[tomcat] branch 7.0.x updated: Update Tomcat 7.0.104 release date
This is an automated email from the ASF dual-hosted git repository. violetagg pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new b6a7902 Update Tomcat 7.0.104 release date b6a7902 is described below commit b6a7902b4f1fd74dbaff4739132b5162f9d7127d Author: Violeta Georgieva AuthorDate: Sat May 16 08:30:43 2020 +0300 Update Tomcat 7.0.104 release date --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 1339557..132fc5b 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -70,7 +70,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r39623 - /dev/tomcat/tomcat-7/v7.0.104/ /release/tomcat/tomcat-7/v7.0.104/
Author: violetagg Date: Sat May 16 05:19:38 2020 New Revision: 39623 Log: Release Tomcat 7.0.104 Added: release/tomcat/tomcat-7/v7.0.104/ - copied from r39622, dev/tomcat/tomcat-7/v7.0.104/ Removed: dev/tomcat/tomcat-7/v7.0.104/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Nexus: Promotion Completed
Message from: https://repository.apache.orgDeployer properties:"userAgent" = "maven-artifact/2.2.1 (Java 1.7.0_80; Windows 8.1 6.3)""userId" = "violetagg""ip" = "78.83.99.114"Details:The following artifacts have been promoted to the "Releases" [id=releases] repository/org/apache/tomcat/tomcat-i18n-de/7.0.104/tomcat-i18n-de-7.0.104.jar.asc(SHA1: afcd902b56a4efaf3221c0cf0736fcf39f5400fb)/org/apache/tomcat/tomcat-i18n-de/7.0.104/tomcat-i18n-de-7.0.104.jar(SHA1: af16f971148d3881b4dcefac11ab36af5392c7b9)/org/apache/tomcat/tomcat-i18n-de/7.0.104/tomcat-i18n-de-7.0.104.pom(SHA1: e31e9300f15cf31b5d1d24311f1ba3247877ee9f)/org/apache/tomcat/tomcat-i18n-de/7.0.104/tomcat-i18n-de-7.0.104.pom.asc(SHA1: 449086078a21e168c043b7e02be65b5a831bc659)/org/apache/tomcat/tomcat-juli/7.0.104/tomcat-juli-7.0.104-sources.jar.asc(SHA1: 220b763a077b89bdf11b5ee19c494085f7c89287)/org/apache/tomcat/tomcat-juli/7.0.104/tomcat-juli-7.0.104.jar(SHA1: 84ed0f4e516e4db5b5a2529e98a3beaefdf62efa)/org/apache/tomcat/tomcat-juli/7.0.104/tomcat-juli-7.0.104-sources.jar(SHA1: ecdb2a800e7b3cbc2b1595a98950b16e22426823)/org/apache/tomcat/tomcat-juli/7.0.104/tomcat-juli-7.0.104.jar.asc(SHA1: 232a6b9078a3ab210e366ea140a6c988fea25279)/org/apache/tomcat/tomcat-juli/7.0.104/tomcat-juli-7.0.104.pom(SHA1: bd4023d9663ee841ffadfae24ccca1faa9dac2a7)/org/apache/tomcat/tomcat-juli/7.0.104/tomcat-juli-7.0.104.pom.asc(SHA1: 255e66c685ecde5791bc2263d028c4928288b5e5)/org/apache/tomcat/tomcat-util/7.0.104/tomcat-util-7.0.104-sources.jar.asc(SHA1: c660c6988c416d12df95365e2e4f101882d38b95)/org/apache/tomcat/tomcat-util/7.0.104/tomcat-util-7.0.104-sources.jar(SHA1: ff3b8bd6cd04868fac1cec3fcb76ba27fa301aac)/org/apache/tomcat/tomcat-util/7.0.104/tomcat-util-7.0.104.jar.asc(SHA1: cf22cc106a162e1366c68b4fd7d5822457217d5b)/org/apache/tomcat/tomcat-util/7.0.104/tomcat-util-7.0.104.pom.asc(SHA1: 4a766d926cb558acc2fd3227e19b55fb6cf28ee0)/org/apache/tomcat/tomcat-util/7.0.104/tomcat-util-7.0.104.jar(SHA1: 6d359a24b2a69605059dd8c88c2af7fb50019380)/org/apache/tomcat/tomcat-util/7.0.104/tomcat-util-7.0.104.pom(SHA1: df6465dfe088aaf0bec7d6638a5bc169670b293a)/org/apache/tomcat/tomcat-catalina/7.0.104/tomcat-catalina-7.0.104-sources.jar(SHA1: 79e3b6dba76fff360faad12268a4a0e2c3d99a3a)/org/apache/tomcat/tomcat-catalina/7.0.104/tomcat-catalina-7.0.104.jar(SHA1: 4927c4b89ecfb1f6444381b0fa3e953d523070dc)/org/apache/tomcat/tomcat-catalina/7.0.104/tomcat-catalina-7.0.104.jar.asc(SHA1: 447425f53c018ceb9d7b18d8fa9fa09d078f6f38)/org/apache/tomcat/tomcat-catalina/7.0.104/tomcat-catalina-7.0.104.pom.asc(SHA1: 2213f00a545ceefd9e8b0bc93ebf04e46eea8335)/org/apache/tomcat/tomcat-catalina/7.0.104/tomcat-catalina-7.0.104.pom(SHA1: 1ef3959e32f051f0c833cebe00ba281bd853dc4d)/org/apache/tomcat/tomcat-catalina/7.0.104/tomcat-catalina-7.0.104-sources.jar.asc(SHA1: 26301024040ce70cea850e356e5b1016005b107c)/org/apache/tomcat/tomcat-catalina-ws/7.0.104/tomcat-catalina-ws-7.0.104.pom.asc(SHA1: bc4debbeb546af6f6db69faa73be9dba6fa13e19)/org/apache/tomcat/tomcat-catalina-ws/7.0.104/tomcat-catalina-ws-7.0.104.jar.asc(SHA1: b8e287b5d7906188df278cc3345c91c7d26a7d77)/org/apache/tomcat/tomcat-catalina-ws/7.0.104/tomcat-catalina-ws-7.0.104.pom(SHA1: 48741169697f14a3a7f9a2852bf0bd1a238cd756)/org/apache/tomcat/tomcat-catalina-ws/7.0.104/tomcat-catalina-ws-7.0.104-sources.jar.asc(SHA1: 20f48c31ae9e6c45daf63a91580e7d9a09da72b4)/org/apache/tomcat/tomcat-catalina-ws/7.0.104/tomcat-catalina-ws-7.0.104.jar(SHA1: 25dcf4b42e2ca2a4008f82bd4136d6b744755021)/org/apache/tomcat/tomcat-catalina-ws/7.0.104/tomcat-catalina-ws-7.0.104-sources.jar(SHA1: 0d555df3adcff3da92c4c114018f9aa2e316c84f)/org/apache/tomcat/tomcat-i18n-fr/7.0.104/tomcat-i18n-fr-7.0.104.jar(SHA1: 65a9c9f44fb57bfe5e680b5476ad3929c71c58fa)/org/apache/tomcat/tomcat-i18n-fr/7.0.104/tomcat-i18n-fr-7.0.104.jar.asc(SHA1: 5cd8d84db9d6bf427d3a3159d0075dc9ccdd5947)/org/apache/tomcat/tomcat-i18n-fr/7.0.104/tomcat-i18n-fr-7.0.104.pom.asc(SHA1: 9422f8869f69e5e0a307fd9d83aacc074ebb1b49)/org/apache/tomcat/tomcat-i18n-fr/7.0.104/tomcat-i18n-fr-7.0.104.pom(SHA1: ae4cb88e3709621bcf22fccd4b6eca860ad894c5)/org/apache/tomcat/tomcat-jdbc/7.0.104/tomcat-jdbc-7.0.104.pom.asc(SHA1: 05e9cdddb2def881e0b1072612af0f918ac8c7f2)/org/apache/tomcat/tomcat-jdbc/7.0.104/tomcat-jdbc-7.0.104.jar.asc(SHA1: 3ce306f7cd94788c59ba77d045325ae397b58098)/org/apache/tomcat/tomcat-jdbc/7.0.104/tomcat-jdbc-7.0.104.jar(SHA1: 3897f01a00bc72c8d94ea0e464a379924c1f9a2e)/org/apache/tomcat/tomcat-jdbc/7.0.104/tomcat-jdbc-7.0.104-sources.jar(SHA1: e048bb58719ca2b6934ddaa478a1fd65b7fd2f3e)/org/apache/tomcat/tomcat-jdbc/7.0.104/tomcat-jdbc-7.0.104-sources.jar.asc(SHA1: 4643ddd9d34fd399b46491f69b7ddc2e1fa4d81d)/org/apache/tomcat/tomcat-jdbc/7.0.104/tomcat-jdbc-7.0.104.pom(SHA1: e03c3d596c3939f86f3c04b769769a75dbba7c74)/org/apache/tomcat/embed/tomcat-embed-logging-log4j/7.0.104/tomcat-embed-logging-log4j-7.0.104-sources.jar.asc(SHA1:
Re: [RESULT][VOTE] Release Apache Tomcat 7.0.104
На чт, 7.05.2020 г. в 23:17 Violeta Georgieva написа: > > The proposed Apache Tomcat 7.0.104 release is now available for voting. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.104/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1268/ > The git tag is: > https://github.com/apache/tomcat/tree/7.0.104 > 28db826c5a92a870a6632d85dae89d4dc3b7af00 > > The proposed 7.0.104 release is: > [ ] Broken - do not release > [ ] Stable - go ahead and release as 7.0.104 Stable +1 (binding): mgrigorov, remm, csutherl, violetagg No other voters were cast. The vote has passed. I'll do the release shortly and announce it once the mirrors catch up. Regards, Violeta
Re: [VOTE] Release Apache Tomcat 7.0.104
На пт, 8.05.2020 г. в 11:03 Rainer Jung написа: > > It seems commons-logging 1.1.3 is no longer part of the mirrors (only in > the archive). I had to use > > commons-logging.version=1.2 > commons-logging-src.checksum.value=ce977548f1cbf46918e93cd38ac35163|0a134d01e9aeb09b33f4c7450fb41abb7bed9db6 > > instead of > > commons-logging.version=1.1.3 > commons-logging-src.checksum.value=e8e197d628436490886d17cffa108fe3|95f0805de0be927c42f5f6eb14b643cb37e7caad > > > to successfully build. Thanks. I'll check that. Violeta > Regards, > > Rainer > > Am 07.05.2020 um 22:17 schrieb Violeta Georgieva: > > The proposed Apache Tomcat 7.0.104 release is now available for voting. > > > > It can be obtained from: > > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.104/ > > The Maven staging repo is: > > https://repository.apache.org/content/repositories/orgapachetomcat-1268/ > > The git tag is: > > https://github.com/apache/tomcat/tree/7.0.104 > > 28db826c5a92a870a6632d85dae89d4dc3b7af00 > > > > The proposed 7.0.104 release is: > > [ ] Broken - do not release > > [ ] Stable - go ahead and release as 7.0.104 Stable > > > > Regards, > > Violeta > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.104
На чт, 7.05.2020 г. в 23:17 Violeta Georgieva написа: > > The proposed Apache Tomcat 7.0.104 release is now available for voting. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.104/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1268/ > The git tag is: > https://github.com/apache/tomcat/tree/7.0.104 > 28db826c5a92a870a6632d85dae89d4dc3b7af00 > > The proposed 7.0.104 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 7.0.104 Stable Regards, Violeta >
[tomcat] branch 7.0.x updated: Always use DeploymentException for invalid paths and add more checks
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 2e3aa16 Always use DeploymentException for invalid paths and add more
checks
2e3aa16 is described below
commit 2e3aa161041f56d0251ed62e8fa7a92975438b93
Author: Mark Thomas
AuthorDate: Fri May 15 17:36:29 2020 +0100
Always use DeploymentException for invalid paths and add more checks
The additional paths should have been rejected later or would have never
have worked anyway.
---
.../websocket/server/LocalStrings.properties | 2 +-
.../tomcat/websocket/server/UriTemplate.java | 9 +++---
.../tomcat/websocket/server/TestUriTemplate.java | 37 +-
webapps/docs/changelog.xml | 9 ++
4 files changed, 44 insertions(+), 13 deletions(-)
diff --git a/java/org/apache/tomcat/websocket/server/LocalStrings.properties
b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
index 7fad34c..6616e33 100644
--- a/java/org/apache/tomcat/websocket/server/LocalStrings.properties
+++ b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
@@ -27,7 +27,7 @@ serverContainer.threadGroupNotDestroyed=Unable to destroy
WebSocket thread group
upgradeUtil.incompatibleRsv=Extensions were specified that have incompatible
RSV bit usage
uriTemplate.duplicateParameter=The parameter [{0}] appears more than once in
the path which is not permitted
-uriTemplate.emptySegment=The path [{0}] contains one or more empty segments
which are is not permitted
+uriTemplate.emptySegment=The path [{0}] contains one or more empty segments
which is not permitted
uriTemplate.invalidPath=The path [{0}] is not valid.
uriTemplate.invalidSegment=The segment [{0}] is not valid in the provided path
[{1}]
diff --git a/java/org/apache/tomcat/websocket/server/UriTemplate.java
b/java/org/apache/tomcat/websocket/server/UriTemplate.java
index 172359a..523d3fc 100644
--- a/java/org/apache/tomcat/websocket/server/UriTemplate.java
+++ b/java/org/apache/tomcat/websocket/server/UriTemplate.java
@@ -43,7 +43,8 @@ public class UriTemplate {
public UriTemplate(String path) throws DeploymentException {
-if (path == null || path.length() ==0 || !path.startsWith("/")) {
+if (path == null || path.length() == 0 || !path.startsWith("/") ||
path.contains("/../") ||
+path.contains("/./") || path.contains("//")) {
throw new DeploymentException(
sm.getString("uriTemplate.invalidPath", path));
}
@@ -68,7 +69,7 @@ public class UriTemplate {
} else {
// As per EG discussion, all other empty segments are
// invalid
-throw new IllegalArgumentException(sm.getString(
+throw new DeploymentException(sm.getString(
"uriTemplate.emptySegment", path));
}
}
@@ -81,12 +82,12 @@ public class UriTemplate {
normalized.append(paramCount++);
normalized.append('}');
if (!paramNames.add(segment)) {
-throw new IllegalArgumentException(sm.getString(
+throw new DeploymentException(sm.getString(
"uriTemplate.duplicateParameter", segment));
}
} else {
if (segment.contains("{") || segment.contains("}")) {
-throw new IllegalArgumentException(sm.getString(
+throw new DeploymentException(sm.getString(
"uriTemplate.invalidSegment", segment, path));
}
normalized.append(segment);
diff --git a/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
b/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
index f0b1c4e..697b48f 100644
--- a/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
+++ b/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
@@ -44,35 +44,35 @@ public class TestUriTemplate {
}
-@Test(expected=java.lang.IllegalArgumentException.class)
+@Test(expected=javax.websocket.DeploymentException.class)
public void testBasicPrefix() throws Exception {
@SuppressWarnings("unused")
UriTemplate t = new UriTemplate("/x{a}/y{b}");
}
-@Test(expected=java.lang.IllegalArgumentException.class)
+@Test(expected=javax.websocket.DeploymentException.class)
public void testPrefixOneOfTwo() throws Exception {
UriTemplate t = new UriTemplate("/x{a}/y{b}");
t.match(new UriTemplate("/xfoo"));
}
-@Test(expected=java.lang.IllegalArgumentException.class)
+@Test(expected=javax.websocket.DeploymentException.class)
public void
[tomcat] branch 8.5.x updated: Always use DeploymentException for invalid paths and add more checks
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 2472aab Always use DeploymentException for invalid paths and add more
checks
2472aab is described below
commit 2472aab5c4d894579f5440dcaa4e6454274c2a6f
Author: Mark Thomas
AuthorDate: Fri May 15 17:36:29 2020 +0100
Always use DeploymentException for invalid paths and add more checks
The additional paths should have been rejected later or would have never
have worked anyway.
---
.../websocket/server/LocalStrings.properties | 2 +-
.../tomcat/websocket/server/UriTemplate.java | 9 +++---
.../tomcat/websocket/server/TestUriTemplate.java | 37 +-
webapps/docs/changelog.xml | 9 ++
4 files changed, 44 insertions(+), 13 deletions(-)
diff --git a/java/org/apache/tomcat/websocket/server/LocalStrings.properties
b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
index 005c2f1..16fdaf2 100644
--- a/java/org/apache/tomcat/websocket/server/LocalStrings.properties
+++ b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
@@ -24,7 +24,7 @@ serverContainer.servletContextMissing=No ServletContext was
specified
upgradeUtil.incompatibleRsv=Extensions were specified that have incompatible
RSV bit usage
uriTemplate.duplicateParameter=The parameter [{0}] appears more than once in
the path which is not permitted
-uriTemplate.emptySegment=The path [{0}] contains one or more empty segments
which are is not permitted
+uriTemplate.emptySegment=The path [{0}] contains one or more empty segments
which is not permitted
uriTemplate.invalidPath=The path [{0}] is not valid.
uriTemplate.invalidSegment=The segment [{0}] is not valid in the provided path
[{1}]
diff --git a/java/org/apache/tomcat/websocket/server/UriTemplate.java
b/java/org/apache/tomcat/websocket/server/UriTemplate.java
index a9b8eb9..eb00452 100644
--- a/java/org/apache/tomcat/websocket/server/UriTemplate.java
+++ b/java/org/apache/tomcat/websocket/server/UriTemplate.java
@@ -43,7 +43,8 @@ public class UriTemplate {
public UriTemplate(String path) throws DeploymentException {
-if (path == null || path.length() ==0 || !path.startsWith("/")) {
+if (path == null || path.length() == 0 || !path.startsWith("/") ||
path.contains("/../") ||
+path.contains("/./") || path.contains("//")) {
throw new DeploymentException(
sm.getString("uriTemplate.invalidPath", path));
}
@@ -68,7 +69,7 @@ public class UriTemplate {
} else {
// As per EG discussion, all other empty segments are
// invalid
-throw new IllegalArgumentException(sm.getString(
+throw new DeploymentException(sm.getString(
"uriTemplate.emptySegment", path));
}
}
@@ -81,12 +82,12 @@ public class UriTemplate {
normalized.append(paramCount++);
normalized.append('}');
if (!paramNames.add(segment)) {
-throw new IllegalArgumentException(sm.getString(
+throw new DeploymentException(sm.getString(
"uriTemplate.duplicateParameter", segment));
}
} else {
if (segment.contains("{") || segment.contains("}")) {
-throw new IllegalArgumentException(sm.getString(
+throw new DeploymentException(sm.getString(
"uriTemplate.invalidSegment", segment, path));
}
normalized.append(segment);
diff --git a/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
b/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
index f0b1c4e..697b48f 100644
--- a/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
+++ b/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
@@ -44,35 +44,35 @@ public class TestUriTemplate {
}
-@Test(expected=java.lang.IllegalArgumentException.class)
+@Test(expected=javax.websocket.DeploymentException.class)
public void testBasicPrefix() throws Exception {
@SuppressWarnings("unused")
UriTemplate t = new UriTemplate("/x{a}/y{b}");
}
-@Test(expected=java.lang.IllegalArgumentException.class)
+@Test(expected=javax.websocket.DeploymentException.class)
public void testPrefixOneOfTwo() throws Exception {
UriTemplate t = new UriTemplate("/x{a}/y{b}");
t.match(new UriTemplate("/xfoo"));
}
-@Test(expected=java.lang.IllegalArgumentException.class)
+@Test(expected=javax.websocket.DeploymentException.class)
public void testPrefixTwoOfTwo()
[tomcat] branch 9.0.x updated: Always use DeploymentException for invalid paths and add more checks
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 92513cc Always use DeploymentException for invalid paths and add more
checks
92513cc is described below
commit 92513cc97744101cc3da62c068de4c9125771f43
Author: Mark Thomas
AuthorDate: Fri May 15 17:36:29 2020 +0100
Always use DeploymentException for invalid paths and add more checks
The additional paths should have been rejected later or would have never
have worked anyway.
---
.../websocket/server/LocalStrings.properties | 2 +-
.../tomcat/websocket/server/UriTemplate.java | 9 +++---
.../tomcat/websocket/server/TestUriTemplate.java | 37 +-
webapps/docs/changelog.xml | 9 ++
4 files changed, 44 insertions(+), 13 deletions(-)
diff --git a/java/org/apache/tomcat/websocket/server/LocalStrings.properties
b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
index 005c2f1..16fdaf2 100644
--- a/java/org/apache/tomcat/websocket/server/LocalStrings.properties
+++ b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
@@ -24,7 +24,7 @@ serverContainer.servletContextMissing=No ServletContext was
specified
upgradeUtil.incompatibleRsv=Extensions were specified that have incompatible
RSV bit usage
uriTemplate.duplicateParameter=The parameter [{0}] appears more than once in
the path which is not permitted
-uriTemplate.emptySegment=The path [{0}] contains one or more empty segments
which are is not permitted
+uriTemplate.emptySegment=The path [{0}] contains one or more empty segments
which is not permitted
uriTemplate.invalidPath=The path [{0}] is not valid.
uriTemplate.invalidSegment=The segment [{0}] is not valid in the provided path
[{1}]
diff --git a/java/org/apache/tomcat/websocket/server/UriTemplate.java
b/java/org/apache/tomcat/websocket/server/UriTemplate.java
index a9b8eb9..eb00452 100644
--- a/java/org/apache/tomcat/websocket/server/UriTemplate.java
+++ b/java/org/apache/tomcat/websocket/server/UriTemplate.java
@@ -43,7 +43,8 @@ public class UriTemplate {
public UriTemplate(String path) throws DeploymentException {
-if (path == null || path.length() ==0 || !path.startsWith("/")) {
+if (path == null || path.length() == 0 || !path.startsWith("/") ||
path.contains("/../") ||
+path.contains("/./") || path.contains("//")) {
throw new DeploymentException(
sm.getString("uriTemplate.invalidPath", path));
}
@@ -68,7 +69,7 @@ public class UriTemplate {
} else {
// As per EG discussion, all other empty segments are
// invalid
-throw new IllegalArgumentException(sm.getString(
+throw new DeploymentException(sm.getString(
"uriTemplate.emptySegment", path));
}
}
@@ -81,12 +82,12 @@ public class UriTemplate {
normalized.append(paramCount++);
normalized.append('}');
if (!paramNames.add(segment)) {
-throw new IllegalArgumentException(sm.getString(
+throw new DeploymentException(sm.getString(
"uriTemplate.duplicateParameter", segment));
}
} else {
if (segment.contains("{") || segment.contains("}")) {
-throw new IllegalArgumentException(sm.getString(
+throw new DeploymentException(sm.getString(
"uriTemplate.invalidSegment", segment, path));
}
normalized.append(segment);
diff --git a/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
b/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
index f0b1c4e..697b48f 100644
--- a/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
+++ b/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
@@ -44,35 +44,35 @@ public class TestUriTemplate {
}
-@Test(expected=java.lang.IllegalArgumentException.class)
+@Test(expected=javax.websocket.DeploymentException.class)
public void testBasicPrefix() throws Exception {
@SuppressWarnings("unused")
UriTemplate t = new UriTemplate("/x{a}/y{b}");
}
-@Test(expected=java.lang.IllegalArgumentException.class)
+@Test(expected=javax.websocket.DeploymentException.class)
public void testPrefixOneOfTwo() throws Exception {
UriTemplate t = new UriTemplate("/x{a}/y{b}");
t.match(new UriTemplate("/xfoo"));
}
-@Test(expected=java.lang.IllegalArgumentException.class)
+@Test(expected=javax.websocket.DeploymentException.class)
public void testPrefixTwoOfTwo()
[tomcat] branch master updated: Always use DeploymentException for invalid paths and add more checks
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 84d864d Always use DeploymentException for invalid paths and add more
checks
84d864d is described below
commit 84d864def79863324456f4ce0fa1039c2a899206
Author: Mark Thomas
AuthorDate: Fri May 15 17:36:29 2020 +0100
Always use DeploymentException for invalid paths and add more checks
The additional paths should have been rejected later or would have never
have worked anyway.
---
.../websocket/server/LocalStrings.properties | 2 +-
.../tomcat/websocket/server/UriTemplate.java | 9 +++---
.../tomcat/websocket/server/TestUriTemplate.java | 37 +-
webapps/docs/changelog.xml | 5 +++
4 files changed, 40 insertions(+), 13 deletions(-)
diff --git a/java/org/apache/tomcat/websocket/server/LocalStrings.properties
b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
index 005c2f1..16fdaf2 100644
--- a/java/org/apache/tomcat/websocket/server/LocalStrings.properties
+++ b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
@@ -24,7 +24,7 @@ serverContainer.servletContextMissing=No ServletContext was
specified
upgradeUtil.incompatibleRsv=Extensions were specified that have incompatible
RSV bit usage
uriTemplate.duplicateParameter=The parameter [{0}] appears more than once in
the path which is not permitted
-uriTemplate.emptySegment=The path [{0}] contains one or more empty segments
which are is not permitted
+uriTemplate.emptySegment=The path [{0}] contains one or more empty segments
which is not permitted
uriTemplate.invalidPath=The path [{0}] is not valid.
uriTemplate.invalidSegment=The segment [{0}] is not valid in the provided path
[{1}]
diff --git a/java/org/apache/tomcat/websocket/server/UriTemplate.java
b/java/org/apache/tomcat/websocket/server/UriTemplate.java
index 6419ed0..ab53395 100644
--- a/java/org/apache/tomcat/websocket/server/UriTemplate.java
+++ b/java/org/apache/tomcat/websocket/server/UriTemplate.java
@@ -43,7 +43,8 @@ public class UriTemplate {
public UriTemplate(String path) throws DeploymentException {
-if (path == null || path.length() ==0 || !path.startsWith("/")) {
+if (path == null || path.length() == 0 || !path.startsWith("/") ||
path.contains("/../") ||
+path.contains("/./") || path.contains("//")) {
throw new DeploymentException(
sm.getString("uriTemplate.invalidPath", path));
}
@@ -68,7 +69,7 @@ public class UriTemplate {
} else {
// As per EG discussion, all other empty segments are
// invalid
-throw new IllegalArgumentException(sm.getString(
+throw new DeploymentException(sm.getString(
"uriTemplate.emptySegment", path));
}
}
@@ -81,12 +82,12 @@ public class UriTemplate {
normalized.append(paramCount++);
normalized.append('}');
if (!paramNames.add(segment)) {
-throw new IllegalArgumentException(sm.getString(
+throw new DeploymentException(sm.getString(
"uriTemplate.duplicateParameter", segment));
}
} else {
if (segment.contains("{") || segment.contains("}")) {
-throw new IllegalArgumentException(sm.getString(
+throw new DeploymentException(sm.getString(
"uriTemplate.invalidSegment", segment, path));
}
normalized.append(segment);
diff --git a/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
b/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
index f0b1c4e..96f8569 100644
--- a/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
+++ b/test/org/apache/tomcat/websocket/server/TestUriTemplate.java
@@ -44,35 +44,35 @@ public class TestUriTemplate {
}
-@Test(expected=java.lang.IllegalArgumentException.class)
+@Test(expected=jakarta.websocket.DeploymentException.class)
public void testBasicPrefix() throws Exception {
@SuppressWarnings("unused")
UriTemplate t = new UriTemplate("/x{a}/y{b}");
}
-@Test(expected=java.lang.IllegalArgumentException.class)
+@Test(expected=jakarta.websocket.DeploymentException.class)
public void testPrefixOneOfTwo() throws Exception {
UriTemplate t = new UriTemplate("/x{a}/y{b}");
t.match(new UriTemplate("/xfoo"));
}
-@Test(expected=java.lang.IllegalArgumentException.class)
+@Test(expected=jakarta.websocket.DeploymentException.class)
public void testPrefixTwoOfTwo()
Re: [VOTE] Release Apache Tomcat 7.0.104
On Thu, May 7, 2020 at 4:18 PM Violeta Georgieva wrote: > The proposed Apache Tomcat 7.0.104 release is now available for voting. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.104/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1268/ > The git tag is: > https://github.com/apache/tomcat/tree/7.0.104 > 28db826c5a92a870a6632d85dae89d4dc3b7af00 > > The proposed 7.0.104 release is: > [ ] Broken - do not release > [x] Stable - go ahead and release as 7.0.104 Stable > +1 > Regards, > Violeta >
Re: [tomcat] branch 7.0.x updated: Use parametric replacement to ensure the proper version of wsdl4j is written to Eclipse's .classpath file.
On Fri, May 15, 2020 at 10:20 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I'd like to talk about this.
>
> First, this is a patch to Tomcat 7 where a single version number
> (wsdl4j) wasn't updated in all the places it needed to be updated
> (specifically, the Eclipse .classpath file).
>
> Rather than simply updating the version number, I replaced it with a
> replaceable token which always uses the version set in
> build.properties.default.
>
> This means that the version number is set in only one place:
> build.properites(.default)? instead of having to be set in at least 2
> places.
>
> If everyone likes this strategy, I can extend it to the other
> versioned libraries we use, and also push it to the other branches.
>
> WDYT?
>
+1 from me :D
> - -chris
>
> On 5/15/20 10:07, schu...@apache.org wrote:
> > This is an automated email from the ASF dual-hosted git
> > repository.
> >
> > schultz pushed a commit to branch 7.0.x in repository
> > https://gitbox.apache.org/repos/asf/tomcat.git
> >
> >
> > The following commit(s) were added to refs/heads/7.0.x by this
> > push: new afda9f0 Use parametric replacement to ensure the proper
> > version of wsdl4j is written to Eclipse's .classpath file. afda9f0
> > is described below
> >
> > commit afda9f0d2d2d0bc7b5a870f6df97603354655109 Author: Christopher
> > Schultz AuthorDate: Fri May 15
> > 10:05:59 2020 -0400
> >
> > Use parametric replacement to ensure the proper version of wsdl4j
> > is written to Eclipse's .classpath file. --- build.xml
> > | 3 ++- res/ide-support/eclipse/eclipse.classpath | 2 +- 2 files
> > changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/build.xml b/build.xml index 866bad3..973646e 100644
> > --- a/build.xml +++ b/build.xml @@ -3297,9 +3297,10 @@
> > skip.installer property in build.properties" />
> > depends="download-compile, extras-webservices-prepare,
> > download-test-compile" description="Prepares the source tree to be
> > built in Eclipse">
> >
> > + > value="${wsdl4j-lib.version}" /> > file="${tomcat.home}/res/ide-support/eclipse/eclipse.project"
> > tofile="${tomcat.home}/.project"/> - > file="${tomcat.home}/res/ide-support/eclipse/eclipse.classpath"
> > tofile="${tomcat.home}/.classpath"/> + > file="${tomcat.home}/res/ide-support/eclipse/eclipse.classpath"
> > tofile="${tomcat.home}/.classpath" filtering="true" />
> >
> > > dir="${tomcat.home}/.settings" /> diff --git
> > a/res/ide-support/eclipse/eclipse.classpath
> > b/res/ide-support/eclipse/eclipse.classpath index afd1232..74c174b
> > 100644 --- a/res/ide-support/eclipse/eclipse.classpath +++
> > b/res/ide-support/eclipse/eclipse.classpath @@ -23,7 +23,7 @@
> > > path="org.eclipse.jdt.junit.JUNIT_CONTAINER/4"/> > kind="var" path="ANT_HOME/lib/ant.jar"/> > path="TOMCAT_LIBS_BASE/jaxrpc-1.1-rc4/geronimo-spec-jaxrpc-1.1-rc4.jar
> "/>
> >
> >
> - - path="TOMCAT_LIBS_BASE/wsdl4j-1.6.2/wsdl4j-1.6.2.jar"/>
> > + > path="TOMCAT_LIBS_BASE/wsdl4j-@wsdl4j-lib.version@/wsdl4j-@wsdl4j-lib.
> version@.jar"/>
> >
> >
>
> > > path="TOMCAT_LIBS_BASE/easymock-3.2/easymock-3.2.jar"/>
> > > path="TOMCAT_LIBS_BASE/hamcrest-1.3/hamcrest-core-1.3.jar"/>
> >
> >
> > -
> >
> >
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> >
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6+pRAACgkQHPApP6U8
> pFhX5w/+O0dVTHL5UROhgJzTq74AmBrKHml57IkY1LVN+Wv9sWnw+X1s/QCFzamb
> fVZ+TZV4hg2xIkFDyzUTwCtPULVtqsBZChIyQDzW/rh9ClHKqTsOE2D6qOHMpcwa
> KMlOFb2wb/Z1GuxtHaH8cHZJnVtUjSv0STkKTZhewXGbNkMnXoacXO/1ezaY5vDY
> 5v4O8PRCDiTIXAMfncI1jORwDvbGBMqyQHl++QG6SiY5L5bp0xIyvtf+j/+8g6Ly
> BljCXZQC69ddm3dX5K88gdhsiXphzVZMaeyfGVk3AvCygwy3vAimTsuB8Dho6RUZ
> A+Wm2BmEYUpS3bdhhh8VpsD54rJ0q5L1BFLqrfot4+KLA78VLVWsam3IUqHZqIyu
> jl8TWHGl4NzRdsMFNm5Y4PnfkWBtMWtG7HyVea2uBLKmwFa9UQ3NA+/dwE8EKGAg
> ptz1e2GtgCAwUPWx8d/Z9+4hPOKLBgCuKVpm0YvVedrBCwHZCNKUbJiQspI2lSOF
> X4fqzFT5WrSBXpBOUk3FuwLQraDeXecEfalNVgfaJESeRM/KoohHULSWBLCfFQ2R
> kvueI0Kxi5WXFcdLFp2AvenL4fHPVYyt0MoAZ6gIArCSfvVZKNPFa1saVtr+yoKr
> 94A7aOoVjOLR6DygUNj7UFBlGz/uCbg9MkHxvBAxykH0zZg2oik=
> =VYFy
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>
[Bug 64442] Re-use roles and groups defined on users on MemoryUserDatabase creation
https://bz.apache.org/bugzilla/show_bug.cgi?id=64442 --- Comment #5 from Felix Schumacher --- I think the code should either work without surprises and I was surprised, that adding a role (even at the wrong place) led to a user without a role, or fail fast and log a warning. My preference would be to be forgiving, but if you think we should be more strict, than I could try to see, if I can enable the loader to enforce the schema. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch 7.0.x updated: Use parametric replacement to ensure the proper version of wsdl4j is written to Eclipse's .classpath file.
On 15/05/2020 15:20, Christopher Schultz wrote:
> All,
>
> I'd like to talk about this.
>
> First, this is a patch to Tomcat 7 where a single version number
> (wsdl4j) wasn't updated in all the places it needed to be updated
> (specifically, the Eclipse .classpath file).
>
> Rather than simply updating the version number, I replaced it with a
> replaceable token which always uses the version set in
> build.properties.default.
>
> This means that the version number is set in only one place:
> build.properites(.default)? instead of having to be set in at least 2
> places.
>
> If everyone likes this strategy, I can extend it to the other
> versioned libraries we use, and also push it to the other branches.
>
> WDYT?
Works for me.
Mark
>
> -chris
>
> On 5/15/20 10:07, schu...@apache.org wrote:
>> This is an automated email from the ASF dual-hosted git
>> repository.
>
>> schultz pushed a commit to branch 7.0.x in repository
>> https://gitbox.apache.org/repos/asf/tomcat.git
>
>
>> The following commit(s) were added to refs/heads/7.0.x by this
>> push: new afda9f0 Use parametric replacement to ensure the proper
>> version of wsdl4j is written to Eclipse's .classpath file. afda9f0
>> is described below
>
>> commit afda9f0d2d2d0bc7b5a870f6df97603354655109 Author: Christopher
>> Schultz AuthorDate: Fri May 15
>> 10:05:59 2020 -0400
>
>> Use parametric replacement to ensure the proper version of wsdl4j
>> is written to Eclipse's .classpath file. --- build.xml
>> | 3 ++- res/ide-support/eclipse/eclipse.classpath | 2 +- 2 files
>> changed, 3 insertions(+), 2 deletions(-)
>
>> diff --git a/build.xml b/build.xml index 866bad3..973646e 100644
>> --- a/build.xml +++ b/build.xml @@ -3297,9 +3297,10 @@
>> skip.installer property in build.properties" />
>> depends="download-compile, extras-webservices-prepare,
>> download-test-compile" description="Prepares the source tree to be
>> built in Eclipse">
>
>> +> value="${wsdl4j-lib.version}" /> > file="${tomcat.home}/res/ide-support/eclipse/eclipse.project"
>> tofile="${tomcat.home}/.project"/> -> file="${tomcat.home}/res/ide-support/eclipse/eclipse.classpath"
>> tofile="${tomcat.home}/.classpath"/> +> file="${tomcat.home}/res/ide-support/eclipse/eclipse.classpath"
>> tofile="${tomcat.home}/.classpath" filtering="true" />
>
>> > dir="${tomcat.home}/.settings" /> diff --git
>> a/res/ide-support/eclipse/eclipse.classpath
>> b/res/ide-support/eclipse/eclipse.classpath index afd1232..74c174b
>> 100644 --- a/res/ide-support/eclipse/eclipse.classpath +++
>> b/res/ide-support/eclipse/eclipse.classpath @@ -23,7 +23,7 @@
>> > path="org.eclipse.jdt.junit.JUNIT_CONTAINER/4"/> > kind="var" path="ANT_HOME/lib/ant.jar"/> > path="TOMCAT_LIBS_BASE/jaxrpc-1.1-rc4/geronimo-spec-jaxrpc-1.1-rc4.jar
> "/>
>
>
> - path="TOMCAT_LIBS_BASE/wsdl4j-1.6.2/wsdl4j-1.6.2.jar"/>
>> +> path="TOMCAT_LIBS_BASE/wsdl4j-@wsdl4j-lib.version@/wsdl4j-@wsdl4j-lib.
> version@.jar"/>
>
>
>
>> > path="TOMCAT_LIBS_BASE/easymock-3.2/easymock-3.2.jar"/>
>> > path="TOMCAT_LIBS_BASE/hamcrest-1.3/hamcrest-core-1.3.jar"/>
>
>
>> -
>
>
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Debug Tomcat unit tests
On 15/05/2020 15:54, Nicolò Boschi wrote: > Hi all, > > Currently I can't figure out how to do the following things: - Run single test instead of a entire suite The same way you'd run any single JUnit test in your IDE of choice. - Debug tests with breakpoints The same way you'd debug any JUnit test in your IDE of choice. > I'm not familiar with Ant (I come from Maven) That is not relevant when working in an IDE. The IDE does the compilation. The IDE runs the tests. > and I'm using Netbeans for > development (my wish would be click "Debug test file" directly from > Netbeans) > Any suggestions? Can't help with specific suggestions for NetBeans. I use Eclipse. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Debug Tomcat unit tests
Hi all, Currently I can't figure out how to do the following things:- Run single test instead of a entire suite- Debug tests with breakpoints I'm not familiar with Ant (I come from Maven) and I'm using Netbeans for development (my wish would be click "Debug test file" directly from Netbeans) Any suggestions? Thank you in advance Nicolò Boschi
[Bug 64442] Re-use roles and groups defined on users on MemoryUserDatabase creation
https://bz.apache.org/bugzilla/show_bug.cgi?id=64442 --- Comment #4 from Christopher Schultz --- I think if we are going to provide an XSD for the file, our code should match it. Or the other way around. In any case, they should agree. :) Tomcat does not actually bother to enforce the schema's rules when parsing the file. But historically, there was no schema; that's a (relatively) late addition (2019, I think). Now that it exists, it /could/ be used for validation during database-loading. Maybe for Tomcat 10? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch 7.0.x updated: Use parametric replacement to ensure the proper version of wsdl4j is written to Eclipse's .classpath file.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I'd like to talk about this.
First, this is a patch to Tomcat 7 where a single version number
(wsdl4j) wasn't updated in all the places it needed to be updated
(specifically, the Eclipse .classpath file).
Rather than simply updating the version number, I replaced it with a
replaceable token which always uses the version set in
build.properties.default.
This means that the version number is set in only one place:
build.properites(.default)? instead of having to be set in at least 2
places.
If everyone likes this strategy, I can extend it to the other
versioned libraries we use, and also push it to the other branches.
WDYT?
- -chris
On 5/15/20 10:07, schu...@apache.org wrote:
> This is an automated email from the ASF dual-hosted git
> repository.
>
> schultz pushed a commit to branch 7.0.x in repository
> https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/7.0.x by this
> push: new afda9f0 Use parametric replacement to ensure the proper
> version of wsdl4j is written to Eclipse's .classpath file. afda9f0
> is described below
>
> commit afda9f0d2d2d0bc7b5a870f6df97603354655109 Author: Christopher
> Schultz AuthorDate: Fri May 15
> 10:05:59 2020 -0400
>
> Use parametric replacement to ensure the proper version of wsdl4j
> is written to Eclipse's .classpath file. --- build.xml
> | 3 ++- res/ide-support/eclipse/eclipse.classpath | 2 +- 2 files
> changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/build.xml b/build.xml index 866bad3..973646e 100644
> --- a/build.xml +++ b/build.xml @@ -3297,9 +3297,10 @@
> skip.installer property in build.properties" />
> depends="download-compile, extras-webservices-prepare,
> download-test-compile" description="Prepares the source tree to be
> built in Eclipse">
>
> + value="${wsdl4j-lib.version}" /> file="${tomcat.home}/res/ide-support/eclipse/eclipse.project"
> tofile="${tomcat.home}/.project"/> - file="${tomcat.home}/res/ide-support/eclipse/eclipse.classpath"
> tofile="${tomcat.home}/.classpath"/> + file="${tomcat.home}/res/ide-support/eclipse/eclipse.classpath"
> tofile="${tomcat.home}/.classpath" filtering="true" />
>
> dir="${tomcat.home}/.settings" /> diff --git
> a/res/ide-support/eclipse/eclipse.classpath
> b/res/ide-support/eclipse/eclipse.classpath index afd1232..74c174b
> 100644 --- a/res/ide-support/eclipse/eclipse.classpath +++
> b/res/ide-support/eclipse/eclipse.classpath @@ -23,7 +23,7 @@
> path="org.eclipse.jdt.junit.JUNIT_CONTAINER/4"/> kind="var" path="ANT_HOME/lib/ant.jar"/> path="TOMCAT_LIBS_BASE/jaxrpc-1.1-rc4/geronimo-spec-jaxrpc-1.1-rc4.jar
"/>
>
>
- -
> + path="TOMCAT_LIBS_BASE/wsdl4j-@wsdl4j-lib.version@/wsdl4j-@wsdl4j-lib.
version@.jar"/>
>
>
> path="TOMCAT_LIBS_BASE/easymock-3.2/easymock-3.2.jar"/>
> path="TOMCAT_LIBS_BASE/hamcrest-1.3/hamcrest-core-1.3.jar"/>
>
>
> -
>
>
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6+pRAACgkQHPApP6U8
pFhX5w/+O0dVTHL5UROhgJzTq74AmBrKHml57IkY1LVN+Wv9sWnw+X1s/QCFzamb
fVZ+TZV4hg2xIkFDyzUTwCtPULVtqsBZChIyQDzW/rh9ClHKqTsOE2D6qOHMpcwa
KMlOFb2wb/Z1GuxtHaH8cHZJnVtUjSv0STkKTZhewXGbNkMnXoacXO/1ezaY5vDY
5v4O8PRCDiTIXAMfncI1jORwDvbGBMqyQHl++QG6SiY5L5bp0xIyvtf+j/+8g6Ly
BljCXZQC69ddm3dX5K88gdhsiXphzVZMaeyfGVk3AvCygwy3vAimTsuB8Dho6RUZ
A+Wm2BmEYUpS3bdhhh8VpsD54rJ0q5L1BFLqrfot4+KLA78VLVWsam3IUqHZqIyu
jl8TWHGl4NzRdsMFNm5Y4PnfkWBtMWtG7HyVea2uBLKmwFa9UQ3NA+/dwE8EKGAg
ptz1e2GtgCAwUPWx8d/Z9+4hPOKLBgCuKVpm0YvVedrBCwHZCNKUbJiQspI2lSOF
X4fqzFT5WrSBXpBOUk3FuwLQraDeXecEfalNVgfaJESeRM/KoohHULSWBLCfFQ2R
kvueI0Kxi5WXFcdLFp2AvenL4fHPVYyt0MoAZ6gIArCSfvVZKNPFa1saVtr+yoKr
94A7aOoVjOLR6DygUNj7UFBlGz/uCbg9MkHxvBAxykH0zZg2oik=
=VYFy
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Session serialization uses wrapper objects instead of primitives
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Konstantin,
On 5/15/20 07:36, Konstantin Kolinko wrote:
> чт, 14 мая 2020 г. в 18:48, Christopher Schultz
> :
>>
>> All,
>>
>> I'm interested in the history of the
>> StandardSession.writeObjectData method. I've been looking at it
>> lately because I'm interested in possibly (optionally) encrypting
>> the sessions in the backend session store. But this isn't about
>> encryption at all.
>>
>> The code for StandardSession.doWriteObject(ObjectOutputStream
>> stream) looks like this:
>>
>>
>> // Write the scalar instance variables (except Manager)
>> stream.writeObject(Long.valueOf(creationTime));
>> stream.writeObject(Long.valueOf(lastAccessedTime));
>> stream.writeObject(Integer.valueOf(maxInactiveInterval));
>> stream.writeObject(Boolean.valueOf(isNew));
>> stream.writeObject(Boolean.valueOf(isValid));
>> stream.writeObject(Long.valueOf(thisAccessedTime));
>
> If I understand correctly, with objects you can read them with the
> same 'readObject()' object method and decide what to do with the
> received value. With primitives you have to decide upfront what
> reading method you are going to call, and calling a wrong one will
> result in a fatal failure where the rest of the data cannot be read
> at all.
>
> For example, StandardSession.doReadObject has the following code:
>
> // The next object read could either be the number of attributes
> (Integer) or the session's // authType followed by a Principal
> object (not an Integer) Object nextObject = stream.readObject(); if
> (!(nextObject instanceof Integer)) {
This is true: changing from objects to primitives means that no
changes can be made in the future such as re-ordering, changing the
data type, etc. without breaking backward-compatibility.
The metadata at the "beginning" of the stream is fairly stable, so I
think it's safe to make this change.
We could always write a version-number to the storage if we wanted. If
we want to get really crazy, we can go full protobuf[1].
- -chris
[1] https://developers.google.com/protocol-buffers/
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6+pIYACgkQHPApP6U8
pFiRhRAAyCgUGymuV5dlYqVEYPkHtiOUHlmbxrcoeTGU9KfEDnKPZ0frOtdit1X8
POiBEelQooQYwC2AuYxQy0IbdZhCjtZwTX/voi1ieTTH0SQXADVVkD94jkbd2qVQ
Izzn5aWc2KN0/+tDA0iPQtzntP7NhBJ3eCziz7cPxXbPcJCTSLAJr2OZJC7qPvGv
Tit35FLpVyoMD0XE83tnZmEtczTSgKXC2qTHVtOP4/yObl/+JkAG7cUroKINv510
0bAvkqZ1BQnM6ocrKjUcA3GHOw8wPlnwu4B5g2sVXlfbm/Yg0VK9J8r5nUb/KOeZ
iHwPop/FUammNIFJUHGwoVps8pvYHRn4GC2dFotIodrmi62P8B/7NiDW6fXfK/0E
DCJoPdK29Kwy6r9CvMBRy9lbYx/0FcYv3Gb1m9nknAdJgaql55RCVSEUPSZ7J5on
6cnmIFNxKZw0evpBbTMzfuSu+3uGwSnp1VzRN4wCM8d8Ram8pt/3GmK0tt41ADDw
VS8nbzeEmG1G/6MwCj5W1u11I1KLQl6bVcoLHLrREQQyS0X5+1Spg4v1av+kU7N9
uccb2sv6480LiaZvr+oWv5V1QlWKdSZgfekAsv5zWtaBIdw7MLwuY+0vvOYB682u
xpUs2PBLWQHHHrHQRqLtYLBsa3l5imP4w2h1z3F5pwZTQfoJXwk=
=UE1r
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Use parametric replacement to ensure the proper version of wsdl4j is written to Eclipse's .classpath file.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new afda9f0 Use parametric replacement to ensure the proper version of wsdl4j is written to Eclipse's .classpath file. afda9f0 is described below commit afda9f0d2d2d0bc7b5a870f6df97603354655109 Author: Christopher Schultz AuthorDate: Fri May 15 10:05:59 2020 -0400 Use parametric replacement to ensure the proper version of wsdl4j is written to Eclipse's .classpath file. --- build.xml | 3 ++- res/ide-support/eclipse/eclipse.classpath | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/build.xml b/build.xml index 866bad3..973646e 100644 --- a/build.xml +++ b/build.xml @@ -3297,9 +3297,10 @@ skip.installer property in build.properties" /> depends="download-compile, extras-webservices-prepare, download-test-compile" description="Prepares the source tree to be built in Eclipse"> + - + diff --git a/res/ide-support/eclipse/eclipse.classpath b/res/ide-support/eclipse/eclipse.classpath index afd1232..74c174b 100644 --- a/res/ide-support/eclipse/eclipse.classpath +++ b/res/ide-support/eclipse/eclipse.classpath @@ -23,7 +23,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Clarify how to set an authenticated principal using tomcatAuthentication="false".
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new 50fafec Clarify how to set an authenticated principal using tomcatAuthentication="false". 50fafec is described below commit 50fafec09c1b4313d8296312065204f092962112 Author: Christopher Schultz AuthorDate: Fri May 15 09:56:56 2020 -0400 Clarify how to set an authenticated principal using tomcatAuthentication="false". --- webapps/docs/config/ajp.xml | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml index 0b93fd8..98df292 100644 --- a/webapps/docs/config/ajp.xml +++ b/webapps/docs/config/ajp.xml @@ -524,9 +524,11 @@ If set to true, the authentication will be done in Tomcat. Otherwise, the authenticated principal will be propagated from the native - webserver and used for authorization in Tomcat. Note that this principal - will have no roles associated with it. - The default value is true. If + webserver and used for authorization in Tomcat. + The web server must send the user principal (username) as a request + attribute named REMOTE_USER. + Note that this principal will have no roles associated with it. + The default value is true. If tomcatAuthorization is set to true this attribute has no effect. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Clarify how to set an authenticated principal using tomcatAuthentication="false".
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 7393b00 Clarify how to set an authenticated principal using tomcatAuthentication="false". 7393b00 is described below commit 7393b00780838e5735d9d482409a290931e7c0e2 Author: Christopher Schultz AuthorDate: Fri May 15 09:56:56 2020 -0400 Clarify how to set an authenticated principal using tomcatAuthentication="false". --- webapps/docs/config/ajp.xml | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml index 9d10525..b7afdd4 100644 --- a/webapps/docs/config/ajp.xml +++ b/webapps/docs/config/ajp.xml @@ -538,9 +538,11 @@ If set to true, the authentication will be done in Tomcat. Otherwise, the authenticated principal will be propagated from the native - webserver and used for authorization in Tomcat. Note that this principal - will have no roles associated with it. - The default value is true. If + webserver and used for authorization in Tomcat. + The web server must send the user principal (username) as a request + attribute named REMOTE_USER. + Note that this principal will have no roles associated with it. + The default value is true. If tomcatAuthorization is set to true this attribute has no effect. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Clarify how to set an authenticated principal using tomcatAuthentication="false".
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new dfba434 Clarify how to set an authenticated principal using tomcatAuthentication="false". dfba434 is described below commit dfba4345c120f461b028d58271eb53aa4d26114b Author: Christopher Schultz AuthorDate: Fri May 15 09:56:56 2020 -0400 Clarify how to set an authenticated principal using tomcatAuthentication="false". --- webapps/docs/config/ajp.xml | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml index 5b20d6f..2d4fa42 100644 --- a/webapps/docs/config/ajp.xml +++ b/webapps/docs/config/ajp.xml @@ -534,9 +534,11 @@ If set to true, the authentication will be done in Tomcat. Otherwise, the authenticated principal will be propagated from the native - webserver and used for authorization in Tomcat. Note that this principal - will have no roles associated with it. - The default value is true. If + webserver and used for authorization in Tomcat. + The web server must send the user principal (username) as a request + attribute named REMOTE_USER. + Note that this principal will have no roles associated with it. + The default value is true. If tomcatAuthorization is set to true this attribute has no effect. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Clarify how to set an authenticated principal using tomcatAuthentication="false".
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 8598bd1 Clarify how to set an authenticated principal using tomcatAuthentication="false". 8598bd1 is described below commit 8598bd1d9f202d31f729bf9cc57f845b56fc29bb Author: Christopher Schultz AuthorDate: Fri May 15 09:56:56 2020 -0400 Clarify how to set an authenticated principal using tomcatAuthentication="false". --- webapps/docs/config/ajp.xml | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml index 579c9fa..cd7a8ad 100644 --- a/webapps/docs/config/ajp.xml +++ b/webapps/docs/config/ajp.xml @@ -524,9 +524,11 @@ If set to true, the authentication will be done in Tomcat. Otherwise, the authenticated principal will be propagated from the native - webserver and used for authorization in Tomcat. Note that this principal - will have no roles associated with it. - The default value is true. If + webserver and used for authorization in Tomcat. + The web server must send the user principal (username) as a request + attribute named REMOTE_USER. + Note that this principal will have no roles associated with it. + The default value is true. If tomcatAuthorization is set to true this attribute has no effect. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.104
On Thu, May 7, 2020 at 10:17 PM Violeta Georgieva wrote: > The proposed Apache Tomcat 7.0.104 release is now available for voting. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.104/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1268/ > The git tag is: > https://github.com/apache/tomcat/tree/7.0.104 > 28db826c5a92a870a6632d85dae89d4dc3b7af00 > > The proposed 7.0.104 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 7.0.104 Stable > Rémy
[tomcat] branch 7.0.x updated: Remove useless try/catch
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 3a88c2e Remove useless try/catch
3a88c2e is described below
commit 3a88c2ef1b46f11b94dd653638a15ab90d8cc378
Author: remm
AuthorDate: Fri May 15 14:07:52 2020 +0200
Remove useless try/catch
The ApplicationFilterChain release cannot throw an exception.
---
java/org/apache/catalina/core/ApplicationDispatcher.java | 10 ++
java/org/apache/catalina/core/LocalStrings.properties| 1 -
2 files changed, 2 insertions(+), 9 deletions(-)
diff --git a/java/org/apache/catalina/core/ApplicationDispatcher.java
b/java/org/apache/catalina/core/ApplicationDispatcher.java
index 8e2bfac..eca51d9 100644
--- a/java/org/apache/catalina/core/ApplicationDispatcher.java
+++ b/java/org/apache/catalina/core/ApplicationDispatcher.java
@@ -779,14 +779,8 @@ final class ApplicationDispatcher implements
AsyncDispatcher, RequestDispatcher
}
// Release the filter chain (if any) for this request
-try {
-if (filterChain != null)
-filterChain.release();
-} catch (Throwable e) {
-ExceptionUtils.handleThrowable(e);
-
wrapper.getLogger().error(sm.getString("standardWrapper.releaseFilters",
- wrapper.getName()), e);
-// FIXME: Exception handling needs to be similar to what is in the
StandardWrapperValue
+if (filterChain != null) {
+filterChain.release();
}
// Deallocate the allocated servlet instance
diff --git a/java/org/apache/catalina/core/LocalStrings.properties
b/java/org/apache/catalina/core/LocalStrings.properties
index 7798b9e..06fc87d 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -333,7 +333,6 @@ standardWrapper.notClass=No servlet class has been
specified for servlet [{0}]
standardWrapper.notContext=Parent container of a Wrapper must be a Context
standardWrapper.notFound=Servlet [{0}] is not available
standardWrapper.notServlet=Class [{0}] is not a Servlet
-standardWrapper.releaseFilters=Release filters exception for servlet [{0}]
standardWrapper.serviceException=Servlet.service() for servlet [{0}] in
context with path [{1}] threw exception
standardWrapper.serviceExceptionRoot=Servlet.service() for servlet [{0}] in
context with path [{1}] threw exception [{2}] with root cause
standardWrapper.unavailable=Marking servlet [{0}] as unavailable
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Remove useless try/catch
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 2ac2486 Remove useless try/catch
2ac2486 is described below
commit 2ac2486d1c492956933ebec6e12910ec410c6355
Author: remm
AuthorDate: Fri May 15 14:07:52 2020 +0200
Remove useless try/catch
The ApplicationFilterChain release cannot throw an exception.
---
java/org/apache/catalina/core/ApplicationDispatcher.java | 10 ++
java/org/apache/catalina/core/LocalStrings.properties| 1 -
2 files changed, 2 insertions(+), 9 deletions(-)
diff --git a/java/org/apache/catalina/core/ApplicationDispatcher.java
b/java/org/apache/catalina/core/ApplicationDispatcher.java
index 522e4a7..a640177 100644
--- a/java/org/apache/catalina/core/ApplicationDispatcher.java
+++ b/java/org/apache/catalina/core/ApplicationDispatcher.java
@@ -737,14 +737,8 @@ final class ApplicationDispatcher implements
AsyncDispatcher, RequestDispatcher
}
// Release the filter chain (if any) for this request
-try {
-if (filterChain != null)
-filterChain.release();
-} catch (Throwable e) {
-ExceptionUtils.handleThrowable(e);
-
wrapper.getLogger().error(sm.getString("standardWrapper.releaseFilters",
- wrapper.getName()), e);
-// FIXME: Exception handling needs to be similar to what is in the
StandardWrapperValue
+if (filterChain != null) {
+filterChain.release();
}
// Deallocate the allocated servlet instance
diff --git a/java/org/apache/catalina/core/LocalStrings.properties
b/java/org/apache/catalina/core/LocalStrings.properties
index f257de3..5acc88c 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -297,7 +297,6 @@ standardWrapper.notClass=No servlet class has been
specified for servlet [{0}]
standardWrapper.notContext=Parent container of a Wrapper must be a Context
standardWrapper.notFound=Servlet [{0}] is not available
standardWrapper.notServlet=Class [{0}] is not a Servlet
-standardWrapper.releaseFilters=Release filters exception for servlet [{0}]
standardWrapper.serviceException=Servlet.service() for servlet [{0}] in
context with path [{1}] threw exception
standardWrapper.serviceExceptionRoot=Servlet.service() for servlet [{0}] in
context with path [{1}] threw exception [{2}] with root cause
standardWrapper.unavailable=Marking servlet [{0}] as unavailable
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Remove useless try/catch
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 4c1aede Remove useless try/catch
4c1aede is described below
commit 4c1aede8ae3ac3e53b3ba7d393c6fb7613b1b1a3
Author: remm
AuthorDate: Fri May 15 14:07:52 2020 +0200
Remove useless try/catch
The ApplicationFilterChain release cannot throw an exception.
---
java/org/apache/catalina/core/ApplicationDispatcher.java | 10 ++
java/org/apache/catalina/core/LocalStrings.properties| 1 -
2 files changed, 2 insertions(+), 9 deletions(-)
diff --git a/java/org/apache/catalina/core/ApplicationDispatcher.java
b/java/org/apache/catalina/core/ApplicationDispatcher.java
index c32a78e..1eb66a6 100644
--- a/java/org/apache/catalina/core/ApplicationDispatcher.java
+++ b/java/org/apache/catalina/core/ApplicationDispatcher.java
@@ -738,14 +738,8 @@ final class ApplicationDispatcher implements
AsyncDispatcher, RequestDispatcher
}
// Release the filter chain (if any) for this request
-try {
-if (filterChain != null)
-filterChain.release();
-} catch (Throwable e) {
-ExceptionUtils.handleThrowable(e);
-
wrapper.getLogger().error(sm.getString("standardWrapper.releaseFilters",
- wrapper.getName()), e);
-// FIXME: Exception handling needs to be similar to what is in the
StandardWrapperValue
+if (filterChain != null) {
+filterChain.release();
}
// Deallocate the allocated servlet instance
diff --git a/java/org/apache/catalina/core/LocalStrings.properties
b/java/org/apache/catalina/core/LocalStrings.properties
index 720b7e8..8343a22 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -271,7 +271,6 @@ standardWrapper.notClass=No servlet class has been
specified for servlet [{0}]
standardWrapper.notContext=Parent container of a Wrapper must be a Context
standardWrapper.notFound=Servlet [{0}] is not available
standardWrapper.notServlet=Class [{0}] is not a Servlet
-standardWrapper.releaseFilters=Release filters exception for servlet [{0}]
standardWrapper.serviceException=Servlet.service() for servlet [{0}] in
context with path [{1}] threw exception
standardWrapper.serviceExceptionRoot=Servlet.service() for servlet [{0}] in
context with path [{1}] threw exception [{2}] with root cause
standardWrapper.unavailable=Marking servlet [{0}] as unavailable
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Remove useless try/catch
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new fa64c99 Remove useless try/catch
fa64c99 is described below
commit fa64c995ca7484e30297e73e6db9dd389bf19cba
Author: remm
AuthorDate: Fri May 15 14:07:52 2020 +0200
Remove useless try/catch
The ApplicationFilterChain release cannot throw an exception.
---
java/org/apache/catalina/core/ApplicationDispatcher.java | 10 ++
java/org/apache/catalina/core/LocalStrings.properties| 1 -
2 files changed, 2 insertions(+), 9 deletions(-)
diff --git a/java/org/apache/catalina/core/ApplicationDispatcher.java
b/java/org/apache/catalina/core/ApplicationDispatcher.java
index 7f267e6..a718aa9 100644
--- a/java/org/apache/catalina/core/ApplicationDispatcher.java
+++ b/java/org/apache/catalina/core/ApplicationDispatcher.java
@@ -719,14 +719,8 @@ final class ApplicationDispatcher implements
AsyncDispatcher, RequestDispatcher
}
// Release the filter chain (if any) for this request
-try {
-if (filterChain != null)
-filterChain.release();
-} catch (Throwable e) {
-ExceptionUtils.handleThrowable(e);
-
wrapper.getLogger().error(sm.getString("standardWrapper.releaseFilters",
- wrapper.getName()), e);
-// FIXME: Exception handling needs to be similar to what is in the
StandardWrapperValue
+if (filterChain != null) {
+filterChain.release();
}
// Deallocate the allocated servlet instance
diff --git a/java/org/apache/catalina/core/LocalStrings.properties
b/java/org/apache/catalina/core/LocalStrings.properties
index dd9ec70..3498e00 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -296,7 +296,6 @@ standardWrapper.notClass=No servlet class has been
specified for servlet [{0}]
standardWrapper.notContext=Parent container of a Wrapper must be a Context
standardWrapper.notFound=Servlet [{0}] is not available
standardWrapper.notServlet=Class [{0}] is not a Servlet
-standardWrapper.releaseFilters=Release filters exception for servlet [{0}]
standardWrapper.serviceException=Servlet.service() for servlet [{0}] in
context with path [{1}] threw exception
standardWrapper.serviceExceptionRoot=Servlet.service() for servlet [{0}] in
context with path [{1}] threw exception [{2}] with root cause
standardWrapper.unavailable=Marking servlet [{0}] as unavailable
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Session serialization uses wrapper objects instead of primitives
чт, 14 мая 2020 г. в 18:48, Christopher Schultz :
>
> All,
>
> I'm interested in the history of the StandardSession.writeObjectData
> method. I've been looking at it lately because I'm interested in
> possibly (optionally) encrypting the sessions in the backend session
> store. But this isn't about encryption at all.
>
> The code for StandardSession.doWriteObject(ObjectOutputStream stream)
> looks like this:
>
>
> // Write the scalar instance variables (except Manager)
> stream.writeObject(Long.valueOf(creationTime));
> stream.writeObject(Long.valueOf(lastAccessedTime));
> stream.writeObject(Integer.valueOf(maxInactiveInterval));
> stream.writeObject(Boolean.valueOf(isNew));
> stream.writeObject(Boolean.valueOf(isValid));
> stream.writeObject(Long.valueOf(thisAccessedTime));
If I understand correctly, with objects you can read them with the
same 'readObject()' object method and decide what to do with the
received value. With primitives you have to decide upfront what
reading method you are going to call, and calling a wrong one will
result in a fatal failure where the rest of the data cannot be read at
all.
For example, StandardSession.doReadObject has the following code:
// The next object read could either be the number of
attributes (Integer) or the session's
// authType followed by a Principal object (not an Integer)
Object nextObject = stream.readObject();
if (!(nextObject instanceof Integer)) {
Best regards,
Konstantin Kolinko
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Session serialization uses wrapper objects instead of primitives
On Fri, May 15, 2020 at 1:00 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Mark, > > On 5/14/20 14:21, Mark Thomas wrote: > > On 14/05/2020 18:41, Christopher Schultz wrote: > >> Mark, > >> > >> On 5/14/20 12:53, Mark Thomas wrote: > >>> On 14/05/2020 17:46, Mark Thomas wrote: > On 14/05/2020 16:48, Christopher Schultz wrote: > > All, > > > > I'm interested in the history of the > > StandardSession.writeObjectData method. I've been looking > > at it lately because I'm interested in possibly > > (optionally) encrypting the sessions in the backend session > > store. But this isn't about encryption at all. > > > > The code for > > StandardSession.doWriteObject(ObjectOutputStream stream) > > looks like this: > > > > > > // Write the scalar instance variables (except Manager) > > stream.writeObject(Long.valueOf(creationTime)); > > stream.writeObject(Long.valueOf(lastAccessedTime)); > > stream.writeObject(Integer.valueOf(maxInactiveInterval)); > > stream.writeObject(Boolean.valueOf(isNew)); > > stream.writeObject(Boolean.valueOf(isValid)); > > stream.writeObject(Long.valueOf(thisAccessedTime)); > > > > > > Is there any reason we are writing object wrappers for > > these primitive members instead of just writing the > > primitives directly? > > That code goes all the way back to at least Tomcat 3.1.x > (20+ years ago). > > > It turns out that the byte stream is identical whether one > > uses objects or primitives, > > That surprises me. Looking at the JRE source code it really > surprises me. So much that I am going to go and try it for > myself. > >> > >>> My testing shows the opposite. There is a significant > >>> difference between writing primitives and writing objects. > >> > >> Hmm. I did a micro-test with just writing a single > >> Long.valueOf() value and a (primitive) long alone to an > >> ObjectOutputStream. I didn't test the StandardSession itself. > > > > I performed the same micro-test. > > > >>> Given backwards compatibility requirements we can't change this > >>> in 9.0.x and earlier. > >> > >> Agreed. > >> > One reason we might want to stick with writing objects is to > support sessionAttributeValueClassNameFilter. I'm only going > from reading the source so I could easily have missed > something but it looks like that will only work if we > write/read objects. > >> > >>> We only care about this for session attributes. We know our > >>> internal attributes are safe so we could switch to primitives > >>> in 10.0.x. > >> > >> I'll have to play-around a bit to see what was wrong with my > >> initial tes t. > > So my test was bunk, the data on-the-wire (so to speak) is very > different, and there is no way at all to make them compatible. :/ > > Perhaps a rewindable input stream would work, but it's just not really > that important. > > I think it's okay to make a breaking change at 10.0, but only if > anyone really cares. It saves a couple of bytes which can add up. > > In my microtest, I wrote a java.lang.Long value and a (primitive) long > to two separate files. The object-file was 82 bytes and the > primitive-file was 14 bytes. It looks like after the 2-byte header and > 2-byte version identifier, the primitive long is written as "block > data" with a 1-byte length (8) and then the 8 bytes of the long. The > object flavor is ... more verbose. > > So we get almost 90% savings for a single long value. On the other > hand, the primitive only values going into sessions are the metadata > and not the attributes, which will dominate the bulk of the data (or > should, anyway). > > I still think this is worth doing. > > Any objections? > No objections! > > - -chris > -BEGIN PGP SIGNATURE- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl69sXYACgkQHPApP6U8 > pFi6pg/9ExBQhRRlUv4QPUVDJEhJ8pN6KfBIoHgd/UWw2zYxjeifhDrN+biK2lLG > GHWmJuF+wEAFz9xtYqN46q1QqSKIQcWTAqI05NchNlqFd29JHwj+9QZV00VTd0eK > My4MTCVY4dSObJrePyw14tEHyRVcFl539bDhtez7fnjOGkq4EGNXvr7ep9L3w5GB > ckwKAp1OuFYz5/0ZCCDEVdRiSpoXAac06B5v0FUQb3TBn06gdavUJb9q0HM57RjI > 0FkQHPyZ1ibfWOOLldBrCgA+7SygGiD6LO2nMo5Fgy1A4l5W/uekkhW96FXBKHng > /ocXJRQSkeDoanpQmu5pC/Ru1S0bNjZCIo9OMS0de6iEMEO3wPtvuLYhINYydk6E > 3ZNx+EPZEFPoZuB1K0peWNDgFsE3ar5gL+y6cvztNoZtT1WymoDS6uQ4OvGXcXNL > 61SOSe3CmqHF0dQTlD/Xikakumz4Kefny5QGw/XlchPVNCqUmvgxUwYPb965kwz3 > Vt/3nib0QgKxbR0j54InFIRkG7gPuGyUaL0kwtMbFEdOTw+PqAEyIPSqIRtmkhVG > Mzf6ikh+TOToYi+OIJXUMloaVL8xafAo6hKTc7lbu2hAUv9bE47X6uVyQmD7Yxqu > R3LQGo3OYX9+GBdKBhgvbZB9bEkUImMbsgIXKIUScGaMH4RdtBE= > =AZle > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail:
[Bug 64442] Re-use roles and groups defined on users on MemoryUserDatabase creation
https://bz.apache.org/bugzilla/show_bug.cgi?id=64442 --- Comment #3 from mgrigorov --- Is the XSD actually being used by Tomcat to validate the .xml when parsing ? I guess it is not, otherwise Felix would have seen an error in the logs explaining that the order is not correct. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Session serialization uses wrapper objects instead of primitives
On Fri, May 15, 2020 at 12:00 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Mark, > > On 5/14/20 14:21, Mark Thomas wrote: > > On 14/05/2020 18:41, Christopher Schultz wrote: > >> Mark, > >> > >> On 5/14/20 12:53, Mark Thomas wrote: > >>> On 14/05/2020 17:46, Mark Thomas wrote: > On 14/05/2020 16:48, Christopher Schultz wrote: > > All, > > > > I'm interested in the history of the > > StandardSession.writeObjectData method. I've been looking > > at it lately because I'm interested in possibly > > (optionally) encrypting the sessions in the backend session > > store. But this isn't about encryption at all. > > > > The code for > > StandardSession.doWriteObject(ObjectOutputStream stream) > > looks like this: > > > > > > // Write the scalar instance variables (except Manager) > > stream.writeObject(Long.valueOf(creationTime)); > > stream.writeObject(Long.valueOf(lastAccessedTime)); > > stream.writeObject(Integer.valueOf(maxInactiveInterval)); > > stream.writeObject(Boolean.valueOf(isNew)); > > stream.writeObject(Boolean.valueOf(isValid)); > > stream.writeObject(Long.valueOf(thisAccessedTime)); > > > > > > Is there any reason we are writing object wrappers for > > these primitive members instead of just writing the > > primitives directly? > > That code goes all the way back to at least Tomcat 3.1.x > (20+ years ago). > > > It turns out that the byte stream is identical whether one > > uses objects or primitives, > > That surprises me. Looking at the JRE source code it really > surprises me. So much that I am going to go and try it for > myself. > >> > >>> My testing shows the opposite. There is a significant > >>> difference between writing primitives and writing objects. > >> > >> Hmm. I did a micro-test with just writing a single > >> Long.valueOf() value and a (primitive) long alone to an > >> ObjectOutputStream. I didn't test the StandardSession itself. > > > > I performed the same micro-test. > > > >>> Given backwards compatibility requirements we can't change this > >>> in 9.0.x and earlier. > >> > >> Agreed. > >> > One reason we might want to stick with writing objects is to > support sessionAttributeValueClassNameFilter. I'm only going > from reading the source so I could easily have missed > something but it looks like that will only work if we > write/read objects. > >> > >>> We only care about this for session attributes. We know our > >>> internal attributes are safe so we could switch to primitives > >>> in 10.0.x. > >> > >> I'll have to play-around a bit to see what was wrong with my > >> initial tes t. > > So my test was bunk, the data on-the-wire (so to speak) is very > different, and there is no way at all to make them compatible. :/ > > Perhaps a rewindable input stream would work, but it's just not really > that important. > > I think it's okay to make a breaking change at 10.0, but only if > anyone really cares. It saves a couple of bytes which can add up. > > In my microtest, I wrote a java.lang.Long value and a (primitive) long > to two separate files. The object-file was 82 bytes and the > primitive-file was 14 bytes. It looks like after the 2-byte header and > 2-byte version identifier, the primitive long is written as "block > data" with a 1-byte length (8) and then the 8 bytes of the long. The > object flavor is ... more verbose. > > So we get almost 90% savings for a single long value. On the other > hand, the primitive only values going into sessions are the metadata > and not the attributes, which will dominate the bulk of the data (or > should, anyway). > > I still think this is worth doing. > > Any objections? > Ok. Rémy > > - -chris > -BEGIN PGP SIGNATURE- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl69sXYACgkQHPApP6U8 > pFi6pg/9ExBQhRRlUv4QPUVDJEhJ8pN6KfBIoHgd/UWw2zYxjeifhDrN+biK2lLG > GHWmJuF+wEAFz9xtYqN46q1QqSKIQcWTAqI05NchNlqFd29JHwj+9QZV00VTd0eK > My4MTCVY4dSObJrePyw14tEHyRVcFl539bDhtez7fnjOGkq4EGNXvr7ep9L3w5GB > ckwKAp1OuFYz5/0ZCCDEVdRiSpoXAac06B5v0FUQb3TBn06gdavUJb9q0HM57RjI > 0FkQHPyZ1ibfWOOLldBrCgA+7SygGiD6LO2nMo5Fgy1A4l5W/uekkhW96FXBKHng > /ocXJRQSkeDoanpQmu5pC/Ru1S0bNjZCIo9OMS0de6iEMEO3wPtvuLYhINYydk6E > 3ZNx+EPZEFPoZuB1K0peWNDgFsE3ar5gL+y6cvztNoZtT1WymoDS6uQ4OvGXcXNL > 61SOSe3CmqHF0dQTlD/Xikakumz4Kefny5QGw/XlchPVNCqUmvgxUwYPb965kwz3 > Vt/3nib0QgKxbR0j54InFIRkG7gPuGyUaL0kwtMbFEdOTw+PqAEyIPSqIRtmkhVG > Mzf6ikh+TOToYi+OIJXUMloaVL8xafAo6hKTc7lbu2hAUv9bE47X6uVyQmD7Yxqu > R3LQGo3OYX9+GBdKBhgvbZB9bEkUImMbsgIXKIUScGaMH4RdtBE= > =AZle > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail:
