Re: [tomcat] branch main updated: Implement the new connection ID and request ID API for Servlet 6.0
Mark, On 9/24/21 14:39, Mark Thomas wrote: On 24/09/2021 19:21, Christopher Schultz wrote: Mark, Sorry for the top-post but this is quite a long patch and it will be easier to find my comments up here. No problem. Makes sense. When generating the String value for the request identifier, you could use: private String requestId = Long.toHexString(requestIdGenerator.getAndIncrement()); This would produce smaller strings, use slightly less CPU, and then nobody cares whether the value is - or +. Excellent. I like it. I'll make the change. We might need those extra 3,000,000 years before failover ;) Should the new request-id be generated during recycle() or during another time? Is there a method which is always called to re-commission a Request object? If so, I think it would make more sense to leave the requestId alone in recycle() and allocate the new request-id in that other method. Not sure. I'll take a look. In cases where there are use-after-recycle errors in an application, having the old request-id might be helpful in debugging. I think that could go either way. The ID changing as soon as recycle is called might make use after recycle easier to spot. The more I think about this, the more I think changing ID on recycle is the way to go but I am prepared to be convinced otherwise. How about requestId = -1 on recycle (and create) but set it to a definite value when it's "in service"? -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Use base 16 rather than base 10 for IDs. Marginally faster and no -ve
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 0608beb Use base 16 rather than base 10 for IDs. Marginally faster
and no -ve
0608beb is described below
commit 0608beb7fa910b67d2833a197539048222c76d45
Author: Mark Thomas
AuthorDate: Fri Sep 24 19:41:21 2021 +0100
Use base 16 rather than base 10 for IDs. Marginally faster and no -ve
---
java/org/apache/coyote/Request.java| 2 +-
java/org/apache/tomcat/util/net/SocketWrapperBase.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/coyote/Request.java
b/java/org/apache/coyote/Request.java
index 2bbabaf..d9d0732 100644
--- a/java/org/apache/coyote/Request.java
+++ b/java/org/apache/coyote/Request.java
@@ -793,7 +793,7 @@ public final class Request {
available = 0;
sendfile = true;
-requestId = Long.toString(requestIdGenerator.getAndIncrement());
+requestId = Long.toHexString(requestIdGenerator.getAndIncrement());
serverCookies.recycle();
parameters.recycle();
diff --git a/java/org/apache/tomcat/util/net/SocketWrapperBase.java
b/java/org/apache/tomcat/util/net/SocketWrapperBase.java
index 4b26219..2ab32ef 100644
--- a/java/org/apache/tomcat/util/net/SocketWrapperBase.java
+++ b/java/org/apache/tomcat/util/net/SocketWrapperBase.java
@@ -137,7 +137,7 @@ public abstract class SocketWrapperBase {
readPending = null;
writePending = null;
}
-connectionId = Long.toString(connectionIdGenerator.getAndIncrement());
+connectionId =
Long.toHexString(connectionIdGenerator.getAndIncrement());
}
public E getSocket() {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Implement the new connection ID and request ID API for Servlet 6.0
On 24/09/2021 19:21, Christopher Schultz wrote: Mark, Sorry for the top-post but this is quite a long patch and it will be easier to find my comments up here. No problem. Makes sense. When generating the String value for the request identifier, you could use: private String requestId = Long.toHexString(requestIdGenerator.getAndIncrement()); This would produce smaller strings, use slightly less CPU, and then nobody cares whether the value is - or +. Excellent. I like it. I'll make the change. We might need those extra 3,000,000 years before failover ;) Should the new request-id be generated during recycle() or during another time? Is there a method which is always called to re-commission a Request object? If so, I think it would make more sense to leave the requestId alone in recycle() and allocate the new request-id in that other method. Not sure. I'll take a look. In cases where there are use-after-recycle errors in an application, having the old request-id might be helpful in debugging. I think that could go either way. The ID changing as soon as recycle is called might make use after recycle easier to spot. The more I think about this, the more I think changing ID on recycle is the way to go but I am prepared to be convinced otherwise. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Implement the new connection ID and request ID API for Servlet 6.0
On 24/09/2021 19:03, Christopher Schultz wrote: Mark, I haven't looked at the patch yet but I was thinking about this since you mentioned it at ApacheCon. Many load-balancers and other similar network systems are capable of generating their own request-identifiers and sending them as request headers to origin servers. I think it would make sense to allow the user to either use a container-generated request identifier (as you have implemented it) or to allow a (trusted) upstream component to provide one to the container. WDYT? I don't think that covers all use cases as it requires the successful parsing of the incoming request. Users are free to log multiple IDs from different sources if that makes sense for their environment. These IDs are primarily to fill the gap that there wasn't IDs from the container perspective. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Remove incorrect comment
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new efd7c27 Remove incorrect comment
efd7c27 is described below
commit efd7c277917e1529186a9c524b616b436b74a962
Author: Mark Thomas
AuthorDate: Fri Sep 24 19:22:20 2021 +0100
Remove incorrect comment
---
test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 1 -
1 file changed, 1 deletion(-)
diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index cc91d47..88d2b46 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -53,7 +53,6 @@ public class TesterOpenSSL {
// Note: Gump currently tests 10.x with OpenSSL 3.1.x
VERSION = 30100;
} else if (versionString.startsWith("OpenSSL 3.0.0")) {
-// Note: Gump currently tests 10.x with OpenSSL 3.0.x
VERSION = 3;
} else if (versionString.startsWith("OpenSSL 1.1.1")) {
// LTS
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Remove incorrect comment
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new d01cf5a Remove incorrect comment
d01cf5a is described below
commit d01cf5a069e714ef9d3cf8f05e160b4308f7595d
Author: Mark Thomas
AuthorDate: Fri Sep 24 19:22:20 2021 +0100
Remove incorrect comment
---
test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 1 -
1 file changed, 1 deletion(-)
diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index cc91d47..88d2b46 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -53,7 +53,6 @@ public class TesterOpenSSL {
// Note: Gump currently tests 10.x with OpenSSL 3.1.x
VERSION = 30100;
} else if (versionString.startsWith("OpenSSL 3.0.0")) {
-// Note: Gump currently tests 10.x with OpenSSL 3.0.x
VERSION = 3;
} else if (versionString.startsWith("OpenSSL 1.1.1")) {
// LTS
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Remove incorrect comment
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new 3b3cf12 Remove incorrect comment
3b3cf12 is described below
commit 3b3cf12dd8de767cc6fef1d750b173162277048f
Author: Mark Thomas
AuthorDate: Fri Sep 24 19:22:20 2021 +0100
Remove incorrect comment
---
test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 1 -
1 file changed, 1 deletion(-)
diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index cc91d47..88d2b46 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -53,7 +53,6 @@ public class TesterOpenSSL {
// Note: Gump currently tests 10.x with OpenSSL 3.1.x
VERSION = 30100;
} else if (versionString.startsWith("OpenSSL 3.0.0")) {
-// Note: Gump currently tests 10.x with OpenSSL 3.0.x
VERSION = 3;
} else if (versionString.startsWith("OpenSSL 1.1.1")) {
// LTS
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Remove incorrect comment
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new e11f2ef Remove incorrect comment
e11f2ef is described below
commit e11f2ef103fa32eb7ea1243e272dc5d6cf39e91a
Author: Mark Thomas
AuthorDate: Fri Sep 24 19:22:20 2021 +0100
Remove incorrect comment
---
test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 1 -
1 file changed, 1 deletion(-)
diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index cc91d47..88d2b46 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -53,7 +53,6 @@ public class TesterOpenSSL {
// Note: Gump currently tests 10.x with OpenSSL 3.1.x
VERSION = 30100;
} else if (versionString.startsWith("OpenSSL 3.0.0")) {
-// Note: Gump currently tests 10.x with OpenSSL 3.0.x
VERSION = 3;
} else if (versionString.startsWith("OpenSSL 1.1.1")) {
// LTS
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Add support for OpenSSL 3.1.x to unit tests
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new d994418 Add support for OpenSSL 3.1.x to unit tests
d994418 is described below
commit d994418b581938ba5f14bbd16de2551f42c4
Author: Mark Thomas
AuthorDate: Fri Sep 24 19:19:08 2021 +0100
Add support for OpenSSL 3.1.x to unit tests
---
test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index 9dafe46..cc91d47 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -49,7 +49,10 @@ public class TesterOpenSSL {
} catch (IOException e) {
versionString = "";
}
-if (versionString.startsWith("OpenSSL 3.0.0")) {
+if (versionString.startsWith("OpenSSL 3.1.0")) {
+// Note: Gump currently tests 10.x with OpenSSL 3.1.x
+VERSION = 30100;
+} else if (versionString.startsWith("OpenSSL 3.0.0")) {
// Note: Gump currently tests 10.x with OpenSSL 3.0.x
VERSION = 3;
} else if (versionString.startsWith("OpenSSL 1.1.1")) {
@@ -337,7 +340,7 @@ public class TesterOpenSSL {
// Explicit OpenSSL path may also need explicit lib path
// (e.g. Gump needs this)
openSSLLibPath = openSSLPath.substring(0,
openSSLPath.lastIndexOf('/'));
-openSSLLibPath = openSSLLibPath + "/../lib:" + openSSLLibPath +
"/../lib64";
+openSSLLibPath = openSSLLibPath + "/../:" + openSSLLibPath +
"/../lib:" + openSSLLibPath + "/../lib64";
}
List cmd = new ArrayList<>();
cmd.add(openSSLPath);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Add support for OpenSSL 3.1.x to unit tests
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 7d03135 Add support for OpenSSL 3.1.x to unit tests
7d03135 is described below
commit 7d03135e3ff7d1f518ceb8e9f740d290969c63b5
Author: Mark Thomas
AuthorDate: Fri Sep 24 19:19:08 2021 +0100
Add support for OpenSSL 3.1.x to unit tests
---
test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index 9dafe46..cc91d47 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -49,7 +49,10 @@ public class TesterOpenSSL {
} catch (IOException e) {
versionString = "";
}
-if (versionString.startsWith("OpenSSL 3.0.0")) {
+if (versionString.startsWith("OpenSSL 3.1.0")) {
+// Note: Gump currently tests 10.x with OpenSSL 3.1.x
+VERSION = 30100;
+} else if (versionString.startsWith("OpenSSL 3.0.0")) {
// Note: Gump currently tests 10.x with OpenSSL 3.0.x
VERSION = 3;
} else if (versionString.startsWith("OpenSSL 1.1.1")) {
@@ -337,7 +340,7 @@ public class TesterOpenSSL {
// Explicit OpenSSL path may also need explicit lib path
// (e.g. Gump needs this)
openSSLLibPath = openSSLPath.substring(0,
openSSLPath.lastIndexOf('/'));
-openSSLLibPath = openSSLLibPath + "/../lib:" + openSSLLibPath +
"/../lib64";
+openSSLLibPath = openSSLLibPath + "/../:" + openSSLLibPath +
"/../lib:" + openSSLLibPath + "/../lib64";
}
List cmd = new ArrayList<>();
cmd.add(openSSLPath);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Add support for OpenSSL 3.1.x to unit tests
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new c9b14f7 Add support for OpenSSL 3.1.x to unit tests
c9b14f7 is described below
commit c9b14f71c6315becc3dcfb212d47721941a59947
Author: Mark Thomas
AuthorDate: Fri Sep 24 19:19:08 2021 +0100
Add support for OpenSSL 3.1.x to unit tests
---
test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index 9dafe46..cc91d47 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -49,7 +49,10 @@ public class TesterOpenSSL {
} catch (IOException e) {
versionString = "";
}
-if (versionString.startsWith("OpenSSL 3.0.0")) {
+if (versionString.startsWith("OpenSSL 3.1.0")) {
+// Note: Gump currently tests 10.x with OpenSSL 3.1.x
+VERSION = 30100;
+} else if (versionString.startsWith("OpenSSL 3.0.0")) {
// Note: Gump currently tests 10.x with OpenSSL 3.0.x
VERSION = 3;
} else if (versionString.startsWith("OpenSSL 1.1.1")) {
@@ -337,7 +340,7 @@ public class TesterOpenSSL {
// Explicit OpenSSL path may also need explicit lib path
// (e.g. Gump needs this)
openSSLLibPath = openSSLPath.substring(0,
openSSLPath.lastIndexOf('/'));
-openSSLLibPath = openSSLLibPath + "/../lib:" + openSSLLibPath +
"/../lib64";
+openSSLLibPath = openSSLLibPath + "/../:" + openSSLLibPath +
"/../lib:" + openSSLLibPath + "/../lib64";
}
List cmd = new ArrayList<>();
cmd.add(openSSLPath);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Implement the new connection ID and request ID API for Servlet 6.0
Mark,
Sorry for the top-post but this is quite a long patch and it will be
easier to find my comments up here.
When generating the String value for the request identifier, you could use:
private String requestId =
Long.toHexString(requestIdGenerator.getAndIncrement());
This would produce smaller strings, use slightly less CPU, and then
nobody cares whether the value is - or +.
This field cannot be FINAL because request objects can be re-used. Okay.
Should the new request-id be generated during recycle() or during
another time? Is there a method which is always called to re-commission
a Request object? If so, I think it would make more sense to leave the
requestId alone in recycle() and allocate the new request-id in that
other method.
In cases where there are use-after-recycle errors in an application,
having the old request-id might be helpful in debugging.
-chris
On 9/24/21 13:30, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new b7c05a8 Implement the new connection ID and request ID API for
Servlet 6.0
b7c05a8 is described below
commit b7c05a8f60003c42e6f367bf307188ce391dbad2
Author: Mark Thomas
AuthorDate: Fri Sep 24 18:30:24 2021 +0100
Implement the new connection ID and request ID API for Servlet 6.0
---
java/jakarta/el/ImportHandler.java | 1 +
java/jakarta/servlet/ServletConnection.java| 95 +++
java/jakarta/servlet/ServletRequest.java | 48
java/jakarta/servlet/ServletRequestWrapper.java| 36 ++
java/org/apache/catalina/Globals.java | 16 ---
java/org/apache/catalina/connector/Request.java| 48
.../apache/catalina/connector/RequestFacade.java | 19 +++
java/org/apache/coyote/AbstractProcessor.java | 37 +++---
java/org/apache/coyote/ActionCode.java | 13 ++-
java/org/apache/coyote/Request.java| 39 ++-
java/org/apache/coyote/ajp/AjpProcessor.java | 7 ++
java/org/apache/coyote/http11/Http11Processor.java | 7 ++
.../coyote/http2/Http2AsyncUpgradeHandler.java | 4 +-
java/org/apache/coyote/http2/Http2Protocol.java| 4 +-
.../apache/coyote/http2/Http2UpgradeHandler.java | 20 +++-
java/org/apache/coyote/http2/StreamProcessor.java | 18 +--
.../tomcat/util/net/ServletConnectionImpl.java | 55 +
.../apache/tomcat/util/net/SocketWrapperBase.java | 30 +
.../catalina/filters/TesterHttpServletRequest.java | 16 +++
.../apache/coyote/http2/TestAbstractStream.java| 130 +++--
webapps/docs/changelog.xml | 4 +
21 files changed, 553 insertions(+), 94 deletions(-)
diff --git a/java/jakarta/el/ImportHandler.java
b/java/jakarta/el/ImportHandler.java
index 138a6da..b824d5d 100644
--- a/java/jakarta/el/ImportHandler.java
+++ b/java/jakarta/el/ImportHandler.java
@@ -54,6 +54,7 @@ public class ImportHandler {
servletClassNames.add("RequestDispatcher");
servletClassNames.add("Servlet");
servletClassNames.add("ServletConfig");
+servletClassNames.add("ServletConnection");
servletClassNames.add("ServletContainerInitializer");
servletClassNames.add("ServletContext");
servletClassNames.add("ServletContextAttributeListener");
diff --git a/java/jakarta/servlet/ServletConnection.java
b/java/jakarta/servlet/ServletConnection.java
new file mode 100644
index 000..97ded16
--- /dev/null
+++ b/java/jakarta/servlet/ServletConnection.java
@@ -0,0 +1,95 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package jakarta.servlet;
+
+/**
+ * Provides information about the connection made to the Servlet container.
This
+ * interface is intended primarily for debugging purposes and as such provides
+ * the raw information as seen by the container. Unless explicitly stated
+ * otherwise in the Javadoc for a method, no adjustment is made for the
presence
+ * of reverse proxies or similar configurations.
+ *
+ * @since
[tomcat] branch main updated: Add support for OpenSSL 3.1.x to unit tests
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new b22d93f Add support for OpenSSL 3.1.x to unit tests
b22d93f is described below
commit b22d93f6f66b53319757cd226c32942882e77b38
Author: Mark Thomas
AuthorDate: Fri Sep 24 19:19:08 2021 +0100
Add support for OpenSSL 3.1.x to unit tests
---
test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
index 9dafe46..cc91d47 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -49,7 +49,10 @@ public class TesterOpenSSL {
} catch (IOException e) {
versionString = "";
}
-if (versionString.startsWith("OpenSSL 3.0.0")) {
+if (versionString.startsWith("OpenSSL 3.1.0")) {
+// Note: Gump currently tests 10.x with OpenSSL 3.1.x
+VERSION = 30100;
+} else if (versionString.startsWith("OpenSSL 3.0.0")) {
// Note: Gump currently tests 10.x with OpenSSL 3.0.x
VERSION = 3;
} else if (versionString.startsWith("OpenSSL 1.1.1")) {
@@ -337,7 +340,7 @@ public class TesterOpenSSL {
// Explicit OpenSSL path may also need explicit lib path
// (e.g. Gump needs this)
openSSLLibPath = openSSLPath.substring(0,
openSSLPath.lastIndexOf('/'));
-openSSLLibPath = openSSLLibPath + "/../lib:" + openSSLLibPath +
"/../lib64";
+openSSLLibPath = openSSLLibPath + "/../:" + openSSLLibPath +
"/../lib:" + openSSLLibPath + "/../lib64";
}
List cmd = new ArrayList<>();
cmd.add(openSSLPath);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master created (now b7c1897)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git. at b7c1897 Fix typo No new revisions were added by this update. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Implement the new connection ID and request ID API for Servlet 6.0
Mark,
I haven't looked at the patch yet but I was thinking about this since
you mentioned it at ApacheCon.
Many load-balancers and other similar network systems are capable of
generating their own request-identifiers and sending them as request
headers to origin servers. I think it would make sense to allow the user
to either use a container-generated request identifier (as you have
implemented it) or to allow a (trusted) upstream component to provide
one to the container.
WDYT?
-chris
On 9/24/21 13:30, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new b7c05a8 Implement the new connection ID and request ID API for
Servlet 6.0
b7c05a8 is described below
commit b7c05a8f60003c42e6f367bf307188ce391dbad2
Author: Mark Thomas
AuthorDate: Fri Sep 24 18:30:24 2021 +0100
Implement the new connection ID and request ID API for Servlet 6.0
---
java/jakarta/el/ImportHandler.java | 1 +
java/jakarta/servlet/ServletConnection.java| 95 +++
java/jakarta/servlet/ServletRequest.java | 48
java/jakarta/servlet/ServletRequestWrapper.java| 36 ++
java/org/apache/catalina/Globals.java | 16 ---
java/org/apache/catalina/connector/Request.java| 48
.../apache/catalina/connector/RequestFacade.java | 19 +++
java/org/apache/coyote/AbstractProcessor.java | 37 +++---
java/org/apache/coyote/ActionCode.java | 13 ++-
java/org/apache/coyote/Request.java| 39 ++-
java/org/apache/coyote/ajp/AjpProcessor.java | 7 ++
java/org/apache/coyote/http11/Http11Processor.java | 7 ++
.../coyote/http2/Http2AsyncUpgradeHandler.java | 4 +-
java/org/apache/coyote/http2/Http2Protocol.java| 4 +-
.../apache/coyote/http2/Http2UpgradeHandler.java | 20 +++-
java/org/apache/coyote/http2/StreamProcessor.java | 18 +--
.../tomcat/util/net/ServletConnectionImpl.java | 55 +
.../apache/tomcat/util/net/SocketWrapperBase.java | 30 +
.../catalina/filters/TesterHttpServletRequest.java | 16 +++
.../apache/coyote/http2/TestAbstractStream.java| 130 +++--
webapps/docs/changelog.xml | 4 +
21 files changed, 553 insertions(+), 94 deletions(-)
diff --git a/java/jakarta/el/ImportHandler.java
b/java/jakarta/el/ImportHandler.java
index 138a6da..b824d5d 100644
--- a/java/jakarta/el/ImportHandler.java
+++ b/java/jakarta/el/ImportHandler.java
@@ -54,6 +54,7 @@ public class ImportHandler {
servletClassNames.add("RequestDispatcher");
servletClassNames.add("Servlet");
servletClassNames.add("ServletConfig");
+servletClassNames.add("ServletConnection");
servletClassNames.add("ServletContainerInitializer");
servletClassNames.add("ServletContext");
servletClassNames.add("ServletContextAttributeListener");
diff --git a/java/jakarta/servlet/ServletConnection.java
b/java/jakarta/servlet/ServletConnection.java
new file mode 100644
index 000..97ded16
--- /dev/null
+++ b/java/jakarta/servlet/ServletConnection.java
@@ -0,0 +1,95 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package jakarta.servlet;
+
+/**
+ * Provides information about the connection made to the Servlet container.
This
+ * interface is intended primarily for debugging purposes and as such provides
+ * the raw information as seen by the container. Unless explicitly stated
+ * otherwise in the Javadoc for a method, no adjustment is made for the
presence
+ * of reverse proxies or similar configurations.
+ *
+ * @since Servlet 6.0
+ */
+public interface ServletConnection {
+
+/**
+ * Obtain a unique (within the lifetime of the JVM) identifier string for
+ * the network connection to the JVM that is being used for the
+ * {@code ServletRequest} from which this {@code ServletConnection} was
+ * obtained.
+ *
+ * There is no defined format for this string. The format is implementation
Re: [tomcat] branch main updated: Implement the new connection ID and request ID API for Servlet 6.0
On 24/09/2021 18:30, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new b7c05a8 Implement the new connection ID and request ID API for Servlet 6.0 Doing some simple testing locally highlighted something interesting. The Coyote Request gets recycled twice for most requests. Once when the HTTP request is complete and once when the Processor is recycled just before the socket is added to the Poller. I took a look to see if I could convince myself that one of these could be removed. The first is definitely required for pipelined requests. The second looks to be required for some error conditions. If anyone fancies a brain teaser then finding a way to have just one call to Request.recycle() might keep you entertained for a while ;) Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Implement the new connection ID and request ID API for Servlet 6.0
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new b7c05a8 Implement the new connection ID and request ID API for
Servlet 6.0
b7c05a8 is described below
commit b7c05a8f60003c42e6f367bf307188ce391dbad2
Author: Mark Thomas
AuthorDate: Fri Sep 24 18:30:24 2021 +0100
Implement the new connection ID and request ID API for Servlet 6.0
---
java/jakarta/el/ImportHandler.java | 1 +
java/jakarta/servlet/ServletConnection.java| 95 +++
java/jakarta/servlet/ServletRequest.java | 48
java/jakarta/servlet/ServletRequestWrapper.java| 36 ++
java/org/apache/catalina/Globals.java | 16 ---
java/org/apache/catalina/connector/Request.java| 48
.../apache/catalina/connector/RequestFacade.java | 19 +++
java/org/apache/coyote/AbstractProcessor.java | 37 +++---
java/org/apache/coyote/ActionCode.java | 13 ++-
java/org/apache/coyote/Request.java| 39 ++-
java/org/apache/coyote/ajp/AjpProcessor.java | 7 ++
java/org/apache/coyote/http11/Http11Processor.java | 7 ++
.../coyote/http2/Http2AsyncUpgradeHandler.java | 4 +-
java/org/apache/coyote/http2/Http2Protocol.java| 4 +-
.../apache/coyote/http2/Http2UpgradeHandler.java | 20 +++-
java/org/apache/coyote/http2/StreamProcessor.java | 18 +--
.../tomcat/util/net/ServletConnectionImpl.java | 55 +
.../apache/tomcat/util/net/SocketWrapperBase.java | 30 +
.../catalina/filters/TesterHttpServletRequest.java | 16 +++
.../apache/coyote/http2/TestAbstractStream.java| 130 +++--
webapps/docs/changelog.xml | 4 +
21 files changed, 553 insertions(+), 94 deletions(-)
diff --git a/java/jakarta/el/ImportHandler.java
b/java/jakarta/el/ImportHandler.java
index 138a6da..b824d5d 100644
--- a/java/jakarta/el/ImportHandler.java
+++ b/java/jakarta/el/ImportHandler.java
@@ -54,6 +54,7 @@ public class ImportHandler {
servletClassNames.add("RequestDispatcher");
servletClassNames.add("Servlet");
servletClassNames.add("ServletConfig");
+servletClassNames.add("ServletConnection");
servletClassNames.add("ServletContainerInitializer");
servletClassNames.add("ServletContext");
servletClassNames.add("ServletContextAttributeListener");
diff --git a/java/jakarta/servlet/ServletConnection.java
b/java/jakarta/servlet/ServletConnection.java
new file mode 100644
index 000..97ded16
--- /dev/null
+++ b/java/jakarta/servlet/ServletConnection.java
@@ -0,0 +1,95 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package jakarta.servlet;
+
+/**
+ * Provides information about the connection made to the Servlet container.
This
+ * interface is intended primarily for debugging purposes and as such provides
+ * the raw information as seen by the container. Unless explicitly stated
+ * otherwise in the Javadoc for a method, no adjustment is made for the
presence
+ * of reverse proxies or similar configurations.
+ *
+ * @since Servlet 6.0
+ */
+public interface ServletConnection {
+
+/**
+ * Obtain a unique (within the lifetime of the JVM) identifier string for
+ * the network connection to the JVM that is being used for the
+ * {@code ServletRequest} from which this {@code ServletConnection} was
+ * obtained.
+ *
+ * There is no defined format for this string. The format is implementation
+ * dependent.
+ *
+ * @return A unique identifier for the network connection
+ */
+String getConnectionId();
+
+/**
+ * Obtain the name of the protocol as presented to the server after the
+ * removal, if present, of any TLS or similar encryption. This may not be
+ * the same as the protocol seen by the application. For example, a reverse
+ * proxy may present AJP whereas the application will see HTTP 1.1.
+ *
+ * If the protocol has an entry in the
[tomcat] 01/02: Additional clean-up after removal of APR
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 7746fbcd250739fbb54e423cdccfb67880ffe78c
Author: Mark Thomas
AuthorDate: Fri Sep 24 12:59:19 2021 +0100
Additional clean-up after removal of APR
---
java/org/apache/tomcat/util/net/Nio2Endpoint.java | 6 +-
java/org/apache/tomcat/util/net/NioEndpoint.java | 6 +-
.../apache/tomcat/util/net/SocketWrapperBase.java | 22 +-
3 files changed, 23 insertions(+), 11 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/Nio2Endpoint.java
b/java/org/apache/tomcat/util/net/Nio2Endpoint.java
index 56d7295..88f0382 100644
--- a/java/org/apache/tomcat/util/net/Nio2Endpoint.java
+++ b/java/org/apache/tomcat/util/net/Nio2Endpoint.java
@@ -1581,12 +1581,8 @@ public class Nio2Endpoint extends
AbstractJsseEndpoint
}
-/**
- * {@inheritDoc}
- * @param clientCertProvider Ignored for this implementation
- */
@Override
-public SSLSupport getSslSupport(String clientCertProvider) {
+public SSLSupport getSslSupport() {
if (getSocket() instanceof SecureNioChannel) {
SecureNioChannel ch = (SecureNioChannel) getSocket();
return ch.getSSLSupport();
diff --git a/java/org/apache/tomcat/util/net/SocketWrapperBase.java
b/java/org/apache/tomcat/util/net/SocketWrapperBase.java
index 008715e..81a89e3 100644
--- a/java/org/apache/tomcat/util/net/SocketWrapperBase.java
+++ b/java/org/apache/tomcat/util/net/SocketWrapperBase.java
@@ -818,7 +818,27 @@ public abstract class SocketWrapperBase {
*/
public abstract void doClientAuth(SSLSupport sslSupport) throws
IOException;
-public abstract SSLSupport getSslSupport(String clientCertProvider);
+/**
+ * Obtain an SSLSupport instance for this socket.
+ *
+ * @param clientCertProvider The name of the client certificate provider to
+ * use. Only used by APR/native.
+ *
+ * @return An SSLSupport instance for this socket.
+ *
+ * @deprecated Will be removed in Tomcat 10.1.x onwards
+ */
+@Deprecated
+public SSLSupport getSslSupport(String clientCertProvider) {
+return getSslSupport();
+}
+
+/**
+ * Obtain an SSLSupport instance for this socket.
+ *
+ * @return An SSLSupport instance for this socket.
+ */
+public abstract SSLSupport getSslSupport();
// --- NIO 2 style APIs
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Backport deprecation
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit f14610e7237db303ca9bdffe3371f8a80d83aa72
Author: Mark Thomas
AuthorDate: Fri Sep 24 13:06:02 2021 +0100
Backport deprecation
---
java/org/apache/coyote/AbstractProtocol.java | 2 ++
java/org/apache/tomcat/util/net/AprEndpoint.java | 6 ++
2 files changed, 8 insertions(+)
diff --git a/java/org/apache/coyote/AbstractProtocol.java
b/java/org/apache/coyote/AbstractProtocol.java
index c8b4a94..c7042e1 100644
--- a/java/org/apache/coyote/AbstractProtocol.java
+++ b/java/org/apache/coyote/AbstractProtocol.java
@@ -787,6 +787,7 @@ public abstract class AbstractProtocol implements
ProtocolHandler,
}
+@SuppressWarnings("deprecation")
@Override
public SocketState process(SocketWrapperBase wrapper, SocketEvent
status) {
if (getLog().isDebugEnabled()) {
@@ -882,6 +883,7 @@ public abstract class AbstractProtocol implements
ProtocolHandler,
}
}
+// Can switch to non-deprecated version in Tomcat 10.1.x
processor.setSslSupport(
wrapper.getSslSupport(getProtocol().getClientCertProvider()));
diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index 3c2f68a..9cdf9de 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -2574,6 +2574,12 @@ public class AprEndpoint extends
AbstractEndpoint implements SNICallB
@Override
+public SSLSupport getSslSupport() {
+throw new UnsupportedOperationException();
+}
+
+
+@Override
public void doClientAuth(SSLSupport sslSupport) throws IOException {
long socket = getSocket().longValue();
// Configure connection to require a certificate. This requires a
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated (0004b62 -> f14610e)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 0004b62 Fix incorrect indent new 7746fbc Additional clean-up after removal of APR new f14610e Backport deprecation The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/coyote/AbstractProtocol.java | 2 ++ java/org/apache/tomcat/util/net/AprEndpoint.java | 6 ++ java/org/apache/tomcat/util/net/Nio2Endpoint.java | 6 +- java/org/apache/tomcat/util/net/NioEndpoint.java | 6 +- .../apache/tomcat/util/net/SocketWrapperBase.java | 22 +- 5 files changed, 31 insertions(+), 11 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: Additional clean-up after removal of APR
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 27f14e32bd43b4471617269f0857e418c089bb0e
Author: Mark Thomas
AuthorDate: Fri Sep 24 12:59:19 2021 +0100
Additional clean-up after removal of APR
---
java/org/apache/tomcat/util/net/Nio2Endpoint.java | 6 +-
java/org/apache/tomcat/util/net/NioEndpoint.java | 6 +-
.../apache/tomcat/util/net/SocketWrapperBase.java | 22 +-
3 files changed, 23 insertions(+), 11 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/Nio2Endpoint.java
b/java/org/apache/tomcat/util/net/Nio2Endpoint.java
index 8c3f561..3ac5324 100644
--- a/java/org/apache/tomcat/util/net/Nio2Endpoint.java
+++ b/java/org/apache/tomcat/util/net/Nio2Endpoint.java
@@ -1531,12 +1531,8 @@ public class Nio2Endpoint extends
AbstractJsseEndpoint
}
-/**
- * {@inheritDoc}
- * @param clientCertProvider Ignored for this implementation
- */
@Override
-public SSLSupport getSslSupport(String clientCertProvider) {
+public SSLSupport getSslSupport() {
if (getSocket() instanceof SecureNioChannel) {
SecureNioChannel ch = (SecureNioChannel) getSocket();
return ch.getSSLSupport();
diff --git a/java/org/apache/tomcat/util/net/SocketWrapperBase.java
b/java/org/apache/tomcat/util/net/SocketWrapperBase.java
index 117bce8..27660fc 100644
--- a/java/org/apache/tomcat/util/net/SocketWrapperBase.java
+++ b/java/org/apache/tomcat/util/net/SocketWrapperBase.java
@@ -788,7 +788,27 @@ public abstract class SocketWrapperBase {
*/
public abstract void doClientAuth(SSLSupport sslSupport) throws
IOException;
-public abstract SSLSupport getSslSupport(String clientCertProvider);
+/**
+ * Obtain an SSLSupport instance for this socket.
+ *
+ * @param clientCertProvider The name of the client certificate provider to
+ * use. Only used by APR/native.
+ *
+ * @return An SSLSupport instance for this socket.
+ *
+ * @deprecated Will be removed in Tomcat 10.1.x onwards
+ */
+@Deprecated
+public SSLSupport getSslSupport(String clientCertProvider) {
+return getSslSupport();
+}
+
+/**
+ * Obtain an SSLSupport instance for this socket.
+ *
+ * @return An SSLSupport instance for this socket.
+ */
+public abstract SSLSupport getSslSupport();
// --- NIO 2 style APIs
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Backport deprecation
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 92e139a5876448b36f60294776d5a48f1df48db1
Author: Mark Thomas
AuthorDate: Fri Sep 24 13:06:02 2021 +0100
Backport deprecation
---
java/org/apache/coyote/AbstractProtocol.java | 2 ++
java/org/apache/tomcat/util/net/AprEndpoint.java | 6 ++
2 files changed, 8 insertions(+)
diff --git a/java/org/apache/coyote/AbstractProtocol.java
b/java/org/apache/coyote/AbstractProtocol.java
index a8b65db..58acf7d 100644
--- a/java/org/apache/coyote/AbstractProtocol.java
+++ b/java/org/apache/coyote/AbstractProtocol.java
@@ -764,6 +764,7 @@ public abstract class AbstractProtocol implements
ProtocolHandler,
}
+@SuppressWarnings("deprecation")
@Override
public SocketState process(SocketWrapperBase wrapper, SocketEvent
status) {
if (getLog().isDebugEnabled()) {
@@ -859,6 +860,7 @@ public abstract class AbstractProtocol implements
ProtocolHandler,
}
}
+// Can switch to non-deprecated version in Tomcat 10.1.x
processor.setSslSupport(
wrapper.getSslSupport(getProtocol().getClientCertProvider()));
diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index b523c6c..f2e3973 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -2578,6 +2578,12 @@ public class AprEndpoint extends
AbstractEndpoint implements SNICallB
@Override
+public SSLSupport getSslSupport() {
+throw new UnsupportedOperationException();
+}
+
+
+@Override
public void doClientAuth(SSLSupport sslSupport) throws IOException {
long socket = getSocket().longValue();
// Configure connection to require a certificate. This requires a
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated (a7550fb -> 92e139a)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from a7550fb Fix incorrect indent new 27f14e3 Additional clean-up after removal of APR new 92e139a Backport deprecation The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/coyote/AbstractProtocol.java | 2 ++ java/org/apache/tomcat/util/net/AprEndpoint.java | 6 ++ java/org/apache/tomcat/util/net/Nio2Endpoint.java | 6 +- java/org/apache/tomcat/util/net/NioEndpoint.java | 6 +- .../apache/tomcat/util/net/SocketWrapperBase.java | 22 +- 5 files changed, 31 insertions(+), 11 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Remove deprecated method
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 4e96884 Remove deprecated method
4e96884 is described below
commit 4e96884d2e7464e8654b5e06a3c5be24213c56b8
Author: Mark Thomas
AuthorDate: Fri Sep 24 13:01:39 2021 +0100
Remove deprecated method
---
java/org/apache/tomcat/util/net/SocketWrapperBase.java | 15 ---
1 file changed, 15 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/SocketWrapperBase.java
b/java/org/apache/tomcat/util/net/SocketWrapperBase.java
index 27660fc..f96ddc2 100644
--- a/java/org/apache/tomcat/util/net/SocketWrapperBase.java
+++ b/java/org/apache/tomcat/util/net/SocketWrapperBase.java
@@ -791,21 +791,6 @@ public abstract class SocketWrapperBase {
/**
* Obtain an SSLSupport instance for this socket.
*
- * @param clientCertProvider The name of the client certificate provider to
- * use. Only used by APR/native.
- *
- * @return An SSLSupport instance for this socket.
- *
- * @deprecated Will be removed in Tomcat 10.1.x onwards
- */
-@Deprecated
-public SSLSupport getSslSupport(String clientCertProvider) {
-return getSslSupport();
-}
-
-/**
- * Obtain an SSLSupport instance for this socket.
- *
* @return An SSLSupport instance for this socket.
*/
public abstract SSLSupport getSslSupport();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Avoid using deprecated method
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 7f8f1ca Avoid using deprecated method 7f8f1ca is described below commit 7f8f1ca9a0ee8bfd5d7da563b287038abecfbf42 Author: Mark Thomas AuthorDate: Fri Sep 24 13:01:18 2021 +0100 Avoid using deprecated method --- java/org/apache/coyote/AbstractProtocol.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/java/org/apache/coyote/AbstractProtocol.java b/java/org/apache/coyote/AbstractProtocol.java index 630ea90..c8af0d2 100644 --- a/java/org/apache/coyote/AbstractProtocol.java +++ b/java/org/apache/coyote/AbstractProtocol.java @@ -853,8 +853,7 @@ public abstract class AbstractProtocol implements ProtocolHandler, } } -processor.setSslSupport( - wrapper.getSslSupport(getProtocol().getClientCertProvider())); +processor.setSslSupport(wrapper.getSslSupport()); // Associate the processor with the connection wrapper.setCurrentProcessor(processor); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Additional clean-up after removal of APR
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 015c48b Additional clean-up after removal of APR
015c48b is described below
commit 015c48b6b537ea3e329a5f23bb68be052b1b0221
Author: Mark Thomas
AuthorDate: Fri Sep 24 12:59:19 2021 +0100
Additional clean-up after removal of APR
---
java/org/apache/tomcat/util/net/Nio2Endpoint.java | 6 +-
java/org/apache/tomcat/util/net/NioEndpoint.java | 6 +-
.../apache/tomcat/util/net/SocketWrapperBase.java | 22 +-
3 files changed, 23 insertions(+), 11 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/Nio2Endpoint.java
b/java/org/apache/tomcat/util/net/Nio2Endpoint.java
index f80dd5d..2c56ddd 100644
--- a/java/org/apache/tomcat/util/net/Nio2Endpoint.java
+++ b/java/org/apache/tomcat/util/net/Nio2Endpoint.java
@@ -1531,12 +1531,8 @@ public class Nio2Endpoint extends
AbstractJsseEndpoint
}
-/**
- * {@inheritDoc}
- * @param clientCertProvider Ignored for this implementation
- */
@Override
-public SSLSupport getSslSupport(String clientCertProvider) {
+public SSLSupport getSslSupport() {
if (getSocket() instanceof SecureNioChannel) {
SecureNioChannel ch = (SecureNioChannel) getSocket();
return ch.getSSLSupport();
diff --git a/java/org/apache/tomcat/util/net/SocketWrapperBase.java
b/java/org/apache/tomcat/util/net/SocketWrapperBase.java
index 117bce8..27660fc 100644
--- a/java/org/apache/tomcat/util/net/SocketWrapperBase.java
+++ b/java/org/apache/tomcat/util/net/SocketWrapperBase.java
@@ -788,7 +788,27 @@ public abstract class SocketWrapperBase {
*/
public abstract void doClientAuth(SSLSupport sslSupport) throws
IOException;
-public abstract SSLSupport getSslSupport(String clientCertProvider);
+/**
+ * Obtain an SSLSupport instance for this socket.
+ *
+ * @param clientCertProvider The name of the client certificate provider to
+ * use. Only used by APR/native.
+ *
+ * @return An SSLSupport instance for this socket.
+ *
+ * @deprecated Will be removed in Tomcat 10.1.x onwards
+ */
+@Deprecated
+public SSLSupport getSslSupport(String clientCertProvider) {
+return getSslSupport();
+}
+
+/**
+ * Obtain an SSLSupport instance for this socket.
+ *
+ * @return An SSLSupport instance for this socket.
+ */
+public abstract SSLSupport getSslSupport();
// --- NIO 2 style APIs
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] martin-g commented on a change in pull request #452: Introduce logs in RestCsrfPreventionFilter to improve troubleshooting.
martin-g commented on a change in pull request #452:
URL: https://github.com/apache/tomcat/pull/452#discussion_r715524193
##
File path: java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
##
@@ -217,6 +238,10 @@ public boolean apply(HttpServletRequest request,
HttpServletResponse response) {
}
storeNonceToResponse(response,
Constants.CSRF_REST_NONCE_HEADER_NAME,
nonceFromSessionStr);
+if (log.isDebugEnabled()) {
+log.debug("CSRF Fetch request is succesfully handled -
nonce is added to the response."
Review comment:
succes`s`fully
##
File path: java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
##
@@ -155,17 +160,29 @@ protected void storeNonceToSession(HttpSession session,
String key, Object value
@Override
public boolean apply(HttpServletRequest request, HttpServletResponse
response)
throws IOException {
+String nonceFromRequest = extractNonceFromRequest(request);
+HttpSession session = request.getSession(false);
+String nonceFromSession = extractNonceFromSession(session,
+Constants.CSRF_REST_NONCE_SESSION_ATTR_NAME);
if (isValidStateChangingRequest(
-extractNonceFromRequest(request),
-extractNonceFromSession(request.getSession(false),
-Constants.CSRF_REST_NONCE_SESSION_ATTR_NAME))) {
+nonceFromRequest,
+nonceFromSession)) {
return true;
}
storeNonceToResponse(response,
Constants.CSRF_REST_NONCE_HEADER_NAME,
Constants.CSRF_REST_NONCE_HEADER_REQUIRED_VALUE);
response.sendError(getDenyStatus(),
sm.getString("restCsrfPreventionFilter.invalidNonce"));
+if (log.isErrorEnabled()) {
Review comment:
I agree with @ChristopherSchultz !
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
