[Bug 54745] Tomcat JarScanning does not work when Tomcat started with Java Web Start

https://issues.apache.org/bugzilla/show_bug.cgi?id=54745 Mark Thomas ma...@apache.org changed: What|Removed |Added Status|NEW |RESOLVED

[Bug 54745] Tomcat JarScanning does not work when Tomcat started with Java Web Start

https://issues.apache.org/bugzilla/show_bug.cgi?id=54745 --- Comment #4 from Nick Williams nicho...@nicholaswilliams.net --- Excellent! Thanks! -- You are receiving this mail because: You are the assignee for the bug. - To

[Bug 54745] Tomcat JarScanning does not work when Tomcat started with Java Web Start

https://issues.apache.org/bugzilla/show_bug.cgi?id=54745 --- Comment #2 from Mark Thomas ma...@apache.org --- Using Tomcat via web start is so far away from normal usage I view this as an enhancement. The patch may be trivial but I think some time needs to be spent thinking about the security

[Bug 54745] Tomcat JarScanning does not work when Tomcat started with Java Web Start

https://issues.apache.org/bugzilla/show_bug.cgi?id=54745 --- Comment #1 from Nick Williams nicho...@nicholaswilliams.net --- I disagree with categorizing this as an enhancement. I believe this is a major bug. The facts are very simple: In an environment in which Tomcat otherwise runs without

Re: JarScanning

2013/3/29 Nick Williams nicho...@nicholaswilliams.net: (..) Note that Log4j2 is going to have a log4j-taglib artifact that (naturally) will have a TLD in its META-INF. Since Tomcat by default excludes log4j*.jar, that has to be removed from catalina.properties in order to make it work. It

Re: JarScanning

On Mar 29, 2013, at 12:57 PM, Konstantin Kolinko wrote: 2013/3/29 Nick Williams nicho...@nicholaswilliams.net: (..) Note that Log4j2 is going to have a log4j-taglib artifact that (naturally) will have a TLD in its META-INF. Since Tomcat by default excludes log4j*.jar, that has to be

[Bug 54745] Tomcat JarScanning does not work when Tomcat started with Java Web Start

https://issues.apache.org/bugzilla/show_bug.cgi?id=54745 Mark Thomas ma...@apache.org changed: What|Removed |Added Severity|major |enhancement -- You

Re: JarScanning

On Feb 26, 2013, at 11:21 AM, Christopher Schultz wrote: Mark, On 2/21/13 8:34 AM, Mark Thomas wrote: JRE JARs. I think scanning of these should be made optional and disabled by default. This will reduce the list of JARs we have to maintain in jarsToSkip. I intend to implement this

[Bug 54745] New: Tomcat JarScanning does not work when Tomcat started with Java Web Start

https://issues.apache.org/bugzilla/show_bug.cgi?id=54745 Bug ID: 54745 Summary: Tomcat JarScanning does not work when Tomcat started with Java Web Start Product: Tomcat 8 Version: trunk Hardware: All OS

[Bug 54745] Tomcat JarScanning does not work when Tomcat started with Java Web Start

https://issues.apache.org/bugzilla/show_bug.cgi?id=54745 Nick Williams nicho...@nicholaswilliams.net changed: What|Removed |Added Attachment #30097|0 |1

Re: JarScanning

Mark, On 2/21/13 8:34 AM, Mark Thomas wrote: JRE JARs. I think scanning of these should be made optional and disabled by default. This will reduce the list of JARs we have to maintain in jarsToSkip. I intend to implement this unless there are any objections. +1 Will you be checking the

Re: JarScanning

2013/2/21 Mark Thomas ma...@apache.org: An issue at work prompted me to take another look at this thread: http://markmail.org/thread/qanw2psjsx32feek There are some useful things there that I think it is worth following up on. (..) jarsToScan This is a little more complicated. First of

JarScanning

An issue at work prompted me to take another look at this thread: http://markmail.org/thread/qanw2psjsx32feek There are some useful things there that I think it is worth following up on. JRE JARs. I think scanning of these should be made optional and disabled by default. This will reduce the

RE: JarScanning

From: Mark Thomas [mailto:ma...@apache.org] Subject: JarScanning jarsToScan This is a little more complicated. First of all, how does it work? The suggestion is: - If jarsToScan matches, scan it - else if jarsToSkip matches, skip it - else scan it From the above, it looks like the only

Re: JarScanning

: JarScanning jarsToScan This is a little more complicated. First of all, how does it work? The suggestion is: - If jarsToScan matches, scan it - else if jarsToSkip matches, skip it - else scan it From the above, it looks like the only purpose of jarsToScan is to avoid checking

Re: JarScanning

On 21/02/2013 16:39, Caldarale, Charles R wrote: From: Mark Thomas [mailto:ma...@apache.org] Subject: JarScanning jarsToScan This is a little more complicated. First of all, how does it work? The suggestion is: - If jarsToScan matches, scan it - else if jarsToSkip matches, skip it - else

RE: JarScanning

From: Mark Thomas [mailto:ma...@apache.org] Subject: Re: JarScanning From the above, it looks like the only purpose of jarsToScan is to avoid checking the jarsToSkip list. Unless such checking is expensive, this seems like an unnecessary complication. It lets you do things like

Re: JarScanning

On 21.02.2013 17:34, Mark Thomas wrote: An issue at work prompted me to take another look at this thread: http://markmail.org/thread/qanw2psjsx32feek There are some useful things there that I think it is worth following up on. JRE JARs. I think scanning of these should be made optional

Re: JarScanning

apply globally should be in a separate file, not in /META-INF/context.xml. Like I said, just my $0.02. [1] https://issues.apache.org/bugzilla/show_bug.cgi?id=52924 2013/2/21 Caldarale, Charles R chuck.caldar...@unisys.com From: Mark Thomas [mailto:ma...@apache.org] Subject: JarScanning