[GitHub] tomcat pull request: Add JASPIC API (JSR 196) to build process
Github user markt-asf closed the pull request at: https://github.com/apache/tomcat/pull/21 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1684633 - in /tomcat/trunk: build.xml res/META-INF/jaspic-api.jar.manifest
Author: markt Date: Wed Jun 10 10:21:52 2015 New Revision: 1684633 URL: http://svn.apache.org/r1684633 Log: Add JASPIC API JAR to the build Based on a patch by fjodorver This closes #21 Added: tomcat/trunk/res/META-INF/jaspic-api.jar.manifest (with props) Modified: tomcat/trunk/build.xml Modified: tomcat/trunk/build.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/build.xml?rev=1684633r1=1684632r2=1684633view=diff == --- tomcat/trunk/build.xml (original) +++ tomcat/trunk/build.xml Wed Jun 10 10:21:52 2015 @@ -48,6 +48,8 @@ property name=jsp.revision value=FR / property name=el.revision value=FR / property name=websocket.revision value=FR / + !-- MR B but this was first 1.1 release so use FR -- + property name=jaspic.revision value=FR / !-- Release artifact base names -- property name=final.namevalue=${project}-${version} / @@ -91,6 +93,7 @@ property name=jsp-api.jar value=${tomcat.build}/lib/jsp-api.jar/ property name=el-api.jar value=${tomcat.build}/lib/el-api.jar/ property name=websocket-api.jar value=${tomcat.build}/lib/websocket-api.jar/ + property name=jaspic-api.jar value=${tomcat.build}/lib/jaspic-api.jar/ property name=tomcat-websocket.jar value=${tomcat.build}/lib/tomcat-websocket.jar/ property name=catalina.jar value=${tomcat.build}/lib/catalina.jar/ property name=catalina-tribes.jar value=${tomcat.build}/lib/catalina-tribes.jar/ @@ -116,6 +119,7 @@ property name=jsp-api-src.jar value=${tomcat.src.jars}/jsp-api-src.jar/ property name=el-api-src.jar value=${tomcat.src.jars}/el-api-src.jar/ property name=websocket-api-src.jar value=${tomcat.src.jars}/websocket-api-src.jar/ + property name=jaspic-api-src.jar value=${tomcat.src.jars}/jaspic-api-src.jar/ property name=tomcat-websocket-src.jar value=${tomcat.src.jars}/tomcat-websocket-src.jar/ property name=catalina-src.jar value=${tomcat.src.jars}/catalina-src.jar/ property name=catalina-tribes-src.jar value=${tomcat.src.jars}/catalina-tribes-src.jar/ @@ -318,6 +322,10 @@ include name=javax/websocket/** / /patternset + patternset id=files.jaspic-api +include name=javax/security/auth/message/** / + /patternset + patternset id=files.tomcat-websocket include name=org/apache/tomcat/websocket/** / /patternset @@ -434,6 +442,7 @@ patternset refid=files.bootstrap / patternset refid=files.catalina / patternset refid=files.servlet-api / +patternset refid=files.jaspic-api / patternset refid=files.tomcat-api / !-- These pattern sets conflict so include files directly patternset refid=files.tomcat-coyote / @@ -675,6 +684,7 @@ filter token=jsp.revision value=${jsp.revision}/ filter token=el.revision value=${el.revision}/ filter token=websocket.revision value=${websocket.revision}/ +filter token=jaspic.revision value=${jaspic.revision}/ mkdir dir=${tomcat.manifests} / copy todir=${tomcat.manifests} overwrite=yes filtering=yes @@ -718,6 +728,12 @@ filesId=files.websocket-api manifest=${tomcat.manifests}/websocket-api.jar.manifest / +!-- JASPIC 1.1 Implementation JAR File -- +jarIt jarfile=${jaspic-api.jar} + filesDir=${tomcat.classes} + filesId=files.jaspic-api + manifest=${tomcat.manifests}/jaspic-api.jar.manifest / + !-- WebSocket 1.1 implementation JAR File -- jarIt jarfile=${tomcat-websocket.jar} filesDir=${tomcat.classes} @@ -1993,6 +2009,7 @@ Apache Tomcat ${version} native binaries include name=jsp-api.jar/ include name=jasper.jar/ include name=jasper-el.jar/ +include name=jaspic-api.jar/ include name=servlet-api.jar/ include name=websocket-api.jar/ include name=tomcat-websocket.jar/ @@ -2618,6 +2635,14 @@ skip.installer property in build.propert filesDir=java filesId=files.tomcat-websocket / +!-- JASPIC 1.1 Implementation JAR File -- +jarIt jarfile=${jaspic-api-src.jar} + filesDir=java + filesId=files.jaspic-api + manifest=${tomcat.manifests}/jaspic-api.jar.manifest + notice=${tomcat.manifests}/jaspic-api.jar.notice + license=${tomcat.manifests}/jaspic-api.jar.license / + !-- Bootstrap JAR File -- jarIt jarfile=${bootstrap-src.jar} filesDir=java Added: tomcat/trunk/res/META-INF/jaspic-api.jar.manifest URL: http://svn.apache.org/viewvc/tomcat/trunk/res/META-INF/jaspic-api.jar.manifest?rev=1684633view=auto == --- tomcat/trunk/res/META-INF/jaspic-api.jar.manifest (added) +++ tomcat/trunk/res/META-INF/jaspic-api.jar.manifest Wed Jun 10 10:21:52 2015 @@ -0,0 +1,11 @@ +Manifest-version: 1.0 +X-Compile-Source-JDK: @source.jdk@ +X-Compile-Target-JDK: @target.jdk@ + +Name: javax/security/auth/message +Specification-Title: Java Authentication SPI for
svn commit: r1684586 - /tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java
Author: kfujino Date: Wed Jun 10 07:52:30 2015 New Revision: 1684586 URL: http://svn.apache.org/r1684586 Log: Skip a sending data to the proxy nodes if failed to a sending data to the backup nodes. Modified: tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java Modified: tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java?rev=1684586r1=1684585r2=1684586view=diff == --- tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java (original) +++ tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java Wed Jun 10 07:52:30 2015 @@ -175,6 +175,7 @@ public class LazyReplicatedMapK,V exte backup = tmpBackup; }catch ( ChannelException x ) { log.error(sm.getString(lazyReplicatedMap.unableReplicate.backup, key, next, x.getMessage()), x); +continue; } try { //publish the data out to all nodes - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] tomcat pull request: Add JASPIC API (JSR 196) to build process
Github user fjodorver commented on the pull request: https://github.com/apache/tomcat/pull/21#issuecomment-110630412 2,4,5) I use ant validate for checkstyle validation. Is it enough? 3) It looks like we need to rewrite AuthConfigFactory anyway (for example, possible memory leaks, huge method and so on). I personally prefer to introduce small methods, which makes code reading much easier, because they work as self-commented code. Also, it simplifies code testing. As a bonus, in simple methods have shorter lines. For example, in current implementation need to introduce an ugly final variable, instead of just getting the correct value and make the first variable final. Second thing is guard clauses - usually I prefer to make such checks in the beginning of the method. It's quite good to get rid of necessary indentation and makes code lines shorter. 6. I've refined method order and some signatures (there are runtime exceptions declared, which is not necessary). However, constants in AuthConfigFactory are used for internal purposes, so I'd proposed security management as separate patch. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1684587 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/loader/WebappClassLoaderBase.java webapps/docs/changelog.xml
Author: markt Date: Wed Jun 10 07:54:37 2015 New Revision: 1684587 URL: http://svn.apache.org/r1684587 Log: Add javax.websocket.* to the classes for which the web application class loader will always delegate first (so the classes provided by Tomcat cannot be overridden). Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed Jun 10 07:54:37 2015 @@ -1 +1 @@ -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892 ,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657 907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,137,149,1 666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526,1684549
svn commit: r1684593 - in /tomcat/tc7.0.x/trunk: java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java webapps/docs/changelog.xml
Author: kfujino Date: Wed Jun 10 08:06:09 2015 New Revision: 1684593 URL: http://svn.apache.org/r1684593 Log: Do not set the nodes that failed to replication to the backup nodes. Ensure that the nodes that the data has been successfully replicated are set to the backup node. Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java?rev=1684593r1=1684592r2=1684593view=diff == --- tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java (original) +++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java Wed Jun 10 08:06:09 2015 @@ -162,19 +162,21 @@ public class LazyReplicatedMapK,V exte } MapMessage msg = null; try { -backup = wrap(next); +Member[] tmpBackup = wrap(next); //publish the backup data to one node msg = new MapMessage(getMapContextName(), MapMessage.MSG_BACKUP, false, - (Serializable) key, (Serializable) value, null, channel.getLocalMember(false), backup); + (Serializable) key, (Serializable) value, null, channel.getLocalMember(false), tmpBackup); if ( log.isTraceEnabled() ) log.trace(Publishing backup data:+msg+ to: +next.getName()); -UniqueId id = getChannel().send(backup, msg, getChannelSendOptions()); +UniqueId id = getChannel().send(tmpBackup, msg, getChannelSendOptions()); if ( log.isTraceEnabled() ) log.trace(Data published:+msg+ msg Id:+id); //we published out to a backup, mark the test success success = true; +backup = tmpBackup; }catch ( ChannelException x ) { log.error(Unable to replicate backup key:+key+ to backup:+next+. Reason:+x.getMessage(),x); +continue; } try { //publish the data out to all nodes Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1684593r1=1684592r2=1684593view=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Wed Jun 10 08:06:09 2015 @@ -160,6 +160,11 @@ states have been transferred correctly from existing map members. (kfujino) /fix + fix +Do not set the nodes that failed to replication to the backup nodes. +Ensure that the nodes that the data has been successfully replicated are +set to the backup node. (kfujino) + /fix /changelog /subsection subsection name=Other - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1684663 - in /tomcat/trunk/java/org/apache: catalina/security/ tomcat/util/buf/ tomcat/util/net/
2015-06-10 14:45 GMT+02:00 r...@apache.org: Author: remm Date: Wed Jun 10 12:45:26 2015 New Revision: 1684663 URL: http://svn.apache.org/r1684663 Log: Direct buffers need explicit cleanup to ensure complete reliability without OOMs. Rationale: - The NIO JVM code does it, so it's probably good. - Testing the OpenSSL code, when not using direct buffers, it uses throw away direct buffers (a bit like NIO actually) which then cause OOMs in throughput tests. In non critical paths, I suppose the buffers go away eventually, so it's probably not needed everywhere. Rémy
Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in Tomcat 7.0.x
Hi, guys! This week goal is to replace current valve based authentication with JASPIC based mechanism. It is what I am currently working on. From my research Geronimo's implementation is also based on tomcat's valves, and it's pretty straightforward how to integrate SecurityValve into Tomcat's codebase. However, I am not sure, is that correct way? Do you have better ideas? And what about code backward compatibility for Geronimo, should code ported back, or new Geronimo release can use our implementation? We are implementing JASPIC 1.1, and there will be quite a lot changes anyway. Also, Geronimo uses OSGi framework in their code, which must be dropped off, because Tomcat is not OSGi based. What about JASPIC configuration, I am curious, where we want to hold configuration files. Different vendors use special xml files, for example geronimo-web.xml, for configuring realms and other security stuff. Do we need something like tomcat-web.xml? And what about JACC support? Geronimo uses JACC for authorization config, what about Tomcat? Thanks, Fjodor 2015-05-04 16:49 GMT+03:00 Arjan Tijms arjan.ti...@gmail.com: Hi, Great news! Do you have any definite start date for the actual coding already? A short while ago I did a very small and simple implementation of the Servlet BASIC auth mechanism using JASPIC, which is one of the 4 mechanisms required by Servlet. See: https://github.com/omnifaces/omnisecurity/blob/master/src/main/java/org/omnifaces/security/jaspic/authmodules/BasicAuthModule.java Calling out to the identity store is however not standardised yet (the example code simply uses CDI) and has to be done in a Tomcat specific way. Kind regards, Arjan Tijms On Monday, May 4, 2015, Fjodor Vershinin [via Tomcat] ml-node+s10n503407...@n6.nabble.com wrote: Good news, everyone! I am happy to announce that our project has been accepted to participate in GSoC. Now it's community binding period, so I need to introduce myself to other developers. Some brief information about me: My name is Fjodor Vershinin, I am 2'th grade computer science student from Estonia. One of my hobbies is writing OSS software, mainly in Java and Python. I hope to finish JASPIC implementation during this summer and make Tomcat better ;) Fjodor. 2015-03-04 11:09 GMT+02:00 Fjodor Vershinin [hidden email] http:///user/SendEmail.jtp?type=nodenode=5034072i=0: Hello! It looks like ASF has been selected for GSOC 2015 and I am interested in pushing this project forward. So, in meantime I'll start writing proposal and hope this project will be selected to participate in Gsoc program. Best regards, Fjodor. 2015-02-10 22:44 GMT+02:00 Arjan Tijms [hidden email] http:///user/SendEmail.jtp?type=nodenode=5034072i=1: Hi, On Tue, Feb 10, 2015 at 8:34 PM, Mark Thomas-2 [via Tomcat] [hidden email] http:// /user/SendEmail.jtp?type=nodenode=5034072i=2 wrote: If you do look at JBoss keep in mind it is GPL licensed and we need to be very careful that we don't end up with GPL'd code in Tomcat. That's absolutely true. The code there shouldn't not be copied in any way. It's only useful as an example of how a Tomcat Valve can integrate with something like JASPIC. As for the JASPIC code there, it wouldn't make sense to copy it anyway, since A) it's JBoss specific (builds up JBoss principal, calls JBoss security service, etc) and B) there are various issues with it (it looks like JBoss pretty much rewrote everything from scratch for Undertow, which is completely different). Personally, I'd look more much more closely at Geronimo. You're right, and since that one is Apache licensed one can even copy from it if needed. Keep in mind that part of the goal is to replace the existing authenticators with JASPIC modules. (As suggested on the Servlet EG list.) It's good to have that as part of the goal indeed. Such auth modules could even be implemented by a separate (group) of students if needed, as they would not necessarily depend on the JASPIC implementation for Tomcat. As long as that one is not finished they could test it on any existing JASPIC implementation (e.g. the RI, GlassFish). I think we all know that feeling - hence why I suggested it for GSoC. Yeah, I get that, thanks! It's still something that I'd really love to do, but with the work for the startup zeef.com, open source projects OmniFaces and OmniSecurity, the work for the JSF EG and perhaps soon for the security EG, there is not always much time left. I had this on my sketchy todo list for ~end of this month, but I'll see what happens with the GSoC project now ;) Kind regards, Arjan Mark - To unsubscribe, e-mail: [hidden email] For additional commands, e-mail: [hidden email]
Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in Tomcat 7.0.x
Hi, On Wed, Jun 10, 2015 at 2:31 PM, Fjodor Vershinin [via Tomcat] ml-node+s10n5035882...@n6.nabble.com wrote: Hi, guys! This week goal is to replace current valve based authentication with JASPIC based mechanism. It is what I am currently working on. Nice ;) From my research Geronimo's implementation is also based on tomcat's valves, and it's pretty straightforward how to integrate SecurityValve into Tomcat's codebase. However, I am not sure, is that correct way? I'm pretty sure this should be the way forward, or at the very least the place where to start. Do you have better ideas? And what about code backward compatibility for Geronimo, should code ported back, or new Geronimo release can use our implementation? I can't speak for the Apache organization of course, but as an external observer I wouldn't hold my breath for a new Geronimo release. See David Blevins comments here: http://arjan-tijms.omnifaces.org/2014/05/implementation-components-used-by.html We are implementing JASPIC 1.1, and there will be quite a lot changes anyway. JASPIC 1.1 itself was not a huge change over JASPIC 1.0, but it did put some extra requirements in place like the ability to forward and include resources using the HttpServletRequest and HttpServletResponse that's made available to a SAM. If a Tomcat valve can already do forwards/includes correctly, then this is trivial to support (no extra code needed). However, IFF Tomcat would not support those, then some extra coding inside Tomcat's internals *may* be needed (but Mark would know more about how to forward then). Also, Geronimo uses OSGi framework in their code, which must be dropped off, because Tomcat is not OSGi based. What about JASPIC configuration, I am curious, where we want to hold configuration files. Different vendors use special xml files, for example geronimo-web.xml, for configuring realms and other security stuff. Do we need something like tomcat-web.xml? Not necessarily. JASPIC is first and foremost configured using a programmatic API from within the application. See http://arjan-tijms.omnifaces.org/2012/11/implementing-container-authentication.html When an application performs this programmatic configuration (typically from a @WebListener/ServletContextListener), it overrides whatever auth-method is configured in web.xml, e.g. FORM, BASIC, etc. It's more or less a best practice not to put any auth-method in web.xml if the application configures JASPIC. When a JASPIC authentication module is configured programmatically via the standard JASPIC API, there is not really a mechanism available to delegate user/role retrieval to an identity store (Tomcat calls this realm). The JASPIC module is in full control then and ought to handle this itself using whatever internal mechanism it sees fit. Optionally (but highly recommended!) a JASPIC authentication module can be registered at the container level using a vendor specific mechanism. If I'm not mistaken Mark made some remarks about this earlier. Tomcat already has some dedicated configuration files for this. My take is that for step 1 it's best to focus on the programmatic installation of an authentication module (and wrapper artifacts) first, and make sure the most simple authentication case works (which means just passing the username/roles to the container and doing nothing else). Then look at the container side registration later. And what about JACC support? Geronimo uses JACC for authorization config, what about Tomcat? JACC is an entirely different specification. It standardizes some of the authorization decisions a container makes. It works in tandem with JASPIC, but is not required by it. I don't think it's needed to look at JACC for this project. Kind regards, Arjan Tijms Thanks, Fjodor 2015-05-04 16:49 GMT+03:00 Arjan Tijms [hidden email] http:///user/SendEmail.jtp?type=nodenode=5035882i=0: Hi, Great news! Do you have any definite start date for the actual coding already? A short while ago I did a very small and simple implementation of the Servlet BASIC auth mechanism using JASPIC, which is one of the 4 mechanisms required by Servlet. See: https://github.com/omnifaces/omnisecurity/blob/master/src/main/java/org/omnifaces/security/jaspic/authmodules/BasicAuthModule.java Calling out to the identity store is however not standardised yet (the example code simply uses CDI) and has to be done in a Tomcat specific way. Kind regards, Arjan Tijms On Monday, May 4, 2015, Fjodor Vershinin [via Tomcat] [hidden email] http:///user/SendEmail.jtp?type=nodenode=5035882i=1 wrote: Good news, everyone! I am happy to announce that our project has been accepted to participate in GSoC. Now it's community binding period, so I need to introduce myself to other developers. Some brief information about me: My name is Fjodor Vershinin, I am 2'th grade computer science student from
Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in Tomcat 7.0.x
On 10/06/2015 13:34, Fjodor Vershinin wrote: Hi, guys! guys can be taken as referring to men only. Something like the gender neutral all would be more inclusive. This week goal is to replace current valve based authentication with JASPIC based mechanism. It is what I am currently working on. Could you expand on what exactly you are aiming for this week? The sentence above sounds more like the aim for the entire project. From my research Geronimo's implementation is also based on tomcat's valves, and it's pretty straightforward how to integrate SecurityValve into Tomcat's codebase. However, I am not sure, is that correct way? Do you have better ideas? It is hard to be definite without knowing what the integration points are. Can you expand on this? A Valve is certainly a likely candidate since the current Authenticator implementations are all Valves. It really depends on whether access is required to Tomcat's internals. If you need access to the internals, a Valve is probably the way to go. If the Servlet API is sufficient then a Filter may be an option. Depending on exactly what the integration points are there may be other options. And what about code backward compatibility for Geronimo, should code ported back, or new Geronimo release can use our implementation? Re-use by downstream consumers of Tomcat like TomEE and Geronimo is certainly a goal. The TomEE folks tend to provide feedback when we do something that makes their life difficult so I'd expect them to speak up if they spot a problem. Anything that works for TomEE should work for Geronimo. I wouldn't worry about backwards compatibility for Geronimo. That would probably be difficult to achieve. Keep in mind that Geronimo may wish to re-use the code (or just some of the patches) but if you need to change something you should feel free to do so. We are implementing JASPIC 1.1, and there will be quite a lot changes anyway. Also, Geronimo uses OSGi framework in their code, which must be dropped off, because Tomcat is not OSGi based. Without knowing how much OSGi code there is in the Geronimo implementation, if there is scope for appropriate use of factories, service loaders etc. to make it relatively easy to insert the necessary OSGi changes for those downstream users that will want to then we should try to do so. What about JASPIC configuration, I am curious, where we want to hold configuration files. Different vendors use special xml files, for example geronimo-web.xml, for configuring realms and other security stuff. Do we need something like tomcat-web.xml? Is the configuration always going to be per web application (in which case context.xml is a likely candidate) or can it be per Host or per Engine (which suggests server.xml)? Are there any 'standard' configuration files defined by JASPIC? And what about JACC support? Geronimo uses JACC for authorization config, what about Tomcat? Tomcat currently uses Realms. It was not intended to implement JACC as part of the GSoC project. If the project goes well and the JASPIC work is completed early, taking a look at JACC would be a useful thing to do. Mark Thanks, Fjodor 2015-05-04 16:49 GMT+03:00 Arjan Tijms arjan.ti...@gmail.com: Hi, Great news! Do you have any definite start date for the actual coding already? A short while ago I did a very small and simple implementation of the Servlet BASIC auth mechanism using JASPIC, which is one of the 4 mechanisms required by Servlet. See: https://github.com/omnifaces/omnisecurity/blob/master/src/main/java/org/omnifaces/security/jaspic/authmodules/BasicAuthModule.java Calling out to the identity store is however not standardised yet (the example code simply uses CDI) and has to be done in a Tomcat specific way. Kind regards, Arjan Tijms On Monday, May 4, 2015, Fjodor Vershinin [via Tomcat] ml-node+s10n503407...@n6.nabble.com wrote: Good news, everyone! I am happy to announce that our project has been accepted to participate in GSoC. Now it's community binding period, so I need to introduce myself to other developers. Some brief information about me: My name is Fjodor Vershinin, I am 2'th grade computer science student from Estonia. One of my hobbies is writing OSS software, mainly in Java and Python. I hope to finish JASPIC implementation during this summer and make Tomcat better ;) Fjodor. 2015-03-04 11:09 GMT+02:00 Fjodor Vershinin [hidden email] http:///user/SendEmail.jtp?type=nodenode=5034072i=0: Hello! It looks like ASF has been selected for GSOC 2015 and I am interested in pushing this project forward. So, in meantime I'll start writing proposal and hope this project will be selected to participate in Gsoc program. Best regards, Fjodor. 2015-02-10 22:44 GMT+02:00 Arjan Tijms [hidden email] http:///user/SendEmail.jtp?type=nodenode=5034072i=1: Hi, On Tue, Feb 10, 2015 at 8:34 PM, Mark Thomas-2 [via Tomcat] [hidden email] http://
svn commit: r1684663 - in /tomcat/trunk/java/org/apache: catalina/security/ tomcat/util/buf/ tomcat/util/net/
Author: remm Date: Wed Jun 10 12:45:26 2015 New Revision: 1684663 URL: http://svn.apache.org/r1684663 Log: Direct buffers need explicit cleanup to ensure complete reliability without OOMs. Modified: tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java tomcat/trunk/java/org/apache/tomcat/util/buf/ByteBufferUtils.java tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Channel.java tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/NioChannel.java tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java tomcat/trunk/java/org/apache/tomcat/util/net/SocketBufferHandler.java Modified: tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1684663r1=1684662r2=1684663view=diff == --- tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java (original) +++ tomcat/trunk/java/org/apache/catalina/security/SecurityClassLoad.java Wed Jun 10 12:45:26 2015 @@ -263,6 +263,7 @@ public final class SecurityClassLoad { throws Exception { final String basePackage = org.apache.tomcat.; // buf +loader.loadClass(basePackage + util.buf.ByteBufferUtils); loader.loadClass(basePackage + util.buf.HexUtils); loader.loadClass(basePackage + util.buf.StringCache); loader.loadClass(basePackage + util.buf.StringCache$ByteEntry); Modified: tomcat/trunk/java/org/apache/tomcat/util/buf/ByteBufferUtils.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/buf/ByteBufferUtils.java?rev=1684663r1=1684662r2=1684663view=diff == --- tomcat/trunk/java/org/apache/tomcat/util/buf/ByteBufferUtils.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/buf/ByteBufferUtils.java Wed Jun 10 12:45:26 2015 @@ -16,10 +16,29 @@ */ package org.apache.tomcat.util.buf; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; import java.nio.ByteBuffer; public class ByteBufferUtils { +private static final Method cleanerMethod; +private static final Method cleanMethod; + +static { +try { +ByteBuffer tempBuffer = ByteBuffer.allocateDirect(0); +cleanerMethod = tempBuffer.getClass().getMethod(cleaner); +cleanerMethod.setAccessible(true); +Object cleanerObject = cleanerMethod.invoke(tempBuffer); +cleanMethod = cleanerObject.getClass().getMethod(clean); +cleanMethod.invoke(cleanerObject); +} catch (IllegalAccessException | IllegalArgumentException +| InvocationTargetException | NoSuchMethodException | SecurityException e) { +throw new ExceptionInInitializerError(e); +} +} + private ByteBufferUtils() { // Hide the default constructor since this is a utility class. } @@ -56,8 +75,10 @@ public class ByteBufferUtils { } ByteBuffer out; +boolean direct = false; if (in.isDirect()) { out = ByteBuffer.allocateDirect(newSize); +direct = true; } else { out = ByteBuffer.allocate(newSize); } @@ -66,6 +87,20 @@ public class ByteBufferUtils { in.flip(); out.put(in); +if (direct) { +cleanDirectBuffer(in); +} + return out; } + +public static void cleanDirectBuffer(ByteBuffer buf) { +try { +cleanMethod.invoke(cleanerMethod.invoke(buf)); +} catch (IllegalAccessException | IllegalArgumentException +| InvocationTargetException | SecurityException e) { +// Ignore +} +} + } Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1684663r1=1684662r2=1684663view=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Wed Jun 10 12:45:26 2015 @@ -51,6 +51,7 @@ import org.apache.tomcat.jni.Sockaddr; import org.apache.tomcat.jni.Socket; import org.apache.tomcat.jni.Status; import org.apache.tomcat.util.ExceptionUtils; +import org.apache.tomcat.util.buf.ByteBufferUtils; import org.apache.tomcat.util.net.AbstractEndpoint.Acceptor.AcceptorState; import
svn commit: r1684598 - /tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java
Author: kfujino Date: Wed Jun 10 08:13:00 2015 New Revision: 1684598 URL: http://svn.apache.org/r1684598 Log: Fix indent. - no functional change. Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java?rev=1684598r1=1684597r2=1684598view=diff == --- tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java (original) +++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java Wed Jun 10 08:13:00 2015 @@ -185,7 +185,7 @@ public class LazyReplicatedMapK,V exte msg = new MapMessage(getMapContextName(), MapMessage.MSG_PROXY, false, (Serializable) key, null, null, channel.getLocalMember(false),backup); if ( log.isTraceEnabled() ) -log.trace(Publishing proxy data:+msg+ to: +Arrays.toNameString(proxies)); +log.trace(Publishing proxy data:+msg+ to: +Arrays.toNameString(proxies)); getChannel().send(proxies, msg, getChannelSendOptions()); } }catch ( ChannelException x ) { - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1684599 - in /tomcat/trunk: java/org/apache/coyote/http2/ test/org/apache/coyote/http2/
Author: markt Date: Wed Jun 10 08:13:30 2015 New Revision: 1684599 URL: http://svn.apache.org/r1684599 Log: Rename to make clear these are exceptions not errors Added: tomcat/trunk/java/org/apache/coyote/http2/ConnectionException.java - copied, changed from r1684595, tomcat/trunk/java/org/apache/coyote/http2/ConnectionError.java tomcat/trunk/java/org/apache/coyote/http2/StreamException.java - copied, changed from r1684595, tomcat/trunk/java/org/apache/coyote/http2/StreamError.java Removed: tomcat/trunk/java/org/apache/coyote/http2/ConnectionError.java tomcat/trunk/java/org/apache/coyote/http2/StreamError.java Modified: tomcat/trunk/java/org/apache/coyote/http2/ConnectionSettings.java tomcat/trunk/java/org/apache/coyote/http2/FrameType.java tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java tomcat/trunk/java/org/apache/coyote/http2/StreamStateMachine.java tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java Copied: tomcat/trunk/java/org/apache/coyote/http2/ConnectionException.java (from r1684595, tomcat/trunk/java/org/apache/coyote/http2/ConnectionError.java) URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/ConnectionException.java?p2=tomcat/trunk/java/org/apache/coyote/http2/ConnectionException.javap1=tomcat/trunk/java/org/apache/coyote/http2/ConnectionError.javar1=1684595r2=1684599rev=1684599view=diff == --- tomcat/trunk/java/org/apache/coyote/http2/ConnectionError.java (original) +++ tomcat/trunk/java/org/apache/coyote/http2/ConnectionException.java Wed Jun 10 08:13:30 2015 @@ -16,11 +16,14 @@ */ package org.apache.coyote.http2; -public class ConnectionError extends Http2Exception { +/** + * Thrown when an HTTP/2 connection error occurs. + */ +public class ConnectionException extends Http2Exception { private static final long serialVersionUID = 1L; -public ConnectionError(String msg, Http2Error error) { +public ConnectionException(String msg, Http2Error error) { super(msg, error); } } Modified: tomcat/trunk/java/org/apache/coyote/http2/ConnectionSettings.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/ConnectionSettings.java?rev=1684599r1=1684598r2=1684599view=diff == --- tomcat/trunk/java/org/apache/coyote/http2/ConnectionSettings.java (original) +++ tomcat/trunk/java/org/apache/coyote/http2/ConnectionSettings.java Wed Jun 10 08:13:30 2015 @@ -42,7 +42,7 @@ public class ConnectionSettings { private volatile int maxFrameSize = DEFAULT_MAX_FRAME_SIZE; private volatile long maxHeaderListSize = UNLIMITED; -public void set(int parameterId, long value) throws ConnectionError { +public void set(int parameterId, long value) throws ConnectionException { if (log.isDebugEnabled()) { log.debug(sm.getString(connectionSettings.debug, Integer.toString(parameterId), Long.toString(value))); @@ -78,10 +78,10 @@ public class ConnectionSettings { public int getHeaderTableSize() { return headerTableSize; } -public void setHeaderTableSize(long headerTableSize) throws ConnectionError { +public void setHeaderTableSize(long headerTableSize) throws ConnectionException { // Need to put a sensible limit on this. Start with 16k (default is 4k) if (headerTableSize (16 * 1024)) { -throw new ConnectionError(sm.getString(connectionSettings.headerTableSizeLimit, +throw new ConnectionException(sm.getString(connectionSettings.headerTableSizeLimit, Long.toString(headerTableSize)), Http2Error.PROTOCOL_ERROR); } this.headerTableSize = (int) headerTableSize; @@ -91,11 +91,11 @@ public class ConnectionSettings { public boolean getEnablePush() { return enablePush; } -public void setEnablePush(long enablePush) throws ConnectionError { +public void setEnablePush(long enablePush) throws ConnectionException { // Can't be less than zero since the result of the byte-long conversion // will never be negative if (enablePush 1) { -throw new ConnectionError(sm.getString(connectionSettings.enablePushInvalid, +throw new ConnectionException(sm.getString(connectionSettings.enablePushInvalid, Long.toString(enablePush)), Http2Error.PROTOCOL_ERROR); } this.enablePush = (enablePush == 1); @@ -113,9 +113,9 @@ public class ConnectionSettings { public int getInitialWindowSize() { return initialWindowSize; } -public void setInitialWindowSize(long initialWindowSize) throws ConnectionError { +public void setInitialWindowSize(long initialWindowSize) throws
svn commit: r1684589 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/loader/WebappClassLoaderBase.java webapps/docs/changelog.xml
Author: markt Date: Wed Jun 10 08:00:18 2015 New Revision: 1684589 URL: http://svn.apache.org/r1684589 Log: Delegate and filter() should be used consistently everywhere delegation is possible to ensure consistent behaviour of the class loader. Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed Jun 10 08:00:18 2015 @@ -1 +1 @@ -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892 ,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657 907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,137,149,1 666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-1684527,1684549
svn commit: r1684597 - /tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java
Author: kfujino Date: Wed Jun 10 08:12:29 2015 New Revision: 1684597 URL: http://svn.apache.org/r1684597 Log: Fix indent. - no functional change. Modified: tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java Modified: tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java?rev=1684597r1=1684596r2=1684597view=diff == --- tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java (original) +++ tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java Wed Jun 10 08:12:29 2015 @@ -184,7 +184,7 @@ public class LazyReplicatedMapK,V exte msg = new MapMessage(getMapContextName(), MapMessage.MSG_PROXY, false, (Serializable) key, null, null, channel.getLocalMember(false),backup); if ( log.isTraceEnabled() ) -log.trace(Publishing proxy data:+msg+ to: +Arrays.toNameString(proxies)); +log.trace(Publishing proxy data:+msg+ to: +Arrays.toNameString(proxies)); getChannel().send(proxies, msg, getChannelSendOptions()); } }catch ( ChannelException x ) { - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1684619 - /tomcat/trunk/java/javax/security/auth/message/config/AuthConfigFactory.java
Author: markt Date: Wed Jun 10 09:37:23 2015 New Revision: 1684619 URL: http://svn.apache.org/r1684619 Log: Line length Modified: tomcat/trunk/java/javax/security/auth/message/config/AuthConfigFactory.java Modified: tomcat/trunk/java/javax/security/auth/message/config/AuthConfigFactory.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/javax/security/auth/message/config/AuthConfigFactory.java?rev=1684619r1=1684618r2=1684619view=diff == --- tomcat/trunk/java/javax/security/auth/message/config/AuthConfigFactory.java (original) +++ tomcat/trunk/java/javax/security/auth/message/config/AuthConfigFactory.java Wed Jun 10 09:37:23 2015 @@ -26,21 +26,26 @@ import java.util.Map; public abstract class AuthConfigFactory { -public static final java.lang.String DEFAULT_FACTORY_SECURITY_PROPERTY = authconfigprovider.factory; -public static final java.lang.String GET_FACTORY_PERMISSION_NAME = getProperty.authconfigprovider.factory; -public static final java.lang.String SET_FACTORY_PERMISSION_NAME = setProperty.authconfigprovider.factory; -public static final java.lang.String PROVIDER_REGISTRATION_PERMISSION_NAME = setProperty.authconfigfactory.provider; +public static final String DEFAULT_FACTORY_SECURITY_PROPERTY = +authconfigprovider.factory; +public static final String GET_FACTORY_PERMISSION_NAME = +getProperty.authconfigprovider.factory; +public static final String SET_FACTORY_PERMISSION_NAME = +setProperty.authconfigprovider.factory; +public static final String PROVIDER_REGISTRATION_PERMISSION_NAME = +setProperty.authconfigfactory.provider; + +public static final SecurityPermission getFactorySecurityPermission = +new SecurityPermission(GET_FACTORY_PERMISSION_NAME); -public static final SecurityPermission getFactorySecurityPermission = new SecurityPermission( -GET_FACTORY_PERMISSION_NAME); +public static final SecurityPermission setFactorySecurityPermission = +new SecurityPermission(SET_FACTORY_PERMISSION_NAME); -public static final SecurityPermission setFactorySecurityPermission = new SecurityPermission( -SET_FACTORY_PERMISSION_NAME); +public static final SecurityPermission providerRegistrationSecurityPermission = +new SecurityPermission(PROVIDER_REGISTRATION_PERMISSION_NAME); -public static final SecurityPermission providerRegistrationSecurityPermission = new SecurityPermission( -PROVIDER_REGISTRATION_PERMISSION_NAME); - -private static final String DEFAULT_JASPI_AUTHCONFIGFACTORYIMPL = org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl; +private static final String DEFAULT_JASPI_AUTHCONFIGFACTORYIMPL = +org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl; private static AuthConfigFactory factory; private static ClassLoader contextClassLoader; - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1684583 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/loader/WebappClassLoaderBase.java webapps/docs/changelog.xml
Author: markt Date: Wed Jun 10 07:47:38 2015 New Revision: 1684583 URL: http://svn.apache.org/r1684583 Log: The validate() method is unnecessary. Test 0.2 in loadClass(String, boolean) already ensures that Java SE classes can not be overridden and does so in a way that doesn't require a list of packages to be named. The filter() method handles the similar requirement for the Java EE APIs Tomcat implements. Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed Jun 10 07:47:38 2015 @@ -1 +1 @@ -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892 ,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657 907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,137,149,1 666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383
svn commit: r1684613 - in /tomcat/trunk/java/javax/security/auth/message: ./ callback/ config/ module/
Author: markt Date: Wed Jun 10 09:25:25 2015 New Revision: 1684613 URL: http://svn.apache.org/r1684613 Log: Re-order methods in JASPIC API classes to align with order used in reference implementation make it easier to check for differences using javap Patch provided by fjodorver Modified: tomcat/trunk/java/javax/security/auth/message/AuthStatus.java tomcat/trunk/java/javax/security/auth/message/ClientAuth.java tomcat/trunk/java/javax/security/auth/message/MessageInfo.java tomcat/trunk/java/javax/security/auth/message/MessagePolicy.java tomcat/trunk/java/javax/security/auth/message/ServerAuth.java tomcat/trunk/java/javax/security/auth/message/callback/CertStoreCallback.java tomcat/trunk/java/javax/security/auth/message/callback/PasswordValidationCallback.java tomcat/trunk/java/javax/security/auth/message/callback/PrivateKeyCallback.java tomcat/trunk/java/javax/security/auth/message/callback/SecretKeyCallback.java tomcat/trunk/java/javax/security/auth/message/callback/TrustStoreCallback.java tomcat/trunk/java/javax/security/auth/message/config/AuthConfig.java tomcat/trunk/java/javax/security/auth/message/config/AuthConfigFactory.java tomcat/trunk/java/javax/security/auth/message/module/ClientAuthModule.java tomcat/trunk/java/javax/security/auth/message/module/ServerAuthModule.java Modified: tomcat/trunk/java/javax/security/auth/message/AuthStatus.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/javax/security/auth/message/AuthStatus.java?rev=1684613r1=1684612r2=1684613view=diff == --- tomcat/trunk/java/javax/security/auth/message/AuthStatus.java (original) +++ tomcat/trunk/java/javax/security/auth/message/AuthStatus.java Wed Jun 10 09:25:25 2015 @@ -18,11 +18,11 @@ package javax.security.auth.message; public class AuthStatus { +public static final AuthStatus SUCCESS = new AuthStatus(SUCCESS); public static final AuthStatus FAILURE = new AuthStatus(FAILURE); -public static final AuthStatus SEND_CONTINUE = new AuthStatus(SEND_CONTINUE); -public static final AuthStatus SEND_FAILURE = new AuthStatus(SEND_FAILURE); public static final AuthStatus SEND_SUCCESS = new AuthStatus(SEND_SUCCESS); -public static final AuthStatus SUCCESS = new AuthStatus(SUCCESS); +public static final AuthStatus SEND_FAILURE = new AuthStatus(SEND_FAILURE); +public static final AuthStatus SEND_CONTINUE = new AuthStatus(SEND_CONTINUE); private final String name; Modified: tomcat/trunk/java/javax/security/auth/message/ClientAuth.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/javax/security/auth/message/ClientAuth.java?rev=1684613r1=1684612r2=1684613view=diff == --- tomcat/trunk/java/javax/security/auth/message/ClientAuth.java (original) +++ tomcat/trunk/java/javax/security/auth/message/ClientAuth.java Wed Jun 10 09:25:25 2015 @@ -20,10 +20,11 @@ import javax.security.auth.Subject; public interface ClientAuth { -void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException; - AuthStatus secureRequest(MessageInfo messageInfo, Subject clientSubject) throws AuthException; AuthStatus validateResponse(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException; + +void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException; } + Modified: tomcat/trunk/java/javax/security/auth/message/MessageInfo.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/javax/security/auth/message/MessageInfo.java?rev=1684613r1=1684612r2=1684613view=diff == --- tomcat/trunk/java/javax/security/auth/message/MessageInfo.java (original) +++ tomcat/trunk/java/javax/security/auth/message/MessageInfo.java Wed Jun 10 09:25:25 2015 @@ -20,9 +20,6 @@ import java.util.Map; public interface MessageInfo { -@SuppressWarnings(rawtypes) // JASPIC API uses raw types -Map getMap(); - Object getRequestMessage(); Object getResponseMessage(); @@ -30,4 +27,7 @@ public interface MessageInfo { void setRequestMessage(Object request); void setResponseMessage(Object response); + +@SuppressWarnings(rawtypes) // JASPIC API uses raw types +Map getMap(); } Modified: tomcat/trunk/java/javax/security/auth/message/MessagePolicy.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/javax/security/auth/message/MessagePolicy.java?rev=1684613r1=1684612r2=1684613view=diff == --- tomcat/trunk/java/javax/security/auth/message/MessagePolicy.java (original) +++ tomcat/trunk/java/javax/security/auth/message/MessagePolicy.java Wed Jun 10 09:25:25 2015 @@ -30,6 +30,10 @@ public class MessagePolicy {
svn commit: r1684584 - /tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java
Author: kfujino Date: Wed Jun 10 07:49:29 2015 New Revision: 1684584 URL: http://svn.apache.org/r1684584 Log: Do not set the nodes that failed to replication to the backup nodes. Ensure that the nodes that the data has been successfully replicated are set to the backup node. Modified: tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java Modified: tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java?rev=1684584r1=1684583r2=1684584view=diff == --- tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java (original) +++ tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java Wed Jun 10 07:49:29 2015 @@ -161,17 +161,18 @@ public class LazyReplicatedMapK,V exte } MapMessage msg = null; try { -backup = wrap(next); +Member[] tmpBackup = wrap(next); //publish the backup data to one node msg = new MapMessage(getMapContextName(), MapMessage.MSG_BACKUP, false, - (Serializable) key, (Serializable) value, null, channel.getLocalMember(false), backup); + (Serializable) key, (Serializable) value, null, channel.getLocalMember(false), tmpBackup); if ( log.isTraceEnabled() ) log.trace(Publishing backup data:+msg+ to: +next.getName()); -UniqueId id = getChannel().send(backup, msg, getChannelSendOptions()); +UniqueId id = getChannel().send(tmpBackup, msg, getChannelSendOptions()); if ( log.isTraceEnabled() ) log.trace(Data published:+msg+ msg Id:+id); //we published out to a backup, mark the test success success = true; +backup = tmpBackup; }catch ( ChannelException x ) { log.error(sm.getString(lazyReplicatedMap.unableReplicate.backup, key, next, x.getMessage()), x); } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1684591 - in /tomcat/tc8.0.x/trunk: java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java webapps/docs/changelog.xml
Author: kfujino Date: Wed Jun 10 08:04:42 2015 New Revision: 1684591 URL: http://svn.apache.org/r1684591 Log: Do not set the nodes that failed to replication to the backup nodes. Ensure that the nodes that the data has been successfully replicated are set to the backup node. Modified: tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java?rev=1684591r1=1684590r2=1684591view=diff == --- tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java (original) +++ tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java Wed Jun 10 08:04:42 2015 @@ -161,19 +161,21 @@ public class LazyReplicatedMapK,V exte } MapMessage msg = null; try { -backup = wrap(next); +Member[] tmpBackup = wrap(next); //publish the backup data to one node msg = new MapMessage(getMapContextName(), MapMessage.MSG_BACKUP, false, - (Serializable) key, (Serializable) value, null, channel.getLocalMember(false), backup); + (Serializable) key, (Serializable) value, null, channel.getLocalMember(false), tmpBackup); if ( log.isTraceEnabled() ) log.trace(Publishing backup data:+msg+ to: +next.getName()); -UniqueId id = getChannel().send(backup, msg, getChannelSendOptions()); +UniqueId id = getChannel().send(tmpBackup, msg, getChannelSendOptions()); if ( log.isTraceEnabled() ) log.trace(Data published:+msg+ msg Id:+id); //we published out to a backup, mark the test success success = true; +backup = tmpBackup; }catch ( ChannelException x ) { log.error(sm.getString(lazyReplicatedMap.unableReplicate.backup, key, next, x.getMessage()), x); +continue; } try { //publish the data out to all nodes Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1684591r1=1684590r2=1684591view=diff == --- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Wed Jun 10 08:04:42 2015 @@ -134,6 +134,11 @@ Use codeStringManager/code to provide i18n support in the codeorg.apache.catalina.tribes/code packages. (kfujino) /scode + fix +Do not set the nodes that failed to replication to the backup nodes. +Ensure that the nodes that the data has been successfully replicated are +set to the backup node. (kfujino) + /fix /changelog /subsection subsection name=Other - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1684617 - /tomcat/trunk/java/javax/security/auth/message/config/AuthConfigFactory.java
Author: markt Date: Wed Jun 10 09:34:22 2015 New Revision: 1684617 URL: http://svn.apache.org/r1684617 Log: Add missing constants in JASPIC API to align with reference implementation. Patch provided by fjodorver Modified: tomcat/trunk/java/javax/security/auth/message/config/AuthConfigFactory.java Modified: tomcat/trunk/java/javax/security/auth/message/config/AuthConfigFactory.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/javax/security/auth/message/config/AuthConfigFactory.java?rev=1684617r1=1684616r2=1684617view=diff == --- tomcat/trunk/java/javax/security/auth/message/config/AuthConfigFactory.java (original) +++ tomcat/trunk/java/javax/security/auth/message/config/AuthConfigFactory.java Wed Jun 10 09:34:22 2015 @@ -17,18 +17,30 @@ package javax.security.auth.message.config; import java.security.AccessController; +import java.security.Permission; import java.security.PrivilegedAction; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; +import java.security.SecurityPermission; import java.util.Map; -import javax.security.auth.AuthPermission; - public abstract class AuthConfigFactory { -public static final String DEFAULT_FACTORY_SECURITY_PROPERTY = authconfigprovider.factory; -private static final String DEFAULT_JASPI_AUTHCONFIGFACTORYIMPL = -org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl; +public static final java.lang.String DEFAULT_FACTORY_SECURITY_PROPERTY = authconfigprovider.factory; +public static final java.lang.String GET_FACTORY_PERMISSION_NAME = getProperty.authconfigprovider.factory; +public static final java.lang.String SET_FACTORY_PERMISSION_NAME = setProperty.authconfigprovider.factory; +public static final java.lang.String PROVIDER_REGISTRATION_PERMISSION_NAME = setProperty.authconfigfactory.provider; + +public static final SecurityPermission getFactorySecurityPermission = new SecurityPermission( +GET_FACTORY_PERMISSION_NAME); + +public static final SecurityPermission setFactorySecurityPermission = new SecurityPermission( +SET_FACTORY_PERMISSION_NAME); + +public static final SecurityPermission providerRegistrationSecurityPermission = new SecurityPermission( +PROVIDER_REGISTRATION_PERMISSION_NAME); + +private static final String DEFAULT_JASPI_AUTHCONFIGFACTORYIMPL = org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl; private static AuthConfigFactory factory; private static ClassLoader contextClassLoader; @@ -47,10 +59,7 @@ public abstract class AuthConfigFactory } public static synchronized AuthConfigFactory getFactory() { -SecurityManager sm = System.getSecurityManager(); -if (sm != null) { -sm.checkPermission(new AuthPermission(getAuthConfigFactory)); -} +checkPermission(getFactorySecurityPermission); if (factory == null) { String className = AccessController.doPrivileged(new PrivilegedActionString() { @Override @@ -88,10 +97,7 @@ public abstract class AuthConfigFactory } public static synchronized void setFactory(AuthConfigFactory factory) { -SecurityManager sm = System.getSecurityManager(); -if (sm != null) { -sm.checkPermission(new AuthPermission(setAuthConfigFactory)); -} +checkPermission(setFactorySecurityPermission); AuthConfigFactory.factory = factory; } @@ -116,6 +122,13 @@ public abstract class AuthConfigFactory public abstract void refresh(); +private static void checkPermission(Permission permission) { +SecurityManager securityManager = System.getSecurityManager(); +if (securityManager != null) { +securityManager.checkPermission(permission); +} +} + public static interface RegistrationContext { String getMessageLayer(); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1684585 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/loader/WebappClassLoaderBase.java webapps/docs/changelog.xml
Author: markt Date: Wed Jun 10 07:51:52 2015 New Revision: 1684585 URL: http://svn.apache.org/r1684585 Log: Fix a bug that prevented filter() from working correctly (it only returned true for classes in sub-packages of the listed packaged, but not classes located in the packages themselves) Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed Jun 10 07:51:52 2015 @@ -1 +1 @@ -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892 ,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657 907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,137,149,1 666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526
[Bug 58015] servlet-api.jar from WAR files not being excluded
https://bz.apache.org/bugzilla/show_bug.cgi?id=58015 Mark Thomas ma...@apache.org changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #3 from Mark Thomas ma...@apache.org --- I've back-ported the various edge cases fixes as well as the specific fix for this bug. It will be included 8.0.24 onwards. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1684595 - in /tomcat/trunk: java/org/apache/coyote/http2/ test/org/apache/coyote/http2/
Author: markt Date: Wed Jun 10 08:11:13 2015 New Revision: 1684595 URL: http://svn.apache.org/r1684595 Log: Rename to avoid clash with java.lang.Error Added: tomcat/trunk/java/org/apache/coyote/http2/Http2Error.java - copied, changed from r1684594, tomcat/trunk/java/org/apache/coyote/http2/Error.java Removed: tomcat/trunk/java/org/apache/coyote/http2/Error.java Modified: tomcat/trunk/java/org/apache/coyote/http2/ConnectionError.java tomcat/trunk/java/org/apache/coyote/http2/ConnectionSettings.java tomcat/trunk/java/org/apache/coyote/http2/FrameType.java tomcat/trunk/java/org/apache/coyote/http2/Http2Exception.java tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java tomcat/trunk/java/org/apache/coyote/http2/StreamError.java tomcat/trunk/java/org/apache/coyote/http2/StreamStateMachine.java tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_4_2.java tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_4_3.java tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_5_1.java Modified: tomcat/trunk/java/org/apache/coyote/http2/ConnectionError.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/ConnectionError.java?rev=1684595r1=1684594r2=1684595view=diff == --- tomcat/trunk/java/org/apache/coyote/http2/ConnectionError.java (original) +++ tomcat/trunk/java/org/apache/coyote/http2/ConnectionError.java Wed Jun 10 08:11:13 2015 @@ -20,7 +20,7 @@ public class ConnectionError extends Htt private static final long serialVersionUID = 1L; -public ConnectionError(String msg, Error error) { +public ConnectionError(String msg, Http2Error error) { super(msg, error); } } Modified: tomcat/trunk/java/org/apache/coyote/http2/ConnectionSettings.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/ConnectionSettings.java?rev=1684595r1=1684594r2=1684595view=diff == --- tomcat/trunk/java/org/apache/coyote/http2/ConnectionSettings.java (original) +++ tomcat/trunk/java/org/apache/coyote/http2/ConnectionSettings.java Wed Jun 10 08:11:13 2015 @@ -82,7 +82,7 @@ public class ConnectionSettings { // Need to put a sensible limit on this. Start with 16k (default is 4k) if (headerTableSize (16 * 1024)) { throw new ConnectionError(sm.getString(connectionSettings.headerTableSizeLimit, -Long.toString(headerTableSize)), Error.PROTOCOL_ERROR); +Long.toString(headerTableSize)), Http2Error.PROTOCOL_ERROR); } this.headerTableSize = (int) headerTableSize; } @@ -96,7 +96,7 @@ public class ConnectionSettings { // will never be negative if (enablePush 1) { throw new ConnectionError(sm.getString(connectionSettings.enablePushInvalid, -Long.toString(enablePush)), Error.PROTOCOL_ERROR); +Long.toString(enablePush)), Http2Error.PROTOCOL_ERROR); } this.enablePush = (enablePush == 1); } @@ -117,7 +117,7 @@ public class ConnectionSettings { if (initialWindowSize MAX_WINDOW_SIZE) { throw new ConnectionError(sm.getString(connectionSettings.windowSizeTooBig, Long.toString(initialWindowSize), Long.toString(MAX_WINDOW_SIZE)), -Error.PROTOCOL_ERROR); +Http2Error.PROTOCOL_ERROR); } this.initialWindowSize = (int) initialWindowSize; } @@ -130,7 +130,7 @@ public class ConnectionSettings { if (maxFrameSize MIN_MAX_FRAME_SIZE || maxFrameSize MAX_MAX_FRAME_SIZE) { throw new ConnectionError(sm.getString(connectionSettings.maxFrameSizeInvalid, Long.toString(maxFrameSize), Integer.toString(MIN_MAX_FRAME_SIZE), -Integer.toString(MAX_MAX_FRAME_SIZE)), Error.PROTOCOL_ERROR); +Integer.toString(MAX_MAX_FRAME_SIZE)), Http2Error.PROTOCOL_ERROR); } this.maxFrameSize = (int) maxFrameSize; } Modified: tomcat/trunk/java/org/apache/coyote/http2/FrameType.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/FrameType.java?rev=1684595r1=1684594r2=1684595view=diff == --- tomcat/trunk/java/org/apache/coyote/http2/FrameType.java (original) +++ tomcat/trunk/java/org/apache/coyote/http2/FrameType.java Wed Jun 10 08:11:13 2015 @@ -62,7 +62,7 @@ public enum FrameType { // Is FrameType valid for the given stream? if (streamId == 0 !streamZero || streamId != 0 !streamNonZero) { throw new ConnectionError(sm.getString(frameType.checkStream, this), -
svn commit: r1684596 - /tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java
Author: kfujino Date: Wed Jun 10 08:11:43 2015 New Revision: 1684596 URL: http://svn.apache.org/r1684596 Log: Fix indent. - no functional change. Modified: tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java Modified: tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java?rev=1684596r1=1684595r2=1684596view=diff == --- tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java (original) +++ tomcat/trunk/java/org/apache/catalina/tribes/tipis/LazyReplicatedMap.java Wed Jun 10 08:11:43 2015 @@ -184,7 +184,7 @@ public class LazyReplicatedMapK,V exte msg = new MapMessage(getMapContextName(), MapMessage.MSG_PROXY, false, (Serializable) key, null, null, channel.getLocalMember(false),backup); if ( log.isTraceEnabled() ) -log.trace(Publishing proxy data:+msg+ to: +Arrays.toNameString(proxies)); +log.trace(Publishing proxy data:+msg+ to: +Arrays.toNameString(proxies)); getChannel().send(proxies, msg, getChannelSendOptions()); } }catch ( ChannelException x ) { - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: HTTP2 parsing and error handling
On 09/06/2015 11:31, Rémy Maucherat wrote: 2015-06-09 11:53 GMT+02:00 Konstantin Kolinko knst.koli...@gmail.com: 2015-06-08 15:37 GMT+03:00 Mark Thomas ma...@apache.org: All, I'm not particularly happy with the current error handling (based around Http2Exception) and as I work my way through the spec in detail I am coming across cases that are becoming increasingly difficult to handle cleanly. I think I have reached the point where a completely different approach is needed. I am thinking along the lines of a ParseState object that gets passed around and updated if things go wrong. I'm going to try this approach over the next few days. If it works there is likely to be a largish commit to switch to this new approach but I'll try and keep that commit limited to changing the error handling. +1 One bonus from a flag vs. an exception is that it can be sticky. I mean a situation like one fixed by this commit: http://svn.apache.org/r1600984 Yes, and then it doesn't get properly recycled :) That aside, flags are often good. I managed to clean things up and make progress without such a large refactoring. I haven't finished implementing all the checks yet so I may still come back to this approach if the code starts to get messy again. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1684616 - in /tomcat/trunk/java/javax/security/auth/message: MessagePolicy.java config/AuthConfig.java config/AuthConfigProvider.java
Author: markt Date: Wed Jun 10 09:29:59 2015 New Revision: 1684616 URL: http://svn.apache.org/r1684616 Log: Remove runtime exception declarations from JASPIC API to align with reference implementation. Patch provided by fjodorver Modified: tomcat/trunk/java/javax/security/auth/message/MessagePolicy.java tomcat/trunk/java/javax/security/auth/message/config/AuthConfig.java tomcat/trunk/java/javax/security/auth/message/config/AuthConfigProvider.java Modified: tomcat/trunk/java/javax/security/auth/message/MessagePolicy.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/javax/security/auth/message/MessagePolicy.java?rev=1684616r1=1684615r2=1684616view=diff == --- tomcat/trunk/java/javax/security/auth/message/MessagePolicy.java (original) +++ tomcat/trunk/java/javax/security/auth/message/MessagePolicy.java Wed Jun 10 09:29:59 2015 @@ -21,8 +21,7 @@ public class MessagePolicy { private final TargetPolicy[] targetPolicies; private final boolean mandatory; -public MessagePolicy(TargetPolicy[] targetPolicies, boolean mandatory) -throws IllegalArgumentException { +public MessagePolicy(TargetPolicy[] targetPolicies, boolean mandatory) { if (targetPolicies == null) { throw new IllegalArgumentException(targetPolicies is null); } @@ -64,8 +63,7 @@ public class MessagePolicy { private final Target[] targets; private final ProtectionPolicy protectionPolicy; -public TargetPolicy(Target[] targets, ProtectionPolicy protectionPolicy) -throws IllegalArgumentException { +public TargetPolicy(Target[] targets, ProtectionPolicy protectionPolicy) { if (protectionPolicy == null) { throw new IllegalArgumentException(protectionPolicy is null); } Modified: tomcat/trunk/java/javax/security/auth/message/config/AuthConfig.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/javax/security/auth/message/config/AuthConfig.java?rev=1684616r1=1684615r2=1684616view=diff == --- tomcat/trunk/java/javax/security/auth/message/config/AuthConfig.java (original) +++ tomcat/trunk/java/javax/security/auth/message/config/AuthConfig.java Wed Jun 10 09:29:59 2015 @@ -24,7 +24,7 @@ public interface AuthConfig { String getAppContext(); -String getAuthContextID(MessageInfo messageInfo) throws IllegalArgumentException; +String getAuthContextID(MessageInfo messageInfo); void refresh(); Modified: tomcat/trunk/java/javax/security/auth/message/config/AuthConfigProvider.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/javax/security/auth/message/config/AuthConfigProvider.java?rev=1684616r1=1684615r2=1684616view=diff == --- tomcat/trunk/java/javax/security/auth/message/config/AuthConfigProvider.java (original) +++ tomcat/trunk/java/javax/security/auth/message/config/AuthConfigProvider.java Wed Jun 10 09:29:59 2015 @@ -22,10 +22,10 @@ import javax.security.auth.message.AuthE public interface AuthConfigProvider { ClientAuthConfig getClientAuthConfig(String layer, String appContext, CallbackHandler handler) -throws AuthException, SecurityException; +throws AuthException; ServerAuthConfig getServerAuthConfig(String layer, String appContext, CallbackHandler handler) -throws AuthException, SecurityException; +throws AuthException; void refresh(); } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in Tomcat 7.0.x
On 10/06/2015 14:04, Arjan Tijms wrote: We are implementing JASPIC 1.1, and there will be quite a lot changes anyway. JASPIC 1.1 itself was not a huge change over JASPIC 1.0, but it did put some extra requirements in place like the ability to forward and include resources using the HttpServletRequest and HttpServletResponse that's made available to a SAM. If a Tomcat valve can already do forwards/includes correctly, then this is trivial to support (no extra code needed). However, IFF Tomcat would not support those, then some extra coding inside Tomcat's internals *may* be needed (but Mark would know more about how to forward then). I don't really understand what the requirement is here. Can you expand / point me to the part of the spec? Not necessarily. JASPIC is first and foremost configured using a programmatic API from within the application. See http://arjan-tijms.omnifaces.org/2012/11/implementing-container-authentication.html Interesting. Optionally (but highly recommended!) a JASPIC authentication module can be registered at the container level using a vendor specific mechanism. If I'm not mistaken Mark made some remarks about this earlier. Tomcat already has some dedicated configuration files for this. My expectation is that all of Tomcat's existing authentication mechanisms would be made available at the container level (BASIC, DIGEST, FORM, CLIENT-CERT, SPNEGO). It should be a small step from there to replacing Tomcat's current authenticators with the appropriate JASPIC config. My take is that for step 1 it's best to focus on the programmatic installation of an authentication module (and wrapper artifacts) first, and make sure the most simple authentication case works (which means just passing the username/roles to the container and doing nothing else). Then look at the container side registration later. Sounds good. Thanks for the tip. Cheers, mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1684682 - /tomcat/trunk/java/org/apache/coyote/http2/StreamStateMachine.java
Author: markt Date: Wed Jun 10 14:23:48 2015 New Revision: 1684682 URL: http://svn.apache.org/r1684682 Log: HTTP/2 5.1.2 requires active streams to be counted. Add an active flag (currently unused) to Stream. Try a different format for State enum constructors. Uses more space but I think it is clearer. Modified: tomcat/trunk/java/org/apache/coyote/http2/StreamStateMachine.java Modified: tomcat/trunk/java/org/apache/coyote/http2/StreamStateMachine.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/StreamStateMachine.java?rev=1684682r1=1684681r2=1684682view=diff == --- tomcat/trunk/java/org/apache/coyote/http2/StreamStateMachine.java (original) +++ tomcat/trunk/java/org/apache/coyote/http2/StreamStateMachine.java Wed Jun 10 14:23:48 2015 @@ -125,35 +125,58 @@ public class StreamStateMachine { } +public synchronized boolean isActive() { +return state.isActive(); +} + + private enum State { -IDLE (true, Http2Error.PROTOCOL_ERROR, FrameType.HEADERS, FrameType.PRIORITY), -OPEN (true, Http2Error.PROTOCOL_ERROR, FrameType.DATA, FrameType.HEADERS, -FrameType.PRIORITY, FrameType.RST, FrameType.PUSH_PROMISE, -FrameType.WINDOW_UPDATE), -RESERVED_LOCAL (true, Http2Error.PROTOCOL_ERROR, FrameType.PRIORITY, FrameType.RST, -FrameType.WINDOW_UPDATE), -RESERVED_REMOTE(true, Http2Error.PROTOCOL_ERROR, FrameType.HEADERS, FrameType.PRIORITY, -FrameType.RST), -HALF_CLOSED_LOCAL (true, Http2Error.PROTOCOL_ERROR, FrameType.DATA, FrameType.HEADERS, -FrameType.PRIORITY, FrameType.RST, FrameType.PUSH_PROMISE, -FrameType.WINDOW_UPDATE), -HALF_CLOSED_REMOTE (true, Http2Error.STREAM_CLOSED, FrameType.PRIORITY, FrameType.RST, -FrameType.WINDOW_UPDATE), -CLOSED_RX (true, Http2Error.STREAM_CLOSED, FrameType.PRIORITY), -CLOSED_TX (true, Http2Error.STREAM_CLOSED, FrameType.PRIORITY, FrameType.RST, -FrameType.WINDOW_UPDATE), -CLOSED_RST_RX (false, Http2Error.STREAM_CLOSED, FrameType.PRIORITY), -CLOSED_RST_TX (false, Http2Error.STREAM_CLOSED, FrameType.DATA, FrameType.HEADERS, -FrameType.PRIORITY, FrameType.RST, FrameType.PUSH_PROMISE, -FrameType.WINDOW_UPDATE), -CLOSED_FINAL (true, Http2Error.PROTOCOL_ERROR, FrameType.PRIORITY); +IDLE (false, true, Http2Error.PROTOCOL_ERROR, FrameType.HEADERS, + FrameType.PRIORITY), +OPEN (true, true, Http2Error.PROTOCOL_ERROR, FrameType.DATA, + FrameType.HEADERS, + FrameType.PRIORITY, + FrameType.RST, + FrameType.PUSH_PROMISE, + FrameType.WINDOW_UPDATE), +RESERVED_LOCAL (false, true, Http2Error.PROTOCOL_ERROR, FrameType.PRIORITY, + FrameType.RST, + FrameType.WINDOW_UPDATE), +RESERVED_REMOTE(false, true, Http2Error.PROTOCOL_ERROR, FrameType.HEADERS, + FrameType.PRIORITY, + FrameType.RST), +HALF_CLOSED_LOCAL (true, true, Http2Error.PROTOCOL_ERROR, FrameType.DATA, + FrameType.HEADERS, + FrameType.PRIORITY, + FrameType.RST, + FrameType.PUSH_PROMISE, + FrameType.WINDOW_UPDATE), +HALF_CLOSED_REMOTE (true, true, Http2Error.STREAM_CLOSED, FrameType.PRIORITY, + FrameType.RST, + FrameType.WINDOW_UPDATE), +CLOSED_RX (false, true, Http2Error.STREAM_CLOSED,
[Bug 58010] Class file are not getting compiled with debuginfo while setting classdebuginfo in jasper ant task
https://bz.apache.org/bugzilla/show_bug.cgi?id=58010 --- Comment #2 from Joshua C Rebelo joshua.reb...@gmail.com --- I have tried that flag, but the javap -l command output for jsp class files doesn't have the LineNumberTable and LocalVariableTable attributes details. My build.xml has this entry. taskdef classname=org.apache.jasper.JspC name=jasper classpath pathelement location=${JAVA_HOME}/../lib/tools.jar/ pathelement location=${compile.home}/ ... path refid=jasper.compile.classpath/ /classpath /taskdef jasper verbose=1 package=org.apache.jsp classDebugInfo=true uriroot=${basedir}/${prep.home}/jsp outputDir=${basedir}/${prep.home}/src / -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in Tomcat 7.0.x
Hi, On Wed, Jun 10, 2015 at 3:09 PM, markt [via Tomcat] ml-node+s10n5035886...@n6.nabble.com wrote: A Valve is certainly a likely candidate since the current Authenticator implementations are all Valves. It really depends on whether access is required to Tomcat's internals. If you need access to the internals, a Valve is probably the way to go. If the Servlet API is sufficient then a Filter may be an option. Depending on exactly what the integration points are there may be other options. Traditionally it has not been really possible to implement JASPIC via the Servlet API. A requirement of JASPIC is that a SAM is called before the Servlet chain is invoked, which is by definition not possible (Filters are part of that chain). Even if you relax the rules a little, then you'd need to make sure that the Filter that's calling the SAM is absolutely guaranteed to be the very first, with no possible way that any other Filter could be placed before it. Then, via the standard Servlet API you cannot really establish the authenticated identity. You can fake it a little by wrapping HttpServletRequest and returning your own values for things like isUserInRole, but you'd also have to process auth-constraints defined in web.xml and @WebServlet annotations, which is quite hard to do from a filter (you'd be duplicating the web.xml parsing and annotation scanning from the Servlet container). Also, a SAM should be called when HttpServletRequest.authenticate and HttpServletRequest.logout is called from a Filter or Servlet. Typically the best thing is that whatever kind of code the Servlet container is already using to implement the standard authentication mechanisms BASIC, FORM, etc is also used to implement JASPIC. I have to double check, but if I'm not mistaken this is what most containers are indeed doing. Is the configuration always going to be per web application (in which case context.xml is a likely candidate) or can it be per Host or per Engine (which suggests server.xml)? There are two options in JASPIC: 1. Per web application. Programmatically (from within the application) this is done by passing an appContextID to the JASPIC factory that is used for registration. This appContextID is computed as follows: String getAppContextID(ServletContext context) return context.getVirtualServerName() + + context.getContextPath(); } 2. Globally for the entire container (all applications running on it). Programmatically this is done by passing a null to the JASPIC factory. Doing this from an application is maybe rare, but with it you could theoretically deploy an authentication module to a server by deploying a war that only contains the SAM and the registration code. Are there any 'standard' configuration files defined by JASPIC? Nope. I more or less happened to mention this in my reply to Fjodor, but there is not a single standard configuration file. The only standardized way is by using the AuthConfigFactory. Kind regards, Arjan Tijms And what about JACC support? Geronimo uses JACC for authorization config, what about Tomcat? Tomcat currently uses Realms. It was not intended to implement JACC as part of the GSoC project. If the project goes well and the JASPIC work is completed early, taking a look at JACC would be a useful thing to do. Mark Thanks, Fjodor 2015-05-04 16:49 GMT+03:00 Arjan Tijms [hidden email] http:///user/SendEmail.jtp?type=nodenode=5035886i=0: Hi, Great news! Do you have any definite start date for the actual coding already? A short while ago I did a very small and simple implementation of the Servlet BASIC auth mechanism using JASPIC, which is one of the 4 mechanisms required by Servlet. See: https://github.com/omnifaces/omnisecurity/blob/master/src/main/java/org/omnifaces/security/jaspic/authmodules/BasicAuthModule.java Calling out to the identity store is however not standardised yet (the example code simply uses CDI) and has to be done in a Tomcat specific way. Kind regards, Arjan Tijms On Monday, May 4, 2015, Fjodor Vershinin [via Tomcat] [hidden email] http:///user/SendEmail.jtp?type=nodenode=5035886i=1 wrote: Good news, everyone! I am happy to announce that our project has been accepted to participate in GSoC. Now it's community binding period, so I need to introduce myself to other developers. Some brief information about me: My name is Fjodor Vershinin, I am 2'th grade computer science student from Estonia. One of my hobbies is writing OSS software, mainly in Java and Python. I hope to finish JASPIC implementation during this summer and make Tomcat better ;) Fjodor. 2015-03-04 11:09 GMT+02:00 Fjodor Vershinin [hidden email] http:///user/SendEmail.jtp?type=nodenode=5034072i=0: Hello! It looks like ASF has been selected for GSOC 2015 and I am interested in pushing this project forward. So, in meantime I'll start writing proposal and
Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in Tomcat 7.0.x
Hi, On Wed, Jun 10, 2015 at 3:28 PM, markt [via Tomcat] ml-node+s10n5035887...@n6.nabble.com wrote: I don't really understand what the requirement is here. Can you expand / point me to the part of the spec? It's simply that from within a SAM you can forward/include to a Servlet using a dispatcher, such that the output of that Servlet is inserted in the response. It's in section 3.8.3.4 of the JASPIC spec: 3.8.3.4 Forwards and Includes by Server Authentication Modules The message processing runtime must support the acquisition and use of RequestDispatcher objects by authentication modules within their processing of validateRequest. Under the constraints defined by RequestDispatcher, authentication modules must be able to forward and include using the request and response objects passed in MessageInfo. In particular, an authentication module must be able to acquire a RequestDispatcher from the request obtained from MessageInfo, and uses it to forward the request (and response) to a login form. Authentication modules should catch and rethrow as an AuthException any exception thrown by these methods. A test/example showing this in practice is the following: https://github.com/javaee-samples/javaee7-samples/tree/master/jaspic/dispatching Specifically, this code shows both an include and a forward done by a SAM: public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException { try { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage(); if (include.equals(request.getParameter(dispatch))) { request.getRequestDispatcher(/includedServlet) .include(request, response); // Do nothing, required protocol when returning SUCCESS handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) }); // When using includes, the response stays open and the main // resource can also write to the response return SUCCESS; } else { request.getRequestDispatcher(/forwardedServlet) .forward(request, response); // MUST NOT invoke the resource, so CAN NOT return SUCCESS here. return SEND_CONTINUE; } } catch (IOException | ServletException | UnsupportedCallbackException e) { throw (AuthException) new AuthException().initCause(e); } } Sounds good. Thanks for the tip. You're welcome ;) Kind regards, Arjan Tijms Cheers, mark - To unsubscribe, e-mail: [hidden email] http:///user/SendEmail.jtp?type=nodenode=5035887i=0 For additional commands, e-mail: [hidden email] http:///user/SendEmail.jtp?type=nodenode=5035887i=1 -- If you reply to this email, your message will be added to the discussion below: http://tomcat.10.x6.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-Tomcat-7-0-x-tp4993387p5035887.html To unsubscribe from Consider support for the Servlet profile of JSR 196 (JASPIC) in Tomcat 7.0.x, click here http://tomcat.10.x6.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_codenode=4993387code=YXJqYW4udGlqbXNAZ21haWwuY29tfDQ5OTMzODd8LTM3MzU5NTg0OA== . NAML http://tomcat.10.x6.nabble.com/template/NamlServlet.jtp?macro=macro_viewerid=instant_html%21nabble%3Aemail.namlbase=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespacebreadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml -- View this message in context: http://tomcat.10.x6.nabble.com/Consider-support-for-the-Servlet-profile-of-JSR-196-JASPIC-in-Tomcat-7-0-x-tp4993387p5035891.html Sent from the Tomcat - Dev mailing list archive at Nabble.com.
svn commit: r1684752 - in /tomcat/trunk/java/org/apache/coyote/http2: Http2UpgradeHandler.java LocalStrings.properties Stream.java StreamStateMachine.java
Author: markt Date: Wed Jun 10 19:43:10 2015 New Revision: 1684752 URL: http://svn.apache.org/r1684752 Log: Add the plumbing required for HTTP/2 5.1.1 and 5.1.2 Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties tomcat/trunk/java/org/apache/coyote/http2/Stream.java tomcat/trunk/java/org/apache/coyote/http2/StreamStateMachine.java Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java?rev=1684752r1=1684751r2=1684752view=diff == --- tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java (original) +++ tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java Wed Jun 10 19:43:10 2015 @@ -107,7 +107,6 @@ public class Http2UpgradeHandler extends private final ConnectionSettings remoteSettings = new ConnectionSettings(); private final ConnectionSettings localSettings = new ConnectionSettings(); -private volatile int maxRemoteStreamId = 0; private HpackDecoder hpackDecoder; private HpackEncoder hpackEncoder; @@ -118,7 +117,9 @@ public class Http2UpgradeHandler extends private long writeTimeout = 1; private final MapInteger,Stream streams = new HashMap(); -private int maxStreamId = -1; +private volatile int activeRemoteStreamCount = 0; +private volatile int maxRemoteStreamId = 0; +private volatile int maxActiveRemoteStreamId = 0; // Tracking for when the connection is blocked (windowSize 1) private final Object backLogLock = new Object(); @@ -140,6 +141,7 @@ public class Http2UpgradeHandler extends Stream stream = new Stream(key, this, coyoteRequest); streams.put(key, stream); maxRemoteStreamId = 1; +activeRemoteStreamCount = 1; } } @@ -632,7 +634,8 @@ public class Http2UpgradeHandler extends Stream result = streams.get(key); if (result == null unknownIsError) { // Stream has been closed and removed from the map -throw new ConnectionException(sm.getString(upgradeHandler.stream.closed, key), Http2Error.PROTOCOL_ERROR); +throw new ConnectionException(sm.getString(upgradeHandler.stream.closed, key), +Http2Error.PROTOCOL_ERROR); } return result; } @@ -651,6 +654,8 @@ public class Http2UpgradeHandler extends Integer.valueOf(maxRemoteStreamId)), Http2Error.PROTOCOL_ERROR); } +// TODO Implement periodic pruning of closed streams + Stream result = new Stream(key, this); streams.put(key, result); maxRemoteStreamId = streamId; @@ -761,9 +766,6 @@ public class Http2UpgradeHandler extends @Override public ByteBuffer getInputByteBuffer(int streamId, int payloadSize) throws Http2Exception { Stream stream = getStream(streamId, true); -if (stream == null) { -return null; -} stream.checkState(FrameType.DATA); return stream.getInputByteBuffer(); } @@ -772,9 +774,10 @@ public class Http2UpgradeHandler extends @Override public void receiveEndOfStream(int streamId) throws ConnectionException { Stream stream = getStream(streamId, true); -if (stream != null) { -stream.receivedEndOfStream(); +if (stream.isActive()) { +activeRemoteStreamCount--; } +stream.receivedEndOfStream(); } @@ -786,10 +789,29 @@ public class Http2UpgradeHandler extends } stream.checkState(FrameType.HEADERS); stream.receivedStartOfHeaders(); +closeIdleStreams(streamId); +if (localSettings.getMaxConcurrentStreams() activeRemoteStreamCount) { +activeRemoteStreamCount++; +} else { +throw new StreamException(sm.getString(upgradeHandler.tooManyRemoteStreams, +Long.toString(localSettings.getMaxConcurrentStreams())), +Http2Error.REFUSED_STREAM, streamId); +} return stream; } +private void closeIdleStreams(int newMaxActiveRemoteStreamId) throws Http2Exception { +for (int i = maxActiveRemoteStreamId + 2; i newMaxActiveRemoteStreamId; i += 2) { +Stream stream = getStream(newMaxActiveRemoteStreamId, false); +if (stream != null) { +stream.closeIfIdle(); +} +} +maxActiveRemoteStreamId = newMaxActiveRemoteStreamId; +} + + @Override public void reprioritise(int streamId, int parentStreamId, boolean exclusive, int weight) throws Http2Exception { @@ -820,10 +842,8 @@ public class Http2UpgradeHandler extends @Override public void reset(int
svn commit: r1684754 - /tomcat/trunk/java/org/apache/coyote/http2/ByteUtil.java
Author: markt Date: Wed Jun 10 19:55:35 2015 New Revision: 1684754 URL: http://svn.apache.org/r1684754 Log: Another util method Modified: tomcat/trunk/java/org/apache/coyote/http2/ByteUtil.java Modified: tomcat/trunk/java/org/apache/coyote/http2/ByteUtil.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/ByteUtil.java?rev=1684754r1=1684753r2=1684754view=diff == --- tomcat/trunk/java/org/apache/coyote/http2/ByteUtil.java (original) +++ tomcat/trunk/java/org/apache/coyote/http2/ByteUtil.java Wed Jun 10 19:55:35 2015 @@ -61,6 +61,11 @@ public class ByteUtil { } +public static void setOneBytes(byte[] output, int firstByte, int value) { +output[firstByte] = (byte) (value 0xFF); +} + + public static void setTwoBytes(byte[] output, int firstByte, int value) { output[firstByte] = (byte) ((value 0xFF00) 8); output[firstByte + 1] = (byte) (value 0xFF); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1684751 - /tomcat/trunk/conf/catalina.properties
Author: markt Date: Wed Jun 10 19:41:31 2015 New Revision: 1684751 URL: http://svn.apache.org/r1684751 Log: Add new jaspic-api.jar to jarsToSkip Modified: tomcat/trunk/conf/catalina.properties Modified: tomcat/trunk/conf/catalina.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.properties?rev=1684751r1=1684750r2=1684751view=diff == --- tomcat/trunk/conf/catalina.properties (original) +++ tomcat/trunk/conf/catalina.properties Wed Jun 10 19:41:31 2015 @@ -108,6 +108,7 @@ shared.loader= tomcat.util.scan.StandardJarScanFilter.jarsToSkip=\ bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\ annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,\ +jaspic-api.jar,\ catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-storeconfig.jar,\ catalina-tribes.jar,\ jasper.jar,jasper-el.jar,ecj-*.jar,\ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1684757 - in /tomcat/trunk: java/org/apache/coyote/http2/Http2UpgradeHandler.java test/org/apache/coyote/http2/Http2TestBase.java test/org/apache/coyote/http2/TestHttp2Section_5_1.java
Author: markt Date: Wed Jun 10 20:02:11 2015 New Revision: 1684757 URL: http://svn.apache.org/r1684757 Log: Add a test for closure of idle streams and fix the bugs it identified. Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_5_1.java Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java?rev=1684757r1=1684756r2=1684757view=diff == --- tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java (original) +++ tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java Wed Jun 10 20:02:11 2015 @@ -119,7 +119,8 @@ public class Http2UpgradeHandler extends private final MapInteger,Stream streams = new HashMap(); private volatile int activeRemoteStreamCount = 0; private volatile int maxRemoteStreamId = 0; -private volatile int maxActiveRemoteStreamId = 0; +// Start at -1 so the 'add 2' logic in closeIdleStreams() works +private volatile int maxActiveRemoteStreamId = -1; // Tracking for when the connection is blocked (windowSize 1) private final Object backLogLock = new Object(); @@ -141,6 +142,7 @@ public class Http2UpgradeHandler extends Stream stream = new Stream(key, this, coyoteRequest); streams.put(key, stream); maxRemoteStreamId = 1; +maxActiveRemoteStreamId = 1; activeRemoteStreamCount = 1; } } @@ -803,7 +805,7 @@ public class Http2UpgradeHandler extends private void closeIdleStreams(int newMaxActiveRemoteStreamId) throws Http2Exception { for (int i = maxActiveRemoteStreamId + 2; i newMaxActiveRemoteStreamId; i += 2) { -Stream stream = getStream(newMaxActiveRemoteStreamId, false); +Stream stream = getStream(i, false); if (stream != null) { stream.closeIfIdle(); } Modified: tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java?rev=1684757r1=1684756r2=1684757view=diff == --- tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java (original) +++ tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java Wed Jun 10 20:02:11 2015 @@ -43,7 +43,6 @@ import org.apache.coyote.http2.Http2Pars import org.apache.tomcat.util.codec.binary.Base64; import org.apache.tomcat.util.http.MimeHeaders; - /** * Tests for compliance with the a href=https://tools.ietf.org/html/rfc7540; * HTTP/2 specification/a. @@ -409,6 +408,26 @@ public abstract class Http2TestBase exte os.flush(); } + +void sendPriority(int streamId, int streamDependencyId, int weight) throws IOException { +byte[] priorityFrame = new byte[14]; +// length +ByteUtil.setThreeBytes(priorityFrame, 0, 5); +// type +priorityFrame[3] = FrameType.PRIORITY.getIdByte(); +// No flags +// Stream ID +ByteUtil.set31Bits(priorityFrame, 5, streamId); + +// Payload +ByteUtil.set31Bits(priorityFrame, 9, streamDependencyId); +ByteUtil.setOneBytes(priorityFrame, 13, weight); + +os.write(priorityFrame); +os.flush(); +} + + private static class TestInput implements Http2Parser.Input { private final InputStream is; Modified: tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_5_1.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_5_1.java?rev=1684757r1=1684756r2=1684757view=diff == --- tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_5_1.java (original) +++ tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_5_1.java Wed Jun 10 20:02:11 2015 @@ -178,11 +178,31 @@ public class TestHttp2Section_5_1 extend Assert.assertTrue(output.getTrace(), output.getTrace().startsWith(0-Goaway-[2147483647]-[ + Http2Error.PROTOCOL_ERROR.getCode() + ]-[)); - } -// TODO Remaining 5.1.1 tests +@Test +public void testImplicitClose() throws Exception { +hpackEncoder = new HpackEncoder(ConnectionSettings.DEFAULT_HEADER_TABLE_SIZE); +http2Connect(); + +sendPriority(3, 0, 16); +sendPriority(5, 0, 16); + +sendSimpleRequest(5); +readSimpleResponse(); +Assert.assertEquals(getSimpleResponseTrace(5), output.getTrace()); +output.clearTrace(); + +// Should trigger an error since stream 3 should have been implicitly
svn commit: r1684753 - /tomcat/trunk/java/org/apache/coyote/http2/StreamStateMachine.java
Author: markt Date: Wed Jun 10 19:55:17 2015 New Revision: 1684753 URL: http://svn.apache.org/r1684753 Log: Use the method provided for changing state. Modified: tomcat/trunk/java/org/apache/coyote/http2/StreamStateMachine.java Modified: tomcat/trunk/java/org/apache/coyote/http2/StreamStateMachine.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/StreamStateMachine.java?rev=1684753r1=1684752r2=1684753view=diff == --- tomcat/trunk/java/org/apache/coyote/http2/StreamStateMachine.java (original) +++ tomcat/trunk/java/org/apache/coyote/http2/StreamStateMachine.java Wed Jun 10 19:55:17 2015 @@ -131,9 +131,7 @@ public class StreamStateMachine { public synchronized void closeIfIdle() { -if (state == State.IDLE) { -state = State.CLOSED_FINAL; -} +stateChange(State.IDLE, State.CLOSED_FINAL); } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1684769 - in /tomcat/trunk/java/org/apache/coyote/http2: Http2Parser.java Http2Protocol.java Http2UpgradeHandler.java
Author: markt Date: Wed Jun 10 21:31:08 2015 New Revision: 1684769 URL: http://svn.apache.org/r1684769 Log: Testing HTTP/2 5.1.2 Make maxConcurrentStream configurable so it can be tested I have a test for maxConcurrentStreams that works but it appears to be triggering some flow control bugs I need to iron out. Meanwhile, here are the fixes for the maxConcurrentStreams bugs it did find. Ensure headers payload is swallowed if the stream is rejected due to maxConcurrentStreams Only decrement active stream count when a stream goes inactive Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java tomcat/trunk/java/org/apache/coyote/http2/Http2Protocol.java tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java?rev=1684769r1=1684768r2=1684769view=diff == --- tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java (original) +++ tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java Wed Jun 10 21:31:08 2015 @@ -167,7 +167,12 @@ class Http2Parser { if (hpackDecoder == null) { hpackDecoder = output.getHpackDecoder(); } -hpackDecoder.setHeaderEmitter(output.headersStart(streamId)); +try { +hpackDecoder.setHeaderEmitter(output.headersStart(streamId)); +} catch (StreamException se) { +swallow(payloadSize); +throw se; +} int padLength = 0; boolean padding = Flags.hasPadding(flags); Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2Protocol.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Http2Protocol.java?rev=1684769r1=1684768r2=1684769view=diff == --- tomcat/trunk/java/org/apache/coyote/http2/Http2Protocol.java (original) +++ tomcat/trunk/java/org/apache/coyote/http2/Http2Protocol.java Wed Jun 10 21:31:08 2015 @@ -29,6 +29,8 @@ import org.apache.tomcat.util.net.Socket public class Http2Protocol implements UpgradeProtocol { +private static final long DEFAULT_MAX_CONCURRENT_STREAMS = 200; + private static final String HTTP_UPGRADE_NAME = h2c; private static final String ALPN_NAME = h2; private static final byte[] ALPN_IDENTIFIER = ALPN_NAME.getBytes(StandardCharsets.UTF_8); @@ -37,6 +39,7 @@ public class Http2Protocol implements Up private long readTimeout = 1; private long keepAliveTimeout = 3; private long writeTimeout = 1; +private long maxConcurrentStreams = DEFAULT_MAX_CONCURRENT_STREAMS; @Override public String getHttpUpgradeName(boolean isSecure) { @@ -73,6 +76,7 @@ public class Http2Protocol implements Up result.setReadTimeout(getReadTimeout()); result.setKeepAliveTimeout(getKeepAliveTimeout()); result.setWriteTimeout(getWriteTimeout()); +result.setMaxConcurrentStreams(getMaxConcurrentStreams()); return result; } @@ -128,4 +132,14 @@ public class Http2Protocol implements Up public void setWriteTimeout(long writeTimeout) { this.writeTimeout = writeTimeout; } + + +public long getMaxConcurrentStreams() { +return maxConcurrentStreams; +} + + +public void setMaxConcurrentStreams(long maxConcurrentStreams) { +this.maxConcurrentStreams = maxConcurrentStreams; +} } Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java?rev=1684769r1=1684768r2=1684769view=diff == --- tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java (original) +++ tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java Wed Jun 10 21:31:08 2015 @@ -465,7 +465,10 @@ public class Http2UpgradeHandler extends if (stream.getOutputBuffer().isFinished()) { header[4] = FLAG_END_OF_STREAM; stream.sentEndOfStream(); -} +if (!stream.isActive()) { +activeRemoteStreamCount--; +} + } ByteUtil.set31Bits(header, 5, stream.getIdentifier().intValue()); socketWrapper.write(true, header, 0, header.length); socketWrapper.write(true, data.array(), data.arrayOffset() + data.position(), @@ -723,6 +726,11 @@ public class Http2UpgradeHandler extends } +public void setMaxConcurrentStreams(long maxConcurrentStreams) { +localSettings.setMaxConcurrentStreams(maxConcurrentStreams); +} + + // --- Http2Parser.Input methods @Override @@
svn commit: r1684771 - in /tomcat/trunk/test/org/apache/coyote/http2: Http2TestBase.java TestHttp2Section_5_1.java
Author: markt Date: Wed Jun 10 21:56:27 2015 New Revision: 1684771 URL: http://svn.apache.org/r1684771 Log: Add a test for maxConcurrentStreams Also expands capabilities of Http2TestBase to include - large requests - setting maxConcurrentStreams Modified: tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_5_1.java Modified: tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java?rev=1684771r1=1684770r2=1684771view=diff == --- tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java (original) +++ tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java Wed Jun 10 21:56:27 2015 @@ -114,10 +114,30 @@ public abstract class Http2TestBase exte } +protected void sendLargeRequest(int streamId) throws IOException { +byte[] frameHeader = new byte[9]; +ByteBuffer headersPayload = ByteBuffer.allocate(128); + +buildLargeRequest(frameHeader, headersPayload, streamId); +writeFrame(frameHeader, headersPayload); +} + + protected void buildSimpleRequest(byte[] frameHeader, ByteBuffer headersPayload, int streamId) { +buildRequest(frameHeader, headersPayload, streamId, /simple); +} + + +protected void buildLargeRequest(byte[] frameHeader, ByteBuffer headersPayload, int streamId) { +buildRequest(frameHeader, headersPayload, streamId, /large); +} + + +protected void buildRequest(byte[] frameHeader, ByteBuffer headersPayload, int streamId, +String url) { MimeHeaders headers = new MimeHeaders(); headers.addValue(:method).setString(GET); -headers.addValue(:path).setString(/any); +headers.addValue(:path).setString(url); headers.addValue(:authority).setString(localhost: + getPort()); hpackEncoder.encode(headers, headersPayload); @@ -137,7 +157,7 @@ public abstract class Http2TestBase exte int streamId) { MimeHeaders headers = new MimeHeaders(); headers.addValue(:method).setString(GET); -headers.addValue(:path).setString(/any); +headers.addValue(:path).setString(/simple); hpackEncoder.encode(headers, headersPayload); headersPayload.flip(); @@ -204,12 +224,17 @@ public abstract class Http2TestBase exte protected void enableHttp2() { +enableHttp2(200); +} + +protected void enableHttp2(long maxConcurrentStreams) { Connector connector = getTomcatInstance().getConnector(); Http2Protocol http2Protocol = new Http2Protocol(); // Short timeouts for now. May need to increase these for CI systems. http2Protocol.setReadTimeout(2000); http2Protocol.setKeepAliveTimeout(5000); http2Protocol.setWriteTimeout(2000); +http2Protocol.setMaxConcurrentStreams(maxConcurrentStreams); connector.addUpgradeProtocol(http2Protocol); } @@ -219,7 +244,9 @@ public abstract class Http2TestBase exte Context ctxt = tomcat.addContext(, null); Tomcat.addServlet(ctxt, simple, new SimpleServlet()); -ctxt.addServletMapping(/*, simple); +ctxt.addServletMapping(/simple, simple); +Tomcat.addServlet(ctxt, large, new LargeServlet()); +ctxt.addServletMapping(/large, large); tomcat.start(); } @@ -245,7 +272,7 @@ public abstract class Http2TestBase exte protected void doHttpUpgrade(String connection, String upgrade, String settings, boolean validate) throws IOException { -byte[] upgradeRequest = (GET / HTTP/1.1\r\n + +byte[] upgradeRequest = (GET /simple HTTP/1.1\r\n + Host: localhost: + getPort() + \r\n + Connection: + connection + \r\n + Upgrade: + upgrade + \r\n + @@ -606,6 +633,32 @@ public abstract class Http2TestBase exte // Two bytes per entry resp.setContentLengthLong(count * 2); +OutputStream os = resp.getOutputStream(); +byte[] data = new byte[2]; +for (int i = 0; i count; i++) { +data[0] = (byte) (i 0xFF); +data[1] = (byte) ((i 8) 0xFF); +os.write(data); +} +} +} + + +private static class LargeServlet extends HttpServlet { + +private static final long serialVersionUID = 1L; + +@Override +protected void doGet(HttpServletRequest req, HttpServletResponse resp) +throws ServletException, IOException { +// Generate content with a simple known format that will exceed the +// default flow control window for a stream. +resp.setContentType(application/octet-stream); + +int count = 128 * 1024; +// Two bytes
svn commit: r1684770 - /tomcat/trunk/java/org/apache/coyote/http2/Stream.java
Author: markt Date: Wed Jun 10 21:54:24 2015 New Revision: 1684770 URL: http://svn.apache.org/r1684770 Log: Sync and notify on the correct object (the Stream) for stream flow control. Modified: tomcat/trunk/java/org/apache/coyote/http2/Stream.java Modified: tomcat/trunk/java/org/apache/coyote/http2/Stream.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Stream.java?rev=1684770r1=1684769r2=1684770view=diff == --- tomcat/trunk/java/org/apache/coyote/http2/Stream.java (original) +++ tomcat/trunk/java/org/apache/coyote/http2/Stream.java Wed Jun 10 21:54:24 2015 @@ -318,9 +318,9 @@ public class Stream extends AbstractStre if (thisWriteStream 1) { // Need to block until a WindowUpdate message is // processed for this stream -synchronized (this) { +synchronized (Stream.this) { try { -wait(); +Stream.this.wait(); } catch (InterruptedException e) { // TODO: Possible shutdown? } @@ -335,9 +335,9 @@ public class Stream extends AbstractStre if (thisWrite 1) { // Need to block until a WindowUpdate message is // processed for this connection -synchronized (this) { +synchronized (Stream.this) { try { -wait(); +Stream.this.wait(); } catch (InterruptedException e) { // TODO: Possible shutdown? } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Consider support for the Servlet profile of JSR 196 (JASPIC) in Tomcat 7.0.x
Hi folks! Great to see this thread picking up steam. On Jun 10, 2015, at 6:12 AM, Mark Thomas ma...@apache.org wrote: On 10/06/2015 13:34, Fjodor Vershinin wrote: And what about code backward compatibility for Geronimo, should code ported back, or new Geronimo release can use our implementation? Re-use by downstream consumers of Tomcat like TomEE and Geronimo is certainly a goal. The TomEE folks tend to provide feedback when we do something that makes their life difficult so I'd expect them to speak up if they spot a problem. We'll happily be waiting for the code upstream. :) I wouldn't worry about backwards compatibility for Geronimo. That would probably be difficult to achieve. Keep in mind that Geronimo may wish to re-use the code (or just some of the patches) but if you need to change something you should feel free to do so. Agree. I'd focus on making the code as tight and clean as possible. On Jun 10, 2015, at 6:31 AM, Mark Thomas ma...@apache.org wrote: On 10/06/2015 14:04, Arjan Tijms wrote: Tomcat already has some dedicated configuration files for this. My expectation is that all of Tomcat's existing authentication mechanisms would be made available at the container level (BASIC, DIGEST, FORM, CLIENT-CERT, SPNEGO). It should be a small step from there to replacing Tomcat's current authenticators with the appropriate JASPIC config. Is the hope that these existing forms of auth will be ported and plugged in through the JASPIC support? That would be quite excellent if so. -David - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58010] Class file are not getting compiled with debuginfo while setting classdebuginfo in jasper ant task
https://bz.apache.org/bugzilla/show_bug.cgi?id=58010 Joshua C Rebelo joshua.reb...@gmail.com changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|INVALID |--- --- Comment #3 from Joshua C Rebelo joshua.reb...@gmail.com --- Marking the defect as re-opened, as I think its still not working. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org