DO NOT REPLY [Bug 22291] - Missing ant tasks for JMX proxy functionality
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22291. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22291 Missing ant tasks for JMX proxy functionality [EMAIL PROTECTED] changed: What|Removed |Added Severity|Normal |Enhancement Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2003-08-11 09:07 --- Thanks. The advantage of this is that it works without additional stuff. The preffered way to interact with Tomcat through JMX is right now the various MX4J connectors. Tomcat 5.0.x will be updated to JMX 1.2 and the remote JMX as soon as they are available. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core StandardWrapperValve.java
funkman 2003/08/05 11:41:50 Modified:catalina/src/share/org/apache/catalina/valves ErrorReportValve.java catalina/src/share/org/apache/catalina/core StandardWrapperValve.java Log: Experiment: Use PropertyUtils to obtain the rootCause. This way we can also drill into nested JspExceptions or another Throwable object which has a 'rootCause' property which returns a Throwable. Revision ChangesPath 1.9 +16 -7 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/valves/ErrorReportValve.java Index: ErrorReportValve.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/valves/ErrorReportValve.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- ErrorReportValve.java 2 Aug 2003 17:31:04 - 1.8 +++ ErrorReportValve.java 5 Aug 2003 18:41:49 - 1.9 @@ -95,6 +95,7 @@ import org.apache.catalina.util.ServerInfo; import org.apache.catalina.util.StringManager; +import org.apache.commons.beanutils.PropertyUtils; /** * pImplementation of a Valve that outputs HTML error pages./p @@ -335,10 +336,18 @@ sb.append(stackTrace); sb.append(/pre/p); // In case root cause is somehow heavily nested -if (rootCause instanceof ServletException) -rootCause = ((ServletException) rootCause).getRootCause(); -else +try { +rootCause = (Throwable)PropertyUtils.getProperty +(rootCause, rootCause); +} catch (ClassCastException e) { rootCause = null; +} catch (IllegalAccessException e) { +rootCause = null; +} catch (NoSuchMethodException e) { +rootCause = null; +} catch (java.lang.reflect.InvocationTargetException e) { +rootCause = null; +} } sb.append(pb); 1.20 +30 -16 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardWrapperValve.java Index: StandardWrapperValve.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardWrapperValve.java,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- StandardWrapperValve.java 22 Jul 2003 21:01:26 - 1.19 +++ StandardWrapperValve.java 5 Aug 2003 18:41:50 - 1.20 @@ -82,6 +82,7 @@ import org.apache.catalina.util.StringManager; import org.apache.catalina.valves.ValveBase; import org.apache.tomcat.util.buf.MessageBytes; +import org.apache.commons.beanutils.PropertyUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -145,7 +146,7 @@ HttpRequest hrequest = (HttpRequest) request; Servlet servlet = null; HttpServletRequest hreq = (HttpServletRequest) request.getRequest(); -HttpServletResponse hres = +HttpServletResponse hres = (HttpServletResponse) response.getResponse(); // Check for the application being marked unavailable @@ -157,7 +158,7 @@ // Check for the servlet being marked unavailable if (!unavailable wrapper.isUnavailable()) { -log(sm.getString(standardWrapper.isUnavailable, +log(sm.getString(standardWrapper.isUnavailable, wrapper.getName())); if (hres == null) { ; // NOTE - Not much we can do generically @@ -232,13 +233,13 @@ (ApplicationFilterFactory.DISPATCHER_TYPE_ATTR, ApplicationFilterFactory.REQUEST_INTEGER); hreq.setAttribute -(ApplicationFilterFactory.DISPATCHER_REQUEST_PATH_ATTR, +(ApplicationFilterFactory.DISPATCHER_REQUEST_PATH_ATTR, requestPathMB); // Create the filter chain for this request -ApplicationFilterFactory factory = +ApplicationFilterFactory factory = ApplicationFilterFactory.getInstance(); -ApplicationFilterChain filterChain = -factory.createFilterChain((ServletRequest) request, +ApplicationFilterChain filterChain = +factory.createFilterChain((ServletRequest) request, wrapper, servlet); // Call the filter chain for this request @@ -276,20 +277,33 @@ hres.sendError(HttpServletResponse.SC_NOT_FOUND,
Silent installation of Tomcat4
Hello! If possibility, how to install Tomcat4 in silent mode? Thanks, Lena
Re: Fwd: Re: Tomcat and LDAP Issues
Tim, I've attached the diff file for the defect referenced by Jon on the user list. I was able to (fortunately) duplicate this going against eDirectory on NetWare; this one fix seems to solve bug #19864, and bug #11678 as well (JNDIRealm re-prompting for a password). Actually, the new code was already trying to resolve that defect by doing a retry but had that one NullPointerException throwing a wrench in the works. My only fear in making this change is if THIS method will also work among different providers and Directories. My understanding is that toString() SHOULD contain at least the same thing as toMessage() and more in the case of providers that use toMessage(). That and changing to looking for closed should get both of the types of messages we are aware of (Socket closed and Connection closed). I'll look into the other 7. I've already emailed some of the people who were discussing them, soliciting more input so I can reproduce them. It would be good to get some of those fixed; I did sense some frustration on the users part in some of the bug reports. I've personally seen at least one of them, so I'll start there. Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com Tim Funk [EMAIL PROTECTED] 8/2/03 8:08:59 AM Jeff, I see nine bugs out there for JNDIRealm for tomat 4 and 5, included is the one mentioned below in the previous email. http://nagoya.apache.org/bugzilla/buglist.cgi?bug_status=NEWbug_status=ASSIGNEDbug_status=REOPENEDemail1=emailtype1=substringemailassigned_to1=1email2=emailtype2=substringemailreporter2=1bugidtype=includebug_id=changedin=votes=chfieldfrom=chfieldto=Nowchfieldvalue=product=Tomcat+4product=Tomcat+5short_desc=jndirealmshort_desc_type=allwordssubstrlong_desc=long_desc_type=allwordssubstrbug_file_loc=bug_file_loc_type=allwordssubstrkeywords=keywords_type=anywordsfield0-0-0=nooptype0-0-0=noopvalue0-0-0=cmdtype=doitorder=Reuse+same+sort+as+last+time I have used JNDIRealm in the past but stopped using it in favor of other solutions for unrelated reasons. Can you do me a favor? If you are able, can you update the bugs above and send me a patch for the stuff below (and any applicable bugs above) and I'll try to get 'em in next week. -Tim Jeff Tulley wrote: Something from the user list of note for development. The current method does something like this when handling a communication exception at authenticate time: / If not a Socket closed. error then rethrow. if (e.getMessage().indexOf(Socket closed) 0) throw(e); This seems to have two problems 1) e.getMessage() is sometimes null with some LDAP providers. 2) some LDAP providers set the exception to actually be connection closed (retrieved by e.toString()) Just forwarding this on for the user, since this code currently has some problems that ought to be fixed. (I have a vested interest being a heavy user of JNDIRealm). For a stopgap measure, one could do the following I guess: if (e.toString().indexOf(closed) 0) throw(e); Though as the bug report points out there may be yet other error messages given by other LDAP providers, and I don't know if closed is too general to check on or not. Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com [EMAIL PROTECTED] 8/1/03 2:00:46 PM Well, I understand this is now a bug: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19864 Was this fixed in the 4.1.27 version? Can't seem to determine if it was based on the README in the download. Jon On Friday, August 1, 2003, at 12:07 PM, Jon Wynacht wrote: Hi, I have Tomcat 4.1.24 installed on a server that hosts a web application. I have set up the container to do authentication via LDAP and it works for a bit then just stops working. The only way to get things working again is to restart Tomcat. I've included the error message below and am wondering if anybody on this list has had a similar experience? If so, how did you solve it? Thanks in advance, Jon 2003-08-01 10:37:29 JNDIRealm[Standalone]: lookupUser(jwynacht) 2003-08-01 10:37:29 JNDIRealm[Standalone]: dn=uid=jwynacht, ou=active, ou=employees, ou=people, o=cisco.com 2003-08-01 10:37:29 JNDIRealm[Standalone]: validating credentials by binding as the user 2003-08-01 10:37:29 JNDIRealm[Standalone]: binding as uid=jwynacht, ou=active, ou=employees, ou=people, o=cisco.com 2003-08-01 10:37:29 CoyoteAdapter An exception or error occurred in the container during the request processing java.lang.NullPointerException at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:793) at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(Basic Authenticator.java:161) at
DO NOT REPLY [Bug 19799] - Tomcat dies after being up for a while (complains about maxThreads)
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19799. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19799 Tomcat dies after being up for a while (complains about maxThreads) [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||INVALID --- Additional Comments From [EMAIL PROTECTED] 2003-08-13 08:02 --- BTW (for the one hundredth time), if Tomcat locks up and uses 100% of the CPU, you can prove your point (and likely isolate the problem) by getting a thread dump for the VM (CTRL + BREAK on Windows, kill -3 on Unix) - which thread is actually using the CPU should be quite easy to isolate. For now, I have to consider this invalid (no test case, and can't reproduce). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: javadoc
Howdy, Really? Ant's javadoc task is great. The javadoc tool itself is easy to use from the command line as well. The platform (win XP in your case) doesn't matter, this is java ;) I've already been duped once this week by a sarcastic question, so might as well go for two ;) Yoav Shapira Millennium ChemInformatics -Original Message- From: Jerald Powel [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 3:55 AM To: [EMAIL PROTECTED] Subject: javadoc Hi, Slightly off-topic but here goes..I need a good source of info on how to generate Javadoc (multiple packages)..(on Win XP). Any constructive input welcome. Thanks JP - Yahoo! Plus - For a better Internet experience This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22096] - reload through manager webapp fails to redeploy classes/jars
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22096. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22096 reload through manager webapp fails to redeploy classes/jars [EMAIL PROTECTED] changed: What|Removed |Added CC||[EMAIL PROTECTED] --- Additional Comments From [EMAIL PROTECTED] 2003-08-05 21:13 --- *** Bug 22149 has been marked as a duplicate of this bug. *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [5] Jasper currently requires a 1.4 JVM
Bill Barker wrote: o.a.j.compiler.JspUtil.makeJavaPackage currently is calling String.split. This means that you currently can't use Jasper (at least for compiling) with a 1.3.x JVM. Since Tomcat isn't a J2EE 1.4 container I can't see any justification in the spec for not supporting 1.3.x JVMs. However, since I don't spend a lot of my time with Jasper, I'd thought that I should get the opinions of people that do before hacking away ;-). The two ways I can see to go are: 1) Introduce a JdkCompat (similar to o.a.t.u.compat, but in Jasper since I can't see making Jasper depend on j-t-c). Pluses: People using 1.4 JVMs get all the benefits of String.split. Minuses: Requires a new package with two new classes. 2) Simply re-code makeJavaPackage to only use APIs from 1.3.x and higher. Basically switch Pluses and Minuses above. Of course, I'm willing to do the grunt-work to implement this. My personal preference is for 1), but if anyone has a better idea I'm open to that as well. Comments/Opinions/Flames? I would do 2. Since it doesn't affect functionality, and I think this was a mistake when makeJavaPackage was coded. The gain is not worth maintaining two versions IMO. Remy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[GUMP] Build Failure - Tomcat 3.x
This email is autogenerated from the output from: http://cvs.apache.org/builds/gump/2003-08-05/jakarta-tomcat.html Buildfile: build.xml detect: uptodate: msg.ant15: [echo] Detected Ant 1.5 msg.jdk12: [echo] Detected JDK1.2 msg.jsse: [echo] Detected JSSE msg.jmx: [echo] Detected JMX msg.jmxtools: [echo] Detected JMX TOOLS msg.puretls: msg.commons-dbcp: [echo] Detected commons-DBCP and required jars msg.jtc: msg.jtc.util: [echo] tomcat-util.jar is up to date msg.log4j: init: prepare.dirs: [mkdir] Created dir: /home/rubys/jakarta/jakarta-tomcat/build/tomcat [mkdir] Created dir: /home/rubys/jakarta/jakarta-tomcat/build/tomcat/conf [mkdir] Created dir: /home/rubys/jakarta/jakarta-tomcat/build/tomcat/conf/auto [mkdir] Created dir: /home/rubys/jakarta/jakarta-tomcat/build/tomcat/classes [mkdir] Created dir: /home/rubys/jakarta/jakarta-tomcat/build/tomcat/lib [mkdir] Created dir: /home/rubys/jakarta/jakarta-tomcat/build/tomcat/lib/apps [mkdir] Created dir: /home/rubys/jakarta/jakarta-tomcat/build/tomcat/lib/container [mkdir] Created dir: /home/rubys/jakarta/jakarta-tomcat/build/tomcat/lib/common [mkdir] Created dir: /home/rubys/jakarta/jakarta-tomcat/build/tomcat/logs [mkdir] Created dir: /home/rubys/jakarta/jakarta-tomcat/build/tomcat/bin [mkdir] Created dir: /home/rubys/jakarta/jakarta-tomcat/build/tomcat/doc [mkdir] Created dir: /home/rubys/jakarta/jakarta-tomcat/build/tomcat/webapps [mkdir] Created dir: /home/rubys/jakarta/jakarta-tomcat/build/tomcat/modules [mkdir] Created dir: /home/rubys/jakarta/jakarta-tomcat/build/tomcat/native [copy] Copying 10 files to /home/rubys/jakarta/jakarta-tomcat/build/tomcat/bin [copy] Copying 1 file to /home/rubys/jakarta/jakarta-tomcat/build/tomcat/bin [copy] Copying 18 files to /home/rubys/jakarta/jakarta-tomcat/build/tomcat/conf [copy] Copying 44 files to /home/rubys/jakarta/jakarta-tomcat/build/tomcat/doc [copy] Copying 85 files to /home/rubys/jakarta/jakarta-tomcat/build/tomcat/native [copy] Copying 1 file to /home/rubys/jakarta/jakarta-tomcat/build/tomcat [copy] Copying 1 file to /home/rubys/jakarta/jakarta-tomcat/build/tomcat [copy] Copying 1 file to /home/rubys/jakarta/jakarta-tomcat/build/tomcat/lib/container [copy] Copying 1 file to /home/rubys/jakarta/jakarta-tomcat/build/tomcat/lib/apps [copy] Copying 1 file to /home/rubys/jakarta/jakarta-tomcat/build/tomcat/lib/common [copy] Copying 1 file to /home/rubys/jakarta/jakarta-tomcat/build/tomcat/lib/common [move] Moving 4 files to /home/rubys/jakarta/jakarta-tomcat/build/tomcat/bin prepare.jaxp101: include.jaxp: prepare.jaxp11: prepare.xerces: prepare.xerces2: prepare.xml-parser: prepare.jaxp: prepare: dep.tomcat-util: tomcat_util: [javac] Compiling 47 source files to /home/rubys/jakarta/jakarta-tomcat/build/tomcat/classes [javac] Note: Some input files use or override a deprecated API. [javac] Note: Recompile with -deprecation for details. [jar] Building jar: /home/rubys/jakarta/jakarta-tomcat/build/tomcat/lib/common/core_util.jar [copy] Copying 2 files to /home/rubys/jakarta/jakarta-tomcat/build/tomcat/lib/common BUILD FAILED /home/rubys/jakarta/jakarta-tomcat/build.xml:467: Warning: Could not find file /home/rubys/jakarta/jakarta-commons/commons-logging-1.0.2/commons-logging-api.jar to copy. Total time: 12 seconds - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5 CoyoteConnector.java CoyoteServerSocketFactory.java mbeans-descriptors.xml
luehe 2003/08/11 11:06:11 Modified:catalina/src/share/org/apache/coyote/tomcat5 CoyoteConnector.java CoyoteServerSocketFactory.java mbeans-descriptors.xml Log: Added support for specifying alias name for server keypair and cert chain, to be used by the server to authenticate itself to SSL clients Revision ChangesPath 1.21 +32 -1 jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteConnector.java Index: CoyoteConnector.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteConnector.java,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- CoyoteConnector.java 6 Aug 2003 20:31:24 - 1.20 +++ CoyoteConnector.java 11 Aug 2003 18:06:11 - 1.21 @@ -1307,6 +1307,8 @@ ssf.getSSLImplementation()); IntrospectionUtils.setProperty(protocolHandler, ciphers, ssf.getCiphers()); +IntrospectionUtils.setProperty(protocolHandler, keyAlias, + ssf.getKeyAlias()); } else { IntrospectionUtils.setProperty(protocolHandler, secure, + secure); @@ -1537,6 +1539,35 @@ ServerSocketFactory factory = getFactory(); if (factory instanceof CoyoteServerSocketFactory) { ((CoyoteServerSocketFactory)factory).setCiphers(ciphers); +} +} + +/** + * Gets the alias name of the keypair and supporting certificate chain + * used by this Connector to authenticate itself to SSL clients. + * + * @return The alias name of the keypair and supporting certificate chain + */ +public String getKeyAlias() { +ServerSocketFactory factory = getFactory(); +if (factory instanceof CoyoteServerSocketFactory) { +return ((CoyoteServerSocketFactory)factory).getKeyAlias(); +} +return null; +} + +/** + * Sets the alias name of the keypair and supporting certificate chain + * used by this Connector to authenticate itself to SSL clients. + * + * @param alias The alias name of the keypair and supporting certificate + * chain + */ +public void setKeyAlias(String alias) { +setProperty(keyAlias, alias); +ServerSocketFactory factory = getFactory(); +if (factory instanceof CoyoteServerSocketFactory) { +((CoyoteServerSocketFactory)factory).setKeyAlias(alias); } } 1.3 +22 -0 jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteServerSocketFactory.java Index: CoyoteServerSocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteServerSocketFactory.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- CoyoteServerSocketFactory.java11 Jul 2003 01:04:43 - 1.2 +++ CoyoteServerSocketFactory.java11 Aug 2003 18:06:11 - 1.3 @@ -115,6 +115,7 @@ private String protocol = TLS; private String sslImplementation = null; private String cipherSuites; +private String keyAlias; // - Properties @@ -294,6 +295,27 @@ */ public void setSSLImplementation(String sslImplementation) { this.sslImplementation = sslImplementation; +} + +/** + * Gets the alias name of the keypair and supporting certificate chain + * used by the server to authenticate itself to SSL clients. + * + * @return The alias name of the keypair and supporting certificate chain + */ +public String getKeyAlias() { +return this.keyAlias; +} + +/** + * Sets the alias name of the keypair and supporting certificate chain + * used by the server to authenticate itself to SSL clients. + * + * @param alias The alias name of the keypair and supporting certificate + * chain + */ +public void setKeyAlias(String alias) { +this.keyAlias = alias; } /** 1.4 +4 -0 jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/mbeans-descriptors.xml Index: mbeans-descriptors.xml === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/mbeans-descriptors.xml,v retrieving revision 1.3 retrieving revision 1.4 diff -u
DO NOT REPLY [Bug 22277] - IllegalArgumentException in setOutputLineIncrement()
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22277. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22277 IllegalArgumentException in setOutputLineIncrement() [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2003-08-13 07:22 --- There's a side problem that causes the mappings to be incorrect for tags invocations which are done in separate methods, rather than inside _jspService. That's what really did cause the bug. I agree that this is fixed, and the other issues are other bugs. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/webapps/docs changelog.xml
remm2003/08/10 03:53:23 Modified:webapps/docs changelog.xml Log: - Changelog for 5.0.7. Revision ChangesPath 1.14 +214 -0jakarta-tomcat-catalina/webapps/docs/changelog.xml Index: changelog.xml === RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- changelog.xml 3 Aug 2003 14:35:42 - 1.13 +++ changelog.xml 10 Aug 2003 10:53:23 - 1.14 @@ -13,6 +13,220 @@ body +section name=Tomcat 5.0.7 (remm) + + subsection name=General + +changelog + + scode + Tomcat 5.0.x release plan was voted (remm) + /scode + update + Various JSP 2.0 API updates, submitted by Mark Roth (kinman) + /update + update + Update to commons-modeler 1.1, submitted by Yoav Shapira (remm) + /update + update + Simplify the use of the Ant script shipped in the embedded package (remm) + /update + update + Bundle Xerces 2.5.0 again, due to bugs in Crimson (remm) + /update + +/changelog + + /subsection + + subsection name=Catalina + +changelog + + update + Allow putting a /META-INF/context.xml inside any WAR file deployed + by the HostConfig (remm) + /update + fix + Many bugfixes in JNDI realm: bug18698/bug, bug11678/bug, + bug19864/bug, bug20518/bug, with help from David DeWolf and + Jeff Tulley (funkman) + /fix + fix + Fix for three related request dispatcher bugs, including + bug22013/bug, bug4690/bug (cross context sessions support), and + port the fix for ServletContext.getContext(...) when using the root + context (remm) + /fix + update + Use PropertyUtils to obtain the rootCause. This way we can + also drill into nested JspExceptions or another Throwable object + which has a 'rootCause' property which returns a Throwable (funkman) + /update + update + Extract all non class resources from a JAR on access to a non class + resource (remm) + /update + fix + bug14817/bug: JNDIRealm SHA digest implementation incorrect (funkman) + /fix + fix + NPE when an invalid web.xml is deployed and the digester throws + an exception (jfarcand) + /fix + fix + bug22236/bug: addAttributeValues may return null. and this could + trigger a NPE if debugging was turned up =2 (funkman) + /fix + fix + bug22146/bug: Use Class.forName instead of ClassLoader.loadClass + (remm) + /fix + fix + Split the applicationListeners array in two, for performance reasons + (remm) + /fix + fix + Fix bug where welcome files were not being processed in the embedded + distribution (remm) + /fix + +/changelog + + /subsection + + subsection name=Coyote + +changelog + + fix + bug9351/bug: parsing IPv6 hostnames (in IP form, obviously), + submitted by Masashi Yamaguchi (remm) + /fix + fix + Allow extending CoyoteConnector (jfarcand) + /fix + update + bug22192/bug: the context mapping algorithm actually needs to be + similar to the algorithm used for widcard wrapper mapping; optimize + wildcard mapping: as the amount of nesting the mapping have is known, + some mapping operations can be avoided (remm) + /update + update + Allow for customization of JSSE trust and key managers (luehe) + /update + fix + Added check for (keystoreType == null) before calling + getKeyManagers/getTrustManagers (luehe) + /fix + +/changelog + + /subsection + + subsection name=Jasper + +changelog + + fix + bug22090/bug: Enable expression cache, submitted by Matthias Ernst + (remm) + /fix + fix + bug22103/bug: Release servlet writer after compilation, submitted by + Gilles Scokart (remm) + /fix + fix + bug21206/bug: Fix including a JSP, where Jasper would do weird + things whenever the outer request had a non null pathInfo; it will now + use the included servlet path correctly (remm) + /fix + fix + Have 'isELIgnored' page directive attribute take precendence over JSP + config el-ignored (luehe) + /fix + update + Replaced JspServlet's tagPoolSize config param with the correct + tagpoolMaxSize in web.xml, and removed getTagPoolSize() from Options, + because tag pool size is no longer needed at compile time (luehe) + /update + update +
DO NOT REPLY [Bug 22266] - Keep template text together with mappedfile=true
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22266. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22266 Keep template text together with mappedfile=true [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2003-08-09 19:22 --- It looks that was what was originally intended, so it's likely another great patch :) I'll apply both of your patches. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22405] - warn if not deploy with umask 0077 or if deployed as root and provide tutorial URL Secure deployment
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22405. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22405 warn if not deploy with umask 0077 or if deployed as root and provide tutorial URL Secure deployment [EMAIL PROTECTED] changed: What|Removed |Added CC||[EMAIL PROTECTED] Summary|deploy as 700 and additional|warn if not deploy with |attribute to be less|umask 0077 or if deployed |restrictive |as root and provide ||tutorial URL Secure ||deployment --- Additional Comments From [EMAIL PROTECTED] 2003-08-14 14:12 --- Ok, I might have misunderstood somebody such that I thought that tomcat only runs under root which it obviously does not (I tested it now; and yes, even before this post, I did use sudo). In order to avoid novices like myself falling into these traps, I suggest the following 3 enhancements: 1) warn if tomcat sees itself running as root and print a tutorial URL into catalina.out 2) warn if tomcat sees its umask as being other than ***7 (i.e. if its output is world-readable) and print the same tutorial URL 3) create the tutorial page how to deploy securely (I am happy to be the first tester/contributor there!) Re: how to set owners/permissions from inside Java -- a quick google search yielded the following (untested) results http://www.aoindustries.com/docs/aocode-public/com/aoindustries/io/unix/UnixFile.html http://www.xenonsoft.demon.co.uk/products/javaunix/docs/api/javaunix/io/UnixFile.html Former Summary: deploy as 700 and additional attribute to be less restrictive Further safeguard ideas to achieve secure deployment out of the Java-oriented world (tomcat/ant) are described in http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22370 and http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22417 . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 14784] - access log garbled
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14784. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14784 access log garbled [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2003-08-11 18:41 --- This was fixed long, long ago. If you insist on using an out-dated version, that is your problem. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
javadoc
Hi, Slightly off-topic but here goes..I need a good source of info on how to generate Javadoc (multiple packages)..(on Win XP). Any constructive input welcome. Thanks JP - Yahoo! Plus - For a better Internet experience
Tomcat 4.1.24 JVM 1.4.2 security hole?
The user list has been busy lately discussing a possible security hole, but only 1/3 of the people in the thread could see the problem. I finally got to where I could see it using Tomcat 4.1.24 and JVM 1.4.2, but NOT with JVM 1.4.1. The vulnerability is that if you stick a %20 on the end of a .jsp url, you get the source. I have not tried this with Tomcat versions later than 4.1.24 once I actually saw the problem. Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [ANN] Apache Tomcat 4.1.27 Stable released
- Original Message - From: Remy Maucherat [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] Sent: Thursday, August 07, 2003 11:03 AM Subject: Re: [ANN] Apache Tomcat 4.1.27 Stable released NAIK,ROSHAN (HP-Cupertino,ex1) wrote: Hi Remy, Are these security bugs existing in all versions of Tomcat 4 prior to 4.1.27 ? Or was there a version of Tomcat where these were introduced ? I couldnt find the reference to these security issues on the tomcat web site section mentioning the 4.1.27 release. This information will be very much useful since we may need to redeploy our free HPUX Tomcat distribution to customers. Ok, cool. The Tomcat Team announces the immediate availability of Apache Tomcat 4.1.27 Stable. Among other bugfixes and improvements, Tomcat 4.1.27 includes security fixes for: - Improper recycling of SSL client certificates with Coyote JK 2 That could have been introduced in a previous release. Bill or Costin could probably give a straight answer. This was introduced in 4.1.18, along with another bug that caused client certificates to not work at all (and which masked this bug). - Improper handling of invalid content lengths in requests, causing HTTP processors to be left in an invalid state in Coyote HTTP/1.1, causing a DoS condition That always existed in Coyote HTTP/1.1 shipped with Tomcat 4.1.x. - URI normalization bug in Coyote Idem. - Improper handling of certain URLs in Coyote JK 2, causing a DoS condition I believe this always existed in Coyote JK 2, but Bill or Costin have more knowledge of the issue. Without checking the CVS logs, I believe that this has always existed in 4.1. It's certainly been there since the first stable release of 4.1.x. Remy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler PageDataImpl.java
kinman 2003/08/12 11:12:54 Modified:jasper2/src/share/org/apache/jasper/compiler PageDataImpl.java Log: - Get the logic for resetDefaultNS right. What was I thinking :-) Revision ChangesPath 1.34 +18 -9 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/PageDataImpl.java Index: PageDataImpl.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/PageDataImpl.java,v retrieving revision 1.33 retrieving revision 1.34 diff -u -r1.33 -r1.34 --- PageDataImpl.java 12 Aug 2003 01:58:54 - 1.33 +++ PageDataImpl.java 12 Aug 2003 18:12:54 - 1.34 @@ -407,13 +407,13 @@ public void visit(Node.CustomTag n) throws JasperException { boolean resetDefaultNSSave = resetDefaultNS; - appendTag(n); + appendTag(n, resetDefaultNS); resetDefaultNS = resetDefaultNSSave; } public void visit(Node.UninterpretedTag n) throws JasperException { boolean resetDefaultNSSave = resetDefaultNS; - appendTag(n); + appendTag(n, resetDefaultNS); resetDefaultNS = resetDefaultNSSave; } @@ -453,6 +453,15 @@ * Appends the given tag, including its body, to the XML view. */ private void appendTag(Node n) throws JasperException { + appendTag(n, false); + } + + /* + * Appends the given tag, including its body, to the XML view, + * and optionally reset default namespace to , if none specified. + */ + private void appendTag(Node n, boolean addDefaultNS) + throws JasperException { Node.Nodes body = n.getBody(); String text = n.getText(); @@ -460,7 +469,7 @@ buf.append().append(n.getQName()); buf.append(\n); - printAttributes(n); + printAttributes(n, addDefaultNS); buf.append( ).append(jspIdPrefix).append(:id).append(=\); buf.append(jspId++).append(\\n); @@ -682,7 +691,7 @@ /* * Appends the attributes of the given Node to the XML view. */ - private void printAttributes(Node n) { + private void printAttributes(Node n, boolean addDefaultNS) { /* * Append xmlns attributes that represent tag libraries @@ -707,10 +716,10 @@ buf.append( ).append(name).append(=\).append(value).append(\\n); defaultNSSeen |= xmlns.equals(name); } - if (resetDefaultNS !defaultNSSeen) { + if (addDefaultNS !defaultNSSeen) { buf.append( xmlns=\\\n); - resetDefaultNS = false; } + resetDefaultNS = false; /* * Append all other attributes - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5 CoyoteResponse.java
luehe 2003/08/12 17:13:43 Modified:catalina/src/share/org/apache/coyote/tomcat5 CoyoteResponse.java Log: Optimizations: - Bugtraq 4730584 (HttpResponseBase should create date format only when needed) - Bugtraq 4701695 (avoid reformatting constant Expires header on every request) Revision ChangesPath 1.6 +22 -12 jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteResponse.java Index: CoyoteResponse.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteResponse.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- CoyoteResponse.java 23 Jun 2003 19:14:41 - 1.5 +++ CoyoteResponse.java 13 Aug 2003 00:13:43 - 1.6 @@ -113,7 +113,7 @@ import org.apache.catalina.util.CharsetMapper; import org.apache.catalina.util.RequestUtil; import org.apache.catalina.util.StringManager; - +import org.apache.catalina.util.DateTool; /** * Wrapper object for the Coyote response. @@ -131,10 +131,7 @@ public CoyoteResponse() { - -format.setTimeZone(TimeZone.getTimeZone(GMT)); urlEncoder.addSafeCharacter('/'); - } @@ -143,8 +140,7 @@ /** * The date format we will use for creating date headers. */ -protected final SimpleDateFormat format = -new SimpleDateFormat(EEE, dd MMM HH:mm:ss zzz, Locale.US); +protected SimpleDateFormat format = null; /** @@ -939,8 +935,15 @@ return; // Ignore any call from an included servlet -if (included) +if (included) { return; +} + +if (format == null) { +format = new SimpleDateFormat(DateTool.HTTP_RESPONSE_DATE_HEADER, + Locale.US); +format.setTimeZone(TimeZone.getTimeZone(GMT)); +} addHeader(name, FastHttpDateFormat.formatDate(value, format)); @@ -1190,8 +1193,15 @@ return; // Ignore any call from an included servlet -if (included) +if (included) { return; +} + +if (format == null) { +format = new SimpleDateFormat(DateTool.HTTP_RESPONSE_DATE_HEADER, + Locale.US); +format.setTimeZone(TimeZone.getTimeZone(GMT)); +} setHeader(name, FastHttpDateFormat.formatDate(value, format)); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22405] - deploy as 700 and additional attribute to be less restrictive
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22405. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22405 deploy as 700 and additional attribute to be less restrictive --- Additional Comments From [EMAIL PROTECTED] 2003-08-14 09:47 --- Can't say that I agree. I would never dream of running my tomcat processes as root neither would I be logged in and manage them as root (tip: sudo). And I would assume the files created by tomcat are using the umask of the tomcat process, didn't even think you could set them from inside Java, but then I might not be up to date with the latezt cool API additions. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22410] New: - network level bug?
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22410. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22410 network level bug? Summary: network level bug? Product: Tomcat 4 Version: 4.1.24 Platform: PC URL: http://www.keysurvey.com OS/Version: Linux Status: NEW Severity: Critical Priority: Other Component: Connector:Coyote JK 2 AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] I use 2-processor Intel Xeon mashine. Several times I see in tomcat.log next lines: Aug 13, 2003 1:09:56 PM org.apache.jk.common.JniHandler nativeDispatch SEVERE: nativeDispatch: error 12 Aug 13, 2003 1:09:56 PM org.apache.jk.common.ChannelUn receive SEVERE: receive error: 12 INF 13:09:59 Service LeakWrite: Written results for 1 respondents (0 remained in queue). WARNING: called /show.jsp null/show.jsp SID=614Pwd=114a INF 13:10:05 Service LeakWrite: Written results for 1 respondents (0 remained in queue). Voting: no session for SID=11705, Pwd=1ba3 INF 13:10:11 Service LeakWrite: Written results for 1 respondents (0 remained in queue). WARNING: called /show.jsp null/show.jsp SID=613Pwd=235f Aug 13, 2003 1:10:25 PM org.apache.jk.common.JniHandler nativeDispatch SEVERE: nativeDispatch: error 12 Aug 13, 2003 1:10:25 PM org.apache.jk.common.ChannelUn receive SEVERE: receive error: 12 Aug 13, 2003 1:10:25 PM org.apache.jk.common.JniHandler nativeDispatch SEVERE: nativeDispatch: error -3 Aug 13, 2003 1:10:25 PM org.apache.jk.common.JniHandler nativeDispatch SEVERE: nativeDispatch: error 12 Aug 13, 2003 1:10:25 PM org.apache.jk.common.ChannelUn receive SEVERE: receive error: 12 after these errors my application receives broken requests(i.e. too long null parameters, or several parameters mixed) - application is reported for a bug, but our clients are disappointed BR NIkon - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22277] - IllegalArgumentException in setOutputLineIncrement()
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22277. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22277 IllegalArgumentException in setOutputLineIncrement() [EMAIL PROTECTED] changed: What|Removed |Added Summary|SMAP LineInfo entries with |IllegalArgumentException in |an outputStartLine of 0 |setOutputLineIncrement() --- Additional Comments From [EMAIL PROTECTED] 2003-08-12 07:08 --- That's the same problem. No need to provide sample JSPs (although I appreciate the offer); a patch fixing the crashing problem is already attached to this ticket and incorporated into CVS, and I'm looking into the best way to eliminate the root cause. To make it easier for other people having this problem to find this ticket, I'm changing the summary from SMAP LineInfo entries with an outputStartLine of 0 (the root cause) to IllegalArgumentException in setOutputLineIncrement () (the error people actually see). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources messages.properties
luehe 2003/08/12 12:11:45 Modified:jasper2/src/share/org/apache/jasper JspC.java jasper2/src/share/org/apache/jasper/resources messages.properties Log: Added -classpath option to JspC Revision ChangesPath 1.55 +6 -3 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/JspC.java Index: JspC.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/JspC.java,v retrieving revision 1.54 retrieving revision 1.55 diff -u -r1.54 -r1.55 --- JspC.java 12 Aug 2003 18:36:46 - 1.54 +++ JspC.java 12 Aug 2003 19:11:45 - 1.55 @@ -148,6 +148,7 @@ private static final String SWITCH_WEBAPP_XML = -webxml; private static final String SWITCH_MAPPED = -mapped; private static final String SWITCH_XPOWERED_BY = -xpoweredBy; +private static final String SWITCH_CLASSPATH = -classpath; private static final String SWITCH_DIE = -die; private static final String SHOW_SUCCESS =-s; private static final String LIST_ERRORS = -l; @@ -288,6 +289,8 @@ mappedFile = true; } else if (tok.equals(SWITCH_XPOWERED_BY)) { xpoweredBy = true; +} else if (tok.equals(SWITCH_CLASSPATH)) { +setClassPath(nextArg()); } else if (tok.startsWith(SWITCH_DIE)) { try { dieLevel = Integer.parseInt( 1.129 +2 -1 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages.properties Index: messages.properties === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages.properties,v retrieving revision 1.128 retrieving revision 1.129 diff -u -r1.128 -r1.129 --- messages.properties 12 Aug 2003 18:36:46 - 1.128 +++ messages.properties 12 Aug 2003 19:11:45 - 1.129 @@ -226,6 +226,7 @@ \-webinc file Creates a partial servlet mappings in the file\n\ \-webxml file Creates a complete web.xml in the file\n\ \-ieplugin clsid Java Plugin classid for Internet Explorer\n\ +\-classpath path Overrides java.class.path system property\n\ \-xpoweredByAdd X-Powered-By response header\n\ jspc.webxml.header=?xml version=1.0 encoding=ISO-8859-1?\n\ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Resend: Tomcat 4.1.24 JVM 1.4.2 security hole?
The user list has been busy lately discussing a possible security hole, but only 1/3 of the people in the thread could see the problem. I finally got to where I could see it using Tomcat 4.1.24 and JVM 1.4.2, but NOT with JVM 1.4.1. The vulnerability is that if you stick a %20 on the end of a .jsp url, you get the source. I forgot to mention the platforms where this has been seen. I have seen this with Sun's JVM 1.4.2 on Windows XP, and now I just verified that it also exists on NetWare's JVM 1.4.2 (built on Sun's source code base, so not surprising) It might exist on other 1.4.2 implementations, but I am not sure. I also just verified this on Tomcat 4.1.18 and 4.1.26 as well. For some reason I see it better with the example jsp's - /examples/jsp/num/numbguess.jsp%20 for instance. But, you can tell the problem is going to be there if, when you add the %20 to the .jsp name, you don't get a 404. This is all going directly to port 8080, so no native connector is involved. Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSE14SocketFactory.java
luehe 2003/08/09 10:17:17 Modified:util/java/org/apache/tomcat/util/net/jsse JSSE14SocketFactory.java Log: Added check for (keystoreType == null) before calling getKeyManagers/getTrustManagers Revision ChangesPath 1.7 +3 -4 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java Index: JSSE14SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- JSSE14SocketFactory.java 8 Aug 2003 23:57:02 - 1.6 +++ JSSE14SocketFactory.java 9 Aug 2003 17:17:17 - 1.7 @@ -111,6 +111,9 @@ if (algorithm == null) algorithm = defaultAlgorithm; String keystoreType = (String)attributes.get(keystoreType); +if (keystoreType == null) { +keystoreType = defaultKeystoreType; +} // Create and init SSLContext SSLContext context = SSLContext.getInstance(protocol); @@ -137,10 +140,6 @@ protected KeyManager[] getKeyManagers(String keystoreType, String algorithm) throws Exception { - -if (keystoreType == null) { -keystoreType = defaultKeystoreType; -} String keystorePass = getKeystorePassword(); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 21206] - Tomcat 5 - Jetspeed JSP Portlets do not display
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21206. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21206 Tomcat 5 - Jetspeed JSP Portlets do not display [EMAIL PROTECTED] changed: What|Removed |Added Version|5.0.3 |5.0.7 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22405] New: - deploy as 700 and additional attribute to be less restrictive
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22405. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22405 deploy as 700 and additional attribute to be less restrictive Summary: deploy as 700 and additional attribute to be less restrictive Product: Tomcat 4 Version: 4.1.24 Platform: Other URL: http://jakarta.apache.org/tomcat/tomcat-4.1- doc/config/host.html#Automatic%20Application%20Deploymen t OS/Version: Other Status: NEW Severity: Enhancement Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The user managing web applications under tomcat is often root. Typically root has umask 755 and this makes sense for many tasks that have to be accomplished as root. However web applications often contain passwords to access for example a database. Therefore, I suggest: 1) make sure that the permissions generated by attributes autoDeploy and unpackWARs are 700 2) add a permissions attribute that allows to i) use the default umask if it is set to umask ii) set any other octal umask value for this - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources messages.properties messages_es.properties messages_fr.properties messages_ja.properties
kinman 2003/08/14 14:16:52 Modified:jasper2/src/share/org/apache/jasper/compiler ErrorDispatcher.java Generator.java PageInfo.java Validator.java jasper2/src/share/org/apache/jasper/resources messages.properties messages_es.properties messages_fr.properties messages_ja.properties Log: - Add attibutes doctype-root-element, doctype-system and doctype-public to jsp:output for outputing a DOCTYPE declartion in xml documents, per latest spec change. Revision ChangesPath 1.13 +24 -4 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/ErrorDispatcher.java Index: ErrorDispatcher.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/ErrorDispatcher.java,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- ErrorDispatcher.java 11 Aug 2003 21:11:07 - 1.12 +++ ErrorDispatcher.java 14 Aug 2003 21:16:52 - 1.13 @@ -240,7 +240,7 @@ * resource bundle for localized error messages, it is used as the error * message. * - * @param n Node that caused the error + * @param where Error location * @param errCode Error code * @param arg1 First argument for parametric replacement * @param arg2 Second argument for parametric replacement @@ -269,6 +269,26 @@ public void jspError(Node n, String errCode, String arg1, String arg2) throws JasperException { dispatch(n.getStart(), errCode, new Object[] {arg1, arg2}, null); +} + +/* + * Dispatches the given JSP parse error to the configured error handler. + * + * The given error code is localized. If it is not found in the + * resource bundle for localized error messages, it is used as the error + * message. + * + * @param n Node that caused the error + * @param errCode Error code + * @param arg1 First argument for parametric replacement + * @param arg2 Second argument for parametric replacement + * @param arg3 Third argument for parametric replacement + */ + +public void jspError(Node n, String errCode, String arg1, String arg2, + String arg3) + throws JasperException { + dispatch(n.getStart(), errCode, new Object[] {arg1, arg2, arg3}, null); } /* 1.195 +40 -11 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Generator.java Index: Generator.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Generator.java,v retrieving revision 1.194 retrieving revision 1.195 diff -u -r1.194 -r1.195 --- Generator.java9 Aug 2003 19:19:37 - 1.194 +++ Generator.java14 Aug 2003 21:16:52 - 1.195 @@ -594,14 +594,18 @@ } /** - * Generates an XML declaration, under the following conditions: - * - * - 'omit-xml-declaration' attribute of jsp:output action is set to - * no or false - * - JSP document without a jsp:root + * Generates an XML Prolog, which includes an XML declaration and + * an XML doctype declaration. */ -private void generateXmlDeclaration(Node.Nodes page) { +private void generateXmlProlog(Node.Nodes page) { + /* + * An XML declaration is generated under the following conditions: + * + * - 'omit-xml-declaration' attribute of jsp:output action is set to + * no or false + * - JSP document without a jsp:root + */ String omitXmlDecl = pageInfo.getOmitXmlDecl(); if ((omitXmlDecl != null !JspUtil.booleanValue(omitXmlDecl)) || (omitXmlDecl == null page.getRoot().isXmlSyntax() @@ -611,6 +615,31 @@ out.printil(out.write(\?xml version=\\\1.0\\\ encoding=\\\ + charSet + \\\?\\n\);); } + + /* + * Output a DOCTYPE declaration if the doctype-root-element appears. + * If doctype-public appears: + * !DOCTYPE name PUBLIC doctypePublic doctypeSystem + * else + * !DOCTYPE name SYSTEM doctypeSystem + */ + + String doctypeName = pageInfo.getDoctypeName(); + if (doctypeName != null) { + String doctypePublic = pageInfo.getDoctypePublic(); + String doctypeSystem = pageInfo.getDoctypeSystem(); + out.printin(out.write(\!DOCTYPE ); + out.print(doctypeName); + if (doctypePublic == null) { + out.print( SYSTEM \\\); + } else { + out.print( PUBLIC \\\); +
JSPC and TC 5?
Is there any particular reason why the jspc.sh/bat and jasper.sh/bat files are not included in Tomcat 5? I realize that Ant is the preferred way to precompile a web application, but JSPC is very convenient to use for simple sites when there's no Ant installation in place. I tested using the TC 4.1.24 scripts with TC 5.0.7, and it seems to work fine. Any chance that these scripts can be added back into TC 5? Hans -- Hans Bergsten[EMAIL PROTECTED] Gefion Software http://www.gefionsoftware.com/ Author of O'Reilly's JavaServer Pages, covering JSP 1.2 and JSTL 1.0 Details athttp://TheJSPBook.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22413] New: - encodeURL(encodeURL()) fails in ROOT context
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22413. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22413 encodeURL(encodeURL()) fails in ROOT context Summary: encodeURL(encodeURL()) fails in ROOT context Product: Tomcat 4 Version: 4.1.27 Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: Other Component: Servlet JSP API AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] It seems that HttpServletResponse.encodeURL doesn't function correctly in an application running as ROOT context: it adds the jsessionid a second time even if alreaday present With cookies disabled, the following code: logger_.debug(encode url: + response.encodeURL(toto.jsp)); logger_.debug(encode(encode url): + response.encodeURL(response.encodeURL(toto.jsp))); gives: - if application runs as normal context: as normal context encode url: toto.jsp;jsessionid=9BD0236E2D6CF25DF8B9CD038ABBD079 encode(encode url): toto.jsp;jsessionid=9BD0236E2D6CF25DF8B9CD038ABBD079 - if application runs as ROOT context: encode url: toto.jsp;jsessionid=CFDE76571522565C6E721F149F351202 encode(encode url): toto.jsp;jsessionid=CFDE76571522565C6E721F149F351202;jsessionid=CFDE76571522565C6E721F149F351202 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22426] New: - cannot resolve getContextPath on ServletRequest
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22426. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22426 cannot resolve getContextPath on ServletRequest Summary: cannot resolve getContextPath on ServletRequest Product: Tomcat 5 Version: 5.0.7 Platform: PC OS/Version: Windows XP Status: NEW Severity: Minor Priority: Other Component: Jasper2 AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Summary: Using %= request.getContextPath() % in one of the new, schmancy .tag files results in the following error: org.apache.jasper.JasperException: Unable to compile class for JSP An error occurred at line: 2 in the jsp file: /WEB-INF/tags/basePath.tag Generated servlet error: [javac] Compiling 1 source file C:\usr\software\jakarta-tomcat-5.0.7\work\Catalina\localhost\Tomcat5\org\apache\jsp\tag\web\basePath_tag.java:51: cannot resolve symbol symbol : method getContextPath () location: interface javax.servlet.ServletRequest out.write(String.valueOf( request.getContextPath() )); ^ 1 error This expression works fine in a regular .jsp file, though. I can work around the problem with the following: %= ((javax.servlet.http.HttpServletRequest)request).getContextPath() % This seems to be because the underlying object is org.apache.coyote.tomcat5.CoyoteRequestFacade which implements the HttpServletRequest interface. Anyway, hopefully this isn't some obscure configuration or usage error on my part. Hope this helps. doug. FULL STACK TRACE: 2003-08-14 09:50:26 StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw exception org.apache.jasper.JasperException: Unable to compile class for JSP An error occurred at line: 2 in the jsp file: /WEB-INF/tags/basePath.tag Generated servlet error: [javac] Compiling 1 source file C:\usr\software\jakarta-tomcat-5.0.7\work\Catalina\localhost\Tomcat5\org\apache\jsp\tag\web\basePath_tag.java:51: cannot resolve symbol symbol : method getContextPath () location: interface javax.servlet.ServletRequest out.write(String.valueOf( request.getContextPath() )); ^ 1 error at org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:128) at org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:307) at org.apache.jasper.compiler.Compiler.generateClass(Compiler.java:415) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:455) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:439) at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:555) at org.apache.jasper.servlet.JspServletWrapper.loadTagFile(JspServletWrapper.java:218) at org.apache.jasper.compiler.TagFileProcessor.loadTagFile(TagFileProcessor.java:506) at org.apache.jasper.compiler.TagFileProcessor.access$000(TagFileProcessor.java:85) at org.apache.jasper.compiler.TagFileProcessor$TagFileLoaderVisitor.visit(TagFileProcessor.java:552) at org.apache.jasper.compiler.Node$CustomTag.accept(Node.java:1444) at org.apache.jasper.compiler.Node$Nodes.visit(Node.java:2142) at org.apache.jasper.compiler.Node$Visitor.visitBody(Node.java:2184) at org.apache.jasper.compiler.Node$Visitor.visit(Node.java:2190) at org.apache.jasper.compiler.Node$Root.accept(Node.java:471) at org.apache.jasper.compiler.Node$Nodes.visit(Node.java:2142) at org.apache.jasper.compiler.TagFileProcessor.loadTagFiles(TagFileProcessor.java:570) at org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:271) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:453) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:439) at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:555) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:300) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:293) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:286) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:254) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151) at
Re: [5] Jasper currently requires a 1.4 JVM
- Original Message - From: Costin Manolache [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 10:49 PM Subject: Re: [5] Jasper currently requires a 1.4 JVM Remy Maucherat wrote: Bill Barker wrote: o.a.j.compiler.JspUtil.makeJavaPackage currently is calling String.split. This means that you currently can't use Jasper (at least for compiling) with a 1.3.x JVM. Since Tomcat isn't a J2EE 1.4 container I can't see any justification in the spec for not supporting 1.3.x JVMs. However, since I don't spend a lot of my time with Jasper, I'd thought that I should get the opinions of people that do before hacking away ;-). The two ways I can see to go are: 1) Introduce a JdkCompat (similar to o.a.t.u.compat, but in Jasper since I can't see making Jasper depend on j-t-c). Pluses: People using 1.4 JVMs get all the benefits of String.split. Minuses: Requires a new package with two new classes. 2) Simply re-code makeJavaPackage to only use APIs from 1.3.x and higher. Basically switch Pluses and Minuses above. Of course, I'm willing to do the grunt-work to implement this. My personal preference is for 1), but if anyone has a better idea I'm open to that as well. Comments/Opinions/Flames? I would do 2. Since it doesn't affect functionality, and I think this was a mistake when makeJavaPackage was coded. The gain is not worth maintaining two versions IMO. +1 on 2 - same reasons as Remy. Remy's suggestion has already been committed. I would be +1 on (1) if the new methods would be added to o.a.t.u.compat, not in a jasper package. Jasper depending on j-t-c (or at least the utils ) would be a good thing IMO. ( I know some people disagree on this, no need to flame :-) I also added the 'split' method to o.a.t.u.compat (although it isn't currently used). Depending on usage (if any) we may need to have regexp support for util to have it really work cross JVMs. I'm being an optimist and assuming that there won't be a need for regexp splits ;-). Costin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22439] New: - NPE compiling JSP Document
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22439. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22439 NPE compiling JSP Document Summary: NPE compiling JSP Document Product: Tomcat 5 Version: 5.0.7 Platform: Other OS/Version: All Status: NEW Severity: Major Priority: Other Component: Jasper2 AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The following JSP Document doesn't compile: !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3c.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3c.org/1999/xhtml; xmlns:jsp=http://java.sun.com/JSP/Page; xml:lang=en lang=en jsp:directive.page contentType=text/html / head titleA JSP Document/title /head body bgcolor=white h1All Request Parameters/h1 ul c:forEach xmlns:c=http://java.sun.com/jsp/jstl/core; items=${paramValues} var=current li ${current.key}: c:forEach items=${current.value} var=parValue br/${parValue} /c:forEach /li /c:forEach /ul jsp:element name=${param.element} jsp:attribute name=style${param.style}/jsp:attribute jsp:body${param.body}/jsp:body /jsp:element /body /html The root cause for the exception is: java.lang.NullPointerException org.apache.jasper.compiler.PageInfo.popPrefixMapping(PageInfo.java:339) org.apache.jasper.compiler.JspDocumentParser.endPrefixMapping(JspDocumentParser.java:574) org.apache.xerces.parsers.AbstractSAXParser.endNamespaceMapping(Unknown Source) org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) org.apache.xerces.impl.XMLNamespaceBinder.handleEndElement(Unknown Source) org.apache.xerces.impl.XMLNamespaceBinder.endElement(Unknown Source) org.apache.xerces.impl.dtd.XMLDTDValidator.endNamespaceScope(Unknown Source) org.apache.xerces.impl.dtd.XMLDTDValidator.handleEndElement(Unknown Source) org.apache.xerces.impl.dtd.XMLDTDValidator.endElement(Unknown Source) org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source) org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) org.apache.xerces.parsers.DTDConfiguration.parse(Unknown Source) org.apache.xerces.parsers.DTDConfiguration.parse(Unknown Source) org.apache.xerces.parsers.XMLParser.parse(Unknown Source) org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) javax.xml.parsers.SAXParser.parse(Unknown Source) org.apache.jasper.compiler.JspDocumentParser.parse(JspDocumentParser.java:195) org.apache.jasper.compiler.ParserController.parse(ParserController.java:223) org.apache.jasper.compiler.ParserController.parse(ParserController.java:146) org.apache.jasper.compiler.ParserController.parse(ParserController.java:132) org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:245) org.apache.jasper.compiler.Compiler.compile(Compiler.java:453) org.apache.jasper.compiler.Compiler.compile(Compiler.java:439) org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:555) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:300) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:293) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240) javax.servlet.http.HttpServlet.service(HttpServlet.java:856) It works fine with TC 5.0.4 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22397] New: - Compiler warnings
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22397. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22397 Compiler warnings Summary: Compiler warnings Product: Tomcat 4 Version: 4.1.27 Platform: Sun OS/Version: Solaris Status: NEW Severity: Normal Priority: Other Component: Connector:Coyote JK 2 AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] gcc 3.2.2 (64 bit mode) gives these warnings: [so] /local/src/jakarta-tomcat-connectors-4.1.27-src/jk/native2/server/apache2/mod_jk2.c:197: warning: missing initializer [so] /local/src/jakarta-tomcat-connectors-4.1.27-src/jk/native2/server/apache2/mod_jk2.c:197: warning: (near initialization for `jk2_cmds[ [so] /local/src/jakarta-tomcat-connectors-4.1.27-src/jk/native2/common/jk_vm_default.c:449:77: warning: backslash and newline separated by space [so] /local/src/jakarta-tomcat-connectors-4.1.27-src/jk/native2/common/jk_channel_apr_socket.c: In function `jk2_channel_apr_open': [so] /local/src/jakarta-tomcat-connectors-4.1.27-src/jk/native2/common/jk_channel_apr_socket.c:229: warning: left-hand operand of comma expression has no effect [so] /local/src/jakarta-tomcat-connectors-4.1.27-src/jk/native2/common/jk_channel_apr_socket.c:229: warning: left-hand operand of comma expression has no effect [so] /local/src/jakarta-tomcat-connectors-4.1.27-src/jk/native2/common/jk_channel_apr_socket.c:258: warning: left-hand operand of comma expression has no effect [so] /local/src/jakarta-tomcat-connectors-4.1.27-src/jk/native2/common/jk_channel_apr_socket.c:258: warning: left-hand operand of comma expression has no effect [so] /local/src/jakarta-tomcat-connectors-4.1.27-src/jk/native2/common/jk_worker_status.c: In function `jk2_worker_status_displayStat': [so] /local/src/jakarta-tomcat-connectors-4.1.27-src/jk/native2/common/jk_worker_status.c:118: warning: comparison between signed and unsigned [so] /local/src/jakarta-tomcat-connectors-4.1.27-src/jk/native2/common/jk_vm_default.c:449:77: warning: backslash and newline separated by space [so] /local/src/jakarta-tomcat-connectors-4.1.27-src/jk/native2/common/jk_channel_apr_socket.c: In function `jk2_channel_apr_open': [so] /local/src/jakarta-tomcat-connectors-4.1.27-src/jk/native2/common/jk_channel_apr_socket.c:229: warning: left-hand operand of comma expression has no effect [so] /local/src/jakarta-tomcat-connectors-4.1.27-src/jk/native2/common/jk_channel_apr_socket.c:229: warning: left-hand operand of comma expression has no effect [so] /local/src/jakarta-tomcat-connectors-4.1.27-src/jk/native2/common/jk_channel_apr_socket.c:258: warning: left-hand operand of comma expression has no effect [so] /local/src/jakarta-tomcat-connectors-4.1.27-src/jk/native2/common/jk_channel_apr_socket.c:258: warning: left-hand operand of comma expression has no effect [so] /local/src/jakarta-tomcat-connectors-4.1.27-src/jk/native2/common/jk_worker_status.c:118: warning: comparison between signed and unsigned - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime BodyContentImpl.java
luehe 2003/08/14 15:11:12 Modified:jasper2/src/share/org/apache/jasper/runtime BodyContentImpl.java Log: Fixed buffer realloc when writing single char Revision ChangesPath 1.9 +1 -1 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/BodyContentImpl.java Index: BodyContentImpl.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/BodyContentImpl.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- BodyContentImpl.java 14 Jan 2003 01:56:05 - 1.8 +++ BodyContentImpl.java 14 Aug 2003 22:11:12 - 1.9 @@ -106,7 +106,7 @@ } else { ensureOpen(); if (nextChar = bufferSize) { - reAllocBuff (0); + reAllocBuff (1); } cb[nextChar++] = (char) c; } - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: something wrong in apache tomcat load balancing configuration
From: Thutkawkorapin, Jessada Sent: Thursday, August 14, 2003 1:13 PM To: [EMAIL PROTECTED] Subject: something wrong in apache tomcat load balancing configuration The problem is that when I re-start the 2nd server, load-balancer ignore it and requests are still proceed 100% by server #1. Be patient! After a few minutes you'll see the second instance operational too. MT. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22439] - NPE compiling JSP Document
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22439. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22439 NPE compiling JSP Document [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2003-08-14 22:16 --- This is a regression from 5.0.6, and has been fixed in the head branch. To getaround it, either use 5.0.6 or the nightly build. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
something wrong in apache tomcat load balancing configuration
Hi I'm currently testing the Load-Balancing Failover possibilities of Tomcat and i came to the conclusion that something goes wrong with the Failback... I've installed tomcat#1, tomcat#2 and apache in the same server with this environment- Win 2000 Pro OS- tomcat 4.1.27- Apache 1.3.26- mod_jk-1.3.26.dllTalking about load-balancing, everthing is Ok. Requests to dynamic pages are processed by both Tomcat servers according to the lbFactor (50/50) Then I stop server #2.The next HTTP request takes a few seconds to be proceed. I guess this is normal, since the load-balancer has to analyse the situation and determine that server #2 is no more available.The problem is that when I re-start the 2nd server, load-balancer ignore it and requests are still proceed 100% by server #1.I have to re-start the Apache/HTTP server to make the load-balancing working again... Do you think there is something else to configure to be sure that the load-balancer determine servers availability on the fly ? ps. I also attach the necessary configuration file with this email thanx Jessada - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 19965] - mod_jk2 connection fails, workerEnv.init() create slot epStat.0 failed
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19965. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19965 mod_jk2 connection fails, workerEnv.init() create slot epStat.0 failed --- Additional Comments From [EMAIL PROTECTED] 2003-08-14 22:45 --- Maybe it helps to add the following to the workers2.properties file: [shm] file=/programme/net/apache/logs/shm.file size=1048576 Daniel Frey - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspUtil.java
billbarker2003/08/13 22:02:53 Modified:jasper2/src/share/org/apache/jasper/compiler JspUtil.java Log: Fixing my own bugs ;-) The previous commit worked for the one place that split is currently used, but breaks if when you attempt a more general case. Revision ChangesPath 1.44 +4 -4 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspUtil.java Index: JspUtil.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspUtil.java,v retrieving revision 1.43 retrieving revision 1.44 diff -u -r1.43 -r1.44 --- JspUtil.java 14 Aug 2003 04:36:25 - 1.43 +++ JspUtil.java 14 Aug 2003 05:02:53 - 1.44 @@ -971,7 +971,7 @@ String comp = path.substring(start,pos); comps.add(comp); } -start = pos +1; +start = pos + pat.length(); pos = path.indexOf(pat,start); } if( start path.length()) { - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java JSSE14SocketFactory.java JSSESocketFactory.java
billbarker2003/08/12 22:29:08 Modified:util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java JSSE14SocketFactory.java JSSESocketFactory.java Log: Moving the new protocols logic to the 14 Factory. This feature isn't supported (at least in the public interface) in JSSE 1.0.x. Now you can still use SSL with a 1.3.x JVM. I didn't attempt to dig into the com.sun.** to see if there is a hidden implementation there. Revision ChangesPath 1.3 +8 -0 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java Index: JSSE13SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- JSSE13SocketFactory.java 12 Aug 2003 12:01:27 - 1.2 +++ JSSE13SocketFactory.java 13 Aug 2003 05:29:08 - 1.3 @@ -168,4 +168,12 @@ throw new IOException(e.getMessage()); } } +protected String[] getEnabledProtocols(SSLServerSocket socket, +String requestedProtocols){ + return null; +} +protected void setEnabledProtocols(SSLServerSocket socket, + String [] protocols){ +} + } 1.10 +47 -0 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java Index: JSSE14SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- JSSE14SocketFactory.java 11 Aug 2003 21:46:41 - 1.9 +++ JSSE14SocketFactory.java 13 Aug 2003 05:29:08 - 1.10 @@ -61,8 +61,10 @@ import java.io.*; import java.net.*; +import java.util.Vector; import java.security.KeyStore; import java.security.SecureRandom; +import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLContext; import javax.net.ssl.KeyManager; import javax.net.ssl.X509KeyManager; @@ -188,5 +190,50 @@ } return tms; +} +protected void setEnabledProtocols(SSLServerSocket socket, String []protocols){ + if (protocols != null) { +socket.setEnabledProtocols(protocols); +} +} + +protected String[] getEnabledProtocols(SSLServerSocket socket, +String requestedProtocols){ + String[] supportedProtocols = socket.getSupportedProtocols(); + +String[] enabledProtocols = null; + +if (requestedProtocols != null) { +Vector vec = null; +int fromIndex = 0; +int index = requestedProtocols.indexOf(',', fromIndex); +while (index != -1) { +String protocol += requestedProtocols.substring(fromIndex, index).trim(); +/* + * Check to see if the requested protocol is among the + * supported protocols, i.e., may be enabled + */ +for (int i=0; supportedProtocols != null + isupportedProtocols.length; i++) { +if (supportedProtocols[i].equals(protocol)) { +if (vec == null) { +vec = new Vector(); +} +vec.addElement(protocol); +break; +} +} +fromIndex = index+1; +index = requestedProtocols.indexOf(',', fromIndex); +} + +if (vec != null) { +enabledProtocols = new String[vec.size()]; +vec.copyInto(enabledProtocols); +} +} + +return enabledProtocols; } } 1.6 +12 -43 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Index: JSSESocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- JSSESocketFactory.java11 Aug 2003 21:46:41 - 1.5 +++ JSSESocketFactory.java13 Aug 2003 05:29:08 - 1.6 @@ -294,51 +294,23 @@ /* * Determines the SSL protocol variants to be enabled. * + * @param socket The socket to get supported list from. *
DO NOT REPLY [Bug 22277] - IllegalArgumentException in setOutputLineIncrement()
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22277. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22277 IllegalArgumentException in setOutputLineIncrement() --- Additional Comments From [EMAIL PROTECTED] 2003-08-13 07:15 --- I believe Remy's commit from earlier today (Don't merge SMAP entries in the outptStartLines aren't consecutive) fixes the IllegalArgumentException problem (thanks, Remy!). If that's right (I've tested it, but then I tested my original patch as well, so I'm not taking that as a guarantee), it means my workaround patch can be removed without IllegalArgumentException recurring. On the other hand the workaround patch also keeps the outputStartLine=0 LineInfos out of the SMAP, so taking it out before we've fixed the root cause of outputStartLine=0 could be considered a regression, on the grounds that an incorrect SMAP is worse than an incomplete one. Also, if Jasper were to start SMAPping page directives, then TemplateTextpage import=org.foo.* would generate an IllegalArgumentException if it weren't for Remy's fix. This means that IllegalArgumentException is a bug in its own right, and not just a side effect of the outputStartLine=0 problem. So to keep things clear, I think we should use this ticket to track IllegalArgumentException only, and open new tickets as needed to track outputStartLine=0. I'll close this ticket in a few days if there are no objections to this approach, and no reason to doubt Remy's commit. If someone else wants to close it sooner, that's fine with me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Resend: Tomcat 4.1.24 JVM 1.4.2 security hole?
Jeff Tulley wrote: Verified on Win XP as well. Using that flag fixes the problem. Thanks for making that connection! I've still got the problem when using the mod_jk2 connector. I'm using Tomcat 4.1.27 w/ patch on Windows 2000 SP4, behind an Apache 2.0.47 web server, with the J2SE 1.4.2. The mod_jk2 binary I'm using comes from Tomcat 4.1.24 (I built it from source). I added those keys in thr registry for the Tomcat service, and restarted it: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Apache Tomcat 4.1\Parameters] JVM Option Count=dword:0005 JVM Option Number 3=-Dfile.encoding=ISO-8859-1 JVM Option Number 4=-Dsun.io.useCanonCaches=false When I access Tomcat directly using port 8080, the option does work, and *.jsp%20 returns a 404. However, when accessing the same through Apache, I still get the JSP code: [13/Aug/2003:13:54:16 +0200] xx.xx.xx.xx TLSv1 DHE-RSA-AES256-SHA GET /myApp/index.jsp%20 HTTP/1.1 1534 Did I miss something? TIA, Laurent - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [VOTE] New committer: Eric Carmichael
+1. I second what Kin-Man said. :) Jan Remy Maucherat wrote: I'd like to nominate Eric Carmichael as a committer on the Tomcat project. Eric has been steadily supplying quality patches to the new Jasper which will implement the JSP 2.0 specification, and has helped fix outstanding bug reports. He plans to continue contributing in the future. He has my +1. Remy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[5] Jasper currently requires a 1.4 JVM
o.a.j.compiler.JspUtil.makeJavaPackage currently is calling String.split. This means that you currently can't use Jasper (at least for compiling) with a 1.3.x JVM. Since Tomcat isn't a J2EE 1.4 container I can't see any justification in the spec for not supporting 1.3.x JVMs. However, since I don't spend a lot of my time with Jasper, I'd thought that I should get the opinions of people that do before hacking away ;-). The two ways I can see to go are: 1) Introduce a JdkCompat (similar to o.a.t.u.compat, but in Jasper since I can't see making Jasper depend on j-t-c). Pluses: People using 1.4 JVMs get all the benefits of String.split. Minuses: Requires a new package with two new classes. 2) Simply re-code makeJavaPackage to only use APIs from 1.3.x and higher. Basically switch Pluses and Minuses above. Of course, I'm willing to do the grunt-work to implement this. My personal preference is for 1), but if anyone has a better idea I'm open to that as well. Comments/Opinions/Flames? This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Q] Different handling tagfiles and normal tags classes
Torsten, see JSP.8.3 (Semantics of Tag Files), 3rd bullet: For each invocation to the tag, the JSP Context Wrapper must present a clean page scope containing no initial elements. All scopes other than the page scope must be identical to those in the Invoking JSP Context and must be modified accordingly when updates are made to those scopes in the JSP Context Wrapper. Any modifications to the page scope, however, must not affect the Invoking JSP Context. Hope this helps. Jan Torsten Fohrer wrote: Tagfiles and tags get a jspcontext from the container at runtime. Tags get directly a normal pagecontext reference from the current jsp page. TagFiles instead get a wrapper around the pagecontext that wraps all set/get/findAttribute for the page scope to a local set of stored attributes. When i declare an attribute in jsp with page scope, i never see it in a tag file, but i see it in a 'normal' tag. Interesting files: org.apache.jasper.runtime.JspContextWrapper - see getAttribute(String)/getAttribute(String/int) org.apache.jasper.compiler.Generator - search for setJspContext Is there a reason why, i don't know? Best greeting Torsten Fohrer - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 20098] - RequestDispatcher.include() in a jsp prints it's contents before any of the parents jsp's content is printed
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20098. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20098 RequestDispatcher.include() in a jsp prints it's contents before any of the parents jsp's content is printed --- Additional Comments From [EMAIL PROTECTED] 2003-08-13 14:27 --- I had a similar problem in the past. The behaviour your seing is (perhaps strangely) according to spec (the included buffer being flushed before the includers buffer). If you want to make this work with request dispatchers, make sure you do a out.flush before including the second page (that is what the flush=true means in the jsp:include tag). Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22266] - Keep template text together with mappedfile=true
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22266. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22266 Keep template text together with mappedfile=true --- Additional Comments From [EMAIL PROTECTED] 2003-08-13 02:09 --- Unfortunately I've thrown out the actual numbers I got in the performance testing I did (all on a 1 GHz Windows XP laptop), but the salient results were as follows: 1) The patch made Tomcat faster at compiling and serving pages with a preponderance of HTML tags versus JSP tags (the lookahead does take some extra time, but is more than made up if the lookahead results in one less node to be traversed later). With the patch in place, Tomcat compiled and served index.html from the jsp-examples webapp (renamed to index.jsp, obviously) about 9% faster than without the patch. 2) On balance, however, the patch made Tomcat slower at compiling and serving pages. At least, when I tested against the jsp-examples webapp (with index.jsp renamed back to index.html so it wasn't part of the test), time to compile and serve was about 2% slower. 3) I couldn't find any difference in serving compiled pages with the patch in place (I thought there might be a small improvement because the patch shrinks the .class files). Based on those numbers, I decided not to submit the patch as an option configurable separately from mappedfile, or as a non-configurable enhancement. But since the mappedfile documentation said it was intended for debugging, I thought the performance hit was acceptable. I didn't test your idea of a separate pass through the parsed nodes, but I did test code that, when about to create a new TemplateText node, checked to see if the previous node was also a TemplateText node, and if so, just appended its text to the previous node's (the ideas being that anything that conserved nodes might improve performance, and that I didn't like duplicating logic from another part of the Parser, either). But that was noticeably slower (I've forgotten the numbers entirely) than the patch I submitted. Anyway, I submitted the patch as an enhancement, so I can't complain if it gets implemented differently or not at all. The above is just to help folks make an informed decision. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22390] New: - init() method called twice
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22390. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22390 init() method called twice Summary: init() method called twice Product: Tomcat 4 Version: 4.1.27 Platform: All OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: Servlet JSP API AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] A servlet's init() (without ServletConfig as argument) method is called twice if it is loaded on startup. It seemed the servlet class is loaded twice. I have a static variable which is instantiated in the init(). The second time init() is called, it is still null. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22388] - TC 5.0.7 Startup Exception
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22388. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22388 TC 5.0.7 Startup Exception [EMAIL PROTECTED] changed: What|Removed |Added Summary|TC 5.0.6 Startup Exception |TC 5.0.7 Startup Exception - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22266] - Keep template text together with mappedfile=true
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22266. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22266 Keep template text together with mappedfile=true --- Additional Comments From [EMAIL PROTECTED] 2003-08-13 18:43 --- There is no doubt that concatenating contiguous template texts into one improves the runtime performance and I am not too worry about spending extra time during compilation, since I believe web applications should be deployed precompiled. My suggestion for a separate pass was motivated by the design principle to keep the modules simple and direct. The current compiler is made up of a number of passes, driven by the common data structure (Node and PageInof etc). I'd like to keep Parser only doing the basic parsing, but leaves the optimizations to other passes. Not only will it be easier for debugging and maintenance, switching on and off such optimizations will also made easier. Like I said, this no big deal, so I'll leave the patch in for now. Anyway, thanks for contributing to improve Jasper, and don't let slight disagreements like this prevent you from making more contributions in the future. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 19799] - Tomcat dies after being up for a while (complains about maxThreads)
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19799. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19799 Tomcat dies after being up for a while (complains about maxThreads) --- Additional Comments From [EMAIL PROTECTED] 2003-08-13 07:18 --- Please submit a test case. If what you say is true, and is caused by Tomcat, then it should be reproduceable. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22236] - JNDI Realm authentication to Novell eDirectory via LDAP
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22236. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22236 JNDI Realm authentication to Novell eDirectory via LDAP [EMAIL PROTECTED] changed: What|Removed |Added CC||[EMAIL PROTECTED] Status|RESOLVED|REOPENED Resolution|FIXED | --- Additional Comments From [EMAIL PROTECTED] 2003-08-12 21:45 --- I've been running into the same problem. Coincidentally, also using Novell eDirectory. Perhaps Novell is unique in returning roles with null attributes? I have a user, it belonged to a group called intranet. I was able to authenticate an application using this role. Then my Novell admin added the user to a new group, and I started getting the NPE. Turns out the second group I was added to returns null attributes. I got around the NPE a while back by adding that null check, but I think the right thing to do is to modify the addAttributeValues method to return the original values argument that was passed to the method. In my case, the null values on the second role returned in my SearchResults were causing the whole list to be nullified, and I couldn't authenticate even though the intranet role was found. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
WebAppClassLoader, debug level
How can I increase the debug level of the webappclassloader? I set the attribute debug of the context and set a FileLogger: Context path=/berechtigung docBase=berechtigung debug=4 reloadable=true crossContext=true Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_bere_log. suffix=.txt timestamp=true/ /Context But the log events weren't logged as I expected. I'm interested in checking which class has been loaded by which classloader. *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet möglicherweise vertrauliche oder gesetzlich geschützte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstören und die absendende Person umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5 CoyoteResponse.java
- Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 5:13 PM Subject: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5 CoyoteResponse.java luehe 2003/08/12 17:13:43 Modified:catalina/src/share/org/apache/coyote/tomcat5 CoyoteResponse.java Log: Optimizations: - Bugtraq 4730584 (HttpResponseBase should create date format only when needed) - Bugtraq 4701695 (avoid reformatting constant Expires header on every request) The CoyoteResponse is a pretty long-living object. I wouldn't expect that this will speed Tomcat up at all once it has been running for a while. This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources messages.properties messages_es.properties messages_fr.properties messages_ja.properties
kinman 2003/08/14 17:06:10 Modified:jasper2/src/share/org/apache/jasper/compiler JspDocumentParser.java jasper2/src/share/org/apache/jasper/resources messages.properties messages_es.properties messages_fr.properties messages_ja.properties Log: - Spec has been changed to allow for include-prelude and include-coda in jsp-config. Revision ChangesPath 1.65 +35 -17 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspDocumentParser.java Index: JspDocumentParser.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspDocumentParser.java,v retrieving revision 1.64 retrieving revision 1.65 diff -u -r1.64 -r1.65 --- JspDocumentParser.java11 Aug 2003 21:11:07 - 1.64 +++ JspDocumentParser.java15 Aug 2003 00:06:09 - 1.65 @@ -149,18 +149,6 @@ inStream, isTagFile, directivesOnly); - - // It's an error to have a prelude or a coda associated with - // a JSP document - if (!jspDocParser.pageInfo.getIncludePrelude().isEmpty()) { - String file = (String) jspDocParser.pageInfo.getIncludePrelude().get(0); - jspDocParser.err.jspError(jsp.error.prelude.xml, path, file); - } - if (!jspDocParser.pageInfo.getIncludeCoda().isEmpty()) { - String file = (String) jspDocParser.pageInfo.getIncludeCoda().get(0); - jspDocParser.err.jspError(jsp.error.coda.xml, path, file); - } - Node.Nodes pageNodes = null; try { @@ -171,8 +159,10 @@ dummyRoot.setJspConfigPageEncoding(jspConfigPageEnc); dummyRoot.setIsEncodingSpecifiedInProlog(isEncodingSpecifiedInProlog); jspDocParser.current = dummyRoot; - - if (parent != null) { + if (parent == null) { + jspDocParser.addInclude(dummyRoot, + jspDocParser.pageInfo.getIncludePrelude()); + } else { jspDocParser.isTop = false; } @@ -192,6 +182,11 @@ // Parse the input saxParser.parse(jspDocParser.inputSource, jspDocParser); + if (parent == null) { + jspDocParser.addInclude(dummyRoot, + jspDocParser.pageInfo.getIncludeCoda()); + } + // Create Node.Nodes from dummy root pageNodes = new Node.Nodes(dummyRoot); @@ -202,6 +197,29 @@ } return pageNodes; +} + +/* + * Processes the given list of included files. + * + * This is used to implement the include-prelude and include-coda + * subelements of the jsp-config element in web.xml + */ +private void addInclude(Node parent, List files) throws SAXException { + if (files != null) { + Iterator iter = files.iterator(); + while (iter.hasNext()) { + String file = (String) iter.next(); + AttributesImpl attrs = new AttributesImpl(); + attrs.addAttribute(, file, file, CDATA, file); + + // Create a dummy Include directive node + Node includeDir = new Node.IncludeDirective(attrs, +null, // XXX +parent); + processIncludeDirective(file, includeDir); + } + } } /* 1.131 +1 -3 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages.properties Index: messages.properties === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages.properties,v retrieving revision 1.130 retrieving revision 1.131 diff -u -r1.130 -r1.131 --- messages.properties 14 Aug 2003 21:16:52 - 1.130 +++ messages.properties 15 Aug 2003 00:06:09 - 1.131 @@ -388,8 +388,6 @@ jsp.error.variable.either.name=Either name-given or name-from-attribute attribute must be specified in a variable directive jsp.error.variable.both.name=Cannot specified both name-given or name-from-attribute attributes in a variable directive jsp.error.variable.alias=Both or none of the name-from-attribute and alias attributes can be specified in a variable directive -jsp.error.prelude.xml=The JSP document {0} has a prelude ({1}) associated with it -jsp.error.coda.xml=The JSP document {0} has a coda ({1}) associated with it jsp.error.attribute.null_name=Null attribute name
Re: Bug Report - 4.1.27 Race Condition
Wesley Hall wrote: Hello, I have found a small bug during my work embedding the tomcat server into our application. When a secure connector is added to an instance of Embedded, and embedded is startd and stopped several times in quick succession (which is part of our test framework) a race condition occurs. Sometimes i am presented with an exception with a root cause of... Caused by: LifecycleException: Coyote connector has not been started at org.apache.coyote.tomcat4.CoyoteConnector.stop(CoyoteConnector.java:1199) at org.apache.catalina.startup.Embedded.stop(Embedded.java:1030) (NOTE: This exception is thrown after a call to the start method of Embedded has been made and connectors added) Other times the test is successful. Sometimes (although a little more rare than these two outcomes), I recieve an 'Address already in use', which seems to be the inverse of the exception above, and occurs on a call to start() after a stop() has already been made. Placing a Thread.sleep(x) between start/stop attempts seems to increase the likelyhood of the test being successful and increasing the interval increase the percentage of successful test runs until upon reaching an interval of 75ms the success rate becomes 100%. Unless there's a major unexpected flaw and I missed something, I do believe that the shutdown is synchronous if you use the stop method (using the shutdown socket is not synchronous, but it's another problem). That means that something, somehwere, is being shutdown asynchronously related to SSL, be it at the OS level or at the JDK level. Given that SSL uses a non trivial amount of resources, which also take a significant amount of time to allocate, I'm not completely surprised by what you see. As your next paragraph states, it would be useful to double check in the Tomcat code, but I don't expect you would find much. I believe it's rather straightforward code. IMO, you should make a quick pass looking for an obvious flaw, then go with a 100ms delay. Unless you have to restart the embedded TC every 2s, I think it should be acceptable. It seems there is a race condition in starting up or shutting down of Embedded vs The secure connector. Sometimes Embedded.start() will return before the connector has been started and the same with Embedded.stop(). Unfortunatly, i cannot seem to locate the Coyote source to verify this. It's part of the source distribution, in the j-t-connectors directory. Presumably, this issue is pretty minor as the only circumstance i can see where someone will be running stops and starts in quick succession is a contrived test case, but i thought i would bring it to your attention anyway. Remy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/util Enumerator.java
luehe 2003/08/12 12:56:53 Modified:catalina/src/share/org/apache/catalina/util Enumerator.java Log: - Fixed logic so that iterator actually gets cloned when clone is set to TRUE. - Replaced LinkedList with more efficient ArrayList. Revision ChangesPath 1.3 +8 -8 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/util/Enumerator.java Index: Enumerator.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/util/Enumerator.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- Enumerator.java 29 Apr 2003 21:51:51 - 1.2 +++ Enumerator.java 12 Aug 2003 19:56:53 - 1.3 @@ -69,7 +69,7 @@ import java.util.Enumeration; import java.util.Iterator; import java.util.List; -import java.util.LinkedList; +import java.util.ArrayList; import java.util.Map; import java.util.NoSuchElementException; @@ -139,11 +139,11 @@ public Enumerator(Iterator iterator, boolean clone) { super(); -if (clone) { +if (!clone) { this.iterator = iterator; } else { -List list = new LinkedList(); -while(iterator.hasNext()) { +List list = new ArrayList(); +while (iterator.hasNext()) { list.add(iterator.next()); } this.iterator = list.iterator(); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Resend: Tomcat 4.1.24 JVM 1.4.2 security hole?
Oups I've missed the discussion . There is a 1.4.2 bug found by Remy (and reported in bugtraq as 4895132. I'm not sure you can access the bug). The workaround is to add the following property when starting Tomcat: -Dsun.io.useCanonCaches=false Can you try it and see if that fixe the problem (I don't have a winXX)? -- Jeanfrancois Jeff Tulley wrote: The user list has been busy lately discussing a possible security hole, but only 1/3 of the people in the thread could see the problem. I finally got to where I could see it using Tomcat 4.1.24 and JVM 1.4.2, but NOT with JVM 1.4.1. The vulnerability is that if you stick a %20 on the end of a .jsp url, you get the source. I forgot to mention the platforms where this has been seen. I have seen this with Sun's JVM 1.4.2 on Windows XP, and now I just verified that it also exists on NetWare's JVM 1.4.2 (built on Sun's source code base, so not surprising) It might exist on other 1.4.2 implementations, but I am not sure. I also just verified this on Tomcat 4.1.18 and 4.1.26 as well. For some reason I see it better with the example jsp's - /examples/jsp/num/numbguess.jsp%20 for instance. But, you can tell the problem is going to be there if, when you add the %20 to the .jsp name, you don't get a 404. This is all going directly to port 8080, so no native connector is involved. Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler SmapStratum.java
remm2003/08/12 09:19:52 Modified:jasper2/src/share/org/apache/jasper/compiler SmapStratum.java Log: - Don't merge SMAP entries in the outptStartLines aren't consecutive (note: the input numbers are still incorrect, for example when using a tag invocation and it has been extracted out of the main _jspService). Revision ChangesPath 1.8 +7 -5 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/SmapStratum.java Index: SmapStratum.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/SmapStratum.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- SmapStratum.java 10 Aug 2003 08:35:39 - 1.7 +++ SmapStratum.java 12 Aug 2003 16:19:52 - 1.8 @@ -208,7 +208,7 @@ * Combines consecutive LineInfos wherever possible */ public void optimizeLineSection() { - + //Incorporate each LineInfo into the previous LineInfo's //outputLineIncrement, if possible int i=0; @@ -216,15 +216,17 @@ LineInfo li = (LineInfo)lineData.get(i); LineInfo liNext = (LineInfo)lineData.get(i+1); if (liNext.inputStartLine == li.inputStartLine - liNext.inputLineCount==1 - li.inputLineCount==1) { -li.setOutputLineIncrement(liNext.outputStartLine - li.outputStartLine + liNext.outputLineIncrement); + liNext.inputLineCount==1 + li.inputLineCount==1 + liNext.outputStartLine == li.outputStartLine + li.inputLineCount*li.outputLineIncrement) { +li.setOutputLineIncrement +(liNext.outputStartLine - li.outputStartLine + liNext.outputLineIncrement); lineData.remove(i+1); } else { i++; } } - + //Incorporate each LineInfo into the previous LineInfo's //inputLineCount, if possible i=0; - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 20738] - Session variable returns null in non-SSL page
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20738. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20738 Session variable returns null in non-SSL page [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||WORKSFORME --- Additional Comments From [EMAIL PROTECTED] 2003-08-12 19:07 --- I have tested this on 4.1.24, 4.1.x-HEAD and 5.x.x-HEAD and cannot reproduce it. If you can provide a more detailed test case (eg a war that exhibits the problem) I would be happy to look at it again. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: WebAppClassLoader, debug level
See http://210.216.114.100/linotype/news/39/ . Hoping this would help you, Ias. -Original Message- From: Oliver Wulff [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 10:02 PM To: [EMAIL PROTECTED] How can I increase the debug level of the webappclassloader? I set the attribute debug of the context and set a FileLogger: Context path=/berechtigung docBase=berechtigung debug=4 reloadable=true crossContext=true Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_bere_log. suffix=.txt timestamp=true/ /Context But the log events weren't logged as I expected. I'm interested in checking which class has been loaded by which classloader. *** BITTE BEACHTEN *** Diese Nachricht (wie auch allfallige Anhange dazu) beinhaltet moglicherweise vertrauliche oder gesetzlich geschutzte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrtumlicherweise erreicht hat, sind Sie hoflich gebeten, diese unter Ausschluss jeder Reproduktion zu zerstoren und die absendende Person umgehend zu benachrichtigen. Vielen Dank fur Ihre Hilfe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22293] - JSPC class name doesn't match Jasper
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22293. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22293 JSPC class name doesn't match Jasper --- Additional Comments From [EMAIL PROTECTED] 2003-08-12 02:29 --- the above patch does have a problem with loading the classes when a package is specified, so is not suitable for general purpose usage at the moment. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Bug 19867
- Original Message - From: Mark Thomas [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 11, 2003 3:23 PM Subject: RE: Bug 19867 I have been looking into http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19867 and have a couple of questions. The error seen in this report is a result of specifying CLIENT-CERT authentication without specifying a user-data-constraint. This causes a NPE because the sslSupport attribute of the http11Processor object is null. I have looked at the servlet spec (2.3 and the draft of 2.4) and, based on the 2.4 draft, the user-data-constraint is not mandatory (end of SRV.12.8) and the use of CLIENT-CERT requires SSL (SRV.12.5.4). With this in mind, my first question is: 1. If a user wants to use CLIENT-CERT should they have to specify a user-data-constraint or should tomcat automatically apply SSL to the resources in the web resource collection specified in the security constraint when the auth constraint is CLIENT-CERT? Having read the spec, I can't figure out what should happen. Having CLIENT-CERT imply a transport-guarantee sounds like a nice idea. However, it would violate section 12.8 of the current draft of the 2.4 spec. If the spec changes, then we could add it as a feature. If you feel strongly about this, then [EMAIL PROTECTED] is the place to write. Regardless of the answer to the above, if CLIENT-CERT is specified, user-data-constraint is set to CONFIDENTIAL and there are no valid certs on the client a number of exceptions get thrown by tomcat. This brings me to my remaining question: 2. Not having a matching certificate is equivalent to getting the password wrong. Therefore, shouldn't tomcat behave in a similar way (no exceptions, return a 403 to the client) rather than throwing the exceptions? SSL doesn't work that way. If the client's cert can't be validated, then the connection is just dropped, so there is no way to send anything back to the client. If the certificate is valid, but not a known user, then Tomcat treats it the same way that it would Basic or Form. This isn't that big of an issue, for the simple reason that browsers generally don't give you the option to re-select a cert once you've chosen one. You're stuck having to close the browser and start all over again. With some guidance on the above, assuming that some code changes will be required, I'll set about writing a patch. Note: Although the bug is reported against 4.1.24, the same behaviour is seen with the latest 4.x.x and 5.x.x Regards, Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [VOTE] New committer: Eric Carmichael
+1. If he like Xerces, he can jump on that side too ;-) -- Jeanfrancois Remy Maucherat wrote: I'd like to nominate Eric Carmichael as a committer on the Tomcat project. Eric has been steadily supplying quality patches to the new Jasper which will implement the JSP 2.0 specification, and has helped fix outstanding bug reports. He plans to continue contributing in the future. He has my +1. Remy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 20663] - Cannot shutdown Tomcat gracefully
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20663. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20663 Cannot shutdown Tomcat gracefully --- Additional Comments From [EMAIL PROTECTED] 2003-08-12 15:33 --- when using tomcat also with SSL under Port 8443, it now happens also with Redhat 9 also watch out, if my below script has DOS linefeeds and you try to execute under Linux, you get : bad interpreter: No such file or directory - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup Embedded.java
remm2003/08/12 02:04:09 Modified:catalina/src/share/org/apache/catalina/startup Embedded.java Log: - Remove extra setLogger call in createContext. Revision ChangesPath 1.9 +1 -2 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/Embedded.java Index: Embedded.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/Embedded.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- Embedded.java 16 Jul 2003 00:18:11 - 1.8 +++ Embedded.java 12 Aug 2003 09:04:08 - 1.9 @@ -646,7 +646,6 @@ context.setDebug(debug); context.setDocBase(docBase); context.setPath(path); - context.setLogger(logger); ContextConfig config = new ContextConfig(); config.setDebug(debug); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Resend: Tomcat 4.1.24 JVM 1.4.2 security hole?
Verified on Win XP as well. Using that flag fixes the problem. Thanks for making that connection! Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com [EMAIL PROTECTED] 8/12/03 7:02:01 PM Oups I've missed the discussion . There is a 1.4.2 bug found by Remy (and reported in bugtraq as 4895132. I'm not sure you can access the bug). The workaround is to add the following property when starting Tomcat: -Dsun.io.useCanonCaches=false Can you try it and see if that fixe the problem (I don't have a winXX)? -- Jeanfrancois Jeff Tulley wrote: The user list has been busy lately discussing a possible security hole, but only 1/3 of the people in the thread could see the problem. I finally got to where I could see it using Tomcat 4.1.24 and JVM 1.4.2, but NOT with JVM 1.4.1. The vulnerability is that if you stick a %20 on the end of a .jsp url, you get the source. I forgot to mention the platforms where this has been seen. I have seen this with Sun's JVM 1.4.2 on Windows XP, and now I just verified that it also exists on NetWare's JVM 1.4.2 (built on Sun's source code base, so not surprising) It might exist on other 1.4.2 implementations, but I am not sure. I also just verified this on Tomcat 4.1.18 and 4.1.26 as well. For some reason I see it better with the example jsp's - /examples/jsp/num/numbguess.jsp%20 for instance. But, you can tell the problem is going to be there if, when you add the %20 to the .jsp name, you don't get a 404. This is all going directly to port 8080, so no native connector is involved. Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java
remm2003/08/12 05:01:27 Modified:util/java/org/apache/tomcat/util/net/jsse JSSE13SocketFactory.java Log: - Fix the build. Please do ant clean; ant after modifying any interface or superclass (or after any big commit). Thanks. Revision ChangesPath 1.2 +6 -1 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java Index: JSSE13SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- JSSE13SocketFactory.java 18 Jul 2003 05:26:45 - 1.1 +++ JSSE13SocketFactory.java 12 Aug 2003 12:01:27 - 1.2 @@ -155,7 +155,12 @@ sslProxy = context.getServerSocketFactory(); // Determine which cipher suites to enable -enabledCiphers = getEnabledCiphers(sslProxy.getSupportedCipherSuites()); +String requestedCiphers = (String)attributes.get(ciphers); +if (requestedCiphers != null) { +enabledCiphers = getEnabledCiphers +(requestedCiphers, + sslProxy.getSupportedCipherSuites()); +} } catch(Exception e) { if( e instanceof IOException ) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22300] - Classloader problem when digester jar is in common/lib as well
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22300. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22300 Classloader problem when digester jar is in common/lib as well --- Additional Comments From [EMAIL PROTECTED] 2003-08-11 13:53 --- Created an attachment (id=7751) Proposed patch, setting digester class loader to the one from server/lib - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Jasper: TagHandlerPool for each Page and TagHandlerPoolFactory
Hello all. I was just looking over the code generated by Jasper in Tomcat 4.1.27. For my c:url tag, the following code is generated for the page: public baseLayout_jsp() { _jspx_tagPool_c_url_value = new org.apache.jasper.runtime.TagHandlerPool(); } Is there any reason that there is a separate pool created for each page? It would seem like it would be more efficient (i.e. less Tag Objects created) if there was a single pool. After looking at the latest CVS source, it looks like the Jasper generated code may have changed to something more like: public baseLayout_jsp() { _jspx_tagPool_c_url_value = org.apache.jasper.runtime.TagHandlerPool.getTagHandlerPool(config); } It appears that the instantiation code has been moved inside of TagHandlerPool. Unfortunately, there is still no control over the TagHandlerPool instantiation by an outside Tag Pool. I think it would be better to specify a tagpoolFactoryClassName instead of tagpoolClassName. Being able to only specify the tagpoolClassName does not provide as much flexibility (since a new TagpoolHandler is always created with a call to getTagHandlerPool(ServletConfig)). This way, the TagHandlerPoolFactory could decide if it wants to always create new TagHandlerPool Objects (as the current implementation does) or re-use the same TagHandlerPool (which I would like to implement). The Factory would be simple: /* * Implementions should specify a public no-args constructor. */ public interface TagHandlerPoolFactory { TagHandlerPool getTagHandlerPool(config); } A static instance of TagHandlerPoolFactory could be created in TagHandlerPool and used for each call to TagHandlerPool.getTagHandlerPool(ServletConfig). -mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[VOTE] 5.0.7 stability rating
ballot [ ] Alpha [ ] Beta /ballot pleaPlease vote :)/plea Add comments if needed. Note 1: A note will be added about the need to disable smap generation in case of an error in SmapStratum during compilation. Other than this problem, I believe this build to be of good overall quality. Note 2: As far as I am concerned, the 5.0.7 build is feature complete (ie, my TODO list is empty). I will now focus on tweaks and bugs. This probably means a slower release cycle (assuming this build is voted as beta). If anyone has ideas about new items, I think it's safe to say it's now or never (at least for the initial 5.0.x release) ;-) Note 3: I'll be away with little internet connectivity between 08/13 and 08/19 (included). If this vote could be wrapped up *before* I leave, it would be good, but it's not essential, so I don't want people to rush and skimp on testing (changing 5.0.7 from alpha to beta and making the necessary announcements should be simple enough). Note 4: 4.1.x went to beta at 4.1.7 (5.0.x's codebase was then created from that tag). It is an interesting coincidence. However, I feel like 5.0.x is considerably more stable than 4.1.x was at this stage (not very surprising, with brand new connectors and rewritten Jasper for 4.1.x), and I don't feel any particular urge to create a branch either ;-) Remy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/webapps/ROOT/WEB-INF web.xml
remm2003/08/12 12:40:38 Modified:webapps/ROOT/WEB-INF web.xml Log: - Remove useless insert here marker. Revision ChangesPath 1.4 +0 -2 jakarta-tomcat-catalina/webapps/ROOT/WEB-INF/web.xml Index: web.xml === RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/ROOT/WEB-INF/web.xml,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- web.xml 15 Feb 2003 22:31:17 - 1.3 +++ web.xml 12 Aug 2003 19:40:38 - 1.4 @@ -10,6 +10,4 @@ Welcome to Tomcat /description - !--GENERATED_JSPS-- - /web-app - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/webapps/admin/WEB-INF web.xml
remm2003/08/12 12:41:11 Modified:webapps/admin/WEB-INF web.xml Log: - Remove useless insert here marker. Revision ChangesPath 1.8 +0 -2 jakarta-tomcat-catalina/webapps/admin/WEB-INF/web.xml Index: web.xml === RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/admin/WEB-INF/web.xml,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- web.xml 18 Mar 2003 10:48:14 - 1.7 +++ web.xml 12 Aug 2003 19:41:11 - 1.8 @@ -95,8 +95,6 @@ load-on-startup2/load-on-startup /servlet - !--GENERATED_JSPS-- - !-- Action Servlet Mapping -- servlet-mapping servlet-nameaction/servlet-name - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup TldConfig.java
jfarcand2003/08/12 09:15:52 Modified:catalina/src/share/org/apache/catalina/core StandardContext.java catalina/src/share/org/apache/catalina/startup TldConfig.java Log: Add support for Tld validation (also fix bug 21917: TldConfig.java does not set SystemId). Validation only works with Crimson right now. Revision ChangesPath 1.83 +3 -1 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardContext.java Index: StandardContext.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardContext.java,v retrieving revision 1.82 retrieving revision 1.83 diff -u -r1.82 -r1.83 --- StandardContext.java 10 Aug 2003 09:47:33 - 1.82 +++ StandardContext.java 12 Aug 2003 16:15:52 - 1.83 @@ -3956,6 +3956,8 @@ // Read tldListeners. XXX Option to disable TldConfig tldConfig = new TldConfig(); tldConfig.setContext(this); +tldConfig.setXmlValidation(((StandardHost) getParent()).getXmlValidation()); +tldConfig.setXmlNamespaceAware(((StandardHost) getParent()).getXmlNamespaceAware()); try { tldConfig.execute(); } catch (Exception ex) { 1.15 +52 -28 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/TldConfig.java Index: TldConfig.java === RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/TldConfig.java,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- TldConfig.java28 Jul 2003 22:57:41 - 1.14 +++ TldConfig.java12 Aug 2003 16:15:52 - 1.15 @@ -94,7 +94,7 @@ import org.apache.commons.digester.Digester; import org.xml.sax.SAXNotRecognizedException; import org.xml.sax.SAXNotSupportedException; - +import org.xml.sax.InputSource; /** * Startup event listener for a bContext/b that configures the properties * of that Context, and the associated defined servlets. @@ -149,6 +149,44 @@ // - Public Methods + /** + * Set the validation feature of the XML parser used when + * parsing xml instances. + * @param xmlValidation true to enable xml instance validation + */ +public void setXmlValidation(boolean xmlValidation){ +this.xmlValidation = xmlValidation; +} + +/** + * Get the server.xml host attribute's xmlValidation. + * @return true if validation is enabled. + * + */ +public boolean getXmlValidation(){ +return xmlValidation; +} + +/** + * Get the server.xml host attribute's xmlNamespaceAware. + * @return true if namespace awarenes is enabled. + * + */ +public boolean getXmlNamespaceAware(){ +return xmlNamespaceAware; +} + + +/** + * Set the namespace aware feature of the XML parser used when + * parsing xml instances. + * @param xmlNamespaceAware true to enable namespace awareness + */ +public void setXmlNamespaceAware(boolean xmlNamespaceAware){ +this.xmlNamespaceAware=xmlNamespaceAware; +} + + public boolean isRescan() { return rescan; } @@ -177,6 +215,7 @@ return result; } + /** * Scan for and configure all tag library descriptors found in this * web application. @@ -458,7 +497,7 @@ JarFile jarFile = null; String name = null; -InputStream inputStream = null; +InputSource inputSource = null; String jarPath = file.getAbsolutePath(); @@ -477,10 +516,9 @@ if (log.isTraceEnabled()) { log.trace( Processing TLD at ' + name + '); } -inputStream = jarFile.getInputStream(entry); -tldScanStream(inputStream); -inputStream.close(); -inputStream = null; +inputSource = new InputSource(jarFile.getInputStream(entry)); +tldScanStream(inputSource); +inputSource = null; name = null; } } catch (Exception e) { @@ -494,13 +532,6 @@ e); } } finally { -if (inputStream != null) { -try { -inputStream.close(); -} catch (Throwable t) { -// Ignore -} -}
Re: Tomcat-5.0.7 - FileLogger of Embedded attempts two start() callsand fails on the second.
Wesley Hall wrote: To demonstrate this problem, i have created a subclass of FileLogger with the start() method overriden to print a stack whenever it is called. The result is this... java.lang.Exception: Start has been called at org.antares.tomcat.TomcatService$TestFileLogger.start(TomcatService.java:312 ) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1113) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:502) at org.apache.catalina.startup.Embedded.start(Embedded.java:1026) at org.antares.tomcat.TomcatService.start(TomcatService.java:236) at org.antares.tomcat.TomcatService.main(TomcatService.java:324) java.lang.Exception: Start has been called at org.antares.tomcat.TomcatService$TestFileLogger.start(TomcatService.java:312 ) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3926) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1127) at org.apache.catalina.core.StandardHost.start(StandardHost.java:792) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1127) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:502) at org.apache.catalina.startup.Embedded.start(Embedded.java:1026) at org.antares.tomcat.TomcatService.start(TomcatService.java:236) at org.antares.tomcat.TomcatService.main(TomcatService.java:324) As you can see, there is only one call to Embedded.start but this results in two calls attempting to start the logger. The second call causes the Logger to throw a LifecycleException and the server fails to start. The only solution i can find so far is not adding the logger in the first place. This wasnt a problem in 4.1.27. Your logger seems associated with both the host and the engine (and it gets started by both, of course). Setting the logger to the engine only would work ok (it's not your fault, Embedded does it for you in createContext, which is incorrect; somehow, it doesn't do it in createHost). Can you test and debug this further ? Remy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper JspC.java
remm2003/08/12 12:29:26 Modified:jasper2/src/share/org/apache/jasper JspC.java Log: - Beautify the insertion of the XML fragment. Revision ChangesPath 1.56 +8 -3 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/JspC.java Index: JspC.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/JspC.java,v retrieving revision 1.55 retrieving revision 1.56 diff -u -r1.55 -r1.56 --- JspC.java 12 Aug 2003 19:11:45 - 1.55 +++ JspC.java 12 Aug 2003 19:29:26 - 1.56 @@ -641,12 +641,17 @@ while (true) { String line2 = fragmentReader.readLine(); if (line2 == null) { +writer.println(); break; } writer.println(line2); } writer.println(insertEndMarker); +writer.println(); +for (int i = 0; i pos; i++) { +writer.print( ); +} writer.println(line.substring(pos)); while (true) { - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11Http11Protocol.java
[EMAIL PROTECTED] wrote: luehe 2003/08/11 14:44:49 +public void setProtocols(String k) { +setAttribute(protocols, k); +} + This probably should be sslProtocols, no ? Remy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler PageDataImpl.java
kinman 2003/08/11 17:52:50 Modified:jasper2/src/share/org/apache/jasper/compiler PageDataImpl.java Log: - When including a JSP document (written in the XML syntax), in the resulting XML View of the translation unit the root element of the included segment must have the default namespace reset to . Revision ChangesPath 1.32 +19 -3 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/PageDataImpl.java Index: PageDataImpl.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/PageDataImpl.java,v retrieving revision 1.31 retrieving revision 1.32 diff -u -r1.31 -r1.32 --- PageDataImpl.java 11 May 2003 22:54:47 - 1.31 +++ PageDataImpl.java 12 Aug 2003 00:52:50 - 1.32 @@ -271,6 +271,7 @@ private StringBuffer buf; private Compiler compiler; private String jspIdPrefix; + private boolean resetDefaultNS = false; // Current value of jsp:id attribute private int jspId; @@ -295,7 +296,12 @@ appendXmlProlog(); appendTag(n); } else { + boolean resetDefaultNSSave = resetDefaultNS; + if (n.isXmlSyntax()) { + resetDefaultNS = true; + } visitBody(n); + resetDefaultNS = resetDefaultNSSave; } } @@ -400,11 +406,15 @@ } public void visit(Node.CustomTag n) throws JasperException { + boolean resetDefaultNSSave = resetDefaultNS; appendTag(n); + resetDefaultNS = resetDefaultNSSave; } public void visit(Node.UninterpretedTag n) throws JasperException { + boolean resetDefaultNSSave = resetDefaultNS; appendTag(n); + resetDefaultNS = resetDefaultNSSave; } public void visit(Node.JspText n) throws JasperException { @@ -690,10 +700,16 @@ */ attrs = n.getNonTaglibXmlnsAttributes(); len = (attrs == null) ? 0 : attrs.getLength(); + boolean defaultNSSeen = false; for (int i=0; ilen; i++) { String name = attrs.getQName(i); String value = attrs.getValue(i); buf.append( ).append(name).append(=\).append(value).append(\\n); + defaultNSSeen = xmlns.equals(name); + } + if (resetDefaultNS !defaultNSSeen) { + buf.append( xmlns=\\\n); + resetDefaultNS = false; } /* - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [VOTE] 5.0.7 stability rating
Remy Maucherat wrote: Jean-Francois Arcand wrote: Remy Maucherat wrote: ballot [X ] Alpha [ ] Beta /ballot pleaPlease vote :)/plea Add comments if needed. (1) Xerces validation doesn't work (seems the way we load the DTD is incorrect, producing the current error...but wait, we never know with Xerces ;-) ). Since validation was by default supported in 4.x, I'm considering this a regression. (2) When ContextConfig was refactored, TldConfig was created but it is impossible right now to turn on xml validation (the implementation is missing). Knowing how it may sometimes create the proper TLD, I think the functionality needs to be implemented. I'm working on (1) ( (2) will be easy once (1) is fixed) now and hope to have something soon. Great, I don't care about either ;-) lol :-) None of this is critical for a beta (off by default, and it is so slow you'd have to be crazy to enable it). Then I'm crazy :-) (to debug Xerces yes I'm crazy) I don't understand what you mean in (2): TLD validation is not implemented ? I mean it is impossible to turn on xml validation ( the getter/setter are not implemented, so the default value is always set to false ). Costin's re-factoring was too agressive :-) -- Jeanfrancois Remy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Access a servlet instance from a valve
Hi, i have written an access log valve (in fact it is a copy of the JDBCAccessLogValve, but cause that one is final, i could not derive from it). I use it inside the context of a webapp. Now i want to access an instance of a servlet inside of this context. Is this possible somehow? Thanks, Stephan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 21366] - A JSP-Servlet translation bug
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21366. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21366 A JSP-Servlet translation bug --- Additional Comments From [EMAIL PROTECTED] 2003-08-10 09:15 --- Yes, you're right. Xerces would be there because of Ant during a precompilation, so it works then. This bug is basically the first good reason I've seen for bundling back Xerces 2. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22294] - JSPC class name doesn't match Jasper
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22294. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22294 JSPC class name doesn't match Jasper [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||DUPLICATE --- Additional Comments From [EMAIL PROTECTED] 2003-08-11 22:30 --- *** This bug has been marked as a duplicate of 22293 *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
problem with tomcat servlet
I typed in a simple servlet example from the book "Tomcat Kick Start" (Sams). Basically I put the html and servlet class as follow: $CATALINA/webapps/mybasic_servlet/CurrencyForm.html $CATALINA/webapps/mybasic_servlet/WEB-INF/classes/CurrencyConverter.class When I start Tomcat, and access: http://localhost:8080/mybasic_servlet/CurrencyForm.html and type a number in the text input and submit, the browser returns a 404 error The requested resource (/mybasic_servlet/servlet/CurrencyConverter) is not available. If I add a web.xml file to $CATALINA/webapps/mybasic_servlet/WEB-INF/, and the web.xml uses servlet-mapping servlet-nameCurrency Converter/servlet-name url-pattern/convert/url-pattern /servlet-mapping and changes my html to FORM METHOD=GET ACTION="" Now after restarting Tomcat, and access: http://localhost:8080/mybasic_servlet/CurrencyForm.html and type a number in the text input an submit, this time the servlet gets triggered. I have enclosed the files and would really apprceciate if someone explain this 404 error to me. Thanks in advance. -chris !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameCurrency Converter/display-name description This is a simple web application with an HTML form passing a single parameter (amount of dollars) to a servlet for conversion. /description servlet servlet-nameCurrency Converter/servlet-name servlet-classCurrencyConverter/servlet-class init-param param-namerate/param-name param-value0.65/param-value /init-param /servlet servlet-mapping servlet-nameCurrency Converter/servlet-name url-pattern/convert/url-pattern /servlet-mapping servlet-mapping servlet-nameCurrency Converter/servlet-name url-pattern*.con/url-pattern /servlet-mapping /web-app - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSEKeyManager.java JSSE14SocketFactory.java
luehe 2003/08/11 11:12:29 Modified:util/java/org/apache/tomcat/util/net/jsse JSSE14SocketFactory.java Added: util/java/org/apache/tomcat/util/net/jsse JSSEKeyManager.java Log: Added support for specifying alias name for server keypair and cert chain, to be used by the server to authenticate itself to SSL clients Revision ChangesPath 1.8 +30 -12 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java Index: JSSE14SocketFactory.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- JSSE14SocketFactory.java 9 Aug 2003 17:17:17 - 1.7 +++ JSSE14SocketFactory.java 11 Aug 2003 18:12:29 - 1.8 @@ -56,6 +56,7 @@ * [Additional notices, if required by prior licensing conditions] * */ + package org.apache.tomcat.util.net.jsse; import java.io.*; @@ -64,6 +65,7 @@ import java.security.SecureRandom; import javax.net.ssl.SSLContext; import javax.net.ssl.KeyManager; +import javax.net.ssl.X509KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; @@ -84,6 +86,7 @@ * @author Costin Manolache * @author Stefan Freyr Stefansson * @author EKR -- renamed to JSSESocketFactory + * @author Jan Luehe */ public class JSSE14SocketFactory extends JSSESocketFactory { @@ -97,27 +100,32 @@ void init() throws IOException { try { -String clientAuthStr = (String)attributes.get(clientauth); +String clientAuthStr = (String) attributes.get(clientauth); if (clientAuthStr != null){ clientAuth = Boolean.valueOf(clientAuthStr).booleanValue(); } // SSL protocol variant (e.g., TLS, SSL v3, etc.) -String protocol = (String)attributes.get(protocol); -if (protocol == null) protocol = defaultProtocol; +String protocol = (String) attributes.get(protocol); +if (protocol == null) { +protocol = defaultProtocol; +} // Certificate encoding algorithm (e.g., SunX509) -String algorithm = (String)attributes.get(algorithm); -if (algorithm == null) algorithm = defaultAlgorithm; +String algorithm = (String) attributes.get(algorithm); +if (algorithm == null) { +algorithm = defaultAlgorithm; +} -String keystoreType = (String)attributes.get(keystoreType); +String keystoreType = (String) attributes.get(keystoreType); if (keystoreType == null) { keystoreType = defaultKeystoreType; } // Create and init SSLContext SSLContext context = SSLContext.getInstance(protocol); -context.init(getKeyManagers(keystoreType, algorithm), +context.init(getKeyManagers(keystoreType, algorithm, +(String) attributes.get(keyAlias)), getTrustManagers(keystoreType), new SecureRandom()); @@ -138,16 +146,26 @@ * Gets the initialized key managers. */ protected KeyManager[] getKeyManagers(String keystoreType, - String algorithm) + String algorithm, + String keyAlias) throws Exception { +KeyManager[] kms = null; + String keystorePass = getKeystorePassword(); KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(getKeystore(keystoreType, keystorePass), keystorePass.toCharArray()); -return kmf.getKeyManagers(); +kms = kmf.getKeyManagers(); +if (keyAlias != null) { +for(int i=0; ikms.length; i++) { +kms[i] = new JSSEKeyManager((X509KeyManager)kms[i], keyAlias); +} +} + +return kms; } /** @@ -156,15 +174,15 @@ protected TrustManager[] getTrustManagers(String keystoreType) throws Exception { -TrustManager[] tm = null; +TrustManager[] tms = null; KeyStore trustStore = getTrustStore(keystoreType); if (trustStore != null) { TrustManagerFactory tmf = TrustManagerFactory.getInstance(SunX509); tmf.init(trustStore); -tm = tmf.getTrustManagers();
DO NOT REPLY [Bug 22279] New: - [PATCH] Typo fixes for various parts in Tomcat-FAQ
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22279. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22279 [PATCH] Typo fixes for various parts in Tomcat-FAQ Summary: [PATCH] Typo fixes for various parts in Tomcat-FAQ Product: Tomcat 4 Version: Unknown Platform: Other URL: http://jakarta.apache.org//tomcat/faq/ OS/Version: Other Status: NEW Severity: Enhancement Priority: Other Component: Webapps:Documentation AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Patches below fix several simple typos in the indicated FAQ pages. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22279] - [PATCH] Typo fixes for various parts in Tomcat-FAQ
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22279. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22279 [PATCH] Typo fixes for various parts in Tomcat-FAQ --- Additional Comments From [EMAIL PROTECTED] 2003-08-10 10:52 --- Created an attachment (id=7719) Fix typos in classnotfound.xml - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22300] New: - Classloader problem when digester jar is in common/lib as well
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22300. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22300 Classloader problem when digester jar is in common/lib as well Summary: Classloader problem when digester jar is in common/lib as well Product: Tomcat 4 Version: 4.1.27 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Under certain circumstances it may be desirable to have a digester jar in common/lib. Because of the well know class loader hierarchy Tomcat prefers the digester jar in common/lib over server/lib on startup. The classes digester tries to build from the XML are accessible over the server/lib class loader only. Its standard class loader is the one from common/lib though. Thus it can not find those classes resulting in the following exception: Catalina.start: java.lang.ClassNotFoundException: org.apache.catalina.core.StandardServer java.lang.ClassNotFoundException: org.apache.catalina.core.StandardServer at org.apache.commons.digester.Digester.createSAXException(Digester.java:2540) at org.apache.commons.digester.Digester.createSAXException(Digester.java:2566) at org.apache.commons.digester.Digester.startElement(Digester.java:1276) at org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1535) at org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:534) at org.apache.crimson.parser.Parser2.parse(Parser2.java:318) at org.apache.crimson.parser.XMLReaderImpl.parse(XMLReaderImpl.java:442) at org.apache.commons.digester.Digester.parse(Digester.java:1548) at org.apache.catalina.startup.Catalina.start(Catalina.java:449) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 21616] - Upload fails under iis5-jk2 and not under tomcat alone
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21616. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21616 Upload fails under iis5-jk2 and not under tomcat alone --- Additional Comments From [EMAIL PROTECTED] 2003-08-11 18:17 --- I've ran into this too. This: http://www.mail-archive.com/[EMAIL PROTECTED]/msg06868.html fixed it for me. If you want the recompiled dll just send me an email ([EMAIL PROTECTED]). Btw, if you're using iis for ntlm authentication only you might want to try this: http://jcifs.samba.org. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper JspC.java
luehe 2003/08/09 12:03:15 Modified:jasper2/src/share/org/apache/jasper JspC.java Log: Replaced message with more meaningful warning Revision ChangesPath 1.53 +8 -5 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/JspC.java Index: JspC.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/JspC.java,v retrieving revision 1.52 retrieving revision 1.53 diff -u -r1.52 -r1.53 --- JspC.java 9 Aug 2003 13:08:18 - 1.52 +++ JspC.java 9 Aug 2003 19:03:15 - 1.53 @@ -1023,8 +1023,11 @@ for (int i = 0; i libs.length; i++) { if( libs[i].length() 5 ) continue; String ext=libs[i].substring( libs[i].length() - 4 ); -if( ! .jar.equalsIgnoreCase( ext )) { -System.out.println(XXX bad jar + libs[i]); +if (! .jar.equalsIgnoreCase(ext)) { +if (.tld.equalsIgnoreCase(ext)) { +log.warn(TLD files should not be placed in + + /WEB-INF/lib); +} continue; } try { - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22293] - JasperLoader prepends fixed package name
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22293. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22293 JasperLoader prepends fixed package name --- Additional Comments From [EMAIL PROTECTED] 2003-08-11 10:55 --- This will not be implemented in 4.1.x (too big a change). I considered backporting from 5.0.x for a long time, but chose not to do it. Despite you not liking it, you should rely on web application reloading: automatic JSP recompilation on access is extremely expensive performance wise, while a programmatic (or automatic if you update the web.xml) webapp reload does not have any performance impact. Your solution is just plain bad, and will not be encouraged or supported (but I'm willing to apply a patch for bug 22294 if it still exists in Tomcat 5.0.x). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded tomcat with HTTPS
I'm going to assume that you're using 4.1.x. In this case, you are using the wrong Factory. You want something like: Connector httpsConnector = embeddedTomcat.createConnector(null, configuration.getHttpsPort(), true); CoyoteServerSocketFactory serverSocketFactory = (CoyoteServerSocketFactory)httpsConnector.getFactory(); serverSocketFactory.setKeystoreFile(configuration.getKeystoreFile()); serverSocketFactory.setKeystorePass(antares); - Original Message - From: Wesley Hall [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, August 10, 2003 1:23 PM Subject: Embedded tomcat with HTTPS Hello, Myself and a collegue are currently working on an open source application, part of which involves embedding a servlet engine. I have read through some tutorials and the API docs for tomcat and began development of a class structure to provide this. I have, however come across a problem with my https connector. I currently have code that looks like this.. Connector httpsConnector = embeddedTomcat.createConnector(null, configuration.getHttpsPort(), true); httpsConnector.setScheme(https); SSLServerSocketFactory serverSocketFactory = new SSLServerSocketFactory(); serverSocketFactory.setKeystoreFile(configuration.getKeystoreFile()); serverSocketFactory.setKeystorePass(antares); httpsConnector.setFactory(serverSocketFactory); embeddedTomcat.addConnector(httpsConnector); connectors.add(httpsConnector); configuration is a instance of a simple bean, getHttpsPort() returns 443, getKeystoreFile() returns the path to the keystore (generated as per the SSL-Howto doc). The location of the keystore is validated elsewhere in the code using a File object and a call to .isFile() and .canRead(), both of which return true when running this code. However... i am finding that although http://localhost:443 works perfectly, https://localhost leaves the browser (MSIE) whirring away for 30 seconds or so before displaying 'cannot find server'. With the former i get plenty of information in the logs but the latter adds nothing at all to the logs, making this problem very difficult to debug. I can change the keystore pass to any value and there is no appreciable difference. Im happy to provide any more information as required... Would a kind sameritan type point me in the write direction as to what may be causing this issue? Regards Wesley I. Hall. P.S. I thought long and hard on whether this belonged on dev or user, but since we are discussing actually class structure i finally decided that dev would probably be more appropriate. If i was wrong on that descision, you have my sincere apologies. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 20675] - Tomcat is not compliant with the JSP 1.2 specification.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20675. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20675 Tomcat is not compliant with the JSP 1.2 specification. [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||DUPLICATE --- Additional Comments From [EMAIL PROTECTED] 2003-08-09 05:58 --- *** This bug has been marked as a duplicate of 20674 *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 22277] - SMAP LineInfo entries with an outputStartLine of 0
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22277. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22277 SMAP LineInfo entries with an outputStartLine of 0 [EMAIL PROTECTED] changed: What|Removed |Added Severity|Blocker |Major --- Additional Comments From [EMAIL PROTECTED] 2003-08-10 08:41 --- I have applied your workaround. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-servletapi-5/jsr152/src/share/javax/servlet/jsp/tagext JspFragment.java SimpleTag.java SimpleTagSupport.java TagInfo.java
kinman 2003/08/08 15:27:40 Modified:jsr152/src/share/javax/servlet/jsp/tagext JspFragment.java SimpleTag.java SimpleTagSupport.java TagInfo.java Log: - Patch by Mark Roth: The patch includes an API update from the JSP 2.0 specification. jsr152/src/share/javax/servlet/jsp/tagext/SimpleTag.java: - Clarified javadocs for setJspContext() jsr152/src/share/javax/servlet/jsp/tagext/SimpleTagSupport.java: - Clarified javadocs for setJspContext() jsr152/src/share/javax/servlet/jsp/tagext/TagInfo.java: - Corrected error in constructor javadoc for JSP 1.1 TLD jsr152/src/share/javax/servlet/jsp/tagext/JspFragment.java: - Changed to an abstract class - Added getJspContext() method Revision ChangesPath 1.6 +10 -3 jakarta-servletapi-5/jsr152/src/share/javax/servlet/jsp/tagext/JspFragment.java Index: JspFragment.java === RCS file: /home/cvs/jakarta-servletapi-5/jsr152/src/share/javax/servlet/jsp/tagext/JspFragment.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- JspFragment.java 18 Dec 2002 18:35:37 - 1.5 +++ JspFragment.java 8 Aug 2003 22:27:40 - 1.6 @@ -66,7 +66,7 @@ * The definition of the JSP fragment must only contain template * text and JSP action elements. In other words, it must not contain * scriptlets or scriptlet expressions. At translation time, the - * container generates an implementation of the JspFragment interface + * container generates an implementation of the JspFragment abstract class * capable of executing the defined fragment. * p * A tag handler can invoke the fragment zero or more times, or @@ -85,7 +85,7 @@ * * @since 2.0 */ -public interface JspFragment { +public abstract class JspFragment { /** * Executes the fragment and directs all output to the given Writer, @@ -104,7 +104,14 @@ * @throws java.io.IOException If there was an error writing to the * stream. */ -public void invoke( java.io.Writer out ) +public abstract void invoke( java.io.Writer out ) throws javax.servlet.jsp.JspException, java.io.IOException; + +/** + * Returns the JspContext that is bound to this JspFragment. + * + * @return The JspContext used by this fragment at invocation time. + */ +public JspContext getJspContext(); } 1.8 +3 -2 jakarta-servletapi-5/jsr152/src/share/javax/servlet/jsp/tagext/SimpleTag.java Index: SimpleTag.java === RCS file: /home/cvs/jakarta-servletapi-5/jsr152/src/share/javax/servlet/jsp/tagext/SimpleTag.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- SimpleTag.java12 May 2003 16:52:10 - 1.7 +++ SimpleTag.java8 Aug 2003 22:27:40 - 1.8 @@ -153,8 +153,9 @@ public JspTag getParent(); /** - * Stores the provided JSP context in the protected - * jspContext field. + * Called by the container to provide this tag handler with + * the codeJspContext/code for this invocation. + * An implementation should save this value. * * @param pc the page context for this invocation * @see Tag#setPageContext 1.9 +3 -2 jakarta-servletapi-5/jsr152/src/share/javax/servlet/jsp/tagext/SimpleTagSupport.java Index: SimpleTagSupport.java === RCS file: /home/cvs/jakarta-servletapi-5/jsr152/src/share/javax/servlet/jsp/tagext/SimpleTagSupport.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- SimpleTagSupport.java 16 May 2003 02:39:00 - 1.8 +++ SimpleTagSupport.java 8 Aug 2003 22:27:40 - 1.9 @@ -131,8 +131,9 @@ } /** - * Stores the provided JSP context in the protected - * jspContext field. + * Stores the provided JSP context in the private jspContext field. + * Subclasses can access the codeJspContext/code via + * codegetJspContext()/code. * * @param pc the page context for this invocation * @see SimpleTag#setJspContext 1.7 +1 -1 jakarta-servletapi-5/jsr152/src/share/javax/servlet/jsp/tagext/TagInfo.java Index: TagInfo.java === RCS file: /home/cvs/jakarta-servletapi-5/jsr152/src/share/javax/servlet/jsp/tagext/TagInfo.java,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- TagInfo.java 31 Mar 2003 17:52:26 - 1.6 +++ TagInfo.java 8 Aug 2003 22:27:40 - 1.7 @@ -92,7 +92,7 @@
DO NOT REPLY [Bug 22226] - Tomcat throws JasperException instead of NumberFormatException when parameter can't convert to bean property
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6 Tomcat throws JasperException instead of NumberFormatException when parameter can't convert to bean property [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Additional Comments From [EMAIL PROTECTED] 2003-08-08 17:37 --- I feel your pain but according to the spec, this is not a bug. Making a suggestion to the spec team (jsp-spec-comments at eng.sun.com) would be the best solution at this point for future versions of the spec. http://marc.theaimsgroup.com/?l=tomcat-devm=106036342911204w=2 To work around this issue, I recommend asking the tomcat-user list for advice. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime JspFragmentHelper.java
luehe 2003/08/08 16:25:11 Modified:jasper2/src/share/org/apache/jasper/runtime JspFragmentHelper.java Log: Adapt to javax.servlet.jsp.tagext.JspFragment, which has changed from an interface to an abstract class Revision ChangesPath 1.6 +4 -4 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/JspFragmentHelper.java Index: JspFragmentHelper.java === RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime/JspFragmentHelper.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- JspFragmentHelper.java28 Oct 2002 18:16:21 - 1.5 +++ JspFragmentHelper.java8 Aug 2003 23:25:11 - 1.6 @@ -83,7 +83,7 @@ * @author Mark Roth */ public abstract class JspFragmentHelper -implements JspFragment +extends JspFragment { protected int discriminator; - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 21366] - A JSP-Servlet translation bug
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21366. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21366 A JSP-Servlet translation bug [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Additional Comments From [EMAIL PROTECTED] 2003-08-10 10:04 --- It has been determined that using Xerces solves this problem. If you're using the JDK 1.4 edition of Tomcat 4, you could be impacted. Also, Tomcat 5 will include Xerces 2 again as a result of this bug (please complain if you disagree with that). The bug itself is invalid (it is not a Tomcat bug). Many thanks to Eric for investigating the issue. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
which method gets called first listener.sessionDestroyed() or session.invalidate()
Hi All, I have written a Http Session Listener for logging session termination event. In my listener I am trying to get user related data by calling getSession() then getAttribute() method. Here I am always getting an exception saying IllegalStateException : Session is already invalidated. Could you please tell me why session is getting invalidated before calling listener.sessionDestroyed(..) method. Thanks, Kaushik Dutta This mail was scanned by Interscan Virus Wall of Mailserver2 at SNR, TCS, Chennai - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]