Tomcat 4 vs Tomcat 3 Discussions
I think that this has gone about as far as it can productively go in email. I'd like to ask *all* participants in this discussion to cool it until Tuesday January 16th when you can voice your opinions at the Jakarta PMC meeting. Normally, I would prefer to actually try to reach some sort of resolution via email as that is what typically works for this community. However, it is clear from the length of time that these threads have been going on that it isn't going to happen. It's time to get out the not very used "the buck stops here" PMC big stick. The meeting will be in the Bay Area. Details will follow a bit closer to time as will an overall agenda. However, this topic will be one of the big agenda items and we *will* address it at that meeting even if we are ordering in Chinese food for dinner and pizza for a midnight snack. Until then I'd like to request that both sides draw a line, stay to their side of the road, do their thing, and figure out what they want to say at that meeting. James Duncan Davidson Jakarta PMC Chairman
Re: Url Encoding/Decoding and static resources
---snip--- ...but there might be security/implementation issues that I missed. ---snip--- Oops! Found one big issue right after I sent off the patch. Patch now checks for non-hex-character-strings in the encoding, and returns null if present ( similar to what happens if a control character is in the encoded string, or if the url tries to access resources out of the context etc... ). Let's only hope I don't find yet another error in my patch right after I send this one out! David Weinrich --- DefaultServlet.java Thu Dec 28 00:30:23 2000 +++ DefaultServletEd.java Thu Dec 28 00:29:51 2000 @@ -729,9 +729,41 @@ * @param path Path to be normalized */ protected String normalize(String path) { + String normalized = path; + + // Resolve encoded characters in the normalized path, + // which also handles encoded spaces so we can skip that later. + // Placed at the beginning of the chain so that encoded + // bad stuff(tm) can be caught by the later checks + while (true) { + int index = normalized.indexOf("%"); + if (index 0) + break; + char replaceChar; + try { + replaceChar = (char) ( + Short.parseShort( + normalized.substring( index + 1, index + 3 ), 16 + ) + ); + } catch ( NumberFormatException nfe ) { + return (null); // bad encoded characters in url + } + // check for control characters ( values 00-1f and 7f-9f), + // return null if present. See: + // http://www.unicode.org/charts/PDF/U.pdf + // http://www.unicode.org/charts/PDF/U0080.pdf + if ( Character.isISOControl( replaceChar ) ) { + return (null); + } + normalized = normalized.substring(0, index) + + replaceChar + + normalized.substring(index + 3); +} + + // Normalize the slashes and add leading slash if necessary - String normalized = path; if (normalized.indexOf('\\') = 0) normalized = normalized.replace('\\', '/'); if (!normalized.startsWith("/")) @@ -745,15 +777,6 @@ normalized = normalized.substring(0, index) + normalized.substring(index + 1); } - - // Resolve occurrences of "%20" in the normalized path - while (true) { - int index = normalized.indexOf("%20"); - if (index 0) - break; - normalized = normalized.substring(0, index) + " " + - normalized.substring(index + 3); -} // Resolve occurrences of "/./" in the normalized path while (true) { --- ResourcesBase.java Thu Dec 28 00:32:58 2000 +++ ResourcesBaseEd.javaThu Dec 28 00:08:15 2000 @@ -961,9 +961,39 @@ * @param path Path to be normalized */ protected String normalize(String path) { + String normalized = path; + + // Resolve encoded characters in the normalized path, + // which also handles encoded spaces so we can skip that later. + // Placed at the beginning of the chain so that encoded + // bad stuff(tm) can be caught by the later checks + while (true) { + int index = normalized.indexOf("%"); + if (index 0) + break; + char replaceChar; + try { + replaceChar = (char) ( + Short.parseShort( + normalized.substring( index + 1, index + 3 ), 16 + ) + ); + } catch ( NumberFormatException nfe ) { + return (null); // bad encoded characters in url + } + // check for control characters ( values 00-1f and 7f-9f), + // return null if present. See: + // http://www.unicode.org/charts/PDF/U.pdf + // http://www.unicode.org/charts/PDF/U0080.pdf + if ( Character.isISOControl( replaceChar ) ) { + return (null); + } + normalized = normalized.substring(0, index) + + replaceChar + + normalized.substring(index + 3); +} // Normalize the slashes and add leading slash if necessary - String normalized = path; if (normalized.indexOf('\\') = 0) normalized = normalized.replace('\\', '/'); if (!normalized.startsWith("/")) @@ -977,15 +1007,6 @@ normalized = normalized.substring(0, index) + normalized.substring(index + 1); } - - // Resolve occurrences of "%20" in the normalized path - while (true) { - int index = normalized.indexOf("%20"); - if (index 0) - break; - normalized = normalized.substring(0, index) + " " + - normalized.substring(index + 3); -} //
Re: [BUG PATCH] for Kaffe VM
Hi, Tomcat developers. I found problem that tomcat 3.2-b8 doesn't work on Kaffe VM. (probably 3.2 final is same) Error occurs at read() method in java.io.BufferedInputStream. I had a contact to Edouard who is one of Kaffe VM developer. He said Tomcat should be fixed. I forward him mail. Please fix this problem. If tomcat don't work on Kaffe VM,bTomcat can't be included Debian main package/b because JDK and JRE isn't free software. Regards. - mail form Edouard -- Takashi Okamoto wrote: Could you test the following changes: In methods read() and skip() of java.io.BufferedInputStream, change test pos == buf.length by pos == buf.length || pos = count and say me if it work. It's good. Tomcat worked. Well, I think others methods may not work too (available, mark, reset). As BufferedInputStream constructor initialize pos, count and markpos, I think it's a org.apache.tomcat.util.RecycleBufferedInputStream bug. If setInputStream() and reclycle() do the RightThinkTM, I hope that Tomcat will work with unmodified Kaffe and GNU Classpath BufferedInputStream class. Try the following changes and use unmodified BufferedInputStream. If Tomcat then work, could you fill a bug report to Tomcat team ? public void setInputStream( InputStream is ) { this.in = is; this.pos = this.count = 0; this.markpos = -1; } public void recycle() { this.in = null; this.pos = this.count = 0; this.markpos = -1; } Hope this help. -- Edouard G. Parmelan http://egp.free.fr - Takashi Okamoto
RE: TC 4.0 vs. TC 3.x and division of labor
Costin, your "elegant" as all to do with "robust". Hard to understand and maintain code can hardly be robust. Have fun, Paulo Gaspar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 27, 2000 20:12 I disagree with you about 2 points - I think 3.3 is all about "elegance". Try to look at the code - and compare it with 3.2 or 4.0. Of course, it's a matter of taste - but the refactoring was done exactly to make the code more "elegant" ( cleaner, easier to understand and maintain ).
RE: TC 4.0 vs. TC 3.x and division of labor
Almost everybody is aware of Costin time limitations and respects the fact that his work on Tomcat is purely voluntary (he is not paid to do it). Everybody respects Craig effort - including Costin (it sure looks so from his postings). In fact, Jon is the only person trying to turn this into a lousy Costin versus Craig war. Craig and Costin do not agree about with each other about everything but they show much more respect for each other. I (as many others) sure would like to have a 3.3 while 4.0 gets stable. 3.3 could get stable sooner than 4.0 with many advantages over the current 3.2. The energy that 3.3 is taking from 4.0 is highly overrated since Costin the other main contributors of 3.3 are voluntary workers (not paid to do it). It is not clear they would put this much effort on the 4.0 project at this moment since their motivation is another one - and motivation is what rules voluntary work. It is also possible that they will move their effort elsewhere if the 3.3 code base leaves the Apache umbrela. This way, the only waste of energy I see here are caused by Jon postings. It is a pity that Jon is sabotaging 3.3 taking their attention with this word war. And it is not doing 4.0 any good too. After all these years in Open Source, Jon seems to be forgeting what "voluntary work" means: * I do not see how he is going to force Costin, Nacho, Gomez and others to contribute all their time to 4.0 - the most he can do is to force (some of?) them out of the Apache umbrella. Have fun, Paulo Gaspar -Original Message- From: Sam Ruby [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 27, 2000 20:59 Jon Stevens wrote: Thus, the *only* reason why 3.2 got released was because Craig finally stood up and did a 3.2 release. Where was Mr. Costin during this time? Likely waiting for the release manager at the time (me) to do his job. Craig indicated at the time that he was able to get relief from his employer to spend work time on putting out the 3.2 release - something we all very much appreciate.
RE: TC 4.0 vs. TC 3.x and division of labor
-Original Message- From: Jon Stevens [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 27, 2000 22:32 I wrote _a_lot__ of the code that went into 3.2, and I did more work than you can imagine, Jon. I did that even if I had a job that is not tomcat, but xml-xalan. In fact, you did some of that work during your day time job. :-) This is a rather stupid remark. Are you trying to attack Costin's relation with his employer? In any case - this is not about me, but about tomcat. I do my best to improve tomcat, if that's not enough for you - I'm sorry. Tomcat 3.x or 4.x? Having a very stable Tomcat 3.3 would only do good to the Apache and Tomcat names. If (as many believe) it is possible to get a solid 3.3 before a solid 4.x, that would only pave the way for a wide 4.x acceptance. Have fun, Paulo Gaspar
RE: TC 4.0 vs. TC 3.x and division of labor
Why don't you concentrate on commiting stuff for 4.0 instead of picking on Costin and 3.3. In the last 80 days you have done 6 commits but send 153 other mails. Even though many of them where ok, many of them where negative and nonconstructive, like "I keep looking at this code and realizing how bad it is. :-(" and so on. I don't see you are doing much good for the Jakarta projekt rigth now. Please change track: Make code not war :-). That would give a much bigger push to 4.x than trying to push voluntary contributors into doing anything different form what they are motivated to. Have fun, Paulo Gaspar -Original Message- From: Casper Gjerris [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 28, 2000 02:24 on 12/28/2000 01:02 AM, "Jon Stevens" [EMAIL PROTECTED] wrote: . So, what I'm proposing and complaining about is *exactly* what Nacho stated that he wanted to see. H.. Yes and maybe he now sees it otherwise! Like you did a few hours after you wrote this in your "Fuck It" mail: "I give up. All of my previous -1 votes are now +1. Have fun." I would not call what your doing now "giving up". Could you please please please "give up" now. Why don't you concentrate on commiting stuff for 4.0 instead of picking on Costin and 3.3. In the last 80 days you have done 6 commits but send 153 other mails. Even though many of them where ok, many of them where negative and nonconstructive, like "I keep looking at this code and realizing how bad it is. :-(" and so on. I don't see you are doing much good for the Jakarta projekt rigth now. Please change track: Make code not war :-). Casper Gjerris
BugRat Report #641 was closed (apparently by: Ignacio Ortega)
Report #641 was closed by Person #0 Synopsis: Tomcat + IIS5.0 (logged in as: Ignacio Ortega)
Re: FileStore
Craig R. McClanahan typed the following on 09:35 AM 12/27/2000 -0800 * Create another level of nesting inside Manager called Store. This is probably better, because you can now configure the properties of the Store implementation using Store attributes. I haven't had much luck getting this working. I've got the following in my server.xml: Context path="/examples" docBase="examples" debug="3" reloadable="true" Manager className="org.apache.catalina.session.PersistentManager" debug="3" Store className="org.apache.catalina.session.FileStore"/ /Manager Then I put some stuff into startup/Catalina.java, basically copying the code for Manager (this is also in the attached patch for reference): mapper.addRule("Server/Service/Engine/Host/Manager/Store", mapper.objectCreate ("org.apache.catalina.session.FileStore", "className")); mapper.addRule("Server/Service/Engine/Host/Manager/Store", mapper.setProperties()); mapper.addRule("Server/Service/Engine/Host/Manager/Store", mapper.addChild ("setStore", "org.apache.catalina.Store")); [...] mapper.addRule("Server/Service/Engine/Manager/Store", mapper.objectCreate ("org.apache.catalina.session.FileStore", "className")); mapper.addRule("Server/Service/Engine/Manager/Store", mapper.setProperties()); mapper.addRule("Server/Service/Engine/Manager/Store", mapper.addChild ("setStore", "org.apache.catalina.Store")); [...] mapper.addRule(prefix + "/Store", mapper.objectCreate ("org.apache.catalina.session.FileStore", "className")); mapper.addRule(prefix + "/Store", mapper.setProperties()); mapper.addRule(prefix + "/Store", mapper.addChild ("setStore", "org.apache.catalina.Store")); The problem is I don't understand enough about what's going on here to debug it - the FileStore doesn't seem to be instantiated, and the PersistentManager's setStore() definitely isn't being called. Is there any reference to how this all fits together? XmlMapper.java is uncommented :-( Otherwise, what should I do to make this work? Kief --- Catalina.java.orig Thu Dec 28 11:34:30 2000 +++ Catalina.java Thu Dec 28 10:29:54 2000 @@ -372,6 +372,15 @@ mapper.addRule("Server/Service/Engine/Host/Manager", mapper.addChild ("setManager", "org.apache.catalina.Manager")); + mapper.addRule("Server/Service/Engine/Host/Manager/Store", + mapper.objectCreate + ("org.apache.catalina.session.FileStore", + "className")); + mapper.addRule("Server/Service/Engine/Host/Manager/Store", + mapper.setProperties()); + mapper.addRule("Server/Service/Engine/Host/Manager/Store", mapper.addChild + ("setStore", "org.apache.catalina.Store")); + mapper.addRule("Server/Service/Engine/Host/Realm", mapper.objectCreate (null, "className")); mapper.addRule("Server/Service/Engine/Host/Realm", @@ -424,6 +433,14 @@ mapper.addRule("Server/Service/Engine/Manager", mapper.addChild ("setManager", "org.apache.catalina.Manager")); + mapper.addRule("Server/Service/Engine/Manager/Store", mapper.objectCreate + ("org.apache.catalina.session.FileStore", + "className")); + mapper.addRule("Server/Service/Engine/Manager/Store", + mapper.setProperties()); + mapper.addRule("Server/Service/Engine/Manager/Store", mapper.addChild + ("setStore", "org.apache.catalina.Store")); + mapper.addRule("Server/Service/Engine/Realm", mapper.objectCreate (null, "className")); mapper.addRule("Server/Service/Engine/Realm", mapper.setProperties()); @@ -535,6 +552,15 @@ mapper.setProperties()); mapper.addRule(prefix + "/Manager", mapper.addChild ("setManager", "org.apache.catalina.Manager")); + + mapper.addRule(prefix + "/Store", + mapper.objectCreate + ("org.apache.catalina.session.FileStore", + "className")); + mapper.addRule(prefix + "/Store", + mapper.setProperties()); + mapper.addRule(prefix + "/Store", mapper.addChild + ("setStore", "org.apache.catalina.Store")); mapper.addRule(prefix + "/Parameter", mapper.objectCreate ("org.apache.catalina.deploy.ApplicationParameter"));
BugRat Report #671 has been filed.
Bug report #671 has just been filed. You can view the report at the following URL: http://znutar.cortexity.com/BugRatViewer/ShowReport/671 REPORT #671 Details. Project: Tomcat Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: medium Severity: non-critical Confidence: public Environment: Release: 3.2 JVM Release: 1.3, 1.2.2 Operating System: Solaris, Linux OS Release: 2.7, 2.2.17 Platform: Sparc, Intel Synopsis: getRealPath get's too much path Description: For the examples context that comes with Tomcat, a JSP page that contains the expression %=application.getRealPath(request.getContextPath())% returns /realpath/examples/examples. It's just a pain because you have to trim the extra /examples to get the correct path. If you specify a docbase other than webapps, you get the same problem. Title: BugRat Report # 671 BugRat Report # 671 Project: Tomcat Release: 3.2 Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: medium Severity: non-critical Confidence: public Submitter: _Anonymous ([EMAIL PROTECTED]) Date Submitted: Dec 28 2000, 12:04:03 CST Responsible: Z_Tomcat Alias ([EMAIL PROTECTED]) Synopsis: getRealPath get's too much path Environment: (jvm, os, osrel, platform) 1.3, 1.2.2, Solaris, Linux, 2.7, 2.2.17, Sparc, Intel Additional Environment Description: Report Description: For the examples context that comes with Tomcat, a JSP page that contains the expression <%=application.getRealPath(request.getContextPath())%> returns //examples/examples. It's just a pain because you have to trim the extra /examples to get the correct path. If you specify a docbase other than webapps, you get the same problem. View this report online...
Re: cvs commit:jakarta-tomcat/src/share/org/apache/tomcat/util/hooks Hooks.java
on 12/27/2000 10:15 PM, "[EMAIL PROTECTED]" [EMAIL PROTECTED] wrote: Added: src/share/org/apache/tomcat/util/hooks Hooks.java Log: First attempt to refactor hooks. Moving them in a util package is not a bad idea ( and it's inspired by the new organization in 2.0 - I was initially surprized to find ap_hook.h in apr-utils, but it's quite a generic concept ). The only disadvantage of using "generic" hooks is that a cast is needed ( to BaseInterceptor ), but it gives a lot more flexibility. I think there is a simple workaround for that. Why does this scare me into thinking that if people start to base their code on top of this that they will be tying themselves to a single servlet engine? Isn't that something that we were trying to avoid? Correct me if I'm wrong. thanks, -jon
Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util/hooks Hooks.java
Jon Stevens wrote: Why does this scare me into thinking that if people start to base their code on top of this that they will be tying themselves to a single servlet engine? Isn't that something that we were trying to avoid? Correct me if I'm wrong. I see it as a good guideline, but not an iron clad rule. There is precidence for it. Take a peek at the catalina-wrapper target of the jakarta-slide project, for example. - Sam Ruby
Re: TC 4.0 vs. TC 3.x and division of labor
on 12/27/2000 5:23 PM, "Casper Gjerris" [EMAIL PROTECTED] wrote: In the last 80 days you have done 6 commits but send 153 other mails. Even though many of them where ok, many of them where negative and nonconstructive, like "I keep looking at this code and realizing how bad it is. :-(" and so on. I don't see you are doing much good for the Jakarta projekt rigth now. Please change track: Make code not war :-). The Jakarta Project is more than just Tomcat. This is clearly stated on the homepage in case you missed it. So, to clarify what I do all day. Lets see, I'm involved, as a committer, with the following OSS projects (that I could think of off the top of my head...there are definitely more): 1. Tomcat 3.x 2. Tomcat 4.x 3. Turbine 4. ECS 5. JServ 6. Velocity 7. Anakia 8. Regexp 9. ORO 10. Village 11. Town 12. Jyve 13. Ant 14. Scarab Not to mention that I'm the person who is also responsible for recently updating the Jakarta website to be based on some pretty cool (IMHO) XML technologies that I came up with (Anakia). Have a wonderful day. -jon
Unsubscribe tomcat-dev
Unsubscribe tomcat-dev
Re: cvs commit:jakarta-tomcat/src/share/org/apache/tomcat/util/hooks Hooks.java
on 12/28/2000 10:42 AM, "Sam Ruby" [EMAIL PROTECTED] wrote: Jon Stevens wrote: Why does this scare me into thinking that if people start to base their code on top of this that they will be tying themselves to a single servlet engine? Isn't that something that we were trying to avoid? Correct me if I'm wrong. I see it as a good guideline, but not an iron clad rule. There is precidence for it. Take a peek at the catalina-wrapper target of the jakarta-slide project, for example. - Sam Ruby I'm still confused. Back in JServ days, we were very resistant to adding things to the container that were outside of the scope of the Servlet Spec...for example, support for servlet chaining because we wanted to maintain our stance as a supporter of the servlet spec. I guess that this has changed now. Oh well. -jon -- Honk if you love peace and quiet.
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util RecycleBufferedInputStream.java
jon 00/12/28 11:44:40 Modified:src/share/org/apache/tomcat/util Tag: tomcat_32 RecycleBufferedInputStream.java Log: I found problem that tomcat 3.2-b8 doesn't work on Kaffe VM. (probably 3.2 final is same) Error occurs at read() method in java.io.BufferedInputStream. # Maybe it's Kaffe VM's problem.(which has problem?) Kaffe developer resolved this problem in Kaffe VM. We won't need following patch for next Kaffe release. Takashi Okamoto [EMAIL PROTECTED] seems like it is not bad to have it though anyway -JSS Revision ChangesPath No revision No revision 1.2.2.1 +7 -2 jakarta-tomcat/src/share/org/apache/tomcat/util/RecycleBufferedInputStream.java Index: RecycleBufferedInputStream.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/RecycleBufferedInputStream.java,v retrieving revision 1.2 retrieving revision 1.2.2.1 diff -u -r1.2 -r1.2.2.1 --- RecycleBufferedInputStream.java 2000/06/23 02:16:30 1.2 +++ RecycleBufferedInputStream.java 2000/12/28 19:44:40 1.2.2.1 @@ -65,6 +65,11 @@ import java.util.*; import java.text.*; +/** + * This class needs javadoc. To contribute please send patches to + * the tomcat-dev + * a href="http://jakarta.apache.org/site/mail.html"mailing list/a. + */ public class RecycleBufferedInputStream extends BufferedInputStream { public RecycleBufferedInputStream( InputStream is ) { super( is ); @@ -73,12 +78,12 @@ public void setInputStream( InputStream is ) { this.count=0; this.in=is; + this.pos=0; } public void recycle() { this.in=null; this.count=0; + this.pos=0; } - - }
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/config ApacheConfig.java IISConfig.java NSConfig.java
costin 00/12/28 11:50:42 Modified:src/share/org/apache/tomcat/task StartTomcat.java Added: src/share/org/apache/tomcat/modules/config ApacheConfig.java IISConfig.java NSConfig.java Removed: src/share/org/apache/tomcat/task ApacheConfig.java IISConfig.java NSConfig.java Log: Transformed the "automatic server config" generators in modules. Those classes were an attempt to simplify the server configuration for "integrated" mode. The problem is that tomcat can add/remove applications at runtime, modules like AutoSetup can also add applications. Another problem is that users still need to edit the files. One thing is clear - the code in doesn't work as it should. By turning the generators into modules we allow access to all server hooks - it will be possible to regenerate the configs ( and maybe restart the server) when a context is added/removed, even at runtime. We'll also have more flexibility in configuring ( we can add only the generator we need, and pass the location of apache/iis/nes, etc ). The code is low-priority - if ajp1x-based autoconfiguration will work this will no longer be needed. I think there is a lot of work to be done to fully integrate with the server ( like using the native-authentication, etc), and I don't think that can be done in 3.3 timeframe - but later, as a module. I would even propose removing them completely from the 3.3 distribution, since they are not essential ( and were never completed ) Revision ChangesPath 1.9 +0 -48 jakarta-tomcat/src/share/org/apache/tomcat/task/StartTomcat.java Index: StartTomcat.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/task/StartTomcat.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- StartTomcat.java 2000/11/02 21:45:09 1.8 +++ StartTomcat.java 2000/12/28 19:50:42 1.9 @@ -94,29 +94,8 @@ } public void execute() throws Exception { - if( doHelp ) { - printUsage(); - return; - } - if( doStop ) { - org.apache.tomcat.task.StopTomcat task= - new org.apache.tomcat.task.StopTomcat(); - - task.setConfig( configFile ); - task.execute(); - return; - } - ContextManager cm=prepareContextManager(); - // XXX Make this optional, and make sure it doesn't require - // a full start. It is called after init to make sure - // auto-configured contexts are initialized. - if( doGenerateConfigs ) { - generateServerConfig( cm ); - return; - } - try { cm.start(); // start serving } @@ -188,33 +167,6 @@ public void setServerClassPath( URL urls[] ) { serverClassPath=urls; -} - -/** This method will generate Server config files that - reflect the existing cm settings. It is called - at startup, and may be called when a new context is - added ( at runtime for example ). -*/ -public static void generateServerConfig( ContextManager cm ) - throws TomcatException -{ - // Generate Apache configs - // - org.apache.tomcat.task.ApacheConfig apacheConfig= - new org.apache.tomcat.task.ApacheConfig(); - apacheConfig.execute( cm ); - - // Generate IIS configs - // - org.apache.tomcat.task.IISConfig iisConfig= - new org.apache.tomcat.task.IISConfig(); - iisConfig.execute( cm ); - - // Generate Netscape configs - // - org.apache.tomcat.task.NSConfig nsConfig= - new org.apache.tomcat.task.NSConfig(); - nsConfig.execute( cm ); } public static void printUsage() { 1.1 jakarta-tomcat/src/share/org/apache/tomcat/modules/config/ApacheConfig.java Index: ApacheConfig.java === /* * * * The Apache Software License, Version 1.1 * * Copyright (c) 1999 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright *notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in *the documentation and/or other materials provided with the *distribution. * * 3. The end-user documentation
Tomcat 4 Jasper
The version of Jasper in Tomcat 4 inherits alot of baggage from the original Jasper from 3.x. Jasper in 3.x had to support both jdk 1.1.x and required jdk 1.2 to use the SecurityManager. Since Jasper in Tomcat 4 implements JSP 1.2, the version of jasper in Tomcat 4 is required to use jdk 1.2 or greater, right? So can I remove all the support for jdk 1.1.x from the version of jasper in Tomcat 4? Regards, Glenn -- Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder| MOREnet System Programming | * if iz ina coment. | Missouri Research and Education Network | */ | --
Re: Tomcat 4 Jasper
on 12/28/2000 12:11 PM, "Glenn Nielsen" [EMAIL PROTECTED] wrote: So can I remove all the support for jdk 1.1.x from the version of jasper in Tomcat 4? +1 -jon -- Honk if you love peace and quiet.
Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util/hooksHooks.java
Jon Stevens wrote: Why does this scare me into thinking that if people start to base their code on top of this that they will be tying themselves to a single servlet engine? Isn't that something that we were trying to avoid? Correct me if I'm wrong. I see it as a good guideline, but not an iron clad rule. There is precidence for it. Take a peek at the catalina-wrapper target of the jakarta-slide project, for example. - Sam Ruby I'm still confused. Back in JServ days, we were very resistant to adding things to the container that were outside of the scope of the Servlet Spec...for example, support for servlet chaining because we wanted to maintain our stance as a supporter of the servlet spec. I guess that this has changed now. Oh well. Jon, Hooks are the basic design pattern used in tomcat3.x. Same pattern is used in apache, NES, IIS ( apache2.0 has the most flexible implementation ). The hooks are used to allow modules to control the server execution - it has nothing to do with the servlet spec ( the same way "valves" are used in 4.0 implementation ). It is not a new "feature" - I moved it to a separate class ( it used to be part of ContextManger, then Container ) in order to better expose it, since it is after all the "core" of tomcat3.x modularity. Like in Apache ( and most web servers I know ), tomcat3.x functionality is implemented in a modular way, to avoid "featurism" and keep things maintainable ( elegant, robust, etc ). Of course, someone who is implementing tomcat3 ( and tomcat3 features ) would have to use the tomcat architecture ( i.e. the 8 core objects + the hook pattern + the facade pattern ). Costin
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core BaseInterceptor.java ContextManager.java
costin 00/12/28 13:03:18 Modified:src/share/org/apache/tomcat/core BaseInterceptor.java ContextManager.java Log: Added a new hook - engineState, to notify modules of state changes in core. ( it is important since modules can do different things in different states, for example AutoConfig shouldn't add contexts until all interceptors are added) engineStart,engineStop were added in 3.3 to allow connectors to start after the server is in a stable state - engineState() is a much better hook. Revision ChangesPath 1.34 +12 -2 jakarta-tomcat/src/share/org/apache/tomcat/core/BaseInterceptor.java Index: BaseInterceptor.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/BaseInterceptor.java,v retrieving revision 1.33 retrieving revision 1.34 diff -u -r1.33 -r1.34 --- BaseInterceptor.java 2000/12/28 07:14:44 1.33 +++ BaseInterceptor.java 2000/12/28 21:03:17 1.34 @@ -301,15 +301,25 @@ { } -public void engineStart( ContextManager cm ) - throws TomcatException +public void engineStart(ContextManager cm ) + throws TomcatException { } + public void engineStop(ContextManager cm ) throws TomcatException { } + +/** Notifies the module that the server changed it's state. + * XXX this seems more flexible than init/start/stop/shutdown. + */ +public void engineState( ContextManager cm, int state ) + throws TomcatException +{ +} + // Context hooks 1.161 +20 -5 jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java Index: ContextManager.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java,v retrieving revision 1.160 retrieving revision 1.161 diff -u -r1.160 -r1.161 --- ContextManager.java 2000/12/28 01:15:38 1.160 +++ ContextManager.java 2000/12/28 21:03:17 1.161 @@ -303,6 +303,20 @@ return state; } +/** Change the state, after notifying all modules about the change + * Any error will be propagated - the server will not change the + * state and should fail if any module can't handle that. + */ +public final void setState( int state ) + throws TomcatException +{ + BaseInterceptor existingI[]=defaultContainer.getInterceptors(); + for( int i=0; iexistingI.length; i++ ) { + existingI[i].engineState( this, state ); + } + this.state=state; +} + /** * Parent loader is the "base" class loader of the * application that starts tomcat, and includes no @@ -366,7 +380,7 @@ if( state==STATE_CONFIG ) return; - // we are at least initialized, call engineInit hook + // we are at last initialized, call engineInit hook ri.engineInit( this ); // make sure the interceptor knows about all existing contexts. @@ -434,12 +448,13 @@ return; if(debug0 ) log( "Tomcat init"); + setState(STATE_INIT); + BaseInterceptor existingI[]=defaultContainer.getInterceptors(); for( int i=0; iexistingI.length; i++ ) { existingI[i].engineInit( this ); } - state=STATE_INIT; } /** Will start the connectors and begin serving requests. @@ -471,13 +486,13 @@ } // requests can be processed now - state=STATE_START; + setState(STATE_START); } /** Will stop all connectors */ -public final void stop() throws Exception { - state=STATE_INIT; // initialized, but not accepting connections +public final void stop() throws TomcatException { + setState(STATE_INIT); // initialized, but not accepting connections BaseInterceptor cI[]=defaultContainer.getInterceptors(); for( int i=0; i cI.length; i++ ) {
Feature Request
Ok, I'm just throwing this out there as a "nice to have" in the future and maybe someone (how about all those people who haven't commit anything, yet they have time to tell me what an asshole I am) might want to implement it. What would be "nice to have" is a feature where the Tomcat HTTPd had the mod_rewrite module implemented within Java. The issue being that on a live site, I use mod_rewrite to make the URL's pretty or different (or both) and I would want to have the same "feature" during development. That way, developers could use the HTTPd within Tomcat to do development and then easily move things over to having Tomcat sit behind Apache without having to require Apache during development. I know this opens a whole can of worms with regards to other Apache modules like mod_alias and such as well as the fact that we are not trying to directly compete with Apache httpd, but I figure that mod_rewrite is the one module that allows you to emulate pretty much any of the other modules that muck with URI's. thanks, -jon
cvs commit: jakarta-tomcat/src/doc/uguide tomcat-security-unix.html
glenn 00/12/28 13:59:19 Added: src/doc/uguide Tag: tomcat_32 tomcat-security-unix.html Log: SecurityManager under unix Revision ChangesPath No revision No revision 1.1.2.1 +197 -0jakarta-tomcat/src/doc/uguide/Attic/tomcat-security-unix.html
cvs commit: jakarta-tomcat/src/doc/uguide tomcat-security.html
glenn 00/12/28 13:59:35 Modified:src/doc/uguide Tag: tomcat_32 tomcat-security.html Log: SecurityManager under unix Revision ChangesPath No revision No revision 1.1.2.2 +2 -168jakarta-tomcat/src/doc/uguide/Attic/tomcat-security.html Index: tomcat-security.html === RCS file: /home/cvs/jakarta-tomcat/src/doc/uguide/Attic/tomcat-security.html,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- tomcat-security.html 2000/11/17 20:44:51 1.1.2.1 +++ tomcat-security.html 2000/12/28 21:59:34 1.1.2.2 @@ -1,6 +1,7 @@ !doctype html public "-//w3c//dtd html 4.0 transitional//en" html head + titleUsing the Java SecurityManager with Tomcat/title meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" meta name="GENERATOR" content="Mozilla/4.7 [en] (X11; I; SunOS 5.7 i86pc) [Netscape]" /head @@ -23,18 +24,11 @@ a href="#permissions"Types of Permissions/a/li li -a href="#config"Configuring Tomcat for use with a SecurityManager/a/li +a href="tomcat-security-unix.html"Tomcat SecurityManager setup with Unix/a/li li -a href="#start"Starting Tomcat with a SecurityManager/a/li - -li a href="#violation"What happens when the SecurityManager detects a Security violation?/a/li - -li -a href="#trouble"Trouble shooting tomcat.policy configuration and Security -Violations/a/li /ul h3 @@ -102,170 +96,10 @@ were running Tomcat without a SecurityManager. brnbsp; h3 -a NAME="config"/aConfiguring Tomcat for use with a SecurityManager/h3 -btomcat.policy/b -pThe security policies implemented by the Java SecurityManager are configured -in the btomcat.policy /bfile located in the tomcat conf directory.nbsp; -The tomcat.policy file replaces any system java.policy file.nbsp; The -tomcat.policy file can be edited by hand or you can use the bpolicytool -/bapplication -that comes with Java 1.2. -pEntries in the tomcat.policy file use the standard java.policy file -format as follows: -table BORDER=0 -tr -td -pre// Example policy file entry - -grant [signedBy lt;signer [,codeBase lt;code source] { -nbsp;nbsp;nbsp; permission lt;class [lt;name [, lt;action list]]; -};/pre -/td -/tr -/table -The bsignedBy/b and bcodeBase /bentries are optional when granting -permissions. Comment lines begin with // and end at a new line. -pThe codeBase is in the form of a URL and for a file URL can use the -${java.home} and ${tomcat.home} properties which are expanded out to the -directory paths defined for them. -pDefault tomcat.policy file -table BORDER=0 -tr -td -pre// Permissions for tomcat. - -// javac needs this -grant codeBase "file:${java.home}/lib/-" { -nbsp; permission java.security.AllPermission; -}; - -// Tomcat gets all permissions -grant codeBase "file:${tomcat.home}/lib/-" { -nbsp; permission java.security.AllPermission; -}; - -grant codeBase "file:${tomcat.home}/classes/-" { -nbsp; permission java.security.AllPermission; -}; - -// Example webapp policy -// By default we grant read access on webapp dir -// and read of the line.separator PropertyPermission -grant codeBase "file:${tomcat.home}/webapps/examples" { -nbsp; permission java.net.SocketPermission "localhost:1024-","listen"; -nbsp; permission java.util.PropertyPermission "*","read"; -};/pre -/td -/tr -/table - -pHere is an example where in addition to the above, we want to grant -the examples web application the ability to connect to the localhost smtp -port so that it can send mail. -table BORDER=0 -tr -td -pregrant codeBase "file:${tomcat.home}/webapps/examples" { -nbsp; permission java.net.SocketPermission "localhost:25","connect"; -nbsp; permission java.net.SocketPermission "localhost:1024","listen"; -nbsp; permission java.util.PropertyPermission "*","read"; -};/pre -/td -/tr -/table -Now what if we wanted to give all contexts not configured by their own -grant entry some default permissions in addition to what Tomcat assigns -by default. -table BORDER=0 -tr -td -pregrant { -nbsp; permission java.net.SocketPermission "localhost:1024","listen"; -nbsp; permission java.util.PropertyPermission "*","read"; -};/pre -/td -/tr -/table -Finally, a more complex tomcat.policy file.nbsp; In this case we are using -Tomcat as an app server for a number of remote web servers.nbsp; We want -to limit what remote web servers can connect to Tomcat by using the Java -SecurityManager. -brnbsp; -table BORDER=0 -tr -td -pre// Permissions for tomcat. -// javac needs this -grant codeBase "file:${java.home}/lib/-" { -nbsp; permission java.security.AllPermission; -}; - -// Tomcat with IP
cvs commit: jakarta-tomcat/src/etc tomcat.policy
glenn 00/12/28 14:11:01 Modified:src/etc Tag: tomcat_32 tomcat.policy Log: Updated for default permissions Revision ChangesPath No revision No revision 1.5.2.1 +7 -6 jakarta-tomcat/src/etc/tomcat.policy Index: tomcat.policy === RCS file: /home/cvs/jakarta-tomcat/src/etc/tomcat.policy,v retrieving revision 1.5 retrieving revision 1.5.2.1 diff -u -r1.5 -r1.5.2.1 --- tomcat.policy 2000/06/15 18:49:52 1.5 +++ tomcat.policy 2000/12/28 22:11:00 1.5.2.1 @@ -1,4 +1,4 @@ -// Additional permissions for tomcat. +// Permissions for tomcat. // javac grant codeBase "file:${java.home}/../lib/-" { @@ -14,11 +14,12 @@ permission java.security.AllPermission; }; -// Example webapp policy -// By default we grant read access on webapp dir and -// write in workdir +// Example webapp policy +// By default Tomcat grants read access on webapp dir and read of the +// line.separator, path.separator, and file.separator PropertyPermissions. +// Any permissions you grant here are in addition to the default. grant codeBase "file:${tomcat.home}/webapps/examples" { - permission java.net.SocketPermission "localhost:1024-", "listen"; - permission java.util.PropertyPermission "*", "read"; + // Allow the example web application to read all java properties + permission java.util.ProperyPermission "*", "read"; };
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/context PolicyInterceptor.java
glenn 00/12/28 14:12:11 Modified:src/share/org/apache/tomcat/context Tag: tomcat_32 PolicyInterceptor.java Log: Updated for default permissions, fix windows default FilePermission Revision ChangesPath No revision No revision 1.3.2.1 +10 -2 jakarta-tomcat/src/share/org/apache/tomcat/context/PolicyInterceptor.java Index: PolicyInterceptor.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/context/PolicyInterceptor.java,v retrieving revision 1.3 retrieving revision 1.3.2.1 diff -u -r1.3 -r1.3.2.1 --- PolicyInterceptor.java2000/06/23 02:16:18 1.3 +++ PolicyInterceptor.java2000/12/28 22:12:11 1.3.2.1 @@ -123,10 +123,18 @@ { // Add default read "-" FilePermission for docBase, classes, lib // Default per context permissions - FilePermission fp = new FilePermission(base + "/-", "read"); + FilePermission fp = new FilePermission(base + File.separator + "-", "read"); if( fp != null ) p.add((Permission)fp); - + PropertyPermission pp = new PropertyPermission("line.separator", "read"); + if( pp != null ) + p.add((Permission)pp); + pp = new PropertyPermission("file.separator", "read"); + if( pp != null ) + p.add((Permission)pp); + pp = new PropertyPermission("path.separator", "read"); + if( pp != null ) + p.add((Permission)pp); } public void contextInit( Context context)
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/facade RequestDispatcherImpl.java
glenn 00/12/28 14:13:51 Modified:src/share/org/apache/tomcat/facade Tag: tomcat_32 RequestDispatcherImpl.java Log: If SecurityManager being used, wrap forward() and include() with an AccessController.doPrivileged() Revision ChangesPath No revision No revision 1.8.2.6 +55 -0 jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/RequestDispatcherImpl.java Index: RequestDispatcherImpl.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/RequestDispatcherImpl.java,v retrieving revision 1.8.2.5 retrieving revision 1.8.2.6 diff -u -r1.8.2.5 -r1.8.2.6 --- RequestDispatcherImpl.java2000/11/09 21:18:09 1.8.2.5 +++ RequestDispatcherImpl.java2000/12/28 22:13:50 1.8.2.6 @@ -64,6 +64,7 @@ import org.apache.tomcat.util.StringManager; import java.io.*; import java.util.*; +import java.security.*; import javax.servlet.*; import javax.servlet.http.*; @@ -138,6 +139,33 @@ public void forward(ServletRequest request, ServletResponse response) throws ServletException, IOException { + if( System.getSecurityManager() != null ) { + final ServletRequest req = request; + final ServletResponse res = response; + try { + java.security.AccessController.doPrivileged( +new java.security.PrivilegedExceptionAction() +{ +public Object run() throws ServletException, IOException { + doForward(req,res); +return null; + } +} + ); + } catch( PrivilegedActionException pe) { + Exception e = pe.getException(); + if( e.getClass().getName().equals("javax.servlet.ServletException") ) + throw (ServletException)e; + throw (IOException)e; + } + } else { + doForward(request,response); + } +} + +private void doForward(ServletRequest request, ServletResponse response) +throws ServletException, IOException +{ /** We need to find the request/response. The servlet API * guarantees that we will receive the original request as parameter. */ @@ -218,6 +246,33 @@ public void include(ServletRequest request, ServletResponse response) throws ServletException, IOException +{ +if( System.getSecurityManager() != null ) { +final ServletRequest req = request; +final ServletResponse res = response; +try { +java.security.AccessController.doPrivileged( +new java.security.PrivilegedExceptionAction() +{ +public Object run() throws ServletException, IOException { +doInclude(req,res); +return null; +} +} +); +} catch( PrivilegedActionException pe) { +Exception e = pe.getException(); +if( e.getClass().getName().equals("javax.servlet.ServletException") ) +throw (ServletException)e; +throw (IOException)e; +} +} else { + doInclude(request,response); + } +} + +private void doInclude(ServletRequest request, ServletResponse response) +throws ServletException, IOException { Request realRequest = ((HttpServletRequestFacade)request). getRealRequest();
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util SessionUtil.java
glenn 00/12/28 14:15:30 Modified:src/share/org/apache/tomcat/util Tag: tomcat_32 SessionUtil.java Log: Fix generateSessionId() so it works with a SecurityManager Revision ChangesPath No revision No revision 1.5.2.3 +26 -5 jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java Index: SessionUtil.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java,v retrieving revision 1.5.2.2 retrieving revision 1.5.2.3 diff -u -r1.5.2.2 -r1.5.2.3 --- SessionUtil.java 2000/11/18 01:34:00 1.5.2.2 +++ SessionUtil.java 2000/12/28 22:15:29 1.5.2.3 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java,v 1.5.2.2 2000/11/18 01:34:00 craigmcc Exp $ - * $Revision: 1.5.2.2 $ - * $Date: 2000/11/18 01:34:00 $ + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Attic/SessionUtil.java,v 1.5.2.3 2000/12/28 22:15:29 glenn Exp $ + * $Revision: 1.5.2.3 $ + * $Date: 2000/12/28 22:15:29 $ * * * @@ -68,6 +68,7 @@ import javax.servlet.http.Cookie; import org.apache.tomcat.core.*; +import java.security.*; /** * General purpose utilities useful to codeManager/code and @@ -75,7 +76,7 @@ * * @author Craig R. McClanahan * @author Shai Fultheim [[EMAIL PROTECTED]] - * @version $Revision: 1.5.2.2 $ $Date: 2000/11/18 01:34:00 $ + * @version $Revision: 1.5.2.3 $ $Date: 2000/12/28 22:15:29 $ */ public final class SessionUtil { @@ -177,7 +178,27 @@ * Generate and return a new session identifier. */ public static String generateSessionId(String jsIdent) { -return SessionIdGenerator.generateId(jsIdent); +/** + * When using a SecurityManager and a JSP page or servlet triggers + * creation of a new session id it must be performed with the + * Permissions of this class using doPriviledged because the parent + * JSP or servlet may not have sufficient Permissions. + */ +if( System.getSecurityManager() != null ) { +class doInit implements PrivilegedAction { +private String jsIdent; +public doInit(String ident) { +jsIdent = ident; +} +public Object run() { +return SessionIdGenerator.generateId(jsIdent); +} +} +doInit di = new doInit(jsIdent); +return (String)AccessController.doPrivileged(di); +} else { +return SessionIdGenerator.generateId(jsIdent); + } } /**
Re: Feature Request
This would be way down on my list of priorities for a Jakarta project. If I needed mod_rewrite for testing I would install Apache on my local development system. Why "reinvent the wheel" just for testing. Besides, I would still want to test the stuff developed locally on Apache with mod_rewrite before putting it in production. If it has Apache dependencies, I would develop using Apache. Regards, Glenn Jon Stevens wrote: Ok, I'm just throwing this out there as a "nice to have" in the future and maybe someone (how about all those people who haven't commit anything, yet they have time to tell me what an asshole I am) might want to implement it. What would be "nice to have" is a feature where the Tomcat HTTPd had the mod_rewrite module implemented within Java. The issue being that on a live site, I use mod_rewrite to make the URL's pretty or different (or both) and I would want to have the same "feature" during development. That way, developers could use the HTTPd within Tomcat to do development and then easily move things over to having Tomcat sit behind Apache without having to require Apache during development. I know this opens a whole can of worms with regards to other Apache modules like mod_alias and such as well as the fact that we are not trying to directly compete with Apache httpd, but I figure that mod_rewrite is the one module that allows you to emulate pretty much any of the other modules that muck with URI's. thanks, -jon -- -- Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder| MOREnet System Programming | * if iz ina coment. | Missouri Research and Education Network | */ | --
Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util/hooks Hooks.java
Quoting Sam Ruby [EMAIL PROTECTED]: Jon Stevens wrote: Why does this scare me into thinking that if people start to base their code on top of this that they will be tying themselves to a single servlet engine? Isn't that something that we were trying to avoid? Correct me if I'm wrong. I see it as a good guideline, but not an iron clad rule. There is precidence for it. Take a peek at the catalina-wrapper target of the jakarta-slide project, for example. Is there a problem ? I'm just using it to build a realm implementation (so that users are no defined in two different places). Remy
Re: Feature Request
on 12/28/2000 2:25 PM, "Glenn Nielsen" [EMAIL PROTECTED] wrote: This would be way down on my list of priorities for a Jakarta project. It doesn't have to be a Jakarta Project. I never suggested that. If I needed mod_rewrite for testing I would install Apache on my local development system. Why "reinvent the wheel" just for testing. It wasn't just testing. It was development as well. If your development environment depends on certain paths that are setup through mod_rewrite, then what are you going to do? You are going to also add a requirement for Apache and therefore complicate things more. Besides, I would still want to test the stuff developed locally on Apache with mod_rewrite before putting it in production. If it has Apache dependencies, I would develop using Apache. Point being that creating a sandbox for developers where the developer has to setup and configure (or the sandbox does) an environment with both Apache and Tomcat is sometimes a more daunting task than simply running Tomcat and doing development locally with the built in Tomcat httpd. Again, right now, you can check Scarab out of CVS. Execute a build.sh script and then run Tomcat. Nothing other than an installed JDK is needed. I want to continue that AND still allow people to have mod_rewrite abilities within Tomcat without having to add an extra requirement for those people that don't want to install and run Apache. Your opinion is valid, but you aren't the only developer out there and I want to make it as easy as possible for other people to take something like Scarab and run with it without having to also install Apache and make it connect to Tomcat. love and kisses. -jon
Re: Tomcat 4 Jasper
Glenn Nielsen wrote: The version of Jasper in Tomcat 4 inherits alot of baggage from the original Jasper from 3.x. Jasper in 3.x had to support both jdk 1.1.x and required jdk 1.2 to use the SecurityManager. Since Jasper in Tomcat 4 implements JSP 1.2, the version of jasper in Tomcat 4 is required to use jdk 1.2 or greater, right? Yep. JSP 1.2 requires Servlet 2.3, which requires JDK 1.2 or later. So can I remove all the support for jdk 1.1.x from the version of jasper in Tomcat 4? Sounds fine by me. Over the longer term, I would like to see us think about making a smarter Jasper (i.e. one that generated better-performing code), as well. Regards, Glenn Craig McClanahan
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util IntrospectionUtils.java
costin 00/12/28 15:19:57 Modified:.build.xml src/share/org/apache/tomcat/context AutoSetup.java src/share/org/apache/tomcat/startup Main.java Tomcat.java src/share/org/apache/tomcat/task Expand.java src/share/org/apache/tomcat/util IntrospectionUtils.java Log: - fixed Main - now "java -jar tomcat.jar" should work ( as a replacement for the .sh files - on JDK1.1 we still need the scripts ). - moved generic introspection code to IntrospectionUtils - Expand.java is used in only one place and it's doing something trivial. It's also duplicating code from ant - there is no need to maintain a separate version. - StartTomcat is no longer needed Revision ChangesPath 1.99 +2 -0 jakarta-tomcat/build.xml Index: build.xml === RCS file: /home/cvs/jakarta-tomcat/build.xml,v retrieving revision 1.98 retrieving revision 1.99 diff -u -r1.98 -r1.99 --- build.xml 2000/12/27 17:14:57 1.98 +++ build.xml 2000/12/28 23:19:44 1.99 @@ -116,11 +116,13 @@ !-- no dependencies -- include name="org/apache/tomcat/startup/Main.java"/ include name="org/apache/tomcat/util/SimpleClassLoader.java"/ + include name="org/apache/tomcat/util/IntrospectionUtils.java"/ /javac jar jarfile="${tomcat.build}/lib/tomcat.jar" basedir="${tomcat.build}/classes" manifest="src/build/manifest" include name="org/apache/tomcat/startup/Main.class"/ include name="org/apache/tomcat/startup/Main$*.class"/ include name="org/apache/tomcat/util/SimpleClassLoader**"/ + include name="org/apache/tomcat/util/IntrospectionUtils**"/ /jar /target 1.21 +51 -16 jakarta-tomcat/src/share/org/apache/tomcat/context/AutoSetup.java Index: AutoSetup.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/context/AutoSetup.java,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- AutoSetup.java2000/12/26 23:01:07 1.20 +++ AutoSetup.java2000/12/28 23:19:47 1.21 @@ -88,7 +88,6 @@ * virtual hosts too */ public void engineStart(ContextManager cm) throws TomcatException { - super.engineInit( cm ); String home=cm.getHome(); File webappD=new File(home + "/webapps"); if (! webappD.exists() || ! webappD.isDirectory()) { @@ -96,17 +95,17 @@ return ; // nothing to set up } -Enumeration en=cm.getContexts(); -while (en.hasMoreElements()){ -Context ctx=(Context)en.nextElement(); -if( ctx.getHost()== null ) { -// this is a context that goes into the default server -// we care only about the root context for autosetup -// until we define a pattern for automatic vhost setup. -definedContexts.put( ctx.getPath(), ctx ); -if(debug0) log("Register explicit context " + ctx.getPath()); -} -} + Enumeration en=cm.getContexts(); + while (en.hasMoreElements()){ + Context ctx=(Context)en.nextElement(); + if( ctx.getHost()== null ) { + // this is a context that goes into the default server + // we care only about the root context for autosetup + // until we define a pattern for automatic vhost setup. + definedContexts.put( ctx.getPath(), ctx ); + if(debug0) log("Register explicit context " + ctx.getPath()); + } + } String[] list = webappD.list(); if( list.length==0 ) { @@ -122,11 +121,9 @@ // To update you need to "remove" the context first!!! appDir.mkdirs(); // Expand war file - Expand expand=new Expand(); - expand.setSrc( home + "/webapps/" + name ); - expand.setDest( home + "/webapps/" + fname); try { - expand.execute(); + expand(home + "/webapps/" + name, +home + "/webapps/" + fname); } catch( IOException ex) { log("expanding webapp " + name, ex); // do what ? @@ -173,6 +170,44 @@ } } } +} + +private void expand( String src, String dest) + throws IOException +{ + File srcF=new File( source); + File dir=new File( dest ); + + ZipInputStream zis = new ZipInputStream(new FileInputStream(srcF)); + ZipEntry ze = null; + + while ((ze = zis.getNextEntry()) != null) { + try { + File f = new
cvs commit: jakarta-tomcat/src/tests/share/gtest - New directory
costin 00/12/28 15:20:45 jakarta-tomcat/src/tests/share/gtest - New directory
netscape timing out
Title: netscape timing out I am using tomcat 3.2.1 release build on winnt4.0 when I use jsp:forward, IE works fine.Netscape gets timed out. % str1 = myPage.jsp; str1 = response.encodeURL(str1); % jsp:forward page='%= str1 %' / Any idea? Thanks, Jayesh
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/request JDBCRealm.java LocalStrings.properties
nacho 00/12/28 15:59:31 Modified:src/share/org/apache/tomcat/request Tag: tomcat_32 JDBCRealm.java LocalStrings.properties Log: Now is needed to have both a connectionName and a connectionPassword to use the 3 params getConnection method Thanks to David Weinrich [[EMAIL PROTECTED]] for catch this Revision ChangesPath No revision No revision 1.9.2.5 +35 -37 jakarta-tomcat/src/share/org/apache/tomcat/request/JDBCRealm.java Index: JDBCRealm.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/JDBCRealm.java,v retrieving revision 1.9.2.4 retrieving revision 1.9.2.5 diff -u -r1.9.2.4 -r1.9.2.5 --- JDBCRealm.java2000/12/10 23:36:45 1.9.2.4 +++ JDBCRealm.java2000/12/28 23:59:31 1.9.2.5 @@ -282,17 +282,9 @@ public synchronized boolean authenticate(String username, String credentials) { try { -// Establish the database connection if necessary -if ((dbConnection == null) || dbConnection.isClosed()) { -log(sm.getString("jdbcRealm.authDBClosed")); -dbConnection = DriverManager.getConnection(connectionURL); -if( (dbConnection == null) || dbConnection.isClosed() ) { -log(sm.getString("jdbcRealm.authDBReOpenFail")); -return false; -} -dbConnection.setReadOnly(true); +if (!checkConnection()) { +return false; } - // Create the authentication search prepared statement if necessary if (preparedAuthenticate == null) { String sql = "SELECT " + userCredCol + " FROM " + userTable + @@ -352,15 +344,8 @@ public synchronized String[] getUserRoles(String username) { try { - if( (dbConnection == null) || dbConnection.isClosed() ) { -log(sm.getString("jdbcRealm.getUserRolesDBClosed")); - -dbConnection = DriverManager.getConnection(connectionURL); - -if( dbConnection == null || dbConnection.isClosed() ) { - log(sm.getString("jdbcRealm.getUserRolesDBReOpenFail")); - return null; -} + if( !checkConnection()) { +return null; } if (preparedRoles == null) { String sql = "SELECT " + roleNameCol + " FROM " + @@ -419,25 +404,8 @@ public void contextInit(Context ctx) throws org.apache.tomcat.core.TomcatException { // Validate and update our current component state - if (!started) { + if (!started checkConnection() ) { started = true; - try { -Class.forName(driverName); -if ((connectionName == null || connectionName.equals("")) -(connectionPassword == null || connectionPassword.equals(""))) { -dbConnection = DriverManager.getConnection(connectionURL); -} else { -dbConnection = DriverManager.getConnection(connectionURL, - connectionName, - connectionPassword); -} - } - catch( ClassNotFoundException ex ) { -throw new RuntimeException("JDBCRealm.start.readXml: " + ex); - } - catch( SQLException ex ) { -throw new RuntimeException("JDBCRealm.start.readXml: " + ex); - } } } @@ -445,6 +413,7 @@ throws org.apache.tomcat.core.TomcatException { // Validate and update our current component state if (started) { +started=false; if( dbConnection != null ) { try { dbConnection.close(); @@ -529,6 +498,35 @@ } return 401; //HttpServletResponse.SC_UNAUTHORIZED // XXX check transport +} + +private boolean checkConnection(){ +try { +if( (dbConnection == null) || dbConnection.isClosed() ) { +Class.forName(driverName); +log(sm.getString("jdbcRealm.checkConnectionDBClosed")); +if ((connectionName == null || connectionName.equals("")) || +(connectionPassword == null || connectionPassword.equals(""))) { +dbConnection = DriverManager.getConnection(connectionURL); +} else { +dbConnection = DriverManager.getConnection(connectionURL, + connectionName, +
Re: Feature Request
Is this not already an action item for catalina?? (RewriteValve) Dave --- Jon Stevens [EMAIL PROTECTED] wrote: on 12/28/2000 2:25 PM, "Glenn Nielsen" [EMAIL PROTECTED] wrote: This would be way down on my list of priorities for a Jakarta project. It doesn't have to be a Jakarta Project. I never suggested that. If I needed mod_rewrite for testing I would install Apache on my local development system. Why "reinvent the wheel" just for testing. It wasn't just testing. It was development as well. If your development environment depends on certain paths that are setup through mod_rewrite, then what are you going to do? You are going to also add a requirement for Apache and therefore complicate things more. Besides, I would still want to test the stuff developed locally on Apache with mod_rewrite before putting it in production. If it has Apache dependencies, I would develop using Apache. Point being that creating a sandbox for developers where the developer has to setup and configure (or the sandbox does) an environment with both Apache and Tomcat is sometimes a more daunting task than simply running Tomcat and doing development locally with the built in Tomcat httpd. Again, right now, you can check Scarab out of CVS. Execute a build.sh script and then run Tomcat. Nothing other than an installed JDK is needed. I want to continue that AND still allow people to have mod_rewrite abilities within Tomcat without having to add an extra requirement for those people that don't want to install and run Apache. Your opinion is valid, but you aren't the only developer out there and I want to make it as easy as possible for other people to take something like Scarab and run with it without having to also install Apache and make it connect to Tomcat. love and kisses. -jon __ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/
cvs commit: jakarta-tomcat/src/etc/users - New directory
costin 00/12/28 16:24:40 jakarta-tomcat/src/etc/users - New directory
Licensing / Source Question
In the course of some work I've been doing on Tomcat, I've been thinking about using a Thread Pool. There is currently a bunch of code doing this in both TC 3 and TC 4, but, no surprise, it's extremely difficult to understand and/or extend. Doug Lea, author of Concurrent Programming in Java, has written a set of concurrency utility classes, including a very nice-looking ThreadPool ("PooledExecutor") implementation, and some good "Channels" for communication between threads. He documents these at: http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/concurrent/intro.html I'm interested in using his code, but I'm not sure if it can be included in the TC source. Here's what he says about the license: "All classes are released to the public domain and may be used for any purpose whatsoever without permission or acknowledgment." My suspicion would be that we couldn't bundle up his code as part of a TC download, but I'm not totally clear. Can anyone help me understand this? Thanks, -Dan -- Dan Milstein // [EMAIL PROTECTED]
cvs commit: jakarta-tomcat/src/tests/webpages/WEB-INF test-tomcat.xml
costin 00/12/28 16:33:15 Modified:src/etc server.xml src/share/org/apache/tomcat/request SimpleRealm.java Added: src/etc/users admin-users.xml example-users.xml global-users.xml tomcat-users.xml src/tests/webpages/WEB-INF test-tomcat.xml Removed: src/etc admin-users.xml example-users.xml global-users.xml tomcat-users.xml src/etc/ant test-tomcat.xml Log: More cleanup. The sanity-test application is now separated ( no more polution on the tomcat distribution ). I'll update the ant file to run it in the new structure. Simple-user realms are grouped under conf/users ( they are not intended for production mode anyway - use JdbcRealm or JAAS ). Revision ChangesPath 1.57 +3 -3 jakarta-tomcat/src/etc/server.xml Index: server.xml === RCS file: /home/cvs/jakarta-tomcat/src/etc/server.xml,v retrieving revision 1.56 retrieving revision 1.57 diff -u -r1.56 -r1.57 --- server.xml2000/12/27 19:52:50 1.56 +++ server.xml2000/12/29 00:33:13 1.57 @@ -199,7 +199,7 @@ -- RequestInterceptor className="org.apache.tomcat.request.SimpleRealm" -filename="conf/global-users.xml" +filename="conf/users/global-users.xml" debug="0" / !-- UnComment the following and comment out the @@ -306,7 +306,7 @@ reloadable="true" RequestInterceptor className="org.apache.tomcat.request.SimpleRealm" - filename="conf/example-users.xml" + filename="conf/users/example-users.xml" debug="0" / Logger name="example_tc_log" path="logs/examples.log" @@ -333,7 +333,7 @@ trusted="false" RequestInterceptor className="org.apache.tomcat.request.SimpleRealm" -filename="conf/admin-users.xml" +filename="conf/users/admin-users.xml" debug="0" / /Context 1.1 jakarta-tomcat/src/etc/users/admin-users.xml Index: admin-users.xml === tomcat-users user name="admin" password="changethis" roles="tomcat_admin,tomcat,role1" / /tomcat-users 1.1 jakarta-tomcat/src/etc/users/example-users.xml Index: example-users.xml === tomcat-users user name="tomcat" password="tomcat" roles="tomcat" / user name="role1" password="tomcat" roles="role1" / user name="both" password="tomcat" roles="tomcat,role1" / /tomcat-users 1.1 jakarta-tomcat/src/etc/users/global-users.xml Index: global-users.xml === tomcat-users user name="root" password="changethis" roles="tomcat,role1,tomcat_admin,tomcat_root" / /tomcat-users 1.1 jakarta-tomcat/src/etc/users/tomcat-users.xml Index: tomcat-users.xml === tomcat-users user name="tomcat" password="tomcat" roles="tomcat" / user name="role1" password="tomcat" roles="role1" / user name="both" password="tomcat" roles="tomcat,role1" / /tomcat-users 1.19 +3 -3 jakarta-tomcat/src/share/org/apache/tomcat/request/SimpleRealm.java Index: SimpleRealm.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/SimpleRealm.java,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- SimpleRealm.java 2000/12/28 01:57:41 1.18 +++ SimpleRealm.java 2000/12/29 00:33:15 1.19 @@ -76,7 +76,7 @@ * an xml file. The file is fully read in memory when the context is * initialized. * - * The default file is TOMCAT_HOME/conf/tomcat-users.xml. You can + * The default file is TOMCAT_HOME/conf/users/tomcat-users.xml. You can * change it, and you can also set this module as a per context * interceptor, so that each module have it's own realm. * @@ -93,7 +93,7 @@ int userNote=-1; int passwordNote=-1; -String filename="/conf/tomcat-users.xml"; +String filename="/conf/users/tomcat-users.xml"; public SimpleRealm() { @@ -241,7 +241,7 @@ if (filename != null) f=new File( home + File.separator + filename ); else -f=new File( home + "/conf/tomcat-users.xml"); +f=new File( home + "/conf/users/tomcat-users.xml"); if( !
Session Serialize code
Hi Costin, As discussed a week ago, someone took out Jon's code to serialize session from 3.3. That code was part of 3.2 but does not exist in 3.3. Could you please add it back into ServerSession?? As proposed by you I'm working on "SerializableSession" module, and I need that piece of code to serialize sessions. (Functions: writeObject, readObject) Thx. Shai Fultheim Chief Technology Officer BRM Group E-Mail: [EMAIL PROTECTED] Mobile: 972-53-866-459 Office: 972-2-5891-459
Re: Feature Request
Jon Stevens wrote: on 12/28/2000 2:25 PM, "Glenn Nielsen" [EMAIL PROTECTED] wrote: This would be way down on my list of priorities for a Jakarta project. It doesn't have to be a Jakarta Project. I never suggested that. If I needed mod_rewrite for testing I would install Apache on my local development system. Why "reinvent the wheel" just for testing. It wasn't just testing. It was development as well. If your development environment depends on certain paths that are setup through mod_rewrite, then what are you going to do? You are going to also add a requirement for Apache and therefore complicate things more. Besides, I would still want to test the stuff developed locally on Apache with mod_rewrite before putting it in production. If it has Apache dependencies, I would develop using Apache. Point being that creating a sandbox for developers where the developer has to setup and configure (or the sandbox does) an environment with both Apache and Tomcat is sometimes a more daunting task than simply running Tomcat and doing development locally with the built in Tomcat httpd. Again, right now, you can check Scarab out of CVS. Execute a build.sh script and then run Tomcat. Nothing other than an installed JDK is needed. I want to continue that AND still allow people to have mod_rewrite abilities within Tomcat without having to add an extra requirement for those people that don't want to install and run Apache. Your opinion is valid, but you aren't the only developer out there and I want to make it as easy as possible for other people to take something like Scarab and run with it without having to also install Apache and make it connect to Tomcat. love and kisses. -jon Apache mod_rewrite is very cool, it comes in handy at times. Your feature request didn't contain much justifiying why it was needed. I'm sure you have your reasons, go for it. hugs pats on the back -glenn -- Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder| MOREnet System Programming | * if iz ina coment. | Missouri Research and Education Network | */ | --
JMX to build TC 4.0 m5
Hi, developers! I need JMX implementation to build TC 4.0 But I cannot download it from Sun in our country. Please send me it. Thanks, Kim
Re: Url Encoding/Decoding and static resources
Here is the patch for Tomcat 3.2.x, turned out to be fairly straightforward, but again there may be a better place to put this fix and there may be security issues I hadn't considered...Thanks again! David Weinrich --- FileUtil.java Thu Dec 28 19:19:43 2000 +++ FileUtilEd.java Thu Dec 28 19:20:14 2000 @@ -281,6 +281,11 @@ } patchPath = sb.toString(); } + +if ( patchPath.indexOf( '%' ) != -1 ) { // contains encoded data + patchPath = RequestUtil.URLDecode( patchPath ); +} + return patchPath; }
RE: Session Serialize code
I'll check in the fix tommorow - the HttpSessionBindingEvent and session reloading should go into the facade22 module. I was thinking about this - does it make sense to keep the session code in the core ? It seems to me that maintaining an object store is orthogonal to the http functionality - all that's needed in core is management of the session IDs ( create, encode in cookies/urls, etc ) - while the actual store shouldn't be part of the core. I'll try to find a way to decouple that even more than it is today, probably that would help anyone who is working on advanced session management as it'll make it independent of tomcat ( or server container ). Costin I can't see ServerSession.writeObject (and readObject) there. You must have code which is ServerSession aware, since SeverSession member ssm (point to its manager) is not serializeable. Here is jon's original code (3.2.1): This must be fixed to be 3.3 compatible. I can do that (it's really easy), but I don't know how to handle the HttpSessionBindingEvent (in writeObject) below (It seems that ServerSession can't cast to HttpSession). Please let me know if you think this is un-needed. /** * Read a serialized version of this session object from the specified * object input stream. * p * bIMPLEMENTATION NOTE/b: The reference to the owning Manager * is not restored by this method, and must be set explicitly. * * @param stream The input stream to read from * * @exception ClassNotFoundException if an unknown class is specified * @exception IOException if an input/output error occurs */ private void readObject(ObjectInputStream stream) throws ClassNotFoundException, IOException { // Deserialize the scalar instance variables (except Manager) creationTime = ((Long) stream.readObject()).longValue(); id = (String) stream.readObject(); lastAccessedTime = ((Long) stream.readObject()).longValue(); thisAccessedTime = ((Long) stream.readObject()).longValue(); maxInactiveInterval = ((Integer) stream.readObject()).intValue(); isNew = ((Boolean) stream.readObject()).booleanValue(); isValid = ((Boolean) stream.readObject()).booleanValue(); attributes = (Hashtable) stream.readObject(); } /** * Write a serialized version of this session object to the specified * object output stream. * p * bIMPLEMENTATION NOTE/b: The owning Manager will not be stored * in the serialized representation of this Session. After calling * codereadObject()/code, you must set the associated Manager * explicitly. * p * bIMPLEMENTATION NOTE/b: Any attribute that is not Serializable * will be silently ignored. If you do not want any such attributes, * be sure the codedistributable/code property of our associated * Manager is set to codetrue/code. * p * bIMPLEMENTATION NOTE/b: If we can't serialize the object stored in * the session, then check to see if it implements * HttpSessionBindingListener and then call its * valueUnbound method, allowing it to save its state * correctly instead of just being lost into the etherworld * * @param stream The output stream to write to * * @exception IOException if an input/output error occurs */ private void writeObject(ObjectOutputStream stream) throws IOException { // Write the scalar instance variables (except Manager) stream.writeObject(new Long(creationTime)); stream.writeObject(id); stream.writeObject(new Long(lastAccessedTime)); stream.writeObject(new Long(thisAccessedTime)); stream.writeObject(new Integer(maxInactiveInterval)); stream.writeObject(new Boolean(isNew)); stream.writeObject(new Boolean(isValid)); if (attributes.size() 0) { // Accumulate the names of serializable attributes Hashtable results = new Hashtable(attributes.size()); for (Enumeration e = attributes.keys(); e.hasMoreElements() ; ) { String key = (String) e.nextElement(); Object value = attributes.get(key); if (value instanceof Serializable) { results.put(key, value); } // if we can't serialize the object stored in // the session, then check to see if it implements // HttpSessionBindingListener and then call its // valueUnbound method, allowing it to save its state
Re: Feature Request
on 12/28/2000 5:28 PM, "Glenn Nielsen" [EMAIL PROTECTED] wrote: Apache mod_rewrite is very cool, it comes in handy at times. Your feature request didn't contain much justifiying why it was needed. I'm sure you have your reasons, go for it. I thought its "cool"ness clearly justifies it. love and hugs. -jon - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: JMX to build TC 4.0 m5
on 12/28/2000 5:52 PM, "Pilho Kim" [EMAIL PROTECTED] wrote: Hi, developers! I need JMX implementation to build TC 4.0 But I cannot download it from Sun in our country. Please send me it. Thanks, Kim Wouldn't that also mean that you shouldn't be downloading Tomcat as well? What exactly *is* that restriction on JMX for? It isn't like it is nuclear secrets or anything. -jon - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: Licensing / Source Question
on 12/28/2000 9:27 PM, "James Duncan Davidson" [EMAIL PROTECTED] wrote: However, if you do what Jon suggests and check in a .jar file with the compiled classes, things should be ok. I just can't wait to hear Craig and Sam yell at us for doing so though. :-) -jon -- Honk if you love peace and quiet. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: Licensing / Source Question
Hi Dan, In the course of some work I've been doing on Tomcat, I've been thinking about using a Thread Pool. There is currently a bunch of code doing this in both TC 3 and TC 4, but, no surprise, it's extremely difficult to understand and/or extend. Well, it is a big surprise - I thought TC 4 is perfect, only TC 3 is difficult to understand and need refactorings :-) Doug Lea, author of Concurrent Programming in Java, has written a set of concurrency utility classes, including a very nice-looking ThreadPool ("PooledExecutor") implementation, and some good "Channels" for communication between threads. He documents these at: I looked at the code - it's really nice. And what got me really excited was that by using it more code could be shared and reused in 3.x and 4.x - as long as both use a common collection of shared utilities it'll make my life much easier ( and not only mine ). Now, for the negative side: - it's not JDK1.1 - but that's not a big problem, as long as the old thread pool and modules are around for the poor souls using 1.1. Since they use Runnable it'll be easy to use the old pools for 1.1 and the new code for 1.2+ - do you want to check in all the code ? It isn't bad, but maybe it would be a better idea to check in only a subset - or move the utils in a different top-level directory. - maybe an idea would be to ask the author - maybe he would like to contribute it as Apache code. - my feeling is that as functionality it doesn't do much more than the current thread pools - and one thing less. The interface used in TC3 pools ( ThreadPoolRunnable ) allow to maintain and pass some per/thread data, that allow better recycling the objects. The alternative is to use object pools, but that may be a bit slower ( just a bit - so it's not a big problem either). Costin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]