[Bug 63690] [HTTP/2] The socket [*] associated with this connection has been closed.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63690 --- Comment #13 from Boris Petrov --- (In reply to Chen Levy from comment #11) > I encountered a similar issue where multipart form submission resulted in > none of the form parameters being visible from the servlet (no exception or > error). > I created a small test project containing a single HTML file with a > multipart form, and a single servlet. > No Java or JavaScript libraries are involved > > Using the latest Firefox and Chrome I encounter the issue when uploading a > 3MB file. The overheadDataThreadhold="0" setting seem to resolve it > > I'd expect the default Tomcat distribution to allow these kind of activities > without additional configuration > > I can supply/attach additional information if needed > Thanks Chen Levy, if you could provide a simple sample project that, as you say, has no external dependencies and breaks with the default Tomcat configuration on the latest Chrome/Firefox, please do so that Tomcat's team could perhaps take a look and reevaluate the default settings. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
please care and vote for Chinese people under cruel autocracy of CCP, great thanks!
Hi all, Sorry for disturbing you guys. Though I don't think here as a proper place to do this, I need your help, your vote, your holy vote, for us Chinese, for conscience and justice, for better world. In the over 70 years of ruling over China, the Chinese Communist Party has done many horrible things humans can think of. These malicious and evil deeds include but are not limited to: falsifying national history, suppression of freedom of speech and press, money laundering in the scale of trillions, live organ harvesting, sexual harassment and assault to underaged females, slaughtering innocent citizens with counter-revolutionary excuses, etc. In light of the recent violent actions to Hong Kongers by the People's Liberation Army (PLA) disguised as Hong Kong Police Force, we the people petition to officially recognize the Chinese Communist Party as a terrorist organization. PLEASE SIGNUP and VOTE for us: https://petitions.whitehouse.gov/petition/call-official-recognition-chinese-communist-party-terrorist-organization Thanks again for all! nameless, an ant fighter 2019.8.29
buildbot success in on tomcat-7-trunk
The Buildbot has detected a restored build on builder tomcat-7-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-7-trunk/builds/1433 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-7-commit' triggered this build Build Source Stamp: [branch 7.0.x] a486b9e02a0bee2b0c87ee2b5551a82f25cbcf29 Blamelist: Felix Schumacher ,Peter Uhnak Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: fix JSSE_OPTS quoting
This is an automated email from the ASF dual-hosted git repository. fschumacher pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit a486b9e02a0bee2b0c87ee2b5551a82f25cbcf29 Author: Peter Uhnak AuthorDate: Mon Aug 26 11:31:43 2019 +0200 fix JSSE_OPTS quoting Part of #196 on github --- bin/catalina.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/catalina.bat b/bin/catalina.bat index cd08425..239e81c 100755 --- a/bin/catalina.bat +++ b/bin/catalina.bat @@ -206,7 +206,7 @@ set "CLASSPATH=%CLASSPATH%;%CATALINA_HOME%\bin\tomcat-juli.jar" :juliClasspathDone if not "%JSSE_OPTS%" == "" goto gotJsseOpts -set JSSE_OPTS="-Djdk.tls.ephemeralDHKeySize=2048" +set "JSSE_OPTS=-Djdk.tls.ephemeralDHKeySize=2048" :gotJsseOpts set "JAVA_OPTS=%JAVA_OPTS% %JSSE_OPTS%" - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated (6cb87c8 -> a486b9e)
This is an automated email from the ASF dual-hosted git repository. fschumacher pushed a change to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 6cb87c8 BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints new 491d1c9 Fix JSSE_OPTS quoting in catalina.bat new a486b9e fix JSSE_OPTS quoting The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: bin/catalina.bat | 2 +- webapps/docs/changelog.xml | 4 2 files changed, 5 insertions(+), 1 deletion(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: Fix JSSE_OPTS quoting in catalina.bat
This is an automated email from the ASF dual-hosted git repository. fschumacher pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 491d1c93d2f36808f6693dedbfa96b241af87b35 Author: Felix Schumacher AuthorDate: Tue Aug 27 11:55:14 2019 +0200 Fix JSSE_OPTS quoting in catalina.bat Contributed by Peter Uhnak. Part of #196 on github --- webapps/docs/changelog.xml | 4 1 file changed, 4 insertions(+) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 1ff6a47..fae50c6 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -205,6 +205,10 @@ Add simplified Chinese translations to the standard Tomcat distribution. (markt) + +Fix JSSE_OPTS quoting in catalina.bat. +Contributed by Peter Uhnak. (fschumacher) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: fix JSSE_OPTS quoting
This is an automated email from the ASF dual-hosted git repository. fschumacher pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 2f33f550689ce17333a492477f7f35fb728258bf Author: Peter Uhnak AuthorDate: Mon Aug 26 11:31:43 2019 +0200 fix JSSE_OPTS quoting Part of #196 on github --- bin/catalina.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/catalina.bat b/bin/catalina.bat index 982b23f..eaced8d 100755 --- a/bin/catalina.bat +++ b/bin/catalina.bat @@ -206,7 +206,7 @@ set "CLASSPATH=%CLASSPATH%;%CATALINA_HOME%\bin\tomcat-juli.jar" :juliClasspathDone if not "%JSSE_OPTS%" == "" goto gotJsseOpts -set JSSE_OPTS="-Djdk.tls.ephemeralDHKeySize=2048" +set "JSSE_OPTS=-Djdk.tls.ephemeralDHKeySize=2048" :gotJsseOpts set "JAVA_OPTS=%JAVA_OPTS% %JSSE_OPTS%" - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Fix JSSE_OPTS quoting in catalina.bat
This is an automated email from the ASF dual-hosted git repository. fschumacher pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 88ae81a72adcc106917b9a138aa7b3cbe7c569b7 Author: Felix Schumacher AuthorDate: Tue Aug 27 11:55:14 2019 +0200 Fix JSSE_OPTS quoting in catalina.bat Contributed by Peter Uhnak. Part of #196 on github --- webapps/docs/changelog.xml | 4 1 file changed, 4 insertions(+) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index f7c25c0..13c63a6 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -100,6 +100,10 @@ 62140: Additional usage documentation in comments for catalina.[bat|sh]. (markt) + +Fix JSSE_OPTS quoting in catalina.bat. +Contributed by Peter Uhnak. (fschumacher) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated (8b7e6f0 -> 88ae81a)
This is an automated email from the ASF dual-hosted git repository. fschumacher pushed a change to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 8b7e6f0 BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints new 2f33f55 fix JSSE_OPTS quoting new 88ae81a Fix JSSE_OPTS quoting in catalina.bat The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: bin/catalina.bat | 2 +- webapps/docs/changelog.xml | 4 2 files changed, 5 insertions(+), 1 deletion(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63690] [HTTP/2] The socket [*] associated with this connection has been closed.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63690 --- Comment #12 from Christopher Schultz --- (In reply to Mark Thomas from comment #10) > Which is why the threshold doesn't apply to DATA frames with the EOS (end of > stream) flag set. Sending a small request body in a single DATA frame is > fine even if the body is just a single byte. Sending lots of small (less > than 1024 bytes by default) DATA frames when you could send one larger DATA > frame is not. Aha, thanks for pointing out the difference. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56021] SSL connector using windows-my keystore
https://bz.apache.org/bugzilla/show_bug.cgi?id=56021 --- Comment #6 from Christopher Schultz --- (In reply to Martin Stenderup from comment #5) > It seems to be called "keystorePass" some versions of Tomcat 8. Yes, it's "keystorePass" in all currently supported versions of Tomcat. "keystorePassword" is not a valid configuration attribute for any version of Tomcat. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63690] [HTTP/2] The socket [*] associated with this connection has been closed.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63690 --- Comment #11 from Chen Levy --- I encountered a similar issue where multipart form submission resulted in none of the form parameters being visible from the servlet (no exception or error). I created a small test project containing a single HTML file with a multipart form, and a single servlet. No Java or JavaScript libraries are involved Using the latest Firefox and Chrome I encounter the issue when uploading a 3MB file. The overheadDataThreadhold="0" setting seem to resolve it I'd expect the default Tomcat distribution to allow these kind of activities without additional configuration I can supply/attach additional information if needed Thanks -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63701] SSL initialize hangs with OpenSSL 1.1.1
https://bz.apache.org/bugzilla/show_bug.cgi?id=63701 Mladen Turk changed: What|Removed |Added OS||All Status|NEW |NEEDINFO --- Comment #1 from Mladen Turk --- Applied patch https://github.com/apache/tomcat-native/commit/b8649e81458194d70667952d9e26df82a79c773f Please test with various OpenSSL versions -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch master updated: Use new OpenSSL v1.1+ initialization API
This is an automated email from the ASF dual-hosted git repository.
mturk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
The following commit(s) were added to refs/heads/master by this push:
new b8649e8 Use new OpenSSL v1.1+ initialization API
b8649e8 is described below
commit b8649e81458194d70667952d9e26df82a79c773f
Author: Mladen Turk
AuthorDate: Wed Aug 28 18:38:58 2019 +0200
Use new OpenSSL v1.1+ initialization API
---
native/src/ssl.c | 16 ++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/native/src/ssl.c b/native/src/ssl.c
index 9dbdcd4..473ca49 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -371,6 +371,11 @@ static apr_status_t ssl_init_cleanup(void *data)
#endif
free_dh_params();
+#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
+/* Openssl v1.1+ handles all termination automatically. Do
+ * nothing in this case.
+ */
+#else
/*
* Try to kill the internals of the SSL library.
*/
@@ -393,6 +398,7 @@ static apr_status_t ssl_init_cleanup(void *data)
#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)
ERR_remove_thread_state(NULL);
#endif
+#endif
#ifdef HAVE_KEYLOG_CALLBACK
if (key_log_file) {
@@ -783,7 +789,14 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS,
jstring engine)
TCN_FREE_CSTRING(engine);
return (jint)APR_SUCCESS;
}
-
+#if OPENSSL_VERSION_NUMBER >= 0x1010L && !defined(LIBRESSL_VERSION_NUMBER)
+/* Openssl v1.1+ handles all initialisation automatically, apart
+ * from hints as to how we want to use the library.
+ *
+ * We tell openssl we want to include engine support.
+ */
+OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
+#else
/* We must register the library in full, to ensure our configuration
* code can successfully test the SSL environment.
*/
@@ -797,7 +810,6 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS,
jstring engine)
#endif
OPENSSL_load_builtin_modules();
-#if OPENSSL_VERSION_NUMBER < 0x1010L
#if ! (defined(WIN32) || defined(WIN64))
err = apr_threadkey_private_create(&thread_exit_key, _ssl_thread_exit,
tcn_global_pool);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/4569 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] d5f3c97a05e050a1b38b801e9545b92d97c93407 Blamelist: Michael Osipov Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63684] Wrapper never passed to RealmBase#hasRole() for given security constraints
https://bz.apache.org/bugzilla/show_bug.cgi?id=63684 Michael Osipov changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Michael Osipov --- Fixed in: - master for 9.0.25 onwards - 8.5.x for 8.5.46 onwards - 7.0.x for 7.0.97 onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch BZ-63684/8.5.x deleted (was 8b7e6f0)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch BZ-63684/8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. was 8b7e6f0 BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch BZ-63684/9.0.x deleted (was d5f3c97)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch BZ-63684/9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. was d5f3c97 BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch BZ-63684/7.0.x deleted (was 6cb87c8)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch BZ-63684/7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. was 6cb87c8 BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated (29fd3a4 -> 6cb87c8)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 29fd3a4 Fix BZ 62140 Document catalina.[sh|bat] commands add 6cb87c8 BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints No new revisions were added by this update. Summary of changes: java/org/apache/catalina/realm/RealmBase.java | 2 +- .../apache/catalina/realm/UserDatabaseRealm.java | 4 ++- .../apache/catalina/core/TestStandardWrapper.java | 31 +- webapps/docs/changelog.xml | 5 4 files changed, 33 insertions(+), 9 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated (6b125eb -> d5f3c97)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 6b125eb Fix typo (missing a on via) add d5f3c97 BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints No new revisions were added by this update. Summary of changes: java/org/apache/catalina/realm/RealmBase.java | 2 +- .../apache/catalina/realm/UserDatabaseRealm.java | 2 ++ .../apache/catalina/core/TestStandardWrapper.java | 31 +- webapps/docs/changelog.xml | 5 4 files changed, 32 insertions(+), 8 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch BZ-63684/9.0.x updated (18e0445 -> d5f3c97)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch BZ-63684/9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. discard 18e0445 BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints new d5f3c97 BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (18e0445) \ N -- N -- N refs/heads/BZ-63684/9.0.x (d5f3c97) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: test/org/apache/catalina/core/TestStandardWrapper.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/01: BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch BZ-63684/9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit d5f3c97a05e050a1b38b801e9545b92d97c93407
Author: Michael Osipov
AuthorDate: Thu Aug 22 14:34:31 2019 +0200
BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security
constraints
---
java/org/apache/catalina/realm/RealmBase.java | 2 +-
.../apache/catalina/realm/UserDatabaseRealm.java | 2 ++
.../apache/catalina/core/TestStandardWrapper.java | 31 +-
webapps/docs/changelog.xml | 5
4 files changed, 32 insertions(+), 8 deletions(-)
diff --git a/java/org/apache/catalina/realm/RealmBase.java
b/java/org/apache/catalina/realm/RealmBase.java
index 833973a..aa542a7 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -856,7 +856,7 @@ public abstract class RealmBase extends LifecycleMBeanBase
implements Realm {
log.debug(" No user authenticated, cannot grant access");
} else {
for (int j = 0; j < roles.length; j++) {
-if (hasRole(null, principal, roles[j])) {
+if (hasRole(request.getWrapper(), principal, roles[j])) {
status = true;
if( log.isDebugEnabled() )
log.debug( "Role found: " + roles[j]);
diff --git a/java/org/apache/catalina/realm/UserDatabaseRealm.java
b/java/org/apache/catalina/realm/UserDatabaseRealm.java
index a552fc4..64957a9 100644
--- a/java/org/apache/catalina/realm/UserDatabaseRealm.java
+++ b/java/org/apache/catalina/realm/UserDatabaseRealm.java
@@ -108,6 +108,8 @@ public class UserDatabaseRealm extends RealmBase {
}
if (!(principal instanceof User)) {
// Play nice with SSO and mixed Realms
+// No need to pass the wrapper here because role mapping has been
+// performed already a few lines above
return super.hasRole(null, principal, role);
}
if ("*".equals(role)) {
diff --git a/test/org/apache/catalina/core/TestStandardWrapper.java
b/test/org/apache/catalina/core/TestStandardWrapper.java
index 9358345..fbd0046 100644
--- a/test/org/apache/catalina/core/TestStandardWrapper.java
+++ b/test/org/apache/catalina/core/TestStandardWrapper.java
@@ -259,14 +259,14 @@ public class TestStandardWrapper extends TomcatBaseTest {
// No file system docBase required
Context ctx = tomcat.addContext("", null);
-ctx.addRoleMapping("testRole2", "very-complex-role-name");
-/* We won't map "testRole3" to "another-very-complex-role-name" to make
- * it fail intentionally.
- */
+ctx.addRoleMapping("testRole", "very-complex-role-name");
-Wrapper wrapper = Tomcat.addServlet(ctx, "servlet",
TestServlet.class.getName());
+Wrapper wrapper = Tomcat.addServlet(ctx, "servlet",
RoleAllowServlet.class.getName());
ctx.addServletMappingDecoded("/", "servlet");
+ctx.setLoginConfig(new LoginConfig("BASIC", null, null, null));
+ctx.getPipeline().addValve(new BasicAuthenticator());
+
TesterMapRealm realm = new TesterMapRealm();
MessageDigestCredentialHandler ch = new
MessageDigestCredentialHandler();
ch.setAlgorithm("SHA");
@@ -296,10 +296,27 @@ public class TestStandardWrapper extends TomcatBaseTest {
Assert.assertNotNull(p);
Assert.assertEquals("testUser", p.getName());
+// This one is mapped
+Assert.assertTrue(realm.hasRole(wrapper, p, "testRole"));
Assert.assertTrue(realm.hasRole(wrapper, p, "testRole1"));
-Assert.assertTrue(realm.hasRole(wrapper, p, "testRole2"));
+Assert.assertFalse(realm.hasRole(wrapper, p, "testRole2"));
Assert.assertTrue(realm.hasRole(wrapper, p, "very-complex-role-name"));
-Assert.assertFalse(realm.hasRole(wrapper, p, "testRole3"));
+Assert.assertTrue(realm.hasRole(wrapper, p,
"another-very-complex-role-name"));
+
+// This now tests RealmBase#hasResourcePermission() because we need a
wrapper
+// to be passed from an authenticator
+ByteChunk bc = new ByteChunk();
+Map> reqHeaders = new HashMap<>();
+List authHeaders = new ArrayList<>();
+// testUser, testPwd
+authHeaders.add("Basic dGVzdFVzZXI6dGVzdFB3ZA==");
+reqHeaders.put("Authorization", authHeaders);
+
+int rc = getUrl("http://localhost:"; + getPort() + "/", bc, reqHeaders,
+null);
+
+Assert.assertEquals("OK", bc.toString());
+Assert.assertEquals(200, rc);
}
private void doTestSecurityAnnotationsAddServlet(boolean useCreateServlet)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 64cf807..d2abd52 100644
--- a/webapp
[tomcat] branch BZ-63684/7.0.x updated (4a2b022 -> 6cb87c8)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch BZ-63684/7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. discard 4a2b022 BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints new 6cb87c8 BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (4a2b022) \ N -- N -- N refs/heads/BZ-63684/7.0.x (6cb87c8) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: test/org/apache/catalina/core/TestStandardWrapper.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/01: BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch BZ-63684/7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 6cb87c8da83627f645cc8eb878f1eeb87207c18a
Author: Michael Osipov
AuthorDate: Thu Aug 22 14:34:31 2019 +0200
BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security
constraints
---
java/org/apache/catalina/realm/RealmBase.java | 2 +-
.../apache/catalina/realm/UserDatabaseRealm.java | 4 ++-
.../apache/catalina/core/TestStandardWrapper.java | 31 +-
webapps/docs/changelog.xml | 5
4 files changed, 33 insertions(+), 9 deletions(-)
diff --git a/java/org/apache/catalina/realm/RealmBase.java
b/java/org/apache/catalina/realm/RealmBase.java
index 8796ed8..80027fd 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -993,7 +993,7 @@ public abstract class RealmBase extends LifecycleMBeanBase
implements Realm {
log.debug(" No user authenticated, cannot grant access");
} else {
for (int j = 0; j < roles.length; j++) {
-if (hasRole(null, principal, roles[j])) {
+if (hasRole(request.getWrapper(), principal, roles[j])) {
status = true;
if( log.isDebugEnabled() )
log.debug( "Role found: " + roles[j]);
diff --git a/java/org/apache/catalina/realm/UserDatabaseRealm.java
b/java/org/apache/catalina/realm/UserDatabaseRealm.java
index c13efaf..54e6864 100644
--- a/java/org/apache/catalina/realm/UserDatabaseRealm.java
+++ b/java/org/apache/catalina/realm/UserDatabaseRealm.java
@@ -147,7 +147,9 @@ public class UserDatabaseRealm
}
}
if(! (principal instanceof User) ) {
-//Play nice with SSO and mixed Realms
+// Play nice with SSO and mixed Realms
+// No need to pass the wrapper here because role mapping has been
+// performed already a few lines above
return super.hasRole(null, principal, role);
}
if("*".equals(role)) {
diff --git a/test/org/apache/catalina/core/TestStandardWrapper.java
b/test/org/apache/catalina/core/TestStandardWrapper.java
index b719efe..3d35df0 100644
--- a/test/org/apache/catalina/core/TestStandardWrapper.java
+++ b/test/org/apache/catalina/core/TestStandardWrapper.java
@@ -213,14 +213,14 @@ public class TestStandardWrapper extends TomcatBaseTest {
// No file system docBase required
Context ctx = tomcat.addContext("", null);
-ctx.addRoleMapping("testRole2", "very-complex-role-name");
-/* We won't map "testRole3" to "another-very-complex-role-name" to make
- * it fail intentionally.
- */
+ctx.addRoleMapping("testRole", "very-complex-role-name");
-Wrapper wrapper = Tomcat.addServlet(ctx, "servlet",
TestServlet.class.getName());
+Wrapper wrapper = Tomcat.addServlet(ctx, "servlet",
RoleAllowServlet.class.getName());
ctx.addServletMapping("/", "servlet");
+ctx.setLoginConfig(new LoginConfig("BASIC", null, null, null));
+ctx.getPipeline().addValve(new BasicAuthenticator());
+
MapRealm realm = new MapRealm();
/* Attach the realm to the appropriate container, but role mapping must
@@ -247,10 +247,27 @@ public class TestStandardWrapper extends TomcatBaseTest {
Assert.assertNotNull(p);
Assert.assertEquals("testUser", p.getName());
+// This one is mapped
+Assert.assertTrue(realm.hasRole(wrapper, p, "testRole"));
Assert.assertTrue(realm.hasRole(wrapper, p, "testRole1"));
-Assert.assertTrue(realm.hasRole(wrapper, p, "testRole2"));
+Assert.assertFalse(realm.hasRole(wrapper, p, "testRole2"));
Assert.assertTrue(realm.hasRole(wrapper, p, "very-complex-role-name"));
-Assert.assertFalse(realm.hasRole(wrapper, p, "testRole3"));
+Assert.assertTrue(realm.hasRole(wrapper, p,
"another-very-complex-role-name"));
+
+// This now tests RealmBase#hasResourcePermission() because we need a
wrapper
+// to be passed from an authenticator
+ByteChunk bc = new ByteChunk();
+Map> reqHeaders = new HashMap>();
+List authHeaders = new ArrayList();
+// testUser, testPwd
+authHeaders.add("Basic dGVzdFVzZXI6dGVzdFB3ZA==");
+reqHeaders.put("Authorization", authHeaders);
+
+int rc = getUrl("http://localhost:"; + getPort() + "/", bc, reqHeaders,
+null);
+
+Assert.assertEquals("OK", bc.toString());
+Assert.assertEquals(200, rc);
}
private void doTestSecurityAnnotationsAddServlet(boolean useCreateServlet)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b698428..1ff6a47 100644
--- a/webapps/docs/ch
[tomcat] branch BZ-63684/7.0.x created (now 4a2b022)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch BZ-63684/7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. at 4a2b022 BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints This branch includes the following new commits: new 4a2b022 BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/01: BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch BZ-63684/7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 4a2b022fe4d8c7470f25f4abc5c4b7ab218ff098
Author: Michael Osipov
AuthorDate: Thu Aug 22 14:34:31 2019 +0200
BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security
constraints
---
java/org/apache/catalina/realm/RealmBase.java | 2 +-
.../apache/catalina/realm/UserDatabaseRealm.java | 4 ++-
.../apache/catalina/core/TestStandardWrapper.java | 31 +-
webapps/docs/changelog.xml | 5
4 files changed, 33 insertions(+), 9 deletions(-)
diff --git a/java/org/apache/catalina/realm/RealmBase.java
b/java/org/apache/catalina/realm/RealmBase.java
index 8796ed8..80027fd 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -993,7 +993,7 @@ public abstract class RealmBase extends LifecycleMBeanBase
implements Realm {
log.debug(" No user authenticated, cannot grant access");
} else {
for (int j = 0; j < roles.length; j++) {
-if (hasRole(null, principal, roles[j])) {
+if (hasRole(request.getWrapper(), principal, roles[j])) {
status = true;
if( log.isDebugEnabled() )
log.debug( "Role found: " + roles[j]);
diff --git a/java/org/apache/catalina/realm/UserDatabaseRealm.java
b/java/org/apache/catalina/realm/UserDatabaseRealm.java
index c13efaf..54e6864 100644
--- a/java/org/apache/catalina/realm/UserDatabaseRealm.java
+++ b/java/org/apache/catalina/realm/UserDatabaseRealm.java
@@ -147,7 +147,9 @@ public class UserDatabaseRealm
}
}
if(! (principal instanceof User) ) {
-//Play nice with SSO and mixed Realms
+// Play nice with SSO and mixed Realms
+// No need to pass the wrapper here because role mapping has been
+// performed already a few lines above
return super.hasRole(null, principal, role);
}
if("*".equals(role)) {
diff --git a/test/org/apache/catalina/core/TestStandardWrapper.java
b/test/org/apache/catalina/core/TestStandardWrapper.java
index b719efe..b6c02bb 100644
--- a/test/org/apache/catalina/core/TestStandardWrapper.java
+++ b/test/org/apache/catalina/core/TestStandardWrapper.java
@@ -213,14 +213,14 @@ public class TestStandardWrapper extends TomcatBaseTest {
// No file system docBase required
Context ctx = tomcat.addContext("", null);
-ctx.addRoleMapping("testRole2", "very-complex-role-name");
-/* We won't map "testRole3" to "another-very-complex-role-name" to make
- * it fail intentionally.
- */
+ctx.addRoleMapping("testRole", "very-complex-role-name");
-Wrapper wrapper = Tomcat.addServlet(ctx, "servlet",
TestServlet.class.getName());
+Wrapper wrapper = Tomcat.addServlet(ctx, "servlet",
RoleAllowServlet.class.getName());
ctx.addServletMapping("/", "servlet");
+ctx.setLoginConfig(new LoginConfig("BASIC", null, null, null));
+ctx.getPipeline().addValve(new BasicAuthenticator());
+
MapRealm realm = new MapRealm();
/* Attach the realm to the appropriate container, but role mapping must
@@ -247,10 +247,27 @@ public class TestStandardWrapper extends TomcatBaseTest {
Assert.assertNotNull(p);
Assert.assertEquals("testUser", p.getName());
+// This one is mapped
+Assert.assertTrue(realm.hasRole(wrapper, p, "testRole"));
Assert.assertTrue(realm.hasRole(wrapper, p, "testRole1"));
-Assert.assertTrue(realm.hasRole(wrapper, p, "testRole2"));
+Assert.assertFalse(realm.hasRole(wrapper, p, "testRole2"));
Assert.assertTrue(realm.hasRole(wrapper, p, "very-complex-role-name"));
-Assert.assertFalse(realm.hasRole(wrapper, p, "testRole3"));
+Assert.assertTrue(realm.hasRole(wrapper, p,
"another-very-complex-role-name"));
+
+// This now tests RealmBase#hasResourcePermission() because we need a
wrapper
+// to be passed from an authenticator
+ByteChunk bc = new ByteChunk();
+Map> reqHeaders = new
HashMap>();
+List authHeaders = new ArrayList();
+// testUser, testPwd
+authHeaders.add("Basic dGVzdFVzZXI6dGVzdFB3ZA==");
+reqHeaders.put("Authorization", authHeaders);
+
+int rc = getUrl("http://localhost:"; + getPort() + "/", bc, reqHeaders,
+null);
+
+Assert.assertEquals("OK", bc.toString());
+Assert.assertEquals(200, rc);
}
private void doTestSecurityAnnotationsAddServlet(boolean useCreateServlet)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b698428..1ff6a47 100644
--- a/webapps/docs/c
[tomcat] 01/01: BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch BZ-63684/9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 18e0445d033a6f36011df2ff8baf830b59708b2d
Author: Michael Osipov
AuthorDate: Thu Aug 22 14:34:31 2019 +0200
BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security
constraints
---
java/org/apache/catalina/realm/RealmBase.java | 2 +-
.../apache/catalina/realm/UserDatabaseRealm.java | 2 ++
.../apache/catalina/core/TestStandardWrapper.java | 31 +-
webapps/docs/changelog.xml | 5
4 files changed, 32 insertions(+), 8 deletions(-)
diff --git a/java/org/apache/catalina/realm/RealmBase.java
b/java/org/apache/catalina/realm/RealmBase.java
index 833973a..aa542a7 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -856,7 +856,7 @@ public abstract class RealmBase extends LifecycleMBeanBase
implements Realm {
log.debug(" No user authenticated, cannot grant access");
} else {
for (int j = 0; j < roles.length; j++) {
-if (hasRole(null, principal, roles[j])) {
+if (hasRole(request.getWrapper(), principal, roles[j])) {
status = true;
if( log.isDebugEnabled() )
log.debug( "Role found: " + roles[j]);
diff --git a/java/org/apache/catalina/realm/UserDatabaseRealm.java
b/java/org/apache/catalina/realm/UserDatabaseRealm.java
index a552fc4..64957a9 100644
--- a/java/org/apache/catalina/realm/UserDatabaseRealm.java
+++ b/java/org/apache/catalina/realm/UserDatabaseRealm.java
@@ -108,6 +108,8 @@ public class UserDatabaseRealm extends RealmBase {
}
if (!(principal instanceof User)) {
// Play nice with SSO and mixed Realms
+// No need to pass the wrapper here because role mapping has been
+// performed already a few lines above
return super.hasRole(null, principal, role);
}
if ("*".equals(role)) {
diff --git a/test/org/apache/catalina/core/TestStandardWrapper.java
b/test/org/apache/catalina/core/TestStandardWrapper.java
index 9358345..a169b77 100644
--- a/test/org/apache/catalina/core/TestStandardWrapper.java
+++ b/test/org/apache/catalina/core/TestStandardWrapper.java
@@ -259,14 +259,14 @@ public class TestStandardWrapper extends TomcatBaseTest {
// No file system docBase required
Context ctx = tomcat.addContext("", null);
-ctx.addRoleMapping("testRole2", "very-complex-role-name");
-/* We won't map "testRole3" to "another-very-complex-role-name" to make
- * it fail intentionally.
- */
+ctx.addRoleMapping("testRole", "very-complex-role-name");
-Wrapper wrapper = Tomcat.addServlet(ctx, "servlet",
TestServlet.class.getName());
+Wrapper wrapper = Tomcat.addServlet(ctx, "servlet",
RoleAllowServlet.class.getName());
ctx.addServletMappingDecoded("/", "servlet");
+ctx.setLoginConfig(new LoginConfig("BASIC", null, null, null));
+ctx.getPipeline().addValve(new BasicAuthenticator());
+
TesterMapRealm realm = new TesterMapRealm();
MessageDigestCredentialHandler ch = new
MessageDigestCredentialHandler();
ch.setAlgorithm("SHA");
@@ -296,10 +296,27 @@ public class TestStandardWrapper extends TomcatBaseTest {
Assert.assertNotNull(p);
Assert.assertEquals("testUser", p.getName());
+// This one is mapped
+Assert.assertTrue(realm.hasRole(wrapper, p, "testRole"));
Assert.assertTrue(realm.hasRole(wrapper, p, "testRole1"));
-Assert.assertTrue(realm.hasRole(wrapper, p, "testRole2"));
+Assert.assertFalse(realm.hasRole(wrapper, p, "testRole2"));
Assert.assertTrue(realm.hasRole(wrapper, p, "very-complex-role-name"));
-Assert.assertFalse(realm.hasRole(wrapper, p, "testRole3"));
+Assert.assertTrue(realm.hasRole(wrapper, p,
"another-very-complex-role-name"));
+
+// This now tests RealmBase#hasResourcePermission() because we need a
wrapper
+// to be passed from an authenticator
+ByteChunk bc = new ByteChunk();
+Map> reqHeaders = new HashMap<>();
+List authHeaders = new ArrayList<>();
+// testUser, testPwd
+authHeaders.add("Basic dGVzdFVzZXI6dGVzdFB3ZA==");
+reqHeaders.put("Authorization", authHeaders);
+
+int rc = getUrl("http://localhost:"; + getPort() + "/", bc, reqHeaders,
+null);
+
+Assert.assertEquals("OK", bc.toString());
+Assert.assertEquals(200, rc);
}
private void doTestSecurityAnnotationsAddServlet(boolean useCreateServlet)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 64cf807..d2abd52 100644
--- a/webapp
[tomcat] branch BZ-63684/9.0.x created (now 18e0445)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch BZ-63684/9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. at 18e0445 BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints This branch includes the following new commits: new 18e0445 BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] asfgit merged pull request #195: BZ 63684: Wrapper never passed to RealmBase#hasRole() for given secur…
asfgit merged pull request #195: BZ 63684: Wrapper never passed to RealmBase#hasRole() for given secur… URL: https://github.com/apache/tomcat/pull/195 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated (4fc4825 -> 8b7e6f0)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 4fc4825 Fix trivial typo in changelog. add 8b7e6f0 BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints No new revisions were added by this update. Summary of changes: java/org/apache/catalina/realm/RealmBase.java | 2 +- .../apache/catalina/realm/UserDatabaseRealm.java | 2 ++ .../apache/catalina/core/TestStandardWrapper.java | 31 +- webapps/docs/changelog.xml | 9 +++ 4 files changed, 36 insertions(+), 8 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/01: BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch BZ-63684/8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 8b7e6f087d511c9da2a0d664b9c77ee6676a1eaf
Author: Michael Osipov
AuthorDate: Thu Aug 22 14:34:31 2019 +0200
BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security
constraints
---
java/org/apache/catalina/realm/RealmBase.java | 2 +-
.../apache/catalina/realm/UserDatabaseRealm.java | 2 ++
.../apache/catalina/core/TestStandardWrapper.java | 31 +-
webapps/docs/changelog.xml | 9 +++
4 files changed, 36 insertions(+), 8 deletions(-)
diff --git a/java/org/apache/catalina/realm/RealmBase.java
b/java/org/apache/catalina/realm/RealmBase.java
index dd1761c..d321c56 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -858,7 +858,7 @@ public abstract class RealmBase extends LifecycleMBeanBase
implements Realm {
log.debug(" No user authenticated, cannot grant access");
} else {
for (int j = 0; j < roles.length; j++) {
-if (hasRole(null, principal, roles[j])) {
+if (hasRole(request.getWrapper(), principal, roles[j])) {
status = true;
if( log.isDebugEnabled() )
log.debug( "Role found: " + roles[j]);
diff --git a/java/org/apache/catalina/realm/UserDatabaseRealm.java
b/java/org/apache/catalina/realm/UserDatabaseRealm.java
index 38f8822..bd2a7aa 100644
--- a/java/org/apache/catalina/realm/UserDatabaseRealm.java
+++ b/java/org/apache/catalina/realm/UserDatabaseRealm.java
@@ -117,6 +117,8 @@ public class UserDatabaseRealm extends RealmBase {
}
if (!(principal instanceof User)) {
// Play nice with SSO and mixed Realms
+// No need to pass the wrapper here because role mapping has been
+// performed already a few lines above
return super.hasRole(null, principal, role);
}
if ("*".equals(role)) {
diff --git a/test/org/apache/catalina/core/TestStandardWrapper.java
b/test/org/apache/catalina/core/TestStandardWrapper.java
index 9358345..a169b77 100644
--- a/test/org/apache/catalina/core/TestStandardWrapper.java
+++ b/test/org/apache/catalina/core/TestStandardWrapper.java
@@ -259,14 +259,14 @@ public class TestStandardWrapper extends TomcatBaseTest {
// No file system docBase required
Context ctx = tomcat.addContext("", null);
-ctx.addRoleMapping("testRole2", "very-complex-role-name");
-/* We won't map "testRole3" to "another-very-complex-role-name" to make
- * it fail intentionally.
- */
+ctx.addRoleMapping("testRole", "very-complex-role-name");
-Wrapper wrapper = Tomcat.addServlet(ctx, "servlet",
TestServlet.class.getName());
+Wrapper wrapper = Tomcat.addServlet(ctx, "servlet",
RoleAllowServlet.class.getName());
ctx.addServletMappingDecoded("/", "servlet");
+ctx.setLoginConfig(new LoginConfig("BASIC", null, null, null));
+ctx.getPipeline().addValve(new BasicAuthenticator());
+
TesterMapRealm realm = new TesterMapRealm();
MessageDigestCredentialHandler ch = new
MessageDigestCredentialHandler();
ch.setAlgorithm("SHA");
@@ -296,10 +296,27 @@ public class TestStandardWrapper extends TomcatBaseTest {
Assert.assertNotNull(p);
Assert.assertEquals("testUser", p.getName());
+// This one is mapped
+Assert.assertTrue(realm.hasRole(wrapper, p, "testRole"));
Assert.assertTrue(realm.hasRole(wrapper, p, "testRole1"));
-Assert.assertTrue(realm.hasRole(wrapper, p, "testRole2"));
+Assert.assertFalse(realm.hasRole(wrapper, p, "testRole2"));
Assert.assertTrue(realm.hasRole(wrapper, p, "very-complex-role-name"));
-Assert.assertFalse(realm.hasRole(wrapper, p, "testRole3"));
+Assert.assertTrue(realm.hasRole(wrapper, p,
"another-very-complex-role-name"));
+
+// This now tests RealmBase#hasResourcePermission() because we need a
wrapper
+// to be passed from an authenticator
+ByteChunk bc = new ByteChunk();
+Map> reqHeaders = new HashMap<>();
+List authHeaders = new ArrayList<>();
+// testUser, testPwd
+authHeaders.add("Basic dGVzdFVzZXI6dGVzdFB3ZA==");
+reqHeaders.put("Authorization", authHeaders);
+
+int rc = getUrl("http://localhost:"; + getPort() + "/", bc, reqHeaders,
+null);
+
+Assert.assertEquals("OK", bc.toString());
+Assert.assertEquals(200, rc);
}
private void doTestSecurityAnnotationsAddServlet(boolean useCreateServlet)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1b66477..f7c25c0 100644
--- a/web
[tomcat] branch BZ-63684/8.5.x updated (8a54c7f -> 8b7e6f0)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch BZ-63684/8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. omit 8a54c7f BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints add 4fc4825 Fix trivial typo in changelog. new 8b7e6f0 BZ 63684: Wrapper never passed to RealmBase#hasRole() for given security constraints This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (8a54c7f) \ N -- N -- N refs/heads/BZ-63684/8.5.x (8b7e6f0) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56148] support (multiple) ocsp stapling
https://bz.apache.org/bugzilla/show_bug.cgi?id=56148 --- Comment #10 from Azat --- (In reply to Mark Thomas from comment #9) > The current status is what you see here. It will be implemented when someone > provides a suitable patch. Ok.Thanks, Mark. I understand that patches from the Tomcat community are welcome, but is this item on your TODO list as well? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63690] [HTTP/2] The socket [*] associated with this connection has been closed.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63690 --- Comment #10 from Mark Thomas --- (In reply to Boris Petrov from comment #8) > Hi, thanks for the detailed answer. > > There is no intermediate HTTP/2 proxy. > > Before I open an issue somewhere, could you please explain me something. I'm > not sure I fully understand what's going on but how can a JavaScript library > manage the HTTP/2 frames at all? It will depend on the API it uses to pass data to the browser. For example, if the API offers the capability to a) control the write buffer size and b) flush writes then the client can - broadly - control the size of the DATA frames written. I'm not at all familiar with the API in use. What I would suggest is to test a simple POST with the same file and no Javascript library and see how that behaves. (In reply to Christopher Schultz from comment #9) > 1024 might be too high for a default, but the good news is that the > "abusive" threshold can be changed (right?). Right. > That's a scant 44 bytes. > > Not every application will be sending large documents around. Which is why the threshold doesn't apply to DATA frames with the EOS (end of stream) flag set. Sending a small request body in a single DATA frame is fine even if the body is just a single byte. Sending lots of small (less than 1024 bytes by default) DATA frames when you could send one larger DATA frame is not. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
