[Bug 63648] certificates: testsuite will break tomorrow

2019-08-07 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63648

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #2 from Mark Thomas  ---
Fixed in:
- master for 9.0.23 onwards
- 8.5.x for 8.5.44 onwards
- 7.0.x for 7.0.97 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch 7.0.x updated: Update expiring test certs

2019-08-07 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
 new e914985  Update expiring test certs
e914985 is described below

commit e914985aeaf1afc05379deb833a26c691c0ea56c
Author: Mark Thomas 
AuthorDate: Wed Aug 7 22:11:07 2019 +0100

Update expiring test certs
---
 test/org/apache/tomcat/util/net/localhost-cert.pem | 160 +++--
 .../org/apache/tomcat/util/net/localhost-copy1.jks | Bin 4404 -> 2737 bytes
 test/org/apache/tomcat/util/net/localhost-key.pem  |  52 +++
 test/org/apache/tomcat/util/net/localhost.jks  | Bin 4404 -> 4455 bytes
 test/org/apache/tomcat/util/net/user1.jks  | Bin 2666 -> 2717 bytes
 webapps/docs/changelog.xml |   5 +
 6 files changed, 113 insertions(+), 104 deletions(-)

diff --git a/test/org/apache/tomcat/util/net/localhost-cert.pem 
b/test/org/apache/tomcat/util/net/localhost-cert.pem
index d8f38ba..2671d8f 100644
--- a/test/org/apache/tomcat/util/net/localhost-cert.pem
+++ b/test/org/apache/tomcat/util/net/localhost-cert.pem
@@ -1,105 +1,109 @@
 Certificate:
 Data:
 Version: 3 (0x2)
-Serial Number: 4096 (0x1000)
-Signature Algorithm: sha256WithRSAEncryption
+Serial Number: 4102 (0x1006)
+Signature Algorithm: sha256WithRSAEncryption
 Issuer: C=US, ST=MA, L=Wakefield, O=The Apache Software Foundation, 
OU=Apache Tomcat PMC, CN=Apache Tomcat Test CA
 Validity
-Not Before: Aug  8 10:41:05 2017 GMT
-Not After : Aug  8 10:41:05 2019 GMT
+Not Before: Aug  7 20:30:28 2019 GMT
+Not After : Aug  6 20:30:28 2021 GMT
 Subject: C=US, ST=MA, L=Wakefield, O=The Apache Software Foundation, 
OU=Apache Tomcat PMC, CN=localhost
 Subject Public Key Info:
 Public Key Algorithm: rsaEncryption
-Public-Key: (2048 bit)
+RSA Public-Key: (2048 bit)
 Modulus:
-00:a8:1a:8f:78:58:24:43:9d:90:e1:f2:d5:65:5d:
-61:9d:0f:a8:08:20:2c:82:75:8b:b0:ce:96:ba:5b:
-99:d3:6b:a2:f8:54:92:6d:07:cc:b3:66:84:8a:8b:
-5f:1c:c8:53:eb:a2:c3:54:8c:ce:d0:a7:ff:11:da:
-e8:78:a2:07:ea:ed:59:db:97:76:25:f7:c0:e8:6d:
-43:07:fc:fe:1c:22:82:8a:5a:5c:63:82:8e:fb:53:
-9b:46:47:81:34:95:79:75:15:0a:8d:c4:d8:d8:84:
-df:30:53:d0:6e:40:2c:ba:3b:e2:a1:44:4d:43:de:
-cf:b0:9e:44:a1:00:26:8f:ca:39:57:14:30:a7:6d:
-9a:cc:e4:24:b0:44:1c:28:d3:c3:33:c1:e7:f7:0a:
-2a:60:18:60:ed:34:d8:5f:86:a1:ce:c7:fe:cc:56:
-b0:68:18:46:d2:a0:5a:70:2c:bd:ce:22:1b:41:05:
-c7:a2:82:49:b2:85:a1:56:14:38:46:27:de:cd:f4:
-fa:13:0d:9a:80:02:14:d2:1b:47:5f:2c:c9:0c:9f:
-70:18:e1:bf:2f:a4:2e:73:7d:ce:0e:6e:2e:11:72:
-dd:39:1a:37:29:5c:c7:4a:7b:4a:66:47:8a:70:67:
-52:24:a7:6b:2a:55:ba:80:da:28:b5:8b:2f:ae:48:
-d7:8b
+00:cf:e2:56:a6:67:a6:e8:e7:f3:94:86:6e:f9:06:
+46:cf:20:66:b5:cd:b1:c7:d6:50:ea:4d:46:44:ed:
+45:65:ea:b6:9b:2e:49:a5:25:c1:8e:36:f6:2c:bc:
+8e:09:35:0b:2f:43:70:73:07:47:1d:78:a1:12:e9:
+56:5d:ab:84:15:16:0e:38:01:bb:81:87:2d:c4:3b:
+dc:2e:4a:e1:d4:66:1b:ce:87:2c:a9:b8:e3:aa:80:
+75:79:b1:98:f3:dd:df:66:d0:0d:e1:06:d8:6c:6c:
+50:f0:00:80:32:70:55:7b:dd:eb:ae:f2:6a:bf:93:
+3d:15:e1:25:f8:75:ce:d8:46:dc:c4:6b:ee:f9:f5:
+93:39:ad:90:47:15:4b:fa:ca:5b:fe:ca:1b:29:8a:
+74:19:2a:cb:1e:4f:20:d9:74:75:24:a0:06:d1:3a:
+ed:9b:88:87:f3:1b:0f:a6:14:67:e9:ed:47:2e:a1:
+25:6a:c2:97:04:13:f4:9f:62:38:cd:5a:e7:ad:c2:
+64:2c:8f:9c:3d:04:58:12:42:e5:0c:8e:8c:ce:78:
+3d:60:38:ce:06:ff:9c:ea:9c:c9:0f:73:90:b2:1a:
+4a:16:99:c9:fe:95:88:7b:3c:7f:19:d0:26:27:11:
+78:f9:92:5c:b4:f5:d4:cb:b0:84:0c:74:37:3d:87:
+1a:0b
 Exponent: 65537 (0x10001)
 X509v3 extensions:
 X509v3 Basic Constraints:
 CA:FALSE
 Netscape Comment:
 OpenSSL Generated Certificate
-X509v3 Subject Key Identifier:
-01:97:6A:CD:A4:72:D8:B4:A5:3D:A6:78:A1:63:A2:3D:BD:01:E3:22
-X509v3 Authority Key Identifier:
+X509v3 Subject Key Identifier: 
+0D:86:88:1D:07:59:CE:14:B4:89:81:58:C6:0B:FF:4C:CA:25:52:80
+X509v3 Authority Key Identifier: 
   

[tomcat] branch 8.5.x updated: Update expiring test certs

2019-08-07 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 310a791  Update expiring test certs
310a791 is described below

commit 310a791090fccf5546f9403c3a539489ff64c60a
Author: Mark Thomas 
AuthorDate: Wed Aug 7 22:11:07 2019 +0100

Update expiring test certs
---
 .../apache/tomcat/util/net/localhost-rsa-cert.pem  | 154 +++--
 .../apache/tomcat/util/net/localhost-rsa-copy1.jks | Bin 4404 -> 2737 bytes
 .../apache/tomcat/util/net/localhost-rsa-key.pem   |  52 +++
 test/org/apache/tomcat/util/net/localhost-rsa.jks  | Bin 4404 -> 4455 bytes
 test/org/apache/tomcat/util/net/user1.jks  | Bin 2666 -> 2717 bytes
 webapps/docs/changelog.xml |   5 +
 6 files changed, 110 insertions(+), 101 deletions(-)

diff --git a/test/org/apache/tomcat/util/net/localhost-rsa-cert.pem 
b/test/org/apache/tomcat/util/net/localhost-rsa-cert.pem
index 513e86c..24bb60a 100644
--- a/test/org/apache/tomcat/util/net/localhost-rsa-cert.pem
+++ b/test/org/apache/tomcat/util/net/localhost-rsa-cert.pem
@@ -1,35 +1,35 @@
 Certificate:
 Data:
 Version: 3 (0x2)
-Serial Number: 4096 (0x1000)
-Signature Algorithm: sha256WithRSAEncryption
+Serial Number: 4102 (0x1006)
+Signature Algorithm: sha256WithRSAEncryption
 Issuer: C=US, ST=MA, L=Wakefield, O=The Apache Software Foundation, 
OU=Apache Tomcat PMC, CN=Apache Tomcat Test CA
 Validity
-Not Before: Aug  8 10:41:05 2017 GMT
-Not After : Aug  8 10:41:05 2019 GMT
+Not Before: Aug  7 20:30:28 2019 GMT
+Not After : Aug  6 20:30:28 2021 GMT
 Subject: C=US, ST=MA, L=Wakefield, O=The Apache Software Foundation, 
OU=Apache Tomcat PMC, CN=localhost
 Subject Public Key Info:
 Public Key Algorithm: rsaEncryption
-Public-Key: (2048 bit)
+RSA Public-Key: (2048 bit)
 Modulus:
-00:a8:1a:8f:78:58:24:43:9d:90:e1:f2:d5:65:5d:
-61:9d:0f:a8:08:20:2c:82:75:8b:b0:ce:96:ba:5b:
-99:d3:6b:a2:f8:54:92:6d:07:cc:b3:66:84:8a:8b:
-5f:1c:c8:53:eb:a2:c3:54:8c:ce:d0:a7:ff:11:da:
-e8:78:a2:07:ea:ed:59:db:97:76:25:f7:c0:e8:6d:
-43:07:fc:fe:1c:22:82:8a:5a:5c:63:82:8e:fb:53:
-9b:46:47:81:34:95:79:75:15:0a:8d:c4:d8:d8:84:
-df:30:53:d0:6e:40:2c:ba:3b:e2:a1:44:4d:43:de:
-cf:b0:9e:44:a1:00:26:8f:ca:39:57:14:30:a7:6d:
-9a:cc:e4:24:b0:44:1c:28:d3:c3:33:c1:e7:f7:0a:
-2a:60:18:60:ed:34:d8:5f:86:a1:ce:c7:fe:cc:56:
-b0:68:18:46:d2:a0:5a:70:2c:bd:ce:22:1b:41:05:
-c7:a2:82:49:b2:85:a1:56:14:38:46:27:de:cd:f4:
-fa:13:0d:9a:80:02:14:d2:1b:47:5f:2c:c9:0c:9f:
-70:18:e1:bf:2f:a4:2e:73:7d:ce:0e:6e:2e:11:72:
-dd:39:1a:37:29:5c:c7:4a:7b:4a:66:47:8a:70:67:
-52:24:a7:6b:2a:55:ba:80:da:28:b5:8b:2f:ae:48:
-d7:8b
+00:cf:e2:56:a6:67:a6:e8:e7:f3:94:86:6e:f9:06:
+46:cf:20:66:b5:cd:b1:c7:d6:50:ea:4d:46:44:ed:
+45:65:ea:b6:9b:2e:49:a5:25:c1:8e:36:f6:2c:bc:
+8e:09:35:0b:2f:43:70:73:07:47:1d:78:a1:12:e9:
+56:5d:ab:84:15:16:0e:38:01:bb:81:87:2d:c4:3b:
+dc:2e:4a:e1:d4:66:1b:ce:87:2c:a9:b8:e3:aa:80:
+75:79:b1:98:f3:dd:df:66:d0:0d:e1:06:d8:6c:6c:
+50:f0:00:80:32:70:55:7b:dd:eb:ae:f2:6a:bf:93:
+3d:15:e1:25:f8:75:ce:d8:46:dc:c4:6b:ee:f9:f5:
+93:39:ad:90:47:15:4b:fa:ca:5b:fe:ca:1b:29:8a:
+74:19:2a:cb:1e:4f:20:d9:74:75:24:a0:06:d1:3a:
+ed:9b:88:87:f3:1b:0f:a6:14:67:e9:ed:47:2e:a1:
+25:6a:c2:97:04:13:f4:9f:62:38:cd:5a:e7:ad:c2:
+64:2c:8f:9c:3d:04:58:12:42:e5:0c:8e:8c:ce:78:
+3d:60:38:ce:06:ff:9c:ea:9c:c9:0f:73:90:b2:1a:
+4a:16:99:c9:fe:95:88:7b:3c:7f:19:d0:26:27:11:
+78:f9:92:5c:b4:f5:d4:cb:b0:84:0c:74:37:3d:87:
+1a:0b
 Exponent: 65537 (0x10001)
 X509v3 extensions:
 X509v3 Basic Constraints: 
@@ -37,69 +37,73 @@ Certificate:
 Netscape Comment: 
 OpenSSL Generated Certificate
 X509v3 Subject Key Identifier: 
-01:97:6A:CD:A4:72:D8:B4:A5:3D:A6:78:A1:63:A2:3D:BD:01:E3:22
+0D:86:88:1D:07:59:CE:14:B4:89:81:58:C6:0B:FF:4C:CA:25:52:80
 X509v3 Authority Key Identifier: 
 

[tomcat] branch master updated: Update expiring test certs

2019-08-07 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new e3a59c3  Update expiring test certs
e3a59c3 is described below

commit e3a59c352dbeb8b0bfde3c4512d1b4ea7a0339c8
Author: Mark Thomas 
AuthorDate: Wed Aug 7 22:11:07 2019 +0100

Update expiring test certs
---
 .../apache/tomcat/util/net/localhost-rsa-cert.pem  | 154 +++--
 .../apache/tomcat/util/net/localhost-rsa-copy1.jks | Bin 4404 -> 2737 bytes
 .../apache/tomcat/util/net/localhost-rsa-key.pem   |  52 +++
 test/org/apache/tomcat/util/net/localhost-rsa.jks  | Bin 4404 -> 4455 bytes
 test/org/apache/tomcat/util/net/user1.jks  | Bin 2666 -> 2717 bytes
 webapps/docs/changelog.xml |   5 +
 6 files changed, 110 insertions(+), 101 deletions(-)

diff --git a/test/org/apache/tomcat/util/net/localhost-rsa-cert.pem 
b/test/org/apache/tomcat/util/net/localhost-rsa-cert.pem
index 513e86c..24bb60a 100644
--- a/test/org/apache/tomcat/util/net/localhost-rsa-cert.pem
+++ b/test/org/apache/tomcat/util/net/localhost-rsa-cert.pem
@@ -1,35 +1,35 @@
 Certificate:
 Data:
 Version: 3 (0x2)
-Serial Number: 4096 (0x1000)
-Signature Algorithm: sha256WithRSAEncryption
+Serial Number: 4102 (0x1006)
+Signature Algorithm: sha256WithRSAEncryption
 Issuer: C=US, ST=MA, L=Wakefield, O=The Apache Software Foundation, 
OU=Apache Tomcat PMC, CN=Apache Tomcat Test CA
 Validity
-Not Before: Aug  8 10:41:05 2017 GMT
-Not After : Aug  8 10:41:05 2019 GMT
+Not Before: Aug  7 20:30:28 2019 GMT
+Not After : Aug  6 20:30:28 2021 GMT
 Subject: C=US, ST=MA, L=Wakefield, O=The Apache Software Foundation, 
OU=Apache Tomcat PMC, CN=localhost
 Subject Public Key Info:
 Public Key Algorithm: rsaEncryption
-Public-Key: (2048 bit)
+RSA Public-Key: (2048 bit)
 Modulus:
-00:a8:1a:8f:78:58:24:43:9d:90:e1:f2:d5:65:5d:
-61:9d:0f:a8:08:20:2c:82:75:8b:b0:ce:96:ba:5b:
-99:d3:6b:a2:f8:54:92:6d:07:cc:b3:66:84:8a:8b:
-5f:1c:c8:53:eb:a2:c3:54:8c:ce:d0:a7:ff:11:da:
-e8:78:a2:07:ea:ed:59:db:97:76:25:f7:c0:e8:6d:
-43:07:fc:fe:1c:22:82:8a:5a:5c:63:82:8e:fb:53:
-9b:46:47:81:34:95:79:75:15:0a:8d:c4:d8:d8:84:
-df:30:53:d0:6e:40:2c:ba:3b:e2:a1:44:4d:43:de:
-cf:b0:9e:44:a1:00:26:8f:ca:39:57:14:30:a7:6d:
-9a:cc:e4:24:b0:44:1c:28:d3:c3:33:c1:e7:f7:0a:
-2a:60:18:60:ed:34:d8:5f:86:a1:ce:c7:fe:cc:56:
-b0:68:18:46:d2:a0:5a:70:2c:bd:ce:22:1b:41:05:
-c7:a2:82:49:b2:85:a1:56:14:38:46:27:de:cd:f4:
-fa:13:0d:9a:80:02:14:d2:1b:47:5f:2c:c9:0c:9f:
-70:18:e1:bf:2f:a4:2e:73:7d:ce:0e:6e:2e:11:72:
-dd:39:1a:37:29:5c:c7:4a:7b:4a:66:47:8a:70:67:
-52:24:a7:6b:2a:55:ba:80:da:28:b5:8b:2f:ae:48:
-d7:8b
+00:cf:e2:56:a6:67:a6:e8:e7:f3:94:86:6e:f9:06:
+46:cf:20:66:b5:cd:b1:c7:d6:50:ea:4d:46:44:ed:
+45:65:ea:b6:9b:2e:49:a5:25:c1:8e:36:f6:2c:bc:
+8e:09:35:0b:2f:43:70:73:07:47:1d:78:a1:12:e9:
+56:5d:ab:84:15:16:0e:38:01:bb:81:87:2d:c4:3b:
+dc:2e:4a:e1:d4:66:1b:ce:87:2c:a9:b8:e3:aa:80:
+75:79:b1:98:f3:dd:df:66:d0:0d:e1:06:d8:6c:6c:
+50:f0:00:80:32:70:55:7b:dd:eb:ae:f2:6a:bf:93:
+3d:15:e1:25:f8:75:ce:d8:46:dc:c4:6b:ee:f9:f5:
+93:39:ad:90:47:15:4b:fa:ca:5b:fe:ca:1b:29:8a:
+74:19:2a:cb:1e:4f:20:d9:74:75:24:a0:06:d1:3a:
+ed:9b:88:87:f3:1b:0f:a6:14:67:e9:ed:47:2e:a1:
+25:6a:c2:97:04:13:f4:9f:62:38:cd:5a:e7:ad:c2:
+64:2c:8f:9c:3d:04:58:12:42:e5:0c:8e:8c:ce:78:
+3d:60:38:ce:06:ff:9c:ea:9c:c9:0f:73:90:b2:1a:
+4a:16:99:c9:fe:95:88:7b:3c:7f:19:d0:26:27:11:
+78:f9:92:5c:b4:f5:d4:cb:b0:84:0c:74:37:3d:87:
+1a:0b
 Exponent: 65537 (0x10001)
 X509v3 extensions:
 X509v3 Basic Constraints: 
@@ -37,69 +37,73 @@ Certificate:
 Netscape Comment: 
 OpenSSL Generated Certificate
 X509v3 Subject Key Identifier: 
-01:97:6A:CD:A4:72:D8:B4:A5:3D:A6:78:A1:63:A2:3D:BD:01:E3:22
+0D:86:88:1D:07:59:CE:14:B4:89:81:58:C6:0B:FF:4C:CA:25:52:80
 X509v3 Authority Key Identifier: 
 

[Bug 63648] certificates: testsuite will break tomorrow

2019-08-07 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63648

--- Comment #1 from Mark Thomas  ---
Just running the tests before I commit the updated certs to make sure all is
well.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311748751
 
 

 ##
 File path: test/org/apache/catalina/realm/TestRealmBase.java
 ##
 @@ -789,4 +791,45 @@ public void testHttpConstraint() throws IOException {
 Assert.assertFalse(mapRealm.hasResourcePermission(
 request, response, constraintsDelete, null));
 }
+
+@Test
+public void testRoleMapping() throws Exception {
+Context context = new TesterContext() {
+private Map roleMapping = new HashMap<>();
+
+public void addRoleMapping(String role, String link) {
+roleMapping.put(role, link);
+}
+
+@Override
+public String findRoleMapping(String role) {
+return roleMapping.get(role);
+}
+};
+
+context.addRoleMapping(ROLE2, "very-complex-role-name");
 
 Review comment:
   I will do the changes tomorrow and see how I can properly modify tests.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311748567
 
 

 ##
 File path: test/org/apache/catalina/realm/TestRealmBase.java
 ##
 @@ -789,4 +791,45 @@ public void testHttpConstraint() throws IOException {
 Assert.assertFalse(mapRealm.hasResourcePermission(
 request, response, constraintsDelete, null));
 }
+
+@Test
+public void testRoleMapping() throws Exception {
+Context context = new TesterContext() {
+private Map roleMapping = new HashMap<>();
+
+public void addRoleMapping(String role, String link) {
+roleMapping.put(role, link);
+}
+
+@Override
+public String findRoleMapping(String role) {
+return roleMapping.get(role);
+}
+};
+
+context.addRoleMapping(ROLE2, "very-complex-role-name");
 
 Review comment:
   I consider this way too inflexible, but yes -- let's discussed as soon as 
this one has been resolved.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311748751
 
 

 ##
 File path: test/org/apache/catalina/realm/TestRealmBase.java
 ##
 @@ -789,4 +791,45 @@ public void testHttpConstraint() throws IOException {
 Assert.assertFalse(mapRealm.hasResourcePermission(
 request, response, constraintsDelete, null));
 }
+
+@Test
+public void testRoleMapping() throws Exception {
+Context context = new TesterContext() {
+private Map roleMapping = new HashMap<>();
+
+public void addRoleMapping(String role, String link) {
+roleMapping.put(role, link);
+}
+
+@Override
+public String findRoleMapping(String role) {
+return roleMapping.get(role);
+}
+};
+
+context.addRoleMapping(ROLE2, "very-complex-role-name");
 
 Review comment:
   I will do the changes tomorrow and see how I can properly modifiy tests.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311748303
 
 

 ##
 File path: java/org/apache/catalina/realm/RealmBase.java
 ##
 @@ -928,6 +928,15 @@ public boolean hasRole(Wrapper wrapper, Principal 
principal, String role) {
 }
 }
 
+// Check for a role alias/mapping defined on context level
+if (getContainer() instanceof Context) {
+Context context = (Context) getContainer();
+String realRole = context.findRoleMapping(role);
 
 Review comment:
   Wouldn't it be confusing when `findSecurityReference()` can map a role which 
`findSecurityReferences()` does not contain?
   
   Why the null check? Wouldn't it be possible for a servlet security role ref 
to be also mapped to a technical role? My current does this.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] 01/03: Refactor Servlet 3 async timeouts to become a more generic timeout

2019-08-07 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit c6f5d73d438f55b8e5b2316e993ab02bb8a94495
Author: Mark Thomas 
AuthorDate: Wed Aug 7 18:42:44 2019 +0100

Refactor Servlet 3 async timeouts to become a more generic timeout

The timeout mechanism now represents any timeout that is triggered
independently from the Socket read/write timeouts.
---
 java/org/apache/coyote/AbstractProcessor.java  |  9 -
 java/org/apache/coyote/AbstractProtocol.java   | 13 -
 java/org/apache/coyote/Processor.java  | 14 +-
 .../apache/coyote/http11/upgrade/UpgradeProcessorBase.java | 10 ++
 4 files changed, 31 insertions(+), 15 deletions(-)

diff --git a/java/org/apache/coyote/AbstractProcessor.java 
b/java/org/apache/coyote/AbstractProcessor.java
index 3e73254..d442142 100644
--- a/java/org/apache/coyote/AbstractProcessor.java
+++ b/java/org/apache/coyote/AbstractProcessor.java
@@ -40,7 +40,7 @@ import org.apache.tomcat.util.res.StringManager;
 
 /**
  * Provides functionality and attributes common to all supported protocols
- * (currently HTTP and AJP).
+ * (currently HTTP and AJP) for processing a single request/response.
  */
 public abstract class AbstractProcessor extends AbstractProcessorLight 
implements ActionHook {
 
@@ -621,6 +621,13 @@ public abstract class AbstractProcessor extends 
AbstractProcessorLight implement
 }
 
 
+/**
+ * {@inheritDoc}
+ * 
+ * Sub-classes of this base class represent a single request/response pair.
+ * The timeout to be processed is, therefore, the Servlet asynchronous
+ * processing timeout.
+ */
 @Override
 public void timeoutAsync(long now) {
 if (now < 0) {
diff --git a/java/org/apache/coyote/AbstractProtocol.java 
b/java/org/apache/coyote/AbstractProtocol.java
index 837f805..3f5c651 100644
--- a/java/org/apache/coyote/AbstractProtocol.java
+++ b/java/org/apache/coyote/AbstractProtocol.java
@@ -92,7 +92,7 @@ public abstract class AbstractProtocol implements 
ProtocolHandler,
 
 
 /**
- * The async timeout thread.
+ * The timeout thread.
  */
 private AsyncTimeout asyncTimeout = null;
 
@@ -590,7 +590,7 @@ public abstract class AbstractProtocol implements 
ProtocolHandler,
 
 endpoint.start();
 
-// Start async timeout thread
+// Start timeout thread
 asyncTimeout = new AsyncTimeout();
 Thread timeoutThread = new Thread(asyncTimeout, getNameInternal() + 
"-AsyncTimeout");
 int priority = endpoint.getThreadPriority();
@@ -725,12 +725,14 @@ public abstract class AbstractProtocol implements 
ProtocolHandler,
 processor, socket));
 }
 
-// Async timeouts are calculated on a dedicated thread and then
+// Timeouts are calculated on a dedicated thread and then
 // dispatched. Because of delays in the dispatch process, the
 // timeout may no longer be required. Check here and avoid
 // unnecessary processing.
-if (SocketEvent.TIMEOUT == status && (processor == null ||
-!processor.isAsync() || 
!processor.checkAsyncTimeoutGeneration())) {
+if (SocketEvent.TIMEOUT == status &&
+(processor == null ||
+!processor.isAsync() && !processor.isUpgrade() ||
+processor.isAsync() && 
!processor.checkAsyncTimeoutGeneration())) {
 // This is effectively a NO-OP
 return SocketState.OPEN;
 }
@@ -891,6 +893,7 @@ public abstract class AbstractProtocol implements 
ProtocolHandler,
 // to the poller if necessary.
 if (status != SocketEvent.OPEN_WRITE) {
 longPoll(wrapper, processor);
+getProtocol().addWaitingProcessor(processor);
 }
 } else if (state == SocketState.SUSPENDED) {
 // Don't add sockets back to the poller.
diff --git a/java/org/apache/coyote/Processor.java 
b/java/org/apache/coyote/Processor.java
index 68edff5..c58431e 100644
--- a/java/org/apache/coyote/Processor.java
+++ b/java/org/apache/coyote/Processor.java
@@ -65,13 +65,17 @@ public interface Processor {
 boolean isAsync();
 
 /**
- * Check this processor to see if the async timeout has expired and process
- * a timeout if that is that case.
+ * Check this processor to see if the timeout has expired and process a
+ * timeout if that is that case.
+ * 
+ * Note: The name of this method originated with the Servlet 3.0
+ * asynchronous processing but evolved over time to represent a timeout 
that
+ * is triggered independently of the socket read/write timeouts.
  *
  * @param now The 

[tomcat] 03/03: Improve HTTP/2 connection timeout handling

2019-08-07 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 7943b50c241a051a49b212e90e25291d1ebcbe97
Author: Mark Thomas 
AuthorDate: Wed Aug 7 17:02:37 2019 +0100

Improve HTTP/2 connection timeout handling

Timeouts were not always handled correctly leaving
some connections open for longer than expected.
---
 .../apache/coyote/http2/Http2UpgradeHandler.java   | 95 --
 webapps/docs/changelog.xml |  4 +
 2 files changed, 75 insertions(+), 24 deletions(-)

diff --git a/java/org/apache/coyote/http2/Http2UpgradeHandler.java 
b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
index e63a484..50365a9 100644
--- a/java/org/apache/coyote/http2/Http2UpgradeHandler.java
+++ b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
@@ -138,6 +138,9 @@ public class Http2UpgradeHandler extends AbstractStream 
implements InternalHttpU
 private volatile int newStreamsSinceLastPrune = 0;
 private final ConcurrentMap backLogStreams 
= new ConcurrentHashMap<>();
 private long backLogSize = 0;
+// The time at which the connection will timeout unless data arrives before
+// then. -1 means no timeout.
+private volatile long connectionTimeout = -1;
 
 // Stream concurrency control
 private int maxConcurrentStreamExecution = 
Http2Protocol.DEFAULT_MAX_CONCURRENT_STREAM_EXECUTION;
@@ -323,8 +326,10 @@ public class Http2UpgradeHandler extends AbstractStream 
implements InternalHttpU
 case OPEN_READ:
 try {
 // There is data to read so use the read timeout while
-// reading frames.
-   socketWrapper.setReadTimeout(getReadTimeout());
+// reading frames ...
+socketWrapper.setReadTimeout(getReadTimeout());
+// ... and disable the connection timeout
+setConnectionTimeout(-1);
 while (true) {
 try {
 if (!parser.readFrame(false)) {
@@ -340,23 +345,22 @@ public class Http2UpgradeHandler extends AbstractStream 
implements InternalHttpU
 stream.close(se);
 }
 }
+if (overheadCount.get() > 0) {
+throw new ConnectionException(
+
sm.getString("upgradeHandler.tooMuchOverhead", connectionId),
+Http2Error.ENHANCE_YOUR_CALM);
+}
 }
 
-if (overheadCount.get() > 0) {
-throw new ConnectionException(
-sm.getString("upgradeHandler.tooMuchOverhead", 
connectionId),
-Http2Error.ENHANCE_YOUR_CALM);
-}
+// Need to know the correct timeout before starting the 
read
+// but that may not be known at this time if one or more
+// requests are currently being processed so don't set a
+// timeout for the socket...
+socketWrapper.setReadTimeout(-1);
+
+// ...set a timeout on the connection
+
setConnectionTimeoutForStreamCount(activeRemoteStreamCount.get());
 
-if (activeRemoteStreamCount.get() == 0) {
-// No streams currently active. Use the keep-alive
-// timeout for the connection.
-socketWrapper.setReadTimeout(getKeepAliveTimeout());
-} else {
-// Streams currently active. Individual streams have
-// timeouts so keep the connection open.
-socketWrapper.setReadTimeout(-1);
-}
 } catch (Http2Exception ce) {
 // Really ConnectionException
 if (log.isDebugEnabled()) {
@@ -377,9 +381,12 @@ public class Http2UpgradeHandler extends AbstractStream 
implements InternalHttpU
 result = SocketState.UPGRADED;
 break;
 
+case TIMEOUT:
+closeConnection(null);
+break;
+
 case DISCONNECT:
 case ERROR:
-case TIMEOUT:
 case STOP:
 case CONNECT_FAIL:
 close();
@@ -399,9 +406,41 @@ public class Http2UpgradeHandler extends AbstractStream 
implements InternalHttpU
 }
 
 
+/*
+ * Sets the connection timeout based on the current number of active
+ * streams.
+ */
+protected void setConnectionTimeoutForStreamCount(int streamCount) {
+if (streamCount == 0) {
+// No streams currently active. 

[tomcat] 02/03: Extend the timeout functionality to internal upgrade processors

2019-08-07 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 07aa80d35052314ea4e2169c49b9c95254bbbe1f
Author: Mark Thomas 
AuthorDate: Wed Aug 7 18:59:07 2019 +0100

Extend the timeout functionality to internal upgrade processors
---
 .../apache/coyote/http11/upgrade/InternalHttpUpgradeHandler.java| 2 ++
 java/org/apache/coyote/http11/upgrade/UpgradeProcessorInternal.java | 6 ++
 java/org/apache/coyote/http2/Http2UpgradeHandler.java   | 6 ++
 java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java   | 6 ++
 .../apache/coyote/http11/upgrade/TestUpgradeInternalHandler.java| 5 +
 5 files changed, 25 insertions(+)

diff --git 
a/java/org/apache/coyote/http11/upgrade/InternalHttpUpgradeHandler.java 
b/java/org/apache/coyote/http11/upgrade/InternalHttpUpgradeHandler.java
index 936784e..426b1bd 100644
--- a/java/org/apache/coyote/http11/upgrade/InternalHttpUpgradeHandler.java
+++ b/java/org/apache/coyote/http11/upgrade/InternalHttpUpgradeHandler.java
@@ -32,6 +32,8 @@ public interface InternalHttpUpgradeHandler extends 
HttpUpgradeHandler {
 
 SocketState upgradeDispatch(SocketEvent status);
 
+void timeoutAsync(long now);
+
 void setSocketWrapper(SocketWrapperBase wrapper);
 
 void setSslSupport(SSLSupport sslSupport);
diff --git 
a/java/org/apache/coyote/http11/upgrade/UpgradeProcessorInternal.java 
b/java/org/apache/coyote/http11/upgrade/UpgradeProcessorInternal.java
index 6397a72..f0f5460 100644
--- a/java/org/apache/coyote/http11/upgrade/UpgradeProcessorInternal.java
+++ b/java/org/apache/coyote/http11/upgrade/UpgradeProcessorInternal.java
@@ -73,6 +73,12 @@ public class UpgradeProcessorInternal extends 
UpgradeProcessorBase {
 }
 
 
+@Override
+public void timeoutAsync(long now) {
+internalHttpUpgradeHandler.timeoutAsync(now);
+}
+
+
 // --- AutoCloseable 
methods
 
 @Override
diff --git a/java/org/apache/coyote/http2/Http2UpgradeHandler.java 
b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
index 30f603f..e63a484 100644
--- a/java/org/apache/coyote/http2/Http2UpgradeHandler.java
+++ b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
@@ -399,6 +399,12 @@ public class Http2UpgradeHandler extends AbstractStream 
implements InternalHttpU
 }
 
 
+@Override
+public void timeoutAsync(long now) {
+// TODO: Implement improved connection timeouts
+}
+
+
 ConnectionSettingsRemote getRemoteSettings() {
 return remoteSettings;
 }
diff --git a/java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java 
b/java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java
index a1b82ea..84b70c6 100644
--- a/java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java
+++ b/java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java
@@ -191,6 +191,12 @@ public class WsHttpUpgradeHandler implements 
InternalHttpUpgradeHandler {
 
 
 @Override
+public void timeoutAsync(long now) {
+// NO-OP
+}
+
+
+@Override
 public void pause() {
 // NO-OP
 }
diff --git 
a/test/org/apache/coyote/http11/upgrade/TestUpgradeInternalHandler.java 
b/test/org/apache/coyote/http11/upgrade/TestUpgradeInternalHandler.java
index cd2535e..84b64ae 100644
--- a/test/org/apache/coyote/http11/upgrade/TestUpgradeInternalHandler.java
+++ b/test/org/apache/coyote/http11/upgrade/TestUpgradeInternalHandler.java
@@ -255,6 +255,11 @@ public class TestUpgradeInternalHandler extends 
TomcatBaseTest {
 }
 
 @Override
+public void timeoutAsync(long now) {
+// NO-OP
+}
+
+@Override
 public void setSocketWrapper(SocketWrapperBase wrapper) {
 this.wrapper = wrapper;
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch 8.5.x updated (6459a20 -> 7943b50)

2019-08-07 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 6459a20  BZ 63627: Implement more fine-grained handling in 
RealmBase#authenticate(GSSContext, boolean)
 new c6f5d73  Refactor Servlet 3 async timeouts to become a more generic 
timeout
 new 07aa80d  Extend the timeout functionality to internal upgrade 
processors
 new 7943b50  Improve HTTP/2 connection timeout handling

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 java/org/apache/coyote/AbstractProcessor.java  |  9 +-
 java/org/apache/coyote/AbstractProtocol.java   | 13 +--
 java/org/apache/coyote/Processor.java  | 14 +--
 .../http11/upgrade/InternalHttpUpgradeHandler.java |  2 +
 .../http11/upgrade/UpgradeProcessorBase.java   | 10 ++-
 .../http11/upgrade/UpgradeProcessorInternal.java   |  6 ++
 .../apache/coyote/http2/Http2UpgradeHandler.java   | 99 +-
 .../websocket/server/WsHttpUpgradeHandler.java |  6 ++
 .../http11/upgrade/TestUpgradeInternalHandler.java |  5 ++
 webapps/docs/changelog.xml |  4 +
 10 files changed, 130 insertions(+), 38 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311742634
 
 

 ##
 File path: webapps/docs/changelog.xml
 ##
 @@ -47,6 +47,10 @@
 
   
 
+  
+63636: Context.findRoleMapping() never called
+in RealmBase#hasRole(). (michaelo)
+  
   
 
 Review comment:
   Alright, will do. I will probably need to fix the rest I have merged already.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311742634
 
 

 ##
 File path: webapps/docs/changelog.xml
 ##
 @@ -47,6 +47,10 @@
 
   
 
+  
+63636: Context.findRoleMapping() never called
+in RealmBase#hasRole(). (michaelo)
+  
   
 
 Review comment:
   Alright, will do.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 63648] New: certificates: testsuite will break tomorrow

2019-08-07 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63648

Bug ID: 63648
   Summary: certificates: testsuite will break tomorrow
   Product: Tomcat 8
   Version: 8.5.x-trunk
  Hardware: PC
OS: All
Status: NEW
  Severity: major
  Priority: P2
 Component: Util
  Assignee: dev@tomcat.apache.org
  Reporter: b...@beuc.net
  Target Milestone: 

$ cd test/org/apache/tomcat/util/net/
$ openssl x509 -dates -noout < localhost-rsa-cert.pem 
notBefore=Aug  8 10:41:05 2017 GMT
notAfter=Aug  8 10:41:05 2019 GMT

I need working certificates to build a Debian Tomcat security update,
please renew :)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



buildbot success in on tomcat-trunk

2019-08-07 Thread buildbot
The Buildbot has detected a restored build on builder tomcat-trunk while 
building tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/4536

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' 
triggered this build
Build Source Stamp: [branch master] 5d7f2eac857cc75757cfc58d003fbf17a23c2720
Blamelist: Mark Thomas 

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] markt-asf commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
markt-asf commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311727060
 
 

 ##
 File path: webapps/docs/changelog.xml
 ##
 @@ -47,6 +47,10 @@
 
   
 
+  
+63636: Context.findRoleMapping() never called
+in RealmBase#hasRole(). (michaelo)
+  
   
 
 Review comment:
   BZ issues should appear in order so the entry for BZ 63636 should appear 
after BZ 63608.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] markt-asf commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
markt-asf commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311726365
 
 

 ##
 File path: test/org/apache/catalina/realm/TestRealmBase.java
 ##
 @@ -789,4 +791,45 @@ public void testHttpConstraint() throws IOException {
 Assert.assertFalse(mapRealm.hasResourcePermission(
 request, response, constraintsDelete, null));
 }
+
+@Test
+public void testRoleMapping() throws Exception {
+Context context = new TesterContext() {
+private Map roleMapping = new HashMap<>();
+
+public void addRoleMapping(String role, String link) {
+roleMapping.put(role, link);
+}
+
+@Override
+public String findRoleMapping(String role) {
+return roleMapping.get(role);
+}
+};
+
+context.addRoleMapping(ROLE2, "very-complex-role-name");
 
 Review comment:
   I was thinking more:
   ``
   but that is a discussion better suited to BZ 55477


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] markt-asf commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
markt-asf commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311725976
 
 

 ##
 File path: java/org/apache/catalina/realm/RealmBase.java
 ##
 @@ -928,6 +928,15 @@ public boolean hasRole(Wrapper wrapper, Principal 
principal, String role) {
 }
 }
 
+// Check for a role alias/mapping defined on context level
+if (getContainer() instanceof Context) {
+Context context = (Context) getContainer();
+String realRole = context.findRoleMapping(role);
 
 Review comment:
   `findSecurityReference()` != `findSecurityReferences()`
   
   `findSecurityReference()` is the method that tries to map a single role and 
should be changed.
   `findSecurityReferences()` is closer to a getter for the current settings 
for the Wrapper and should be unchanged.
   
   So:
   ```
   @Override
   public String findSecurityReference(String name) {
   String reference;
   
   // First check the Wrapper 
   referencesLock.readLock().lock();
   try {
   reference = references.get(name);
   } finally {
   referencesLock.readLock().unlock();
   }
   
   // If not specified on the Wrapper, check the Context
   if (reference == null && getParent() instanceof Context) {
   reference = ((Context) getParent()).findRoleMapping(name);
   }
   
   return reference;
   }
   ```


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch master updated: Improve HTTP/2 connection timeout handling

2019-08-07 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 5d7f2ea  Improve HTTP/2 connection timeout handling
5d7f2ea is described below

commit 5d7f2eac857cc75757cfc58d003fbf17a23c2720
Author: Mark Thomas 
AuthorDate: Wed Aug 7 17:02:37 2019 +0100

Improve HTTP/2 connection timeout handling

Timeouts were not always handled correctly leaving
some connections open for longer than expected.
---
 .../coyote/http2/Http2AsyncUpgradeHandler.java |  6 +-
 .../apache/coyote/http2/Http2UpgradeHandler.java   | 93 --
 webapps/docs/changelog.xml |  4 +
 3 files changed, 77 insertions(+), 26 deletions(-)

diff --git a/java/org/apache/coyote/http2/Http2AsyncUpgradeHandler.java 
b/java/org/apache/coyote/http2/Http2AsyncUpgradeHandler.java
index 3115eda..92ad29c 100644
--- a/java/org/apache/coyote/http2/Http2AsyncUpgradeHandler.java
+++ b/java/org/apache/coyote/http2/Http2AsyncUpgradeHandler.java
@@ -210,7 +210,7 @@ public class Http2AsyncUpgradeHandler extends 
Http2UpgradeHandler {
 header[4] = FLAG_END_OF_STREAM;
 stream.sentEndOfStream();
 if (!stream.isActive()) {
-activeRemoteStreamCount.decrementAndGet();
+
setConnectionTimeoutForStreamCount(activeRemoteStreamCount.decrementAndGet());
 }
 }
 if (writeable) {
@@ -309,7 +309,7 @@ public class Http2AsyncUpgradeHandler extends 
Http2UpgradeHandler {
 header[4] = FLAG_END_OF_STREAM;
 sendfile.stream.sentEndOfStream();
 if (!sendfile.stream.isActive()) {
-activeRemoteStreamCount.decrementAndGet();
+
setConnectionTimeoutForStreamCount(activeRemoteStreamCount.decrementAndGet());
 }
 }
 if (writeable) {
@@ -370,7 +370,7 @@ public class Http2AsyncUpgradeHandler extends 
Http2UpgradeHandler {
 header[4] = FLAG_END_OF_STREAM;
 sendfile.stream.sentEndOfStream();
 if (!sendfile.stream.isActive()) {
-activeRemoteStreamCount.decrementAndGet();
+
setConnectionTimeoutForStreamCount(activeRemoteStreamCount.decrementAndGet());
 }
 }
 if (writeable) {
diff --git a/java/org/apache/coyote/http2/Http2UpgradeHandler.java 
b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
index a19ba6c..f27a79e 100644
--- a/java/org/apache/coyote/http2/Http2UpgradeHandler.java
+++ b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
@@ -132,6 +132,9 @@ class Http2UpgradeHandler extends AbstractStream implements 
InternalHttpUpgradeH
 private volatile int newStreamsSinceLastPrune = 0;
 private final Map backLogStreams = new 
ConcurrentHashMap<>();
 private long backLogSize = 0;
+// The time at which the connection will timeout unless data arrives before
+// then. -1 means no timeout.
+private volatile long connectionTimeout = -1;
 
 // Stream concurrency control
 private AtomicInteger streamConcurrency = null;
@@ -315,8 +318,10 @@ class Http2UpgradeHandler extends AbstractStream 
implements InternalHttpUpgradeH
 case OPEN_READ:
 try {
 // There is data to read so use the read timeout while
-// reading frames.
+// reading frames ...
 socketWrapper.setReadTimeout(protocol.getReadTimeout());
+// ... and disable the connection timeout
+setConnectionTimeout(-1);
 while (true) {
 try {
 if (!parser.readFrame(false)) {
@@ -332,23 +337,22 @@ class Http2UpgradeHandler extends AbstractStream 
implements InternalHttpUpgradeH
 stream.close(se);
 }
 }
+if (overheadCount.get() > 0) {
+throw new ConnectionException(
+
sm.getString("upgradeHandler.tooMuchOverhead", connectionId),
+Http2Error.ENHANCE_YOUR_CALM);
+}
 }
 
-if (overheadCount.get() > 0) {
-throw new ConnectionException(
-sm.getString("upgradeHandler.tooMuchOverhead", 
connectionId),
-Http2Error.ENHANCE_YOUR_CALM);
-}
+// Need to know the correct timeout before starting the 
read
+// but that may not be known at this time if one or more
+// requests are currently being 

[GitHub] [tomcat] michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311703087
 
 

 ##
 File path: java/org/apache/catalina/realm/RealmBase.java
 ##
 @@ -928,6 +928,15 @@ public boolean hasRole(Wrapper wrapper, Principal 
principal, String role) {
 }
 }
 
+// Check for a role alias/mapping defined on context level
+if (getContainer() instanceof Context) {
+Context context = (Context) getContainer();
+String realRole = context.findRoleMapping(role);
 
 Review comment:
   Just take your time to describe how you image that, I do not fully 
understand it.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311702448
 
 

 ##
 File path: test/org/apache/catalina/realm/TestRealmBase.java
 ##
 @@ -789,4 +791,45 @@ public void testHttpConstraint() throws IOException {
 Assert.assertFalse(mapRealm.hasResourcePermission(
 request, response, constraintsDelete, null));
 }
+
+@Test
+public void testRoleMapping() throws Exception {
+Context context = new TesterContext() {
+private Map roleMapping = new HashMap<>();
+
+public void addRoleMapping(String role, String link) {
+roleMapping.put(role, link);
+}
+
+@Override
+public String findRoleMapping(String role) {
+return roleMapping.get(role);
+}
+};
+
+context.addRoleMapping(ROLE2, "very-complex-role-name");
 
 Review comment:
   You probably want a `` with custom attributes. What 
makes it different to a listener?


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



buildbot failure in on tomcat-trunk

2019-08-07 Thread buildbot
The Buildbot has detected a new failure on builder tomcat-trunk while building 
tomcat. Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/4535

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: asf946_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' 
triggered this build
Build Source Stamp: [branch master] 863b18e34f12085820ad02e86ca0ef7e961bb471
Blamelist: Mark Thomas 

BUILD FAILED: failed compile_1

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch master updated: Extend the timeout functionality to internal upgrade processors

2019-08-07 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 863b18e  Extend the timeout functionality to internal upgrade 
processors
863b18e is described below

commit 863b18e34f12085820ad02e86ca0ef7e961bb471
Author: Mark Thomas 
AuthorDate: Wed Aug 7 18:59:07 2019 +0100

Extend the timeout functionality to internal upgrade processors
---
 .../apache/coyote/http11/upgrade/InternalHttpUpgradeHandler.java| 2 ++
 java/org/apache/coyote/http11/upgrade/UpgradeProcessorInternal.java | 6 ++
 java/org/apache/coyote/http2/Http2UpgradeHandler.java   | 6 ++
 java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java   | 6 ++
 .../apache/coyote/http11/upgrade/TestUpgradeInternalHandler.java| 5 +
 5 files changed, 25 insertions(+)

diff --git 
a/java/org/apache/coyote/http11/upgrade/InternalHttpUpgradeHandler.java 
b/java/org/apache/coyote/http11/upgrade/InternalHttpUpgradeHandler.java
index 8c5ce39..e7d3453 100644
--- a/java/org/apache/coyote/http11/upgrade/InternalHttpUpgradeHandler.java
+++ b/java/org/apache/coyote/http11/upgrade/InternalHttpUpgradeHandler.java
@@ -32,6 +32,8 @@ public interface InternalHttpUpgradeHandler extends 
HttpUpgradeHandler {
 
 SocketState upgradeDispatch(SocketEvent status);
 
+void timeoutAsync(long now);
+
 void setSocketWrapper(SocketWrapperBase wrapper);
 
 void setSslSupport(SSLSupport sslSupport);
diff --git 
a/java/org/apache/coyote/http11/upgrade/UpgradeProcessorInternal.java 
b/java/org/apache/coyote/http11/upgrade/UpgradeProcessorInternal.java
index 6397a72..f0f5460 100644
--- a/java/org/apache/coyote/http11/upgrade/UpgradeProcessorInternal.java
+++ b/java/org/apache/coyote/http11/upgrade/UpgradeProcessorInternal.java
@@ -73,6 +73,12 @@ public class UpgradeProcessorInternal extends 
UpgradeProcessorBase {
 }
 
 
+@Override
+public void timeoutAsync(long now) {
+internalHttpUpgradeHandler.timeoutAsync(now);
+}
+
+
 // --- AutoCloseable 
methods
 
 @Override
diff --git a/java/org/apache/coyote/http2/Http2UpgradeHandler.java 
b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
index 41c620d..a19ba6c 100644
--- a/java/org/apache/coyote/http2/Http2UpgradeHandler.java
+++ b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
@@ -391,6 +391,12 @@ class Http2UpgradeHandler extends AbstractStream 
implements InternalHttpUpgradeH
 }
 
 
+@Override
+public void timeoutAsync(long now) {
+// TODO: Implement improved connection timeouts
+}
+
+
 ConnectionSettingsRemote getRemoteSettings() {
 return remoteSettings;
 }
diff --git a/java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java 
b/java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java
index a1b82ea..84b70c6 100644
--- a/java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java
+++ b/java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java
@@ -191,6 +191,12 @@ public class WsHttpUpgradeHandler implements 
InternalHttpUpgradeHandler {
 
 
 @Override
+public void timeoutAsync(long now) {
+// NO-OP
+}
+
+
+@Override
 public void pause() {
 // NO-OP
 }
diff --git 
a/test/org/apache/coyote/http11/upgrade/TestUpgradeInternalHandler.java 
b/test/org/apache/coyote/http11/upgrade/TestUpgradeInternalHandler.java
index aaee563..f436240 100644
--- a/test/org/apache/coyote/http11/upgrade/TestUpgradeInternalHandler.java
+++ b/test/org/apache/coyote/http11/upgrade/TestUpgradeInternalHandler.java
@@ -259,6 +259,11 @@ public class TestUpgradeInternalHandler extends 
TomcatBaseTest {
 }
 
 @Override
+public void timeoutAsync(long now) {
+// NO-OP
+}
+
+@Override
 public void setSocketWrapper(SocketWrapperBase wrapper) {
 this.wrapper = wrapper;
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch master updated: Refactor Servlet 3 async timeouts to become a more generic timeout

2019-08-07 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new d3a5b1c  Refactor Servlet 3 async timeouts to become a more generic 
timeout
d3a5b1c is described below

commit d3a5b1cf5c60e6acea61286eb050e54f05d193ff
Author: Mark Thomas 
AuthorDate: Wed Aug 7 18:42:44 2019 +0100

Refactor Servlet 3 async timeouts to become a more generic timeout

The timeout mechanism now represents any timeout that is triggered
independently from the Socket read/write timeouts.
---
 java/org/apache/coyote/AbstractProcessor.java  |  9 +-
 java/org/apache/coyote/AbstractProtocol.java   | 34 +-
 java/org/apache/coyote/Processor.java  | 14 +
 .../http11/upgrade/UpgradeProcessorBase.java   | 10 ---
 4 files changed, 44 insertions(+), 23 deletions(-)

diff --git a/java/org/apache/coyote/AbstractProcessor.java 
b/java/org/apache/coyote/AbstractProcessor.java
index d94a8e4..1affefa 100644
--- a/java/org/apache/coyote/AbstractProcessor.java
+++ b/java/org/apache/coyote/AbstractProcessor.java
@@ -39,7 +39,7 @@ import org.apache.tomcat.util.res.StringManager;
 
 /**
  * Provides functionality and attributes common to all supported protocols
- * (currently HTTP and AJP).
+ * (currently HTTP and AJP) for processing a single request/response.
  */
 public abstract class AbstractProcessor extends AbstractProcessorLight 
implements ActionHook {
 
@@ -628,6 +628,13 @@ public abstract class AbstractProcessor extends 
AbstractProcessorLight implement
 }
 
 
+/**
+ * {@inheritDoc}
+ * 
+ * Sub-classes of this base class represent a single request/response pair.
+ * The timeout to be processed is, therefore, the Servlet asynchronous
+ * processing timeout.
+ */
 @Override
 public void timeoutAsync(long now) {
 if (now < 0) {
diff --git a/java/org/apache/coyote/AbstractProtocol.java 
b/java/org/apache/coyote/AbstractProtocol.java
index 174c899..d95d425 100644
--- a/java/org/apache/coyote/AbstractProtocol.java
+++ b/java/org/apache/coyote/AbstractProtocol.java
@@ -96,9 +96,9 @@ public abstract class AbstractProtocol implements 
ProtocolHandler,
 Collections.newSetFromMap(new ConcurrentHashMap());
 
 /**
- * Controller for the async timeout scheduling.
+ * Controller for the timeout scheduling.
  */
-private ScheduledFuture asyncTimeoutFuture = null;
+private ScheduledFuture timeoutFuture = null;
 private ScheduledFuture monitorFuture;
 
 public AbstractProtocol(AbstractEndpoint endpoint) {
@@ -595,17 +595,22 @@ public abstract class AbstractProtocol implements 
ProtocolHandler,
 }
 
 
+/**
+ * Note: The name of this method originated with the Servlet 3.0
+ * asynchronous processing but evolved over time to represent a timeout 
that
+ * is triggered independently of the socket read/write timeouts.
+ */
 protected void startAsyncTimeout() {
-if (asyncTimeoutFuture == null || (asyncTimeoutFuture != null && 
asyncTimeoutFuture.isDone())) {
-if (asyncTimeoutFuture != null && asyncTimeoutFuture.isDone()) {
+if (timeoutFuture == null || (timeoutFuture != null && 
timeoutFuture.isDone())) {
+if (timeoutFuture != null && timeoutFuture.isDone()) {
 // There was an error executing the scheduled task, get it and 
log it
 try {
-asyncTimeoutFuture.get();
+timeoutFuture.get();
 } catch (InterruptedException | ExecutionException e) {
 
getLog().error(sm.getString("abstractProtocolHandler.asyncTimeoutError"), e);
 }
 }
-asyncTimeoutFuture = getUtilityExecutor().scheduleAtFixedRate(
+timeoutFuture = getUtilityExecutor().scheduleAtFixedRate(
 new Runnable() {
 @Override
 public void run() {
@@ -619,9 +624,9 @@ public abstract class AbstractProtocol implements 
ProtocolHandler,
 }
 
 protected void stopAsyncTimeout() {
-if (asyncTimeoutFuture != null) {
-asyncTimeoutFuture.cancel(false);
-asyncTimeoutFuture = null;
+if (timeoutFuture != null) {
+timeoutFuture.cancel(false);
+timeoutFuture = null;
 }
 }
 
@@ -664,7 +669,7 @@ public abstract class AbstractProtocol implements 
ProtocolHandler,
 monitorFuture = null;
 }
 stopAsyncTimeout();
-// Timeout any pending async request
+// Timeout any waiting processor
 for (Processor processor : waitingProcessors) {
 processor.timeoutAsync(-1);
 }
@@ -770,12 +775,14 @@ public abstract class AbstractProtocol implements 

Re: h2 priorities

2019-08-07 Thread Mark Thomas
Just a quick update.

I started to make some progress but I have been side-tracked by the
HTTP/2 timeout issue raised on users. I've been able to get the clean-up
in but the priority changes aren't going to make the next set of releases.

Mark


On 01/08/2019 09:19, Mark Thomas wrote:
> Hi all,
> 
> One of the things that I took away from the HTTP workshop was that we
> weren't doing as much with h2 priorities as we could.
> 
> If the connection window is at capacity, the code does a reasonable job
> of allocating any additional capacity to waiting streams based on the h2
> priority tree.
> 
> However, if the connection window is not at capacity, Tomcat essentially
> ignores the priority tree. I'd like to see if I can improve this.
> 
> My general thinking is some sort of priority manager where multiple
> implementations are available. Something like:
> - NO-OP (current behaviour)
> - dependencies only (takes account of dependencies for write
>   ordering but not weights
> - full (takes account of dependencies and weights for write ordering)
> 
> I'm not sure the 'full' implementation is viable for a Servlet
> container. What is doable for a single thread managing the writes for
> multiple static resources gets a lot more complicated when you have one
> thread per resource generating those resources dynamically.
> 
> I am currently still trying to get my head around various locking /
> ordering / synchronization issues and I don't yet have anything that
> works. I have stumbled across a couple of places where the code could be
> usefully cleaned up. I'll try and extract those into separate commits
> and get them applied. Hopefully this week but certainly before I tag.
> 
> If I can solve this fairly quickly, my plan is to have the "NO-OP"
> implementation as the default for now so there should be no change in
> behaviour.
> 
> Mark
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311490843
 
 

 ##
 File path: java/org/apache/catalina/realm/RealmBase.java
 ##
 @@ -928,6 +928,15 @@ public boolean hasRole(Wrapper wrapper, Principal 
principal, String role) {
 }
 }
 
+// Check for a role alias/mapping defined on context level
+if (getContainer() instanceof Context) {
+Context context = (Context) getContainer();
+String realRole = context.findRoleMapping(role);
 
 Review comment:
   So, if I understand your request properly, this should not be part of 
`RealmBase` at all, but has to be implemented in `StandardWrapper`, namely 
`findSecurityReference()` whre it queries `getParent()#findRoleMapping()` if it 
is not found in `references`?.
   
   So `findSecurityReferences()` have to be changed as well? But not 
`removeSecurityReference()`?
   
   though, `getParent()` must be still of type `Context` (`instanceof` check)?


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311513232
 
 

 ##
 File path: java/org/apache/catalina/realm/RealmBase.java
 ##
 @@ -928,6 +928,15 @@ public boolean hasRole(Wrapper wrapper, Principal 
principal, String role) {
 }
 }
 
+// Check for a role alias/mapping defined on context level
+if (getContainer() instanceof Context) {
+Context context = (Context) getContainer();
+String realRole = context.findRoleMapping(role);
 
 Review comment:
   Both
   
   > Consider moving this to Wrapper.findSecurityReference
   
   and
   
> findSecurityReferences() should be unchanged.
   
   seem to be a contradiction. Do you want me to change the `Wrapper` interface 
and all of its implementors? That would still mean that I need to change 
`RealmBase` anyway?!
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 63646] IOException when default CATALINA_TMPDIR directory doesn't exist

2019-08-07 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63646

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |WONTFIX

--- Comment #1 from Mark Thomas  ---
The necessary directories are created when Tomcat is installed. You can't
delete directories and/or files from that installation and expect Tomcat to
continue to work normally or recover so it can do so.

While Tomcat could recover from some deletions, it can recover in all scenarios
so we don't handle any of them.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] markt-asf commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
markt-asf commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311499556
 
 

 ##
 File path: java/org/apache/catalina/realm/RealmBase.java
 ##
 @@ -928,6 +928,15 @@ public boolean hasRole(Wrapper wrapper, Principal 
principal, String role) {
 }
 }
 
+// Check for a role alias/mapping defined on context level
+if (getContainer() instanceof Context) {
+Context context = (Context) getContainer();
+String realRole = context.findRoleMapping(role);
 
 Review comment:
   `findSecurityReferences()` should be unchanged.
   
   Parent of a Wrapper should only ever be a Context but an `instance of` check 
is probably prudent. It would also protect against nulls (may be possible 
during shutdown - I didn't check).


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311490843
 
 

 ##
 File path: java/org/apache/catalina/realm/RealmBase.java
 ##
 @@ -928,6 +928,15 @@ public boolean hasRole(Wrapper wrapper, Principal 
principal, String role) {
 }
 }
 
+// Check for a role alias/mapping defined on context level
+if (getContainer() instanceof Context) {
+Context context = (Context) getContainer();
+String realRole = context.findRoleMapping(role);
 
 Review comment:
   So, if I understand your request properly, this should not be part of 
`RealmBase` at all, but has to be implemented in `StandardWrapper`, namely 
`findSecurityReference()` whre it queries `getParent()#findRoleMapping() if it 
is not found in `references`?.
   
   So `findSecurityReferences()` have to be changed as well? But not 
`removeSecurityReference()`?
   
   though, `getParent()` must be still of type `Context` (`instanceof` check)?


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311491516
 
 

 ##
 File path: test/org/apache/catalina/realm/TestRealmBase.java
 ##
 @@ -789,4 +791,45 @@ public void testHttpConstraint() throws IOException {
 Assert.assertFalse(mapRealm.hasResourcePermission(
 request, response, constraintsDelete, null));
 }
+
+@Test
+public void testRoleMapping() throws Exception {
+Context context = new TesterContext() {
+private Map roleMapping = new HashMap<>();
+
+public void addRoleMapping(String role, String link) {
+roleMapping.put(role, link);
+}
+
+@Override
+public String findRoleMapping(String role) {
+return roleMapping.get(role);
+}
+};
+
+context.addRoleMapping(ROLE2, "very-complex-role-name");
 
 Review comment:
   That would OK, as long as it is an interface. I don't want to hardcore those 
into my `context.xml`, but have them in a properties file. It could also be 
potentionally a database or something else.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311490843
 
 

 ##
 File path: java/org/apache/catalina/realm/RealmBase.java
 ##
 @@ -928,6 +928,15 @@ public boolean hasRole(Wrapper wrapper, Principal 
principal, String role) {
 }
 }
 
+// Check for a role alias/mapping defined on context level
+if (getContainer() instanceof Context) {
+Context context = (Context) getContainer();
+String realRole = context.findRoleMapping(role);
 
 Review comment:
   So, if I understand your request properly, this should not be part of 
`RealmBase` at all, but has to be implemented in `StandardWrapper`, namely 
`findSecurityReference()` whre it queries `getParent()#findRoleMapping() if it 
is not found in `references`?.
   
   So `findSecurityReferences()` have to be changed as well? But not 
`removeSecurityReference()`? 


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 63641] Tomcat Manager Server Status Errors After updating from 8.5.19 to 8.5.40. javax.management.AttributeNotFoundException: Cannot find attribute maxThreads for org.apache.tomcat.util.net.Sock

2019-08-07 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63641

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |WORKSFORME

--- Comment #9 from Mark Thomas  ---
Tested a clean build of 8.5.x (latest HEAD as of this comment) and 8.5.36 and
no error is shown.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311483465
 
 

 ##
 File path: webapps/docs/changelog.xml
 ##
 @@ -47,6 +47,10 @@
 
   
 
+  
+63636: Context.findRoleMapping() never called
+in RealmBase#hasRole(). (michaelo)
+  
   
 
 Review comment:
   Pardon, I did not notice this. Will change, no issue. So this one should be 
after 63550?


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311483465
 
 

 ##
 File path: webapps/docs/changelog.xml
 ##
 @@ -47,6 +47,10 @@
 
   
 
+  
+63636: Context.findRoleMapping() never called
+in RealmBase#hasRole(). (michaelo)
+  
   
 
 Review comment:
   Pardon, I did not notice this. Will change, no issue.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 63625] Unable to start Tomcat 7.0.96 (stop by 0xc0000005)

2019-08-07 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63625

--- Comment #14 from Norimasa Yamamoto  ---
I thought a concept how to fix this issue.
(If prnsrv.exe really need to change jvm.dll's environment block.)

Before look a concept, important thing should be known.

- Where is a environment block (compiled with shared C runtime)?

compiled by MSVS 2015-2019
MODULE(exe, dll, so, ...)
  _wputenv()
  ==> api-ms-win-crt-environment-l1-1-0.dll!_wputenv (forwarder)
  ==> ucrtbase.dll!_wputenv (HERE!)

compiled by MSVC 7 to 12
MODULE
  _wputenv()
  ==> msvcrXXX.dll!_wputenv (HERE!)
(XXX is one of 70, 80, 90, 100, 110, 120 (release)
 or with postfix "d" (debug))

Other compilers...
compiled by MSVC 6, MinGW w32api+GCC
  held in "msvcrt.dll"
compiled by compiled by Enbarcadero/Borland C++ Builder
  held in "ccYYXXXmt.dll"
compiled by Cygwin
  held in "cygwin1.dll"
:

On the other hand, without shared C runtime,
every modules hold in itself.

compiled by any compiler (include MSVS 2015-2019)
MODULE (HERE! (=builtin))
  _wputenv

If MODULE did not export _wputenv or similar function,
it is impossible to change from OUTER MODULEs.
If OUTER MODULEs knew its address, it may can change
but it is very danger way.

-- end of section

Because prunsrv.exe is currently static linked with C runtime,
prunsrv.exe does not depending any shared C runtime.
So jvm.dll was loaded in prunsrv.exe process, prunsrv.exe can guess
jvm.dll's C runtime by GetModuleHandle.
(If prunsrv.exe were compiled with shared C runtime,
 prunsrv.exe may parse jvm.dll's Import Table in PE section,
 use CreateToolhelp32Snapshot related funtions to find loaded snapshot,
 ... From my experience, these are hard.)

(concept code)

- before
hmodUcrt = LoadLibraryExA("ucrtbase.dll", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32);
if (hmodUcrt != NULL) {
  wputenv_ucrt =  (WPUTENV) GetProcAddress(hmodUcrt, "_wputenv");
}

- after
// jvm.dll should be loaded at this point.
// Guess jvm.dll was compiled by known compilers.
putenv_ucrt = NULL;
if (
 ((hmodUcrt = GetModuleHandle("ucrtbase.dll")) != NULL) // MSVC 14.0x-14.2x
  || ((hmodUcrt = GetModuleHandle("msvcr120.dll")) != NULL) // MSVC 12.0
  || ((hmodUcrt = GetModuleHandle("msvcr110.dll")) != NULL) // MSVC 10.0
  || ((hmodUcrt = GetModuleHandle("msvcr100.dll")) != NULL) // MSVC 10.0
  : (...)
  || ((hmodUcrt = GetModuleHandle("msvcrt.dll")) != NULL) // MSVC 6.0, GCC
) {
  putenv_ucrt =  (WPUTENV) GetProcAddress(hmodUcrt, "_wputenv");
} else {
  // jvm.dll was not compiled by known compilers.
}

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311483465
 
 

 ##
 File path: webapps/docs/changelog.xml
 ##
 @@ -47,6 +47,10 @@
 
   
 
+  
+63636: Context.findRoleMapping() never called
+in RealmBase#hasRole(). (michaelo)
+  
   
 
 Review comment:
   Pardo, I did not notice this. Will change, no issue.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Re: Proposal: use Files.move instead of File.renameTo in FarmWarDeployer

2019-08-07 Thread Mark Thomas
On 06/08/2019 21:05, Christopher Schultz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> All,
> 
> Someone recently had a problem where the FarmWarDeployer wouldn't work
> on a secondary node because File.renameTo was failing -- likely due to
> the underlying Java/OS refusing to re-name a file across filesystems.
> 
> I propose that we switch to using Files.move which will either re-name
> or move depending upon what is necessary. It also throws an exception
> if it can't do its work, rather than failing and returning false.
> 
> Code patch below. I would also remove all of the
> "farmWarDeployer.renameFail" error message keys from the resource bundle
> s.

+1. Might be worth a wider review of where else File.renameTo() is used.

This is Java 7 so it can also be back-ported to 8.5.x.

Mark


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] markt-asf commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
markt-asf commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311472300
 
 

 ##
 File path: test/org/apache/catalina/realm/TestRealmBase.java
 ##
 @@ -789,4 +791,45 @@ public void testHttpConstraint() throws IOException {
 Assert.assertFalse(mapRealm.hasResourcePermission(
 request, response, constraintsDelete, null));
 }
+
+@Test
+public void testRoleMapping() throws Exception {
+Context context = new TesterContext() {
+private Map roleMapping = new HashMap<>();
+
+public void addRoleMapping(String role, String link) {
+roleMapping.put(role, link);
+}
+
+@Override
+public String findRoleMapping(String role) {
+return roleMapping.get(role);
+}
+};
+
+context.addRoleMapping(ROLE2, "very-complex-role-name");
 
 Review comment:
   I was thinking more along the lines of a nested element in the Context as 
they would be consistent with other Tomcat configuration.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311466031
 
 

 ##
 File path: test/org/apache/catalina/realm/TestRealmBase.java
 ##
 @@ -789,4 +791,45 @@ public void testHttpConstraint() throws IOException {
 Assert.assertFalse(mapRealm.hasResourcePermission(
 request, response, constraintsDelete, null));
 }
+
+@Test
+public void testRoleMapping() throws Exception {
+Context context = new TesterContext() {
+private Map roleMapping = new HashMap<>();
+
+public void addRoleMapping(String role, String link) {
+roleMapping.put(role, link);
+}
+
+@Override
+public String findRoleMapping(String role) {
+return roleMapping.get(role);
+}
+};
+
+context.addRoleMapping(ROLE2, "very-complex-role-name");
 
 Review comment:
   I use my fabulous 
[`PropertiesRoleMappingListener`](http://mo-tomcat-ext.sourceforge.net/xref/net/sf/michaelo/tomcat/extras/listeners/PropertiesRoleMappingListener.html#PropertiesRoleMappingListener)
 for this. I absolutely don't mind to amalgamate it into upstream somehow.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] markt-asf commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
markt-asf commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311457083
 
 

 ##
 File path: test/org/apache/catalina/realm/TestRealmBase.java
 ##
 @@ -789,4 +791,45 @@ public void testHttpConstraint() throws IOException {
 Assert.assertFalse(mapRealm.hasResourcePermission(
 request, response, constraintsDelete, null));
 }
+
+@Test
+public void testRoleMapping() throws Exception {
+Context context = new TesterContext() {
+private Map roleMapping = new HashMap<>();
+
+public void addRoleMapping(String role, String link) {
+roleMapping.put(role, link);
+}
+
+@Override
+public String findRoleMapping(String role) {
+return roleMapping.get(role);
+}
+};
+
+context.addRoleMapping(ROLE2, "very-complex-role-name");
 
 Review comment:
   The only way to add these Context mappings (currently) is via code. There is 
no mechanism to do this via configuration. Possibly as a separate enhancement, 
consider adding such an option. See 
https://bz.apache.org/bugzilla/show_bug.cgi?id=55477


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 55477] Add a solution to map an realm name to a security role

2019-08-07 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=55477

--- Comment #10 from Mark Thomas  ---
Context.addRoleMapping() does most of what is required (at least it will after
bug 63636 is fixed). Just need a way to add the roles via configuration rather
than JMX / code.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] markt-asf commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
markt-asf commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311451173
 
 

 ##
 File path: java/org/apache/catalina/realm/RealmBase.java
 ##
 @@ -928,6 +928,15 @@ public boolean hasRole(Wrapper wrapper, Principal 
principal, String role) {
 }
 }
 
+// Check for a role alias/mapping defined on context level
+if (getContainer() instanceof Context) {
+Context context = (Context) getContainer();
+String realRole = context.findRoleMapping(role);
 
 Review comment:
   The above code is only used when the Realm is defined at the Context level. 
That isn't what is required here. The role mappings need to be checked for the 
current Context irrespective of where the Realm is defined. Something like:
   `Context context = (Context) wrapper.getParent();`
   
   A similar change would also need to be made to `UserDatabaseRealm` and 
potentially other sub-classes. Consider moving this to 
`Wrapper.findSecurityReference`. i.e. Look up Wrapper references first and if 
none found try the Context.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] markt-asf commented on a change in pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
markt-asf commented on a change in pull request #186: BZ 63636: 
Context#findRoleMapping() never called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#discussion_r311445088
 
 

 ##
 File path: webapps/docs/changelog.xml
 ##
 @@ -47,6 +47,10 @@
 
   
 
+  
+63636: Context.findRoleMapping() never called
+in RealmBase#hasRole(). (michaelo)
+  
   
 
 Review comment:
   Please see the notes at the top of this file regarding the ordering of 
sections and the ordering of elements in each section.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 63646] New: IOException when default CATALINA_TMPDIR directory doesn't exist

2019-08-07 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=63646

Bug ID: 63646
   Summary: IOException when default CATALINA_TMPDIR directory
doesn't exist
   Product: Tomcat 9
   Version: unspecified
  Hardware: All
OS: Linux
Status: NEW
  Severity: normal
  Priority: P2
 Component: Util
  Assignee: dev@tomcat.apache.org
  Reporter: qudongf...@gmail.com
  Target Milestone: -

There will be an IOException when
createTempDirectory(Path,String,FileAttribute[]) is invoked if the directory
CATALINA_TMPDIR point to does not exist.

CATALINA_TMPDIR defaults to $CATALINA_BASE/temp and It seems that no one is
there to make sure the directory exists.

[1]
https://github.com/apache/tomcat/blob/b724612ef327f1e3c493de44b29ae24e1d757d0f/bin/catalina.sh#L43
[2]
http://hg.openjdk.java.net/jdk/jdk/file/f81dbe27a7b1/src/java.base/share/classes/java/nio/file/Files.java#l964
[3]
http://hg.openjdk.java.net/jdk/jdk/file/f81dbe27a7b1/src/java.base/share/classes/java/nio/file/TempFileHelper.java

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[GitHub] [tomcat] michael-o commented on issue #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-07 Thread GitBox
michael-o commented on issue #186: BZ 63636: Context#findRoleMapping() never 
called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#issuecomment-518968325
 
 
   Tests for master and 8.5.x pass. Ready to merge. Will then backport to 7.0.x 
if possible.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org