[GitHub] [tomcat] alpire opened a new pull request #176: CoyoteAdapter: fix out-of-bounds read in checkNormalize
alpire opened a new pull request #176: CoyoteAdapter: fix out-of-bounds read in checkNormalize URL: https://github.com/apache/tomcat/pull/176 On malformed requests, checkNormalize would throw an ArrayIndexOutOfBoundsException leading to a 500 response. This change fixes checkNormalize to return false instead of throwing exception on those inputs, and adds a few tests to check the new functionality. For the record, the exception is below: ``` java.lang.ArrayIndexOutOfBoundsException: -1 at org.apache.catalina.connector.CoyoteAdapter.checkNormalize(CoyoteAdapter.java:1275) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19] at org.apache.catalina.connector.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:647) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:337) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-9.0.19.jar!/:9.0.19] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:836) [tomcat-embed-core-9.0.19.jar!/:9.0.19] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1747) [tomcat-embed-core-9.0.19.jar!/:9.0.19] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.19.jar!/:9.0.19] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_212] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_212] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.19.jar!/:9.0.19] at java.lang.Thread.run(Thread.java:748) [na:1.8.0_212] ``` This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/05: Remove unused key
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit da06a27da0ba29e57306ca3f6503285ca2c8589d Author: Mark Thomas AuthorDate: Fri Jun 28 20:41:20 2019 +0100 Remove unused key --- java/org/apache/catalina/servlets/LocalStrings.properties | 1 - 1 file changed, 1 deletion(-) diff --git a/java/org/apache/catalina/servlets/LocalStrings.properties b/java/org/apache/catalina/servlets/LocalStrings.properties index 6b63a40..ff2eff7 100644 --- a/java/org/apache/catalina/servlets/LocalStrings.properties +++ b/java/org/apache/catalina/servlets/LocalStrings.properties @@ -17,7 +17,6 @@ cgiServlet.emptyEnvVarName=Empty environment variable name in initialisation par cgiServlet.expandCloseFail=Failed to close input stream for script at path [{0}] cgiServlet.expandCreateDirFail=Failed to create destination directory [{0}] for script expansion cgiServlet.expandDeleteFail=Failed to delete file at [{0}] after IOException during expansion -cgiServlet.expandError=Failed to close input stream cgiServlet.expandFail=Failed to expand script at path [{0}] to [{1}] cgiServlet.expandNotFound=Unable to expand [{0}] as it could not be found cgiServlet.expandOk=Expanded script at path [{0}] to [{1}] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: Back-port clean-up
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit eed5c5c75510481396e1d60349c1cbd7eaf50f62 Author: Mark Thomas AuthorDate: Fri Jun 28 20:37:15 2019 +0100 Back-port clean-up --- java/org/apache/catalina/servlets/DefaultServlet.java | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java b/java/org/apache/catalina/servlets/DefaultServlet.java index e161f8b..87a9dcb 100644 --- a/java/org/apache/catalina/servlets/DefaultServlet.java +++ b/java/org/apache/catalina/servlets/DefaultServlet.java @@ -1487,14 +1487,17 @@ public class DefaultServlet extends HttpServlet { long fileLength = resource.getContentLength(); -if (fileLength == 0) +if (fileLength == 0) { return null; +} // Retrieving the range header (if any is specified String rangeHeader = request.getHeader("Range"); -if (rangeHeader == null) +if (rangeHeader == null) { return null; +} + // bytes is the only range unit supported (and I don't see the point // of adding new ones). if (!rangeHeader.startsWith("bytes")) { @@ -1582,7 +1585,7 @@ public class DefaultServlet extends HttpServlet { * Decide which way to render. HTML or XML. * * @param contextPath The path - * @param resource The resource + * @param resourceThe resource * * @return the input stream with the rendered output * - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 05/05: Align use of Allow header and HTTP 405 status code
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit aed9453c710bafce9d69c5d4ea02363d371b8a32 Author: Mark Thomas AuthorDate: Fri Jun 28 22:40:14 2019 +0100 Align use of Allow header and HTTP 405 status code Modify the Default and WebDAV Servlets so that a 405 status code is returned for PUT and DELETE requests when disabled via the readonly initialisation parameter. Align the contents of the Allow header with the response code for the Default and WebDAV Servlets. For any given resource a method that returns a 405 status code will not be listed in the Allow header and a method listed in the Allow header will not return a 405 status code. Based on a patch suggested by Ken Dombeck. --- .../apache/catalina/servlets/DefaultServlet.java | 37 +++-- .../apache/catalina/servlets/WebdavServlet.java| 76 +- .../catalina/servlets/ServletOptionsBaseTest.java | 161 + .../servlets/TestDefaultServletOptions.java| 61 .../servlets/TestWebdavServletOptions.java | 62 .../apache/catalina/startup/SimpleHttpClient.java | 39 +++-- webapps/docs/changelog.xml | 12 ++ 7 files changed, 384 insertions(+), 64 deletions(-) diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java b/java/org/apache/catalina/servlets/DefaultServlet.java index 18d175f..8171ac0 100644 --- a/java/org/apache/catalina/servlets/DefaultServlet.java +++ b/java/org/apache/catalina/servlets/DefaultServlet.java @@ -480,24 +480,35 @@ public class DefaultServlet extends HttpServlet { protected void doOptions(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { +resp.setHeader("Allow", determineMethodsAllowed(req)); +} + + +protected String determineMethodsAllowed(HttpServletRequest req) { StringBuilder allow = new StringBuilder(); -// There is a doGet method -allow.append("GET, HEAD"); -// There is a doPost -allow.append(", POST"); -// There is a doPut -allow.append(", PUT"); -// There is a doDelete -allow.append(", DELETE"); + +// Start with methods that are always allowed +allow.append("OPTIONS, GET, HEAD, POST"); + +// PUT and DELETE depend on readonly +if (!readOnly) { +allow.append(", PUT, DELETE"); +} + // Trace - assume disabled unless we can prove otherwise if (req instanceof RequestFacade && ((RequestFacade) req).getAllowTrace()) { allow.append(", TRACE"); } -// Always allow options -allow.append(", OPTIONS"); -resp.setHeader("Allow", allow.toString()); +return allow.toString(); +} + + +protected void sendNotAllowed(HttpServletRequest req, HttpServletResponse resp) +throws IOException { +resp.addHeader("Allow", determineMethodsAllowed(req)); +resp.sendError(WebdavStatus.SC_METHOD_NOT_ALLOWED); } @@ -532,7 +543,7 @@ public class DefaultServlet extends HttpServlet { throws ServletException, IOException { if (readOnly) { -resp.sendError(HttpServletResponse.SC_FORBIDDEN); +sendNotAllowed(req, resp); return; } @@ -695,7 +706,7 @@ public class DefaultServlet extends HttpServlet { throws ServletException, IOException { if (readOnly) { -resp.sendError(HttpServletResponse.SC_FORBIDDEN); +sendNotAllowed(req, resp); return; } diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java b/java/org/apache/catalina/servlets/WebdavServlet.java index 2bf42bc..bcc795d 100644 --- a/java/org/apache/catalina/servlets/WebdavServlet.java +++ b/java/org/apache/catalina/servlets/WebdavServlet.java @@ -495,11 +495,7 @@ public class WebdavServlet extends DefaultServlet { throws ServletException, IOException { resp.addHeader("DAV", "1,2"); - -StringBuilder methodsAllowed = determineMethodsAllowed(resources, - req); - -resp.addHeader("Allow", methodsAllowed.toString()); +resp.addHeader("Allow", determineMethodsAllowed(req)); resp.addHeader("MS-Author-Via", "DAV"); } @@ -515,12 +511,7 @@ public class WebdavServlet extends DefaultServlet { throws ServletException, IOException { if (!listings) { -// Get allowed methods -StringBuilder methodsAllowed = determineMethodsAllowed(resources, - req); - -resp.addHeader("Allow", methodsAllowed.toString()); -
[tomcat] 04/05: Align with 8.5.x. Backport LockInfo.maxDepth changes
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit d582d86287bca6118da04033424193fde4ef0ce0 Author: Mark Thomas AuthorDate: Fri Jun 28 21:42:48 2019 +0100 Align with 8.5.x. Backport LockInfo.maxDepth changes --- java/org/apache/catalina/servlets/WebdavServlet.java | 17 +++-- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java b/java/org/apache/catalina/servlets/WebdavServlet.java index cd16cdd..2bf42bc 100644 --- a/java/org/apache/catalina/servlets/WebdavServlet.java +++ b/java/org/apache/catalina/servlets/WebdavServlet.java @@ -18,6 +18,7 @@ package org.apache.catalina.servlets; import java.io.FileNotFoundException; import java.io.IOException; +import java.io.Serializable; import java.io.StringReader; import java.io.StringWriter; import java.io.Writer; @@ -978,7 +979,7 @@ public class WebdavServlet extends DefaultServlet { return; } -LockInfo lock = new LockInfo(); +LockInfo lock = new LockInfo(maxDepth); // Parsing lock request @@ -2702,22 +2703,18 @@ public class WebdavServlet extends DefaultServlet { /** * Holds a lock information. */ -private class LockInfo { +private static class LockInfo implements Serializable { +private static final long serialVersionUID = 1L; -// Constructor - - -/** - * Constructor. - */ -public LockInfo() { -// Ignore +public LockInfo(int maxDepth) { +this.maxDepth = maxDepth; } // - Instance Variables +private final int maxDepth; String path = "/"; String type = "write"; - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated (241148f -> aed9453)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 241148f Add debug logging for session ID change new 00caf02 Align with 8.5.x. Clean-up. Back-port Javadoc and whitespace new da06a27 Remove unused key new 5dbd16a Align with 8.5.x. Clean-up. Javadoc and whitespace. new d582d86 Align with 8.5.x. Backport LockInfo.maxDepth changes new aed9453 Align use of Allow header and HTTP 405 status code The 5 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../apache/catalina/servlets/DefaultServlet.java | 306 +++-- .../catalina/servlets/LocalStrings.properties | 1 - .../apache/catalina/servlets/WebdavServlet.java| 259 - .../catalina/servlets/ServletOptionsBaseTest.java | 161 +++ .../servlets/TestDefaultServletOptions.java| 61 .../servlets/TestWebdavServletOptions.java | 62 + .../apache/catalina/startup/SimpleHttpClient.java | 39 ++- webapps/docs/changelog.xml | 12 + 8 files changed, 616 insertions(+), 285 deletions(-) create mode 100644 test/org/apache/catalina/servlets/ServletOptionsBaseTest.java create mode 100644 test/org/apache/catalina/servlets/TestDefaultServletOptions.java create mode 100644 test/org/apache/catalina/servlets/TestWebdavServletOptions.java - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Simplify
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit ab21a87a897bb5aef02a7cb5e751139eb9d9b10b Author: Mark Thomas AuthorDate: Fri Jun 28 22:23:21 2019 +0100 Simplify --- java/org/apache/catalina/connector/CoyoteAdapter.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java b/java/org/apache/catalina/connector/CoyoteAdapter.java index 5727b60..e94a3d7 100644 --- a/java/org/apache/catalina/connector/CoyoteAdapter.java +++ b/java/org/apache/catalina/connector/CoyoteAdapter.java @@ -604,13 +604,11 @@ public class CoyoteAdapter implements Adapter { if (undecodedURI.equals("*")) { if (req.method().equalsIgnoreCase("OPTIONS")) { StringBuilder allow = new StringBuilder(); -allow.append("GET, HEAD, POST, PUT, DELETE"); +allow.append("GET, HEAD, POST, PUT, DELETE, OPTIONS"); // Trace if allowed if (connector.getAllowTrace()) { allow.append(", TRACE"); } -// Always allow options -allow.append(", OPTIONS"); res.setHeader("Allow", allow.toString()); // Access log entry as processing won't reach AccessLogValve connector.getService().getContainer().logAccess(request, response, 0, true); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 03/05: Align with 8.5.x. Clean-up. Javadoc and whitespace.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 5dbd16a5e222991c99fbab715887adbc9f47e7ed Author: Mark Thomas AuthorDate: Fri Jun 28 21:39:59 2019 +0100 Align with 8.5.x. Clean-up. Javadoc and whitespace. --- .../apache/catalina/servlets/WebdavServlet.java| 170 +++-- 1 file changed, 87 insertions(+), 83 deletions(-) diff --git a/java/org/apache/catalina/servlets/WebdavServlet.java b/java/org/apache/catalina/servlets/WebdavServlet.java index ffda8f7..cd16cdd 100644 --- a/java/org/apache/catalina/servlets/WebdavServlet.java +++ b/java/org/apache/catalina/servlets/WebdavServlet.java @@ -14,11 +14,8 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - - package org.apache.catalina.servlets; - import java.io.FileNotFoundException; import java.io.IOException; import java.io.StringReader; @@ -69,18 +66,16 @@ import org.xml.sax.EntityResolver; import org.xml.sax.InputSource; import org.xml.sax.SAXException; - - /** * Servlet which adds support for WebDAV level 2. All the basic HTTP requests * are handled by the DefaultServlet. The WebDAVServlet must not be used as the * default servlet (ie mapped to '/') as it will not work in this configuration. - * + * * Mapping a subpath (e.g. /webdav/* to this servlet has the effect * of re-mounting the entire web application under that sub-path, with WebDAV - * access to all the resources. This WEB-INF and META-INF + * access to all the resources. The WEB-INF and META-INF * directories are protected in this re-mounted resource tree. - * + * * To enable WebDAV for a context add the following to web.xml: * * servlet @@ -236,7 +231,7 @@ public class WebdavServlet extends DefaultServlet { * Key : path * Value : LockInfo */ -private Hashtable resourceLocks = +private final Hashtable resourceLocks = new Hashtable(); @@ -248,7 +243,7 @@ public class WebdavServlet extends DefaultServlet { * collection. Each element of the Vector is the path associated with * the lock-null resource. */ -private Hashtable> lockNullResources = +private final Hashtable> lockNullResources = new Hashtable>(); @@ -258,7 +253,7 @@ public class WebdavServlet extends DefaultServlet { * Key : path * Value : LockInfo */ -private Vector collectionLocks = new Vector(); +private final Vector collectionLocks = new Vector(); /** @@ -319,6 +314,9 @@ public class WebdavServlet extends DefaultServlet { /** * Return JAXP document builder instance. + * @return the document builder + * @throws ServletException document builder creation failed + * (wrapped ParserConfigurationException exception) */ protected DocumentBuilder getDocumentBuilder() throws ServletException { @@ -407,17 +405,6 @@ public class WebdavServlet extends DefaultServlet { } -/** - * Check if the conditions specified in the optional If headers are - * satisfied. - * - * @param request The servlet request we are processing - * @param response The servlet response we are creating - * @param resourceAttributes The resource information - * @return boolean true if the resource meets all the specified conditions, - * and false if any of the conditions is not satisfied, in which case - * request processing is stopped - */ @Override protected boolean checkIfHeaders(HttpServletRequest request, HttpServletResponse response, @@ -429,7 +416,6 @@ public class WebdavServlet extends DefaultServlet { // TODO : Checking the WebDAV If header return true; - } @@ -498,8 +484,8 @@ public class WebdavServlet extends DefaultServlet { /** * OPTIONS Method. * - * @param req The request - * @param resp The response + * @param req The Servlet request + * @param resp The Servlet response * @throws ServletException If an error occurs * @throws IOException If an IO error occurs */ @@ -514,12 +500,15 @@ public class WebdavServlet extends DefaultServlet { resp.addHeader("Allow", methodsAllowed.toString()); resp.addHeader("MS-Author-Via", "DAV"); - } /** * PROPFIND Method. + * @param req The Servlet request + * @param resp The Servlet response + * @throws ServletException If an error occurs + * @throws IOException If an IO error occurs */ protected void doPropfind(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { @@ -770,6 +759,9 @@ public class WebdavServlet extends DefaultServlet { /** * PROPPATCH Method. + * @param req The Servlet request + * @param resp The
[tomcat] 01/05: Align with 8.5.x. Clean-up. Back-port Javadoc and whitespace
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 00caf0219871c2abb7844236ab82b22869efc1c1 Author: Mark Thomas AuthorDate: Fri Jun 28 20:39:53 2019 +0100 Align with 8.5.x. Clean-up. Back-port Javadoc and whitespace --- .../apache/catalina/servlets/DefaultServlet.java | 269 +++-- 1 file changed, 140 insertions(+), 129 deletions(-) diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java b/java/org/apache/catalina/servlets/DefaultServlet.java index 2deb1dd..18d175f 100644 --- a/java/org/apache/catalina/servlets/DefaultServlet.java +++ b/java/org/apache/catalina/servlets/DefaultServlet.java @@ -139,6 +139,55 @@ public class DefaultServlet extends HttpServlet { private static final SecureEntityResolver secureEntityResolver; +/** + * Full range marker. + */ +protected static final ArrayList FULL = new ArrayList(); + +/** + * MIME multipart separation string + */ +protected static final String mimeSeparation = "CATALINA_MIME_BOUNDARY"; + +/** + * JNDI resources name. + */ +protected static final String RESOURCES_JNDI_NAME = "java:/comp/Resources"; + + +/** + * Size of file transfer buffer in bytes. + */ +protected static final int BUFFER_SIZE = 4096; + + +/** + * Array containing the safe characters set. + */ +protected static final URLEncoder urlEncoder; + + +// - Static Initializer + +static { +urlEncoder = new URLEncoder(); +urlEncoder.addSafeCharacter('-'); +urlEncoder.addSafeCharacter('_'); +urlEncoder.addSafeCharacter('.'); +urlEncoder.addSafeCharacter('*'); +urlEncoder.addSafeCharacter('/'); + +if (Globals.IS_SECURITY_ENABLED) { +factory = DocumentBuilderFactory.newInstance(); +factory.setNamespaceAware(true); +factory.setValidating(false); +secureEntityResolver = new SecureEntityResolver(); +} else { +factory = null; +secureEntityResolver = null; +} +} + // - Instance Variables @@ -168,13 +217,6 @@ public class DefaultServlet extends HttpServlet { */ protected int output = 2048; - -/** - * Array containing the safe characters set. - */ -protected static final URLEncoder urlEncoder; - - /** * Allow customized directory listing per directory. */ @@ -219,61 +261,11 @@ public class DefaultServlet extends HttpServlet { protected boolean useAcceptRanges = true; /** - * Full range marker. - */ -protected static final ArrayList FULL = new ArrayList(); - -/** * Flag to determine if server information is presented. */ protected boolean showServerInfo = true; -// - Static Initializer - - -/** - * GMT timezone - all HTTP dates are on GMT - */ -static { -urlEncoder = new URLEncoder(); -urlEncoder.addSafeCharacter('-'); -urlEncoder.addSafeCharacter('_'); -urlEncoder.addSafeCharacter('.'); -urlEncoder.addSafeCharacter('*'); -urlEncoder.addSafeCharacter('/'); - -if (Globals.IS_SECURITY_ENABLED) { -factory = DocumentBuilderFactory.newInstance(); -factory.setNamespaceAware(true); -factory.setValidating(false); -secureEntityResolver = new SecureEntityResolver(); -} else { -factory = null; -secureEntityResolver = null; -} -} - - -/** - * MIME multipart separation string - */ -protected static final String mimeSeparation = "CATALINA_MIME_BOUNDARY"; - - -/** - * JNDI resources name. - */ -protected static final String RESOURCES_JNDI_NAME = "java:/comp/Resources"; - - -/** - * Size of file transfer buffer in bytes. - */ -protected static final int BUFFER_SIZE = 4096; - - - // - Public Methods /** @@ -361,6 +353,7 @@ public class DefaultServlet extends HttpServlet { * Return the relative path associated with this servlet. * * @param request The servlet request we are processing + * @return the relative path */ protected String getRelativePath(HttpServletRequest request) { return getRelativePath(request, false); @@ -554,25 +547,22 @@ public class DefaultServlet extends HttpServlet { boolean result = true; -// Temp. content file used to support partial PUT -File contentFile = null; - Range range = parseContentRange(req, resp); InputStream resourceInputStream = null; -// Append data specified in
[tomcat] branch master updated: Remove confusing comment
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 5a2b704 Remove confusing comment 5a2b704 is described below commit 5a2b7044c794dfa989e41685d2806e4a77f90fe1 Author: Mark Thomas AuthorDate: Fri Jun 28 22:22:36 2019 +0100 Remove confusing comment --- java/org/apache/catalina/connector/CoyoteAdapter.java | 1 - 1 file changed, 1 deletion(-) diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java b/java/org/apache/catalina/connector/CoyoteAdapter.java index de572e6..c996803 100644 --- a/java/org/apache/catalina/connector/CoyoteAdapter.java +++ b/java/org/apache/catalina/connector/CoyoteAdapter.java @@ -609,7 +609,6 @@ public class CoyoteAdapter implements Adapter { if (connector.getAllowTrace()) { allow.append(", TRACE"); } -// Always allow options res.setHeader("Allow", allow.toString()); // Access log entry as processing won't reach AccessLogValve connector.getService().getContainer().logAccess(request, response, 0, true); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated (88db4aa -> ab21a87)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 88db4aa Polish new eed5c5c Back-port clean-up new ab21a87 Simplify The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/catalina/connector/CoyoteAdapter.java | 4 +--- java/org/apache/catalina/servlets/DefaultServlet.java | 9 ++--- 2 files changed, 7 insertions(+), 6 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: buildbot exception in on tomcat-trunk
On 28/06/2019 13:37, build...@apache.org wrote: > The Buildbot has detected a build exception on builder tomcat-trunk while > building tomcat. Full details are available at: > https://ci.apache.org/builders/tomcat-trunk/builds/4459 > > Buildbot URL: https://ci.apache.org/ > > Buildslave for this Build: silvanus_ubuntu > > Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' > triggered this build > Build Source Stamp: [branch master] addfaa7740266fde67bb78adbf16620c2acbea81 > Blamelist: Mark Thomas ,remm > > BUILD FAILED: exception git upload_2 FYI: Infra have been upgrading the OS on these boxes. This looks to be related to that upgrade. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot exception in on tomcat-7-trunk
The Buildbot has detected a build exception on builder tomcat-7-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-7-trunk/builds/1367 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-7-commit' triggered this build Build Source Stamp: [branch 7.0.x] 241148fcd1582c79ea6866793f94f1752f1ce5fb Blamelist: Mark Thomas BUILD FAILED: exception git upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot exception in on tomcat-85-trunk
The Buildbot has detected a build exception on builder tomcat-85-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-85-trunk/builds/1822 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-85-commit' triggered this build Build Source Stamp: [branch 8.5.x] 88db4aa3924a9f44f3f681528fc1f5dd4cfc5d59 Blamelist: Mark Thomas BUILD FAILED: exception git upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot exception in on tomcat-trunk
The Buildbot has detected a build exception on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/4459 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] addfaa7740266fde67bb78adbf16620c2acbea81 Blamelist: Mark Thomas ,remm BUILD FAILED: exception git upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63524] Private key must be accompanied by certificate chain
https://bz.apache.org/bugzilla/show_bug.cgi?id=63524 Mark Thomas changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #11 from Mark Thomas --- I've found various ways to trigger this error but I am not confident I have found the way the Arnaud is triggering the error. Moving this to NEEDINFO until we get a set of test keys/certs that reproduce this. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Add example support for CDI 2 and JAX-RS
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new addfaa7 Add example support for CDI 2 and JAX-RS addfaa7 is described below commit addfaa7740266fde67bb78adbf16620c2acbea81 Author: remm AuthorDate: Fri Jun 28 11:30:59 2019 +0200 Add example support for CDI 2 and JAX-RS This provides user buildable optional modules (with a simple POM) which build two shaded JARs. The integration code for OpenWebBeans is supposed to be removed once the code is integrated in the upstream project and is present in an official release available in the Maven repository. It may take some time. The CXF module uses a single empty bean class for json provider registration (in this environment, it doesn't work without it for some reason). --- modules/cxf/.gitignore | 12 ++ modules/cxf/pom.xml| 169 +++ modules/cxf/src/main/java/tomcat/cxf/JsonBean.java | 28 modules/cxf/src/main/resources/META-INF/beans.xml | 27 .../src/main/resources/META-INF/web-fragment.xml | 39 + modules/owb/.gitignore | 13 ++ modules/owb/pom.xml| 119 ++ .../OpenWebBeansContextLifecycleListener.java | 121 ++ .../web/tomcat/OpenWebBeansInstanceManager.java| 141 .../webbeans/web/tomcat/OpenWebBeansListener.java | 61 +++ .../web/tomcat/OpenWebBeansSecurityValve.java | 59 +++ .../apache/webbeans/web/tomcat/TomcatPlugin.java | 101 .../webbeans/web/tomcat/TomcatSecurityService.java | 103 .../META-INF/openwebbeans/openwebbeans.properties | 158 ++ apache.webbeans.spi.plugins.OpenWebBeansPlugin | 17 ++ .../webbeans/web/tomcat/LocalStrings.properties| 19 +++ webapps/docs/cdi.xml | 179 + webapps/docs/changelog.xml | 5 + webapps/docs/project.xml | 1 + 19 files changed, 1372 insertions(+) diff --git a/modules/cxf/.gitignore b/modules/cxf/.gitignore new file mode 100644 index 000..5f2dbe1 --- /dev/null +++ b/modules/cxf/.gitignore @@ -0,0 +1,12 @@ +target/ +pom.xml.tag +pom.xml.releaseBackup +pom.xml.versionsBackup +pom.xml.next +release.properties +dependency-reduced-pom.xml +buildNumber.properties +.mvn/timing.properties + +# Avoid ignoring Maven wrapper jar file (.jar files are usually ignored) +!/.mvn/wrapper/maven-wrapper.jar diff --git a/modules/cxf/pom.xml b/modules/cxf/pom.xml new file mode 100644 index 000..d64ca45 --- /dev/null +++ b/modules/cxf/pom.xml @@ -0,0 +1,169 @@ +http://maven.apache.org/POM/4.0.0; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd;> + + +4.0.0 + + +org.apache +apache +21 + + +org.apache.tomcat +tomcat-cxf +Apache CXF for Apache Tomcat CDI +Apache CXF packaged for Apache Tomcat CDI +1.0 +jar + + +3.3.2 +1.0.1 +1.1.4 +1.0 +1.1.12 + + + + +org.apache.geronimo.specs +geronimo-jcdi_2.0_spec +${geronimo-jcdi.version} +provided + + +javax.json +javax.json-api +${javax.json-api.version} + + +javax.json.bind +javax.json.bind-api +${javax.json.bind-api.version} + + + +org.apache.cxf +cxf-integration-cdi +${cxf.version} + + +org.apache.cxf +cxf-rt-rs-client +${cxf.version} + + +org.apache.cxf +cxf-rt-frontend-jaxrs +${cxf.version} + + +org.apache.cxf +cxf-rt-rs-extension-providers +${cxf.version} + + +org.apache.cxf +cxf-rt-rs-json-basic +${cxf.version} + + + +org.apache.johnzon +johnzon-jsonb +${johnzon.version} + + + + + + + +org.apache.maven.plugins +maven-compiler-plugin +3.5.1 + +1.8 +1.8 + + + +org.apache.maven.plugins +maven-shade-plugin +3.0.0 + + +package + +shade +
Re: [tomcat-native] branch master updated: Support old shells.
Hi Felix, the script uses "#!/bin/sh" which on Solaris 10 is a very original style of Bourne Shell. Yes, it does not support that syntax. The script already uses backticks in other places. For Solaris 11 /bin/sh is a symlink to ksh and "$(...)" would work. Regards, Rainer Am 28.06.2019 um 10:05 schrieb Felix Schumacher: Am 27.06.19 um 01:03 schrieb rj...@apache.org: This is an automated email from the ASF dual-hosted git repository. rjung pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/master by this push: new edae9b1 Support old shells. edae9b1 is described below commit edae9b16888c1d5e73863877ff27bf129adc2fcd Author: Rainer Jung AuthorDate: Thu Jun 27 01:02:02 2019 +0200 Support old shells. Hi Rainer, do you still see shells, that don't support the $(...) syntax? Felix --- jnirelease.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jnirelease.sh b/jnirelease.sh index 0349079..8fe7fe7 100755 --- a/jnirelease.sh +++ b/jnirelease.sh @@ -156,7 +156,7 @@ if [ ! -d .git/refs/remotes/9.0.x ]; then git remote add -f 9.0.x ${TCJAVA_GITBASE} fi git remote update 9.0.x -diffcount=$(git diff HEAD remotes/9.0.x/master java/org/apache/tomcat/jni | wc -l) +diffcount=`git diff HEAD remotes/9.0.x/master java/org/apache/tomcat/jni | wc -l` if [ $diffcount -ne 0 ]; then echo "WARNING: git subtree is not up to date with" - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63531] Session staying alive across different context paths
https://bz.apache.org/bugzilla/show_bug.cgi?id=63531 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #2 from Mark Thomas --- The fix was already present in 8.5.x and 9.0.x. I have back-ported the fix for 7.0.95 onwards. I also back-ported a fair amount of clean-up, refactoring and improved i18n messages as that enabled the fix for this issue to be identified and back-ported cleanly. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 04/04: Add debug logging for session ID change
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 241148fcd1582c79ea6866793f94f1752f1ce5fb Author: Mark Thomas AuthorDate: Fri Jun 28 09:32:44 2019 +0100 Add debug logging for session ID change --- java/org/apache/catalina/authenticator/AuthenticatorBase.java | 8 java/org/apache/catalina/authenticator/LocalStrings.properties| 1 + java/org/apache/catalina/authenticator/LocalStrings_fr.properties | 1 + java/org/apache/catalina/authenticator/LocalStrings_ja.properties | 1 + 4 files changed, 11 insertions(+) diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java b/java/org/apache/catalina/authenticator/AuthenticatorBase.java index 1011bbb..0c6ff36 100644 --- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java +++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java @@ -787,9 +787,17 @@ public abstract class AuthenticatorBase extends ValveBase // If the principal is null then this is a logout. No need to change // the session ID. See BZ 59043. if (changeSessionIdOnAuthentication && principal != null) { +String oldId = null; +if (log.isDebugEnabled()) { +oldId = session.getId(); +} Manager manager = request.getContext().getManager(); manager.changeSessionId(session); request.changeSessionId(session.getId()); +if (log.isDebugEnabled()) { +log.debug(sm.getString("authenticator.changeSessionId", +oldId, session.getId())); +} } } else if (alwaysUseSession) { session = request.getSessionInternal(true); diff --git a/java/org/apache/catalina/authenticator/LocalStrings.properties b/java/org/apache/catalina/authenticator/LocalStrings.properties index 62dee48..49cfa4e 100644 --- a/java/org/apache/catalina/authenticator/LocalStrings.properties +++ b/java/org/apache/catalina/authenticator/LocalStrings.properties @@ -14,6 +14,7 @@ # limitations under the License. authenticator.certificates=No client certificate chain in this request +authenticator.changeSessionId=Session ID changed on authentication from [{0}] to [{1}] authenticator.check.authorize=User name [{0}] obtained from the Connector and trusted to be valid. Obtaining roles for this user from the Tomcat Realm. authenticator.check.authorizeFail=Realm did not recognise user [{0}]. Creating a Principal with that name and no roles. authenticator.check.found=Already authenticated [{0}] diff --git a/java/org/apache/catalina/authenticator/LocalStrings_fr.properties b/java/org/apache/catalina/authenticator/LocalStrings_fr.properties index 58c8ae2..84a7843 100644 --- a/java/org/apache/catalina/authenticator/LocalStrings_fr.properties +++ b/java/org/apache/catalina/authenticator/LocalStrings_fr.properties @@ -14,6 +14,7 @@ # limitations under the License. authenticator.certificates=Aucune chaîne de certificat client (client certificate chain) dans cette requête +authenticator.changeSessionId=L''id de session a changé suite à l''authntification de [{0}] en [{1}] authenticator.check.authorize=Le nom d''utilisateur [{0}] obtenu à partir du connecteur est considéré comme de valide et de confiance, les rôles sont obtenus à partir du royaume authenticator.check.authorizeFail=Le royaume ne reconnait pas l''utilisateur [{0}], un principal a été crée avec ce nom mais sans rôles authenticator.check.found=Déjà authentifié [{0}] diff --git a/java/org/apache/catalina/authenticator/LocalStrings_ja.properties b/java/org/apache/catalina/authenticator/LocalStrings_ja.properties index 0726b01..5301f02 100644 --- a/java/org/apache/catalina/authenticator/LocalStrings_ja.properties +++ b/java/org/apache/catalina/authenticator/LocalStrings_ja.properties @@ -14,6 +14,7 @@ # limitations under the License. authenticator.certificates=このリクエストにはクライアント認証チェーンがありません +authenticator.changeSessionId=認証時に[{0}]から[{1}]にセッションIDが変更されました。 authenticator.check.authorize=Connector から取得したユーザー名 [{0}] を正当なものとして信頼します。ユーザーのロールは Tomcat Realmから取得します。 authenticator.check.authorizeFail=Realm がユーザー[{0}]を認識しませんでした。 その名前とロールのないプリンシパルを作成します。 authenticator.check.found=既に認証された[{0}] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/04: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63531
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit d1211048a9b4a0cf9e968f1f7a3f8fd09c7c2d94 Author: Mark Thomas AuthorDate: Thu Jun 27 23:05:52 2019 +0100 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63531 Refactor authenticators so that the session last accessed time is not updated if the cache attribute is set to false and FORM authentication is not being used. --- .../catalina/authenticator/AuthenticatorBase.java | 87 -- .../catalina/authenticator/FormAuthenticator.java | 36 - webapps/docs/changelog.xml | 6 ++ 3 files changed, 70 insertions(+), 59 deletions(-) diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java b/java/org/apache/catalina/authenticator/AuthenticatorBase.java index eb9d35e..e67cd20 100644 --- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java +++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java @@ -431,55 +431,13 @@ public abstract class AuthenticatorBase extends ValveBase } } -// Special handling for form-based logins to deal with the case -// where the login form (and therefore the "j_security_check" URI -// to which it submits) might be outside the secured area -String contextPath = this.context.getPath(); -String requestURI = request.getDecodedRequestURI(); -if (requestURI.startsWith(contextPath) && -requestURI.endsWith(Constants.FORM_ACTION)) { -if (!authenticate(request, response, config)) { -if (log.isDebugEnabled()) -log.debug(" Failed authenticate() test ??" + requestURI ); -return; -} -} - -// Special handling for form-based logins to deal with the case where -// a resource is protected for some HTTP methods but not protected for -// GET which is used after authentication when redirecting to the -// protected resource. -// TODO: This is similar to the FormAuthenticator.matchRequest() logic -// Is there a way to remove the duplication? -Session session = request.getSessionInternal(false); -if (session != null) { -SavedRequest savedRequest = -(SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE); -if (savedRequest != null) { -String decodedRequestURI = request.getDecodedRequestURI(); -if (decodedRequestURI != null && -decodedRequestURI.equals( -savedRequest.getDecodedRequestURI())) { -if (!authenticate(request, response)) { -if (log.isDebugEnabled()) { -log.debug(" Failed authenticate() test"); -} -/* - * ASSERT: Authenticator already set the appropriate - * HTTP status code, so we do not have to do anything - * special - */ -return; -} -} -} -} +boolean authRequired = isContinuationRequired(request); Realm realm = this.context.getRealm(); // Is this request URI subject to a security constraint? SecurityConstraint[] constraints = realm.findSecurityConstraints(request, this.context); -if (constraints == null && !context.getPreemptiveAuthentication()) { +if (constraints == null && !context.getPreemptiveAuthentication() && !authRequired) { if (log.isDebugEnabled()) { log.debug(" Not subject to any constraint"); } @@ -520,23 +478,25 @@ public abstract class AuthenticatorBase extends ValveBase // Since authenticate modifies the response on failure, // we have to check for allow-from-all first. -boolean authRequired; -if (constraints == null) { -authRequired = false; -} else { -authRequired = true; -for(int i = 0; i < constraints.length && authRequired; i++) { -if(!constraints[i].getAuthConstraint()) { -authRequired = false; -} else if(!constraints[i].getAllRoles()) { -String [] roles = constraints[i].findAuthRoles(); -if(roles == null || roles.length == 0) { -authRequired = false; +boolean hasAuthConstraint = false; +if (constraints != null) { +hasAuthConstraint = true; +for (int i = 0; i < constraints.length && hasAuthConstraint; i++) { +if (!constraints[i].getAuthConstraint()) { +hasAuthConstraint
[tomcat] 03/04: Align with 8.5.x. Clean-up
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 739fa611e9175632278c24585a2792923a7c9e9b Author: Mark Thomas AuthorDate: Fri Jun 28 09:22:40 2019 +0100 Align with 8.5.x. Clean-up --- java/org/apache/catalina/Authenticator.java| 12 ++--- .../catalina/authenticator/AuthenticatorBase.java | 56 ++ 2 files changed, 21 insertions(+), 47 deletions(-) diff --git a/java/org/apache/catalina/Authenticator.java b/java/org/apache/catalina/Authenticator.java index 871d471..c49850d 100644 --- a/java/org/apache/catalina/Authenticator.java +++ b/java/org/apache/catalina/Authenticator.java @@ -14,8 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - - package org.apache.catalina; import java.io.IOException; @@ -33,19 +31,21 @@ import org.apache.catalina.deploy.LoginConfig; * * @author Craig R. McClanahan */ - public interface Authenticator { /** * Authenticate the user making this request, based on the login * configuration of the {@link Context} with which this Authenticator is - * associated. Return true if any specified constraint has - * been satisfied, or false if we have created a response - * challenge already. + * associated. * * @param request Request we are processing * @param response Response we are populating * + * @return true if any specified constraints have been + * satisfied, or false if one more constraints were not + * satisfied (in which case an authentication challenge will have + * been written to the response). + * * @exception IOException if an input/output error occurs */ public boolean authenticate(Request request, HttpServletResponse response) diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java b/java/org/apache/catalina/authenticator/AuthenticatorBase.java index e67cd20..1011bbb 100644 --- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java +++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java @@ -550,6 +550,21 @@ public abstract class AuthenticatorBase extends ValveBase } +@Override +public boolean authenticate(Request request, HttpServletResponse httpResponse) +throws IOException { +if (context == null || context.getLoginConfig() == null) { +return true; +} +return authenticate(request, httpResponse, context.getLoginConfig()); +} + + +@Override +public abstract boolean authenticate(Request request, HttpServletResponse response, +LoginConfig config) throws IOException; + + // -- Protected Methods /** @@ -616,47 +631,6 @@ public abstract class AuthenticatorBase extends ValveBase /** - * Authenticate the user making this request, based on the login - * configuration of the {@link Context} with which this Authenticator is - * associated. Return true if any specified constraint has - * been satisfied, or false if we have created a response - * challenge already. - * - * @param request Request we are processing - * @param response Response we are populating - * - * @exception IOException if an input/output error occurs - */ -@Override -public boolean authenticate(Request request, HttpServletResponse response) -throws IOException { -if (context == null || context.getLoginConfig() == null) { -return true; -} -return authenticate(request, response, context.getLoginConfig()); -} - -/** - * Authenticate the user making this request, based on the specified - * login configuration. Return true if any specified - * constraint has been satisfied, or false if we have - * created a response challenge already. - * - * @param request Request we are processing - * @param response Response we are populating - * @param configLogin configuration describing how authentication - * should be performed - * - * @exception IOException if an input/output error occurs - */ -@Override -public abstract boolean authenticate(Request request, -HttpServletResponse response, -LoginConfig config) -throws IOException; - - -/** * Check to see if the user has already been authenticated earlier in the * processing chain or if there is enough information available to * authenticate the user without requiring further user interaction. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For
[tomcat] branch 7.0.x updated (ecde67c -> 241148f)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from ecde67c Align with 8.5.x. Code clean up and improved i18n messages new 47235d9 Align with 8.5.x. Clean-up. Remove ununsed code. new d121104 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63531 new 739fa61 Align with 8.5.x. Clean-up new 241148f Add debug logging for session ID change The 4 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/catalina/Authenticator.java| 12 +- .../catalina/authenticator/AuthenticatorBase.java | 171 - .../catalina/authenticator/FormAuthenticator.java | 47 -- .../catalina/authenticator/LocalStrings.properties | 1 + .../authenticator/LocalStrings_fr.properties | 1 + .../authenticator/LocalStrings_ja.properties | 1 + webapps/docs/changelog.xml | 6 + 7 files changed, 113 insertions(+), 126 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/04: Align with 8.5.x. Clean-up. Remove ununsed code.
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 47235d9a2083ab52ea03f44d51f556667636f614 Author: Mark Thomas AuthorDate: Thu Jun 27 22:37:02 2019 +0100 Align with 8.5.x. Clean-up. Remove ununsed code. --- .../catalina/authenticator/AuthenticatorBase.java | 22 -- .../catalina/authenticator/FormAuthenticator.java | 11 --- 2 files changed, 12 insertions(+), 21 deletions(-) diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java b/java/org/apache/catalina/authenticator/AuthenticatorBase.java index 2bb4746..eb9d35e 100644 --- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java +++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java @@ -78,10 +78,6 @@ public abstract class AuthenticatorBase extends ValveBase */ private static final String DATE_ONE = ConcurrentDateFormat.formatRfc1123(new Date(1)); -public AuthenticatorBase() { -super(true); -} - /** * The string manager for this package. */ @@ -97,6 +93,14 @@ public abstract class AuthenticatorBase extends ValveBase */ protected static final String REALM_NAME = "Authentication required"; +// -- Constructor + +public AuthenticatorBase() { +super(true); +} + +// - Instance Variables + /** * Should a session always be used once a user is authenticated? This may * offer some performance benefits since the session can then be used to @@ -497,7 +501,6 @@ public abstract class AuthenticatorBase extends ValveBase response.setHeader("Expires", DATE_ONE); } -int i; if (constraints != null) { // Enforce any user data constraint for this security constraint if (log.isDebugEnabled()) { @@ -522,7 +525,7 @@ public abstract class AuthenticatorBase extends ValveBase authRequired = false; } else { authRequired = true; -for(i=0; i < constraints.length && authRequired; i++) { +for(int i = 0; i < constraints.length && authRequired; i++) { if(!constraints[i].getAuthConstraint()) { authRequired = false; } else if(!constraints[i].getAllRoles()) { @@ -545,7 +548,7 @@ public abstract class AuthenticatorBase extends ValveBase authRequired = certs != null && certs.length > 0; } -if(authRequired) { +if (authRequired) { if (log.isDebugEnabled()) { log.debug(" Calling authenticate()"); } @@ -817,9 +820,8 @@ public abstract class AuthenticatorBase extends ValveBase * @param password *Password used to authenticate (if any) */ -public void register(Request request, HttpServletResponse response, -Principal principal, String authType, -String username, String password) { +public void register(Request request, HttpServletResponse response, Principal principal, +String authType, String username, String password) { if (log.isDebugEnabled()) { String name = (principal == null) ? "none" : principal.getName(); diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java b/java/org/apache/catalina/authenticator/FormAuthenticator.java index 935486b..809556e 100644 --- a/java/org/apache/catalina/authenticator/FormAuthenticator.java +++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java @@ -38,7 +38,6 @@ import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; import org.apache.tomcat.util.ExceptionUtils; import org.apache.tomcat.util.buf.ByteChunk; -import org.apache.tomcat.util.buf.CharChunk; import org.apache.tomcat.util.buf.MessageBytes; import org.apache.tomcat.util.http.MimeHeaders; @@ -229,9 +228,6 @@ public class FormAuthenticator } // Acquire references to objects we will need to evaluate -MessageBytes uriMB = MessageBytes.newInstance(); -CharChunk uriCC = uriMB.getCharChunk(); -uriCC.setLimit(-1); String contextPath = request.getContextPath(); String requestURI = request.getDecodedRequestURI(); @@ -575,8 +571,6 @@ public class FormAuthenticator } request.getCoyoteRequest().getParameters().recycle(); -request.getCoyoteRequest().getParameters().setQueryStringEncoding( -request.getConnector().getURIEncoding()); ByteChunk body = saved.getBody(); @@ -611,11 +605,6 @@ public class FormAuthenticator request.getQueryString(); request.getProtocol(); -request.getCoyoteRequest().queryString().setString -
Re: [tomcat-native] branch master updated: Support old shells.
Am 27.06.19 um 01:03 schrieb rj...@apache.org: > This is an automated email from the ASF dual-hosted git repository. > > rjung pushed a commit to branch master > in repository https://gitbox.apache.org/repos/asf/tomcat-native.git > > > The following commit(s) were added to refs/heads/master by this push: > new edae9b1 Support old shells. > edae9b1 is described below > > commit edae9b16888c1d5e73863877ff27bf129adc2fcd > Author: Rainer Jung > AuthorDate: Thu Jun 27 01:02:02 2019 +0200 > > Support old shells. Hi Rainer, do you still see shells, that don't support the $(...) syntax? Felix > --- > jnirelease.sh | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/jnirelease.sh b/jnirelease.sh > index 0349079..8fe7fe7 100755 > --- a/jnirelease.sh > +++ b/jnirelease.sh > @@ -156,7 +156,7 @@ if [ ! -d .git/refs/remotes/9.0.x ]; then > git remote add -f 9.0.x ${TCJAVA_GITBASE} > fi > git remote update 9.0.x > -diffcount=$(git diff HEAD remotes/9.0.x/master java/org/apache/tomcat/jni | > wc -l) > +diffcount=`git diff HEAD remotes/9.0.x/master java/org/apache/tomcat/jni | > wc -l` > > if [ $diffcount -ne 0 ]; then > echo "WARNING: git subtree is not up to date with" > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org