Re: Webinar on Tomcat 10 and Jakarta EE 9
On Tue, Jan 21, 2020 at 7:28 PM Mark Thomas wrote: > All, > > There has been a fair amount of progress since ApacheCon EU. > > - We have a release plan for Tomcat 10 > - There is a schedule for Jakarta EE 9 > - Tomcat 10 has implemented the migrated APIs > - Eclipse has produced milestone releases for WebSocket, EL and Servlet > - Drafts of the updated spec documents are available for EL and > WebSocket > - Updated specs are in progress for Servlet and JSP > > I think it will be useful to pull all of the information on this into > one place and give folks an opportunity to ask questions. With that in > mind, I am planning a Webinar on this topic for Thursday 30th Jan (next > week) and 14.00 UTC. > > I plan to record it and put it on our YouTube channel afterwards. > > Thoughts? Comments? Objections? > +1 Thank you, Mark! Regards, Martin > > Mark > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
[tomcat] branch 9.0.x updated: Correct changelog
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 5d8fc6f Correct changelog 5d8fc6f is described below commit 5d8fc6fd73455225359d2a7adf2eec006a19648a Author: Mark Thomas AuthorDate: Tue Jan 21 23:04:02 2020 + Correct changelog --- webapps/docs/changelog.xml | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 3848af7..ae9d505 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -286,6 +286,10 @@ exception occurs for the operation, and add a boolean to make sure the completion handler is called only once. (remm/markt) + +When reporting / logging invalid HTTP headers encode any non-printing +characters using the 0xNN form. (markt) + @@ -8987,10 +8991,6 @@ Add support for HTTP/2 including server push. (markt) - -When reporting / logging invalid HTTP headers encode any non-printing -characters using the 0xNN form. (markt) - - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Improve logging of invalid HTTP header lines
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 57fffc7b75beba6e68a72dc58fd9227f630a47d6
Author: Mark Thomas
AuthorDate: Tue Jan 21 22:24:37 2020 +
Improve logging of invalid HTTP header lines
---
.../apache/coyote/http11/Http11InputBuffer.java| 12 +++-
java/org/apache/tomcat/util/http/HeaderUtil.java | 53 ++
.../util/http/TestHeaderUtiltoPrintableString.java | 83 ++
webapps/docs/changelog.xml | 4 ++
4 files changed, 149 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/coyote/http11/Http11InputBuffer.java
b/java/org/apache/coyote/http11/Http11InputBuffer.java
index a0dba8e..ef0b498 100644
--- a/java/org/apache/coyote/http11/Http11InputBuffer.java
+++ b/java/org/apache/coyote/http11/Http11InputBuffer.java
@@ -28,6 +28,7 @@ import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
+import org.apache.tomcat.util.http.HeaderUtil;
import org.apache.tomcat.util.http.MimeHeaders;
import org.apache.tomcat.util.http.parser.HttpParser;
import org.apache.tomcat.util.net.ApplicationBufferHandler;
@@ -785,6 +786,7 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
if (headerParsePos == HeaderParsePosition.HEADER_START) {
// Mark the current buffer position
headerData.start = byteBuffer.position();
+headerData.lineStart = headerData.start;
headerParsePos = HeaderParsePosition.HEADER_NAME;
}
@@ -953,9 +955,8 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
}
if (rejectIllegalHeaderName || log.isDebugEnabled()) {
String message = sm.getString("iib.invalidheader",
-new String(byteBuffer.array(), headerData.start,
-headerData.lastSignificantChar - headerData.start
+ 1,
-StandardCharsets.ISO_8859_1));
+HeaderUtil.toPrintableString(byteBuffer.array(),
headerData.lineStart,
+headerData.lastSignificantChar -
headerData.lineStart + 1));
if (rejectIllegalHeaderName) {
throw new IllegalArgumentException(message);
}
@@ -1016,6 +1017,10 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
private static class HeaderParseData {
/**
+ * The first character of the header line.
+ */
+int lineStart = 0;
+/**
* When parsing header name: first character of the header.
* When skipping broken header line: first character of the header.
* When parsing header value: first character after ':'.
@@ -1043,6 +1048,7 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
*/
MessageBytes headerValue = null;
public void recycle() {
+lineStart = 0;
start = 0;
realPos = 0;
lastSignificantChar = 0;
diff --git a/java/org/apache/tomcat/util/http/HeaderUtil.java
b/java/org/apache/tomcat/util/http/HeaderUtil.java
new file mode 100644
index 000..cb40cab
--- /dev/null
+++ b/java/org/apache/tomcat/util/http/HeaderUtil.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.http;
+
+public class HeaderUtil {
+
+/**
+ * Converts an HTTP header line in byte form to a printable String.
+ * Bytes corresponding to visible ASCII characters will converted to those
+ * characters. All other bytes (0x00 to 0x1F, 0x7F to OxFF) will be
+ * represented in 0xNN form.
+ *
+ * @param bytes Contains an HTTP header line
+ * @param offset The start position of the header line in the array
+ * @param lenThe length of the HTTP header line
+ *
+ * @return A String with non-printing characters replaced by the 0xNN
+ * equivalent
[tomcat] branch 8.5.x updated (43c889e -> 57fffc7)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 43c889e Clean-up. Align 8.5.x with master/9.0.x. new c8ab649 Clean-up. Align with master/9.0.x new 57fffc7 Improve logging of invalid HTTP header lines The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/catalina/SessionEvent.java | 5 +- .../apache/coyote/http11/Http11InputBuffer.java| 12 +++- java/org/apache/tomcat/util/http/HeaderUtil.java | 53 ++ .../util/http/TestHeaderUtiltoPrintableString.java | 83 ++ webapps/docs/changelog.xml | 4 ++ 5 files changed, 150 insertions(+), 7 deletions(-) create mode 100644 java/org/apache/tomcat/util/http/HeaderUtil.java create mode 100644 test/org/apache/tomcat/util/http/TestHeaderUtiltoPrintableString.java - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: Clean-up. Align with master/9.0.x
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit c8ab6493d4abb0fe83bd33e4e9aab49784b9e86e
Author: Mark Thomas
AuthorDate: Tue Jan 21 22:58:32 2020 +
Clean-up. Align with master/9.0.x
---
java/org/apache/catalina/SessionEvent.java | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/java/org/apache/catalina/SessionEvent.java
b/java/org/apache/catalina/SessionEvent.java
index 0193df8..209121e 100644
--- a/java/org/apache/catalina/SessionEvent.java
+++ b/java/org/apache/catalina/SessionEvent.java
@@ -93,10 +93,7 @@ public final class SessionEvent extends EventObject {
@Override
public String toString() {
-
-return ("SessionEvent['" + getSession() + "','" +
-getType() + "']");
-
+return "SessionEvent['" + getSession() + "','" + getType() + "']";
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Improve logging of invalid HTTP header lines
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new ee021f9 Improve logging of invalid HTTP header lines
ee021f9 is described below
commit ee021f90a88222b2b4475eeb8623a27bbb37a1ea
Author: Mark Thomas
AuthorDate: Tue Jan 21 22:24:37 2020 +
Improve logging of invalid HTTP header lines
---
.../apache/coyote/http11/Http11InputBuffer.java| 12 +++-
java/org/apache/tomcat/util/http/HeaderUtil.java | 53 ++
.../util/http/TestHeaderUtiltoPrintableString.java | 83 ++
webapps/docs/changelog.xml | 4 ++
4 files changed, 149 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/coyote/http11/Http11InputBuffer.java
b/java/org/apache/coyote/http11/Http11InputBuffer.java
index 5632de2..7eb0669 100644
--- a/java/org/apache/coyote/http11/Http11InputBuffer.java
+++ b/java/org/apache/coyote/http11/Http11InputBuffer.java
@@ -28,6 +28,7 @@ import org.apache.coyote.Request;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.MessageBytes;
+import org.apache.tomcat.util.http.HeaderUtil;
import org.apache.tomcat.util.http.MimeHeaders;
import org.apache.tomcat.util.http.parser.HttpParser;
import org.apache.tomcat.util.net.ApplicationBufferHandler;
@@ -787,6 +788,7 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
if (headerParsePos == HeaderParsePosition.HEADER_START) {
// Mark the current buffer position
headerData.start = byteBuffer.position();
+headerData.lineStart = headerData.start;
headerParsePos = HeaderParsePosition.HEADER_NAME;
}
@@ -955,9 +957,8 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
}
if (rejectIllegalHeaderName || log.isDebugEnabled()) {
String message = sm.getString("iib.invalidheader",
-new String(byteBuffer.array(), headerData.start,
-headerData.lastSignificantChar - headerData.start
+ 1,
-StandardCharsets.ISO_8859_1));
+HeaderUtil.toPrintableString(byteBuffer.array(),
headerData.lineStart,
+headerData.lastSignificantChar -
headerData.lineStart + 1));
if (rejectIllegalHeaderName) {
throw new IllegalArgumentException(message);
}
@@ -1018,6 +1019,10 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
private static class HeaderParseData {
/**
+ * The first character of the header line.
+ */
+int lineStart = 0;
+/**
* When parsing header name: first character of the header.
* When skipping broken header line: first character of the header.
* When parsing header value: first character after ':'.
@@ -1045,6 +1050,7 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
*/
MessageBytes headerValue = null;
public void recycle() {
+lineStart = 0;
start = 0;
realPos = 0;
lastSignificantChar = 0;
diff --git a/java/org/apache/tomcat/util/http/HeaderUtil.java
b/java/org/apache/tomcat/util/http/HeaderUtil.java
new file mode 100644
index 000..cb40cab
--- /dev/null
+++ b/java/org/apache/tomcat/util/http/HeaderUtil.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.http;
+
+public class HeaderUtil {
+
+/**
+ * Converts an HTTP header line in byte form to a printable String.
+ * Bytes corresponding to visible ASCII characters will converted to those
+ * characters. All other bytes (0x00 to 0x1F, 0x7F to OxFF) will be
+ * represented in 0xNN form.
+ *
+ * @param bytes Contains an HTTP header line
+ * @param offset The start position of the header line in the array
+ * @param
[tomcat] branch master updated: Improve logging of invalid HTTP header lines
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new a363b53 Improve logging of invalid HTTP header lines
a363b53 is described below
commit a363b5329b9cfa9bf3e25daed5c6434aa4adb52e
Author: Mark Thomas
AuthorDate: Tue Jan 21 22:24:37 2020 +
Improve logging of invalid HTTP header lines
---
.../apache/coyote/http11/Http11InputBuffer.java| 12 +++-
java/org/apache/tomcat/util/http/HeaderUtil.java | 53 ++
.../util/http/TestHeaderUtiltoPrintableString.java | 83 ++
webapps/docs/changelog.xml | 4 ++
4 files changed, 149 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/coyote/http11/Http11InputBuffer.java
b/java/org/apache/coyote/http11/Http11InputBuffer.java
index 5632de2..7eb0669 100644
--- a/java/org/apache/coyote/http11/Http11InputBuffer.java
+++ b/java/org/apache/coyote/http11/Http11InputBuffer.java
@@ -28,6 +28,7 @@ import org.apache.coyote.Request;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.MessageBytes;
+import org.apache.tomcat.util.http.HeaderUtil;
import org.apache.tomcat.util.http.MimeHeaders;
import org.apache.tomcat.util.http.parser.HttpParser;
import org.apache.tomcat.util.net.ApplicationBufferHandler;
@@ -787,6 +788,7 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
if (headerParsePos == HeaderParsePosition.HEADER_START) {
// Mark the current buffer position
headerData.start = byteBuffer.position();
+headerData.lineStart = headerData.start;
headerParsePos = HeaderParsePosition.HEADER_NAME;
}
@@ -955,9 +957,8 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
}
if (rejectIllegalHeaderName || log.isDebugEnabled()) {
String message = sm.getString("iib.invalidheader",
-new String(byteBuffer.array(), headerData.start,
-headerData.lastSignificantChar - headerData.start
+ 1,
-StandardCharsets.ISO_8859_1));
+HeaderUtil.toPrintableString(byteBuffer.array(),
headerData.lineStart,
+headerData.lastSignificantChar -
headerData.lineStart + 1));
if (rejectIllegalHeaderName) {
throw new IllegalArgumentException(message);
}
@@ -1018,6 +1019,10 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
private static class HeaderParseData {
/**
+ * The first character of the header line.
+ */
+int lineStart = 0;
+/**
* When parsing header name: first character of the header.
* When skipping broken header line: first character of the header.
* When parsing header value: first character after ':'.
@@ -1045,6 +1050,7 @@ public class Http11InputBuffer implements InputBuffer,
ApplicationBufferHandler
*/
MessageBytes headerValue = null;
public void recycle() {
+lineStart = 0;
start = 0;
realPos = 0;
lastSignificantChar = 0;
diff --git a/java/org/apache/tomcat/util/http/HeaderUtil.java
b/java/org/apache/tomcat/util/http/HeaderUtil.java
new file mode 100644
index 000..cb40cab
--- /dev/null
+++ b/java/org/apache/tomcat/util/http/HeaderUtil.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.http;
+
+public class HeaderUtil {
+
+/**
+ * Converts an HTTP header line in byte form to a printable String.
+ * Bytes corresponding to visible ASCII characters will converted to those
+ * characters. All other bytes (0x00 to 0x1F, 0x7F to OxFF) will be
+ * represented in 0xNN form.
+ *
+ * @param bytes Contains an HTTP header line
+ * @param offset The start position of the header line in the array
+ * @param
[Bug 55477] Add a solution to map a realm name to a security role
https://bz.apache.org/bugzilla/show_bug.cgi?id=55477
--- Comment #19 from Michael Osipov ---
(In reply to Christopher Schultz from comment #18)
> How applicable is in web.xml, here?
As far as I know, this is per-servlet which can be very tedious and cannot be
externalized.
> (In reply to Stefan Mayr from comment #16)
> > After a quick look into Michael's documentation I'm only concerned about the
> > placement of the default config in WEB-INF/role-mapping.properties. As an
> > admin I would expect to look for it in the conf folder.
>
> I would expect a file without any explicit path information to be in the
> application's WEB-INF/ directory if the component were to be configured in
> the applications' WEB-INF/web.xml file. If it is configured in
> conf/server.xml for the server, I might expect the config file to be found
> in the server's conf/ directory. I'm not sure it's possible to detect the
> difference between the two situations from within the code. Therefore, I'd
> prefer to default to relative-to-WEB-INF but also allow (as Michael
> suggests) arbitrary file:// URI support as well as allowing ${catalina.base}
> replacement in the path to make it easy to build an installation-relative
> path.
The only way to detect the difference between those two situations is that
WEB-INF/role-mapping.properties is not availabe and
conf/role-mapping.properties is tried. But note that no custom value has to be
set.
If this component is set output of a webapp, one could set the default lookup
space to catalina_base: instead of webapp:.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Webinar on Tomcat 10 and Jakarta EE 9
On Tue, Jan 21, 2020 at 6:28 PM Mark Thomas wrote: > All, > > There has been a fair amount of progress since ApacheCon EU. > > - We have a release plan for Tomcat 10 > - There is a schedule for Jakarta EE 9 > - Tomcat 10 has implemented the migrated APIs > - Eclipse has produced milestone releases for WebSocket, EL and Servlet > - Drafts of the updated spec documents are available for EL and > WebSocket > - Updated specs are in progress for Servlet and JSP > > I think it will be useful to pull all of the information on this into > one place and give folks an opportunity to ask questions. With that in > mind, I am planning a Webinar on this topic for Thursday 30th Jan (next > week) and 14.00 UTC. > > I plan to record it and put it on our YouTube channel afterwards. > > Thoughts? Comments? Objections? > +1 Although technically this went as was announced in the talk in Berlin, an update is always nice. Rémy
Re: [tomcat] branch master updated: Add encryption as the first option to secure a cluster
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 1/21/20 12:14 PM, Mark Thomas wrote: > On 21/01/2020 15:53, Christopher Schultz wrote: >> Mark, >> >> On 1/20/20 2:25 PM, Mark Thomas wrote: >>> On 20/01/2020 17:21, Mark Thomas wrote: On 20/01/2020 17:08, Christopher Schultz wrote: > On 1/20/20 12:01 PM, ma...@apache.org wrote: >> Add encryption as the first option to secure a cluster >> --- > I could have sworn I added this, already. Thanks for doing > it. I'm looking at back-porting the Interceptor to 7.0.x. I've got everything done apart from GCMParameterSpec which is new in Java 7. I don't suppose you've looked into this previously and know if there is a Java 6 equivalent? It would save me the time to research it. If not, I'll make it a Java 7+ feature with JreCompat. >> >>> Java 6 doesn't support GCM. JreCompat it is. >> >> You may not need it: I checked, and the GCMParameterSpec class >> isn't referenced except in the GCMEncryptionManager class, which >> will only be loaded if the user specifically requests GCM >> block-cipher mode. > > It won't compile unless we compile with Java 7 and Tomcat 7 > ideally needs to compile with Java 6 unless we want to start > jumping through the same sort of hoops we have to jump through for > WebSocket. > >> So maybe you could just leave it alone and allow CNFE to occur on >> Java 7. Or, if you want a nicer error message, you can catch CNFE >> (or similar) or explicitly check the Java version and print a >> nice error message. >> >> But don't require Java 7 for the EncryptInterceptor in general. > > I went with the option of using reflection to call the Constructor. > That way it compiles on Java 6 but if the user specifies GCM it > will fail unless GCM is available (Java 7+ for Solaris, Java 8+ for > everyone else). Sounds good to me. The use is so limited that using reflection for everything isn't the end of the world. It just makes the code a little harder to follow. Aain, it's like 10 lines of code initially, so the reflection won't be awful. Thanks for doing this work. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4nRB0ACgkQHPApP6U8 pFgfFw/+KNgG0RBBt/EsDLbE6o3GLod475NBU92Js0oOK7R6sf1zxgjE3CxCQhlE Q8xWfHgx1zbVIXtG1DXBuFPTU8aOaP03jfcL/mu11SKRaHykUZTFQKQ4Fk5bjILe 5uK2SDHm6Qnki0U9MsX6MJeeRwSoUyHLM3JxVVSodG641vsB70a/w1fG14xGvHyJ nP9FOotg8weKwmgnftGe2Q4qg1Ug5+XcU9DYLeiYTHzIp+CnuH2HqRYDX8ERzEsM 7u94QEJRNThw58egmXqDlY7sOaMOlK31Yq7bC57KYt6U40ahs56FlZZwwfojTKQf Sab1m44lC2Av5y6SUby+0z/dcSlpV0fF5l13SDgVEN/mkqgGj71kfSu9TqQiCLSo ug6jpuM+u/rdQG7hPs+NlnOfJoIAsQgrVt6QkQy8Ro2mGq+jgo1R0Gqi25iuzUfI Bo/w057CNCoVaNKf5GLz9WHt00+Rq0mJP+AXoXD2nWxFzwe3E79AL41yXTdZfjRM YlpNylGIwoFXzrks5Rw3ESilhzQ07RZR9HOUKhv0T2EX/la5GoThSYjLgFyANS1o wapi1Bi713ZC8WnbOjnzmnz4ZbQV8UTnj+g5R50phTDnMn0/gWBsXv7O9KO8uW3M pEeKwyZxHp688H0P+BqozC9mTmlEfG/WuMo2UAd763GgJgK4mFo= =bwmC -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Java Servlet -> Jakarta Servlet request attributes for AJP Connector
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 0aa5a8d Java Servlet -> Jakarta Servlet request attributes for AJP
Connector
0aa5a8d is described below
commit 0aa5a8de8c24f79df4da3f3135eee5dd2e54c2ba
Author: Mark Thomas
AuthorDate: Tue Jan 21 17:49:54 2020 +
Java Servlet -> Jakarta Servlet request attributes for AJP Connector
---
java/org/apache/coyote/ajp/AjpProcessor.java | 18 ++
webapps/docs/changelog.xml | 4
2 files changed, 22 insertions(+)
diff --git a/java/org/apache/coyote/ajp/AjpProcessor.java
b/java/org/apache/coyote/ajp/AjpProcessor.java
index 01e7d3d..0c593ba 100644
--- a/java/org/apache/coyote/ajp/AjpProcessor.java
+++ b/java/org/apache/coyote/ajp/AjpProcessor.java
@@ -25,6 +25,9 @@ import java.nio.ByteBuffer;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
import jakarta.servlet.http.HttpServletResponse;
@@ -78,6 +81,9 @@ public class AjpProcessor extends AbstractProcessor {
private static final byte[] pongMessageArray;
+private static final Map jakartaAttributeMapping;
+
+
static {
// Allocate the end message array
AjpMessage endMessage = new AjpMessage(16);
@@ -118,6 +124,14 @@ public class AjpProcessor extends AbstractProcessor {
pongMessageArray = new byte[pongMessage.getLen()];
System.arraycopy(pongMessage.getBuffer(), 0, pongMessageArray,
0, pongMessage.getLen());
+
+// Build Map of Java Servlet to Jakarta Servlet attribute names
+Map m = new HashMap<>();
+m.put("javax.servlet.request.cipher_suite",
"jakarta.servlet.request.cipher_suite");
+m.put("javax.servlet.request.key_size",
"jakarta.servlet.request.key_size");
+m.put("javax.servlet.request.ssl_session",
"jakarta.servlet.request.ssl_session");
+m.put("javax.servlet.request.X509Certificate",
"jakarta.servlet.request.X509Certificate");
+jakartaAttributeMapping = Collections.unmodifiableMap(m);
}
@@ -728,6 +742,10 @@ public class AjpProcessor extends AbstractProcessor {
}
} else if(n.equals(Constants.SC_A_SSL_PROTOCOL)) {
request.setAttribute(SSLSupport.PROTOCOL_VERSION_KEY, v);
+} else if (jakartaAttributeMapping.containsKey(n)) {
+// AJP uses the Java Servlet attribute names.
+// Need to convert these to Jakarta SAervlet.
+request.setAttribute(jakartaAttributeMapping.get(n), v);
} else {
request.setAttribute(n, v );
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 33fceaa..d7324e1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -72,6 +72,10 @@
Remove unused NIO blocking selector. (remm)
+
+When using an AJP Connector, convert Java Servlet specific request
+attributes to the Jakarta Servlet equivalent. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Webinar on Tomcat 10 and Jakarta EE 9
All, There has been a fair amount of progress since ApacheCon EU. - We have a release plan for Tomcat 10 - There is a schedule for Jakarta EE 9 - Tomcat 10 has implemented the migrated APIs - Eclipse has produced milestone releases for WebSocket, EL and Servlet - Drafts of the updated spec documents are available for EL and WebSocket - Updated specs are in progress for Servlet and JSP I think it will be useful to pull all of the information on this into one place and give folks an opportunity to ask questions. With that in mind, I am planning a Webinar on this topic for Thursday 30th Jan (next week) and 14.00 UTC. I plan to record it and put it on our YouTube channel afterwards. Thoughts? Comments? Objections? Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch master updated: Add encryption as the first option to secure a cluster
On 21/01/2020 15:53, Christopher Schultz wrote: > Mark, > > On 1/20/20 2:25 PM, Mark Thomas wrote: >> On 20/01/2020 17:21, Mark Thomas wrote: >>> On 20/01/2020 17:08, Christopher Schultz wrote: On 1/20/20 12:01 PM, ma...@apache.org wrote: >>> >>> >>> > Add encryption as the first option to secure a cluster --- >>> >>> >>> I could have sworn I added this, already. Thanks for doing it. >>> >>> I'm looking at back-porting the Interceptor to 7.0.x. I've got >>> everything done apart from GCMParameterSpec which is new in Java >>> 7. >>> >>> I don't suppose you've looked into this previously and know if >>> there is a Java 6 equivalent? It would save me the time to >>> research it. >>> >>> If not, I'll make it a Java 7+ feature with JreCompat. > >> Java 6 doesn't support GCM. JreCompat it is. > > You may not need it: I checked, and the GCMParameterSpec class isn't > referenced except in the GCMEncryptionManager class, which will only > be loaded if the user specifically requests GCM block-cipher mode. It won't compile unless we compile with Java 7 and Tomcat 7 ideally needs to compile with Java 6 unless we want to start jumping through the same sort of hoops we have to jump through for WebSocket. > So maybe you could just leave it alone and allow CNFE to occur on Java > 7. Or, if you want a nicer error message, you can catch CNFE (or > similar) or explicitly check the Java version and print a nice error > message. > > But don't require Java 7 for the EncryptInterceptor in general. I went with the option of using reflection to call the Constructor. That way it compiles on Java 6 but if the user specifies GCM it will fail unless GCM is available (Java 7+ for Solaris, Java 8+ for everyone else). Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Clean-up. Align with 8.5.x/9.0.x/master
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 1083b2e Clean-up. Align with 8.5.x/9.0.x/master
1083b2e is described below
commit 1083b2eab68dd80ff63720b081989e965e963ad8
Author: Mark Thomas
AuthorDate: Tue Jan 21 16:26:14 2020 +
Clean-up. Align with 8.5.x/9.0.x/master
---
.../org/apache/coyote/ajp/AbstractAjpProtocol.java | 49 +++
.../coyote/http11/AbstractHttp11Protocol.java | 96 +++---
java/org/apache/tomcat/util/http/MimeHeaders.java | 88 +++-
.../apache/tomcat/util/http/parser/HttpParser.java | 35
.../util/http/parser/LocalStrings.properties | 8 +-
webapps/docs/config/ajp.xml| 4 +-
webapps/docs/config/http.xml | 16 ++--
7 files changed, 184 insertions(+), 112 deletions(-)
diff --git a/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
b/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
index 197948f..7c644db 100644
--- a/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
+++ b/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
@@ -22,13 +22,20 @@ import
org.apache.coyote.http11.upgrade.servlet31.HttpUpgradeHandler;
import org.apache.tomcat.util.net.SocketWrapper;
import org.apache.tomcat.util.res.StringManager;
+/**
+ * The is the base implementation for the AJP protocol handlers.
Implementations
+ * typically extend this base class rather than implement {@link
+ * org.apache.coyote.ProtocolHandler}. All of the implementations that ship
with
+ * Tomcat are implemented this way.
+ *
+ * @param The type of socket used by the implementation
+ */
public abstract class AbstractAjpProtocol extends AbstractProtocol {
/**
* The string manager for this package.
*/
-protected static final StringManager sm =
-StringManager.getManager(Constants.Package);
+protected static final StringManager sm =
StringManager.getManager(AbstractAjpProtocol.class);
@Override
@@ -41,50 +48,58 @@ public abstract class AbstractAjpProtocol extends
AbstractProtocol {
// - AJP specific
properties
// -- managed in the
ProtocolHandler
-/**
- * Send AJP flush packet when flushing.
- * An flush packet is a zero byte AJP13 SEND_BODY_CHUNK
- * packet. mod_jk and mod_proxy_ajp interprete this as
- * a request to flush data to the client.
- * AJP always does flush at the and of the response, so if
- * it is not important, that the packets get streamed up to
- * the client, do not use extra flush packets.
- * For compatibility and to stay on the safe side, flush
- * packets are enabled by default.
- */
protected boolean ajpFlush = true;
public boolean getAjpFlush() { return ajpFlush; }
+/**
+ * Configure whether to aend an AJP flush packet when flushing. A flush
+ * packet is a zero byte AJP13 SEND_BODY_CHUNK packet. mod_jk and
+ * mod_proxy_ajp interpret this as a request to flush data to the client.
+ * AJP always does flush at the and of the response, so if it is not
+ * important, that the packets get streamed up to the client, do not use
+ * extra flush packets. For compatibility and to stay on the safe side,
+ * flush packets are enabled by default.
+ *
+ * @param ajpFlush The new flush setting
+ */
public void setAjpFlush(boolean ajpFlush) {
this.ajpFlush = ajpFlush;
}
+protected boolean tomcatAuthentication = true;
/**
* Should authentication be done in the native web server layer,
* or in the Servlet container ?
+ *
+ * @return {@code true} if authentication should be performed by Tomcat,
+ * otherwise {@code false}
*/
-protected boolean tomcatAuthentication = true;
public boolean getTomcatAuthentication() { return tomcatAuthentication; }
public void setTomcatAuthentication(boolean tomcatAuthentication) {
this.tomcatAuthentication = tomcatAuthentication;
}
+private boolean tomcatAuthorization = false;
/**
* Should authentication be done in the native web server layer and
* authorization in the Servlet container?
+ *
+ * @return {@code true} if authorization should be performed by Tomcat,
+ * otherwise {@code false}
*/
-private boolean tomcatAuthorization = false;
public boolean getTomcatAuthorization() { return tomcatAuthorization; }
public void setTomcatAuthorization(boolean tomcatAuthorization) {
this.tomcatAuthorization = tomcatAuthorization;
}
+protected String requiredSecret = null;
/**
- * Required secret.
+ * Set the required secret that must be
[tomcat] branch 8.5.x updated: Clean-up. Align 8.5.x with master/9.0.x.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 43c889e Clean-up. Align 8.5.x with master/9.0.x.
43c889e is described below
commit 43c889edbbd9b09d7df0678d7f908db7534fbaaa
Author: Mark Thomas
AuthorDate: Tue Jan 21 16:22:28 2020 +
Clean-up. Align 8.5.x with master/9.0.x.
---
.../org/apache/coyote/ajp/AbstractAjpProtocol.java | 38 +
.../coyote/http11/AbstractHttp11Protocol.java | 97 +-
.../apache/coyote/http11/Http11InputBuffer.java| 7 +-
java/org/apache/coyote/http11/Http11Processor.java | 1 -
java/org/apache/tomcat/util/http/MimeHeaders.java | 5 +-
.../apache/tomcat/util/http/parser/HttpParser.java | 32 +++
.../util/http/parser/LocalStrings.properties | 8 +-
.../util/http/parser/LocalStrings_fr.properties| 7 ++
.../util/http/parser/LocalStrings_ja.properties| 7 ++
.../util/http/parser/LocalStrings_ko.properties| 7 ++
.../util/http/parser/LocalStrings_zh_CN.properties | 7 ++
webapps/docs/config/ajp.xml| 4 +-
webapps/docs/config/http.xml | 4 +-
13 files changed, 159 insertions(+), 65 deletions(-)
diff --git a/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
b/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
index 46bf9d7..872dbe6 100644
--- a/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
+++ b/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
@@ -93,50 +93,58 @@ public abstract class AbstractAjpProtocol extends
AbstractProtocol {
// - AJP specific
properties
// -- managed in the
ProtocolHandler
-/**
- * Send AJP flush packet when flushing.
- * An flush packet is a zero byte AJP13 SEND_BODY_CHUNK
- * packet. mod_jk and mod_proxy_ajp interprete this as
- * a request to flush data to the client.
- * AJP always does flush at the and of the response, so if
- * it is not important, that the packets get streamed up to
- * the client, do not use extra flush packets.
- * For compatibility and to stay on the safe side, flush
- * packets are enabled by default.
- */
protected boolean ajpFlush = true;
public boolean getAjpFlush() { return ajpFlush; }
+/**
+ * Configure whether to aend an AJP flush packet when flushing. A flush
+ * packet is a zero byte AJP13 SEND_BODY_CHUNK packet. mod_jk and
+ * mod_proxy_ajp interpret this as a request to flush data to the client.
+ * AJP always does flush at the and of the response, so if it is not
+ * important, that the packets get streamed up to the client, do not use
+ * extra flush packets. For compatibility and to stay on the safe side,
+ * flush packets are enabled by default.
+ *
+ * @param ajpFlush The new flush setting
+ */
public void setAjpFlush(boolean ajpFlush) {
this.ajpFlush = ajpFlush;
}
+private boolean tomcatAuthentication = true;
/**
* Should authentication be done in the native web server layer,
* or in the Servlet container ?
+ *
+ * @return {@code true} if authentication should be performed by Tomcat,
+ * otherwise {@code false}
*/
-private boolean tomcatAuthentication = true;
public boolean getTomcatAuthentication() { return tomcatAuthentication; }
public void setTomcatAuthentication(boolean tomcatAuthentication) {
this.tomcatAuthentication = tomcatAuthentication;
}
+private boolean tomcatAuthorization = false;
/**
* Should authentication be done in the native web server layer and
* authorization in the Servlet container?
+ *
+ * @return {@code true} if authorization should be performed by Tomcat,
+ * otherwise {@code false}
*/
-private boolean tomcatAuthorization = false;
public boolean getTomcatAuthorization() { return tomcatAuthorization; }
public void setTomcatAuthorization(boolean tomcatAuthorization) {
this.tomcatAuthorization = tomcatAuthorization;
}
+private String requiredSecret = null;
/**
- * Required secret.
+ * Set the required secret that must be included with every request.
+ *
+ * @param requiredSecret The required secret
*/
-private String requiredSecret = null;
public void setRequiredSecret(String requiredSecret) {
this.requiredSecret = requiredSecret;
}
diff --git a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
index 599b0eb..5332f9b 100644
--- a/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
+++ b/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
@@ -64,6 +64,9 @@
Re: [tomcat] branch master updated: Add encryption as the first option to secure a cluster
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 1/20/20 2:25 PM, Mark Thomas wrote: > On 20/01/2020 17:21, Mark Thomas wrote: >> On 20/01/2020 17:08, Christopher Schultz wrote: >>> On 1/20/20 12:01 PM, ma...@apache.org wrote: >> >> >> Add encryption as the first option to secure a cluster --- >> >> >> >>> I could have sworn I added this, already. Thanks for doing it. >> >> I'm looking at back-porting the Interceptor to 7.0.x. I've got >> everything done apart from GCMParameterSpec which is new in Java >> 7. >> >> I don't suppose you've looked into this previously and know if >> there is a Java 6 equivalent? It would save me the time to >> research it. >> >> If not, I'll make it a Java 7+ feature with JreCompat. > > Java 6 doesn't support GCM. JreCompat it is. You may not need it: I checked, and the GCMParameterSpec class isn't referenced except in the GCMEncryptionManager class, which will only be loaded if the user specifically requests GCM block-cipher mode. So maybe you could just leave it alone and allow CNFE to occur on Java 7. Or, if you want a nicer error message, you can catch CNFE (or similar) or explicitly check the Java version and print a nice error message. But don't require Java 7 for the EncryptInterceptor in general. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4nHnYACgkQHPApP6U8 pFg60BAAyd5I50nyPL4IGtovVLAbKgEaWSO0MUgoBQ4KbVErt863lQkqShjAoQHV pk72r/FM/Fw2iOqXlmGprO1gHpIqlJXuJVCEBaBvff5cJ8qKT319zf5v03i+/KD3 1vlzieoFnx7dv+GFWNIvg9PbKBMiJQdjLvik+4R+FOO7UADBdyixM5TldWcYlClV j533WOuXSsHL9Y8moMA3CntEGBJR6/CCRVXuC+jqlWmOkcxO7xurDg7dKHbYwBDH OLAnq0l3UhgZ60b7sP/0wqNnxf4iGWTrARAc2DfhVuTVmnX5w0BeNci7VueAPIMA tIL8zs8fG2rRiUrAasLCUIhuWswkSxpg3qn3Xh1KkVJpCZD73/V97Z4Fn98VC+Xx +PmhsV+R9n820ggbNXbyextAmdT/AQIbzXik/ixRBaEHKo7W5EqYEPfH9p3o7Vbl s8Xn19xMATKkylq/3b0GYbME3JR9yO6faeFi/cIMVFdkEqE3/ILt+lJO/d5h5atP BAB01a+IKYHd/7qOLCsk8TOUGYGfCuSgJgOozImnhsQgj3Mm1U6gIeEQuFQ6tZMc Aac2nL5n8Sx9rxjf/Ib99ETqaLk+n9Cejgr/FoISw3v5bnl4cRS3dc6LthAM3RId pSsTCXt1edbuors9z3fv6tFRYu99ywtzE0r6Mx79CtXoYnCaHzI= =IRI4 -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch master updated: Add encryption as the first option to secure a cluster
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 1/20/20 12:21 PM, Mark Thomas wrote: > On 20/01/2020 17:08, Christopher Schultz wrote: >> On 1/20/20 12:01 PM, ma...@apache.org wrote: > > > >>> Add encryption as the first option to secure a cluster --- > > > >> I could have sworn I added this, already. Thanks for doing it. > > I'm looking at back-porting the Interceptor to 7.0.x. I've got > everything done apart from GCMParameterSpec which is new in Java > 7. > > I don't suppose you've looked into this previously and know if > there is a Java 6 equivalent? It would save me the time to research > it. Hmm, I have not. One option would be to simply drop support for the GCM block-cipher mode. I believe both CFB and CTR modes are still supported, and are better choices than CBC. I'm not sure about OFB. > If not, I'll make it a Java 7+ feature with JreCompat. That's always an option. If we want to support GCM on Java 7 but not cause errors on Java 6, we could re-work the code a little bit to only attempt to load the GCMParameterSpec class if GCM mode is specifically requested. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4nHeoACgkQHPApP6U8 pFgEkw/7BB7dz13sh50+LNknutGBrygsmomDSzY807qgO4ypuUQPnuANP3qTbZw9 E2j51ivoWPf8+NV6BP3zOcVCtPTZ/KSNfLHFYMmbfHt2PV2WER5Rcbmy8H55Nlu3 gjdyFcs3iKsLs+5gEi+TzQ7qMLHfX5gNQCdLyLvtQAVHQCEBy5AFowNseHcYiF3n rjF93Enc3RGNa1pAwLEiYwxW+rZ9OkSqVvDyG/cz2MVEk9heudkTcKEhwOwdubdx 0VXuhIrlh9VkukwctgXZnE4KVYwcjvrrCfamB90wJof1sOCb3gJdoI5d1z/TR/sq JZGNzga3ShzGaPM+SvhuwLorRVor9KXuRrgP2QyrNwRsH0LR9PmW9HPFVdLTEGbL XdUktXFn9TXnNzq4ZpKVAWoKAM7oEDUlX2MD0W4hZgM+zM0aJdOVy+Xxh58lch2h uEn55gaZSHaK1OryJUr2v+5A6TmgF/zT+JLT8to5wvO7Mi9DM4ExxJEeGPMqeEX/ VrWcJ5LYh4b6qdizA9s88Sai3qWci8+6PZX+0qQr0JWjvDJzrSgApZ7Sb5a23hHT zlDDe6uUS1OVtHMgStaGTgZhDtz0fiTMLfew4TFFrfP0MUsmg3208oSxG+FxrTcY g8MaZQEiwmxjK9ItGjnV5G+pqBLMvvuhScDxT0QDyBT/LpjkwxY= =Qhpj -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Update Javadoc for building with later Java versions / align with 8.5.x
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 1d9d105 Update Javadoc for building with later Java versions / align
with 8.5.x
1d9d105 is described below
commit 1d9d105010f7481c0be289aef84a275728ea6205
Author: Mark Thomas
AuthorDate: Tue Jan 21 15:26:08 2020 +
Update Javadoc for building with later Java versions / align with 8.5.x
---
java/org/apache/catalina/InstanceEvent.java| 42 +---
java/org/apache/catalina/Manager.java | 6 +--
java/org/apache/catalina/Pipeline.java | 2 +-
java/org/apache/catalina/Realm.java| 70 +++---
java/org/apache/catalina/Role.java | 6 +--
java/org/apache/catalina/Server.java | 26 +-
java/org/apache/catalina/Service.java | 2 +-
java/org/apache/catalina/Session.java | 40 ---
java/org/apache/catalina/startup/Catalina.java | 46 -
9 files changed, 119 insertions(+), 121 deletions(-)
diff --git a/java/org/apache/catalina/InstanceEvent.java
b/java/org/apache/catalina/InstanceEvent.java
index 513ee93..69aeea4 100644
--- a/java/org/apache/catalina/InstanceEvent.java
+++ b/java/org/apache/catalina/InstanceEvent.java
@@ -358,75 +358,59 @@ public final class InstanceEvent extends EventObject {
/**
- * Return the exception that occurred during the processing
+ * @return the exception that occurred during the processing
* that was reported by this event.
*/
public Throwable getException() {
-
-return (this.exception);
-
+return this.exception;
}
/**
- * Return the filter instance for which this event occurred.
+ * @return the filter instance for which this event occurred.
*/
public Filter getFilter() {
-
-return (this.filter);
-
+return this.filter;
}
/**
- * Return the servlet request for which this event occurred.
+ * @return the servlet request for which this event occurred.
*/
public ServletRequest getRequest() {
-
-return (this.request);
-
+return this.request;
}
/**
- * Return the servlet response for which this event occurred.
+ * @return the servlet response for which this event occurred.
*/
public ServletResponse getResponse() {
-
-return (this.response);
-
+return this.response;
}
/**
- * Return the servlet instance for which this event occurred.
+ * @return the servlet instance for which this event occurred.
*/
public Servlet getServlet() {
-
-return (this.servlet);
-
+return this.servlet;
}
/**
- * Return the event type of this event.
+ * @return the event type of this event.
*/
public String getType() {
-
-return (this.type);
-
+return this.type;
}
/**
- * Return the Wrapper managing the servlet instance for which this
+ * @return the Wrapper managing the servlet instance for which this
* event occurred.
*/
public Wrapper getWrapper() {
-
return (Wrapper) getSource();
-
}
-
-
}
diff --git a/java/org/apache/catalina/Manager.java
b/java/org/apache/catalina/Manager.java
index 3f02f6e..9a5dc19 100644
--- a/java/org/apache/catalina/Manager.java
+++ b/java/org/apache/catalina/Manager.java
@@ -63,7 +63,7 @@ public interface Manager {
/**
- * Return the distributable flag for the sessions supported by
+ * @return the distributable flag for the sessions supported by
* this Manager.
*
* @deprecated Ignored. {@link Context#getDistributable()} always takes
@@ -88,7 +88,7 @@ public interface Manager {
/**
- * Return descriptive information about this Manager implementation and
+ * @return descriptive information about this Manager implementation and
* the corresponding version number, in the format
* description/version.
*/
@@ -96,7 +96,7 @@ public interface Manager {
/**
- * Return the default maximum inactive interval (in seconds)
+ * @return the default maximum inactive interval (in seconds)
* for Sessions created by this Manager.
*
* @deprecated Ignored. {@link Context#getSessionTimeout()} always takes
diff --git a/java/org/apache/catalina/Pipeline.java
b/java/org/apache/catalina/Pipeline.java
index eef24a9..e61e176 100644
--- a/java/org/apache/catalina/Pipeline.java
+++ b/java/org/apache/catalina/Pipeline.java
@@ -123,7 +123,7 @@ public interface Pipeline {
/**
- * Return the Container with which this Pipeline is associated.
+ * @return the Container with which this Pipeline is associated.
*/
public Container getContainer();
diff --git
Call for presentations for ApacheCon North America 2020 now open
Dear Apache enthusiast, (You’re receiving this message because you are subscribed to one or more project mailing lists at the Apache Software Foundation.) The call for presentations for ApacheCon North America 2020 is now open at https://apachecon.com/acna2020/cfp ApacheCon will be held at the Sheraton, New Orleans, September 28th through October 2nd, 2020. As in past years, ApacheCon will feature tracks focusing on the various technologies within the Apache ecosystem, and so the call for presentations will ask you to select one of those tracks, or “General” if the content falls outside of one of our already-organized tracks. These tracks are: Karaf Internet of Things Fineract Community Content Delivery Solr/Lucene (Search) Gobblin/Big Data Integration Ignite Observability Cloudstack Geospatial Graph Camel/Integration Flagon Tomcat Cassandra Groovy Web/httpd General/Other The CFP will close Friday, May 1, 2020 8:00 AM (America/New_York time). Submit early, submit often, at https://apachecon.com/acna2020/cfp Rich, for the ApacheCon Planners - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix comment
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 5e876cc Fix comment
5e876cc is described below
commit 5e876cc9da7f3faddf329a989e3c90686f9ee6e7
Author: Mark Thomas
AuthorDate: Tue Jan 21 11:47:26 2020 +
Fix comment
---
java/org/apache/coyote/http11/upgrade/UpgradeProcessorExternal.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/java/org/apache/coyote/http11/upgrade/UpgradeProcessorExternal.java
b/java/org/apache/coyote/http11/upgrade/UpgradeProcessorExternal.java
index 75d074e..b73f4e7 100644
--- a/java/org/apache/coyote/http11/upgrade/UpgradeProcessorExternal.java
+++ b/java/org/apache/coyote/http11/upgrade/UpgradeProcessorExternal.java
@@ -134,6 +134,6 @@ public class UpgradeProcessorExternal extends
UpgradeProcessorBase {
@Override
public void pause() {
-// NOOP for AJP
+// NOOP
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Fix comment
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 9a2eec7 Fix comment
9a2eec7 is described below
commit 9a2eec733ca9c2f3957255b15fa33c2786adc7d9
Author: Mark Thomas
AuthorDate: Tue Jan 21 11:47:26 2020 +
Fix comment
---
java/org/apache/coyote/http11/upgrade/UpgradeProcessorExternal.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/java/org/apache/coyote/http11/upgrade/UpgradeProcessorExternal.java
b/java/org/apache/coyote/http11/upgrade/UpgradeProcessorExternal.java
index 75d074e..b73f4e7 100644
--- a/java/org/apache/coyote/http11/upgrade/UpgradeProcessorExternal.java
+++ b/java/org/apache/coyote/http11/upgrade/UpgradeProcessorExternal.java
@@ -134,6 +134,6 @@ public class UpgradeProcessorExternal extends
UpgradeProcessorBase {
@Override
public void pause() {
-// NOOP for AJP
+// NOOP
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated (c9021f6 -> 1d4344a)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git. from c9021f6 Remove unused code add 1d4344a Fix comment No new revisions were added by this update. Summary of changes: java/org/apache/coyote/http11/upgrade/UpgradeProcessorExternal.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64089] New: Resource paths resolve symlinks
https://bz.apache.org/bugzilla/show_bug.cgi?id=64089 Bug ID: 64089 Summary: Resource paths resolve symlinks Product: Tomcat 8 Version: 8.5.50 Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: m.froehl...@infolog.de Target Milestone: Tomcat 8.5.35 introduced a behavior, which is a bug for us. Still consists in 8.5.50. In our development environments we use symlinks for all of our webapp folders. So under tomcat (resp. catalina base) there is the webapps folder, that contains only symlinks, which point to the actual webapps (not wars). The applications' web.xml files use XML imports like this: ## ]> ## This relative import worked just fine in 8.5.34 and prior, but will fail in 8.5.35+. The error message in the log unfortunately does not tell you more than "file not found", but does not say, where it was looking for it. The class org.apache.catalina.startup.ContextConfig, method fixDocBase() introduced a change in 8.5.35 (line 655 in 8.5.50's source), that uses getCanonicalPath() to resolve the absolute path for a resource (in this case web.xml). This path is used as base (systemId) for the WebXmlParser. Since the path has resolved symlinks, but the relative import assumes to originate from a standard catalina_base structure, it won't find the imported file. Instead of getCanonicalPath() you could use something like toPath().toAbsolutePath().normalize(), which does NOT follow symlinks. The behavior differs on Windows, where symlinks (Junktions) are not followed. This bug is critical for us. And there's no way to work around it. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64082] Nio2Endpoint for async request doesn't clear OutputBuffer when socket has already been closed (response mixup)
https://bz.apache.org/bugzilla/show_bug.cgi?id=64082 Remy Maucherat changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #3 from Remy Maucherat --- Please test with the system property "org.apache.catalina.connector.RECYCLE_FACADES" set to "true". The scenario in similar issues is: - IO error occurs, gets more or less ignored or seen as not important (the reason why is interesting and could be a bug depending on what happens) - as a result, framework or Servlet thinks async is still going - meanwhile the container recycles everything and reuses for another request - the request facades still point to the same objects, so they see another request from another user (the recycle facades setting prevents that) -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-jakartaee-migration] branch master updated: Report non fatal errors using the main boolean result
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat-jakartaee-migration.git
The following commit(s) were added to refs/heads/master by this push:
new 97d7652 Report non fatal errors using the main boolean result
97d7652 is described below
commit 97d765260b19a1a3b132602d18b3c244da5204af
Author: remm
AuthorDate: Tue Jan 21 10:11:41 2020 +0100
Report non fatal errors using the main boolean result
Some cleanups as well.
---
.../org/apache/tomcat/jakartaee/Migration.java | 45 ++
.../tomcat/jakartaee/LocalStrings.properties | 2 +-
2 files changed, 29 insertions(+), 18 deletions(-)
diff --git a/src/main/java/org/apache/tomcat/jakartaee/Migration.java
b/src/main/java/org/apache/tomcat/jakartaee/Migration.java
index 044e0a1..64f68d5 100644
--- a/src/main/java/org/apache/tomcat/jakartaee/Migration.java
+++ b/src/main/java/org/apache/tomcat/jakartaee/Migration.java
@@ -72,55 +72,63 @@ public class Migration {
public boolean execute() throws IOException {
logger.log(Level.INFO, sm.getString("migration.execute",
source.getAbsolutePath(),
destination.getAbsolutePath()));
+boolean result = true;
long t1 = System.nanoTime();
if (source.isDirectory()) {
if (destination.mkdirs()) {
-migrateDirectory(source, destination);
+result = result && migrateDirectory(source, destination);
} else {
-logger.log(Level.SEVERE, sm.getString("migration.mkdirError",
destination.getAbsolutePath()));
+logger.log(Level.WARNING, sm.getString("migration.mkdirError",
destination.getAbsolutePath()));
+result = false;
}
} else {
// Single file
File parentDestination = destination.getParentFile();
if (parentDestination.exists() || parentDestination.mkdirs()) {
-migrateFile(source, destination);
+result = result && migrateFile(source, destination);
} else {
-logger.log(Level.SEVERE, sm.getString("migration.mkdirError",
parentDestination.getAbsolutePath()));
+logger.log(Level.WARNING, sm.getString("migration.mkdirError",
parentDestination.getAbsolutePath()));
+result = false;
}
}
-logger.log(Level.INFO, sm.getString("migration.done"),
-Long.valueOf(TimeUnit.MILLISECONDS.convert(System.nanoTime() -
t1, TimeUnit.NANOSECONDS)));
-return true;
+logger.log(Level.INFO, sm.getString("migration.done",
+Long.valueOf(TimeUnit.MILLISECONDS.convert(System.nanoTime() -
t1, TimeUnit.NANOSECONDS)),
+Boolean.valueOf(result)));
+return result;
}
-private void migrateDirectory(File src, File dest) throws IOException {
+private boolean migrateDirectory(File src, File dest) throws IOException {
+boolean result = true;
String[] files = src.list();
for (String file : files) {
File srcFile = new File(src, file);
File destFile = new File(dest, file);
if (srcFile.isDirectory()) {
if (destFile.mkdir()) {
-migrateDirectory(srcFile, destFile);
+result = result && migrateDirectory(srcFile, destFile);
} else {
-logger.log(Level.SEVERE,
sm.getString("migration.mkdirError", destFile.getAbsolutePath()));
+logger.log(Level.WARNING,
sm.getString("migration.mkdirError", destFile.getAbsolutePath()));
+result = false;
}
} else {
-migrateFile(srcFile, destFile);
+result = result && migrateFile(srcFile, destFile);
}
}
+return result;
}
-private void migrateFile(File src, File dest) throws IOException {
+private boolean migrateFile(File src, File dest) throws IOException {
try (InputStream is = new FileInputStream(src);
OutputStream os = new FileOutputStream(dest)) {
-migrateStream(src.getName(), is, os);
+return migrateStream(src.getName(), is, os);
}
}
-private void migrateArchive(InputStream src, OutputStream dest) throws
IOException {
+private boolean migrateArchive(InputStream src, OutputStream dest) throws
IOException {
+boolean result = true;
try (JarInputStream jarIs = new JarInputStream(new
NonClosingInputStream(src));
JarOutputStream jarOs = new JarOutputStream(new
NonClosingOutputStream(dest))) {
Manifest manifest = jarIs.getManifest();
@@ -137,16 +145,17 @@ public class Migration {
String destName = Util.convert(sourceName);
