[Bug 63981] New: False-positive warning logged when Registry.disableRegistry is called and the registry has already been disabled

2019-12-02 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=63981

Bug ID: 63981
   Summary: False-positive warning logged when
Registry.disableRegistry is called and the registry
has already been disabled
   Product: Tomcat 9
   Version: 9.0.x
  Hardware: PC
OS: All
Status: NEW
  Severity: normal
  Priority: P2
 Component: Util
  Assignee: dev@tomcat.apache.org
  Reporter: awilkin...@pivotal.io
  Target Milestone: -

Calling org.apache.tomcat.util.modeler.Registry.disableRegistry() assigns an
instance of NoDescriptorRegistry to the static registry field. Subsequent
invocations then log a warning that states that the registry cannot be disabled
as it has already been initialised. These feels like a false-positive to me
when registry is an instance of NoDescriptorRegistry. To avoid the unwanted
warning, could the check be changed to something like the following:

if (registry == null) {
registry = new NoDescriptorRegistry();
} else if (!registry instanceof NoDescriptorRegistry) {
log.warn(sm.getString("registry.noDisable"));
}

This would improve log output in integration tests using embedded Tomcat where
Tomcat may be initialised multiple times.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: BZ 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) and friends

2019-12-02 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new c3883aa  BZ 63681: Introduce RealmBase#authenticate(GSSName, 
GSSCredential) and friends
c3883aa is described below

commit c3883aa5a9e66f048943ad604bb268584168cf8b
Author: Michael Osipov 
AuthorDate: Wed Aug 21 23:23:19 2019 +0200

BZ 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) and 
friends
---
 java/org/apache/catalina/Realm.java   | 18 +++
 java/org/apache/catalina/realm/CombinedRealm.java | 33 +
 java/org/apache/catalina/realm/LockOutRealm.java  | 13 +
 java/org/apache/catalina/realm/RealmBase.java | 58 +++
 webapps/docs/changelog.xml|  4 ++
 5 files changed, 116 insertions(+), 10 deletions(-)

diff --git a/java/org/apache/catalina/Realm.java 
b/java/org/apache/catalina/Realm.java
index 7785ec2..ad3f6b2 100644
--- a/java/org/apache/catalina/Realm.java
+++ b/java/org/apache/catalina/Realm.java
@@ -25,6 +25,8 @@ import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
 import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
 import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSName;
 
 /**
  * A Realm is a read-only facade for an underlying security realm
@@ -117,6 +119,22 @@ public interface Realm extends Contained {
 
 
 /**
+ * Try to authenticate using a {@link GSSName}
+ *
+ * Note that this default method will be turned into an abstract one in
+ * Tomcat 10.
+ *
+ * @param gssName The {@link GSSName} of the principal to look up
+ * @param gssCredential The {@link GSSCredential} of the principal, may be
+ *  {@code null}
+ * @return the associated principal, or {@code null} if there is none
+ */
+public default Principal authenticate(GSSName gssName, GSSCredential 
gssCredential) {
+return null;
+}
+
+
+/**
  * Try to authenticate using {@link X509Certificate}s
  *
  * @param certs Array of client certificates, with the first one in
diff --git a/java/org/apache/catalina/realm/CombinedRealm.java 
b/java/org/apache/catalina/realm/CombinedRealm.java
index 6a73b0f..6bbc238 100644
--- a/java/org/apache/catalina/realm/CombinedRealm.java
+++ b/java/org/apache/catalina/realm/CombinedRealm.java
@@ -32,6 +32,7 @@ import org.apache.catalina.Realm;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.GSSName;
 
@@ -386,6 +387,38 @@ public class CombinedRealm extends RealmBase {
 return null;
 }
 
+/**
+ * {@inheritDoc}
+ */
+@Override
+public Principal authenticate(GSSName gssName, GSSCredential 
gssCredential) {
+Principal authenticatedUser = null;
+String username = gssName.toString();
+
+for (Realm realm : realms) {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("combinedRealm.authStart",
+username, realm.getClass().getName()));
+}
+
+authenticatedUser = realm.authenticate(gssName, gssCredential);
+
+if (authenticatedUser == null) {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("combinedRealm.authFail",
+username, realm.getClass().getName()));
+}
+} else {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("combinedRealm.authSuccess",
+username, realm.getClass().getName()));
+}
+break;
+}
+}
+return authenticatedUser;
+}
+
 @Override
 protected String getPassword(String username) {
 // This method should never be called
diff --git a/java/org/apache/catalina/realm/LockOutRealm.java 
b/java/org/apache/catalina/realm/LockOutRealm.java
index aa4820a..28ce315 100644
--- a/java/org/apache/catalina/realm/LockOutRealm.java
+++ b/java/org/apache/catalina/realm/LockOutRealm.java
@@ -27,6 +27,7 @@ import org.apache.catalina.LifecycleException;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.GSSName;
 
@@ -200,6 +201,18 @@ public class LockOutRealm extends CombinedRealm {
 return null;
 }
 
+/**
+ * {@inheritDoc}
+ */
+@Override
+public Principal authenticate(GSSName gssName, GSSCredential 
gssCredential) {
+String username = gssName.toString();
+
+

[GitHub] [tomcat] michael-o closed pull request #225: BZ 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) an…

2019-12-02 Thread GitBox 
michael-o closed pull request #225: BZ 63681: Introduce 
RealmBase#authenticate(GSSName, GSSCredential) an…
URL: https://github.com/apache/tomcat/pull/225
 
 
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on issue #225: BZ 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) an…

2019-12-02 Thread GitBox 
michael-o commented on issue #225: BZ 63681: Introduce 
RealmBase#authenticate(GSSName, GSSCredential) an…
URL: https://github.com/apache/tomcat/pull/225#issuecomment-560317531
 
 
   Merged


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: BZ 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) and friends

2019-12-02 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 12b8572  BZ 63681: Introduce RealmBase#authenticate(GSSName, 
GSSCredential) and friends
12b8572 is described below

commit 12b857227b2671c9c871aa324cf5fc25c5d53c9a
Author: Michael Osipov 
AuthorDate: Wed Aug 21 23:23:19 2019 +0200

BZ 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) and 
friends
---
 java/org/apache/catalina/GSSRealm.java| 45 
 java/org/apache/catalina/realm/CombinedRealm.java | 43 
 java/org/apache/catalina/realm/LockOutRealm.java  | 13 +
 java/org/apache/catalina/realm/RealmBase.java | 62 ++-
 webapps/docs/changelog.xml|  4 ++
 5 files changed, 155 insertions(+), 12 deletions(-)

diff --git a/java/org/apache/catalina/GSSRealm.java 
b/java/org/apache/catalina/GSSRealm.java
new file mode 100644
index 000..2f4b16f
--- /dev/null
+++ b/java/org/apache/catalina/GSSRealm.java
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina;
+
+import java.security.Principal;
+
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSName;
+
+/**
+ * A GSSRealm is a specialized realm for GSS-based principals.
+ *
+ * @deprecated This will be removed in Tomcat 9 and integrated into {@link 
Realm}.
+ */
+@Deprecated
+public interface GSSRealm extends Realm {
+
+
+// - Public Methods
+
+/**
+ * Try to authenticate using a {@link GSSName}
+ *
+ * @param gssName The {@link GSSName} of the principal to look up
+ * @param gssCredential The {@link GSSCredential} of the principal, may be
+ *  {@code null}
+ * @return the associated principal, or {@code null} if there is none
+ */
+public Principal authenticate(GSSName gssName, GSSCredential 
gssCredential);
+
+}
diff --git a/java/org/apache/catalina/realm/CombinedRealm.java 
b/java/org/apache/catalina/realm/CombinedRealm.java
index 59511fa..cd64d99 100644
--- a/java/org/apache/catalina/realm/CombinedRealm.java
+++ b/java/org/apache/catalina/realm/CombinedRealm.java
@@ -26,12 +26,14 @@ import java.util.List;
 import javax.management.ObjectName;
 
 import org.apache.catalina.Container;
+import org.apache.catalina.GSSRealm;
 import org.apache.catalina.Lifecycle;
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.Realm;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.GSSName;
 
@@ -393,6 +395,47 @@ public class CombinedRealm extends RealmBase {
 return null;
 }
 
+/**
+ * {@inheritDoc}
+ */
+@Override
+public Principal authenticate(GSSName gssName, GSSCredential 
gssCredential) {
+Principal authenticatedUser = null;
+String username = gssName.toString();
+
+for (Realm realm : realms) {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("combinedRealm.authStart",
+username, realm.getClass().getName()));
+}
+
+if (!(realm instanceof GSSRealm)) {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("combinedRealm.authFail",
+username, realm.getClass().getName()));
+}
+
+continue;
+}
+
+authenticatedUser = ((GSSRealm) realm).authenticate(gssName, 
gssCredential);
+
+if (authenticatedUser == null) {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("combinedRealm.authFail",
+username, realm.getClass().getName()));
+}
+} else {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("combinedRealm.authSuccess",
+

[GitHub] [tomcat] michael-o commented on issue #226: BZ 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) an…

2019-12-02 Thread GitBox 
michael-o commented on issue #226: BZ 63681: Introduce 
RealmBase#authenticate(GSSName, GSSCredential) an…
URL: https://github.com/apache/tomcat/pull/226#issuecomment-560327588
 
 
   Changes performed and merged.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o closed pull request #226: BZ 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) an…

2019-12-02 Thread GitBox 
michael-o closed pull request #226: BZ 63681: Introduce 
RealmBase#authenticate(GSSName, GSSCredential) an…
URL: https://github.com/apache/tomcat/pull/226
 
 
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on issue #224: Adding Support for JDK "only" and JAVA_HOME environment variable to Windows Installer

2019-12-02 Thread GitBox 
michael-o commented on issue #224: Adding Support for JDK "only" and JAVA_HOME 
environment variable to Windows Installer
URL: https://github.com/apache/tomcat/pull/224#issuecomment-560327937
 
 
   Can you please squash your changes?!


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 63969] Stackoverflow in JSF

2019-12-02 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=63969

--- Comment #5 from Conrad Kostecki  ---
(In reply to Mark Thomas from comment #4)
> 8.5.50-dev build - same caveats apply as for the 9.0.x dev build

Yup, I can confirm, it seems to be fixed in 8.5.50-dev.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 63982] New: CombinedRealm makes assumptions about principal implementation

2019-12-02 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=63982

Bug ID: 63982
   Summary: CombinedRealm makes assumptions about principal
implementation
   Product: Tomcat 9
   Version: 9.0.29
  Hardware: All
OS: All
Status: NEW
  Severity: major
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: micha...@apache.org
  Target Milestone: -

Consider the following configuration:

>   
>... />
>... />
>   

CustomRealm uses CustomPrincipal, not of type GenericPrincipal. Two issues
arise:

1. When AuthenticatorBase now invokes CombinedRealm#hasRole() it will delegate
to RealmBase#hasRole() which will call RealmBase#hasRoleInternal(): it will
always return false bacause CustomPrincipal is not instance of
GenericPrincipal.
2. CustomRealm#getRoles() will again delegate to RealmBase#getRoles() and will
throw an exception.

Thus, this realm is tied to the GenericPrincipal and cannot be used
generically. You have to write a CustomCombinedRealm.

It could be solved the following way:
1. Delegate all #hasRole() calls to the underlying realms and return first true
2. Delegate all #getRoles() calls to the underlying realms, catch exceptions,
rethrow at and return the first array.

Unfortunately, RealmBase throws an IllegalStateException for #getRoles(), but
this is nowhere documented. If would return a null array, one could loop until
the first non-null array. In my opinion, if this is not documented, it could
simply return null.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 7.0.x updated: BZ 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) and friends

2019-12-02 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
 new 09ea8ce  BZ 63681: Introduce RealmBase#authenticate(GSSName, 
GSSCredential) and friends
09ea8ce is described below

commit 09ea8ce8f7e94cb9c15e925925c3377a3c88e769
Author: Michael Osipov 
AuthorDate: Wed Aug 21 23:23:19 2019 +0200

BZ 63681: Introduce RealmBase#authenticate(GSSName, GSSCredential) and 
friends
---
 java/org/apache/catalina/GSSRealm.java| 45 
 java/org/apache/catalina/realm/CombinedRealm.java | 43 
 java/org/apache/catalina/realm/LockOutRealm.java  | 13 +
 java/org/apache/catalina/realm/RealmBase.java | 62 ++-
 webapps/docs/changelog.xml|  4 ++
 5 files changed, 155 insertions(+), 12 deletions(-)

diff --git a/java/org/apache/catalina/GSSRealm.java 
b/java/org/apache/catalina/GSSRealm.java
new file mode 100644
index 000..2f4b16f
--- /dev/null
+++ b/java/org/apache/catalina/GSSRealm.java
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina;
+
+import java.security.Principal;
+
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSName;
+
+/**
+ * A GSSRealm is a specialized realm for GSS-based principals.
+ *
+ * @deprecated This will be removed in Tomcat 9 and integrated into {@link 
Realm}.
+ */
+@Deprecated
+public interface GSSRealm extends Realm {
+
+
+// - Public Methods
+
+/**
+ * Try to authenticate using a {@link GSSName}
+ *
+ * @param gssName The {@link GSSName} of the principal to look up
+ * @param gssCredential The {@link GSSCredential} of the principal, may be
+ *  {@code null}
+ * @return the associated principal, or {@code null} if there is none
+ */
+public Principal authenticate(GSSName gssName, GSSCredential 
gssCredential);
+
+}
diff --git a/java/org/apache/catalina/realm/CombinedRealm.java 
b/java/org/apache/catalina/realm/CombinedRealm.java
index b203a29..6390dde 100644
--- a/java/org/apache/catalina/realm/CombinedRealm.java
+++ b/java/org/apache/catalina/realm/CombinedRealm.java
@@ -26,12 +26,14 @@ import java.util.List;
 import javax.management.ObjectName;
 
 import org.apache.catalina.Container;
+import org.apache.catalina.GSSRealm;
 import org.apache.catalina.Lifecycle;
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.Realm;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.GSSName;
 
@@ -374,6 +376,47 @@ public class CombinedRealm extends RealmBase {
 return null;
 }
 
+/**
+ * {@inheritDoc}
+ */
+@Override
+public Principal authenticate(GSSName gssName, GSSCredential 
gssCredential) {
+Principal authenticatedUser = null;
+String username = gssName.toString();
+
+for (Realm realm : realms) {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("combinedRealm.authStart",
+username, realm.getClass().getName()));
+}
+
+if (!(realm instanceof GSSRealm)) {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("combinedRealm.authFail",
+username, realm.getClass().getName()));
+}
+
+continue;
+}
+
+authenticatedUser = ((GSSRealm) realm).authenticate(gssName, 
gssCredential);
+
+if (authenticatedUser == null) {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("combinedRealm.authFail",
+username, realm.getClass().getName()));
+}
+} else {
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("combinedRealm.authSuccess",
+

[Bug 63681] Introduce RealmBase#authenticate(GSSName, GSSCredential) and friends

2019-12-02 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=63681

Michael Osipov  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #1 from Michael Osipov  ---
Fixed in:
- master for 9.0.30 onwards
- 8.5.x for 8.5.50 onwards
- 7.0.x for 7.0.99 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 63982] CombinedRealm makes assumptions about principal implementation

2019-12-02 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=63982

--- Comment #1 from Remy Maucherat  ---
It is obvious reading the code in the realm package that it is assumed
GenericPrincipal will have to be used, so that applies to this hypothetical
CustomRealm as well. Of course, there are plenty of people out there who are
actively looking for trouble :)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 63969] Stackoverflow in JSF

2019-12-02 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=63969

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #6 from Mark Thomas  ---
Thanks for the confirmation.

Fixed in:
- master for 9.0.30 onwards
- 8.5.x for 8.5.50 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Drop SocketWrapperBase.write(Non)BlockingDirect methods

2019-12-02 Thread Mark Thomas 
On 27/11/2019 17:07, Rémy Maucherat wrote:
> On Wed, Nov 27, 2019 at 5:35 PM Mark Thomas  My preference for writing earlier is only a slight one. I'm more
> concerned that different methods take a different approach. Taking a
> closer look at that is on my TODO list but it isn't a priority for me at
> the moment.
> 
> 
> I'll double check the inconsistency :)
> 
> writeBlocking writes after.
> writeNonBlockingInternal has that  "&&
> !socketBufferHandler.isWriteBufferWritable()" in the while loop that
> makes the thing inconsistent, it is a leftover from the old code.
> For now I'll fix that.

I was looking at writeBlocking(byte[]...) and writeBlocking(ByteBuffer).
I think writeBlocking(byte[]...) should use while (len > 0) for
consistency shouldn't it?

I think a similar inconsistency exists in the non-blocking write too.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Tomcat next and Jakarta EE

2019-12-02 Thread Mark Thomas 
On 28/11/2019 10:21, Rémy Maucherat wrote:
> On Thu, Nov 28, 2019 at 10:51 AM Mark Thomas  > wrote:
> 
> On 27/11/2019 23:19, Rémy Maucherat wrote:
> 
> 
> 
> > Well, it sounds pretty good to me but the numbers are off and it's
> going
> > to be very very confusing. It pretty much has to be:
> > Tomcat X supporting Jakarta EE X
> > Tomcat X-1 supporting Jakarta EE X-1
> > Tomcat X-2 supporting Jakarta EE X-2
> > And Tomcat 9.X supporting Java EE 8 with the same Tomcat API as
> Tomcat X
> > [I understand the rationale for this to be able to achieve very long
> > term support - and I expect the API changes will likely be rather
> small
> > anyway -, for example 8.5 and 9.0 have diverged too much to keep 8.5
> > more stable, while if we had a 8.6 "trunk" to simply replace it
> > eventually we could have kept in strict sync with 9.0]
> 
> I like it.
> 
> > The only problem then (but it's a big one) is to accommodate the
> Tomcat
> > "10" supporting Jakarta EE 9 somewhere. Maybe 9.9 can be used for that
> > but it will still pollute a bit the 9.x message, it could be
> labelled as
> > a "Jakarta preview" or something maybe. Jakarta EE 9 is a useless
> > release anyway, nobody will use it and that Tomcat could almost be
> EOLed
> > immediately after a Jakarta EE 10 release.
> 
> Hmm. Tricky.
> 
> How about something like this?
> 
> 10.0.0.M1 Jakarta EE 9
> 10.0.0.M2 Jakarta EE 9
> 10.0.0 Jakarta EE 9 stable
> 10.0.1.M1 Jakarta EE 10 dev
> 10.0.1.M2 Jakarta EE 10 dev
> 10.0.1.M3 Jakarta EE 10 dev
> 10.0.1.M4 Jakarta EE 10 dev
> 10.0.1.M5 Jakarta EE 10 dev
> 10.0.0.1 Jakarta EE 9 some urgent bug fix
> 10.0.1.M6 Jakarta EE 10 dev
> 10.0.1.M7 Jakarta EE 10 dev
> 10.0.1.M8 Jakarta EE 10 dev
> 10.0.1    Jakarta EE 10 stable
> ...
> 10.0.n    Jakarta EE 10 stable / Tomcat 10 stable / 10.0.0 is EOL
> 
> 
> Good idea, I like it too. That Jakarta EE 9 is the ultimate transition
> release so it would be fitting if it had the most transitional Tomcat
> branch.
> 
> Are we done already ? That was fast :)

:)

I suspect the US holiday weekend means some folks are still catching up
on email. I have tried to write this down on the wiki:
https://cwiki.apache.org/confluence/display/TOMCAT/Jakarta+EE+Release+Numbering

I plan to allow a week or so for dev@ comments and refining of the plan
before starting a discussion on users@

I'll also seek feedback from the Spring folks as $work as that
represents a reasonable slice of our Tomcat's user base.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[CONF] Apache Tomcat > Design and Development Issues

2019-12-02 Thread Mark Thomas (Confluence) 
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Design and Development Issues 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Mark Thomas edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... 
 
 Removing unpackWARs  
 http workshop 2019  
 Jakarta EE Release Numbering  
 Notes 
 
 Encoding and URIs  
 Jakarta EE TCKs  
 ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8

[CONF] Apache Tomcat > Jakarta EE Release Numbering

2019-12-02 Thread Mark Thomas (Confluence) 
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Jakarta EE Release Numbering 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Mark Thomas edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
  *** DRAFT *** DRAFT *** DRAFT ***  Jakarta EE 9 will be, as far as Tomcat is concerned, identical to Java EE 8 / Jakarta EE 9 with one notable exception. The package names for many of the Jakarta EE packages will change from javax.* to jakarta.* ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8

[Bug 63966] Charset of TLS message is hardcoded to ISO-8859-1.

2019-12-02 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=63966

--- Comment #5 from Christopher Schultz  ---
(In reply to Mark Thomas from comment #4)
> If you i18n the message that that needs to be driven by the user agent's
> locale rather than the server locale which would make the whole process
> significantly more complicated. I don't see that change being made for this
> feature.
> 
> I'm not against switching the hard-coded message to UTF-8 - that would be
> consistent with Tomcat's use of UTF-8 elsewhere and would also be a slightly
> shorter response.

+1

> What I am against is making this encoding configurable without an acceptable
> justification for adding that complexity.

+1

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 63981] False-positive warning logged when Registry.disableRegistry is called and the registry has already been disabled

2019-12-02 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=63981

Phillip Webb  changed:

   What|Removed |Added

 CC||pw...@pivotal.io

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: JDK 14 - Early Access build 25 is available

2019-12-02 Thread Mark Thomas 
On 29/11/2019 09:58, Rory O'Donnell wrote:
> Hi Mark,
> 
> *OpenJDK builds  - JDK 14 *- Early Access build 25 is available at
> http://jdk.java.net/14/

Tomcat 9.0.x builds without issue, the unit tests pass (on Linux) and a
quick smoke test doesn't identify any issues.

LGTM.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: https://bz.apache.org/bugzilla/show_bug.cgi?id=63937 allowCorsPreflight

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new e9430e1  https://bz.apache.org/bugzilla/show_bug.cgi?id=63937 
allowCorsPreflight
e9430e1 is described below

commit e9430e1db97d9ffc31d4d4431af92f2511d1b950
Author: Mark Thomas 
AuthorDate: Mon Dec 2 14:01:13 2019 +

https://bz.apache.org/bugzilla/show_bug.cgi?id=63937 allowCorsPreflight

Add a new attribute to the standard Authenticator implementations,
allowCorsPreflight, that allows the Authenticators to be configured to
allow CORS preflight requests to bypass authentication as required by
the CORS specification.
---
 .../catalina/authenticator/AuthenticatorBase.java  |  88 ++
 java/org/apache/catalina/filters/CorsFilter.java   |  34 +---
 java/org/apache/tomcat/util/http/RequestUtil.java  |  43 +
 .../TestAuthenticatorBaseCorsPreflight.java| 177 +
 .../apache/catalina/filters/TestCorsFilter.java|  12 +-
 webapps/docs/changelog.xml |   8 +
 webapps/docs/config/valve.xml  |  93 +--
 7 files changed, 413 insertions(+), 42 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index 76e712b..308b019 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -33,6 +33,7 @@ import javax.security.auth.message.config.AuthConfigProvider;
 import javax.security.auth.message.config.RegistrationListener;
 import javax.security.auth.message.config.ServerAuthConfig;
 import javax.security.auth.message.config.ServerAuthContext;
+import javax.servlet.DispatcherType;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.servlet.http.Cookie;
@@ -53,6 +54,7 @@ import 
org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl;
 import org.apache.catalina.authenticator.jaspic.MessageInfoImpl;
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
+import org.apache.catalina.filters.CorsFilter;
 import org.apache.catalina.filters.RemoteIpFilter;
 import org.apache.catalina.realm.GenericPrincipal;
 import org.apache.catalina.util.SessionIdGeneratorBase;
@@ -63,9 +65,12 @@ import org.apache.coyote.ActionCode;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.ExceptionUtils;
+import org.apache.tomcat.util.descriptor.web.FilterDef;
+import org.apache.tomcat.util.descriptor.web.FilterMap;
 import org.apache.tomcat.util.descriptor.web.LoginConfig;
 import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
 import org.apache.tomcat.util.http.FastHttpDateFormat;
+import org.apache.tomcat.util.http.RequestUtil;
 import org.apache.tomcat.util.res.StringManager;
 
 /**
@@ -237,12 +242,22 @@ public abstract class AuthenticatorBase extends ValveBase
  */
 protected SingleSignOn sso = null;
 
+private AllowCorsPreflight allowCorsPreflight = AllowCorsPreflight.NEVER;
+
 private volatile String jaspicAppContextID = null;
 private volatile Optional jaspicProvider = null;
 
 
 // - Properties
 
+public String getAllowCorsPreflight() {
+return allowCorsPreflight.name().toLowerCase();
+}
+
+public void setAllowCorsPreflight(String allowCorsPreflight) {
+this.allowCorsPreflight = 
AllowCorsPreflight.valueOf(allowCorsPreflight.trim().toUpperCase());
+}
+
 public boolean getAlwaysUseSession() {
 return alwaysUseSession;
 }
@@ -593,6 +608,14 @@ public abstract class AuthenticatorBase extends ValveBase
 
 JaspicState jaspicState = null;
 
+if ((authRequired || constraints != null) && 
allowCorsPreflightBypass(request)) {
+if (log.isDebugEnabled()) {
+log.debug(" CORS Preflight request bypassing authentication");
+}
+getNext().invoke(request, response);
+return;
+}
+
 if (authRequired) {
 if (log.isDebugEnabled()) {
 log.debug(" Calling authenticate()");
@@ -648,6 +671,64 @@ public abstract class AuthenticatorBase extends ValveBase
 }
 
 
+protected boolean allowCorsPreflightBypass(Request request) {
+boolean allowBypass = false;
+
+if (allowCorsPreflight != AllowCorsPreflight.NEVER) {
+// First check to see if this is a CORS Preflight request
+// This is a subset of the tests in CorsFilter.checkRequestType
+if ("OPTIONS".equals(request.getMethod())) {
+String originHeader = 
request.getHeader(CorsFilter.REQUEST_HEADER_ORIGIN)

[tomcat] branch 8.5.x updated: https://bz.apache.org/bugzilla/show_bug.cgi?id=63937 allowCorsPreflight

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new f37bb31  https://bz.apache.org/bugzilla/show_bug.cgi?id=63937 
allowCorsPreflight
f37bb31 is described below

commit f37bb31e5d64996ae70871f8d441d5ffaaab4bfc
Author: Mark Thomas 
AuthorDate: Mon Dec 2 14:01:13 2019 +

https://bz.apache.org/bugzilla/show_bug.cgi?id=63937 allowCorsPreflight

Add a new attribute to the standard Authenticator implementations,
allowCorsPreflight, that allows the Authenticators to be configured to
allow CORS preflight requests to bypass authentication as required by
the CORS specification.
---
 .../catalina/authenticator/AuthenticatorBase.java  |  88 ++
 java/org/apache/catalina/filters/CorsFilter.java   |  34 +---
 java/org/apache/tomcat/util/http/RequestUtil.java  |  43 +
 .../TestAuthenticatorBaseCorsPreflight.java| 177 +
 .../apache/catalina/filters/TestCorsFilter.java|  12 +-
 webapps/docs/changelog.xml |   8 +
 webapps/docs/config/valve.xml  |  93 +--
 7 files changed, 413 insertions(+), 42 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index dad6783..ee713d5 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -33,6 +33,7 @@ import javax.security.auth.message.config.ClientAuthConfig;
 import javax.security.auth.message.config.RegistrationListener;
 import javax.security.auth.message.config.ServerAuthConfig;
 import javax.security.auth.message.config.ServerAuthContext;
+import javax.servlet.DispatcherType;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.servlet.http.Cookie;
@@ -53,6 +54,7 @@ import 
org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl;
 import org.apache.catalina.authenticator.jaspic.MessageInfoImpl;
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
+import org.apache.catalina.filters.CorsFilter;
 import org.apache.catalina.filters.RemoteIpFilter;
 import org.apache.catalina.realm.GenericPrincipal;
 import org.apache.catalina.util.SessionIdGeneratorBase;
@@ -63,9 +65,12 @@ import org.apache.coyote.ActionCode;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.ExceptionUtils;
+import org.apache.tomcat.util.descriptor.web.FilterDef;
+import org.apache.tomcat.util.descriptor.web.FilterMap;
 import org.apache.tomcat.util.descriptor.web.LoginConfig;
 import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
 import org.apache.tomcat.util.http.FastHttpDateFormat;
+import org.apache.tomcat.util.http.RequestUtil;
 import org.apache.tomcat.util.res.StringManager;
 
 /**
@@ -239,12 +244,22 @@ public abstract class AuthenticatorBase extends ValveBase
  */
 protected SingleSignOn sso = null;
 
+private AllowCorsPreflight allowCorsPreflight = AllowCorsPreflight.NEVER;
+
 private volatile String jaspicAppContextID = null;
 private volatile AuthConfigProvider jaspicProvider = null;
 
 
 // - Properties
 
+public String getAllowCorsPreflight() {
+return allowCorsPreflight.name().toLowerCase();
+}
+
+public void setAllowCorsPreflight(String allowCorsPreflight) {
+this.allowCorsPreflight = 
AllowCorsPreflight.valueOf(allowCorsPreflight.trim().toUpperCase());
+}
+
 public boolean getAlwaysUseSession() {
 return alwaysUseSession;
 }
@@ -595,6 +610,14 @@ public abstract class AuthenticatorBase extends ValveBase
 
 JaspicState jaspicState = null;
 
+if ((authRequired || constraints != null) && 
allowCorsPreflightBypass(request)) {
+if (log.isDebugEnabled()) {
+log.debug(" CORS Preflight request bypassing authentication");
+}
+getNext().invoke(request, response);
+return;
+}
+
 if (authRequired) {
 if (log.isDebugEnabled()) {
 log.debug(" Calling authenticate()");
@@ -650,6 +673,64 @@ public abstract class AuthenticatorBase extends ValveBase
 }
 
 
+protected boolean allowCorsPreflightBypass(Request request) {
+boolean allowBypass = false;
+
+if (allowCorsPreflight != AllowCorsPreflight.NEVER) {
+// First check to see if this is a CORS Preflight request
+// This is a subset of the tests in CorsFilter.checkRequestType
+if ("OPTIONS".equals(request.getMethod())) {
+String originHeader = 
request.getHeader(CorsFilter.REQUEST_HEADER_O

[Bug 63937] CORS preflight request not possible on authenticated endpoints

2019-12-02 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=63937

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #7 from Mark Thomas  ---
Fixed in:
- master for 9.0.30 onwards
- 8.5.x for 8.5.50 onwards
- 7.0.x for 7.0.99 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 7.0.x updated: https://bz.apache.org/bugzilla/show_bug.cgi?id=63937 allowCorsPreflight

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
 new 0592e5e  https://bz.apache.org/bugzilla/show_bug.cgi?id=63937 
allowCorsPreflight
0592e5e is described below

commit 0592e5e2955c790d5072d2ba040d76e217f9f283
Author: Mark Thomas 
AuthorDate: Mon Dec 2 14:01:13 2019 +

https://bz.apache.org/bugzilla/show_bug.cgi?id=63937 allowCorsPreflight

Add a new attribute to the standard Authenticator implementations,
allowCorsPreflight, that allows the Authenticators to be configured to
allow CORS preflight requests to bypass authentication as required by
the CORS specification.
---
 .../catalina/authenticator/AuthenticatorBase.java  |  88 +-
 java/org/apache/catalina/filters/CorsFilter.java   |  34 +---
 java/org/apache/tomcat/util/http/RequestUtil.java  |  43 +
 .../TestAuthenticatorBaseCorsPreflight.java| 177 +
 .../apache/catalina/filters/TestCorsFilter.java|  12 +-
 webapps/docs/changelog.xml |  18 ++-
 webapps/docs/config/valve.xml  |  93 +--
 7 files changed, 417 insertions(+), 48 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index 5399716..7bd9a89 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -20,6 +20,7 @@ import java.io.IOException;
 import java.security.Principal;
 import java.security.cert.X509Certificate;
 
+import javax.servlet.DispatcherType;
 import javax.servlet.ServletException;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
@@ -36,8 +37,11 @@ import org.apache.catalina.Session;
 import org.apache.catalina.Valve;
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
+import org.apache.catalina.deploy.FilterDef;
+import org.apache.catalina.deploy.FilterMap;
 import org.apache.catalina.deploy.LoginConfig;
 import org.apache.catalina.deploy.SecurityConstraint;
+import org.apache.catalina.filters.CorsFilter;
 import org.apache.catalina.filters.RemoteIpFilter;
 import org.apache.catalina.realm.GenericPrincipal;
 import org.apache.catalina.util.SessionIdGeneratorBase;
@@ -49,6 +53,7 @@ import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.ExceptionUtils;
 import org.apache.tomcat.util.http.FastHttpDateFormat;
+import org.apache.tomcat.util.http.RequestUtil;
 import org.apache.tomcat.util.res.StringManager;
 
 /**
@@ -200,11 +205,19 @@ public abstract class AuthenticatorBase extends ValveBase
  */
 protected SingleSignOn sso = null;
 
-
+private AllowCorsPreflight allowCorsPreflight = AllowCorsPreflight.NEVER;
 
 
 // - Properties
 
+public String getAllowCorsPreflight() {
+return allowCorsPreflight.name().toLowerCase();
+}
+
+public void setAllowCorsPreflight(String allowCorsPreflight) {
+this.allowCorsPreflight = 
AllowCorsPreflight.valueOf(allowCorsPreflight.trim().toUpperCase());
+}
+
 public boolean getAlwaysUseSession() {
 return alwaysUseSession;
 }
@@ -543,6 +556,14 @@ public abstract class AuthenticatorBase extends ValveBase
 authRequired = certs != null && certs.length > 0;
 }
 
+if ((authRequired || constraints != null) && 
allowCorsPreflightBypass(request)) {
+if (log.isDebugEnabled()) {
+log.debug(" CORS Preflight request bypassing authentication");
+}
+getNext().invoke(request, response);
+return;
+}
+
 if (authRequired) {
 if (log.isDebugEnabled()) {
 log.debug(" Calling authenticate()");
@@ -585,6 +606,64 @@ public abstract class AuthenticatorBase extends ValveBase
 }
 
 
+protected boolean allowCorsPreflightBypass(Request request) {
+boolean allowBypass = false;
+
+if (allowCorsPreflight != AllowCorsPreflight.NEVER) {
+// First check to see if this is a CORS Preflight request
+// This is a subset of the tests in CorsFilter.checkRequestType
+if ("OPTIONS".equals(request.getMethod())) {
+String originHeader = 
request.getHeader(CorsFilter.REQUEST_HEADER_ORIGIN);
+if (originHeader != null &&
+!originHeader.isEmpty() &&
+RequestUtil.isValidOrigin(originHeader) &&
+!RequestUtil.isSameOrigin(request, originHeader)) {
+String accessControlRequestMethodHeader =
+
request.getHeader(CorsF

Re: JDK 14 - Early Access build 25 is available

2019-12-02 Thread Rory O'Donnell 

Many Thanks Mark.

On 02/12/2019 17:47, Mark Thomas wrote:

On 29/11/2019 09:58, Rory O'Donnell wrote:

Hi Mark,

*OpenJDK builds  - JDK 14 *- Early Access build 25 is available at
http://jdk.java.net/14/

Tomcat 9.0.x builds without issue, the unit tests pass (on Linux) and a
quick smoke test doesn't identify any issues.

LGTM.

Mark


--
Rgds, Rory O'Donnell
Quality Engineering Manager
Oracle EMEA, Dublin, Ireland


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: Harmonize again writes, thanks to Mark for the review.

2019-12-02 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new c92fab2  Harmonize again writes, thanks to Mark for the review.
c92fab2 is described below

commit c92fab26992ec12dc6815e1f7869e41e98076204
Author: remm 
AuthorDate: Mon Dec 2 20:25:21 2019 +0100

Harmonize again writes, thanks to Mark for the review.
---
 .../apache/tomcat/util/net/SocketWrapperBase.java  | 36 +-
 1 file changed, 21 insertions(+), 15 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/SocketWrapperBase.java 
b/java/org/apache/tomcat/util/net/SocketWrapperBase.java
index 22bcf87..deddf81 100644
--- a/java/org/apache/tomcat/util/net/SocketWrapperBase.java
+++ b/java/org/apache/tomcat/util/net/SocketWrapperBase.java
@@ -525,14 +525,17 @@ public abstract class SocketWrapperBase {
  * @throws IOException If an IO error occurs during the write
  */
 protected void writeBlocking(byte[] buf, int off, int len) throws 
IOException {
-socketBufferHandler.configureWriteBufferForWrite();
-int thisTime = transfer(buf, off, len, 
socketBufferHandler.getWriteBuffer());
-while (!socketBufferHandler.getWriteBuffer().hasRemaining()) {
-len = len - thisTime;
-off = off + thisTime;
-doWrite(true);
+if (len > 0) {
 socketBufferHandler.configureWriteBufferForWrite();
-thisTime = transfer(buf, off, len, 
socketBufferHandler.getWriteBuffer());
+int thisTime = transfer(buf, off, len, 
socketBufferHandler.getWriteBuffer());
+len -= thisTime;
+while (len > 0) {
+off += thisTime;
+doWrite(true);
+socketBufferHandler.configureWriteBufferForWrite();
+thisTime = transfer(buf, off, len, 
socketBufferHandler.getWriteBuffer());
+len -= thisTime;
+}
 }
 }
 
@@ -551,12 +554,14 @@ public abstract class SocketWrapperBase {
  * @throws IOException If an IO error occurs during the write
  */
 protected void writeBlocking(ByteBuffer from) throws IOException {
-socketBufferHandler.configureWriteBufferForWrite();
-transfer(from, socketBufferHandler.getWriteBuffer());
-while (from.hasRemaining()) {
-doWrite(true);
+if (from.hasRemaining()) {
 socketBufferHandler.configureWriteBufferForWrite();
 transfer(from, socketBufferHandler.getWriteBuffer());
+while (from.hasRemaining()) {
+doWrite(true);
+socketBufferHandler.configureWriteBufferForWrite();
+transfer(from, socketBufferHandler.getWriteBuffer());
+}
 }
 }
 
@@ -579,11 +584,12 @@ public abstract class SocketWrapperBase {
  * @throws IOException If an IO error occurs during the write
  */
 protected void writeNonBlocking(byte[] buf, int off, int len) throws 
IOException {
-if (nonBlockingWriteBuffer.isEmpty() && 
socketBufferHandler.isWriteBufferWritable()) {
+if (len > 0 && nonBlockingWriteBuffer.isEmpty()
+&& socketBufferHandler.isWriteBufferWritable()) {
 socketBufferHandler.configureWriteBufferForWrite();
 int thisTime = transfer(buf, off, len, 
socketBufferHandler.getWriteBuffer());
-len = len - thisTime;
-while (!socketBufferHandler.isWriteBufferWritable()) {
+len -= thisTime;
+while (len > 0) {
 off = off + thisTime;
 doWrite(false);
 if (len > 0 && socketBufferHandler.isWriteBufferWritable()) {
@@ -595,7 +601,7 @@ public abstract class SocketWrapperBase {
 // else to do here. Exit the loop.
 break;
 }
-len = len - thisTime;
+len -= thisTime;
 }
 }
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on a change in pull request #227: Unit test FileStore utility methods

2019-12-02 Thread GitBox 
markt-asf commented on a change in pull request #227: Unit test FileStore 
utility methods
URL: https://github.com/apache/tomcat/pull/227#discussion_r352785380
 
 

 ##
 File path: test/org/apache/catalina/session/FileStoreTest.java
 ##
 @@ -0,0 +1,78 @@
+package org.apache.catalina.session;
+
+import org.apache.catalina.Manager;
+import org.apache.tomcat.unittest.TesterContext;
+import org.apache.tomcat.unittest.TesterServletContext;
+import org.apache.tomcat.util.http.fileupload.FileUtils;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.IOException;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+
+/**
+ * Test utility methods of FileStore class
+ *
+ * @author Govinda Sakhare
+ */
+public class FileStoreTest {
+
+private static final String SESS_TEMPPATH = "SESS_TEMP";
+private static final File dir = new File (SESS_TEMPPATH);
+private static FileStore fileStore;
 
 Review comment:
   No spaces before `(` please (throughout this file)


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on a change in pull request #227: Unit test FileStore utility methods

2019-12-02 Thread GitBox 
markt-asf commented on a change in pull request #227: Unit test FileStore 
utility methods
URL: https://github.com/apache/tomcat/pull/227#discussion_r352784943
 
 

 ##
 File path: test/org/apache/catalina/session/FileStoreTest.java
 ##
 @@ -0,0 +1,78 @@
+package org.apache.catalina.session;
 
 Review comment:
   Needs an ALv2 license header. (checkstyle won't pass without one)


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on a change in pull request #227: Unit test FileStore utility methods

2019-12-02 Thread GitBox 
markt-asf commented on a change in pull request #227: Unit test FileStore 
utility methods
URL: https://github.com/apache/tomcat/pull/227#discussion_r352785597
 
 

 ##
 File path: test/org/apache/catalina/session/FileStoreTest.java
 ##
 @@ -0,0 +1,78 @@
+package org.apache.catalina.session;
+
+import org.apache.catalina.Manager;
+import org.apache.tomcat.unittest.TesterContext;
+import org.apache.tomcat.unittest.TesterServletContext;
+import org.apache.tomcat.util.http.fileupload.FileUtils;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.IOException;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+
 
 Review comment:
   Avoid static imports please.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on a change in pull request #227: Unit test FileStore utility methods

2019-12-02 Thread GitBox 
markt-asf commented on a change in pull request #227: Unit test FileStore 
utility methods
URL: https://github.com/apache/tomcat/pull/227#discussion_r352784340
 
 

 ##
 File path: java/org/apache/catalina/session/FileStore.java
 ##
 @@ -136,8 +136,8 @@ public int getSize() throws IOException {
 // Figure out which files are sessions
 int keycount = 0;
 if (files != null) {
-for (int i = 0; i < files.length; i++) {
-if (files[i].endsWith(FILE_EXT)) {
+for (String file1 : files) {
+if (file1.endsWith (FILE_EXT)) {
 keycount++;
 
 Review comment:
   `file1` looks odd here. I'd change the `file` above to `dir` and use `file` 
here for consistency with other for loops.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on a change in pull request #227: Unit test FileStore utility methods

2019-12-02 Thread GitBox 
markt-asf commented on a change in pull request #227: Unit test FileStore 
utility methods
URL: https://github.com/apache/tomcat/pull/227#discussion_r352785849
 
 

 ##
 File path: test/org/apache/catalina/session/FileStoreTest.java
 ##
 @@ -0,0 +1,78 @@
+package org.apache.catalina.session;
+
+import org.apache.catalina.Manager;
+import org.apache.tomcat.unittest.TesterContext;
+import org.apache.tomcat.unittest.TesterServletContext;
+import org.apache.tomcat.util.http.fileupload.FileUtils;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.IOException;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+
+/**
+ * Test utility methods of FileStore class
+ *
+ * @author Govinda Sakhare
+ */
+public class FileStoreTest {
+
+private static final String SESS_TEMPPATH = "SESS_TEMP";
+private static final File dir = new File (SESS_TEMPPATH);
+private static FileStore fileStore;
+private static File file1 = new File (SESS_TEMPPATH + "/tmp1.session");
+private static File file2 = new File (SESS_TEMPPATH + "/tmp2.session");
+private static Manager manager = new StandardManager ();
+
+@BeforeClass
+public static void setup() throws IOException {
+TesterContext testerContext = new TesterContext ();
+testerContext.setServletContext (new TesterServletContext ());
+manager.setContext (testerContext);
+fileStore = new FileStore ();
+fileStore.setManager (manager);
+}
+
 
 Review comment:
   2 blank lines between methods please


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on a change in pull request #227: Unit test FileStore utility methods

2019-12-02 Thread GitBox 
markt-asf commented on a change in pull request #227: Unit test FileStore 
utility methods
URL: https://github.com/apache/tomcat/pull/227#discussion_r352784475
 
 

 ##
 File path: java/org/apache/catalina/session/FileStore.java
 ##
 @@ -187,9 +187,9 @@ public void clear() throws IOException {
 // Build and return the list of session identifiers
 List list = new ArrayList<>();
 int n = FILE_EXT.length();
-for (int i = 0; i < files.length; i++) {
-if (files[i].endsWith(FILE_EXT)) {
-list.add(files[i].substring(0, files[i].length() - n));
+for (String file1 : files) {
+if (file1.endsWith (FILE_EXT)) {
+list.add (file1.substring (0, file1.length () - n));
 }
 
 Review comment:
   Same here.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on a change in pull request #227: Unit test FileStore utility methods

2019-12-02 Thread GitBox 
markt-asf commented on a change in pull request #227: Unit test FileStore 
utility methods
URL: https://github.com/apache/tomcat/pull/227#discussion_r352784951
 
 

 ##
 File path: java/org/apache/catalina/session/FileStore.java
 ##
 @@ -228,7 +228,7 @@ public Session load(String id) throws 
ClassNotFoundException, IOException {
 ClassLoader oldThreadContextCL = 
context.bind(Globals.IS_SECURITY_ENABLED, null);
 
 try (FileInputStream fis = new FileInputStream(file.getAbsolutePath());
-ObjectInputStream ois = getObjectInputStream(fis)) {
+ObjectInputStream ois = getObjectInputStream(fis)) {
 
 
 Review comment:
   This change is incorrect. The original indent of 8 spaces is correct.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch master updated: https://bz.apache.org/bugzilla/show_bug.cgi?id=63937 allowCorsPreflight

2019-12-02 Thread Michael Osipov 

Am 2019-12-02 um 18:51 schrieb ma...@apache.org:

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
  new e9430e1  https://bz.apache.org/bugzilla/show_bug.cgi?id=63937 
allowCorsPreflight
e9430e1 is described below

commit e9430e1db97d9ffc31d4d4431af92f2511d1b950
Author: Mark Thomas 
AuthorDate: Mon Dec 2 14:01:13 2019 +

 https://bz.apache.org/bugzilla/show_bug.cgi?id=63937 allowCorsPreflight
 
 Add a new attribute to the standard Authenticator implementations,

 allowCorsPreflight, that allows the Authenticators to be configured to
 allow CORS preflight requests to bypass authentication as required by
 the CORS specification.
---
  .../catalina/authenticator/AuthenticatorBase.java  |  88 ++
  java/org/apache/catalina/filters/CorsFilter.java   |  34 +---
  java/org/apache/tomcat/util/http/RequestUtil.java  |  43 +
  .../TestAuthenticatorBaseCorsPreflight.java| 177 +
  .../apache/catalina/filters/TestCorsFilter.java|  12 +-
  webapps/docs/changelog.xml |   8 +
  webapps/docs/config/valve.xml  |  93 +--
  7 files changed, 413 insertions(+), 42 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index 76e712b..308b019 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -33,6 +33,7 @@ import javax.security.auth.message.config.AuthConfigProvider;
  import javax.security.auth.message.config.RegistrationListener;
  import javax.security.auth.message.config.ServerAuthConfig;
  import javax.security.auth.message.config.ServerAuthContext;
+import javax.servlet.DispatcherType;
  import javax.servlet.ServletContext;
  import javax.servlet.ServletException;
  import javax.servlet.http.Cookie;
@@ -53,6 +54,7 @@ import 
org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl;
  import org.apache.catalina.authenticator.jaspic.MessageInfoImpl;
  import org.apache.catalina.connector.Request;
  import org.apache.catalina.connector.Response;
+import org.apache.catalina.filters.CorsFilter;
  import org.apache.catalina.filters.RemoteIpFilter;
  import org.apache.catalina.realm.GenericPrincipal;
  import org.apache.catalina.util.SessionIdGeneratorBase;
@@ -63,9 +65,12 @@ import org.apache.coyote.ActionCode;
  import org.apache.juli.logging.Log;
  import org.apache.juli.logging.LogFactory;
  import org.apache.tomcat.util.ExceptionUtils;
+import org.apache.tomcat.util.descriptor.web.FilterDef;
+import org.apache.tomcat.util.descriptor.web.FilterMap;
  import org.apache.tomcat.util.descriptor.web.LoginConfig;
  import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
  import org.apache.tomcat.util.http.FastHttpDateFormat;
+import org.apache.tomcat.util.http.RequestUtil;
  import org.apache.tomcat.util.res.StringManager;
  
  /**

@@ -237,12 +242,22 @@ public abstract class AuthenticatorBase extends ValveBase
   */
  protected SingleSignOn sso = null;
  
+private AllowCorsPreflight allowCorsPreflight = AllowCorsPreflight.NEVER;

+
  private volatile String jaspicAppContextID = null;
  private volatile Optional jaspicProvider = null;
  
  
  // - Properties
  
+public String getAllowCorsPreflight() {

+return allowCorsPreflight.name().toLowerCase();
+}
+
+public void setAllowCorsPreflight(String allowCorsPreflight) {
+this.allowCorsPreflight = 
AllowCorsPreflight.valueOf(allowCorsPreflight.trim().toUpperCase());
+}
+


toLowerCase() and toUpperCase() should be locale-agnostic. I bet FILTER 
will fail with tr_TR.



  public boolean getAlwaysUseSession() {
  return alwaysUseSession;
  }
@@ -593,6 +608,14 @@ public abstract class AuthenticatorBase extends ValveBase
  
  JaspicState jaspicState = null;
  
+if ((authRequired || constraints != null) && allowCorsPreflightBypass(request)) {

+if (log.isDebugEnabled()) {
+log.debug(" CORS Preflight request bypassing authentication");

 ^^
 Is that space intended?

+}
+getNext().invoke(request, response);
+return;
+}
+
  if (authRequired) {
  if (log.isDebugEnabled()) {
  log.debug(" Calling authenticate()");
@@ -648,6 +671,64 @@ public abstract class AuthenticatorBase extends ValveBase
  }
  
  
+protected boolean allowCorsPreflightBypass(Request request) {

+boolean allowBypass = false;
+
+if (allowCorsPreflight != AllowCorsPreflight.NEVER)

Re: Initial set of patches for Jakarta EE 9

2019-12-02 Thread Igal Sapir 

On 12/1/2019 1:28 PM, Mark Thomas wrote:

On 30/11/2019 21:11, Igal Sapir wrote:



First issue I noticed when trying to build on Windows:

compile:
     [javac] Compiling 1727 source files to
E:\Workspace\test\tomcat-jakarta\output\classes
     [javac]
E:\Workspace\test\tomcat-jakarta\java\org\apache\tomcat\util\http\RequestUtil.java:21:
error: package javax.servlet.http does not exist
     [javac] import javax.servlet.http.HttpServletRequest;
     [javac]  ^
     [javac]
E:\Workspace\test\tomcat-jakarta\java\org\apache\tomcat\util\http\RequestUtil.java:122:
error: cannot find symbol
     [javac] public static boolean isSameOrigin(HttpServletRequest
request, String origin) {
     [javac]    ^
     [javac]   symbol:   class HttpServletRequest
     [javac]   location: class RequestUtil
     [javac] Note: Some input files use or override a deprecated API.
     [javac] Note: Recompile with -Xlint:deprecation for details.
     [javac] 2 errors

BUILD FAILED
E:\Workspace\test\tomcat-jakarta\build.xml:706: Compile failed; see the
compiler error output for details.

Sorry. My error. When I rebased the branch I forgot to check if any
additional changes were required. I've fixed this now. Note I used a
force push to try and keep to the one commit per package I used originally.

Should be OK now.


This one built fine but got some failing test cases on a busy Windows 
machine, so possibly false positives:


   [concat] Testsuites with failed tests:
   [concat] 
TEST-org.apache.catalina.authenticator.TestFormAuthenticator.APR.txt

   [concat] TEST-org.apache.catalina.core.TestAsyncContextImpl.NIO2.txt
   [concat] TEST-org.apache.coyote.http2.TestStreamProcessor.APR.txt
   [concat] TEST-org.apache.coyote.http2.TestStreamProcessor.NIO.txt
   [concat] TEST-org.apache.coyote.http2.TestStreamProcessor.NIO2.txt
   [concat] TEST-org.apache.jasper.runtime.TestJspRuntimeLibrary.APR.txt
   [concat] TEST-org.apache.jasper.runtime.TestJspRuntimeLibrary.NIO.txt
   [concat] TEST-org.apache.jasper.runtime.TestJspRuntimeLibrary.NIO2.txt
   [concat] 
TEST-org.apache.tomcat.websocket.TestWebSocketFrameClientSSL.APR.txt


Igal




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch master updated: https://bz.apache.org/bugzilla/show_bug.cgi?id=63937 allowCorsPreflight

2019-12-02 Thread Mark Thomas 
On 02/12/2019 19:48, Michael Osipov wrote:
> Am 2019-12-02 um 18:51 schrieb ma...@apache.org:



>> - Properties
>>   +    public String getAllowCorsPreflight() {
>> +    return allowCorsPreflight.name().toLowerCase();
>> +    }
>> +
>> +    public void setAllowCorsPreflight(String allowCorsPreflight) {
>> +    this.allowCorsPreflight =
>> AllowCorsPreflight.valueOf(allowCorsPreflight.trim().toUpperCase());
>> +    }
>> +
> 
> toLowerCase() and toUpperCase() should be locale-agnostic.

They should be forced to ENGLISH. I'll get that fixed.

>> +    if (log.isDebugEnabled()) {
>> +    log.debug(" CORS Preflight request bypassing
>> authentication");
>  ^^
>  Is that space intended?

Yes. For consistency with surrounding messages. The file is not
consistent though. Removal of all leading spaces in debug messages is
probably the right choice here as that would be consistent with the
majority of debug messages in Tomcat.


>> +    if
>> ("/*".equals(urlPattern)) {
> So basically, if I have applied the CorsFilter to "/api/* it will
> evaluate to false?! 

Correct - if you are using "filter". If you use "always" it won't reach
those tests.

> This is why I brought up BZ 63938.
> You see no other way to make it an exact match a not blanket?

Not easily, no. You'd essentially have to recreate large chunks of
ApplicationFilterFactory.

>> --- a/webapps/docs/config/valve.xml
>> +++ b/webapps/docs/config/valve.xml
>> @@ -1201,6 +1201,21 @@
>>     
>>   +  
>> +    Are requests that appear to be CORS preflight requests
>> allowed to
>> +    bypass the authenticator as required by the CORS
>> specification. The
>> +    allowed values are never, filter and
>> +    always. never means that a request
>> will never
>> +    bypass authentication even if it appears to be a CORS
>> preflight request.
>> +    filter means that a request will bypass
>> authentication if
>> +    it appears to be a CORS preflight request and the web
>> application the
>> +    request maps to has the CORS
> 
> I have the feeling that some word is either wrong or missing here: ...
> and the web application the request maps ...

Looks fine to me.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch master updated: https://bz.apache.org/bugzilla/show_bug.cgi?id=63937 allowCorsPreflight

2019-12-02 Thread Michael Osipov 

Am 2019-12-02 um 21:07 schrieb Mark Thomas:

On 02/12/2019 19:48, Michael Osipov wrote:

Am 2019-12-02 um 18:51 schrieb ma...@apache.org:

>

This is why I brought up BZ 63938.
You see no other way to make it an exact match a not blanket?


Not easily, no. You'd essentially have to recreate large chunks of
ApplicationFilterFactory.


Agreed to the tradeoff, I'd rather would see BZ 63938 fixed in that spirit.


--- a/webapps/docs/config/valve.xml
+++ b/webapps/docs/config/valve.xml
@@ -1201,6 +1201,21 @@
     
   +  
+    Are requests that appear to be CORS preflight requests
allowed to
+    bypass the authenticator as required by the CORS
specification. The
+    allowed values are never, filter and
+    always. never means that a request
will never
+    bypass authentication even if it appears to be a CORS
preflight request.
+    filter means that a request will bypass
authentication if
+    it appears to be a CORS preflight request and the web
application the
+    request maps to has the CORS


I have the feeling that some word is either wrong or missing here: ...
and the web application the request maps ...


Looks fine to me.


Frankly, as a non-English native speaker I do not understand the 
sentence. Maybe others won't too.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Harmonize again writes, thanks to Mark for the review.

2019-12-02 Thread remm 
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new bb8649c  Harmonize again writes, thanks to Mark for the review.
bb8649c is described below

commit bb8649c67f1f3caefd294116f37b50d5fd529206
Author: remm 
AuthorDate: Mon Dec 2 20:25:21 2019 +0100

Harmonize again writes, thanks to Mark for the review.
---
 .../apache/tomcat/util/net/SocketWrapperBase.java  | 36 +-
 1 file changed, 21 insertions(+), 15 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/SocketWrapperBase.java 
b/java/org/apache/tomcat/util/net/SocketWrapperBase.java
index 30d2d47..0d348a6 100644
--- a/java/org/apache/tomcat/util/net/SocketWrapperBase.java
+++ b/java/org/apache/tomcat/util/net/SocketWrapperBase.java
@@ -475,14 +475,17 @@ public abstract class SocketWrapperBase {
  * @throws IOException If an IO error occurs during the write
  */
 protected void writeBlocking(byte[] buf, int off, int len) throws 
IOException {
-socketBufferHandler.configureWriteBufferForWrite();
-int thisTime = transfer(buf, off, len, 
socketBufferHandler.getWriteBuffer());
-while (!socketBufferHandler.getWriteBuffer().hasRemaining()) {
-len = len - thisTime;
-off = off + thisTime;
-doWrite(true);
+if (len > 0) {
 socketBufferHandler.configureWriteBufferForWrite();
-thisTime = transfer(buf, off, len, 
socketBufferHandler.getWriteBuffer());
+int thisTime = transfer(buf, off, len, 
socketBufferHandler.getWriteBuffer());
+len -= thisTime;
+while (len > 0) {
+off += thisTime;
+doWrite(true);
+socketBufferHandler.configureWriteBufferForWrite();
+thisTime = transfer(buf, off, len, 
socketBufferHandler.getWriteBuffer());
+len -= thisTime;
+}
 }
 }
 
@@ -501,12 +504,14 @@ public abstract class SocketWrapperBase {
  * @throws IOException If an IO error occurs during the write
  */
 protected void writeBlocking(ByteBuffer from) throws IOException {
-socketBufferHandler.configureWriteBufferForWrite();
-transfer(from, socketBufferHandler.getWriteBuffer());
-while (from.hasRemaining()) {
-doWrite(true);
+if (from.hasRemaining()) {
 socketBufferHandler.configureWriteBufferForWrite();
 transfer(from, socketBufferHandler.getWriteBuffer());
+while (from.hasRemaining()) {
+doWrite(true);
+socketBufferHandler.configureWriteBufferForWrite();
+transfer(from, socketBufferHandler.getWriteBuffer());
+}
 }
 }
 
@@ -529,11 +534,12 @@ public abstract class SocketWrapperBase {
  * @throws IOException If an IO error occurs during the write
  */
 protected void writeNonBlocking(byte[] buf, int off, int len) throws 
IOException {
-if (nonBlockingWriteBuffer.isEmpty() && 
socketBufferHandler.isWriteBufferWritable()) {
+if (len > 0 && nonBlockingWriteBuffer.isEmpty()
+&& socketBufferHandler.isWriteBufferWritable()) {
 socketBufferHandler.configureWriteBufferForWrite();
 int thisTime = transfer(buf, off, len, 
socketBufferHandler.getWriteBuffer());
-len = len - thisTime;
-while (!socketBufferHandler.isWriteBufferWritable()) {
+len -= thisTime;
+while (len > 0) {
 off = off + thisTime;
 doWrite(false);
 if (len > 0 && socketBufferHandler.isWriteBufferWritable()) {
@@ -545,7 +551,7 @@ public abstract class SocketWrapperBase {
 // else to do here. Exit the loop.
 break;
 }
-len = len - thisTime;
+len -= thisTime;
 }
 }
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated (c92fab2 -> 17e9bda)

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from c92fab2  Harmonize again writes, thanks to Mark for the review.
 new 5782197  Alternative wording
 new 4acf1da  Force Locale for to[Upper|Lower]Case()
 new 17e9bda  Remove leading spaces from debug messages

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../catalina/authenticator/AuthenticatorBase.java  | 25 +--
 webapps/docs/config/valve.xml  | 48 +++---
 2 files changed, 37 insertions(+), 36 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/03: Force Locale for to[Upper|Lower]Case()

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 4acf1daa741e56e2e509345cc4f331b244f0c7f7
Author: Mark Thomas 
AuthorDate: Mon Dec 2 20:29:19 2019 +

Force Locale for to[Upper|Lower]Case()
---
 java/org/apache/catalina/authenticator/AuthenticatorBase.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index 308b019..610f15b 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -19,6 +19,7 @@ package org.apache.catalina.authenticator;
 import java.io.IOException;
 import java.security.Principal;
 import java.security.cert.X509Certificate;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
@@ -251,11 +252,11 @@ public abstract class AuthenticatorBase extends ValveBase
 // - Properties
 
 public String getAllowCorsPreflight() {
-return allowCorsPreflight.name().toLowerCase();
+return allowCorsPreflight.name().toLowerCase(Locale.ENGLISH);
 }
 
 public void setAllowCorsPreflight(String allowCorsPreflight) {
-this.allowCorsPreflight = 
AllowCorsPreflight.valueOf(allowCorsPreflight.trim().toUpperCase());
+this.allowCorsPreflight = 
AllowCorsPreflight.valueOf(allowCorsPreflight.trim().toUpperCase(Locale.ENGLISH));
 }
 
 public boolean getAlwaysUseSession() {


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 03/03: Remove leading spaces from debug messages

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 17e9bda849f1e741f846d6af53e6405ce09be175
Author: Mark Thomas 
AuthorDate: Mon Dec 2 20:30:33 2019 +

Remove leading spaces from debug messages
---
 .../catalina/authenticator/AuthenticatorBase.java| 20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index 610f15b..b6f2c9e 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -537,7 +537,7 @@ public abstract class AuthenticatorBase extends ValveBase
 
 if (constraints == null && !context.getPreemptiveAuthentication() && 
!authRequired) {
 if (log.isDebugEnabled()) {
-log.debug(" Not subject to any constraint");
+log.debug("Not subject to any constraint");
 }
 getNext().invoke(request, response);
 return;
@@ -560,11 +560,11 @@ public abstract class AuthenticatorBase extends ValveBase
 if (constraints != null) {
 // Enforce any user data constraint for this security constraint
 if (log.isDebugEnabled()) {
-log.debug(" Calling hasUserDataPermission()");
+log.debug("Calling hasUserDataPermission()");
 }
 if (!realm.hasUserDataPermission(request, response, constraints)) {
 if (log.isDebugEnabled()) {
-log.debug(" Failed hasUserDataPermission() test");
+log.debug("Failed hasUserDataPermission() test");
 }
 /*
  * ASSERT: Authenticator already set the appropriate HTTP 
status
@@ -611,7 +611,7 @@ public abstract class AuthenticatorBase extends ValveBase
 
 if ((authRequired || constraints != null) && 
allowCorsPreflightBypass(request)) {
 if (log.isDebugEnabled()) {
-log.debug(" CORS Preflight request bypassing authentication");
+log.debug("CORS Preflight request bypassing authentication");
 }
 getNext().invoke(request, response);
 return;
@@ -619,7 +619,7 @@ public abstract class AuthenticatorBase extends ValveBase
 
 if (authRequired) {
 if (log.isDebugEnabled()) {
-log.debug(" Calling authenticate()");
+log.debug("Calling authenticate()");
 }
 
 if (jaspicProvider != null) {
@@ -633,7 +633,7 @@ public abstract class AuthenticatorBase extends ValveBase
 jaspicProvider != null &&
 !authenticateJaspic(request, response, 
jaspicState, false)) {
 if (log.isDebugEnabled()) {
-log.debug(" Failed authenticate() test");
+log.debug("Failed authenticate() test");
 }
 /*
  * ASSERT: Authenticator already set the appropriate HTTP 
status
@@ -646,11 +646,11 @@ public abstract class AuthenticatorBase extends ValveBase
 
 if (constraints != null) {
 if (log.isDebugEnabled()) {
-log.debug(" Calling accessControl()");
+log.debug("Calling accessControl()");
 }
 if (!realm.hasResourcePermission(request, response, constraints, 
this.context)) {
 if (log.isDebugEnabled()) {
-log.debug(" Failed accessControl() test");
+log.debug("Failed accessControl() test");
 }
 /*
  * ASSERT: AccessControl method has already set the appropriate
@@ -662,7 +662,7 @@ public abstract class AuthenticatorBase extends ValveBase
 
 // Any and all specified constraints have been satisfied
 if (log.isDebugEnabled()) {
-log.debug(" Successfully passed all security constraints");
+log.debug("Successfully passed all security constraints");
 }
 getNext().invoke(request, response);
 
@@ -1068,7 +1068,7 @@ public abstract class AuthenticatorBase extends ValveBase
 associate(ssoId, request.getSessionInternal(true));
 
 if (log.isDebugEnabled()) {
-log.debug(" Reauthenticated cached principal '" +
+log.debug("Reauthenticated cached principal '" +
 request.getUserPrincipal().getName() +
 "' with auth type '" + request.getAuthType() + "'");
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/03: Alternative wording

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 5782197c2480dc5467ed7204d8dd57522c2d9e91
Author: Mark Thomas 
AuthorDate: Mon Dec 2 20:28:31 2019 +

Alternative wording
---
 webapps/docs/config/valve.xml | 48 +--
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/webapps/docs/config/valve.xml b/webapps/docs/config/valve.xml
index ca32e37..00c25eb 100644
--- a/webapps/docs/config/valve.xml
+++ b/webapps/docs/config/valve.xml
@@ -1208,12 +1208,12 @@
 always. never means that a request will never
 bypass authentication even if it appears to be a CORS preflight 
request.
 filter means that a request will bypass authentication if
-it appears to be a CORS preflight request and the web application the
-request maps to has the CORS
-Filter enabled and mapped to /*. always
-means that all requests that appear to be CORS preflight requests will
-bypass authentication. If not set, the default value is
-never.
+it appears to be a CORS preflight request; it is mapped to a web
+application that has the CORS
+Filter enabled; and the CORS Filter is mapped to /*.
+always means that all requests that appear to be CORS
+preflight requests will bypass authentication. If not set, the default
+value is never.
   
 
   
@@ -1366,12 +1366,12 @@
 always. never means that a request will never
 bypass authentication even if it appears to be a CORS preflight 
request.
 filter means that a request will bypass authentication if
-it appears to be a CORS preflight request and the web application the
-request maps to has the CORS
-Filter enabled and mapped to /*. always
-means that all requests that appear to be CORS preflight requests will
-bypass authentication. If not set, the default value is
-never.
+it appears to be a CORS preflight request; it is mapped to a web
+application that has the CORS
+Filter enabled; and the CORS Filter is mapped to /*.
+always means that all requests that appear to be CORS
+preflight requests will bypass authentication. If not set, the default
+value is never.
   
 
   
@@ -1548,12 +1548,12 @@
 always. never means that a request will never
 bypass authentication even if it appears to be a CORS preflight 
request.
 filter means that a request will bypass authentication if
-it appears to be a CORS preflight request and the web application the
-request maps to has the CORS
-Filter enabled and mapped to /*. always
-means that all requests that appear to be CORS preflight requests will
-bypass authentication. If not set, the default value is
-never.
+it appears to be a CORS preflight request; it is mapped to a web
+application that has the CORS
+Filter enabled; and the CORS Filter is mapped to /*.
+always means that all requests that appear to be CORS
+preflight requests will bypass authentication. If not set, the default
+value is never.
   
 
   
@@ -1689,12 +1689,12 @@
 always. never means that a request will never
 bypass authentication even if it appears to be a CORS preflight 
request.
 filter means that a request will bypass authentication if
-it appears to be a CORS preflight request and the web application the
-request maps to has the CORS
-Filter enabled and mapped to /*. always
-means that all requests that appear to be CORS preflight requests will
-bypass authentication. If not set, the default value is
-never.
+it appears to be a CORS preflight request; it is mapped to a web
+application that has the CORS
+Filter enabled; and the CORS Filter is mapped to /*.
+always means that all requests that appear to be CORS
+preflight requests will bypass authentication. If not set, the default
+value is never.
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/03: Alternative wording

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 9ca49b51b49f93529b4cbed73c91429a7991709d
Author: Mark Thomas 
AuthorDate: Mon Dec 2 20:28:31 2019 +

Alternative wording
---
 webapps/docs/config/valve.xml | 48 +--
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/webapps/docs/config/valve.xml b/webapps/docs/config/valve.xml
index 0ceca00..c376c9a 100644
--- a/webapps/docs/config/valve.xml
+++ b/webapps/docs/config/valve.xml
@@ -1208,12 +1208,12 @@
 always. never means that a request will never
 bypass authentication even if it appears to be a CORS preflight 
request.
 filter means that a request will bypass authentication if
-it appears to be a CORS preflight request and the web application the
-request maps to has the CORS
-Filter enabled and mapped to /*. always
-means that all requests that appear to be CORS preflight requests will
-bypass authentication. If not set, the default value is
-never.
+it appears to be a CORS preflight request; it is mapped to a web
+application that has the CORS
+Filter enabled; and the CORS Filter is mapped to /*.
+always means that all requests that appear to be CORS
+preflight requests will bypass authentication. If not set, the default
+value is never.
   
 
   
@@ -1366,12 +1366,12 @@
 always. never means that a request will never
 bypass authentication even if it appears to be a CORS preflight 
request.
 filter means that a request will bypass authentication if
-it appears to be a CORS preflight request and the web application the
-request maps to has the CORS
-Filter enabled and mapped to /*. always
-means that all requests that appear to be CORS preflight requests will
-bypass authentication. If not set, the default value is
-never.
+it appears to be a CORS preflight request; it is mapped to a web
+application that has the CORS
+Filter enabled; and the CORS Filter is mapped to /*.
+always means that all requests that appear to be CORS
+preflight requests will bypass authentication. If not set, the default
+value is never.
   
 
   
@@ -1548,12 +1548,12 @@
 always. never means that a request will never
 bypass authentication even if it appears to be a CORS preflight 
request.
 filter means that a request will bypass authentication if
-it appears to be a CORS preflight request and the web application the
-request maps to has the CORS
-Filter enabled and mapped to /*. always
-means that all requests that appear to be CORS preflight requests will
-bypass authentication. If not set, the default value is
-never.
+it appears to be a CORS preflight request; it is mapped to a web
+application that has the CORS
+Filter enabled; and the CORS Filter is mapped to /*.
+always means that all requests that appear to be CORS
+preflight requests will bypass authentication. If not set, the default
+value is never.
   
 
   
@@ -1689,12 +1689,12 @@
 always. never means that a request will never
 bypass authentication even if it appears to be a CORS preflight 
request.
 filter means that a request will bypass authentication if
-it appears to be a CORS preflight request and the web application the
-request maps to has the CORS
-Filter enabled and mapped to /*. always
-means that all requests that appear to be CORS preflight requests will
-bypass authentication. If not set, the default value is
-never.
+it appears to be a CORS preflight request; it is mapped to a web
+application that has the CORS
+Filter enabled; and the CORS Filter is mapped to /*.
+always means that all requests that appear to be CORS
+preflight requests will bypass authentication. If not set, the default
+value is never.
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated (bb8649c -> 389180e)

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from bb8649c  Harmonize again writes, thanks to Mark for the review.
 new 9ca49b5  Alternative wording
 new 7bbc64e  Force Locale for to[Upper|Lower]Case()
 new 389180e  Remove leading spaces from debug messages

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../catalina/authenticator/AuthenticatorBase.java  | 25 +--
 webapps/docs/config/valve.xml  | 48 +++---
 2 files changed, 37 insertions(+), 36 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/03: Force Locale for to[Upper|Lower]Case()

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 7bbc64ea394a4180f199a0e14158951065fc9e50
Author: Mark Thomas 
AuthorDate: Mon Dec 2 20:29:19 2019 +

Force Locale for to[Upper|Lower]Case()
---
 java/org/apache/catalina/authenticator/AuthenticatorBase.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index ee713d5..e438738 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -19,6 +19,7 @@ package org.apache.catalina.authenticator;
 import java.io.IOException;
 import java.security.Principal;
 import java.security.cert.X509Certificate;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 
@@ -253,11 +254,11 @@ public abstract class AuthenticatorBase extends ValveBase
 // - Properties
 
 public String getAllowCorsPreflight() {
-return allowCorsPreflight.name().toLowerCase();
+return allowCorsPreflight.name().toLowerCase(Locale.ENGLISH);
 }
 
 public void setAllowCorsPreflight(String allowCorsPreflight) {
-this.allowCorsPreflight = 
AllowCorsPreflight.valueOf(allowCorsPreflight.trim().toUpperCase());
+this.allowCorsPreflight = 
AllowCorsPreflight.valueOf(allowCorsPreflight.trim().toUpperCase(Locale.ENGLISH));
 }
 
 public boolean getAlwaysUseSession() {


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 03/03: Remove leading spaces from debug messages

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 389180e6f945c7eef0fbce28f20ce7e1fb2d6d67
Author: Mark Thomas 
AuthorDate: Mon Dec 2 20:30:33 2019 +

Remove leading spaces from debug messages
---
 .../catalina/authenticator/AuthenticatorBase.java| 20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index e438738..2b5a502 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -539,7 +539,7 @@ public abstract class AuthenticatorBase extends ValveBase
 
 if (constraints == null && !context.getPreemptiveAuthentication() && 
!authRequired) {
 if (log.isDebugEnabled()) {
-log.debug(" Not subject to any constraint");
+log.debug("Not subject to any constraint");
 }
 getNext().invoke(request, response);
 return;
@@ -562,11 +562,11 @@ public abstract class AuthenticatorBase extends ValveBase
 if (constraints != null) {
 // Enforce any user data constraint for this security constraint
 if (log.isDebugEnabled()) {
-log.debug(" Calling hasUserDataPermission()");
+log.debug("Calling hasUserDataPermission()");
 }
 if (!realm.hasUserDataPermission(request, response, constraints)) {
 if (log.isDebugEnabled()) {
-log.debug(" Failed hasUserDataPermission() test");
+log.debug("Failed hasUserDataPermission() test");
 }
 /*
  * ASSERT: Authenticator already set the appropriate HTTP 
status
@@ -613,7 +613,7 @@ public abstract class AuthenticatorBase extends ValveBase
 
 if ((authRequired || constraints != null) && 
allowCorsPreflightBypass(request)) {
 if (log.isDebugEnabled()) {
-log.debug(" CORS Preflight request bypassing authentication");
+log.debug("CORS Preflight request bypassing authentication");
 }
 getNext().invoke(request, response);
 return;
@@ -621,7 +621,7 @@ public abstract class AuthenticatorBase extends ValveBase
 
 if (authRequired) {
 if (log.isDebugEnabled()) {
-log.debug(" Calling authenticate()");
+log.debug("Calling authenticate()");
 }
 
 if (jaspicProvider != null) {
@@ -635,7 +635,7 @@ public abstract class AuthenticatorBase extends ValveBase
 jaspicProvider != null &&
 !authenticateJaspic(request, response, 
jaspicState, false)) {
 if (log.isDebugEnabled()) {
-log.debug(" Failed authenticate() test");
+log.debug("Failed authenticate() test");
 }
 /*
  * ASSERT: Authenticator already set the appropriate HTTP 
status
@@ -648,11 +648,11 @@ public abstract class AuthenticatorBase extends ValveBase
 
 if (constraints != null) {
 if (log.isDebugEnabled()) {
-log.debug(" Calling accessControl()");
+log.debug("Calling accessControl()");
 }
 if (!realm.hasResourcePermission(request, response, constraints, 
this.context)) {
 if (log.isDebugEnabled()) {
-log.debug(" Failed accessControl() test");
+log.debug("Failed accessControl() test");
 }
 /*
  * ASSERT: AccessControl method has already set the appropriate
@@ -664,7 +664,7 @@ public abstract class AuthenticatorBase extends ValveBase
 
 // Any and all specified constraints have been satisfied
 if (log.isDebugEnabled()) {
-log.debug(" Successfully passed all security constraints");
+log.debug("Successfully passed all security constraints");
 }
 getNext().invoke(request, response);
 
@@ -1070,7 +1070,7 @@ public abstract class AuthenticatorBase extends ValveBase
 associate(ssoId, request.getSessionInternal(true));
 
 if (log.isDebugEnabled()) {
-log.debug(" Reauthenticated cached principal '" +
+log.debug("Reauthenticated cached principal '" +
 request.getUserPrincipal().getName() +
 "' with auth type '" + request.getAuthType() + "'");
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 7.0.x updated (0592e5e -> c085d37)

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 0592e5e  https://bz.apache.org/bugzilla/show_bug.cgi?id=63937 
allowCorsPreflight
 new 01df00f  Alternative wording
 new 30fafc2  Force Locale for to[Upper|Lower]Case()
 new c085d37  Remove leading spaces from debug messages

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../catalina/authenticator/AuthenticatorBase.java  | 25 +--
 webapps/docs/config/valve.xml  | 48 +++---
 2 files changed, 37 insertions(+), 36 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 03/03: Remove leading spaces from debug messages

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit c085d3721bdfc3798300d6ff9d96a5df6465940a
Author: Mark Thomas 
AuthorDate: Mon Dec 2 20:30:33 2019 +

Remove leading spaces from debug messages
---
 .../catalina/authenticator/AuthenticatorBase.java| 20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index 485b2f4..6c9e121 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -488,7 +488,7 @@ public abstract class AuthenticatorBase extends ValveBase
 
 if (constraints == null && !context.getPreemptiveAuthentication() && 
!authRequired) {
 if (log.isDebugEnabled()) {
-log.debug(" Not subject to any constraint");
+log.debug("Not subject to any constraint");
 }
 getNext().invoke(request, response);
 return;
@@ -511,11 +511,11 @@ public abstract class AuthenticatorBase extends ValveBase
 if (constraints != null) {
 // Enforce any user data constraint for this security constraint
 if (log.isDebugEnabled()) {
-log.debug(" Calling hasUserDataPermission()");
+log.debug("Calling hasUserDataPermission()");
 }
 if (!realm.hasUserDataPermission(request, response, constraints)) {
 if (log.isDebugEnabled()) {
-log.debug(" Failed hasUserDataPermission() test");
+log.debug("Failed hasUserDataPermission() test");
 }
 /*
  * ASSERT: Authenticator already set the appropriate HTTP 
status
@@ -559,7 +559,7 @@ public abstract class AuthenticatorBase extends ValveBase
 
 if ((authRequired || constraints != null) && 
allowCorsPreflightBypass(request)) {
 if (log.isDebugEnabled()) {
-log.debug(" CORS Preflight request bypassing authentication");
+log.debug("CORS Preflight request bypassing authentication");
 }
 getNext().invoke(request, response);
 return;
@@ -567,11 +567,11 @@ public abstract class AuthenticatorBase extends ValveBase
 
 if (authRequired) {
 if (log.isDebugEnabled()) {
-log.debug(" Calling authenticate()");
+log.debug("Calling authenticate()");
 }
 if (!authenticate(request, response, config)) {
 if (log.isDebugEnabled()) {
-log.debug(" Failed authenticate() test");
+log.debug("Failed authenticate() test");
 }
 /*
  * ASSERT: Authenticator already set the appropriate HTTP 
status
@@ -584,11 +584,11 @@ public abstract class AuthenticatorBase extends ValveBase
 
 if (constraints != null) {
 if (log.isDebugEnabled()) {
-log.debug(" Calling accessControl()");
+log.debug("Calling accessControl()");
 }
 if (!realm.hasResourcePermission(request, response, constraints, 
this.context)) {
 if (log.isDebugEnabled()) {
-log.debug(" Failed accessControl() test");
+log.debug("Failed accessControl() test");
 }
 /*
  * ASSERT: AccessControl method has already set the appropriate
@@ -600,7 +600,7 @@ public abstract class AuthenticatorBase extends ValveBase
 
 // Any and all specified constraints have been satisfied
 if (log.isDebugEnabled()) {
-log.debug(" Successfully passed all security constraints");
+log.debug("Successfully passed all security constraints");
 }
 getNext().invoke(request, response);
 
@@ -856,7 +856,7 @@ public abstract class AuthenticatorBase extends ValveBase
 associate(ssoId, request.getSessionInternal(true));
 
 if (log.isDebugEnabled()) {
-log.debug(" Reauthenticated cached principal '" +
+log.debug("Reauthenticated cached principal '" +
 request.getUserPrincipal().getName() +
 "' with auth type '" + request.getAuthType() + "'");
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/03: Force Locale for to[Upper|Lower]Case()

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 30fafc2b0cbf3b2e7924f3966540af1361b3fd4e
Author: Mark Thomas 
AuthorDate: Mon Dec 2 20:29:19 2019 +

Force Locale for to[Upper|Lower]Case()
---
 java/org/apache/catalina/authenticator/AuthenticatorBase.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index 7bd9a89..485b2f4 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -19,6 +19,7 @@ package org.apache.catalina.authenticator;
 import java.io.IOException;
 import java.security.Principal;
 import java.security.cert.X509Certificate;
+import java.util.Locale;
 
 import javax.servlet.DispatcherType;
 import javax.servlet.ServletException;
@@ -211,11 +212,11 @@ public abstract class AuthenticatorBase extends ValveBase
 // - Properties
 
 public String getAllowCorsPreflight() {
-return allowCorsPreflight.name().toLowerCase();
+return allowCorsPreflight.name().toLowerCase(Locale.ENGLISH);
 }
 
 public void setAllowCorsPreflight(String allowCorsPreflight) {
-this.allowCorsPreflight = 
AllowCorsPreflight.valueOf(allowCorsPreflight.trim().toUpperCase());
+this.allowCorsPreflight = 
AllowCorsPreflight.valueOf(allowCorsPreflight.trim().toUpperCase(Locale.ENGLISH));
 }
 
 public boolean getAlwaysUseSession() {


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/03: Alternative wording

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 01df00fe64bee9a842044624f1fd356108f7f835
Author: Mark Thomas 
AuthorDate: Mon Dec 2 20:28:31 2019 +

Alternative wording
---
 webapps/docs/config/valve.xml | 48 +--
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/webapps/docs/config/valve.xml b/webapps/docs/config/valve.xml
index 05d1b6b..fbb19fe 100644
--- a/webapps/docs/config/valve.xml
+++ b/webapps/docs/config/valve.xml
@@ -1109,12 +1109,12 @@
 always. never means that a request will never
 bypass authentication even if it appears to be a CORS preflight 
request.
 filter means that a request will bypass authentication if
-it appears to be a CORS preflight request and the web application the
-request maps to has the CORS
-Filter enabled and mapped to /*. always
-means that all requests that appear to be CORS preflight requests will
-bypass authentication. If not set, the default value is
-never.
+it appears to be a CORS preflight request; it is mapped to a web
+application that has the CORS
+Filter enabled; and the CORS Filter is mapped to /*.
+always means that all requests that appear to be CORS
+preflight requests will bypass authentication. If not set, the default
+value is never.
   
 
   
@@ -1252,12 +1252,12 @@
 always. never means that a request will never
 bypass authentication even if it appears to be a CORS preflight 
request.
 filter means that a request will bypass authentication if
-it appears to be a CORS preflight request and the web application the
-request maps to has the CORS
-Filter enabled and mapped to /*. always
-means that all requests that appear to be CORS preflight requests will
-bypass authentication. If not set, the default value is
-never.
+it appears to be a CORS preflight request; it is mapped to a web
+application that has the CORS
+Filter enabled; and the CORS Filter is mapped to /*.
+always means that all requests that appear to be CORS
+preflight requests will bypass authentication. If not set, the default
+value is never.
   
 
   
@@ -1425,12 +1425,12 @@
 always. never means that a request will never
 bypass authentication even if it appears to be a CORS preflight 
request.
 filter means that a request will bypass authentication if
-it appears to be a CORS preflight request and the web application the
-request maps to has the CORS
-Filter enabled and mapped to /*. always
-means that all requests that appear to be CORS preflight requests will
-bypass authentication. If not set, the default value is
-never.
+it appears to be a CORS preflight request; it is mapped to a web
+application that has the CORS
+Filter enabled; and the CORS Filter is mapped to /*.
+always means that all requests that appear to be CORS
+preflight requests will bypass authentication. If not set, the default
+value is never.
   
 
   
@@ -1557,12 +1557,12 @@
 always. never means that a request will never
 bypass authentication even if it appears to be a CORS preflight 
request.
 filter means that a request will bypass authentication if
-it appears to be a CORS preflight request and the web application the
-request maps to has the CORS
-Filter enabled and mapped to /*. always
-means that all requests that appear to be CORS preflight requests will
-bypass authentication. If not set, the default value is
-never.
+it appears to be a CORS preflight request; it is mapped to a web
+application that has the CORS
+Filter enabled; and the CORS Filter is mapped to /*.
+always means that all requests that appear to be CORS
+preflight requests will bypass authentication. If not set, the default
+value is never.
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[CONF] Apache Tomcat > Jakarta EE Release Numbering

2019-12-02 Thread Mark Thomas (Confluence) 
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Jakarta EE Release Numbering 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Mark Thomas edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Mark Thomas edited at 09:25 PM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Correct 9.11.x version in step 6. Clarify M == milestone  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... 
 
7 : Continues to support Java EE 6 
8 : Continues to support Java EE 7 
9 : Continues to support Java EE 8 
10.0.0.Mx (master) development branch for Jakarta EE 9 support 
  Note the 10.0.0.Mx will be Milestone releases   Step 2: Releases between now and Jakarta EE 9 release  ... 
 
8 : Continues to support Java EE 7 (likely to be EOL soon if not already EOL) 
9 : Continues to support Java EE 8 
9.11: Continues to support Java EE 8 with Tomcat API identical to latest Tomcat 1011.0.x 
10: Supports Jakarta EE 10 
11: (master): Supports of Jakarta EE 11 
 ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.8

[tomcat] branch master updated: Clean-up. Remove unnecessary toString(). Better local variable name.

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new ce40920  Clean-up. Remove unnecessary toString(). Better local 
variable name.
ce40920 is described below

commit ce409206d14f22195a62414510ed4d8dc2c3b846
Author: Mark Thomas 
AuthorDate: Mon Dec 2 20:55:14 2019 +

Clean-up. Remove unnecessary toString(). Better local variable name.
---
 java/org/apache/catalina/realm/CombinedRealm.java | 21 -
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/java/org/apache/catalina/realm/CombinedRealm.java 
b/java/org/apache/catalina/realm/CombinedRealm.java
index 6bbc238..b3b79de 100644
--- a/java/org/apache/catalina/realm/CombinedRealm.java
+++ b/java/org/apache/catalina/realm/CombinedRealm.java
@@ -347,22 +347,18 @@ public class CombinedRealm extends RealmBase {
 public Principal authenticate(GSSContext gssContext, boolean storeCred) {
 if (gssContext.isEstablished()) {
 Principal authenticatedUser = null;
-String username = null;
-
-GSSName name = null;
+GSSName gssName = null;
 try {
-name = gssContext.getSrcName();
+gssName = gssContext.getSrcName();
 } catch (GSSException e) {
 log.warn(sm.getString("realmBase.gssNameFail"), e);
 return null;
 }
 
-username = name.toString();
-
 for (Realm realm : realms) {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authStart",
-username, realm.getClass().getName()));
+gssName, realm.getClass().getName()));
 }
 
 authenticatedUser = realm.authenticate(gssContext, storeCred);
@@ -370,12 +366,12 @@ public class CombinedRealm extends RealmBase {
 if (authenticatedUser == null) {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authFail",
-username, realm.getClass().getName()));
+gssName, realm.getClass().getName()));
 }
 } else {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authSuccess",
-username, realm.getClass().getName()));
+gssName, realm.getClass().getName()));
 }
 break;
 }
@@ -393,12 +389,11 @@ public class CombinedRealm extends RealmBase {
 @Override
 public Principal authenticate(GSSName gssName, GSSCredential 
gssCredential) {
 Principal authenticatedUser = null;
-String username = gssName.toString();
 
 for (Realm realm : realms) {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authStart",
-username, realm.getClass().getName()));
+gssName, realm.getClass().getName()));
 }
 
 authenticatedUser = realm.authenticate(gssName, gssCredential);
@@ -406,12 +401,12 @@ public class CombinedRealm extends RealmBase {
 if (authenticatedUser == null) {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authFail",
-username, realm.getClass().getName()));
+gssName, realm.getClass().getName()));
 }
 } else {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authSuccess",
-username, realm.getClass().getName()));
+gssName, realm.getClass().getName()));
 }
 break;
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Clean-up. Remove unnecessary toString(). Better local variable name.

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 2661918  Clean-up. Remove unnecessary toString(). Better local 
variable name.
2661918 is described below

commit 26619183c9318064c0ca4568281a422a211eccea
Author: Mark Thomas 
AuthorDate: Mon Dec 2 20:55:14 2019 +

Clean-up. Remove unnecessary toString(). Better local variable name.
---
 java/org/apache/catalina/realm/CombinedRealm.java | 21 -
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/java/org/apache/catalina/realm/CombinedRealm.java 
b/java/org/apache/catalina/realm/CombinedRealm.java
index cd64d99..893c245 100644
--- a/java/org/apache/catalina/realm/CombinedRealm.java
+++ b/java/org/apache/catalina/realm/CombinedRealm.java
@@ -355,22 +355,18 @@ public class CombinedRealm extends RealmBase {
 public Principal authenticate(GSSContext gssContext, boolean storeCred) {
 if (gssContext.isEstablished()) {
 Principal authenticatedUser = null;
-String username = null;
-
-GSSName name = null;
+GSSName gssName = null;
 try {
-name = gssContext.getSrcName();
+gssName = gssContext.getSrcName();
 } catch (GSSException e) {
 log.warn(sm.getString("realmBase.gssNameFail"), e);
 return null;
 }
 
-username = name.toString();
-
 for (Realm realm : realms) {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authStart",
-username, realm.getClass().getName()));
+gssName, realm.getClass().getName()));
 }
 
 authenticatedUser = realm.authenticate(gssContext, storeCred);
@@ -378,12 +374,12 @@ public class CombinedRealm extends RealmBase {
 if (authenticatedUser == null) {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authFail",
-username, realm.getClass().getName()));
+gssName, realm.getClass().getName()));
 }
 } else {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authSuccess",
-username, realm.getClass().getName()));
+gssName, realm.getClass().getName()));
 }
 break;
 }
@@ -401,12 +397,11 @@ public class CombinedRealm extends RealmBase {
 @Override
 public Principal authenticate(GSSName gssName, GSSCredential 
gssCredential) {
 Principal authenticatedUser = null;
-String username = gssName.toString();
 
 for (Realm realm : realms) {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authStart",
-username, realm.getClass().getName()));
+gssName, realm.getClass().getName()));
 }
 
 if (!(realm instanceof GSSRealm)) {
@@ -423,12 +418,12 @@ public class CombinedRealm extends RealmBase {
 if (authenticatedUser == null) {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authFail",
-username, realm.getClass().getName()));
+gssName, realm.getClass().getName()));
 }
 } else {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authSuccess",
-username, realm.getClass().getName()));
+gssName, realm.getClass().getName()));
 }
 break;
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 7.0.x updated: Clean-up. Remove unnecessary toString(). Better local variable name.

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
 new f6e4b17  Clean-up. Remove unnecessary toString(). Better local 
variable name.
f6e4b17 is described below

commit f6e4b17b0a1cbffca3829e537be0e41b84531844
Author: Mark Thomas 
AuthorDate: Mon Dec 2 20:55:14 2019 +

Clean-up. Remove unnecessary toString(). Better local variable name.
---
 java/org/apache/catalina/realm/CombinedRealm.java | 23 +--
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/java/org/apache/catalina/realm/CombinedRealm.java 
b/java/org/apache/catalina/realm/CombinedRealm.java
index 6390dde..026af6d 100644
--- a/java/org/apache/catalina/realm/CombinedRealm.java
+++ b/java/org/apache/catalina/realm/CombinedRealm.java
@@ -336,22 +336,18 @@ public class CombinedRealm extends RealmBase {
 public Principal authenticate(GSSContext gssContext, boolean storeCred) {
 if (gssContext.isEstablished()) {
 Principal authenticatedUser = null;
-String username = null;
-
-GSSName name = null;
+GSSName gssName = null;
 try {
-name = gssContext.getSrcName();
+gssName = gssContext.getSrcName();
 } catch (GSSException e) {
 log.warn(sm.getString("realmBase.gssNameFail"), e);
 return null;
 }
 
-username = name.toString();
-
 for (Realm realm : realms) {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authStart",
-username, realm.getInfo()));
+gssName, realm.getInfo()));
 }
 
 authenticatedUser = realm.authenticate(gssContext, storeCred);
@@ -359,12 +355,12 @@ public class CombinedRealm extends RealmBase {
 if (authenticatedUser == null) {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authFail",
-username, realm.getInfo()));
+gssName, realm.getInfo()));
 }
 } else {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authSuccess",
-username, realm.getInfo()));
+gssName, realm.getInfo()));
 }
 break;
 }
@@ -382,18 +378,17 @@ public class CombinedRealm extends RealmBase {
 @Override
 public Principal authenticate(GSSName gssName, GSSCredential 
gssCredential) {
 Principal authenticatedUser = null;
-String username = gssName.toString();
 
 for (Realm realm : realms) {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authStart",
-username, realm.getClass().getName()));
+gssName, realm.getClass().getName()));
 }
 
 if (!(realm instanceof GSSRealm)) {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authFail",
-username, realm.getClass().getName()));
+gssName, realm.getClass().getName()));
 }
 
 continue;
@@ -404,12 +399,12 @@ public class CombinedRealm extends RealmBase {
 if (authenticatedUser == null) {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authFail",
-username, realm.getClass().getName()));
+gssName, realm.getClass().getName()));
 }
 } else {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authSuccess",
-username, realm.getClass().getName()));
+gssName, realm.getClass().getName()));
 }
 break;
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch master updated: Harmonize again writes, thanks to Mark for the review.

2019-12-02 Thread Mark Thomas 
On 02/12/2019 19:25, r...@apache.org wrote:
> This is an automated email from the ASF dual-hosted git repository.
> 
> remm pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
> 
> 
> The following commit(s) were added to refs/heads/master by this push:
>  new c92fab2  Harmonize again writes, thanks to Mark for the review.


> c92fab2 is described below
> 
> commit c92fab26992ec12dc6815e1f7869e41e98076204
> Author: remm 
> AuthorDate: Mon Dec 2 20:25:21 2019 +0100
> 
> Harmonize again writes, thanks to Mark for the review.

Thanks for taking care of this. They look the same to me now.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot failure in on tomcat-85-trunk

2019-12-02 Thread buildbot 
The Buildbot has detected a new failure on builder tomcat-85-trunk while 
building tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-85-trunk/builds/2074

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-85-commit' 
triggered this build
Build Source Stamp: [branch 8.5.x] 26619183c9318064c0ca4568281a422a211eccea
Blamelist: Mark Thomas 

BUILD FAILED: failed compile

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63981

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 7b68fb5  Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63981
7b68fb5 is described below

commit 7b68fb58c41efe5955620cfc05621bc52ef268c2
Author: Mark Thomas 
AuthorDate: Mon Dec 2 21:51:23 2019 +

Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63981

Allow multiple calls to disableRegistry() without logging warnings.
Based on a patch by Andy Wilkinson.
---
 java/org/apache/tomcat/util/modeler/Registry.java | 2 +-
 webapps/docs/changelog.xml| 6 ++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/tomcat/util/modeler/Registry.java 
b/java/org/apache/tomcat/util/modeler/Registry.java
index 89abd43..b38af7a 100644
--- a/java/org/apache/tomcat/util/modeler/Registry.java
+++ b/java/org/apache/tomcat/util/modeler/Registry.java
@@ -151,7 +151,7 @@ public class Registry implements RegistryMBean, 
MBeanRegistration {
 public static synchronized void disableRegistry() {
 if (registry == null) {
 registry = new NoDescriptorRegistry();
-} else {
+} else if (!(registry instanceof NoDescriptorRegistry)) {
 log.warn(sm.getString("registry.noDisable"));
 }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c7eb551..7919779 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -75,6 +75,12 @@
 an origin without a deafult port and origins are now compared in a
 case-sensitive manner as required by the CORS specification. (markt)
   
+  
+63981: Allow multiple calls to
+Registry.disableRegistry() without the second and
+subsequent calls triggering the logging of a warning. Based on a patch
+by Andy Wilkinson. (markt)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 63981] False-positive warning logged when Registry.disableRegistry is called and the registry has already been disabled

2019-12-02 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=63981

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #1 from Mark Thomas  ---
Thanks for the report and the suggested fix. Works for me.

Fixed in:
- master for 9.0.30 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Fix back-port

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 3f691a4  Fix back-port
3f691a4 is described below

commit 3f691a4615ea3fbc9d9b363f0b36a011d3701b45
Author: Mark Thomas 
AuthorDate: Mon Dec 2 21:58:39 2019 +

Fix back-port
---
 java/org/apache/catalina/realm/CombinedRealm.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/realm/CombinedRealm.java 
b/java/org/apache/catalina/realm/CombinedRealm.java
index 893c245..dbc66b3 100644
--- a/java/org/apache/catalina/realm/CombinedRealm.java
+++ b/java/org/apache/catalina/realm/CombinedRealm.java
@@ -407,7 +407,7 @@ public class CombinedRealm extends RealmBase {
 if (!(realm instanceof GSSRealm)) {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authFail",
-username, realm.getClass().getName()));
+gssName, realm.getClass().getName()));
 }
 
 continue;


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Silence the IDE deprecation warnings

2019-12-02 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new ee48b17  Silence the IDE deprecation warnings
ee48b17 is described below

commit ee48b1799df777e71cfa823f6d30a50063b9a9ce
Author: Mark Thomas 
AuthorDate: Mon Dec 2 22:03:28 2019 +

Silence the IDE deprecation warnings
---
 java/org/apache/catalina/realm/CombinedRealm.java | 6 +++---
 java/org/apache/catalina/realm/RealmBase.java | 5 ++---
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/java/org/apache/catalina/realm/CombinedRealm.java 
b/java/org/apache/catalina/realm/CombinedRealm.java
index dbc66b3..27f68cc 100644
--- a/java/org/apache/catalina/realm/CombinedRealm.java
+++ b/java/org/apache/catalina/realm/CombinedRealm.java
@@ -26,7 +26,6 @@ import java.util.List;
 import javax.management.ObjectName;
 
 import org.apache.catalina.Container;
-import org.apache.catalina.GSSRealm;
 import org.apache.catalina.Lifecycle;
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.Realm;
@@ -394,6 +393,7 @@ public class CombinedRealm extends RealmBase {
 /**
  * {@inheritDoc}
  */
+@SuppressWarnings("deprecation")
 @Override
 public Principal authenticate(GSSName gssName, GSSCredential 
gssCredential) {
 Principal authenticatedUser = null;
@@ -404,7 +404,7 @@ public class CombinedRealm extends RealmBase {
 gssName, realm.getClass().getName()));
 }
 
-if (!(realm instanceof GSSRealm)) {
+if (!(realm instanceof org.apache.catalina.GSSRealm)) {
 if (log.isDebugEnabled()) {
 log.debug(sm.getString("combinedRealm.authFail",
 gssName, realm.getClass().getName()));
@@ -413,7 +413,7 @@ public class CombinedRealm extends RealmBase {
 continue;
 }
 
-authenticatedUser = ((GSSRealm) realm).authenticate(gssName, 
gssCredential);
+authenticatedUser = ((org.apache.catalina.GSSRealm) 
realm).authenticate(gssName, gssCredential);
 
 if (authenticatedUser == null) {
 if (log.isDebugEnabled()) {
diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index 807c28b..5fd7f18 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -16,7 +16,6 @@
  */
 package org.apache.catalina.realm;
 
-
 import java.beans.PropertyChangeListener;
 import java.beans.PropertyChangeSupport;
 import java.io.IOException;
@@ -38,7 +37,6 @@ import org.apache.catalina.Container;
 import org.apache.catalina.Context;
 import org.apache.catalina.CredentialHandler;
 import org.apache.catalina.Engine;
-import org.apache.catalina.GSSRealm;
 import org.apache.catalina.Host;
 import org.apache.catalina.LifecycleException;
 import org.apache.catalina.LifecycleState;
@@ -71,7 +69,8 @@ import org.ietf.jgss.GSSName;
  *
  * @author Craig R. McClanahan
  */
-public abstract class RealmBase extends LifecycleMBeanBase implements GSSRealm 
{
+@SuppressWarnings("deprecation")
+public abstract class RealmBase extends LifecycleMBeanBase implements 
org.apache.catalina.GSSRealm {
 
 private static final Log log = LogFactory.getLog(RealmBase.class);
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot success in on tomcat-85-trunk

2019-12-02 Thread buildbot 
The Buildbot has detected a restored build on builder tomcat-85-trunk while 
building tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-85-trunk/builds/2075

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-85-commit' 
triggered this build
Build Source Stamp: [branch 8.5.x] 3f691a4615ea3fbc9d9b363f0b36a011d3701b45
Blamelist: Mark Thomas 

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 63982] CombinedRealm makes assumptions about principal implementation

2019-12-02 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=63982

--- Comment #2 from Mark Thomas  ---
I think getRoles() can be deprecated. It isn't used anywhere now. It was added
to support the failed GSoC JASPIC work.

The proposed solution for hasRole() looks reasonable to me.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 63983] New: Jasper builds-up open files until garbage collection, hitting Linux default limit of 4096.

2019-12-02 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=63983

Bug ID: 63983
   Summary: Jasper builds-up open files until garbage collection,
hitting Linux default limit of 4096.
   Product: Tomcat 9
   Version: 9.0.29
  Hardware: PC
OS: Linux
Status: NEW
  Severity: critical
  Priority: P2
 Component: Jasper
  Assignee: dev@tomcat.apache.org
  Reporter: supp...@aoindustries.com
  Target Milestone: -

Starting with Tomcat 9.0.29 (but not 9.0.27, and fixed by reverting), the Java
process builds-up open files until hitting the Linux default limit of 4096.

lsof shows that the files are all those that would be checked when determining
if a JSP file needs to be recompiled (the JSP file, its includes, and all
related *.tld files).

With "development=true" (the default), the files build-up in proportion to the
request load.  With "development=false", the files build-up more consistently
(around 100 files every 10 seconds in our case).

When a garbage collection occurs, the open file count drops back to around 100.

With our heap-space of 1024 MB, combined with some include-heavy JSP pages, we
run out of file handles before garbage collection, and requests fail with
errors.

We increased the limits in /etc/security/limits.conf as a workaround, but the
fix was to downgrade to Tomcat 9.0.27.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] Gallrax opened a new pull request #228: Correct header too large status to 414

2019-12-02 Thread GitBox 
Gallrax opened a new pull request #228: Correct header too large status to 414
URL: https://github.com/apache/tomcat/pull/228
 
 
   When I exceeded the maximum length with the GET request, tomcat returned 
400, but it should have returned 414


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org