This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push: new 35f6d6e Tweak AJP improvements 35f6d6e is described below commit 35f6d6e52aca0a6e5ace2572a8bae3b9f77babc4 Author: Mark Thomas <ma...@apache.org> AuthorDate: Tue Feb 4 21:07:02 2020 +0000 Tweak AJP improvements Better attribute name for allowedRequestAttributesPattern Add explicit address attribute to commented out AJP connector --- conf/server.xml | 5 ++++- java/org/apache/coyote/ajp/AbstractAjpProtocol.java | 14 +++++++------- java/org/apache/coyote/ajp/AjpProcessor.java | 2 +- test/org/apache/coyote/ajp/TestAbstractAjpProcessor.java | 2 +- webapps/docs/config/ajp.xml | 4 ++-- webapps/docs/security-howto.xml | 2 +- 6 files changed, 16 insertions(+), 13 deletions(-) diff --git a/conf/server.xml b/conf/server.xml index 5d9d57a..bd3ed3e 100644 --- a/conf/server.xml +++ b/conf/server.xml @@ -114,7 +114,10 @@ <!-- Define an AJP 1.3 Connector on port 8009 --> <!-- - <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> + <Connector protocol="AJP/1.3" + address="::1" + port="8009" + redirectPort="8443" /> --> <!-- An Engine represents the entry point (within Catalina) that processes diff --git a/java/org/apache/coyote/ajp/AbstractAjpProtocol.java b/java/org/apache/coyote/ajp/AbstractAjpProtocol.java index a2f5e28..63ff6c5 100644 --- a/java/org/apache/coyote/ajp/AbstractAjpProtocol.java +++ b/java/org/apache/coyote/ajp/AbstractAjpProtocol.java @@ -189,15 +189,15 @@ public abstract class AbstractAjpProtocol<S> extends AbstractProtocol<S> { } - private Pattern allowedArbitraryRequestAttributesPattern; - public void setAllowedArbitraryRequestAttributes(String allowedArbitraryRequestAttributes) { - this.allowedArbitraryRequestAttributesPattern = Pattern.compile(allowedArbitraryRequestAttributes); + private Pattern allowedRequestAttributesPattern; + public void setAllowedRequestAttributesPattern(String allowedRequestAttributesPattern) { + this.allowedRequestAttributesPattern = Pattern.compile(allowedRequestAttributesPattern); } - public String getAllowedArbitraryRequestAttributes() { - return allowedArbitraryRequestAttributesPattern.pattern(); + public String getAllowedRequestAttributesPattern() { + return allowedRequestAttributesPattern.pattern(); } - protected Pattern getAllowedArbitraryRequestAttributesPattern() { - return allowedArbitraryRequestAttributesPattern; + protected Pattern getAllowedRequestAttributesPatternInternal() { + return allowedRequestAttributesPattern; } diff --git a/java/org/apache/coyote/ajp/AjpProcessor.java b/java/org/apache/coyote/ajp/AjpProcessor.java index 226d210..0d82ea1 100644 --- a/java/org/apache/coyote/ajp/AjpProcessor.java +++ b/java/org/apache/coyote/ajp/AjpProcessor.java @@ -753,7 +753,7 @@ public class AjpProcessor extends AbstractProcessor { } else { // All 'known' attributes will be processed by the previous // blocks. Any remaining attribute is an 'arbitrary' one. - Pattern pattern = protocol.getAllowedArbitraryRequestAttributesPattern(); + Pattern pattern = protocol.getAllowedRequestAttributesPatternInternal(); if (pattern == null) { response.setStatus(403); setErrorState(ErrorState.CLOSE_CLEAN, null); diff --git a/test/org/apache/coyote/ajp/TestAbstractAjpProcessor.java b/test/org/apache/coyote/ajp/TestAbstractAjpProcessor.java index 431bd81..21f5e53 100644 --- a/test/org/apache/coyote/ajp/TestAbstractAjpProcessor.java +++ b/test/org/apache/coyote/ajp/TestAbstractAjpProcessor.java @@ -50,7 +50,7 @@ public class TestAbstractAjpProcessor extends TomcatBaseTest { Connector c = getTomcatInstance().getConnector(); c.setProperty("secretRequired", "false"); - c.setProperty("allowedArbitraryRequestAttributes", "MYATTRIBUTE.*"); + c.setProperty("allowedRequestAttributesPattern", "MYATTRIBUTE.*"); } diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml index dbecf7a..801920a 100644 --- a/webapps/docs/config/ajp.xml +++ b/webapps/docs/config/ajp.xml @@ -48,7 +48,7 @@ it allows greater direct manipulation of Tomcat's internal data structures than the HTTP connectors. Particular attention should be paid to the values used for the <code>address</code>, <code>secret</code>, - <code>secretRequired</code> and <code>allowedArbitraryRequestAttributes</code> + <code>secretRequired</code> and <code>allowedRequestAttributesPattern</code> attributes.</p> <p>This connector supports load balancing when used in conjunction with @@ -318,7 +318,7 @@ port. By default, the loopback address will be used.</p> </attribute> - <attribute name="allowedArbitraryRequestAttributes" required="false"> + <attribute name="allowedRequestAttributesPattern" required="false"> <p>The AJP protocol passes some information from the reverse proxy to the AJP connector using request attributes. These attributes are:</p> <ul> diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml index dfc03cc..a42eb17 100644 --- a/webapps/docs/security-howto.xml +++ b/webapps/docs/security-howto.xml @@ -255,7 +255,7 @@ <p>AJP Connectors block forwarded requests with unknown request attributes. Known safe and/or expected attributes may be allowed by configuration an appropriate regular expression for the - <code>allowedArbitraryRequestAttributes</code> attribute.</p> + <code>allowedRequestAttributesPattern</code> attribute.</p> <p>The <strong>address</strong> attribute may be used to control which IP address a connector listens on for connections. By default, a connector --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org