and will need a lot of review. However I'm -1 on adding deps on castor and doing schema validations - at least at this stage ( and after the experience we had with web.xml schemas ). Castor is very nice, but is also a big thing. The current policy file is standard and likely to be understood by tools. XML may be in theory easier, however I doubt too many tools understand this particular DTD. So I prefer keeping the current file format as default, at least until a standard security policy DTD is defined ( standard == we're not the only ones using it :-). If you need this functionality - I would propose making it a separate module ( sort of add-on to tomcat ), instead of bundling it with tomcat by default. I'd commit it as a module for now, and work from there. If we could avoid having to use Castor XML for parsing, that would be nice. I understand your point of adding a new non-standard configuration file. Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] commit new Tomcat 4 SecurityManager XML Policy code toCVS
Remy Maucherat wrote: Costin Manolache wrote: Glenn Nielsen wrote: ballot [ ] commit XML Policy source to jakarta-tomcat-4.0 HEAD and include it in future release of Tomcat 4.1.x [X] commit to CVS but don't add to the next release [ ] create a Tomcat 4.2 development branch and commit there (Ugh!) [ ] -1 Don't commit to CVS (Please explain why) /ballot I'm -0 on adding yet another config file - WEB-INF/policy.xml is also strange as webapps ( which shouldn't be trusted ) get to set the security policy. This is very tricky - and will need a lot of review. However I'm -1 on adding deps on castor and doing schema validations - at least at this stage ( and after the experience we had with web.xml schemas ). Castor is very nice, but is also a big thing. The current policy file is standard and likely to be understood by tools. XML may be in theory easier, however I doubt too many tools understand this particular DTD. So I prefer keeping the current file format as default, at least until a standard security policy DTD is defined ( standard == we're not the only ones using it :-). If you need this functionality - I would propose making it a separate module ( sort of add-on to tomcat ), instead of bundling it with tomcat by default. I'd commit it as a module for now, and work from there. I'm not sure what it means to commit something as a module to Tomcat. The support for XML policy files is only built in if you configure your build.properties to do so. Is that what a module means? If we could avoid having to use Castor XML for parsing, that would be nice. I have used Castor for XML Schema support in several projects. I just find that Castor makes use of XML Schemas much easier. And XML Schemas are a significantly better solution than DTD's for validating XML. Regards, Glenn -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability
Evil question: does this vulnerability exist in Tomcat 3.2.3? Mitchell Evan Marx[EMAIL PROTECTED] ATT IP Network Configuration Provisioning Development -Original Message- From: Remy Maucherat [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 7:59 AM To: Tomcat Developers List; Tomcat Users List; announcements Subject: [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability A security vulnerability has been confirmed to exist in all Apache Tomcat 4.x releases (including Tomcat 4.0.4 and Tomcat 4.1.10), which allows to use a specially crafted URL to return the unprocessed source of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security constraint, without the need for being properly authenticated. The cause - Using the invoker servlet in conjunction with the default servlet (responsible for handling static content in Tomcat) triggers this vulnerability. This particular configuration is available in the default Tomcat configuration. Workarounds --- An easy workaround exists for existing Tomcat installations, by disabling the invoker servlet in the default webapp configuration. In the $CATALINA_HOME/conf/web.xml file (on Windows, %CATALINA_HOME%\conf\web.xml), comment out or remove the following XML fragment: servlet-mapping servlet-nameinvoker/servlet-name url-pattern/servlet/*/url-pattern /servlet-mapping Releases The Apache Tomcat Team announces the immediate availability of new releases which include a fix to the invoker servlet. Apache Tomcat 4.1.12 Stable: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.12/ Apache Tomcat 4.0.5: http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/ Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability
Tim Funk wrote: Would the following be vulnerable? 1) Use Jk only 2) do NOT use -- JkMount /servlet/* loadbalancer 3) But the invoker mapping is enabled Would they be vulnerable? I personally don't see a security flaw in this config. But does Jk also look for the text jsessionid being passed in the URL and automagically pass it along to tomcat? AFAIK - I thought a Rewrite rule needed to be added to have that behavior. If you do end up passing any context/servlet/* URLs to Tomcat, then you're safe. However, I would still edit conf/web.xml as explained in the advisory to make sure there are no problems in the future. Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-site/xdocs index.xml
remm2002/09/24 06:15:08 Modified:docs index.html xdocsindex.xml Log: - Update numbers. Revision ChangesPath 1.28 +3 -3 jakarta-tomcat-site/docs/index.html Index: index.html === RCS file: /home/cvs/jakarta-tomcat-site/docs/index.html,v retrieving revision 1.27 retrieving revision 1.28 diff -u -r1.27 -r1.28 --- index.html10 Sep 2002 08:54:14 - 1.27 +++ index.html24 Sep 2002 13:15:08 - 1.28 @@ -175,7 +175,7 @@ /td td bgcolor=#a0ddf0 colspan= rowspan= valign=top align=left font color=#00 size=-1 face=arial,helvetica,sanserif -4.1.10 +4.1.12 /font /td /tr @@ -223,7 +223,7 @@ Catalina) that is based on completely new architecture. The 4.x releases implement the strongServlet 2.3/strong and strongJSP 1.2/strong specifications./p -pstrongTomcat 4.1.x/strong. Tomcat 4.1.10 Stable is the latest release. +pstrongTomcat 4.1.x/strong. Tomcat 4.1.12 Stable is the latest release. Tomcat 4.1 is a refactoring of Tomcat 4.0.x, and contains significant enhancements, including: ul @@ -238,7 +238,7 @@ from build.xml scripts/li /ul /p -pstrongTomcat 4.0.x/strong. Tomcat 4.0.4 is the old production +pstrongTomcat 4.0.x/strong. Tomcat 4.0.5 is the old production quality release. Tomcat 4.0 is the next generation of Tomcat. The 4.0 servlet container (Catalina) has been developed from the ground up for flexibility and performance. Version 4.0 implements the final released versions of the Servlet 1.24 +3 -3 jakarta-tomcat-site/xdocs/index.xml Index: index.xml === RCS file: /home/cvs/jakarta-tomcat-site/xdocs/index.xml,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- index.xml 10 Sep 2002 08:54:14 - 1.23 +++ index.xml 24 Sep 2002 13:15:08 - 1.24 @@ -45,7 +45,7 @@ tr td2.3/1.2/td - td4.1.10/td + td4.1.12/td /tr tr @@ -75,7 +75,7 @@ implement the strongServlet 2.3/strong and strongJSP 1.2/strong specifications./p -pstrongTomcat 4.1.x/strong. Tomcat 4.1.10 Stable is the latest release. +pstrongTomcat 4.1.x/strong. Tomcat 4.1.12 Stable is the latest release. Tomcat 4.1 is a refactoring of Tomcat 4.0.x, and contains significant enhancements, including: ul @@ -91,7 +91,7 @@ /ul /p -pstrongTomcat 4.0.x/strong. Tomcat 4.0.4 is the old production +pstrongTomcat 4.0.x/strong. Tomcat 4.0.5 is the old production quality release. Tomcat 4.0 is the next generation of Tomcat. The 4.0 servlet container (Catalina) has been developed from the ground up for flexibility and performance. Version 4.0 implements the final released versions of the Servlet -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability
Remy Maucherat wrote: Tim Funk wrote: Would the following be vulnerable? 1) Use Jk only 2) do NOT use -- JkMount /servlet/* loadbalancer 3) But the invoker mapping is enabled Would they be vulnerable? I personally don't see a security flaw in this config. But does Jk also look for the text jsessionid being passed in the URL and automagically pass it along to tomcat? AFAIK - I thought a Rewrite rule needed to be added to have that behavior. If you do end up passing any context/servlet/* URLs to Tomcat, then you're safe. However, I would still edit conf/web.xml as explained in the advisory to make sure there are no problems in the future. Of course, this should read If you do NOT end up ;-) Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability
Marx, Mitchell E (Mitch), ALCNS wrote: Evil question: does this vulnerability exist in Tomcat 3.2.3? No. At worst it would be vulnerable to a distant cousin of the exploit. Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/native2/server/apache2 mod_jk2.dsp
mturk 2002/09/24 06:22:14 Modified:jk/native2/server/apache2 mod_jk2.dsp Log: Use MT DLL for debug build. Revision ChangesPath 1.5 +1 -1 jakarta-tomcat-connectors/jk/native2/server/apache2/mod_jk2.dsp Index: mod_jk2.dsp === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/server/apache2/mod_jk2.dsp,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- mod_jk2.dsp 8 Aug 2002 18:21:41 - 1.4 +++ mod_jk2.dsp 24 Sep 2002 13:22:14 - 1.5 @@ -69,7 +69,7 @@ # PROP Ignore_Export_Lib 0 # PROP Target_Dir # ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D WIN32 /D _DEBUG /D _WINDOWS /D _MBCS /D _USRDLL /D MOD_JK2_EXPORTS /YX /FD /GZ /c -# ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /I ..\..\include /I $(JAVA_HOME)\include /I $(JAVA_HOME)\include\win32 /I $(APACHE2_HOME)\include /I $(APACHE2_HOME)\os\win32 /D WIN32 /D _DEBUG /D _WINDOWS /D _MBCS /D _USRDLL /D MOD_JK2_EXPORTS /D HAVE_JNI /D HAS_APR /FR /YX /FD /GZ /c +# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I ..\..\include /I $(JAVA_HOME)\include /I $(JAVA_HOME)\include\win32 /I $(APACHE2_HOME)\include /I $(APACHE2_HOME)\os\win32 /D WIN32 /D _DEBUG /D _WINDOWS /D _MBCS /D _USRDLL /D MOD_JK2_EXPORTS /D HAVE_JNI /D HAS_APR /FR /YX /FD /GZ /c # SUBTRACT CPP /X # ADD BASE MTL /nologo /D _DEBUG /mktyplib203 /win32 # ADD MTL /nologo /D _DEBUG /mktyplib203 /win32 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/native2/server/apache13 mod_jk2.dsp
mturk 2002/09/24 06:27:03 Added: jk/native2/server/apache13 mod_jk2.dsp Log: Add mod_jk2.dsp to the repository Revision ChangesPath 1.1 jakarta-tomcat-connectors/jk/native2/server/apache13/mod_jk2.dsp Index: mod_jk2.dsp === # Microsoft Developer Studio Project File - Name=mod_jk2 - Package Owner=4 # Microsoft Developer Studio Generated Build File, Format Version 6.00 # ** DO NOT EDIT ** # TARGTYPE Win32 (x86) Dynamic-Link Library 0x0102 CFG=mod_jk2 - Win32 Debug !MESSAGE This is not a valid makefile. To build this project using NMAKE, !MESSAGE use the Export Makefile command and run !MESSAGE !MESSAGE NMAKE /f mod_jk2.mak. !MESSAGE !MESSAGE You can specify a configuration when running NMAKE !MESSAGE by defining the macro CFG on the command line. For example: !MESSAGE !MESSAGE NMAKE /f mod_jk2.mak CFG=mod_jk2 - Win32 Debug !MESSAGE !MESSAGE Possible choices for configuration are: !MESSAGE !MESSAGE mod_jk2 - Win32 Release (based on Win32 (x86) Dynamic-Link Library) !MESSAGE mod_jk2 - Win32 Debug (based on Win32 (x86) Dynamic-Link Library) !MESSAGE # Begin Project # PROP AllowPerConfigDependencies 0 # PROP Scc_ProjName # PROP Scc_LocalPath CPP=cl.exe MTL=midl.exe RSC=rc.exe !IF $(CFG) == mod_jk2 - Win32 Release # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 0 # PROP BASE Output_Dir Release # PROP BASE Intermediate_Dir Release # PROP BASE Target_Dir # PROP Use_MFC 0 # PROP Use_Debug_Libraries 0 # PROP Output_Dir Release # PROP Intermediate_Dir Release # PROP Ignore_Export_Lib 0 # PROP Target_Dir # ADD BASE CPP /nologo /MT /W3 /GX /O2 /D WIN32 /D NDEBUG /D _WINDOWS /D _MBCS /D _USRDLL /D MOD_JK2_EXPORTS /YX /FD /c # ADD CPP /nologo /MD /W3 /GX /O2 /I ..\..\include /I $(APACHE_HOME)\include /D NDEBUG /D WIN32 /D _WINDOWS /D _MBCS /D _USRDLL /D SHARED_MODULE /D WIN32_LEAN_AND_MEAN /YX /FD /c # ADD BASE MTL /nologo /D NDEBUG /mktyplib203 /win32 # ADD MTL /nologo /D NDEBUG /mktyplib203 /win32 # ADD BASE RSC /l 0x41a /d NDEBUG # ADD RSC /l 0x41a /d NDEBUG BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386 # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib ApacheCore.lib ws2_32.lib /nologo /dll /machine:I386 /libpath:$(APACHE_HOME)\lib /libpath:$(APACHE2_HOME)\lib !ELSEIF $(CFG) == mod_jk2 - Win32 Debug # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 1 # PROP BASE Output_Dir Debug # PROP BASE Intermediate_Dir Debug # PROP BASE Target_Dir # PROP Use_MFC 0 # PROP Use_Debug_Libraries 1 # PROP Output_Dir Debug # PROP Intermediate_Dir Debug # PROP Ignore_Export_Lib 0 # PROP Target_Dir # ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D WIN32 /D _DEBUG /D _WINDOWS /D _MBCS /D _USRDLL /D MOD_JK2_EXPORTS /YX /FD /GZ /c # ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I ..\..\include /I $(APACHE_HOME)\include /D _DEBUG /D WIN32 /D _WINDOWS /D _MBCS /D _USRDLL /D SHARED_MODULE /D WIN32_LEAN_AND_MEAN /YX /FD /GZ /c # ADD BASE MTL /nologo /D _DEBUG /mktyplib203 /win32 # ADD MTL /nologo /D _DEBUG /mktyplib203 /win32 # ADD BASE RSC /l 0x41a /d _DEBUG # ADD RSC /l 0x41a /d _DEBUG BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib ApacheCore.lib wsock32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept /libpath:$(APACHE_HOME)\lib /libpath:$(APACHE2_HOME)\lib !ENDIF # Begin Target # Name mod_jk2 - Win32 Release # Name mod_jk2 - Win32 Debug # Begin Group Source Files # PROP Default_Filter cpp;c;cxx;rc;def;r;odl;idl;hpj;bat # Begin Source File SOURCE=..\..\common\jk_channel.c # End Source File # Begin Source File SOURCE=..\..\common\jk_channel_apr_socket.c # End Source File # Begin Source File SOURCE=..\..\common\jk_channel_jni.c # End Source File # Begin Source File SOURCE=..\..\common\jk_channel_socket.c # End Source File # Begin Source File SOURCE=..\..\common\jk_channel_un.c # End Source File # Begin Source File SOURCE=..\..\common\jk_config.c # End Source File # Begin Source File SOURCE=..\..\common\jk_config_file.c # End Source
Re: JK2 2.0.0 Release proposal
+1 and thanks for steping up :-) Mladen Turk wrote: Hi, Since there is no major showstoppers and a) The vhosts should work now b) Socket BUG 12346 is solved Here is the release plan: 1. 09/25/2002 - Freeze the further development. 2. 09/26/2002 - If there is no major bugs tag the release as JK2_2_0_0 Let's call this a 'milestone' or 'build', as is done in 4.x and apache. 3. 09/26/2002 - Prepare the source release (zip and tar.gz) Start building binaries (What platforms?) Platform WIN32 (I can do that): mod_jk2/Apache2.0.40 (or 2.0.42 if released). mod_jk2/Apache1.3.26/APRAPR_UTIL from 2.0.40 i_r2.dll/APRAPR-UTIL from 2.0.40 Any one wish to make binaries for other platforms? 4. 09/27/2002 - Should be all over at http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk2/release/v 2.0.0/ Then have a vote on the 'label' - I personally prefer to call it 'beta', not release. I'm very happy with the stability of the code, but for 4.1 I would like to have jk1.2 considered the 'stable' connector and jk2.0 at beta level. That reflects the big difference in testing and use they had so far. After 1.2 is released and 2.0 is beta, we should froze 1.2 tree and start doing all work in 2.0, and eventually have 2.0 released shortly after. BTW, there are several features in 2.0 I wouldn't consider 'release quality' yet - the shmem, unix channel, even jni had only little testing so far ( compared with the very large amount of use jk1.2 had ) Costin Comments and thoughts? MT. -- Costin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] commit new Tomcat 4 SecurityManager XML Policy code toCVS
Glenn Nielsen wrote: Comments intermixed below. Costin Manolache wrote: Glenn Nielsen wrote: Tomcat SecurityManager XML Policy configuration --- I have finished implementing support within Tomcat for using XML based security policy files. This was proposed and discussed on the list back 3-4 months ago. I would like to commit this to the jakarta-tomcat-4.0 CVS HEAD and have it included in future 4.1.x releases. Initially it could be listed as either experimental, alpha, or beta. Whichever we decide. - This new feature is fully backward compatible with current methods of using catalina.policy. Use of the XML based policy is invoked by using the -security-xml startup option instead of -security. - Catalina can be compiled without support for use of an XML policy. To build with support for an XML policy the Castor XML Schema jar file and the Jakarta ORO jar files must both be present. http://castor.exolab.org/ http://jakarta.apache.org/oro/ Here is a URL to the updated Security Manager HOW-TO which documents the new XML Policy features. http://duke.more.net/~glenn/tomcat-docs/security-manager-howto.html#Optional%20XML%20Policy%20Configuration Please review the above before voting. If you are interested in looking at the code before I commit I could create a patch file with all the changes against jakarta-tomcat-4.0 CVS HEAD and make it available. Just let me know. Here is a ballot. I would prefer not creating a Tomcat 4.2 development branch yet, that just adds more CVS branches to commit bug fixes to. ballot [ ] commit XML Policy source to jakarta-tomcat-4.0 HEAD and include it in future release of Tomcat 4.1.x [ ] commit to CVS but don't add to the next release [ ] create a Tomcat 4.2 development branch and commit there (Ugh!) [ ] -1 Don't commit to CVS (Please explain why) /ballot I'm -0 on adding yet another config file - WEB-INF/policy.xml is also strange as webapps ( which shouldn't be trusted ) get to set the security policy. This is very tricky - and will need a lot of review. Using Tomcat with the XML based policy file is optional, so it is another config file only if it is being used. And I tried to provide good documentation on how to use it. /WEB-INF/policy.xml works. The code is pretty straightforward. Only those permissions which the global policy.xml allow can be configured in the web app. This is done using the Permissions.implies() method. And the web app can only configure permissions for code sources that exist within its context directory. I plan on putting this into production and I am very paranoid when it comes to security. However I'm -1 on adding deps on castor and doing schema validations - at least at this stage ( and after the experience we had with web.xml schemas ). Castor is very nice, but is also a big thing. What experience was it that we had with web.xml schemas? I have used Castor on other projects. It does more than validation, it is also used to generate Java source code when Tomcat is built for the XML Schema elements. Tomcat on a production system already takes up a huge amount of resources (memory), I don't think the extra memory required by Castor classes would be noticed. And those resources would only get used if you use the XML based policy files. The current policy file is standard and likely to be understood by tools. XML may be in theory easier, however I doubt too many tools understand this particular DTD. So I prefer keeping the current file format as default, at least until a standard security policy DTD is defined ( standard == we're not the only ones using it :-). The current policy file also has its limitations. This new policy.xml is more intutitive to configure. Any tool which understands XML can be used to configure your XML Policy files, such as XML Spy. The JVM itself anticipated a need for alternative application specific Policy implementations and has the hooks for doing it. Are you aware of anyone working on a new standard? Is there a JSR? [FYI] JSR 115 (http://jcp.org/aboutJava/communityprocess/first/jsr115/index.html) Java Authorization Contract for Container is in that direction (for expressing Web Permissions and for moving away from the *.policy file format). The spec doesn't say anything about the way policy file are represented (open the door to n [VOTE] commit new Tomcat 4 SecurityManager XML Policy code to CVS Glenn
RE: JK2 2.0.0 Release proposal
Contin wrote: Let's call this a 'milestone' or 'build', as is done in 4.x and apache. So JK2_0_BETA as tag name and jk2.0-beta as build name, but I would reather prefer only numbers an just said OK jk-2.0.0 is Beta version. MT. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [JK2] new uriMap using hostname:port
Hola Mladen, there are already some problems with port based VS hosting, in httpd.conf you have: ( i use apache2 for testing IIS vhost support, blame on w2kp :(, dont point me the JkUriSet method for config vhosts in apache, please :) Listen 8081 NameVirtualHost *:8081 VirtualHost *:8081 ServerAdmin [EMAIL PROTECTED] DocumentRoot E:/Apache2/htdocs/www.ciberlogic.com_8081 ServerName www.hippo.com:8081 ErrorLog logs/www.ciberlogic.com_8081-error_log CustomLog logs/www.ciberlogic.com_8081-access_log common /VirtualHost and a wk2.p file with only [uri:www.hippo.com:8081/examples/*] will not work, to solve it we need to revert the correctHosts function deleted lately ( to create vhost from declared uris ), and use it in uriMap_init, in addition the uriEnv-virtual containst the port if non standard, initializations fails to setup the uri above,it goes to the default host, because the uriEnv-virtual can not be found in the vhosts map, as this map uses the host without port as key.. I have a patch for this from yesterdays source's, i need to integrate your latest changes, but i couldnt do it until night here.. so.. Saludos , Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: JK2 2.0.0 Release proposal
De: Mladen Turk [mailto:[EMAIL PROTECTED]] Enviado el: 24 de septiembre de 2002 13:28 Hi, Since there is no major showstoppers and a) The vhosts should work now b) Socket BUG 12346 is solved Thanks for volunteer, and thanks for the fixes.. Here is the release plan: +1 for the overall plan, but what if we use for jk2 the same strategy than tomcat 4.1? Saludos , Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: JK2 2.0.0 Release proposal
Mladen Turk wrote: Contin wrote: Let's call this a 'milestone' or 'build', as is done in 4.x and apache. So JK2_0_BETA as tag name and jk2.0-beta as build name, but I would reather prefer only numbers an just said OK jk-2.0.0 is Beta version. I think the way it works ( for 4.0 and apache ) is: - 2.0.x as 'build number' - a proposal on tomcat-dev to release the build with a certain label ( beta in this case ) The labels will use the build number, the announce will use the label. MT. -- Costin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] commit new Tomcat 4 SecurityManager XML Policy code to CVS
Glenn, As a new feature, you need a majority of votes and at least 3 +1. My vote is -1 ( but is not a veto ). Only commits can be vetoed, and I'll probably do so if castor is used - all tomcat is using digester style for xml processing, and we have a proposal to use JNDI to abstract XML processing. If each piece of tomcat start using another technology - maybe jaxb ? or any other xml-to-java we'll end up with a huge mess. I also strongly disagree with doing schema validations at runtime ( i.e. on every run ), so if you really want validation it must be done only once ( and at each file modification ) or be done by the config tools. Yes, we have webdav bundled - aparently a majority of voters believed it was a good idea. I think it isn't - and if someone propose to remove it and just recommend slide I'll be +1. But that's not a good argument for adding more. My major concerns are: - integration in a new config mechanism. If you don't like JNDI/JMX proposal, make another one - but we should have a consistent way of dealing with config ( as API ). - castor use. I like castor - and if a proposal is made to use castor in all xml processing, I may be +0. But I'm strongly -1 on using castor for policy, digester for server.xml and DOM for jasper. - DTD - what are jboss or j2ee using for policy ? What other DTDs are in use for this ? XML is just a file format, if everyone uses a different DTD we're in a mess. Again, I'm not vetoing ( I can't anyway ) the proposed new feature, I'm just voting against ( proposals like this are majority votes - at least in my understanding ) Costin Glenn Nielsen wrote: I'm -0 on adding yet another config file - WEB-INF/policy.xml is also strange as webapps ( which shouldn't be trusted ) get to set the security policy. This is very tricky - and will need a lot of review. Using Tomcat with the XML based policy file is optional, so it is another config file only if it is being used. And I tried to provide good documentation on how to use it. /WEB-INF/policy.xml works. The code is pretty straightforward. Only those permissions which the global policy.xml allow can be configured in the web app. This is done using the Permissions.implies() method. And the web app can only configure permissions for code sources that exist within its context directory. I plan on putting this into production and I am very paranoid when it comes to security. However I'm -1 on adding deps on castor and doing schema validations - at least at this stage ( and after the experience we had with web.xml schemas ). Castor is very nice, but is also a big thing. What experience was it that we had with web.xml schemas? I have used Castor on other projects. It does more than validation, it is also used to generate Java source code when Tomcat is built for the XML Schema elements. Tomcat on a production system already takes up a huge amount of resources (memory), I don't think the extra memory required by Castor classes would be noticed. And those resources would only get used if you use the XML based policy files. The current policy file is standard and likely to be understood by tools. XML may be in theory easier, however I doubt too many tools understand this particular DTD. So I prefer keeping the current file format as default, at least until a standard security policy DTD is defined ( standard == we're not the only ones using it :-). The current policy file also has its limitations. This new policy.xml is more intutitive to configure. Any tool which understands XML can be used to configure your XML Policy files, such as XML Spy. The JVM itself anticipated a need for alternative application specific Policy implementations and has the hooks for doing it. Are you aware of anyone working on a new standard? Is there a JSR? If you need this functionality - I would propose making it a separate module ( sort of add-on to tomcat ), instead of bundling it with tomcat by default. This isn't just for me. The type of features the XML Policy code add have been requested in discussions I have had about the Java SecurityManager at ApacheCon and JavaOne. There currently are no official Tomcat add on modules. Everything comes bundled with it. There have been discussions about this, the end result being that it is easier for the user if everything is bundled together. There are a number of Tomcat features that I don't use such as webdav, ssi, and cgi to name a few. I just remove those things I don't need. If you don't need to use the policy based XML, don't use it. Regards, Glenn -- Costin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [JK2] new uriMap using hostname:port
I do not know what is wrong, but I just updated the jk subdirectory from the CVS, built mod_jk2.so by running make in jk/native2, installed it to apache2/conf and tried different combinations of workers2.properties: START OF workers2.properties [logger] level=DEBUG [shm] file=/usr/local/apache2/logs/jk2.shm size=1048576 [uriMap:] debug=10 [status:status] debug=10 ## TRY1 #[uri:*] #alias=localhost #[uri:/jkstatus/*] #worker=status:status ## TRY2 #[uri:localhost] #debug=10 #[uri:localhost/jkstatus/*] #worker=status:status ## TRY3 #[uri:localhost:80] #debug=10 #[uri:localhost:80/jkstatus/*] #worker=status:status ## TRY4 [uri:www.i-com.com:8019] debug=10 [uri:www.i-com.com:8019/jkstatus/*] worker=status:status END OF workers2.properties All of them failed with the following message in error log [Tue Sep 24 10:13:07 2002] [notice] uriMap.mapUri() cannot find host localhost/ or for TRY4: [Tue Sep 24 10:18:36 2002] [notice] uriMap.mapUri() cannot find host www.i-com.com/ And I do not see messages like this in error log: [Sat Sep 21 18:09:40 2002] (debug ) [jk_uriMap.c (371)] uriMap.init() loaded host www.i-com.com I saw those messages when mappings worked. What can be wrong? Thanks, Dmitry Mladen Turk wrote: -Original Message- From: Dmitry Letin [mailto:[EMAIL PROTECTED]] :-) [uri:*] alias=localhost debug=10 [uri:www.i-com.com:80] debug=10 If the 80 is default server port then you have to ommit it Simply use the [uri:www.i-com.com] The port directive is used for non default ports only. MT. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [JK2] new uriMap using hostname:port
-Original Message- From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] ServerName www.hippo.com:8081 This is the problem (I forgot that the server name can have a port) and a wk2.p file with only [uri:www.hippo.com:8081/examples/*] will not work, to solve it we need to revert the correctHosts function deleted lately ( to create vhost from declared uris ), and use it in uriMap_init, in addition the uriEnv-virtual containst the port if non standard, initializations fails to setup the uri above,it goes to the default host, because the uriEnv-virtual can not be found in the vhosts map, as this map uses the host without port as key.. No, no need to call the correctHosts. uriMap has to check (simple strchr(uri, ':')) if the port is supplied in the server name I have a patch for this from yesterdays source's, i need to integrate your latest changes, but i couldnt do it until night here.. so.. MT. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] commit new Tomcat 4 SecurityManager XML Policy code toCVS
Jean-Francois Arcand wrote: Glenn Nielsen wrote: The JVM itself anticipated a need for alternative application specific Policy implementations and has the hooks for doing it. Are you aware of anyone working on a new standard? Is there a JSR? [FYI] JSR 115 (http://jcp.org/aboutJava/communityprocess/first/jsr115/index.html) Java Authorization Contract for Container is in that direction (for expressing Web Permissions and for moving away from the *.policy file format). The spec doesn't say anything about the way policy file are represented (open the door to new format). The main idea is to have a pluggable Policy Provider. The Policy Provider could represent permission the way it want, and have to publish it using the WebPermission classes defined by the spec. I already made some change in Tomcat 5 to allow the pluggability of a Provider If I understand properly (sorry I wasn't in the group 4 months ago), you are trying to do something similar for all permission type (all permissions described in the policy file). Castor is used to unmarshall your XML policy statement to Permission objects. Is that correct? I would be interested to see the code. Thanks for refering me to this JSR. I quickly skimmed the spec, I will have to read it in greater depth. The primary focus of the JSR seems to be role based policies built on top of JAAS. And that support for this is required in a J2EE 1.4 container but optional for a J2EE 1.3 container. So it could be back ported into Tomcat 4. From quickly skimming the spec it looks like it may address the core feature which spurred my development of an XML based policy. The ability for a web appliation to define its own security permissions. But restricted to those permissions which the container allows to be set (i.e. a sandbox). The JSR is a great deal more complex than what I did but may meet the needs I was trying to address. Yes, Castor is used in the Tomcat build to generate the source for the java classes which implement the XML Schema. Then at runtime those generated classes use the API in the castor xml jar. A tarball with patches and new files for Tomcat 4 is available at: http://duke.more.net/~glenn/tomcat4-xmlpolicy.tar.gz if you would like to review this. Regards, Glenn -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: JBoss 3.0 and Tomcat 4.1
It would require a bit of integration, due to the fact that Tomcat 4.1 changed how it was doing it's XML parsing. Excuse me if I get the details wrong, I haven't looked at this for a few months, but it seems that Tomcat 4.0 used its own XML parser (digester??), then moved to using the commons version. JBoss's integration uses the old versions of the classes and would have to be updated to use the same new commons classes. It wouldn't be TOO dificult, but it's not just replaceable automatically. To me, it seemed as if the JBoss developers do the integration once there is a stable, official release of Tomcat, so they were just waiting for that with the 4.1.x code base. You might want to ping Scott Stark on the JBoss development list (or online forum), he is usually the one who has done the integration. Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., the leading provider of Net business solutions http://www.novell.com [EMAIL PROTECTED] 9/23/02 3:13:06 PM Is there any particular reason why I could not configure Tomcat 4.1 instead of 4.0 to the JBoss 3.0 j2ee server setup? Micael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [JK2] new uriMap using hostname:port
De: Mladen Turk [mailto:[EMAIL PROTECTED]] Enviado el: 24 de septiembre de 2002 16:31 From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] and a wk2.p file with only [uri:www.hippo.com:8081/examples/*] will not work, to solve it we need to revert the correctHosts function deleted lately ( to create vhost from declared uris ), and use it in uriMap_init, in addition the uriEnv-virtual containst the port if non standard, initializations fails to setup the uri above,it goes to the default host, because the uriEnv-virtual can not be found in the vhosts map, as this map uses the host without port as key.. No, no need to call the correctHosts. uriMap has to check (simple strchr(uri, ':')) if the port is supplied in the server name I'm really curious about how the vhosts got created automagically, the only way i've found if resurrecting correctHosts.. but who knows.. :)) To be clear, the only line in my wk2.p file that names the vs is the uri one.., so i really dont understand how the code will create the vhost, without rereading the uriEnv.. as said i'll wait and see, or in the case please explain me how this is done now, i'm losing the clue.. Saludos , Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [JK2] new uriMap using hostname:port
From Dmitry Letin And I do not see messages like this in error log: [Sat Sep 21 18:09:40 2002] (debug ) [jk_uriMap.c (371)] uriMap.init() loaded host www.i-com.com Try setting LogLevel to debug in the httpd.conf Post the ServerName, Listen and VirtualHost from your httpd.conf And the worker2.properties But, Listen 8019 NameVirtualHost *:8019 VirtualHost *:8019 ServerName www.i-com.com:8019 /VirtualHost [uri:www.i-com.com:8019] [uri:www.i-com.com:8019/examples/*] context=/examples Should work. MT. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] commit new Tomcat 4 SecurityManager XML Policy code toCVS
Costin Manolache wrote: Glenn, As a new feature, you need a majority of votes and at least 3 +1. My vote is -1 ( but is not a veto ). Only commits can be vetoed, and I'll probably do so if castor is used - all tomcat is using digester style for xml processing, and we have a proposal to use JNDI to abstract XML processing. If each piece of tomcat start using another technology - maybe jaxb ? or any other xml-to-java we'll end up with a huge mess. I also strongly disagree with doing schema validations at runtime ( i.e. on every run ), so if you really want validation it must be done only once ( and at each file modification ) or be done by the config tools. This code only does validation when the container is started or when a web application context is reloaded. The current implementation using the standard policy file does the same thing only not with XML. Yes, we have webdav bundled - aparently a majority of voters believed it was a good idea. I think it isn't - and if someone propose to remove it and just recommend slide I'll be +1. But that's not a good argument for adding more. My only point is that the current policy is to bundle everything in the Tomcat releases and not provide downloads for separate add on modules. We can discuss whether we want to change that policy. My major concerns are: - integration in a new config mechanism. If you don't like JNDI/JMX proposal, make another one - but we should have a consistent way of dealing with config ( as API ). - castor use. I like castor - and if a proposal is made to use castor in all xml processing, I may be +0. But I'm strongly -1 on using castor for policy, digester for server.xml and DOM for jasper. I agree with you in principal. From having worked with the code in Tomcat which uses the digester and the code which the admin application uses for marshalling XML, the current Tomcat 4 code for configuration management looks very brute force. I have been thinking about how the current code works and whether Castor would be a much simpler solution. - DTD - what are jboss or j2ee using for policy ? What other DTDs are in use for this ? XML is just a file format, if everyone uses a different DTD we're in a mess. I very much doubt if any servlet/J2EE containers use the same configuration methods. This is something the specs leave up to the individual implementation. Again, I'm not vetoing ( I can't anyway ) the proposed new feature, I'm just voting against ( proposals like this are majority votes - at least in my understanding ) Costin Glenn Nielsen wrote: I'm -0 on adding yet another config file - WEB-INF/policy.xml is also strange as webapps ( which shouldn't be trusted ) get to set the security policy. This is very tricky - and will need a lot of review. Using Tomcat with the XML based policy file is optional, so it is another config file only if it is being used. And I tried to provide good documentation on how to use it. /WEB-INF/policy.xml works. The code is pretty straightforward. Only those permissions which the global policy.xml allow can be configured in the web app. This is done using the Permissions.implies() method. And the web app can only configure permissions for code sources that exist within its context directory. I plan on putting this into production and I am very paranoid when it comes to security. However I'm -1 on adding deps on castor and doing schema validations - at least at this stage ( and after the experience we had with web.xml schemas ). Castor is very nice, but is also a big thing. What experience was it that we had with web.xml schemas? I have used Castor on other projects. It does more than validation, it is also used to generate Java source code when Tomcat is built for the XML Schema elements. Tomcat on a production system already takes up a huge amount of resources (memory), I don't think the extra memory required by Castor classes would be noticed. And those resources would only get used if you use the XML based policy files. The current policy file is standard and likely to be understood by tools. XML may be in theory easier, however I doubt too many tools understand this particular DTD. So I prefer keeping the current file format as default, at least until a standard security policy DTD is defined ( standard == we're not the only ones using it :-). The current policy file also has its limitations. This new policy.xml is more intutitive to configure. Any tool which understands XML can be used to configure your XML Policy files, such as XML Spy. The JVM itself anticipated a need for alternative application specific Policy implementations and has the hooks for doing it. Are you aware of anyone working on a new standard? Is there a JSR? If you need this functionality - I would propose making it a separate module ( sort of add-on to tomcat ), instead of bundling it with tomcat by default. This isn't just for me. The
RE: [JK2] new uriMap using hostname:port
[uri:www.hippo.com:8081/examples/*] And where is your context :) This is app. [uri:www.hippo.com:8081/examples/*] context=/examples It works (just checked the same config) Do you have Host in the server.xml? Touche!! :)) I dont think i ever tested contexts so may be you are right :)), but in any case i dont like to need this obviously redundant config setting in this simple setup, i'll wait until night here to see how this works, But i suspect that you are doing unadvertly Global mappings, in a wk1.p file with only this couple of lines, is the examples context accesible from _default_ ? , if yes, the problems i were fighting still exist in the VS handling code in jk2.. Saludos , Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [JK2] new uriMap using hostname:port
De: Mladen Turk [mailto:[EMAIL PROTECTED]] Enviado el: 24 de septiembre de 2002 17:03 [uri:www.i-com.com:8019] [uri:www.i-com.com:8019/examples/*] context=/examples Should work. This is exactly what correctHost did :)), to obviate the need to declare hosts in wk2.p file :)), so this is the problem we are having, mistery resolved.. ;) But now i know i'm totally -1 about to delete correctHosts.. The config file should be minimal in the minimal case, less settings needed = less problems for users = less messages in tomcat-user :)).., if one need a complicated setup well, no problem, can be done, but the simplest case ( map a concrete java context to a concrete vs ) should require a one line config file.. Saludos , Ignacio J. Ortega -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [JK2] new uriMap using hostname:port
I have IP-based virtual host, not name-based ### ### http.conf ### ... Listen www.i-com.com:8019 LogLevel debug ... VirtualHost www.i-com.com:8019 ServerName www.i-com.com:8019 ... /VirtualHost ### ### workers2.properties ### [logger] level=DEBUG [shm] file=/usr/local/apache2/logs/jk2.shm size=1048576 [channel.socket:localhost:8013] port=8013 host=127.0.0.1 debug=10 [ajp13:localhost:8013] channel=channel.socket:localhost:8013 debug=10 [uriMap:] debug=10 [status:status] debug=10 [uri:www.i-com.com:8019] debug=10 [uri:www.i-com.com:8019/jkstatus/*] worker=status:status [uri:www.i-com.com:8019/*.jsp] worker=ajp13:localhost:8013 END OF workers2.properties Neither url works: http://www.i-com.com:8019/jkstatus http://www.i-com.com:8019/dhtml/10.jsp Messages in log: [Tue Sep 24 11:29:09 2002] [debug] ../../common/jk_uriMap.c(500): uriMap.mapUri() hostname www.i-com.com port 8019 uri /jkstatus [Tue Sep 24 11:29:09 2002] [notice] uriMap.mapUri() cannot find host www.i-com.com/ [Tue Sep 24 11:28:59 2002] [notice] mod_jk child init 1 -1 [Tue Sep 24 11:29:02 2002] [debug] ../../common/jk_uriMap.c(500): uriMap.mapUri() hostname www.i-com.com port 8019 uri /dhtml/10.jsp [Tue Sep 24 11:29:02 2002] [notice] uriMap.mapUri() cannot find host www.i-com.com/ What is that trailing slash in the cannot find host www.i-com.com/ ? Dmitry Mladen Turk wrote: From Dmitry Letin And I do not see messages like this in error log: [Sat Sep 21 18:09:40 2002] (debug ) [jk_uriMap.c (371)] uriMap.init() loaded host www.i-com.com Try setting LogLevel to debug in the httpd.conf Post the ServerName, Listen and VirtualHost from your httpd.conf And the worker2.properties But, Listen 8019 NameVirtualHost *:8019 VirtualHost *:8019 ServerName www.i-com.com:8019 /VirtualHost [uri:www.i-com.com:8019] [uri:www.i-com.com:8019/examples/*] context=/examples Should work. MT. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [JK2] new uriMap using hostname:port
-Original Message- From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]] This is exactly what correctHost did :)), to obviate the need to declare hosts in wk2.p file :)), so this is the problem we are having, mistery resolved.. ;) But now i know i'm totally -1 about to delete correctHosts.. The config file should be minimal in the minimal case, less settings needed = less problems for users = less messages in tomcat-user :)).., if one need a complicated setup well, no problem, can be done, but the simplest case ( map a concrete java context to a concrete vs ) should require a one line config file.. I agree that it need to much typing, I'm allready working on something like that (correctHosts :-)) MT. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/util SecurityUtil.java LocalStrings.properties
jfarcand2002/09/24 08:52:39 Modified:catalina/src/share/org/apache/catalina/util SecurityUtil.java LocalStrings.properties Log: Change the logging level and use a more appropriate error message. Revision ChangesPath 1.2 +4 -2 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/util/SecurityUtil.java Index: SecurityUtil.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/util/SecurityUtil.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- SecurityUtil.java 13 Sep 2002 22:03:00 - 1.1 +++ SecurityUtil.java 24 Sep 2002 15:52:39 - 1.2 @@ -211,8 +211,10 @@ } catch( PrivilegedActionException pe) { Throwable e = ((InvocationTargetException)pe.getException()).getTargetException(); -if (log.isWarnEnabled()) -log.warn(sm.getString(SecurityUtil.doAsPrivilege), e); +if (log.isDebugEnabled()){ +log.debug(sm.getString(SecurityUtil.doAsPrivilege), e); +} + if (e instanceof UnavailableException) throw (UnavailableException) e; else if (e instanceof ServletException) 1.4 +1 -1 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/util/LocalStrings.properties Index: LocalStrings.properties === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/util/LocalStrings.properties,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- LocalStrings.properties 13 Sep 2002 22:03:00 - 1.3 +++ LocalStrings.properties 24 Sep 2002 15:52:39 - 1.4 @@ -6,5 +6,5 @@ extensionValidator.web-application-manifest=Web Application Manifest extensionValidator.extension-not-found-error=ExtensionValidator[{0}][{1}]: Required extension {2} not found. extensionValidator.extension-validation-error=ExtensionValidator[{0}]: Failure to find {1} required extension(s). -SecurityUtil.doAsPrivilege=The SecurityManager do not allow that operation. +SecurityUtil.doAsPrivilege=An exception occurs when running the PrivilegedExceptionAction block. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
jk 1.2.0 and cygwin (showstoper ?)
I tried to build jk with latest cygwin : - automake used in buildconf.sh didn't support -i I removed it and make configure, make but it failed : $ make Making all in common make[1]: Entering directory `/cygdrive/d/jakarta-tomcat-connectors/jk/native/com mon' /usr/bin/libtool --mode=compile gcc -I/usr/include/apache -g -O2 -DCYGWIN -DUSE_ HSREGEX -DEAPI -DSHARED_CORE -g -O2 -I c:\progra~1\javasoft\1.3.1/include -I c :\progra~1\javasoft\1.3.1/include/Windows_NT -c jk_ajp12_worker.c libtool: invalid number of arguments Try `libtool --help' for more information. make[1]: *** [jk_ajp12_worker.lo] Error 1 make[1]: Leaving directory `/cygdrive/d/jakarta-tomcat-connectors/jk/native/comm on' make: *** [all-recursive] Error 1 gregre@PC0082 /cygdrive/d/jakarta-tomcat-connectors/jk/native Did someone knows what it could be ? BTW, libtool on cygwin is : $ libtool --version ltmain.sh (GNU libtool) 1.4.2 (1.922.2.54 2001/09/11 03:33:37) Also, did you consider that as being a show-stoper ? I'll delay tag of JK 1.2.0 to tomorrow morning after I got PDT people replies... Regards -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] commit new Tomcat 4 SecurityManager XML Policy code to CVS
Glenn Nielsen wrote: This code only does validation when the container is started or when a web application context is reloaded. The current implementation using the standard policy file does the same thing only not with XML. ??? Doing XML schema validation on each server start and webapp reload is what I disagree with. I think the config/deploy tools should use schema and validate as much as they wish - but at runtime it shouldn't be done ( except maybe once and on file change ) That applies to web.xml, tlds and any other xml file. My only point is that the current policy is to bundle everything in the Tomcat releases and not provide downloads for separate add on modules. We can discuss whether we want to change that policy. We don't 'bundle everything' - there are some features that were aproved at some point. But I don't know of any policy of 'bundle everything'. We could create a 'tomcat+everything' distribution ( i.e. struts, velocity, axis, apache-soap, and so on ) - and it may be usefull. But a lot of people would like a smaller 'core' and more features moved in separate modules. In particular, for your policy.xml - that's much more 'core' than webdav for example. And if it is integrated with the rest of the config - and everyone agrees that it's better to use the XML ( with a JMX/JNDI wrapper to integrate into the admin app ) - then we should deprecate the use of the old policy file. - castor use. I like castor - and if a proposal is made to use castor in all xml processing, I may be +0. But I'm strongly -1 on using castor for policy, digester for server.xml and DOM for jasper. I agree with you in principal. From having worked with the code in Tomcat which uses the digester and the code which the admin application uses for marshalling XML, the current Tomcat 4 code for configuration management looks very brute force. I have been thinking about how the current code works and whether Castor would be a much simpler solution. If everyone agrees castor is a better solution - then we should use it. But we should do it consistently. The current proposal is to use a JNDI frontent ( and abstract XML out - i.e. support directory servers and other storages ). That means the current direct XML reading/writing will be changed. - DTD - what are jboss or j2ee using for policy ? What other DTDs are in use for this ? XML is just a file format, if everyone uses a different DTD we're in a mess. I very much doubt if any servlet/J2EE containers use the same configuration methods. This is something the specs leave up to the individual implementation. The whole value of XML is on commons DTDs and schemas. WEB.XML is such a standard - and each container supports it. In many cases it is impossible to get a standard DTD ( server.xml for example ). But for policy ( or the xml used in modeler ) - there are enough common things. If j2ee or jboss or some other app is using an xml policy file - I see no reason why we couldn't use the same DTD but invent our own. Costin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/native2/common jk_uriMap.c
mturk 2002/09/24 09:54:31 Modified:jk/native2/common jk_uriMap.c Log: Create the missing vhosts. Fix the hostname resolution already containing colon and port. Revision ChangesPath 1.42 +22 -6 jakarta-tomcat-connectors/jk/native2/common/jk_uriMap.c Index: jk_uriMap.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/common/jk_uriMap.c,v retrieving revision 1.41 retrieving revision 1.42 diff -u -r1.41 -r1.42 --- jk_uriMap.c 23 Sep 2002 17:38:04 - 1.41 +++ jk_uriMap.c 24 Sep 2002 16:54:31 - 1.42 @@ -238,16 +238,20 @@ { int i, j; char *name; -char vs[1024]; -char vv[1024]; +char vs[1024] = {0}; +char vv[1024] = {0}; int n = uriMap-vhosts-size(env, uriMap-vhosts); if (port) { -sprintf(vs, %s:%d, vhost ? vhost : *, port); -sprintf(vs, *:%d, port); +if (vhost strchr(vhost, ':')) +strcpy(vs, vhost); +else +sprintf(vs, %s:%d, vhost ? vhost : *, port); +sprintf(vv, *:%d, port); } else strcpy(vs, vhost ? vhost : *); + for (i = 0 ; i n ; i++) { jk_uriEnv_t *uriEnv = uriMap-vhosts-valueAt(env, uriMap-vhosts, i); name = uriMap-vhosts-nameAt(env, uriMap-vhosts, i); @@ -273,7 +277,6 @@ return uriMap-vhosts-get(env, uriMap-vhosts, *); } - static int jk2_uriMap_init(jk_env_t *env, jk_uriMap_t *uriMap) { int rc = JK_OK; @@ -290,6 +293,7 @@ return JK_ERR; } } + /* Initialize the context table */ for (i = 0; i uriMap-maps-size(env, uriMap-maps); i++) { jk_uriEnv_t *uriEnv = uriMap-maps-valueAt(env, uriMap-maps, i); @@ -302,6 +306,19 @@ uriEnv-virtual, uriEnv, NULL); } } +/* Create the missing vhosts */ +else if (uriEnv-virtual != NULL strlen(uriEnv-virtual)) { +if (!uriMap-vhosts-get(env, uriMap-vhosts, + uriEnv-virtual)) { +jk2_map_default_create(env, uriEnv-webapps, uriMap-pool); +uriMap-vhosts-put(env, uriMap-vhosts, +uriEnv-virtual, uriEnv, NULL); + +env-l-jkLog(env, env-l, JK_LOG_DEBUG, + uriMap.init() Fixing Host %s\n, + uriEnv-virtual); +} +} } /** Make sure each vhost has a default context @@ -504,7 +521,6 @@ uriMap.mapUri() uri must start with /\n); return NULL; } - hostEnv = jk2_uriMap_hostMap(env, uriMap, vhost, port); if (!hostEnv) { env-l-jkLog(env, env-l, JK_LOG_INFO, -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/native2/common jk_uriMap.c
mturk 2002/09/24 10:07:14 Modified:jk/native2/common jk_uriMap.c Log: Create the missing vhosts. Fix the hostname resolution already containing colon and port. Revision ChangesPath 1.43 +13 -14jakarta-tomcat-connectors/jk/native2/common/jk_uriMap.c Index: jk_uriMap.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/common/jk_uriMap.c,v retrieving revision 1.42 retrieving revision 1.43 diff -u -r1.42 -r1.43 --- jk_uriMap.c 24 Sep 2002 16:54:31 - 1.42 +++ jk_uriMap.c 24 Sep 2002 17:07:14 - 1.43 @@ -299,24 +299,23 @@ jk_uriEnv_t *uriEnv = uriMap-maps-valueAt(env, uriMap-maps, i); if (uriEnv == NULL) continue; -if (uriEnv-match_type == MATCH_TYPE_HOST) { -jk2_map_default_create(env, uriEnv-webapps, uriMap-pool); -if (uriEnv-virtual != NULL strlen(uriEnv-virtual)) { -uriMap-vhosts-put(env, uriMap-vhosts, -uriEnv-virtual, uriEnv, NULL); -} -} -/* Create the missing vhosts */ -else if (uriEnv-virtual != NULL strlen(uriEnv-virtual)) { -if (!uriMap-vhosts-get(env, uriMap-vhosts, - uriEnv-virtual)) { +if (uriEnv-virtual != NULL strlen(uriEnv-virtual)) { +if (uriEnv-match_type == MATCH_TYPE_HOST) { jk2_map_default_create(env, uriEnv-webapps, uriMap-pool); uriMap-vhosts-put(env, uriMap-vhosts, uriEnv-virtual, uriEnv, NULL); +} +else { /* Create the missing vhosts */ +if (!uriMap-vhosts-get(env, uriMap-vhosts, + uriEnv-virtual)) { +jk2_map_default_create(env, uriEnv-webapps, uriMap-pool); +uriMap-vhosts-put(env, uriMap-vhosts, +uriEnv-virtual, uriEnv, NULL); -env-l-jkLog(env, env-l, JK_LOG_DEBUG, - uriMap.init() Fixing Host %s\n, - uriEnv-virtual); +env-l-jkLog(env, env-l, JK_LOG_DEBUG, + uriMap.init() Fixing Host %s\n, + uriEnv-virtual); +} } } } -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12755] - welcome file for jsp does not work
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12755. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12755 welcome file for jsp does not work [EMAIL PROTECTED] changed: What|Removed |Added Severity|Normal |Major -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12457] - Filter does not work when RequestDispatcher uses INCLUDE value
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12457. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12457 Filter does not work when RequestDispatcher uses INCLUDE value [EMAIL PROTECTED] changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|FIXED | --- Additional Comments From [EMAIL PROTECTED] 2002-09-24 17:41 --- In the lastest Integration with J2EE RI, this problem occured again. It was fixed before -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
[5.0] Build issue - where is jasper.runtime.el and why is it checked in as binary ?
See the subject :-) I'm talking about jasper2/lib/jsp2el.jar - it contains org.apache.jasper.runtime.el classes. There is no reason to check in the binary and not the sources ! -- Costin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 11849] - Nested includes with JSTL1.0EA do not work
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11849. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11849 Nested includes with JSTL1.0EA do not work --- Additional Comments From [EMAIL PROTECTED] 2002-09-24 17:53 --- I'd like to close this bug. Since you said it would require too much effort on your side to upgrade to JSTL 1.0 FCS, and Remy thinks this might be a bug in JSTL with respect to tag reuse, could you configure your Tomcat to disable tag pooling, by adding this entry to your ${tomcat.build}/conf/web.xml: init-param param-nameenablePooling/param-name param-valuefalse/param-value /init-param You need to add the above to the servlet element that has a servlet-name of jsp. If things work fine with this configuration change, we will have proven that the bug really belongs to JSTL's EA version instead of Jasper. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
[PATCH] jakarta-servletapi-5: Additional XSD file patches
Attached is a patch to bring the other Servlet 2.4 XSD files up to date with the JSP patch I submitted on September 19. Files modified: - jsr154/src/share/dtd/j2ee_1_4.xsd - jsr154/src/share/dtd/web-app_2_4.xsd - jsr154/src/share/dtd/xml.xsd -- Mark Roth, Java Software JSP 2.0 Co-Specification Lead Sun Microsystems, Inc. Index: jsr154/src/share/dtd/j2ee_1_4.xsd === RCS file: /home/cvspublic/jakarta-servletapi-5/jsr154/src/share/dtd/j2ee_1_4.xsd,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 j2ee_1_4.xsd --- jsr154/src/share/dtd/j2ee_1_4.xsd 13 Aug 2002 16:21:47 - 1.1.1.1 +++ jsr154/src/share/dtd/j2ee_1_4.xsd 24 Sep 2002 17:56:24 - @@ -9,7 +9,7 @@ version=1.4 xsd:annotation xsd:documentation -@(#)j2ee_1_4.xsds 1.20 02/07/12 +@(#)j2ee_1_4.xsds 1.28 02/09/19 /xsd:documentation /xsd:annotation @@ -74,6 +74,8 @@ xsd:import namespace=http://www.w3.org/XML/1998/namespace; schemaLocation=http://www.w3.org/2001/xml.xsd/ +xsd:include schemaLocation=j2ee_web_services_client_1_1.xsd/ + !-- -- @@ -123,11 +125,39 @@ type=xsd:anyURI/ xsd:attribute name=mustUnderstand type=xsd:boolean/ +xsd:attribute name=id type=xsd:ID/ /xsd:complexType !-- -- +xsd:group name=descriptionGroup +xsd:annotation +xsd:documentation + +This group is used to keep the contained elements in a consistent +order across J2EE deployment descriptors. + +/xsd:documentation +/xsd:annotation +xsd:sequence +xsd:element name=description + type=j2ee:descriptionType + minOccurs=0 + maxOccurs=unbounded/ +xsd:element name=display-name + type=j2ee:display-nameType + minOccurs=0 + maxOccurs=unbounded/ +xsd:element name=icon + type=j2ee:iconType + minOccurs=0 + maxOccurs=unbounded/ +/xsd:sequence +/xsd:group + +!-- -- + xsd:complexType name=descriptionType xsd:annotation xsd:documentation @@ -147,13 +177,11 @@ /xsd:documentation /xsd:annotation - xsd:simpleContent -xsd:extension base=xsd:string -xsd:attribute ref=xml:lang/ +xsd:extension base=j2ee:xsdStringType +xsd:attribute ref=xml:lang/ /xsd:extension /xsd:simpleContent - /xsd:complexType !-- -- @@ -187,24 +215,22 @@ Example: ... - display-name xml:lang=enEmployee Self Service/display-name + lt;display-name xml:lang=enEmployee Self Servicelt;/display-name The value of the xml:lang attribute is en (English) by default. /xsd:documentation /xsd:annotation - xsd:simpleContent xsd:extension base=j2ee:string -xsd:attribute ref=xml:lang/ +xsd:attribute ref=xml:lang/ /xsd:extension /xsd:simpleContent - /xsd:complexType !-- -- -xsd:simpleType name=ejb-linkType +xsd:complexType name=ejb-linkType xsd:annotation xsd:documentation @@ -226,16 +252,18 @@ Examples: +![CDATA[ ejb-linkEmployeeRecord/ejb-link ejb-link../products/product.jar#ProductEJB/ejb-link +]] /xsd:documentation /xsd:annotation - -xsd:restriction base=j2ee:string/ - -/xsd:simpleType +xsd:simpleContent +xsd:restriction base=j2ee:string/ +/xsd:simpleContent +/xsd:complexType !-- -- @@ -275,13 +303,17 @@ xsd:element name=ejb-link type=j2ee:ejb-linkType minOccurs=0/ +xsd:element name=deployment-extension + type=j2ee:deployment-extensionType + minOccurs=0 + maxOccurs=unbounded/ /xsd:sequence - +xsd:attribute name=id type=xsd:ID/ /xsd:complexType !-- -- -xsd:simpleType name=ejb-ref-nameType +xsd:complexType name=ejb-ref-nameType xsd:annotation xsd:documentation @@ -295,18 +327,18 @@ Example: -ejb-ref-nameejb/Payroll/ejb-ref-name +lt;ejb-ref-nameejb/Payrolllt;/ejb-ref-name /xsd:documentation /xsd:annotation - -xsd:restriction base=j2ee:jndi-nameType/ - -/xsd:simpleType +xsd:simpleContent +xsd:restriction base=j2ee:jndi-nameType/ +/xsd:simpleContent +/xsd:complexType !-- -- -xsd:simpleType name=ejb-ref-typeType +xsd:complexType name=ejb-ref-typeType xsd:annotation xsd:documentation @@ -321,13 +353,13 @@ /xsd:documentation /xsd:annotation - -xsd:restriction base=j2ee:string -
DO NOT REPLY [Bug 12968] New: - [Possible security hole?] package.access security in Catalina/CatalinaService
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12968. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12968 [Possible security hole?] package.access security in Catalina/CatalinaService Summary: [Possible security hole?] package.access security in Catalina/CatalinaService Product: Tomcat 4 Version: 4.0.4 Final Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] From looking at the Tomcat 4.0.4 source (I can imagine this hasn't changed in Tomcat 4.1.x), when Tomcat starts up, the Catalina class dynamically sets up package.access security when a SecurityManager is enabled. Specifically, it adds protection to org.apache.catalina.,org.apache.jasper.. However, this won't protect the package org.apache.catalina itself, just the subpackages like org.apache.catalina.core. Is this a security bug? In addition to the existing package.access check, shouldn't the dynamic package.access logic also try to protect org.apache.catalina,org.apache.jasper? (Note that these *don't* have the trailing period.) Thanks, Eddie -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12755] - welcome file for jsp does not work
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12755. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12755 welcome file for jsp does not work [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |ASSIGNED -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12657] - using name-from-attribute in tld causes NullPointerException
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12657. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12657 using name-from-attribute in tld causes NullPointerException --- Additional Comments From [EMAIL PROTECTED] 2002-09-24 19:14 --- it appears that this may have been 'user error'. upon closer investigation, knowing what i now know, i think i was mistaken about the getXXX() referenced by the name-from-attribute element, it was probably returning null, causing the NullPointerException. as it stands (with 4.1.11 at least) i am able to repro the error using an invalid config (getXX returns null) but unable to repro using a valid config. probably needs to be marked 'not-a-bug'. although, it might makes sense to have the engine capture NullPointerExceptions in that case, and display an error message a bit more helpful. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12755] - welcome file for jsp does not work
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12755. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12755 welcome file for jsp does not work --- Additional Comments From [EMAIL PROTECTED] 2002-09-24 19:49 --- Created an attachment (id=3203) a build tree for a war file that demonstrates working welcome files. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12755] - welcome file for jsp does not work
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12755. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12755 welcome file for jsp does not work --- Additional Comments From [EMAIL PROTECTED] 2002-09-24 19:50 --- Humm... I am having difficulty reproducing this. I have attached a testcase that seems to demonstrate that everything is working -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12926] - java.net.URLEncoder.encode problem with JDK 1.4.1
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12926. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12926 java.net.URLEncoder.encode problem with JDK 1.4.1 [EMAIL PROTECTED] changed: What|Removed |Added Priority|Other |High --- Additional Comments From [EMAIL PROTECTED] 2002-09-24 20:01 --- same issue on w2k, seems the jasper have to convert data type before calling the java.net.URLEncoder, upgrade the priority since many people pass integer values, such as xx id, thru the jsp:param tags -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 9936] - http tunnel could not work with mod_jk
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9936. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9936 http tunnel could not work with mod_jk --- Additional Comments From [EMAIL PROTECTED] 2002-09-24 20:11 --- the attachment (id=2110) was a zip file, includes a simple netscape 4 plug-in -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
nacho 2002/09/24 13:15:07 Modified:jk/native2/server/isapi jk_isapi_plugin.c Log: Add a test for 443 as default port Revision ChangesPath 1.48 +3 -3 jakarta-tomcat-connectors/jk/native2/server/isapi/jk_isapi_plugin.c Index: jk_isapi_plugin.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/server/isapi/jk_isapi_plugin.c,v retrieving revision 1.47 retrieving revision 1.48 diff -u -r1.47 -r1.48 --- jk_isapi_plugin.c 23 Sep 2002 18:36:38 - 1.47 +++ jk_isapi_plugin.c 24 Sep 2002 20:15:07 - 1.48 @@ -95,7 +95,7 @@ static int is_inited = JK_FALSE; static int is_mapread = JK_FALSE; static int was_inited = JK_FALSE; -static int auth_notification_flags = 0; +static DWORD auth_notification_flags = 0; static int use_auth_notification_flags = 0; static jk_workerEnv_t *workerEnv; @@ -342,7 +342,7 @@ } } szPort = atoi(Port); -if (szPort == 80) +if (szPort == 80 || szPort == 443) szPort = 0; env-l-jkLog(env, env-l, JK_LOG_DEBUG, In HttpFilterProc Virtual Host redirection of %s : %d\n, -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
How can I maintain sessions between IIS and Tomcat?
Hello everybody! I have installed Tomcat as plug-in of Internet Information Server (IIS) to support JSP/Servlet, using the ISAPI filter. So I can support ASP pages thanks to IIS and Servlets/JSP-pages thanks to Tomcat. All works well if I don't use sessions. In fact if I create an user-session (object) in a JSP page or in a servlet, and then I insert information in it (using setAttribute() method of HttpSession class) , the session object just created is not visible in an ASP page. The same thing happens if I create the session in an ASP page: the session will not visible in a JSP page. It seems that IIS and Tomcat can't exchange session information between them...why? How can I solve this problem? Must I configure the ISAPI filter in some way? If yes..how? I hope someone can help me. Thanks in advance! Luca -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [POLL] Tomcat 3.3.2 updates
- Original Message - From: Henri Gomez [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Sent: Tuesday, September 24, 2002 1:38 AM Subject: Re: [POLL] Tomcat 3.3.2 updates Larry Isaacs wrote: Hi Henri, I would prefer to minimize the impact of upgrading from 3.3.1 to 3.3.2. I agree with Costin that using 4 with documentation on the steps to enable the MxInterceptor would be a resonable way to implement this. So I'll have to take a look at MxInterceptor to see if nothing is broken ... BTW, I could spend sometimes to play ClassLoader, making MxInterceptor loading mx4j/mx4-tools from container ClassLoader but I need some advices. You can get the loader from ContextManager.getContainerLoader(). -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-connectors/jk/xdocs faq.xml
I think this also applies to 1.3. It's just that MMN in it hasn't been changed for a while. Bojan On Tue, 2002-09-24 at 20:23, [EMAIL PROTECTED] wrote: hgomez 2002/09/24 03:23:51 Modified:jk/xdocs faq.xml Log: Add information about MMNB (Magic Module Number bump) of Apache 2.0 Revision ChangesPath 1.4 +2 -2 jakarta-tomcat-connectors/jk/xdocs/faq.xml Index: faq.xml === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/xdocs/faq.xml,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- faq.xml 20 Sep 2002 21:35:31 - 1.3 +++ faq.xml 24 Sep 2002 10:23:51 - 1.4 @@ -220,7 +220,7 @@ subsection name=Apache 2.0 complains about incorrect module version p Since Apache 2.0 API still change often, the Apache 2.0 teams decide to put in headers of compiled modules the -Apache 2.0 version used to compile the module. +Apache 2.0 version used to compile the module. This check is called Magic Module Number bump. /p p At start time Apache 2.0 check that version in modules headers and stop if it detect that a module was compiled -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: How can I maintain sessions between IIS and Tomcat?
Hi Luca, ASP and JSP (IIS, Tomcat) are too separate server side languages and runtimes, hence there is no way to have them talk to each other via a Session Object since they each store sessions in a different manner. You may pass variables back and forth between them via a normal HTML manner but thats about it. Or you may choose to write to disk. -Matt --- Luca Ventura [EMAIL PROTECTED] wrote: Hello everybody! I have installed Tomcat as plug-in of Internet Information Server (IIS) to support JSP/Servlet, using the ISAPI filter. So I can support ASP pages thanks to IIS and Servlets/JSP-pages thanks to Tomcat. All works well if I don't use sessions. In fact if I create an user-session (object) in a JSP page or in a servlet, and then I insert information in it (using setAttribute() method of HttpSession class) , the session object just created is not visible in an ASP page. The same thing happens if I create the session in an ASP page: the session will not visible in a JSP page. It seems that IIS and Tomcat can't exchange session information between them...why? How can I solve this problem? Must I configure the ISAPI filter in some way? If yes..how? I hope someone can help me. Thanks in advance! Luca -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] = int myName() { cout -Matt Fury \n; return 0; } __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources messages.properties messages_es.properties messages_ja.properties
luehe 2002/09/24 14:24:58 Modified:jasper2/src/share/org/apache/jasper/compiler Compiler.java ScriptingVariabler.java jasper2/src/share/org/apache/jasper/resources messages.properties messages_es.properties messages_ja.properties Log: Fixed 12657: using name-from-attribute in tld causes NullPointerException Revision ChangesPath 1.35 +1 -1 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Compiler.java Index: Compiler.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Compiler.java,v retrieving revision 1.34 retrieving revision 1.35 diff -u -r1.34 -r1.35 --- Compiler.java 13 Sep 2002 20:35:36 - 1.34 +++ Compiler.java 24 Sep 2002 21:24:58 - 1.35 @@ -283,7 +283,7 @@ long t3=System.currentTimeMillis(); // Determine which custom tag needs to declare which scripting vars - ScriptingVariabler.set(pageNodes); + ScriptingVariabler.set(pageNodes, errDispatcher); // generate servlet .java file Generator.generate(writer, this, pageNodes); 1.5 +16 -8 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/ScriptingVariabler.java Index: ScriptingVariabler.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/ScriptingVariabler.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- ScriptingVariabler.java 9 Sep 2002 23:24:14 - 1.4 +++ ScriptingVariabler.java 24 Sep 2002 21:24:58 - 1.5 @@ -100,9 +100,11 @@ */ static class ScriptingVariableVisitor extends Node.Visitor { + private ErrorDispatcher err; private Hashtable scriptVars; - - public ScriptingVariableVisitor() { + + public ScriptingVariableVisitor(ErrorDispatcher err) { + this.err = err; scriptVars = new Hashtable(); } @@ -113,7 +115,8 @@ setScriptingVars(n, VariableInfo.AT_END); } - private void setScriptingVars(Node.CustomTag n, int scope) { + private void setScriptingVars(Node.CustomTag n, int scope) + throws JasperException { TagVariableInfo[] tagVarInfos = n.getTagVariableInfos(); VariableInfo[] varInfos = n.getVariableInfos(); @@ -162,6 +165,10 @@ if (varName == null) { varName = n.getTagData().getAttributeString( tagVarInfos[i].getNameFromAttribute()); + if (varName == null) { + err.jspError(n, jsp.error.scripting.variable.missing_name, + tagVarInfos[i].getNameFromAttribute()); + } } Integer currentRange = (Integer) scriptVars.get(varName); @@ -177,8 +184,9 @@ } } -public static void set(Node.Nodes page) throws JasperException { +public static void set(Node.Nodes page, ErrorDispatcher err) + throws JasperException { page.visit(new CustomTagCounter()); - page.visit(new ScriptingVariableVisitor()); + page.visit(new ScriptingVariableVisitor(err)); } } 1.42 +2 -1 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages.properties Index: messages.properties === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages.properties,v retrieving revision 1.41 retrieving revision 1.42 diff -u -r1.41 -r1.42 --- messages.properties 17 Sep 2002 20:21:25 - 1.41 +++ messages.properties 24 Sep 2002 21:24:58 - 1.42 @@ -303,3 +303,4 @@ jsp.error.tagdirective.badbodycontent=Invalid body-content ({0}) in tag directive jsp.error.page.pageencoding.conflict=Page-encoding specified in jsp-property-group ({0}) is different from that specified in page directive ({1}) jsp.error.attribute.non_rt_with_expr=According to TLD, attribute {0} does not accept any expressions +jsp.error.scripting.variable.missing_name=Unable to determine scripting variable name from attribute {0} 1.14 +2 -1 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages_es.properties Index: messages_es.properties === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages_es.properties,v retrieving revision 1.13
DO NOT REPLY [Bug 12657] - using name-from-attribute in tld causes NullPointerException
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12657. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12657 using name-from-attribute in tld causes NullPointerException [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2002-09-24 21:31 --- Fixed. NPE is now prevented, and meaningful error message (at translation time) displayed instead. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability
This may be true (though I have never tested it). What's easier though? Upgrading a Tomcat server with a patch or re-architecting your whole site to accomodate for Velocity?? ;-) -Matt --- Jon Scott Stevens [EMAIL PROTECTED] wrote: on 2002/9/24 4:59 AM, Remy Maucherat [EMAIL PROTECTED] wrote: A security vulnerability has been confirmed to exist in all Apache Tomcat 4.x releases (including Tomcat 4.0.4 and Tomcat 4.1.10), which allows to use a specially crafted URL to return the unprocessed source of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security constraint, without the need for being properly authenticated. Once again...JSP sucks and Velocity is the right way to go...you will never have to worry about your container spilling your beans (pun intended). Given that Tomcat gets around 100k+ downloads/week...imagine how many servers now need to be updated and how much money and time that will cost to do so? http://jakarta.apache.org/velocity/ Wake up people. Velocity is faster and more secure than JSP will ever be. -jon -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] = int myName() { cout -Matt Fury \n; return 0; } __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12719] - While specifying jspconfiguration element / jsp/* is not accepted as a url pattern
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12719. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12719 While specifying jspconfiguration element / jsp/* is not accepted as a url pattern [EMAIL PROTECTED] changed: What|Removed |Added Component|Jasper2 |Catalina --- Additional Comments From [EMAIL PROTECTED] 2002-09-24 21:55 --- This appears to be a Catalina problem. By the time org.apache.jasper.servlet.JspServlet.service is invoked, request.getServletPath() returns /jsp2/jspconfneg/include instead of /jsp2/jspconfneg/include/WC.jsp. Thus the 404. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [SECURITY] Apache Tomcat 4.x JSP source disclosurevulnerability
on 2002/9/24 4:59 AM, Remy Maucherat [EMAIL PROTECTED] wrote: A security vulnerability has been confirmed to exist in all Apache Tomcat 4.x releases (including Tomcat 4.0.4 and Tomcat 4.1.10), which allows to use a specially crafted URL to return the unprocessed source of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security constraint, without the need for being properly authenticated. Once again...JSP sucks and Velocity is the right way to go...you will never have to worry about your container spilling your beans (pun intended). Given that Tomcat gets around 100k+ downloads/week...imagine how many servers now need to be updated and how much money and time that will cost to do so? http://jakarta.apache.org/velocity/ Wake up people. Velocity is faster and more secure than JSP will ever be. -jon -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12978] New: - Tomcat doesn't pick up error pages.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12978. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12978 Tomcat doesn't pick up error pages. Summary: Tomcat doesn't pick up error pages. Product: Tomcat 4 Version: 4.1.12 Platform: PC OS/Version: Windows XP Status: NEW Severity: Minor Priority: Other Component: Connector:Webapp AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] I have the following in web.xml: error-page error-code500/error-code location/errorPage.jsp/location /error-page error-page exception-typejavax.servlet.ServletException/exception-type location/errorPage.jsp/location /error-page However, I keep getting stacktraces instead of my error page. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 12978] - Tomcat doesn't pick up error pages.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12978. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12978 Tomcat doesn't pick up error pages. --- Additional Comments From [EMAIL PROTECTED] 2002-09-24 22:24 --- This seems to be the same thing that is happening in Bug #11091. I don't know of a solution, but I do have a potential workaround that you could try: If you change the exception-type parameter to java.lang.Throwable or java.lang.Exception, you should see your custom error page again. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [POLL] Tomcat 3.3.2 updates
Bill Barker wrote: - Original Message - From: Henri Gomez [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Sent: Tuesday, September 24, 2002 1:38 AM Subject: Re: [POLL] Tomcat 3.3.2 updates Larry Isaacs wrote: Hi Henri, I would prefer to minimize the impact of upgrading from 3.3.1 to 3.3.2. I agree with Costin that using 4 with documentation on the steps to enable the MxInterceptor would be a resonable way to implement this. So I'll have to take a look at MxInterceptor to see if nothing is broken ... BTW, I could spend sometimes to play ClassLoader, making MxInterceptor loading mx4j/mx4-tools from container ClassLoader but I need some advices. You can get the loader from ContextManager.getContainerLoader(). I tried to use it before loading JMX or JMXTOOLS class but it didn't works. Some working example are welcomed. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/native/common jk_global.h
hgomez 2002/09/24 15:34:08 Modified:jk/native/common jk_global.h Log: no socketvars.h on CYGWIN Revision ChangesPath 1.22 +2 -2 jakarta-tomcat-connectors/jk/native/common/jk_global.h Index: jk_global.h === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native/common/jk_global.h,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- jk_global.h 4 Sep 2002 11:31:33 - 1.21 +++ jk_global.h 24 Sep 2002 22:34:08 - 1.22 @@ -98,7 +98,7 @@ #include netinet/tcp.h #include arpa/inet.h #include sys/un.h -#if !defined(_OSD_POSIX) !defined(AS400) +#if !defined(_OSD_POSIX) !defined(AS400) !defined(CYGWIN) #include sys/socketvar.h #endif #if !defined(HPUX11) !defined(AS400) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/native2/common jk_channel_socket.c
hgomez 2002/09/24 15:36:28 Modified:jk/native2/common jk_channel_socket.c Log: AS/400 back port from 1.2.0. notice here that we should use gethostbyname_r for multi-thread support Revision ChangesPath 1.40 +17 -1 jakarta-tomcat-connectors/jk/native2/common/jk_channel_socket.c Index: jk_channel_socket.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/common/jk_channel_socket.c,v retrieving revision 1.39 retrieving revision 1.40 diff -u -r1.39 -r1.40 --- jk_channel_socket.c 24 Sep 2002 09:05:50 - 1.39 +++ jk_channel_socket.c 24 Sep 2002 22:36:28 - 1.40 @@ -207,6 +207,10 @@ int x; u_long laddr; +#ifdef AS400 +memset(rc, 0, sizeof(struct sockaddr_in)); +#endif + rc-sin_port = htons((short)port); rc-sin_family = AF_INET; @@ -218,11 +222,23 @@ } if(host[x] != '\0') { -/* If we found also characters we use gethostbyname()*/ +#ifdef AS400 + /* If we found also characters we use gethostbyname_r()*/ + struct hostent hostentry; + struct hostent *hoste = hostentry; + struct hostent_data hd; + memset( hd, 0, sizeof(struct hostent_data) ); + if ( (gethostbyname_r( host, hoste, hd )) != 0 ) { +return JK_ERR; + } +#else /* If we found also characters we use gethostbyname()*/ + /* XXX : WARNING : We should really use gethostbyname_r in multi-threaded env */ + /* take a look at APR which handle gethostbyname in apr/network_io/unix/sa_common.c */ struct hostent *hoste = gethostbyname(host); if(!hoste) { return JK_ERR; } +#endif laddr = ((struct in_addr *)hoste-h_addr_list[0])-s_addr; } else { -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/native2/common jk_config_file.c jk_logger_file.c
hgomez 2002/09/24 15:37:13 Modified:jk/native2/common jk_config_file.c jk_logger_file.c Log: AS/400 back port from 1.2.0. Revision ChangesPath 1.5 +11 -3 jakarta-tomcat-connectors/jk/native2/common/jk_config_file.c Index: jk_config_file.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/common/jk_config_file.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- jk_config_file.c 8 Jul 2002 13:40:41 - 1.4 +++ jk_config_file.c 24 Sep 2002 22:37:13 - 1.5 @@ -83,7 +83,11 @@ if( workerFile== NULL ) return JK_ERR; -fp= fopen(workerFile, w); +#ifdef AS400 + fp = fopen(workerFile, w, o_ccsid=0); +#else + fp = fopen(workerFile, w); +#endif if(fp==NULL) return JK_ERR; @@ -226,8 +230,12 @@ if(m==NULL || file==NULL ) return JK_ERR; -fp= fopen(file, r); - +#ifdef AS400 +fp = fopen(file, r, o_ccsid=0); +#else +fp = fopen(file, r); +#endif + if(fp==NULL) return JK_ERR; 1.33 +8 -2 jakarta-tomcat-connectors/jk/native2/common/jk_logger_file.c Index: jk_logger_file.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/common/jk_logger_file.c,v retrieving revision 1.32 retrieving revision 1.33 diff -u -r1.32 -r1.33 --- jk_logger_file.c 10 Sep 2002 13:40:08 - 1.32 +++ jk_logger_file.c 24 Sep 2002 22:37:13 - 1.33 @@ -160,7 +160,13 @@ if( strcmp( stderr, _this-name )==0 ) { _this-logger_private = stderr; } else { -f = fopen(_this-name, a+); + +#ifdef AS400 + f = fopen(_this-name, a+, o_ccsid=0); +#else + f = fopen(_this-name, a+); +#endif + if(f==NULL) { _this-jkLog(env, _this,JK_LOG_ERROR, Can't open log file %s\n, _this-name ); -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/native2/common jk_msg_ajp.c
hgomez 2002/09/24 15:39:21 Modified:jk/native2/common jk_msg_ajp.c Log: AS/400 / BS2000 back port from 1.2.0. Revision ChangesPath 1.19 +22 -3 jakarta-tomcat-connectors/jk/native2/common/jk_msg_ajp.c Index: jk_msg_ajp.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/common/jk_msg_ajp.c,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- jk_msg_ajp.c 23 Jun 2002 15:54:13 - 1.18 +++ jk_msg_ajp.c 24 Sep 2002 22:39:21 - 1.19 @@ -253,8 +253,8 @@ } -static int jk2_msg_ajp_appendString(jk_env_t *env, jk_msg_t *msg, -const char *param) +static int jk2_msg_ajp_appendAString(jk_env_t *env, jk_msg_t *msg, + const char *param, int convert) { int len; @@ -273,13 +273,31 @@ /* We checked for space !! */ strncpy((char *)msg-buf + msg-len , param, len+1);/* including \0 */ -jk_xlate_to_ascii((char *)msg-buf + msg-len, len+1); /* convert from EBCDIC if needed */ +#if defined(AS400) || defined(_OSD_POSIX) +if (convert) + jk_xlate_to_ascii((char *)msg-buf + msg-len, len+1); /* convert from EBCDIC if needed */ +#endif msg-len += len + 1; return JK_OK; } + +static int jk2_msg_ajp_appendString(jk_env_t *env, jk_msg_t *msg, +const char *param) +{ +return jk2_msg_ajp_appendAString(env, msg, param, 1); +} + + +static int jk2_msg_ajp_appendAsciiString(jk_env_t *env, jk_msg_t *msg, + const char *param) +{ +return jk2_msg_ajp_appendAString(env, msg, param, 0); +} + + static int jk2_msg_ajp_appendBytes(jk_env_t *env, jk_msg_t *msg, const unsigned char *param, const int len) @@ -516,6 +534,7 @@ msg-appendInt=jk2_msg_ajp_appendInt; msg-appendLong=jk2_msg_ajp_appendLong; msg-appendString=jk2_msg_ajp_appendString; +msg-appendAsciiString=jk2_msg_ajp_appendAsciiString; msg-appendMap=jk2_msg_ajp_appendMap; msg-appendFromServer=jk2_msg_ajp_appendFromServer; -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/native2/common jk_pool.c
hgomez 2002/09/24 15:40:02 Modified:jk/native2/common jk_pool.c Log: AS/400 back port from 1.2.0. Revision ChangesPath 1.11 +10 -5 jakarta-tomcat-connectors/jk/native2/common/jk_pool.c Index: jk_pool.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/common/jk_pool.c,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- jk_pool.c 10 Jun 2002 21:55:06 - 1.10 +++ jk_pool.c 24 Sep 2002 22:40:02 - 1.11 @@ -215,10 +215,15 @@ pp=(jk_pool_private_t *)p-_private; -/* Round size to the upper mult of 8. */ -size -= 1; -size /= 8; -size = (size + 1) * 8; +/* Round size to the upper mult of 8 (or 16 on iSeries) */ + size--; +#ifdef AS400 +size /= 16; +size = (size + 1) * 16; +#else +size /= 8; +size = (size + 1) * 8; +#endif if((pp-size - pp-pos) = (int)size) { /* We have space */ -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/native2/common jk_requtil.c
hgomez 2002/09/24 15:40:38 Modified:jk/native2/common jk_requtil.c Log: AS/400 back port from 1.2.0. Revision ChangesPath 1.25 +8 -0 jakarta-tomcat-connectors/jk/native2/common/jk_requtil.c Index: jk_requtil.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/common/jk_requtil.c,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- jk_requtil.c 26 Aug 2002 09:54:34 - 1.24 +++ jk_requtil.c 24 Sep 2002 22:40:38 - 1.25 @@ -71,6 +71,10 @@ #include jk_env.h #include jk_requtil.h +#ifdef AS400 +#include util_ebcdic.h +#endif + #define CHUNK_BUFFER_PAD (12) static const char *response_trans_headers[] = { @@ -622,7 +626,11 @@ } if (s-query_string) { if (msg-appendByte(env, msg, SC_A_QUERY_STRING) || +#idef AS400 +msg-appendAsciiString(env, msg, s-query_string)) { +#else msg-appendString(env, msg, s-query_string)) { +#endif env-l-jkLog(env, env-l, JK_LOG_ERROR, handle.request() Error serializing query string\n); return JK_ERR; -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/native2/common jk_shm.c
hgomez 2002/09/24 15:41:48 Modified:jk/native2/common jk_shm.c Log: AS/400 back port from 1.2.0. BTW, the AS/400 code should be checked later, since we should know if we have to convert from EBCDIC to ASCII here... Revision ChangesPath 1.29 +13 -1 jakarta-tomcat-connectors/jk/native2/common/jk_shm.c Index: jk_shm.c === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/common/jk_shm.c,v retrieving revision 1.28 retrieving revision 1.29 diff -u -r1.28 -r1.29 --- jk_shm.c 8 Jul 2002 13:37:10 - 1.28 +++ jk_shm.c 24 Sep 2002 22:41:48 - 1.29 @@ -417,7 +417,19 @@ if( name==NULL ) return JK_ERR; -f=fopen(name, a+); +/* + * XXX + * To be checked later, AS400 may need no ccsid + * conversions applied if pure binary, for now + * I assume stream is EBCDIC and need to be converted + * in standard ASCII using codepage 819 + */ +#ifdef AS400 +f = fopen(name, a+, o_ccsid=819); +#else +f = fopen(name, a+); +#endif + fwrite( shm-head, 1, shm-size, f ); fclose( f ); -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/jk/native2/include jk_msg.h jk_global.h
hgomez 2002/09/24 15:45:18 Modified:jk/native2/include jk_msg.h jk_global.h Log: AS/400 back port from 1.2.0. Revision ChangesPath 1.14 +3 -0 jakarta-tomcat-connectors/jk/native2/include/jk_msg.h Index: jk_msg.h === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/include/jk_msg.h,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- jk_msg.h 2 Jul 2002 16:53:59 - 1.13 +++ jk_msg.h 24 Sep 2002 22:45:18 - 1.14 @@ -142,6 +142,9 @@ int (*appendString)(struct jk_env *env, struct jk_msg *_this, const char *param); +int (*appendAsciiString)(struct jk_env *env, struct jk_msg *_this, + const char *param); + int (*appendMap)(struct jk_env *env, struct jk_msg *_this, struct jk_map *map); 1.14 +10 -3 jakarta-tomcat-connectors/jk/native2/include/jk_global.h Index: jk_global.h === RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/include/jk_global.h,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- jk_global.h 10 Jun 2002 23:58:52 - 1.13 +++ jk_global.h 24 Sep 2002 22:45:18 - 1.14 @@ -73,6 +73,13 @@ #include time.h #include ctype.h +#ifdef AS400 +#include ap_config.h +#include apr_strings.h +#include apr_lib.h +extern char *strdup (const char *str); +#endif + #include sys/types.h #include sys/stat.h @@ -119,10 +126,10 @@ #include netinet/tcp.h #include arpa/inet.h #include sys/un.h -#ifndef _OSD_POSIX +#if !defined(_OSD_POSIX) !defined(AS400) !defined(CYGWIN) #include sys/socketvar.h #endif -#ifndef HPUX11 +#if !defined(HPUX11) !defined(AS400) #include sys/select.h #endif #endif -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]