date:20021009


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13014.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13014

OS/390/USS - Invalid url-pattern  in servlet mapping





--- Additional Comments From [EMAIL PROTECTED]  2002-10-09 06:27 ---
The idea is that maybe no member of the dev team has access to the appropriate
machine and can reproduce this.

The offending code looks like the StandardContext.validateURLPattern method (I
have no idea what is wrong with it, though):

private boolean validateURLPattern(String urlPattern) {

if (urlPattern == null)
return (false);
if (urlPattern.startsWith(*.)) {
if (urlPattern.indexOf('/')  0)
return (true);
else
return (false);
}
if (urlPattern.startsWith(/))
return (true);
else
return (false);

}

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

apps conversion from 3.3.1 to 4.1.12


Hi to all,

While converting some applications from 3.3.1 to 4.1.12 I noticed
some little problems.

1) We used to define our own default servlet, but 4.1.x
definie its own default in conf/web.xml.

Could we change from org.apache.catalina.servlets.DefaultServlet
to our actual default servlet, knowing that all webapps use the
same code base ? In that case should the jar containing the
default servlet could be in common/lib ?

2) We also used to include external entities in web.xml which live
outside webapp dir :

ie :

?xml version=1.0 encoding=ISO-8859-1?
!DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 
2.2//EN
  http://java.sun.com/j2ee/dtds/web-app_2.2.dtd; [
!ENTITY % settings SYSTEM ../../../settings.xml %settings;
]

...

Digester find settings.xml only when it's located in WEB-INF or
webapp directories (ie ROOT/WEB-INF/settings.xml or ROOT/settings.xml).

How could I make it find the settings.xml outside webapps area ?
via conf/catalina.policy ?


Thanks for you help.



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: apps conversion from 3.3.1 to 4.1.12


Henri Gomez wrote:
 Hi to all,
 
 While converting some applications from 3.3.1 to 4.1.12 I noticed
 some little problems.
 
 1) We used to define our own default servlet, but 4.1.x
definie its own default in conf/web.xml.
 
Could we change from org.apache.catalina.servlets.DefaultServlet
to our actual default servlet, knowing that all webapps use the
same code base ? In that case should the jar containing the
default servlet could be in common/lib ?

AFAIK, yes. You should be able to put it in shared/lib.
The webapp settings also override the global settings.

 2) We also used to include external entities in web.xml which live
outside webapp dir :
 
ie :
 
 ?xml version=1.0 encoding=ISO-8859-1?
 !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 
 2.2//EN
  http://java.sun.com/j2ee/dtds/web-app_2.2.dtd; [
 !ENTITY % settings SYSTEM ../../../settings.xml %settings;
 ]
 
 ...
 
 Digester find settings.xml only when it's located in WEB-INF or
 webapp directories (ie ROOT/WEB-INF/settings.xml or ROOT/settings.xml).
 
 How could I make it find the settings.xml outside webapps area ?
 via conf/catalina.policy ?

This is likely the protection against reading anything outside the 
webapp root (see the allowLinking of FileDirContext), although I don't 
know how the digester will try to load the included file.

Remy


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

DO NOT REPLY [Bug 13014] - OS/390/USS - Invalid url-pattern in servlet mapping


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13014.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13014

OS/390/USS - Invalid url-pattern  in servlet mapping





--- Additional Comments From [EMAIL PROTECTED]  2002-10-09 06:52 ---
Remy,
How can I help in correcting this bug ?
I am no Java programmer.
It is clumsy but can you give me instructions that I can
carry out at my end to correct it ?
My machine is currently running OS/390 v2.10 64 bit mode.
and IBM SDK 1.3.1 going to 1.4 soon.

Joseph

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-connectors/jk/java/org/apache/jk/common ChannelSocket.java

2002-10-09 Thread hgomez


hgomez  2002/10/08 23:58:31

  Modified:jk/java/org/apache/jk/common ChannelSocket.java
  Log:
  tcpnodelay to true by default, but could be turned off by 
  setting tcpnodelay=false from outside (howto in server.xml ?)
  
  Revision  ChangesPath
  1.23  +3 -3  
jakarta-tomcat-connectors/jk/java/org/apache/jk/common/ChannelSocket.java
  
  Index: ChannelSocket.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-connectors/jk/java/org/apache/jk/common/ChannelSocket.java,v
  retrieving revision 1.22
  retrieving revision 1.23
  diff -u -r1.22 -r1.23
  --- ChannelSocket.java4 Oct 2002 23:33:14 -   1.22
  +++ ChannelSocket.java9 Oct 2002 06:58:31 -   1.23
  @@ -105,7 +105,7 @@
   int port=startPort;
   InetAddress inet;
   int serverTimeout;
  -boolean tcpNoDelay=false;
  +boolean tcpNoDelay=true; // nodelay to true by default
   int linger=100;
   int socketTimeout;
   
  @@ -259,8 +259,8 @@
   s.setSoLinger( true, linger);
   if( socketTimeout  0 ) 
   s.setSoTimeout( socketTimeout );
  -if( tcpNoDelay )
  -s.setTcpNoDelay( true );
  +
  +s.setTcpNoDelay( tcpNoDelay ); // set socket tcpnodelay state
   
   requestCount++;
   
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: apps conversion from 3.3.1 to 4.1.12


Remy Maucherat wrote:
 Henri Gomez wrote:
 
 Hi to all,

 While converting some applications from 3.3.1 to 4.1.12 I noticed
 some little problems.

 1) We used to define our own default servlet, but 4.1.x
definie its own default in conf/web.xml.

Could we change from org.apache.catalina.servlets.DefaultServlet
to our actual default servlet, knowing that all webapps use the
same code base ? In that case should the jar containing the
default servlet could be in common/lib ?
 
 
 AFAIK, yes. You should be able to put it in shared/lib.
 The webapp settings also override the global settings.

Great.

 2) We also used to include external entities in web.xml which live
outside webapp dir :

ie :

 ?xml version=1.0 encoding=ISO-8859-1?
 !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web 
 Application 2.2//EN
  
 http://java.sun.com/j2ee/dtds/web-app_2.2.dtd; [
 !ENTITY % settings SYSTEM ../../../settings.xml %settings;
 ]

 ...

 Digester find settings.xml only when it's located in WEB-INF or
 webapp directories (ie ROOT/WEB-INF/settings.xml or ROOT/settings.xml).

 How could I make it find the settings.xml outside webapps area ?
 via conf/catalina.policy ?
 
 
 This is likely the protection against reading anything outside the 
 webapp root (see the allowLinking of FileDirContext), although I don't 
 know how the digester will try to load the included file.

I'll check for it, thanks.




--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: cvs commit: jakarta-tomcat-connectors/jk/java/org/apache/jk/commonChannelSocket.java


[EMAIL PROTECTED] wrote:
 hgomez  2002/10/08 23:58:31
 
   Modified:jk/java/org/apache/jk/common ChannelSocket.java
   Log:
   tcpnodelay to true by default, but could be turned off by 
 

Only ChannelSocket need to be updated.

Ajp14Interceptor allready called tcpnodelay(true), and
other java parts set tcpdelay var to true by default.

Regards



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

DO NOT REPLY [Bug 13014] - OS/390/USS - Invalid url-pattern in servlet mapping


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13014.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13014

OS/390/USS - Invalid url-pattern  in servlet mapping





--- Additional Comments From [EMAIL PROTECTED]  2002-10-09 07:13 ---
I posted the apparently offending code to see if anyone would have an idea (I
don't). It would look like the test .startsWith(/) is failing.

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: apps conversion from 3.3.1 to 4.1.12

2002-10-09 Thread Bill Barker

- Original Message -
From: Henri Gomez [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, October 08, 2002 11:33 PM
Subject: apps conversion from 3.3.1 to 4.1.12

 Hi to all,

 While converting some applications from 3.3.1 to 4.1.12 I noticed
 some little problems.

Wot? 3.3.1 isn't good enough for you any more. ;-)

 1) We used to define our own default servlet, but 4.1.x
 definie its own default in conf/web.xml.

 Could we change from org.apache.catalina.servlets.DefaultServlet
 to our actual default servlet, knowing that all webapps use the
 same code base ? In that case should the jar containing the
 default servlet could be in common/lib ?

Without testing, in theory you can put your jar in common/lib, and change
the classname for default in conf/web.xml and the only bugs will be yours.
:)  Note, that this is more than you can do with 3.3.1.

 2) We also used to include external entities in web.xml which live
 outside webapp dir :

 ie :

 ?xml version=1.0 encoding=ISO-8859-1?
 !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application
 2.2//EN
   http://java.sun.com/j2ee/dtds/web-app_2.2.dtd;
[
 !ENTITY % settings SYSTEM ../../../settings.xml %settings;
 ]

 ...

 Digester find settings.xml only when it's located in WEB-INF or
 webapp directories (ie ROOT/WEB-INF/settings.xml or ROOT/settings.xml).

 How could I make it find the settings.xml outside webapps area ?
 via conf/catalina.policy ?

This has always been a headache for me on all Tomcat versions.  However, I
don't think that internal-entities can be used at all (usefully).

 Thanks for you help.

 --
 To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
 For additional commands, e-mail:
mailto:[EMAIL PROTECTED]

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

UML Class Diagram

2002-10-09 Thread Budi Kurniawan


Hi,
I was wondering if I can get the Catalina class diagram to help me
understand how it works, or if it is available
online.

Thanks,
budi


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

DO NOT REPLY [Bug 13443] New: - request.getRequestURI() problem with jsp:include tag


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13443.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13443

request.getRequestURI() problem with jsp:include tag

   Summary: request.getRequestURI() problem with jsp:include tag
   Product: Tomcat 4
   Version: 4.1.12
  Platform: PC
OS/Version: Windows NT/2K
Status: NEW
  Severity: Major
  Priority: Other
 Component: Unknown
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


the script:
file test.jsp:
jsp:include page=include.jsp flush=true
%=request.getRequestURI()%br /
%=request.getRequestURL()%

file include.jsp:
psimple text/p

When I run test.jsp, instead of writing the good URI and URL (with the path to 
file), it writes piece of headers like :E HTML PUBLIC -//W3C

It works well only if the test.jsp file is forwarded by a servlet.
In the other cases, inserting a code like %request.getRequestURI();% resolve 
the problem.

It seems that this bug doesn't appear in Tomcat 4.0.x release

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core DummyRequest.java DummyResponse.java ApplicationContext.java StandardWrapper.java MappingRequest.java


remm2002/10/09 01:01:12

  Modified:catalina/src/share/org/apache/catalina/core
ApplicationContext.java StandardWrapper.java
  Added:   catalina/src/share/org/apache/catalina/core
DummyRequest.java DummyResponse.java
  Removed: catalina/src/share/org/apache/catalina/core
MappingRequest.java
  Log:
  - Remove dependency on deprecated components.
  
  Revision  ChangesPath
  1.3   +6 -12 
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationContext.java
  
  Index: ApplicationContext.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationContext.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- ApplicationContext.java   5 Sep 2002 12:06:08 -   1.2
  +++ ApplicationContext.java   9 Oct 2002 08:01:11 -   1.3
  @@ -149,7 +149,7 @@
   }
   
   public Object run() {
  -HttpRequest request = new MappingRequest
  +HttpRequest request = new DummyRequest
   (context.getPath(), contextPath + relativeURI, queryString);
   Wrapper wrapper = (Wrapper) context.map(request, true);
   if (wrapper == null)
  @@ -604,14 +604,8 @@
   
   // The remaining code is duplicated in PrivilegedGetRequestDispatcher,
   // we need to make sure they stay in sync
  -HttpRequest request = new MappingRequest
  +HttpRequest request = new DummyRequest
   (context.getPath(), contextPath + relativeURI, queryString);
  -/*
  -request.setContext(context);
  -request.setContextPath(context.getPath());
  -request.setRequestURI(contextPath + relativeURI);
  -request.setQueryString(queryString);
  -*/
   Wrapper wrapper = (Wrapper) context.map(request, true);
   if (wrapper == null)
   return (null);
  
  
  
  1.5   +6 -8  
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardWrapper.java
  
  Index: StandardWrapper.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardWrapper.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- StandardWrapper.java  27 Sep 2002 07:13:05 -  1.4
  +++ StandardWrapper.java  9 Oct 2002 08:01:11 -   1.5
  @@ -93,8 +93,6 @@
   import org.apache.catalina.Wrapper;
   import javax.servlet.ServletRequest;
   import javax.servlet.ServletResponse;
  -import org.apache.catalina.connector.HttpRequestBase;
  -import org.apache.catalina.connector.HttpResponseBase;
   import org.apache.catalina.loader.StandardClassLoader;
   import org.apache.catalina.util.Enumerator;
   import org.apache.catalina.util.InstanceSupport;
  @@ -941,10 +939,10 @@
   // Invoke jspInit on JSP pages
   if ((loadOnStartup = 0)  (jspFile != null)) {
   // Invoking jspInit
  -HttpRequestBase req = new HttpRequestBase();
  -HttpResponseBase res = new HttpResponseBase();
  +DummyRequest req = new DummyRequest();
   req.setServletPath(jspFile);
   req.setQueryString(jsp_precompile=true);
  +DummyResponse res = new DummyResponse();
   
   if( System.getSecurityManager() != null) {
   Class[] classType = new Class[]{ServletRequest.class, 
  
  
  
  1.1  
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/DummyRequest.java
  
  Index: DummyRequest.java
  ===
  /*
   * $Header: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/DummyRequest.java,v
 1.1 2002/10/09 08:01:11 remm Exp $
   * $Revision: 1.1 $
   * $Date: 2002/10/09 08:01:11 $
   *
   * 
   *
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *notice, this list of conditions and the following disclaimer in
   *the documentation and/or other materials provided with the
   *distribution.
   *
   * 3. The

DO NOT REPLY [Bug 13445] New: - Installing without the examples makes Tomcat startup fail


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13445.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13445

Installing without the examples makes Tomcat startup fail

   Summary: Installing without the examples makes Tomcat startup
fail
   Product: Tomcat 4
   Version: 4.1.12
  Platform: PC
OS/Version: Windows NT/2K
Status: NEW
  Severity: Minor
  Priority: Other
 Component: Catalina
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


Using Sun JDK and JRE 1.4.1. Using jakarta-tomcat-4.1.12.exe not the Light
Edition. Everything is installed in default directories. The only change I make
is that I don't select the Example Web Applications when given the choice
under the install.

After installing and setting the JAVA_HOME variable, I try to start it and I get
this error:

java.lang.IllegalArgumentException: Document base C:\Programmer\Apache
Group\Tomcat 4.1\webapps\examples does not exist or is not a readable directory
at
org.apache.naming.resources.FileDirContext.setDocBase(FileDirContext.java:193)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:3397)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1188)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:738)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1188)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:347)
at org.apache.catalina.core.StandardService.start(StandardService.java:497)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:2189)
at org.apache.catalina.startup.Catalina.start(Catalina.java:510)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:400)
at org.apache.catalina.startup.Catalina.process(Catalina.java:180)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203)

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

DO NOT REPLY [Bug 13445] - Installing without the examples makes Tomcat startup fail


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13445.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13445

Installing without the examples makes Tomcat startup fail

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||WONTFIX



--- Additional Comments From [EMAIL PROTECTED]  2002-10-09 09:08 ---
Well, yes, sorry, this is a limitation of the updated and less hackish
installer. Edit server.xml to fix it.
The bug which causes Tomcat to crash on startup in that particular case has been
fixed (so in 4.1.13, you'll get an error in the logs, but nothing more serious).

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

[5.0] [VOTE] Remove deprecated and unsupported components


The connectors which depend on the org.apache.catalina.connector package 
(including JK 1, webapp, and the old HTTP connectors) will either need 
to be updated or removed. The Coyote family of connectors is well 
supported and provides a suitable replacement (IMO). Coyote is the 
default connector in the current Tomcat 4.1.x releases, and should be 
reaching maturity by the time Tomcat 5 is released.

I'd like to remove the deprecated org.apache.catalina.connector classes 
(and move the remaining facade and wrapper classes to other new packages).

Even if they are removed from the main tree, the deprecated components 
could also be distributed with updated versions of the affected 
connectors should it is decided they should be made available for Tomcat 
5 (but in any case, some work will be needed).

ballot
[ ] Remove deprecated org.apache.catalina.connector components from the 
j-t-catalina module
[ ] Leave them in
/ballot

In case the second option is voted, volunteers will be needed to update 
and maintain the components (right now, I don't think the connectors 
based on them would even build against the new API).

Remy


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

DO NOT REPLY [Bug 13446] New: - Invalide error page with request attribute.


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13446.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13446

Invalide error page with request attribute.

   Summary: Invalide error page with request attribute.
   Product: Tomcat 4
   Version: 4.0.1 Final
  Platform: PC
OS/Version: Windows NT/2K
Status: NEW
  Severity: Normal
  Priority: Other
 Component: Catalina
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


In a servlet, i want to forward to a JSP error page. For transmit the current 
exception, i set the attribute javax.servlet.error.exception in the request, 
and i forward to the error page. This page initialise the exception variable 
with the exception. Then, in the error page, i call response.sendRedirect
(/index.jsp);
Because the variable javax.servlet.error.exception live when i call the 
sendRedirect, i receive the Tomcat error page and the sendRedirect can't work.
I make a sample for check that. Create to JSP file in a webapp.
Test.jsp

%@ page errorPage=TestError.jsp %
Test.jsp
%
  System.out.println(Test.jsp);
  request.setAttribute(javax.servlet.error.exception,new Throwable());
  Object n=null;
  n.toString(); // This statement generate a null pointer exception
%

TestError.jsp
=

TestError.jsp
%
  System.out.println(TestError.jsp);
// Next line for patch the bug
//  request.removeAttribute(javax.servlet.error.exception);
  response.sendRedirect(request.getContextPath()+/index.jsp);
%

Invoke the Test.jsp page. Because the NullPointerException was throw, the page 
TestError.jsp is called. This page want to send a redirect to the page 
index.jsp (must be present). But, you receive the Tomcat error page !

Because the servlet must be deconnected to JSP, normally, the JSP technique for 
manage the error can be deconnected to the servlet engine. I think, in the 
ErrorReportValve.java or ErrorDispatcherValve.c can detect this situation 
(reset this attribute AFTER the service() method, remember it's in error 
page, ...) Other servlet engine haven't this problem.

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: [5.0] [VOTE] Remove deprecated and unsupported components


Remy Maucherat wrote:
 The connectors which depend on the org.apache.catalina.connector package 
 (including JK 1, webapp, and the old HTTP connectors) will either need 
 to be updated or removed. The Coyote family of connectors is well 
 supported and provides a suitable replacement (IMO). Coyote is the 
 default connector in the current Tomcat 4.1.x releases, and should be 
 reaching maturity by the time Tomcat 5 is released.
 
 I'd like to remove the deprecated org.apache.catalina.connector classes 
 (and move the remaining facade and wrapper classes to other new packages).
 
 Even if they are removed from the main tree, the deprecated components 
 could also be distributed with updated versions of the affected 
 connectors should it is decided they should be made available for Tomcat 
 5 (but in any case, some work will be needed).
 
 ballot
 [X] Remove deprecated org.apache.catalina.connector components from the 
 j-t-catalina module
 [ ] Leave them in
 /ballot
 
 In case the second option is voted, volunteers will be needed to update 
 and maintain the components (right now, I don't think the connectors 
 based on them would even build against the new API).



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-5/resources welcome.bin.html welcome.main.html INSTALLLICENSE


remm2002/10/09 03:06:07

  Modified:.build.xml
   resources INSTALLLICENSE
  Added:   .CHANGELOG RELEASE-NOTES
   resources welcome.bin.html welcome.main.html
  Log:
  - Improve release target, so that it will create a ready to upload package.
  
  Revision  ChangesPath
  1.38  +46 -5 jakarta-tomcat-5/build.xml
  
  Index: build.xml
  ===
  RCS file: /home/cvs/jakarta-tomcat-5/build.xml,v
  retrieving revision 1.37
  retrieving revision 1.38
  diff -u -r1.37 -r1.38
  --- build.xml 8 Oct 2002 09:36:39 -   1.37
  +++ build.xml 9 Oct 2002 10:06:07 -   1.38
  @@ -44,6 +44,7 @@
 property name=servlet.home value=../jakarta-servletapi-4/dist/
 property name=tomcat.build value=${basedir}/build/
 property name=tomcat.dist  value=${basedir}/dist/
  +  property name=tomcat.release   value=${basedir}/release/
 property name=webapps.buildvalue=${catalina.home}/webapps/build/
 property name=webapps.dist value=${catalina.home}/webapps/dist/
   
  @@ -129,6 +130,8 @@
   
   delete dir=${tomcat.dist}/
   
  +delete dir=${tomcat.release}/
  +
 /target
   
   
  @@ -418,7 +421,42 @@
   
 !--  RELEASE: Create Release === --
 target name=release 
depends=prepare-release,clean,dist,dist-source,installer,package-zip,package-tgz,package-src-zip,package-src-tgz
  -   description=Create a Tomcat 5 packaged distribution /
  +   description=Create a Tomcat 5 packaged distribution if=full-dist
  +
  +mkdir dir=${tomcat.release}/
  +mkdir dir=${tomcat.release}/v${version}/
  +mkdir dir=${tomcat.release}/v${version}/bin/
  +mkdir dir=${tomcat.release}/v${version}/src/
  +
  +move file=${tomcat.dist}/${final.name}.tar.gz 
  + todir=${tomcat.release}/v${version}/bin/
  +move file=${tomcat.dist}/${final.name}.zip 
  + todir=${tomcat.release}/v${version}/bin/
  +move file=${tomcat.dist}/${final.name}.exe 
  + todir=${tomcat.release}/v${version}/bin/
  +
  +move file=${tomcat.dist}/${final-src.name}.tar.gz 
  + todir=${tomcat.release}/v${version}/src/
  +move file=${tomcat.dist}/${final-src.name}.zip 
  + todir=${tomcat.release}/v${version}/src/
  +
  +filter token=VERSION value=${version}/
  +copy file=KEYS 
  + todir=${tomcat.release}/v${version}/
  +copy file=RELEASE-NOTES 
  + todir=${tomcat.release}/v${version}
  + filtering=true/
  +copy file=CHANGELOG 
  + todir=${tomcat.release}/v${version}
  + filtering=true/
  +copy file=resources/welcome.main.html 
  +tofile=${tomcat.release}/v${version}/README.html
  + filtering=true/
  +copy file=resources/welcome.bin.html 
  +tofile=${tomcat.release}/v${version}/bin/README.html
  + filtering=true/
  +
  +  /target
   
 target name=package-zip
   zip zipfile=${tomcat.dist}/${final.name}.zip
  @@ -445,11 +483,13 @@
 zipfileset dir=${tomcat.dist} prefix=${final.name} 
  includes=README.txt /
 zipfileset dir=${tomcat.dist} prefix=${final.name} 
  -   includes=RELEASE-NOTES-* /
  +   includes=RELEASE-NOTES /
 zipfileset dir=${tomcat.dist} prefix=${final.name} 
  -   includes=RELEASE-PLAN-* /
  +   includes=CHANGELOG /
 zipfileset dir=${tomcat.dist} prefix=${final.name} 
  includes=RUNNING.txt /
  +  zipfileset dir=${tomcat.dist} prefix=${final.name} 
  +   includes=BENCHMARKS.txt /
   /zip
 /target
   
  @@ -479,9 +519,10 @@
   include name=temp/** /
   include name=LICENSE /
   include name=README.txt /
  -include name=RELEASE-NOTES-* /
  -include name=RELEASE-PLAN-* /
  +include name=RELEASE-NOTES /
  +include name=CHANGELOG /
   include name=RUNNING.txt /
  +include name=BENCHMARKS.txt /
 /fileset
   /copy
   fixcrlf srcdir=${tomcat.dist}/${final.name} 
  
  
  
  1.1  jakarta-tomcat-5/CHANGELOG
  
Binary file
  
  
  1.1  jakarta-tomcat-5/RELEASE-NOTES
  
  Index: RELEASE-NOTES
  ===
  
  
   Apache Tomcat Version @VERSION@
  Release Notes
  
  
  $Id: RELEASE-NOTES,v 1.1 2002/10/09 10:06:07 remm Exp $
  
  
  
  KNOWN ISSUES IN THIS RELEASE:
  
  
  * Tomcat 5.0 and JNI Based Applications
  * Tomcat 5.0 Standard APIs Available
  * Tomcat 5.0 and XML Parsers
  * Web application reloading and static fields in shared libraries
  * JAVAC leaking memory
  * Linux and Sun JDK 1.2.x - 1.3.x
  * Enabling SSI and CGI Support
  * Security manager URLs
  * Symlinking static resources
  * Enabling invoker servlet

cvs commit: jakarta-tomcat-5 .cvsignore


remm2002/10/09 03:06:34

  Modified:..cvsignore
  Log:
  - Update .cvsignore.
  
  Revision  ChangesPath
  1.3   +1 -0  jakarta-tomcat-5/.cvsignore
  
  Index: .cvsignore
  ===
  RCS file: /home/cvs/jakarta-tomcat-5/.cvsignore,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- .cvsignore26 Jul 2002 16:28:50 -  1.2
  +++ .cvsignore9 Oct 2002 10:06:34 -   1.3
  @@ -1,3 +1,4 @@
   build
   dist
  +release
   build.properties
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-5 build.xml


remm2002/10/09 03:07:48

  Modified:.build.xml
  Log:
  - No reason to clean the release folder.
  
  Revision  ChangesPath
  1.39  +0 -2  jakarta-tomcat-5/build.xml
  
  Index: build.xml
  ===
  RCS file: /home/cvs/jakarta-tomcat-5/build.xml,v
  retrieving revision 1.38
  retrieving revision 1.39
  diff -u -r1.38 -r1.39
  --- build.xml 9 Oct 2002 10:06:07 -   1.38
  +++ build.xml 9 Oct 2002 10:07:48 -   1.39
  @@ -130,8 +130,6 @@
   
   delete dir=${tomcat.dist}/
   
  -delete dir=${tomcat.release}/
  -
 /target
   
   
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

RE: [5.0] [VOTE] Remove deprecated and unsupported components

2002-10-09 Thread iasandcb


ballot
[X] Remove deprecated org.apache.catalina.connector components from the 
j-t-catalina module
[ ] Leave them in
/ballot

IAS

Jakarta-Seoul Project Coordinator
http://jakarta.apache-korea.org

-Original Message-
From: Remy Maucherat [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, October 09, 2002 6:11 PM
To: Tomcat Developers List
Subject: [5.0] [VOTE] Remove deprecated and unsupported components


The connectors which depend on the org.apache.catalina.connector package

(including JK 1, webapp, and the old HTTP connectors) will either need 
to be updated or removed. The Coyote family of connectors is well 
supported and provides a suitable replacement (IMO). Coyote is the 
default connector in the current Tomcat 4.1.x releases, and should be 
reaching maturity by the time Tomcat 5 is released.

I'd like to remove the deprecated org.apache.catalina.connector classes 
(and move the remaining facade and wrapper classes to other new
packages).

Even if they are removed from the main tree, the deprecated components 
could also be distributed with updated versions of the affected 
connectors should it is decided they should be made available for Tomcat

5 (but in any case, some work will be needed).

ballot
[ ] Remove deprecated org.apache.catalina.connector components from the 
j-t-catalina module
[ ] Leave them in
/ballot

In case the second option is voted, volunteers will be needed to update 
and maintain the components (right now, I don't think the connectors 
based on them would even build against the new API).

Remy


--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

[GUMP] Build Failure - jakarta-tomcat-util

2002-10-09 Thread Craig McClanahan



This email is autogenerated from the output from:
http://jakarta.apache.org/builds/gump/2002-10-09/jakarta-tomcat-util.html


Buildfile: build.xml

detect:

build-prepare:
[mkdir] Created dir: /home/rubys/jakarta/jakarta-tomcat-connectors/util/build
[mkdir] Created dir: 
/home/rubys/jakarta/jakarta-tomcat-connectors/util/build/classes
[mkdir] Created dir: /home/rubys/jakarta/jakarta-tomcat-connectors/util/build/lib

build-main:
 [echo] - Java-utils -
 [echo] -- puretls.present = ${puretls.present}
 [echo] -- jsse.present = true
 [echo] -- commons-logging = true
 [echo] -- jmx = true /opt/jmx-1_0_1-ri_bin/jmx/lib/jmxri.jar
[javac] Compiling 59 source files to 
/home/rubys/jakarta/jakarta-tomcat-connectors/util/build/classes
[javac] 
/home/rubys/jakarta/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESupport.java:225:
 cannot resolve symbol
[javac] symbol  : class SocketTimeoutException  
[javac] location: class org.apache.tomcat.util.net.jsse.JSSESupport
[javac] } catch (SocketTimeoutException e) {
[javac]  ^
[javac] 
/home/rubys/jakarta/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESupport.java:235:
 cannot resolve symbol
[javac] symbol  : class SocketTimeoutException  
[javac] location: class org.apache.tomcat.util.net.jsse.JSSESupport
[javac] throw new SocketTimeoutException(SSL Cert handshake timeout);
[javac]   ^
[javac] 2 errors

BUILD FAILED
file:/home/rubys/jakarta/jakarta-tomcat-connectors/util/build.xml:49: Compile failed; 
see the compiler error output for details.

Total time: 3 seconds

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

RE: [5.0] [VOTE] Remove deprecated and unsupported components

2002-10-09 Thread John Trollinger



 ballot
 [ ] Remove deprecated org.apache.catalina.connector 
 components from the 
 j-t-catalina module
 [X ] Leave them in
 /ballot


Atleast untill all the excessive log messages are removed from the
coyote connectors (ie the socket error messages) or there is a way to
disable them (ie give them a log level) 


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: apps conversion from 3.3.1 to 4.1.12


 This is likely the protection against reading anything outside the 
 webapp root (see the allowLinking of FileDirContext), although I don't 
 know how the digester will try to load the included file.

Digester code is derived from XmlMapper which is able to locate entities 
in ../../../ directories.

My concern here is :

Specs didn't mentions restriction on use of external entities outside 
the webapp.

So it should be granted by default isn't it ?

I take a look at FileDirContext but I didn't understand what 
allowLinking is ?

So my question is : bug or feature ?


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

commons-daemon release ?


I wonder if a release of commons-daemon is planned.

JF ?


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: commons-daemon release ?


Henri Gomez wrote:
 I wonder if a release of commons-daemon is planned.

No, because promoting it to commons proper got vetoed.
At the moment, it looks like a split between daemon and launcher will 
happen.

(like Costin, I'd really like to get rid of the Java code in daemon - 
the o.a.c.daemon package -, BTW)

Remy


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-5/resources INSTALLLICENSE


remm2002/10/09 05:20:40

  Modified:.build.xml tomcat.nsi
   resources INSTALLLICENSE
  Log:
  - Cleanups and small fixes.
  
  Revision  ChangesPath
  1.40  +1 -1  jakarta-tomcat-5/build.xml
  
  Index: build.xml
  ===
  RCS file: /home/cvs/jakarta-tomcat-5/build.xml,v
  retrieving revision 1.39
  retrieving revision 1.40
  diff -u -r1.39 -r1.40
  --- build.xml 9 Oct 2002 10:07:48 -   1.39
  +++ build.xml 9 Oct 2002 12:20:40 -   1.40
  @@ -419,7 +419,7 @@
   
 !--  RELEASE: Create Release === --
 target name=release 
depends=prepare-release,clean,dist,dist-source,installer,package-zip,package-tgz,package-src-zip,package-src-tgz
  -   description=Create a Tomcat 5 packaged distribution if=full-dist
  +   description=Create a Tomcat 5 packaged distribution
   
   mkdir dir=${tomcat.release}/
   mkdir dir=${tomcat.release}/v${version}/
  
  
  
  1.9   +26 -25jakarta-tomcat-5/tomcat.nsi
  
  Index: tomcat.nsi
  ===
  RCS file: /home/cvs/jakarta-tomcat-5/tomcat.nsi,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- tomcat.nsi8 Oct 2002 09:36:39 -   1.8
  +++ tomcat.nsi9 Oct 2002 12:20:40 -   1.9
  @@ -12,6 +12,11 @@
   ;
   ;Configuration
   
  +  !define MUI_LICENSEPAGE
  +  !define MUI_COMPONENTPAGE
  +  !define MUI_DIRSELECTPAGE
  +  !define MUI_UNINSTALLER
  +
 ;Language
   ;English
   LoadLanguageFile ${NSISDIR}\Contrib\Language files\English.nlf
  @@ -31,28 +36,18 @@
 !insertmacro MUI_INTERFACE modern.exe adni18-installer-C-no48xp.ico 
adni18-uninstall-C-no48xp.ico modern.bmp smooth $9
   
 ;License dialog
  -  LicenseText Press Page Down to see the rest of the agreement.
 LicenseData INSTALLLICENSE
   
  -  ;Component-select dialog
  -  ComponentText Check the components you want to install and uncheck the 
components you don't want to install. Click Next to continue.
  -
 ;Folder-select dialog
  -  !insertmacro MUI_ENGLISH_DIRTEXT
 InstallDir $PROGRAMFILES\Apache Group\Tomcat 5.0
   
  -  ;Uninstaller
  -  !insertmacro MUI_ENGLISH_UNINSTALLTEXT
  +  ;Install types
  +  InstType Normal
  +  InstType Minimum
  +  InstType Full
   
  -InstType Normal
  -InstType Minimum
  -InstType Full
  -AutoCloseWindow false
  -ShowInstDetails show
  -SetOverwrite on
  -SetDateSave on
  -
  -InstallDirRegKey HKLM SOFTWARE\Apache Group\Tomcat\5.0 
  +  ; Main registry key
  +  InstallDirRegKey HKLM SOFTWARE\Apache Group\Tomcat\5.0 
   
   SubSection Tomcat SecTomcat
   
  @@ -66,6 +61,7 @@
 File /r bin
 Delete $INSTDIR\bin\tomcat.exe
 File /r common
  +  File /r conf
 File /r shared
 File /r logs
 File /r server
  @@ -79,6 +75,7 @@
 Pop $2
   
 CopyFiles $2\lib\tools.jar $INSTDIR\common\lib 4500
  +  BringToFront
   
   SectionEnd
   
  @@ -94,6 +91,7 @@
 
 ExecWait '$INSTDIR\bin\tomcat.exe -install Apache Tomcat 5.0 $2 
-Djava.class.path=$INSTDIR\bin\bootstrap.jar -Dcatalina.home=$INSTDIR 
-Djava.endorsed.dirs=$INSTDIR\common\endorsed -start 
org.apache.catalina.startup.BootstrapService -params start -stop 
org.apache.catalina.startup.BootstrapService -params stop -out 
$INSTDIR\logs\stdout.log -err $INSTDIR\logs\stderr.log'
 
  +  BringToFront
 ClearErrors
   
   SectionEnd
  @@ -172,12 +170,6 @@
   
 WriteUninstaller $INSTDIR\Uninstall.exe
   
  -  SetOverwrite off
  -  SetOutPath $INSTDIR
  -  File /r conf
  -
  -  SetOverwrite on
  -
 Call startService
   
 WriteRegStr HKLM SOFTWARE\Apache Group\Tomcat\5.0  $INSTDIR
  @@ -412,6 +404,9 @@
 StrCpy $R4 'port=$R0'
 StrCpy $R5 'user name=$R1 password=$R2 roles=admin,manager /'
   
  +  DetailPrint 'HTTP/1.1 Connector configured on port $R0'
  +  DetailPrint 'Admin user added: $R1'
  +
 SetOutPath $TEMP
 File /r confinstall
   
  @@ -427,6 +422,8 @@
   
 FileClose $R9
   
  +  DetailPrint server.xml written
  +
 ; Build final tomcat-users.xml
 Delete $INSTDIR\conf\tomcat-users.xml
 FileOpen $R9 $INSTDIR\conf\tomcat-users.xml w
  @@ -439,6 +436,8 @@
   
 FileClose $R9
   
  +  DetailPrint tomcat-users.xml written
  +
 ; Creating a few shortcuts
 IfFileExists $SMPROGRAMS\Apache Tomcat 5.0 0 NoLinks
   
  @@ -499,7 +498,8 @@
   
 IfFileExists $INSTDIR\bin\tomcat.exe 0 NoService
 ExecWait 'net start Apache Tomcat 5.0'
  -  Sleep 4000
  +  Sleep 3000
  +  BringToFront
   
NoService:
   
  @@ -516,7 +516,8 @@
   
 IfFileExists $INSTDIR\bin\tomcat.exe 0 NoService
 ExecWait 'net stop Apache Tomcat 5.0'
  -  Sleep 2000
  +  Sleep 1000
  +  BringToFront
   
NoService:
   
  
  
  
  1.3   +4 -4  jakarta-tomcat-5/resources/INSTALLLICENSE
  
  Index: INSTALLLICENSE

Re: [5.0] [VOTE] Remove deprecated and unsupported components

2002-10-09 Thread jean-frederic clere


ballot
[X] Remove deprecated org.apache.catalina.connector components from the 
j-t-catalina module
[ ] Leave them in
/ballot

Cheers

Jean-frederic


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core StandardWrapperValve.java


remm2002/10/09 05:40:53

  Modified:catalina/src/share/org/apache/catalina/core
StandardWrapperValve.java
  Log:
  - The decoded URI should be used there.
  
  Revision  ChangesPath
  1.5   +15 -10
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardWrapperValve.java
  
  Index: StandardWrapperValve.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardWrapperValve.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- StandardWrapperValve.java 12 Sep 2002 00:09:27 -  1.4
  +++ StandardWrapperValve.java 9 Oct 2002 12:40:53 -   1.5
  @@ -248,16 +248,21 @@
   String contextPath = hreq.getContextPath();
   if (contextPath == null)
   contextPath = ;
  -String requestURI = hreq.getRequestURI();
  +String requestURI = ((HttpRequest) hreq).getDecodedRequestURI();
   if (requestURI.length() = contextPath.length())
   requestPath = requestURI.substring(contextPath.length());
   }
  -sreq.setAttribute(ApplicationFilterFactory.DISPATCHER_TYPE_ATTR,
  -new 
Integer(ApplicationFilterFactory.REQUEST));
  -sreq.setAttribute(ApplicationFilterFactory.DISPATCHER_REQUEST_PATH_ATTR, 
requestPath);
  +sreq.setAttribute
  +(ApplicationFilterFactory.DISPATCHER_TYPE_ATTR,
  + new Integer(ApplicationFilterFactory.REQUEST));
  +sreq.setAttribute
  +(ApplicationFilterFactory.DISPATCHER_REQUEST_PATH_ATTR, 
  + requestPath);
   // Create the filter chain for this request
  -ApplicationFilterFactory factory = ApplicationFilterFactory.getInstance();
  -ApplicationFilterChain filterChain = factory.createFilterChain(sreq, 
wrapper, servlet);
  +ApplicationFilterFactory factory = 
  +ApplicationFilterFactory.getInstance();
  +ApplicationFilterChain filterChain = 
  +factory.createFilterChain(sreq, wrapper, servlet);
   
   // Call the filter chain for this request
   // NOTE: This also calls the servlet's service() method
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: commons-daemon release ?

2002-10-09 Thread jean-frederic clere


Henri Gomez wrote:
 I wonder if a release of commons-daemon is planned.
 
 JF ?
 
 
 -- 
 To unsubscribe, e-mail:   
 mailto:[EMAIL PROTECTED]
 For additional commands, e-mail: 
 mailto:[EMAIL PROTECTED]
 
 

I am using it in a product named openIS.
The FSC QA are still complaining about small problems.
I have to fix them... Then that will be time to make a release.



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/valves ErrorReportValve.java


remm2002/10/09 05:42:51

  Modified:catalina/src/share/org/apache/catalina/valves
ErrorReportValve.java
  Log:
  - Port patch.
  
  Revision  ChangesPath
  1.3   +6 -9  
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/valves/ErrorReportValve.java
  
  Index: ErrorReportValve.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/valves/ErrorReportValve.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- ErrorReportValve.java 12 Sep 2002 06:44:25 -  1.2
  +++ ErrorReportValve.java 9 Oct 2002 12:42:51 -   1.3
  @@ -250,11 +250,8 @@
   if (message == null)
   message = ;
   
  -// Do nothing on a 1xx and 2xx status
  -if (statusCode  300)
  -return;
  -// Do nothing on a NOT MODIFIED status
  -if (statusCode == HttpServletResponse.SC_NOT_MODIFIED)
  +// Do nothing on a 1xx, 2xx and 3xx status
  +if (statusCode  400)
   return;
   
   // FIXME: Reset part of the request
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core StandardWrapperValve.java


remm2002/10/09 05:52:40

  Modified:catalina/src/share/org/apache/catalina/core
StandardWrapperValve.java
  Log:
  - Oops, not the right object.
  
  Revision  ChangesPath
  1.6   +5 -5  
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardWrapperValve.java
  
  Index: StandardWrapperValve.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardWrapperValve.java,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- StandardWrapperValve.java 9 Oct 2002 12:40:53 -   1.5
  +++ StandardWrapperValve.java 9 Oct 2002 12:52:40 -   1.6
  @@ -248,7 +248,7 @@
   String contextPath = hreq.getContextPath();
   if (contextPath == null)
   contextPath = ;
  -String requestURI = ((HttpRequest) hreq).getDecodedRequestURI();
  +String requestURI = ((HttpRequest) request).getDecodedRequestURI();
   if (requestURI.length() = contextPath.length())
   requestPath = requestURI.substring(contextPath.length());
   }
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-connectors/jk/xdocs/jk2 confighowto.xml


mturk   2002/10/09 06:01:29

  Modified:jk/xdocs/jk2 confighowto.xml
  Log:
  Add the JNI Minimum configuration.
  
  Revision  ChangesPath
  1.2   +57 -1 jakarta-tomcat-connectors/jk/xdocs/jk2/confighowto.xml
  
  Index: confighowto.xml
  ===
  RCS file: /home/cvs/jakarta-tomcat-connectors/jk/xdocs/jk2/confighowto.xml,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- confighowto.xml   8 Oct 2002 17:59:25 -   1.1
  +++ confighowto.xml   9 Oct 2002 13:01:29 -   1.2
  @@ -58,4 +58,60 @@
   /p
   /section
   
  +section name=Minimum JNI Configuration
  +p
  +Minimum JNI configuration is the simplest one to make the Tomcat working
  +from inside the web server as inprocess. The only comunication channel used
  +is JNI. The JK2 will register all the native calls by itself, so there is
  +no need to specify the native library on Java side.
  +/p
  +p
  +jk2.properties:
  +source
  +# Add the apr and channelJni to the list of handlers
  +handler.list=apr,request,container,channelJni
  +# The native libraries will be registered by JK2
  +apr.jniModeSo=inprocess
  +/source
  +/p
  +p
  +workers2.properties:
  +source
  +# Define the comunication channel 
  +[channel.jni:jni]
  +info=The jni channel, used if tomcat is started inprocess
  +
  +# Define the parameters for the Java Virtual Machine
  +[vm:]
  +info=Parameters used to load a JVM in the server process
  
+OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/lib/tomcat.jar
  +OPT=-Dtomcat.home=${TOMCAT_HOME}
  +OPT=-Dcatalina.home=${TOMCAT_HOME}
  +OPT=-Xmx128M
  +
  +# JNI worker startup handler
  +[worker.jni:onStartup]
  +info=Command to be executed by the VM on startup. This one will start tomcat.
  +class=org/apache/jk/apr/TomcatStarter
  +ARG=start
  +stdout=${serverRoot}/logs/stdout.log
  +stderr=${serverRoot}/logs/stderr.log
  +
  +# JNI worker shutdown handler
  +[worker.jni:onShutdown]
  +info=Command to be executed by the VM on shutdown. This one will stop tomcat.
  +class=org/apache/jk/apr/TomcatStarter
  +ARG=stop
  +
  +# Map the Tomcat examples webapp to the Web server uri space
  +[uri:/examples/*]
  +info=Map the whole webapp
  +/source
  +/p
  +p
  +Start the Web server and browse to the ahttp://localhost/examples//a
  +/p
  +
  +/section
  +
   /document
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: commons-daemon release ?

2002-10-09 Thread jean-frederic clere


Remy Maucherat wrote:
 Henri Gomez wrote:
 
 I wonder if a release of commons-daemon is planned.
 
 
 No, because promoting it to commons proper got vetoed.

And the reasons why have not been changed... I had no time to write the needed 
code (and I was on holidays at the time of the veto: it was in mid-august).

 At the moment, it looks like a split between daemon and launcher will 
 happen.

Because a release of launcher is needed.

 
 (like Costin, I'd really like to get rid of the Java code in daemon - 
 the o.a.c.daemon package -, BTW)

-1 I am using it. And I need time to write the corresponding C code.

 
 Remy
 
 
 -- 
 To unsubscribe, e-mail:   
 mailto:[EMAIL PROTECTED]
 For additional commands, e-mail: 
 mailto:[EMAIL PROTECTED]
 
 




--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: [5.0] [VOTE] Remove deprecated and unsupported components

2002-10-09 Thread Jean-Francois Arcand



 ballot
 [ X ] Remove deprecated org.apache.catalina.connector components from 
 the j-t-catalina module
 [ ] Leave them in
 /ballot

-- Jeanfrancois


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: administration-howto.html

2002-10-09 Thread Glenn Nielsen


jean-frederic clere wrote:
 Hi,
 
 I am willing to use the administration tools of Tomcat but I am 
 wondering where the administration-howto.html is located.
 
 If it is not existing I will create one similar to the existing 
 manager-howto.xml.
 
 Any comments?
 

I know that Amy has been working on taking care of some of the problems
I posted about the Tomcat 4.1 configuration admin application.  A help
document was one of the issues.

This is really needed, thanks!

Glenn


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

DO NOT REPLY [Bug 13456] New: - allowChuncking=false not working


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13456.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13456

allowChuncking=false not working

   Summary: allowChuncking=false not working
   Product: Tomcat 4
   Version: 4.0 Final
  Platform: PC
OS/Version: Other
Status: NEW
  Severity: Major
  Priority: Other
 Component: Connector:Coyote HTTP/1.1
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


allowChunking=false in Coyoute connector still give chunked responses.

simply changed to the catalina Connector and the problem was solved.

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

RE: [5.0] [VOTE] Remove deprecated and unsupported components

2002-10-09 Thread Ignacio J. Ortega


 ballot
 [X] Remove deprecated org.apache.catalina.connector 
 components from the 
 j-t-catalina module
 [ ] Leave them in
 /ballot
 

Saludos, 
Ignacio J. Ortega 

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

DO NOT REPLY [Bug 13365] - JSP source disclosure vulnerability not fixed when invoking servlets by name


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13365.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13365

JSP source disclosure vulnerability not fixed when invoking servlets by name

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||FIXED



--- Additional Comments From [EMAIL PROTECTED]  2002-10-09 14:23 ---
Ok, this is fixed in all branches, and Tomcat 4.0.6 has been released (the
default Tomcat 4.0.5 installation was vulnerable).

However, NEVER EVER DISCUSS A POTENTIAL SECURITY PROBLEM ON A PUBLIC
COMMUNICATION CHANNEL, because this puts all Tomcat users at risk. The Tomcat
Team also cannot release a new version within minutes a security problem is
published. Thanks. There are *private* mailing lists for that (security at
apache.org), and you will be given all the credit you want or deserve.

I used the patch submitted as a patch which can be applied to Tomcat 4.0.5 to
resolve the problem without upgrading to 4.0.6.

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

DO NOT REPLY [Bug 13456] - allowChuncking=false not working


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13456.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13456

allowChuncking=false not working

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||WONTFIX
Version|4.0 Final   |4.1.12



--- Additional Comments From [EMAIL PROTECTED]  2002-10-09 14:26 ---
FYI, this is not supported (and will never be supported) in Coyote HTTP/1.1. The
documentation does not specify this flag is allowed.

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse JSSESupport.java

2002-10-09 Thread bobh


bobh2002/10/09 08:03:21

  Modified:util/java/org/apache/tomcat/util/net/jsse JSSESupport.java
  Log:
  - make gump happy by getting rid of 1.4 only class java.net.SocketTimeoutException
  
  Revision  ChangesPath
  1.3   +3 -3  
jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
  
  Index: JSSESupport.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESupport.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- JSSESupport.java  8 Oct 2002 16:49:43 -   1.2
  +++ JSSESupport.java  9 Oct 2002 15:03:21 -   1.3
  @@ -222,8 +222,8 @@
   for (int i = 0; i  maxTries; i++) {
   try {
   int x = in.read(b);
  -} catch (SocketTimeoutException e) {
  -// ignore
  +} catch (IOException e) {
  +// ignore - presumably the timeout
   }
   if (listener.completed) {
   break;
  @@ -232,7 +232,7 @@
   socket.removeHandshakeCompletedListener(listener);
   socket.setSoTimeout(oldTimeout);
   if (listener.completed == false) {
  -throw new SocketTimeoutException(SSL Cert handshake timeout);
  +throw new SocketException(SSL Cert handshake timeout);
   }
   }
   
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

DO NOT REPLY [Bug 13014] - OS/390/USS - Invalid url-pattern in servlet mapping


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13014.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13014

OS/390/USS - Invalid url-pattern  in servlet mapping





--- Additional Comments From [EMAIL PROTECTED]  2002-10-09 15:11 ---
The USS environment is somewhat unusual...perhaps no one at apache.org has 
ready access to such a system for testing and debugging this issue. Attachmate 
would be happy to provide such access to anyone involved with Tomcat 
development at apache.org if it would help speed resolution. Please email me, 
and we can discuss details of this.  -Ned

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: apps conversion from 3.3.1 to 4.1.12


Remy Maucherat wrote:
 Henri Gomez wrote:
 
 This is likely the protection against reading anything outside the 
 webapp root (see the allowLinking of FileDirContext), although I 
 don't know how the digester will try to load the included file.



 Digester code is derived from XmlMapper which is able to locate 
 entities in ../../../ directories.

 My concern here is :

 Specs didn't mentions restriction on use of external entities outside 
 the webapp.

 So it should be granted by default isn't it ?

 I take a look at FileDirContext but I didn't understand what 
 allowLinking is ?
 
  
 
 So my question is : bug or feature ?
 
 
 There's a pretty strict check on the canonical path of a resource which 
 I added.
 I consider it a security feature. I think a webapp should be self 
 contained, so I think it's reasonable to have the check as the default.
 
 allowLinking disables the check.
 
 Don't be lazy, just do a search in FileDirContext ;-)

I take a look at this but but digester didn't use FileDirContext so the 
allowLinking didn't fit.

The problem seems be only in Digester which fail to load 
../../../settings.xml

What could we do ?

PS: I tried with TC 4.1.x and all commons from CVS.


at 
org.apache.naming.resources.DirContextURLConnection.getInputStream(DirContextURLConnection.java:344)
at java.net.URL.openStream(URL.java:793)
at 
org.apache.xerces.impl.XMLEntityManager.startEntity(XMLEntityManager.java:807)
at 
org.apache.xerces.impl.XMLEntityManager.startEntity(XMLEntityManager.java:738)
at 
org.apache.xerces.impl.XMLDTDScannerImpl.startPE(XMLDTDScannerImpl.java:609)
at 
org.apache.xerces.impl.XMLDTDScannerImpl.skipSeparator(XMLDTDScannerImpl.java:1927)
at 
org.apache.xerces.impl.XMLDTDScannerImpl.scanDecls(XMLDTDScannerImpl.java:1889)
at 
org.apache.xerces.impl.XMLDTDScannerImpl.scanDTDInternalSubset(XMLDTDScannerImpl.java:359)
at 
org.apache.xerces.impl.XMLDocumentScannerImpl$DTDDispatcher.dispatch(XMLDocumentScannerImpl.java:808)
at 
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:329)
at 
org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:525)
at 
org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:581)
at org.apache.xerces.parsers.XMLParser.parse(XMLParser.java:152)
at 
org.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1175)
at org.apache.commons.digester.Digester.parse(Digester.java:1542)
at 
org.apache.catalina.startup.ContextConfig.applicationConfig(ContextConfig.java:282)
at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:639)
at 
org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:243)
at 
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:166)
at 
org.apache.catalina.core.StandardContext.start(StandardContext.java:3567)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1188)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:738)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1188)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:347)
at org.apache.catalina.core.StandardService.start(StandardService.java:497)










--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: [Proposal] Security Audit

2002-10-09 Thread Bob Herrmann



I can't think of anything more boring and tedious (bug fixing?) but I am
willing to help.  Maybe we should divide up the classes.  

Cheers,
-bob

On Tue, 2002-10-08 at 16:36, Jean-Francois Arcand wrote:
 Hi,
 
 I'm looking to do a Security Audit on the current Tomcat 5.0 codebase. I 
 would like to collect as more as information as where you think I should 
 look at (code, security hole, etc.). I'm planning to do the audit using 
 the default SecurityManager. Rigth now, I have started looking at:
 
 - doPrivilege blocks. Are they small enough? Can they be reduced?
 - JSP generated code. Are they secure? Can a malicious app uses the code 
 to access o.a.catalina code?
 - Is catalina.policy restricted enough?
 - Is our Classloader secure?
 
 Any direction/ideas/recommendations will be appreciated.
 
 Thanks,
 
 -- Jeanfrancois
 
 
 --
 To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
 For additional commands, e-mail: mailto:[EMAIL PROTECTED]
-- 
Bob Herrmann [EMAIL PROTECTED]


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: apps conversion from 3.3.1 to 4.1.12

2002-10-09 Thread Craig R. McClanahan

On Wed, 9 Oct 2002, Henri Gomez wrote:

 Date: Wed, 09 Oct 2002 17:39:00 +0200
 From: Henri Gomez [EMAIL PROTECTED]
 Reply-To: Tomcat Developers List [EMAIL PROTECTED]
 To: Tomcat Developers List [EMAIL PROTECTED]
 Subject: Re: apps conversion from 3.3.1 to 4.1.12

 Remy Maucherat wrote:
  Henri Gomez wrote:

  This is likely the protection against reading anything outside the
  webapp root (see the allowLinking of FileDirContext), although I
  don't know how the digester will try to load the included file.

  Digester code is derived from XmlMapper which is able to locate
  entities in ../../../ directories.

  My concern here is :

  Specs didn't mentions restriction on use of external entities outside
  the webapp.

  So it should be granted by default isn't it ?

  I take a look at FileDirContext but I didn't understand what
  allowLinking is ?

  So my question is : bug or feature ?

  There's a pretty strict check on the canonical path of a resource which
  I added.
  I consider it a security feature. I think a webapp should be self
  contained, so I think it's reasonable to have the check as the default.

  allowLinking disables the check.

  Don't be lazy, just do a search in FileDirContext ;-)

 I take a look at this but but digester didn't use FileDirContext so the
 allowLinking didn't fit.

 The problem seems be only in Digester which fail to load
 ../../../settings.xml

 What could we do ?

Haven't looked at the code, but here's a couple of thoughts that might
help:

If your path above (../../../settings.xml) is attempting to go above
the context root of the webapp, it's pretty much guaranteed to fail
because of the security restrictions.  Undoing that restriction would just
create a bunch of CERT reports about Tomcat letting you browse the entire
directory structure of your disk.

One of the important enablers for using external entity files in Digester
is to use the Digester.parse() that takes an InputSource (rather than an
InputStream), and be sure you have configured your InputSource to include
the source URL.  That is necessary for the XML parser to be able to
resolve relative system ids.  The code in ContextConfig that parses
web.xml and TLD files was modified (a while back) to do this kind of
thing, if you need an example.

 PS: I tried with TC 4.1.x and all commons from CVS.

Craig

   at

org.apache.naming.resources.DirContextURLConnection.getInputStream(DirContextURLConnection.java:344)
   at java.net.URL.openStream(URL.java:793)
   at
 org.apache.xerces.impl.XMLEntityManager.startEntity(XMLEntityManager.java:807)
   at
 org.apache.xerces.impl.XMLEntityManager.startEntity(XMLEntityManager.java:738)
   at
 org.apache.xerces.impl.XMLDTDScannerImpl.startPE(XMLDTDScannerImpl.java:609)
   at
 org.apache.xerces.impl.XMLDTDScannerImpl.skipSeparator(XMLDTDScannerImpl.java:1927)
   at
 org.apache.xerces.impl.XMLDTDScannerImpl.scanDecls(XMLDTDScannerImpl.java:1889)
   at

org.apache.xerces.impl.XMLDTDScannerImpl.scanDTDInternalSubset(XMLDTDScannerImpl.java:359)
   at

org.apache.xerces.impl.XMLDocumentScannerImpl$DTDDispatcher.dispatch(XMLDocumentScannerImpl.java:808)
   at

org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:329)
   at
 org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:525)
   at
 org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:581)
   at org.apache.xerces.parsers.XMLParser.parse(XMLParser.java:152)
   at
 org.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1175)
   at org.apache.commons.digester.Digester.parse(Digester.java:1542)
   at
 org.apache.catalina.startup.ContextConfig.applicationConfig(ContextConfig.java:282)
   at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:639)
   at
 org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:243)
   at

org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:166)
   at
 org.apache.catalina.core.StandardContext.start(StandardContext.java:3567)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1188)
   at org.apache.catalina.core.StandardHost.start(StandardHost.java:738)
   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1188)
   at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:347)
   at org.apache.catalina.core.StandardService.start(StandardService.java:497)

 --
 To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
 For additional commands, e-mail: mailto:[EMAIL PROTECTED]

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: apps conversion from 3.3.1 to 4.1.12

Henri Gomez wrote:
Remy Maucherat wrote:

Henri Gomez wrote:

This is likely the protection against reading anything outside the
webapp root (see the allowLinking of FileDirContext), although I
don't know how the digester will try to load the included file.

Digester code is derived from XmlMapper which is able to locate
entities in ../../../ directories.

My concern here is :

Specs didn't mentions restriction on use of external entities outside
the webapp.

So it should be granted by default isn't it ?

I take a look at FileDirContext but I didn't understand what
allowLinking is ?

So my question is : bug or feature ?

There's a pretty strict check on the canonical path of a resource
which I added.
I consider it a security feature. I think a webapp should be self
contained, so I think it's reasonable to have the check as the default.

allowLinking disables the check.

Don't be lazy, just do a search in FileDirContext ;-)

I take a look at this but but digester didn't use FileDirContext so the
allowLinking didn't fit.

The problem seems be only in Digester which fail to load
../../../settings.xml

What could we do ?

PS: I tried with TC 4.1.x and all commons from CVS.

org.apache.naming.resources.DirContextURLConnection.getInputStream(DirContextURLConnection.java:344)

at java.net.URL.openStream(URL.java:793)

Well, that's exactly the same. Where do you think that weird URL
connection goes ?? (hint: to the aforementioned FileDirContext, through
some classloader binding)

The place where it gets rejected should be the FileDirContext.file()
method, as far as I can remember.

Remy

--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: apps conversion from 3.3.1 to 4.1.12


 
org.apache.naming.resources.DirContextURLConnection.getInputStream(DirContextURLConnection.java:344)
 

 at java.net.URL.openStream(URL.java:793)
 
 
 Well, that's exactly the same. Where do you think that weird URL 
 connection goes ?? (hint: to the aforementioned FileDirContext, through 
 some classloader binding)

Well it's my initial diggs in TC 4.1.x, let me some time to discover it.

 The place where it gets rejected should be the FileDirContext.file() 
 method, as far as I can remember.

FileDirContext.file() is used to get webapps/ROOT/web.xml ref and
validate access, but the external entity is grabbed from Digester
so outside FileDirContext control (from my debug analyze).



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: apps conversion from 3.3.1 to 4.1.12



 Haven't looked at the code, but here's a couple of thoughts that might
 help:
 
 If your path above (../../../settings.xml) is attempting to go above
 the context root of the webapp, it's pretty much guaranteed to fail
 because of the security restrictions.  Undoing that restriction would just
 create a bunch of CERT reports about Tomcat letting you browse the entire
 directory structure of your disk.

I agree but the ../../../settings.xml was set in web.xml, under 
administrator control, and tomcat can't even overwrite it.

We've got another problem here since Tomcat 3.3.x allow this and but
Tomcat 4.1.x prevent it. Should we fix Tomcat 3.3.2 ?

 One of the important enablers for using external entity files in Digester
 is to use the Digester.parse() that takes an InputSource (rather than an
 InputStream), and be sure you have configured your InputSource to include
 the source URL.  That is necessary for the XML parser to be able to
 resolve relative system ids.  The code in ContextConfig that parses
 web.xml and TLD files was modified (a while back) to do this kind of
 thing, if you need an example.

Didn't have access on it since the external entity is set in web.xml so
under org.apache.catalina.startup.ContextConfig.applicationConfig 
control, not application control.



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: apps conversion from 3.3.1 to 4.1.12

2002-10-09 Thread Craig R. McClanahan

On Wed, 9 Oct 2002, Henri Gomez wrote:

 Date: Wed, 09 Oct 2002 18:13:10 +0200
 From: Henri Gomez [EMAIL PROTECTED]
 Reply-To: Tomcat Developers List [EMAIL PROTECTED]
 To: Tomcat Developers List [EMAIL PROTECTED]
 Subject: Re: apps conversion from 3.3.1 to 4.1.12

  Haven't looked at the code, but here's a couple of thoughts that might
  help:

  If your path above (../../../settings.xml) is attempting to go above
  the context root of the webapp, it's pretty much guaranteed to fail
  because of the security restrictions.  Undoing that restriction would just
  create a bunch of CERT reports about Tomcat letting you browse the entire
  directory structure of your disk.

 I agree but the ../../../settings.xml was set in web.xml, under
 administrator control, and tomcat can't even overwrite it.

 We've got another problem here since Tomcat 3.3.x allow this and but
 Tomcat 4.1.x prevent it. Should we fix Tomcat 3.3.2 ?

  One of the important enablers for using external entity files in Digester
  is to use the Digester.parse() that takes an InputSource (rather than an
  InputStream), and be sure you have configured your InputSource to include
  the source URL.  That is necessary for the XML parser to be able to
  resolve relative system ids.  The code in ContextConfig that parses
  web.xml and TLD files was modified (a while back) to do this kind of
  thing, if you need an example.

 Didn't have access on it since the external entity is set in web.xml so
 under org.apache.catalina.startup.ContextConfig.applicationConfig
 control, not application control.

If this reference is in your web.xml file, then my suggestion is already
being done.  To test it, try temporarily copying the settings.xml file
into the WEB-INF directory and changing the relative URL appropriately.

I'd be -1 on removing the security check in 4.x/5.x.  Fixing 3.3.2 sounds
like a good idea.

Craig

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: [Proposal] Security Audit

2002-10-09 Thread Ian Darwin


 I'm looking to do a Security Audit on the current Tomcat 5.0 codebase. I
 would like to collect as more as information as where you think I should
 look at (code, security hole, etc.). I'm planning to do the audit using
 the default SecurityManager. Rigth now, I have started looking at:

Although their goals and technology are different (an OS written in C),
I believe anyone interested in helping might learn a lot by looking at OpenBSD (a 
free UNIX-like OS whose entire code base has been subjected to a careful (and
ongoing!) security audit). They have some papers online;
go to www.openbsd.org and look at press.html (which has links to various
papers). Look for auditing.

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: [5.0] [VOTE] Remove deprecated and unsupported components

2002-10-09 Thread Ian Darwin


 ballot
 [X ] Remove deprecated org.apache.catalina.connector components from the
 j-t-catalina module
 [ ] Leave them in
 /ballot

As long as it won't break builds of 4.1 :-)

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Tomcat 4.1.12: Xerces 2.2 problems - Struts 1.0.2 bug.

2002-10-09 Thread Jean-Francois Arcand


Hi,

with Tomcat 4.1.12, Xerces 2.2 is throwing the following exception:

org.xml.sax.SAXParseException: The string -- is not permitted within 
comments.
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)

This is a bug in the org.apache.struts.digester.Digester class. If you 
uses Struts 1.1 beta 2 jar file, the bug will not happen. Xerces 2.2 
generates a lot of Warnings and the Digester version of Struts 1.0.2 
logs an exception instead of a warning. This has been corrected in the 
current Digester (1.3) we are using.

So we have to decide which combinaison we want to support with 4.1.x:

Xerces 2.1 + Struts 1.0.2
or
Xerces 2.2 + Struts 1.1b2

-- Jeanfrancois


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Tomcat 4.1.12: Xerces 2.2 problems - Struts 1.0.2 bug.


Jean-Francois Arcand wrote:
 Hi,
 
 with Tomcat 4.1.12, Xerces 2.2 is throwing the following exception:
 
 org.xml.sax.SAXParseException: The string -- is not permitted within 
 comments.
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
 
 This is a bug in the org.apache.struts.digester.Digester class. If you 
 uses Struts 1.1 beta 2 jar file, the bug will not happen. Xerces 2.2 
 generates a lot of Warnings and the Digester version of Struts 1.0.2 
 logs an exception instead of a warning. This has been corrected in the 
 current Digester (1.3) we are using.
 
 So we have to decide which combinaison we want to support with 4.1.x:
 
 Xerces 2.1 + Struts 1.0.2
 or
 Xerces 2.2 + Struts 1.1b2

For 4.1.x, I'll definitely package the stable releases (X 2.1 + S 1.0.x).
For 5.0.0, I'll package S 1.1 beta + X 2.2 (nice explanation).

(I still plan to tag 5.0.0 this week, as it's been relatively stable for 
some time now)

Remy


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/xmlparser ParserUtils.java


luehe   2002/10/09 09:47:31

  Modified:jasper2/src/share/org/apache/jasper/xmlparser
ParserUtils.java
  Log:
  Removed dead code
  
  Revision  ChangesPath
  1.5   +1 -96 
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/xmlparser/ParserUtils.java
  
  Index: ParserUtils.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/xmlparser/ParserUtils.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- ParserUtils.java  16 Jul 2002 19:30:53 -  1.4
  +++ ParserUtils.java  9 Oct 2002 16:47:31 -   1.5
  @@ -124,17 +124,6 @@
   
   // - Public Methods
   
  -
  -/**
  - * Return the class loader used to access our XML parser.
  - */
  -// public ClassLoader getClassLoader() {
  -
  -// return (this.classLoader);
  -
  -// }
  -
  -
   /**
* Parse the specified XML document, and return a codeTreeNode/code
* that corresponds to the root node of the document tree.
  @@ -154,34 +143,12 @@
   try {
   DocumentBuilderFactory factory =
   DocumentBuilderFactory.newInstance();
  -/*
  -Class clazz =
  - classLoader.loadClass(javax.xml.parsers.DocumentBuilderFactory);
  -System.out.println(Loaded DBF from:);
  -System.out.println(clazz.getClassLoader());
  -Method method = clazz.getMethod(newInstance, new Class[0]);
  -DocumentBuilderFactory factory = (DocumentBuilderFactory)
  -method.invoke(null, new Object[0]);
  -*/
   factory.setNamespaceAware(true);
   factory.setValidating(validating);
   DocumentBuilder builder = factory.newDocumentBuilder();
   builder.setEntityResolver(entityResolver);
   builder.setErrorHandler(errorHandler);
   document = builder.parse(is);
  -//System.out.println(Parsing  + uri );
  -/*
  -} catch (ClassNotFoundException ex) {
  -throw new JasperException(CNFE:  + ex); // FIXME
  -} catch (IllegalAccessException ex) {
  -throw new JasperException(IACE:  + ex); // FIXME
  -} catch (IllegalArgumentException ex) {
  -throw new JasperException(IARE:  + ex); // FIXME
  -} catch (InvocationTargetException ex) {
  -throw new JasperException(ITE:  + ex); // FIXME
  -} catch (NoSuchMethodException ex) {
  -throw new JasperException(NSME:  + ex); // FIXME
  -*/
} catch (ParserConfigurationException ex) {
   throw new JasperException
   (Constants.getString(jsp.error.parse.xml,
  @@ -306,71 +273,10 @@
   (ClassLoader parentLoader) {
   
   ParserUtils parserUtils = null;
  -/*
  -try {
  -Class clazz = parentLoader.loadClass
  -(org.apache.jasper.xmlparser.ParserUtils);
  -parserUtils = (ParserUtils) clazz.newInstance();
  -System.out.println(ParserUtils loaded by ClassLoader:\r\n +
  -   parserUtils.getClass().getClassLoader());
  -parserUtils.setClassLoader(createClassLoader(parentLoader));
  -} catch (ClassNotFoundException e) {
  -System.out.println(createParserUtils:  ClassNotFoundException);
  -e.printStackTrace(System.out);
  -} catch (IllegalAccessException e) {
  -System.out.println(createParserUtils:  IllegalAccessException);
  -e.printStackTrace(System.out);
  -} catch (InstantiationException e) {
  -System.out.println(createParserUtils:  InstantiationException);
  -e.printStackTrace(System.out);
  -} catch (MalformedURLException e) {
  -System.out.println(createParserUtils:  MalformedURLException);
  -e.printStackTrace(System.out);
  -}
  -*/
   parserUtils = new ParserUtils();
   parserUtils.setClassLoader(parentLoader);
   return (parserUtils);
   }
  -
  -
  -/**
  - * Construct (if necessary) and return a class loader that has been
  - * configured with the specified parent class loader, and repositories
  - * as needed to access the required XML parser.
  - *
  - * @param parentLoader The web application class loader
  - *
  - * @exception MalformedURLException if we cannot create a valid URL for
  - *  one of the required repositories
  - */
  -/* This  doesn't work.
  -  
  -  public synchronized static ClassLoader createClassLoader
  -(ClassLoader parentLoader) throws MalformedURLException {
  -
  -// Return any existing class loader

cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/util StringManager.java


luehe   2002/10/09 09:55:14

  Removed: jasper2/src/share/org/apache/jasper/util StringManager.java
  Log:
  Removed redundant org.apache.jasper.util.StringManager

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11 Constants.java


remm2002/10/09 09:56:17

  Modified:http11/src/java/org/apache/coyote/http11 Constants.java
  Log:
  - Increase a little bit buffer sizes.
  
  Revision  ChangesPath
  1.10  +1 -1  
jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Constants.java
  
  Index: Constants.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Constants.java,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- Constants.java23 Jul 2002 15:27:24 -  1.9
  +++ Constants.java9 Oct 2002 16:56:17 -   1.10
  @@ -147,7 +147,7 @@
   /**
* Default HTTP header buffer size.
*/
  -public static final int DEFAULT_HTTP_HEADER_BUFFER_SIZE = 32 * 1000;
  +public static final int DEFAULT_HTTP_HEADER_BUFFER_SIZE = 48 * 1024;
   
   
   /**
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

DO NOT REPLY [Bug 13223] - JSP pages in XML syntax do not compile properly


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13223.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13223

JSP pages in XML syntax do not compile properly





--- Additional Comments From [EMAIL PROTECTED]  2002-10-09 16:57 ---
Sorry, I mispoke.  I checked with JSP spec lead and Andreas is right that
jsp:attribut cannot be used in the way I described, per JSP.5.10.  However,
this can be used instead.

jsp:element name=td
jsp:attribute name=value:
jsp:expressionfoo/jsp:expression
/jsp:attribute
/jsp:element

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-connectors/jk/native2/common jk_uriMap.c


mturk   2002/10/09 10:08:10

  Modified:jk/native2/common jk_uriMap.c
  Log:
  Fix the hostMap checking hostname:port then hostname
  
  Revision  ChangesPath
  1.51  +21 -14jakarta-tomcat-connectors/jk/native2/common/jk_uriMap.c
  
  Index: jk_uriMap.c
  ===
  RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/common/jk_uriMap.c,v
  retrieving revision 1.50
  retrieving revision 1.51
  diff -u -r1.50 -r1.51
  --- jk_uriMap.c   3 Oct 2002 10:32:29 -   1.50
  +++ jk_uriMap.c   9 Oct 2002 17:08:09 -   1.51
  @@ -256,31 +256,40 @@
   {
   int i, j, n;
   char *name;
  -char hostame[1024] = {0};
  +char hostname[1024] = {0};
   
   if (port) {
   if (vhost) {
   if (strchr(vhost, ':'))
  -strcpy(hostame, vhost);
  +strcpy(hostname, vhost);
   else
  -   sprintf(hostame, %s:%d, vhost, port);
  +   sprintf(hostname, %s:%d, vhost, port);
   }
   else
  -sprintf(hostame, *:%d, port);
  +sprintf(hostname, *:%d, port);
   }
   else if (vhost)
  -strcpy(hostame, vhost); 
  +strcpy(hostname, vhost); 
   else /* Return default host if vhost and port wasn't suplied */
   return uriMap-vhosts-get(env, uriMap-vhosts, *);
   
   n = uriMap-vhosts-size(env, uriMap-vhosts);
  -/* Check the hostnames first */
  +/* Check the exact hostname:port first */
   for (i = 0 ; i  n ; i++) {
   jk_uriEnv_t *uriEnv = uriMap-vhosts-valueAt(env, uriMap-vhosts, i);
   name = uriMap-vhosts-nameAt(env, uriMap-vhosts, i);
   /* Host name is not case sensitive */
  -if (strcasecmp(name, hostame) == 0) {
  -if (port == 0 || port == uriEnv-port)
  +if (strcasecmp(name, hostname) == 0  port == uriEnv-port)
  +return uriEnv;
  +}
  +
  +if (vhost) {
  +/* Check the hostname */
  +for (i = 0 ; i  n ; i++) {
  +jk_uriEnv_t *uriEnv = uriMap-vhosts-valueAt(env, uriMap-vhosts, i);
  +name = uriMap-vhosts-nameAt(env, uriMap-vhosts, i);
  +/* Host name is not case sensitive */
  +if (strcasecmp(name, vhost) == 0)
   return uriEnv;
   }
   }
  @@ -292,10 +301,8 @@
   int m = uriEnv-aliases-size(env, uriEnv-aliases);
   for (j = 0; j  m; j++) {
   name = uriEnv-aliases-nameAt(env, uriEnv-aliases, j);
  -if (strcasecmp(name, hostame) == 0) {
  -if (port == 0 || port == uriEnv-port)
  -return uriEnv;
  -}
  +if (strcasecmp(name, hostname) == 0)
  +return uriEnv;
   }
   }
   }
  @@ -574,7 +581,7 @@
   const char *str_minus_one=str-1;
   const char *s=str+strlen(str);
   while(s!=str_minus_one  ch!=*s) {
  - --s;
  +--s;
   }
   return (s-str);
   }
  @@ -632,7 +639,7 @@
   */
   
   if (uriMap == NULL || uri==NULL) 
  - return NULL;
  +return NULL;
   
   if (uriMap-mbean-debug  1)
   env-l-jkLog(env, env-l, JK_LOG_DEBUG,
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-connectors/jk/native2/server/apache13 mod_jk2.c


mturk   2002/10/09 10:10:24

  Modified:jk/native2/server/apache13 mod_jk2.c
  Log:
  Skip the checking of default hostname and port. Using
  that scheme the same behaviour is on all web servers.
  
  Revision  ChangesPath
  1.25  +4 -8  jakarta-tomcat-connectors/jk/native2/server/apache13/mod_jk2.c
  
  Index: mod_jk2.c
  ===
  RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/server/apache13/mod_jk2.c,v
  retrieving revision 1.24
  retrieving revision 1.25
  diff -u -r1.24 -r1.25
  --- mod_jk2.c 4 Oct 2002 16:23:42 -   1.24
  +++ mod_jk2.c 9 Oct 2002 17:10:24 -   1.25
  @@ -437,7 +437,6 @@
   {
   jk_uriEnv_t *uriEnv;
   jk_env_t *env;
  -int port;
   
   if(r-proxyreq) {
   return DECLINED;
  @@ -450,13 +449,10 @@
   /* get_env() */
   env = workerEnv-globalEnv-getEnv( workerEnv-globalEnv );
   
  -port = ap_get_server_port(r);
  -if (ap_is_default_port(port, r))
  -port = 0;
   uriEnv = workerEnv-uriMap-mapUri(env, workerEnv-uriMap,
  -r-server-is_virtual ? ap_get_server_name(r) : NULL,
  -port,
  -r-uri);
  +   ap_get_server_name(r),
  +   ap_get_server_port(r),
  +   r-uri);
   
   if(uriEnv==NULL || uriEnv-workerName==NULL) {
   workerEnv-globalEnv-releaseEnv( workerEnv-globalEnv, env );
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-connectors/jk/native2/server/apache2 mod_jk2.c


mturk   2002/10/09 10:10:52

  Modified:jk/native2/server/apache2 mod_jk2.c
  Log:
  Skip the checking of default hostname and port. Using
  that scheme the same behaviour is on all web servers.
  
  Revision  ChangesPath
  1.54  +3 -7  jakarta-tomcat-connectors/jk/native2/server/apache2/mod_jk2.c
  
  Index: mod_jk2.c
  ===
  RCS file: /home/cvs/jakarta-tomcat-connectors/jk/native2/server/apache2/mod_jk2.c,v
  retrieving revision 1.53
  retrieving revision 1.54
  diff -u -r1.53 -r1.54
  --- mod_jk2.c 23 Sep 2002 17:40:17 -  1.53
  +++ mod_jk2.c 9 Oct 2002 17:10:52 -   1.54
  @@ -629,7 +629,6 @@
   {
   jk_uriEnv_t *uriEnv;
   jk_env_t *env;
  -int port;
   
   if(r-proxyreq || workerEnv==NULL) {
   return DECLINED;
  @@ -679,12 +678,9 @@
  the real mapping. 
   */
   
  -port = ap_get_server_port(r);
  -if (ap_is_default_port(port, r))
  -port = 0;
   uriEnv = workerEnv-uriMap-mapUri(env, workerEnv-uriMap,
  -r-server-is_virtual ? ap_get_server_name(r) : NULL,
  -port,
  +ap_get_server_name(r),
  +ap_get_server_port(r),
   r-uri);
   
   if( uriEnv== NULL || uriEnv-workerName == NULL) {
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c


mturk   2002/10/09 10:11:22

  Modified:jk/native2/server/isapi jk_isapi_plugin.c
  Log:
  Skip the checking of default hostname and port. Using
  that scheme the same behaviour is on all web servers.
  
  Revision  ChangesPath
  1.50  +5 -6  
jakarta-tomcat-connectors/jk/native2/server/isapi/jk_isapi_plugin.c
  
  Index: jk_isapi_plugin.c
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-connectors/jk/native2/server/isapi/jk_isapi_plugin.c,v
  retrieving revision 1.49
  retrieving revision 1.50
  diff -u -r1.49 -r1.50
  --- jk_isapi_plugin.c 25 Sep 2002 07:36:48 -  1.49
  +++ jk_isapi_plugin.c 9 Oct 2002 17:11:22 -   1.50
  @@ -270,6 +270,7 @@
   DWORD szHost = sizeof(Host);
   DWORD szTranslate = sizeof(Translate);
   DWORD szPort = sizeof(Port);
  +int   nPort;
   #ifdef SF_NOTIFY_AUTH_COMPLETE
   if (auth_notification_flags == SF_NOTIFY_AUTH_COMPLETE) {
   
GetHeader=((PHTTP_FILTER_AUTH_COMPLETE_INFO)pvNotification)-GetHeader;
  @@ -341,13 +342,11 @@
   Port[szPort-1] = '\0';
   }
   }
  -szPort = atoi(Port);
  -if (szPort == 80 || szPort == 443)
  -szPort = 0;
  +nPort = atoi(Port);
   env-l-jkLog(env, env-l,  JK_LOG_DEBUG, 
  -In HttpFilterProc Virtual Host redirection of %s : 
%d\n, 
  +In HttpFilterProc Virtual Host redirection of %s : 
%s\n, 
   Host, Port);
  -uriEnv = workerEnv-uriMap-mapUri(env, workerEnv-uriMap,Host, 
szPort, uri );
  +uriEnv = workerEnv-uriMap-mapUri(env, workerEnv-uriMap,Host, 
nPort, uri );
   
   if( uriEnv!=NULL ) {
   char *forwardURI;
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: tomcat4 write in conf files which is not FHS compliant


I'm not sure about this. AFAIK on RedHat and Mandrake ( and probably
any other distro ) there are tools that are modifying config 
files ( in etc ). I don't know how the FHS can request 'read only'
status.

jk2.properties saving can be disabled. Right now the feature is not
completely implemented - we still need the java interface ( JMX proxy )
and documentation. So disabling it for now is fine.

But from all I know, the configuration is RW.

Costin

jean-frederic clere wrote:

 Henri Gomez wrote:
 Hi to all,
 
 Tomcat 4 make write access to 2 files in the conf directory,
 jk2.properties and tomcat-users.xml (and may be others).
 
 The problem is that FHS indicate that a conf directory should
 be read only.
 
 I have the same problem with /opt where I am installing Tomcat.
 
 
 For instance, tomcat4 rpm install the conf directory in /etc/tomcat4
 and use symlink to map it to /var/tomcat4/conf.
 
 What could be done to have a behaviour following FHS recommandations ?
 
 Could we imagine having jk2.properties and tomcat-users.xml (and other
 files in conf which may be updated by tomcat4) in another directory,
 ie work/conf ?
 
 I am using catalina-home and catalina-base.
 catalina-home contains the fixed data.
 catalina-base contains the instance data.
 
 I have the following (opt/SMAWoIS/jakarta-tomcat-4.1.12 is catalina-home):
 +++
 # ls -l /opt/SMAWoIS/jakarta-tomcat
 total 12
 drwxr-xr-x   2 root other512 Oct  8 11:34 bin
 drwxr-xr-x   2 nobody   other512 Oct  8 11:31 conf
 drwxr-xr-x   4 root other512 Oct  3 10:32 conf.save
 drwxr-xr-x   2 nobody   other512 Oct  8 11:31 logs
 lrwxrwxrwx   1 root other 42 Oct  8 11:31 webapps -
 /opt/SMAWoIS/jakarta-tomcat-4.1.12/webapps
 drwxr-xr-x   3 nobody   other512 Oct  3 12:04 work
 +++
 
 The user nobody needs to write in conf because of these 2 files.
 
 That is the same  for logs because the log files are not created at the
 right place in time (I am using daemon to start the Tomcat).
 
 conf.save is a save of the conf directory.
 
 
 
 Regards
 
 
 --
 To unsubscribe, e-mail:
 mailto:[EMAIL PROTECTED]
 For additional commands, e-mail:
 mailto:[EMAIL PROTECTED]
 


-- 
Costin



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: [5.0] [VOTE] Remove deprecated and unsupported components


Remy Maucherat wrote:


 ballot
 [X] Remove deprecated org.apache.catalina.connector components from the
 j-t-catalina module
 [ ] Leave them in
 /ballot


-- 
Costin



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: commons-daemon release ?


Remy Maucherat wrote:

 Henri Gomez wrote:
 I wonder if a release of commons-daemon is planned.
 
 No, because promoting it to commons proper got vetoed.
 At the moment, it looks like a split between daemon and launcher will
 happen.

For the record - nobody can 'veto' a promotion to commons 
or a release. It is a majority vote. If it gets 3 +1 and 
more +1 than -1 - then it'll pass.

I'm willing to change my vote to -0 if the API is fixed to
not require applications to implement the daemon interfaces
( I don't like the split init any more than I did - and so
I don't plan to use it any time soon ). I remain -1 on
tomcat having dependecies on daemon, and probably -0 on
bundling daemon with tomcat. 

As I said, for 'chuid' functionality I prefer using a direct
call - I have most of it implemented using jk2, I'll
finish this well before 5.0 is released.  

-- 
Costin



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-servletapi-5/jsr154/src/share/dtd jsp_2_0.xsd

2002-10-09 Thread kinman


kinman  2002/10/09 10:38:49

  Modified:jsr152/src/share/dtd jsp_2_0.xsd
   jsr152/src/share/javax/servlet/jsp/el Expression.java
   jsr154/src/share/dtd jsp_2_0.xsd
  Log:
  - Patch by Mark Roth
  
  jsr152/src/share/javax/serlvet/jsp/el/Expression.java
   - Removed null as a return value for error - method must throw an
 exception to signal an error.
  
  jsr152/src/share/dtd/jsp_2_0.xsd:
  jsr154/src/share/dtd/jsp_2_0.xsd:
   - As per the Expert Group's decision, changed scripting-enabled to
 scripting-invalid and el-enabled to el-ignored.
 Jasper2 needs to be updated accordingly.
  
  Revision  ChangesPath
  1.4   +9 -8  jakarta-servletapi-5/jsr152/src/share/dtd/jsp_2_0.xsd
  
  Index: jsp_2_0.xsd
  ===
  RCS file: /home/cvs/jakarta-servletapi-5/jsr152/src/share/dtd/jsp_2_0.xsd,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- jsp_2_0.xsd   20 Sep 2002 01:56:44 -  1.3
  +++ jsp_2_0.xsd   9 Oct 2002 17:38:49 -   1.4
  @@ -8,7 +8,7 @@
version=2.0
   xsd:annotation
   xsd:documentation
  -@(#)jsp_2_0.xsds 1.12 09/18/02
  +%W% %G%
   /xsd:documentation
   /xsd:annotation
   
  @@ -150,16 +150,17 @@
   xsd:element name=url-pattern
type=j2ee:url-patternType
maxOccurs=unbounded/
  -xsd:element name=el-enabled
  +xsd:element name=el-ignored
type=j2ee:true-falseType
minOccurs=0
   xsd:annotation
   xsd:documentation
   
  -Can be used to easily set the isELEnabled
  +Can be used to easily set the isELIgnored
   property of a group of JSP pages.  By default, the
   EL evaluation is enabled for Web Applications using
  -a Servlet 2.4 or greater web.xml.
  +a Servlet 2.4 or greater web.xml, and disabled
  + otherwise.
   
   /xsd:documentation
   /xsd:annotation
  @@ -181,15 +182,15 @@
   /xsd:documentation
   /xsd:annotation
   /xsd:element
  -xsd:element name=scripting-enabled
  +xsd:element name=scripting-invalid
type=j2ee:true-falseType
minOccurs=0
   xsd:annotation
   xsd:documentation
   
  -Can be used to easily set the isScriptingEnabled
  -property of a group of JSP pages.  By default,
  -scripting is enabled.
  +Can be used to easily disable scripting in a
  +group of JSP pages.  By default, scripting is
  + enabled.
   
   /xsd:documentation
   /xsd:annotation
  
  
  
  1.2   +1 -1  
jakarta-servletapi-5/jsr152/src/share/javax/servlet/jsp/el/Expression.java
  
  Index: Expression.java
  ===
  RCS file: 
/home/cvs/jakarta-servletapi-5/jsr152/src/share/javax/servlet/jsp/el/Expression.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- Expression.java   19 Aug 2002 16:29:50 -  1.1
  +++ Expression.java   9 Oct 2002 17:38:49 -   1.2
  @@ -81,7 +81,7 @@
*
* @param vResolver A VariableResolver instance that can be used at runtime to
*   resolve the name of implicit objects into Objects.
  - * @return The result of the expression evaluation or null if errors were 
encountered.
  + * @return The result of the expression evaluation.
*
* @exception ELException Thrown if the expression evaluation failed.
*/ 
  
  
  
  1.4   +9 -8  jakarta-servletapi-5/jsr154/src/share/dtd/jsp_2_0.xsd
  
  Index: jsp_2_0.xsd
  ===
  RCS file: /home/cvs/jakarta-servletapi-5/jsr154/src/share/dtd/jsp_2_0.xsd,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- jsp_2_0.xsd   20 Sep 2002 01:56:44 -  1.3
  +++ jsp_2_0.xsd   9 Oct 2002 17:38:49 -   1.4
  @@ -8,7 +8,7 @@
version=2.0
   xsd:annotation
   xsd:documentation
  -@(#)jsp_2_0.xsds 1.12 09/18/02
  +%W% %G%
   /xsd:documentation
   /xsd:annotation
   
  @@ -150,16 +150,17 @@
   xsd:element name=url-pattern
type=j2ee:url-patternType
maxOccurs=unbounded/
  -xsd:element name=el-enabled
  +xsd:element name=el-ignored
type=j2ee:true-falseType
minOccurs=0
   xsd:annotation
   xsd:documentation
   
  -Can be used to easily set the isELEnabled
  +Can be used to easily set the isELIgnored
   property of a group of JSP pages.  By default, the
   EL evaluation is enabled for Web Applications using
  -a Servlet 2.4 or greater web.xml.
  +

Re: [5.0] [VOTE] Remove deprecated and unsupported components

2002-10-09 Thread Amy Roh


 ballot
 [X] Remove deprecated org.apache.catalina.connector components from the
 j-t-catalina module
 [ ] Leave them in
 /ballot

Amy


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler Compiler.java Generator.java JspConfig.java PageInfo.java TagFileProcessor.java Validator.java

2002-10-09 Thread kinman


kinman  2002/10/09 10:41:13

  Modified:jasper2/src/share/org/apache/jasper/compiler Compiler.java
Generator.java JspConfig.java PageInfo.java
TagFileProcessor.java Validator.java
  Log:
  - Modified because of spec changes syntax and semantic of turning on and off
scripting and EL.
  
  Revision  ChangesPath
  1.36  +5 -2  
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Compiler.java
  
  Index: Compiler.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Compiler.java,v
  retrieving revision 1.35
  retrieving revision 1.36
  diff -u -r1.35 -r1.36
  --- Compiler.java 24 Sep 2002 21:24:58 -  1.35
  +++ Compiler.java 9 Oct 2002 17:41:13 -   1.36
  @@ -210,10 +210,13 @@
if (jspProperty.isXml() != null) {
pageInfo.setIsXmlSpecified(true);
}
  + if (jspProperty.isELIgnored() != null) {
  + pageInfo.setELIgnoredSpecified(true);
  + }
pageInfo.setIsXml(JspUtil.booleanValue(jspProperty.isXml()));
pageInfo.setPageEncoding(jspProperty.getPageEncoding());
  - pageInfo.setELEnabled(JspUtil.booleanValue(jspProperty.isELEnabled()));
  - 
pageInfo.setScriptingEnabled(JspUtil.booleanValue(jspProperty.isScriptingEnabled()));
  + pageInfo.setELIgnored(JspUtil.booleanValue(jspProperty.isELIgnored()));
  + 
pageInfo.setScriptingInvalid(JspUtil.booleanValue(jspProperty.isScriptingInvalid()));
pageInfo.setIncludePrelude(jspProperty.getIncludePrelude());
pageInfo.setIncludeCoda(jspProperty.getIncludeCoda());
}
  
  
  
  1.109 +4 -4  
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Generator.java
  
  Index: Generator.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/Generator.java,v
  retrieving revision 1.108
  retrieving revision 1.109
  diff -u -r1.108 -r1.109
  --- Generator.java8 Oct 2002 00:45:23 -   1.108
  +++ Generator.java9 Oct 2002 17:41:13 -   1.109
  @@ -826,7 +826,7 @@
   
   public void visit(Node.ELExpression n) throws JasperException {
   n.setBeginJavaLine(out.getJavaLine());
  -if ( pageInfo.isELEnabled() ) {
  +if ( !pageInfo.isELIgnored() ) {
   out.printil(
   out.write(
+ JspUtil.interpreterCall(this.isTagFile,
  
  
  
  1.4   +51 -51
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java
  
  Index: JspConfig.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- JspConfig.java24 Aug 2002 21:42:34 -  1.3
  +++ JspConfig.java9 Oct 2002 17:41:13 -   1.4
  @@ -90,8 +90,8 @@
   private boolean initialized = false;
   
   private String defaultIsXml = null;  // unspecified
  -private String defaultIsELEnabled = true;
  -private String defaultIsScriptingEnabled = true;
  +private String defaultIsELIgnored = null;// unspecified
  +private String defaultIsScriptingInvalid = false;
   
   public JspConfig(ServletContext ctxt) {
this.ctxt = ctxt;
  @@ -109,7 +109,7 @@
ParserUtils pu = ParserUtils.createParserUtils(cl);
TreeNode webApp = pu.parseXMLDocument(WEB_XML, is);
if (webApp == null || !2.4.equals(webApp.findAttribute(version))) {
  - defaultIsELEnabled = false;
  + defaultIsELIgnored = true;
return;
}
TreeNode jspConfig = webApp.findChild(jsp-config);
  @@ -126,8 +126,8 @@
   
   Vector urlPatterns = new Vector();
String pageEncoding = null;
  - String scriptingEnabled = null;
  - String elEnabled = null;
  + String scriptingInvalid = null;
  + String elIgnored = null;
String isXml = null;
Vector includePrelude = new Vector();
Vector includeCoda = new Vector();
  @@ -143,10 +143,10 @@
pageEncoding = element.getBody();
else if (is-xml.equals(tname))
isXml = element.getBody();
  - else if (el-enabled.equals(tname))
  - elEnabled = element.getBody();
  - else if (scripting-enabled.equals(tname))
  - scriptingEnabled = element.getBody();
  + else if (el-ignored.equals(tname))
  + elIgnored = element.getBody();
  + else if

Re: administration-howto.html

2002-10-09 Thread Amy Roh


Glenn Nielsen wrote:

 jean-frederic clere wrote:
  Hi,
 
  I am willing to use the administration tools of Tomcat but I am
  wondering where the administration-howto.html is located.
 
  If it is not existing I will create one similar to the existing
  manager-howto.xml.
 
  Any comments?
 

 I know that Amy has been working on taking care of some of the problems
 I posted about the Tomcat 4.1 configuration admin application.  A help
 document was one of the issues.

There is also Tomcat Administration tool tutorial for the Java Web Services at
http://java.sun.com/webservices/docs/1.0/tutorial/doc/Admintool.html.  It
doesn't have the latest admin addition but I'm sure you can reference to the
documentation as you write the administration-howto.html in Tomcat.  Perhaps,
you can add a link to it as well.  Thanks for good suggestion!

Amy



 This is really needed, thanks!

 Glenn

 --
 To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
 For additional commands, e-mail: mailto:[EMAIL PROTECTED]


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

DO NOT REPLY [Bug 13084] - jsp compilation with jikes fails


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13084.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13084

jsp compilation with jikes fails





--- Additional Comments From [EMAIL PROTECTED]  2002-10-09 18:03 ---
My apologies. I'm still getting used to bugzilla, and thought the OS version 
was only related to the comment that I was posting. I'll open a new bug.

Matt

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

JNDI Initial Context, outside webapp

2002-10-09 Thread Luca Zago


Hi,
I noticed that is pratically impossible to retrieve a JNDI resource 
outside a webapp.If I need to access my resourse in some classes 
istantiated outside a single webapp, I always get an exception.

Name jdbc/myDS is not bound in this Context

I read the docs. If I understand well, the initialContext is read-only, 
(for this reason I cannot published a resource there), then the only 
context available is java:comp/env, available only insdie a webapp.
I think that a solution could be: since initialContext for sure is 
initialized before webapps, if I can publish a resource there, then I 
can access this resource outside a webapp. have I understood well, is it 
so impossible to publish in the initialContext, like in other 
Application servers?
is there a way to access a JNDI resource outside a webapp?
or is it a limitation of the JNDI implementation in Tomcat?

Thank you in advance for suggestions or explanation.


-- 
Luca Zago
Senior IT Developer
_

E-TREE S.p.a.  Via Fonderia 43 - 31100 Treviso (Italy)
phone +39.0422.3107
fax   +39.0422.310888
http://www.e-tree.com  http://www.webanana.com
_


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

DO NOT REPLY [Bug 13466] New: - Jikes compilation fails


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13466.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13466

Jikes compilation fails

   Summary: Jikes compilation fails
   Product: Tomcat 4
   Version: 4.1.12
  Platform: Sun
OS/Version: Solaris
Status: NEW
  Severity: Critical
  Priority: Other
 Component: Jasper 2
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


Solaris 8, Tomcat 4.1.12, Jikes 1.17, JDK 1.2.2_06

Following the instructions for using jikes instead of javac, I am getting the 
following error:

org.apache.jasper.JasperException: Unable to compile class for JSP

An error occurred at line: -1 in the jsp file: null

Generated servlet error:
[javac] jsp/error500_jsp.java added as /export/home/mpark/jakarta-tomcat-
4.1.12/work/Standalone/localhost/memento/jsp/error500_jsp.class doesn't exist.
[javac] Compiling 1 source file
[javac] Using jikes compiler
dropping /usr/java1.2/jre/jre/lib/rt.jar from path as it doesn't exist
dropping /usr/java1.2/Classes/classes.jar from path as it doesn't exist
dropping /usr/java1.2/Classes/ui.jar from path as it doesn't exist
[javac] Compilation arguments:
[javac] '-classpath'

[javac] '/usr/java1.2/jre/lib/ext/iiimp.jar:/usr/java/lib/tools.jar:/export/home
/mpark/jakarta-tomcat-4.1.12/bin/bootstrap.jar:/export/home/mpark/jakarta-
tomcat-4.1.12/webapps/memento/WEB-INF/classes:/export/home/mpark/jakarta-tomcat-
4.1.12/webapps/memento/WEB-INF/lib/log4j-1.2.6.jar:/export/home/mpark/jakarta-
tomcat-4.1.12/webapps/memento/WEB-
INF/lib/memento.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/webapps/memento/WEB-INF/lib/webapp.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/shared/classes:/export/home/mpark/jakarta-tomcat-
4.1.12/common/classes:/export/home/mpark/jakarta-tomcat-
4.1.12/common/endorsed/xercesImpl.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/common/endorsed/xmlParserAPIs.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/common/lib/jasper-compiler.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/common/lib/commons-logging-api.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/common/lib/naming-factory.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/common/lib/ant.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/common/lib/naming-common.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/common/lib/naming-resources.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/common/lib/commons-collections.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/common/lib/activation.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/common/lib/jta.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/common/lib/commons-dbcp.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/common/lib/mail.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/common/lib/jasper-runtime.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/common/lib/jdbc2_0-stdext.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/common/lib/jndi.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/common/lib/commons-pool.jar:/export/home/mpark/jakarta-tomcat-
4.1.12/common/lib/servlet.jar:/usr/java1.2/jre/lib/rt.jar:/export/home/mpark/jak
arta-tomcat-4.1.12/work/Standalone/localhost/memento'
[javac] '-encoding'
[javac] 'ISO-8859-1'
[javac] '-g'
[javac]
[javac] The ' characters around the executable and arguments are
[javac] not part of the command.
[javac] File to be compiled:
[javac] /export/home/mpark/jakarta-tomcat-
4.1.12/work/Standalone/localhost/memento/jsp/error500_jsp.java




web.xml snippet:

servlet
servlet-namejsp/servlet-name
servlet-classorg.apache.jasper.servlet.JspServlet/servlet-class
init-param
param-namelogVerbosityLevel/param-name
param-valueDEBUG/param-value
/init-param
init-param
param-namecompiler/param-name
param-valuejikes/param-value
/init-param
init-param
param-namejavaEncoding/param-name
param-valueISO-8859-1/param-value
/init-param
load-on-startup3/load-on-startup
/servlet

# uname -a
SunOS osiris 5.8 Generic_108528-06 sun4u sparc SUNW,Ultra-5_10

# java -version
java version 1.2.2
Solaris VM (build Solaris_JDK_1.2.2_06, native threads, sunwjit)

# jikes -version
Jikes Compiler - Version 1.17 - 27 September 2002

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/xmlparser ParserUtils.java


luehe   2002/10/09 11:25:39

  Modified:jasper2/src/share/org/apache/jasper/compiler JspConfig.java
TagLibraryInfoImpl.java TldLocationsCache.java
   jasper2/src/share/org/apache/jasper/xmlparser
ParserUtils.java
  Log:
  Removed redundant code
  
  Revision  ChangesPath
  1.5   +4 -5  
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java
  
  Index: JspConfig.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- JspConfig.java9 Oct 2002 17:41:13 -   1.4
  +++ JspConfig.java9 Oct 2002 18:25:39 -   1.5
  @@ -105,8 +105,7 @@
return;
}
   
  - ClassLoader cl = this.getClass().getClassLoader();
  - ParserUtils pu = ParserUtils.createParserUtils(cl);
  + ParserUtils pu = new ParserUtils();
TreeNode webApp = pu.parseXMLDocument(WEB_XML, is);
if (webApp == null || !2.4.equals(webApp.findAttribute(version))) {
defaultIsELIgnored = true;
  
  
  
  1.16  +4 -5  
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/TagLibraryInfoImpl.java
  
  Index: TagLibraryInfoImpl.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/TagLibraryInfoImpl.java,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- TagLibraryInfoImpl.java   27 Sep 2002 20:18:32 -  1.15
  +++ TagLibraryInfoImpl.java   9 Oct 2002 18:25:39 -   1.16
  @@ -258,8 +258,7 @@
   Vector functionVector = new Vector();
   
   // Create an iterator over the child elements of our taglib element
  -ClassLoader cl = ctxt.getClassLoader();
  -ParserUtils pu = ParserUtils.createParserUtils(cl);
  +ParserUtils pu = new ParserUtils();
   TreeNode tld = pu.parseXMLDocument(uri, in);
   Iterator list = tld.findChildren();
   
  
  
  
  1.8   +12 -13
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/TldLocationsCache.java
  
  Index: TldLocationsCache.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/TldLocationsCache.java,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- TldLocationsCache.java7 Oct 2002 22:52:22 -   1.7
  +++ TldLocationsCache.java9 Oct 2002 18:25:39 -   1.8
  @@ -118,7 +118,7 @@
   public static final int ROOT_REL_URI = 1;
   public static final int NOROOT_REL_URI = 2;
   
  -static private final String WEB_XML = /WEB-INF/web.xml;
  +private static final String WEB_XML = /WEB-INF/web.xml;
   
   /**
* The mapping of the 'global' tag library URI to the location
  @@ -128,17 +128,21 @@
*[1] If the location is a jar file, this is the location
*of the tld.
*/
  -private Hashtable mappings = new Hashtable();
  +private Hashtable mappings;
   
  -private Hashtable tlds = new Hashtable();
  +private Hashtable tlds;
  +
  +private boolean initialized;
  +private ServletContext ctxt;
   
  -private boolean initialized=false;
  -ServletContext ctxt;
   //*
   // Constructor and Initilizations
   
   public TldLocationsCache(ServletContext ctxt) {
  -this.ctxt=ctxt;
  +this.ctxt = ctxt;
  + mappings = new Hashtable();
  + tlds = new Hashtable();
  + initialized = false;
   }
   
   private void init() {
  @@ -168,10 +172,7 @@
   }
   
   // Parse the web application deployment descriptor
  -ClassLoader cl =
  -// (ClassLoader) ctxt.getAttribute(Constants.SERVLET_CLASS_LOADER);
  -this.getClass().getClassLoader();
  -ParserUtils pu = ParserUtils.createParserUtils(cl);
  +ParserUtils pu = new ParserUtils();
   TreeNode webtld = pu.parseXMLDocument(WEB_XML, is);
   
// Allow taglib be an element of the root or jsp-config (JSP2.0)
  @@ -286,7 +287,6 @@
   private String parseTldForUri(String resourcePath, InputStream in) 
   throws JasperException
   {
  -
   // Parse the tag library descriptor at the specified resource path
   ParserUtils pu = new ParserUtils();
   TreeNode tld = pu.parseXMLDocument(resourcePath, in);
  @@ -297,7 +297,6 @@
   return body;
   }
   return null; // No uri element is present
  -
   }

Re: Tomcat4: Persistent http connection problem

2002-10-09 Thread mike thomas


I also have been surfing the web to find out how to implement
an applet-to-servlet communication link over a persistent http connection.

There is a working implementation available for download at
http://www.ustobe.com/

After clicking on the 'news' item in the menu, there are links
available to download HttpKeepalive.java, with javadoc explaining
how to use this class.

Mike



_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

mod_jk crash, please help

2002-10-09 Thread Eugene Gluzberg



I am running apache 1.3 with mod_jk, my apache has apxs.

I compiled and installed mod_jk from source, tag TOMCAT_4_1_12, 
configured it using the following options:
./configure --with-gnu-ld --with-apxs=/myapxpath/bin/apxs --enable-EAPI 
--with-java-home=/usr/java/jdk1.3.1

ran make

installed mod_jk into the module directory, loaded fine.


I created a virtual host in apache and added the following JkMount:

JkMount /*.jsp wwwuser_wk

My workers.properties looks as follows:
workers.java_home=/usr/java/jdk1.3.1
workers.tomcat_home=/var/tomcat4
worker.list=wwwuser_wk

worker.wwwuser_wk.host=localhost
worker.wwwuser_wk.port=5266
worker.wwwuser_wk.type=ajp13
worker.wwwuser_wk.lbfactor=50
worker.wwwuser_wk.cachesize=10
worker.wwwuser_wk.cache_timeout=600
worker.wwwuser_wk.socket_keepalive=1
worker.wwwuser_wk.socket_timeout=300


I startup apache and tomcat, then i point my browser to xyz.com/index.jsp

I get nothing back on the browser, and the following in error_log
[notice] child pid 19817 exit signal Segmentation fault (11)

I added debugging code to mod_jk and traced it to the following line in 
mod_jk.c
   s-remote_host  = (char *)ap_get_remote_host(r-connection, 
r-per_dir_config, REMOTE_HOST);


REMOTE_HOST seems to be NULL for that since i printed all the stuff from 
there.

Please help. How can i trace this further? How do i get apache to 
generate a core file so i can see where in apache code this is? Any 
pointers for help here at all?

Eugene



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: [Proposal] Security Audit

2002-10-09 Thread Bob Herrmann


FYI, Just to start off, I am going to review these classes.  If
someone else also reviews them, thats probably a good thing...

# classes, package name

17 o.a.c.deploy
9  o.a.c.users
44 o.a.c.*
34 o.a.jk.*
15 j.s.http

Briefly, I am going to look for
 - How/if a ClassLoader is used
 - privilege blocks (are they small, use trusted values)
 - look for non-final static variables (can they be abused)
 - can methods/fields be made private?
 - are mutable objects returned to caller (especially arrays)
   think about returning clones
 - non final equals/hashcode methods? (accessing sensitive stuff?)
 - Serializable (exposes private stuff?)

Does anyone publish a security checklist list like this?

Blah Blah,
-bob


On Tue, 2002-10-08 at 16:36, Jean-Francois Arcand wrote:
 Hi,
 
 I'm looking to do a Security Audit on the current Tomcat 5.0 codebase. I 
 would like to collect as more as information as where you think I should 
 look at (code, security hole, etc.). I'm planning to do the audit using 
 the default SecurityManager. Rigth now, I have started looking at:
 
 - doPrivilege blocks. Are they small enough? Can they be reduced?
 - JSP generated code. Are they secure? Can a malicious app uses the code 
 to access o.a.catalina code?
 - Is catalina.policy restricted enough?
 - Is our Classloader secure?
 
 Any direction/ideas/recommendations will be appreciated.
 
 Thanks,
 
 -- Jeanfrancois
 
 
 --
 To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
 For additional commands, e-mail: mailto:[EMAIL PROTECTED]
-- 
Bob Herrmann [EMAIL PROTECTED]


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

[JK2] make hostMap cache

2002-10-09 Thread Mladen Turk


Hi,

I would like to make the hostMap cache for hostname:port combination.
Right now we doing hostMap over and over again for each request, so I
would like to make a table that will save the once found hostEnv for
requested hostname:port combination, skipping hostMap when already
resolved.

Any objections to that?

Also I would like to extend the jk2_map to use the precomputed key
checksum value, similar to the apr's table. That will give us
significant speedup for table processing.

MT.



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: [Proposal] Security Audit


AFAIK, the most important check is doPriviledged(). What we need
to look for is if any of those blocks could be used by 
untrusted code to do something. 

The second very important check is the facades - making sure 
untrusted code can't get access to the real objects.

We should also make sure that the facades are not reused or
are reused only inside a context.

It is nice to review all code for security and bugs ( and general
quality ) - but IMO it is more important to review first the 
critical areas.

The ClassLoader shouldn't create any major problems ( at least in
delegating mode - in non delegating mode we can only trust the 
servlet experts that they did the resarch and can guarantee there's
no security implications. I haven't heard anything convincing on this, but 
they should have this knowledge - otherwise it wouldn't be in the spec :-)


Costin

Bob Herrmann wrote:

 FYI, Just to start off, I am going to review these classes.  If
 someone else also reviews them, thats probably a good thing...
 
 # classes, package name
 
 17 o.a.c.deploy
 9  o.a.c.users
 44 o.a.c.*
 34 o.a.jk.*
 15 j.s.http
 
 Briefly, I am going to look for
  - How/if a ClassLoader is used
  - privilege blocks (are they small, use trusted values)
  - look for non-final static variables (can they be abused)
  - can methods/fields be made private?
  - are mutable objects returned to caller (especially arrays)
think about returning clones
  - non final equals/hashcode methods? (accessing sensitive stuff?)
  - Serializable (exposes private stuff?)
 
 Does anyone publish a security checklist list like this?
 
 Blah Blah,
 -bob
 
 
 On Tue, 2002-10-08 at 16:36, Jean-Francois Arcand wrote:
 Hi,
 
 I'm looking to do a Security Audit on the current Tomcat 5.0 codebase. I
 would like to collect as more as information as where you think I should
 look at (code, security hole, etc.). I'm planning to do the audit using
 the default SecurityManager. Rigth now, I have started looking at:
 
 - doPrivilege blocks. Are they small enough? Can they be reduced?
 - JSP generated code. Are they secure? Can a malicious app uses the code
 to access o.a.catalina code?
 - Is catalina.policy restricted enough?
 - Is our Classloader secure?
 
 Any direction/ideas/recommendations will be appreciated.
 
 Thanks,
 
 -- Jeanfrancois
 
 
 --
 To unsubscribe, e-mail:  
 mailto:[EMAIL PROTECTED] For additional
 commands, e-mail: mailto:[EMAIL PROTECTED]

-- 
Costin



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: [5.0] [VOTE] Remove deprecated and unsupported components

2002-10-09 Thread Bill Barker


 
 ballot
 [X] Remove deprecated org.apache.catalina.connector components from the 
 j-t-catalina module
 [ ] Leave them in
 /ballot
 



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

DO NOT REPLY [Bug 13467] New: - getResource() URL doesn't know the content type


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13467.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13467

getResource() URL doesn't know the content type

   Summary: getResource() URL doesn't know the content type
   Product: Tomcat 4
   Version: 4.0.4 Final
  Platform: All
OS/Version: All
Status: NEW
  Severity: Normal
  Priority: Other
 Component: Unknown
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


the URL object returned by the ServletContext's getResource() method
doesn't figure out the content-type of the wrapped resource

strictly speaking this is maybe not a bug
but shurely is a low-quality implementation

the javadoc for ServletContext's getResourceAsStream() method says:
Meta-information such as content length and CONTENT TYPE that is available via 
getResource method is lost when using this method.
so it implicitly states, that the content type should be available from the 
getResource() method

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: [JK2] make hostMap cache


+1

One question - do you think it's a good idea to extend the jk2_map
to do the full mapping ? ( actually, all the code is there, but
it's not used ). 

By full mapping I mean setting/sending the 'servletPath', 'pathInfo', 
'wrapperName' and all the extra information that is needed - and bypassing 
the normal mapper in java.

In order for this to work we need to add the extra info to the [uri]
and make sure it is sent - and then find how to bypass catalina mapper
( for 3.3 it's quite easy ).

Costin


Mladen Turk wrote:

 Hi,
 
 I would like to make the hostMap cache for hostname:port combination.
 Right now we doing hostMap over and over again for each request, so I
 would like to make a table that will save the once found hostEnv for
 requested hostname:port combination, skipping hostMap when already
 resolved.
 
 Any objections to that?
 
 Also I would like to extend the jk2_map to use the precomputed key
 checksum value, similar to the apr's table. That will give us
 significant speedup for table processing.
 
 MT.

-- 
Costin



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Axis1.0 and chains/handlers


This is just FYI, in case you don't know all this already.

I'm sure some of you are already using axis. One thing it
would be worth looking at is the basic architecture they use
for request processing. 

I think the model they're using is more powerfull than both
3.3 Interceptor and 4.0 Valve, and it may be worth understanding
it better.

They use multiple named 'chains' - request chain, transport chain, etc.
Each chain consist of Handlers - and the config explicitely specifies
the order of handlers in each chain.

That's an improvement over 3.3 - the system is more extensible ( 
instead of few dozens hardcoded callbacks in BaseInterceptor ). It
also allow fine control over the order of handlers - which is one
of the big pain points.

It provide benefits over 4.0 - where all processing happens in a
single chain ( with some additional 'chains' in listeners ).

It is also better than ActionCode - again, it is extensible (
we hardcode all the chains ) and provides more control.

The code is quite messy ( again IMO ), but as I said it is well
worth learning and using some of the ideas in future tomcats.

-- 
Costin



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: [Proposal] Security Audit

2002-10-09 Thread Jean-Francois Arcand







Costin Manolache wrote:

  AFAIK, the most important check is doPriviledged(). What we need
to look for is if any of those blocks could be used by 
untrusted code to do something. 

The second very important check is the facades - making sure 
untrusted code can't get access to the real objects.

We should also make sure that the facades are not reused or
are reused only inside a context.

It is nice to review all code for security and bugs ( and general
quality ) - but IMO it is more important to review first the 
critical areas.

I will start looking at the doPrivilege block. One thing that I have found
is most Tomcat's doPrivilege block contains more operations that they should.
Minimizing what we put inside the doPrivilege is very important. As an example
(need to be optimized), I made some change to the WebappClassLoader (see
the diff.txt). 


  

The ClassLoader shouldn't create any major problems ( at least in
delegating mode - in non delegating mode we can only trust the 
servlet experts that they did the resarch and can guarantee there's
no security implications. I haven't heard anything convincing on this, but 
they should have this knowledge - otherwise it wouldn't be in the spec :-)

Other areas we can look first are:

- Admin Tool. Is the tool secure enougth?
- Invoker/Defaut Servlet ;-)
- The code Jasper generates. This is one place where facade will get accessed.

-- Jeanfrancois




  


Costin

Bob Herrmann wrote:

  
  
FYI, Just to start off, I am going to review these classes.  If
someone else also reviews them, thats probably a good thing...

# classes, package name

17 o.a.c.deploy
9  o.a.c.users
44 o.a.c.*
34 o.a.jk.*
15 j.s.http

Briefly, I am going to look for
 - How/if a ClassLoader is used
 - privilege blocks (are they small, use trusted values)
 - look for non-final static variables (can they be abused)
 - can methods/fields be made private?
 - are mutable objects returned to caller (especially arrays)
   think about returning clones
 - non final equals/hashcode methods? (accessing sensitive stuff?)
 - Serializable (exposes private stuff?)

Does anyone publish a security checklist list like this?

Blah Blah,
-bob


On Tue, 2002-10-08 at 16:36, Jean-Francois Arcand wrote:


  Hi,

I'm looking to do a Security Audit on the current Tomcat 5.0 codebase. I
would like to collect as more as information as where you think I should
look at (code, security hole, etc.). I'm planning to do the audit using
the default SecurityManager. Rigth now, I have started looking at:

- doPrivilege blocks. Are they small enough? Can they be reduced?
- JSP generated code. Are they secure? Can a malicious app uses the code
to access o.a.catalina code?
- Is catalina.policy restricted enough?
- Is our Classloader secure?

Any direction/ideas/recommendations will be appreciated.

Thanks,

-- Jeanfrancois


--
To unsubscribe, e-mail:  
mailto:[EMAIL PROTECTED] For additional
commands, e-mail: mailto:[EMAIL PROTECTED]
  

  
  
  




Index: WebappClassLoader.java
===
RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java,v
retrieving revision 1.6
diff -u -r1.6 WebappClassLoader.java
--- WebappClassLoader.java  5 Sep 2002 11:38:59 -   1.6
+++ WebappClassLoader.java  9 Oct 2002 19:23:07 -
@@ -154,16 +154,16 @@
 protected class PrivilegedFindResource
 implements PrivilegedAction {
 
-private String name;
+private int filePointer;
 private String path;
 
-PrivilegedFindResource(String name, String path) {
-this.name = name;
+PrivilegedFindResource(int filePointer, String path) {
+this.filePointer = filePointer;
 this.path = path;
 }
 
 public Object run() {
-return findResourceInternal(name, path);
+return findResourceInternal(filePointer, path);
 }
 
 }
@@ -895,13 +895,7 @@
 
 ResourceEntry entry = (ResourceEntry) resourceEntries.get(name);
 if (entry == null) {
-if (securityManager != null) {
-PrivilegedAction dp =
-new PrivilegedFindResource(name, name);
-entry = (ResourceEntry)AccessController.doPrivileged(dp);
-} else {
-entry = findResourceInternal(name, name);
-}
+entry = findResourceInternal(name, name);
 }
 if (entry != null) {
 url = entry.source;
@@ -1479,13 +1473,7 @@
 
 ResourceEntry entry = null;
 
-if (securityManager != null) {
-PrivilegedAction dp =
-new PrivilegedFindResource(name, classPath);
-entry = (ResourceEntry)AccessController.doPrivileged(dp);
-} else {
-entry = findResourceInternal(name, classPath);
-}
+entry =

DO NOT REPLY [Bug 11730] - build fails - can't find jni_md.h


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11730.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11730

build fails - can't find jni_md.h

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||FIXED



--- Additional Comments From [EMAIL PROTECTED]  2002-10-09 19:57 ---
You need a -Dlinux=1 as param. 
( and we need to either automate the os detection or document this better ).

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

DO NOT REPLY [Bug 13419] - Weird seg fault on Mac OS X for mod_jk2 + Apache2


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13419.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13419

Weird seg fault on Mac OS X for mod_jk2 + Apache2





--- Additional Comments From [EMAIL PROTECTED]  2002-10-09 20:03 ---
That's very strange. 
First - make sure you compile with -O0 - it may be something wrong with the
line numbers due to reordering by the compiler. 
It seems obvious that the NPE is in the printf implementation - that's 
common in many OSes if a param is NULL. However the code fragment seems
to check for null.

I would sugest double checking the -O flag and the printf params.

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

DO NOT REPLY [Bug 11678] - JNDIRealm times out/prompts for password with BASIC authentication


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11678.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11678

JNDIRealm times out/prompts for password with BASIC authentication





--- Additional Comments From [EMAIL PROTECTED]  2002-10-09 20:21 ---
I've noticed this bug with tomcat 4.1.12 as well. I believe this is because the 
ldap server timesout the connection after some time if there is no activity 
from the ldap client. Once the timeout occurs, if a user tries to browse a url 
that requires authentication, the bind operation in ldap fails as ldap 
connection is invalid and JNDIRealm class throws a 
javax.naming.CommunicationException. This results in authentication failure and 
user is prompted for authentication again. This is quite irritating to the 
user. When user types in uid/password second time, a new ldap connection is 
created and authentication succeeds.

I think the solution is to detect ldap connection timeout in JNDIRealm and make 
a new connection if necessary and then perform the bind for authentication. 
Hope this bug gets fixed.

-nagraj

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime JspRuntimeLibrary.java


luehe   2002/10/09 13:21:52

  Modified:jasper2/src/share/org/apache/jasper/resources
messages.properties messages_es.properties
messages_ja.properties
   jasper2/src/share/org/apache/jasper/runtime
JspRuntimeLibrary.java
  Log:
  Fixed 13206: Invalid java bean property error message could be reported better.
  
  Revision  ChangesPath
  1.45  +2 -2  
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages.properties
  
  Index: messages.properties
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages.properties,v
  retrieving revision 1.44
  retrieving revision 1.45
  diff -u -r1.44 -r1.45
  --- messages.properties   8 Oct 2002 23:22:57 -   1.44
  +++ messages.properties   9 Oct 2002 20:21:52 -   1.45
  @@ -94,7 +94,7 @@
   jsp.error.beans.nobeaninfo=No BeanInfo for the bean of type ''{0}'' could be found, 
the class likely does not exist.
   jsp.error.beans.introspection=An exception occurred while introspecting the read 
method of property ''{0}'' in a bean of type ''{1}'':\n{2}
   jsp.error.beans.nomethod=Cannot find a method to read property ''{0}'' in a bean of 
type ''{1}''
  -jsp.error.beans.nomethod.setproperty=Can''t find a method to write property ''{0}'' 
in a bean of type ''{1}''
  +jsp.error.beans.nomethod.setproperty=Can''t find a method to write property ''{0}'' 
of type ''{1}'' in a bean of type ''{2}''
   jsp.error.beans.noproperty=Cannot find any information on property ''{0}'' in a 
bean of type ''{1}''
   jsp.error.beans.setproperty.noindexset=Cannot set indexed property
   jsp.error.include.tag=Invalid jsp:include tag
  
  
  
  1.16  +2 -2  
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages_es.properties
  
  Index: messages_es.properties
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages_es.properties,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- messages_es.properties8 Oct 2002 23:22:57 -   1.15
  +++ messages_es.properties9 Oct 2002 20:21:52 -   1.16
  @@ -73,7 +73,7 @@
   jsp.error.beans.nobeaninfo=No se puede encontrar BeanInfo para el bean  ''{0}'' 
seguramente la clase no existe
   jsp.error.beans.introspection=Una excepcion a ocurrido mientras se leia el metodo 
de lectura de la propiedad ''{0}'' en un bean del tipo ''{1}'':\n{2}
   jsp.error.beans.nomethod=No puedo encontrar un metodo para leer la propiedad 
''{0}'' en un bean del tipo ''{1}''
  -jsp.error.beans.nomethod.setproperty=No puedo encontrar un metodo para write de la 
propiedad ''{0}'' en un bean del tipo ''{1}''
  +jsp.error.beans.nomethod.setproperty=No puedo encontrar un metodo para write de la 
propiedad ''{0}'' en un bean del tipo ''{2}''
   jsp.error.beans.noproperty=No puedo encontrar informacion de la propiedad ''{0}'' 
en un bean del tipo ''{1}''
   jsp.error.beans.setproperty.noindexset=No puedo hacer set de la propiedad indexada
   jsp.error.include.tag=Tag jsp:include no valido
  
  
  
  1.16  +2 -2  
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages_ja.properties
  
  Index: messages_ja.properties
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages_ja.properties,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- messages_ja.properties8 Oct 2002 23:22:57 -   1.15
  +++ messages_ja.properties9 Oct 2002 20:21:52 -   1.16
  @@ -84,7 +84,7 @@
   jsp.error.beans.nobeaninfo=\u30bf\u30a4\u30d7 ''{0}'' 
\u306eBean\u306bBeanInfo\u304c\u306a\u3044\u306e\u3092\u691c\u51fa\u3057\u307e\u3057\u305f,
 
\u30af\u30e9\u30b9\u304c\u5b58\u5728\u3057\u306a\u3044\u304b\u3082\u3057\u308c\u307e\u305b\u3093
   jsp.error.beans.introspection=\u30bf\u30a4\u30d7 ''{1}'' 
\u306eBean\u4e2d\u306e\u5c5e\u6027 ''{0}'' 
\u306eread\u30e1\u30bd\u30c3\u30c9\u3092\u5185\u7701\u4e2d\u306b\u4f8b\u5916\u304c\u767a\u751f\u3057\u307e\u3057\u305f:\n{2}
   jsp.error.beans.nomethod=\u30bf\u30a4\u30d7 ''{1}'' 
\u306eBean\u4e2d\u306e\u5c5e\u6027 ''{0}'' 
\u3092\u8aad\u307f\u8fbc\u3080\u30e1\u30bd\u30c3\u30c9\u3092\u767a\u898b\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f
  -jsp.error.beans.nomethod.setproperty=\u30bf\u30a4\u30d7 ''{1}'' 
\u306eBean\u4e2d\u306e\u5c5e\u6027 ''{0}'' 
\u3092\u66f8\u304d\u8fbc\u3080\u30e1\u30bd\u30c3\u30c9\u3092\u767a\u898b\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f
  +jsp.error.beans.nomethod.setproperty=\u30bf\u30a4\u30d7 ''{2}'' 
\u306eBean\u4e2d\u306e\u5c5e\u6027 ''{0}''

DO NOT REPLY [Bug 13206] - Invalid java bean property error message could be reported better.


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13206.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13206

Invalid java bean property error message could be reported better.

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||FIXED

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

DO NOT REPLY [Bug 11678] - JNDIRealm times out/prompts for password with BASIC authentication


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11678.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11678

JNDIRealm times out/prompts for password with BASIC authentication





--- Additional Comments From [EMAIL PROTECTED]  2002-10-09 20:33 ---
Another problem is that I'm pretty sure that if you use BASIC authentication 
rather than session based authentication, it doesn't do any caching which 
means that everytime you access a protected resource, it authenticates against 
the LDAP directory which isn't a very efficient thing to do.

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

[SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability;Apache Tomcat 4.0.6 released


A security vulnerability has been confirmed to exist in Apache Tomcat
4.0.x releases (including Tomcat 4.0.5), which allows to use a specially
crafted URL to return the unprocessed source of a JSP page, or, under
special circumstances, a static resource which would otherwise have been
protected by security constraint, without the need for being properly
authenticated. This is based on a variant of the exploit that was
disclosed on 09/24/2002.

The cause
-

Using the invoker servlet in conjunction with the default servlet
(responsible for handling static content in Tomcat) triggers this
vulnerability.

Who is vulnerable
-

- All Tomcat 4.0.x releases, except those in which the invoker servlet
is disabled (this is not the default setting).
- All Tomcat 4.1.x releases before 4.1.12, except those in which the
invoker servlet is disabled (this is not the default setting), as
well as 4.1.12 if and only if the invoker servlet has been enabled.
The default Tomcat 4.1.12 installation is not vulnerable.

Fixes and workarounds
-

Doing either of the following will resolve the security problem:

A) Disabling the invoker servlet

In the $CATALINA_HOME/conf/web.xml file (on Windows,
%CATALINA_HOME%\conf\web.xml), comment out or remove the following
XML fragment:

  servlet-mapping
  servlet-nameinvoker/servlet-name
  url-pattern/servlet/*/url-pattern
  /servlet-mapping

B) If running any Tomcat 4.0.x releases, download and install the
following binary patch:

http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.5/bin/hotfix/13365.zip

Simply unzip the archive in the $CATALINA_HOME folder (on Windows
%CATALINA_HOME%). Make sure paths are preserved when unzipping. The
patch will overwrite the default webapp configuration file
($CATALINA_HOME/conf/web.xml) to add a workaround to protect
against the security vulnerability.

C) If running Tomcat 4.1.12 and the invoker servlet was enabled, it must
be disabled at this time. A new Tomcat 4.1.x release incorporating
the fix to the invoker servlet will be made available shortly.

D) If running any Tomcat 4.0.x release, download and install Tomcat 4.0.6.

New release
---

The Apache Tomcat Team announces the immediate availability of
a new release which includes a fix to the invoker servlet.

Apache Tomcat 4.0.6:
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.6/

Remy


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-servletapi-5/jsr152/examples/jsp2/misc config.jsp config.txt

2002-10-09 Thread kinman


kinman  2002/10/09 14:31:24

  Modified:jsr152/examples/WEB-INF web.xml
   jsr152/examples/jsp2/misc config.jsp config.txt
  Log:
  - Modified the examples to use el-ignore and scripting-invalid
  
  Revision  ChangesPath
  1.4   +2 -2  jakarta-servletapi-5/jsr152/examples/WEB-INF/web.xml
  
  Index: web.xml
  ===
  RCS file: /home/cvs/jakarta-servletapi-5/jsr152/examples/WEB-INF/web.xml,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- web.xml   7 Oct 2002 18:09:58 -   1.3
  +++ web.xml   9 Oct 2002 21:31:24 -   1.4
  @@ -202,9 +202,9 @@
/description
display-nameJSPConfiguration/display-name
url-pattern/jsp2/misc/config.jsp/url-pattern
  - el-enabledfalse/el-enabled
  + el-ignoredtrue/el-ignored
page-encodingISO-8859-1/page-encoding
  - scripting-enabledfalse/scripting-enabled
  + scripting-invalidtrue/scripting-invalid
include-prelude/jsp2/misc/prelude.jspf/include-prelude
include-coda/jsp2/misc/coda.jspf/include-coda
/jsp-property-group
  
  
  
  1.2   +2 -2  jakarta-servletapi-5/jsr152/examples/jsp2/misc/config.jsp
  
  Index: config.jsp
  ===
  RCS file: /home/cvs/jakarta-servletapi-5/jsr152/examples/jsp2/misc/config.jsp,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- config.jsp7 Sep 2002 00:48:00 -   1.1
  +++ config.jsp9 Oct 2002 21:31:24 -   1.2
  @@ -7,9 +7,9 @@
   ul
 liUses lt;include-preludegt; to include the top banner./li
 liUses lt;include-codagt; to include the bottom banner./li
  -  liUses lt;scripting-enabledgt; false to disable 
  +  liUses lt;scripting-invalidgt; true to disable 
  lt;% scripting %gt; elements/li
  -  liUses lt;el-enabledgt; false to disable ${EL} elements/li
  +  liUses lt;el-ignoredgt; true to disable ${EL} elements/li
 liUses lt;page-encodinggt; ISO-8859-1 to set the page encoding (though 
this is the default anyway)/li
   /ul
   There are various other configuration options that can be used.
  
  
  
  1.2   +2 -2  jakarta-servletapi-5/jsr152/examples/jsp2/misc/config.txt
  
  Index: config.txt
  ===
  RCS file: /home/cvs/jakarta-servletapi-5/jsr152/examples/jsp2/misc/config.txt,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- config.txt7 Sep 2002 00:48:00 -   1.1
  +++ config.txt9 Oct 2002 21:31:24 -   1.2
  @@ -7,9 +7,9 @@
   ul
 liUses lt;include-preludegt; to include the top banner./li
 liUses lt;include-codagt; to include the bottom banner./li
  -  liUses lt;scripting-enabledgt; false to disable 
  +  liUses lt;scripting-invalidgt; true to disable 
  lt;% scripting %gt; elements/li
  -  liUses lt;el-enabledgt; false to disable ${EL} elements/li
  +  liUses lt;el-ignoredgt; true to disable ${EL} elements/li
 liUses lt;page-encodinggt; ISO-8859-1 to set the page encoding (though 
this is the default anyway)/li
   /ul
   There are various other configuration options that can be used.
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/runtime JspRuntimeLibrary.java


luehe   2002/10/09 14:59:08

  Modified:jasper2/src/share/org/apache/jasper/resources Tag:
tomcat_4_branch messages.properties
messages_es.properties messages_ja.properties
   jasper2/src/share/org/apache/jasper/runtime Tag:
tomcat_4_branch JspRuntimeLibrary.java
  Log:
  Fixed 13206: Invalid java bean property error message could be reported better.
  
  Revision  ChangesPath
  No   revision
  
  
  No   revision
  
  
  1.9.2.4   +2 -2  
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages.properties
  
  Index: messages.properties
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages.properties,v
  retrieving revision 1.9.2.3
  retrieving revision 1.9.2.4
  diff -u -r1.9.2.3 -r1.9.2.4
  --- messages.properties   8 Oct 2002 23:42:06 -   1.9.2.3
  +++ messages.properties   9 Oct 2002 21:59:08 -   1.9.2.4
  @@ -88,7 +88,7 @@
   jsp.error.beans.nobeaninfo=No BeanInfo for the bean of type ''{0}'' could be found, 
the class likely does not exist.
   jsp.error.beans.introspection=An exception occurred while introspecting the read 
method of property ''{0}'' in a bean of type ''{1}'':\n{2}
   jsp.error.beans.nomethod=Cannot find a method to read property ''{0}'' in a bean of 
type ''{1}''
  -jsp.error.beans.nomethod.setproperty=Can''t find a method to write property ''{0}'' 
in a bean of type ''{1}''
  +jsp.error.beans.nomethod.setproperty=Can''t find a method to write property ''{0}'' 
of type ''{1}'' in a bean of type ''{2}''
   jsp.error.beans.noproperty=Cannot find any information on property ''{0}'' in a 
bean of type ''{1}''
   jsp.error.beans.setproperty.noindexset=Cannot set indexed property
   jsp.error.include.tag=Invalid jsp:include tag
  
  
  
  1.3.2.3   +2 -2  
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages_es.properties
  
  Index: messages_es.properties
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages_es.properties,v
  retrieving revision 1.3.2.2
  retrieving revision 1.3.2.3
  diff -u -r1.3.2.2 -r1.3.2.3
  --- messages_es.properties8 Oct 2002 23:42:06 -   1.3.2.2
  +++ messages_es.properties9 Oct 2002 21:59:08 -   1.3.2.3
  @@ -73,7 +73,7 @@
   jsp.error.beans.nobeaninfo=No se puede encontrar BeanInfo para el bean  ''{0}'' 
seguramente la clase no existe
   jsp.error.beans.introspection=Una excepcion a ocurrido mientras se leia el metodo 
de lectura de la propiedad ''{0}'' en un bean del tipo ''{1}'':\n{2}
   jsp.error.beans.nomethod=No puedo encontrar un metodo para leer la propiedad 
''{0}'' en un bean del tipo ''{1}''
  -jsp.error.beans.nomethod.setproperty=No puedo encontrar un metodo para write de la 
propiedad ''{0}'' en un bean del tipo ''{1}''
  +jsp.error.beans.nomethod.setproperty=No puedo encontrar un metodo para write de la 
propiedad ''{0}'' en un bean del tipo ''{2}''
   jsp.error.beans.noproperty=No puedo encontrar informacion de la propiedad ''{0}'' 
en un bean del tipo ''{1}''
   jsp.error.beans.setproperty.noindexset=No puedo hacer set de la propiedad indexada
   jsp.error.include.tag=Tag jsp:include no valido
  
  
  
  1.2.2.2   +2 -2  
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages_ja.properties
  
  Index: messages_ja.properties
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources/messages_ja.properties,v
  retrieving revision 1.2.2.1
  retrieving revision 1.2.2.2
  diff -u -r1.2.2.1 -r1.2.2.2
  --- messages_ja.properties8 Oct 2002 23:42:06 -   1.2.2.1
  +++ messages_ja.properties9 Oct 2002 21:59:08 -   1.2.2.2
  @@ -84,7 +84,7 @@
   jsp.error.beans.nobeaninfo=\u30bf\u30a4\u30d7 ''{0}'' 
\u306eBean\u306bBeanInfo\u304c\u306a\u3044\u306e\u3092\u691c\u51fa\u3057\u307e\u3057\u305f,
 
\u30af\u30e9\u30b9\u304c\u5b58\u5728\u3057\u306a\u3044\u304b\u3082\u3057\u308c\u307e\u305b\u3093
   jsp.error.beans.introspection=\u30bf\u30a4\u30d7 ''{1}'' 
\u306eBean\u4e2d\u306e\u5c5e\u6027 ''{0}'' 
\u306eread\u30e1\u30bd\u30c3\u30c9\u3092\u5185\u7701\u4e2d\u306b\u4f8b\u5916\u304c\u767a\u751f\u3057\u307e\u3057\u305f:\n{2}
   jsp.error.beans.nomethod=\u30bf\u30a4\u30d7 ''{1}'' 
\u306eBean\u4e2d\u306e\u5c5e\u6027 ''{0}'' 
\u3092\u8aad\u307f\u8fbc\u3080\u30e1\u30bd\u30c3\u30c9\u3092\u767a\u898b\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f
  -jsp.error.beans.nomethod.setproperty=\u30bf\u30a4\u30d7 ''{1}'' 
\u306eBean\u4e2d\u306e\u5c5e\u6027 ''{0}''

DO NOT REPLY [Bug 13392] - When tag pooling is enabled, release() is not called on tag instances


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13392.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13392

When tag pooling is enabled, release() is not called on tag instances

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution||INVALID



--- Additional Comments From [EMAIL PROTECTED]  2002-10-09 22:21 ---
Not a bug.

See description of release() method in JSP.10.1.1.2 (JSP 1.2):
 
  Called on a Tag handler to release state. The page compiler guarantees
  that JSP page implementation objects will invoke this method on all
  tag handlers, but there may be multiple invocations on doStartTag()
  and doEndTag() in between.

Also, see

  http://jakarta.apache.org/taglibs/guidelines.html

Item 2:

  Private, invocation-specific state must be managed manually. Implications
  include that: 

release() is not necessarily called between invocations, which means
that tag logic should not count on private invocation- specific state
being reset by release()

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspUtil.java


luehe   2002/10/09 15:46:41

  Modified:jasper2/src/share/org/apache/jasper/compiler JspUtil.java
  Log:
  Removed redundant methods
  
  Revision  ChangesPath
  1.18  +3 -87 
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspUtil.java
  
  Index: JspUtil.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspUtil.java,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- JspUtil.java  19 Sep 2002 23:21:39 -  1.17
  +++ JspUtil.java  9 Oct 2002 22:46:41 -   1.18
  @@ -235,60 +235,6 @@
   }
   
   /**
  - * Parses the XML document contained in the InputStream.
  - *
  - * @deprecated Use ParserUtils.parseXMLDocument() instead
  - */
  -public static Document parseXMLDoc(String uri, InputStream in) 
  - throws JasperException 
  -{
  - return parseXMLDocJaxp(uri, in);
  -}
  -
  -/**
  - * Parses the XML document contained in the InputStream.
  - * This XML document is either web.xml or a tld.
  - * [The TLD has to be cached internally (see MyEntityResolver)]
  - *
  - * @deprecated Use ParserUtils.parseXMLDocument() instead
  - */
  -public static Document parseXMLDocJaxp(String uri, InputStream in)
  - throws JasperException
  -{
  - try {
  - Document doc;
  - DocumentBuilderFactory docFactory = 
  - DocumentBuilderFactory.newInstance();
  - docFactory.setValidating(true);
  - docFactory.setNamespaceAware(true);
  - DocumentBuilder builder = docFactory.newDocumentBuilder();
  - builder.setEntityResolver(entityResolver);
  - builder.setErrorHandler(errorHandler);
  - doc = builder.parse(in);
  - return doc;
  - } catch (ParserConfigurationException ex) {
  -throw new JasperException(
  - Constants.getString(jsp.error.parse.xml,
  - new Object[]{uri, ex.getMessage()}));
  - } catch (SAXParseException ex) {
  -throw new JasperException(
  - Constants.getString(jsp.error.parse.xml.line,
  - new Object[]{uri,
  -  new Integer(ex.getLineNumber()),
  -  new Integer(ex.getColumnNumber()),
  -  ex.getMessage()}));
  - } catch (SAXException sx) {
  -throw new JasperException(
  -Constants.getString(jsp.error.parse.xml,
  - new Object[]{uri, sx.getMessage()}));
  -} catch (IOException io) {
  -throw new JasperException(
  -Constants.getString(jsp.error.parse.xml,
  - new Object[]{uri, io.toString()}));
  - }
  -}
  -
  -/**
* Checks if all mandatory attributes are present and if all attributes
* present have valid names.  Checks attributes specified as XML-style
* attributes as well as attributes specified using the jsp:attribute
  @@ -477,36 +423,6 @@
}
   }
   
  -public static Hashtable attrsToHashtable(Attributes attrs) {
  -int len = attrs.getLength();
  -Hashtable table = new Hashtable(len);
  -for (int i=0; ilen; i++) {
  -table.put(attrs.getQName(i), attrs.getValue(i));
  -}
  -return table;
  -}
  -
  -/**
  - * Get the data for the first child associated with the
  - * Element provided as argument. It is assumed that this
  - * first child is of type Text.
  - *
  - * @param e the DOM Element to read from 
  - * @return the data associated with the first child of the DOM
  - *  element.
  - */
  -public static String getElementChildTextData(Element e) {
  - String s = null;
  - Text t = (Text)e.getFirstChild();
  - if (t != null) {
  - s = t.getData();
  - if (s != null) {
  - s = s.trim();
  - }
  - }
  - return s;
  -}
  -
   /**
* Convert a String value to 'boolean'.
* Besides the standard conversions done by
  
  
  

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspReader.java


luehe   2002/10/09 17:49:21

  Modified:jasper2/src/share/org/apache/jasper JspC.java
JspCompilationContext.java
   jasper2/src/share/org/apache/jasper/compiler JspReader.java
  Log:
  Changed visibility of o.a.j.c.JspReader to package scope, and the visibility
  of some of its methods to private.
  
  Revision  ChangesPath
  1.15  +3 -4  
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/JspC.java
  
  Index: JspC.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/JspC.java,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- JspC.java 21 Aug 2002 17:56:03 -  1.14
  +++ JspC.java 10 Oct 2002 00:49:21 -  1.15
  @@ -65,7 +65,6 @@
   import java.net.*;
   import java.util.*;
   
  -import org.apache.jasper.compiler.JspReader;
   import org.apache.jasper.compiler.ServletWriter;
   import org.apache.jasper.compiler.Compiler;
   import org.apache.jasper.compiler.TldLocationsCache;
  
  
  
  1.22  +3 -16 
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/JspCompilationContext.java
  
  Index: JspCompilationContext.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/JspCompilationContext.java,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -u -r1.21 -r1.22
  --- JspCompilationContext.java11 Sep 2002 19:07:32 -  1.21
  +++ JspCompilationContext.java10 Oct 2002 00:49:21 -  1.22
  @@ -68,7 +68,6 @@
   import javax.servlet.jsp.tagext.TagInfo;
   import javax.servlet.jsp.tagext.TagData;
   import org.apache.jasper.compiler.JspRuntimeContext;
  -import org.apache.jasper.compiler.JspReader;
   import org.apache.jasper.compiler.ServletWriter;
   import org.apache.jasper.compiler.Compiler;
   import org.apache.jasper.servlet.JspServletWrapper;
  @@ -100,7 +99,6 @@
   protected String jspPath;
   protected String classFileName;
   protected String contentType;
  -protected JspReader reader;
   protected ServletWriter writer;
   protected Options options;
   protected JspServletWrapper jsw;
  @@ -491,17 +489,6 @@
   
   public void setContentType(String contentType) {
   this.contentType = contentType;
  -}
  -
  -/**
  - * Get the input reader for the JSP text. 
  - */
  -public JspReader getReader() { 
  -return reader;
  -}
  -
  -public void setReader(JspReader reader) {
  -this.reader = reader;
   }
   
   /**
  
  
  
  1.10  +148 -137  
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspReader.java
  
  Index: JspReader.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspReader.java,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- JspReader.java28 Aug 2002 23:50:10 -  1.9
  +++ JspReader.java10 Oct 2002 00:49:21 -  1.10
  @@ -80,137 +80,50 @@
* @author Mark Roth
*/
   
  -public class JspReader {
  +class JspReader {
   
  -protected Mark current  = null;
  -String master = null;
  -
  -Vector sourceFiles = new Vector();
  -int currFileId = 0;
  -int size = 0;
  -
  +private Mark current;
  +private String master;
  +private Vector sourceFiles;
  +private int currFileId;
  +private int size;
   private JspCompilationContext context;
   private ErrorDispatcher err;
  +private Logger.Helper loghelper;
   
   /*
* Set to true when using the JspReader on a single file where we read up
* to the end and reset to the beginning many times.
* (as in ParserCtl.figureOutJspDocument().
*/
  -boolean singleFile = false;
  +private boolean singleFile;
   
  -Logger.Helper loghelper = new Logger.Helper(JASPER_LOG, JspReader);
  -
  -public String getFile(int fileid) {
  - return (String) sourceFiles.elementAt(fileid);
  -}
  -
  -/**
  - * Register a new source file.
  - * This method is used to implement file inclusion. Each included file
  - * gets a uniq identifier (which is the index in the array of source files).
  - * @return The index of the now registered file.
  - */
  -protected int registerSourceFile(String file) {
  -if (sourceFiles.contains(file))
  -return -1;
  - sourceFiles.addElement(file);
  - this.size++;
  - return sourceFiles.size() - 1;
  -}
  -
  -
  -/**
  - * Unregister the source file.
  - * This method is used to implement file inclusion. Each included file
  - * gets a uniq identifier (which is the index in the array of source
  -

Re: mod_jk crash, please help

2002-10-09 Thread Bojan Smojver


Quoting Eugene Gluzberg [EMAIL PROTECTED]:

 Please help. How can i trace this further? How do i get apache to 
 generate a core file so i can see where in apache code this is? Any 
 pointers for help here at all?

Have a look at this: http://httpd.apache.org/dev/debugging.html

Bojan

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

DO NOT REPLY [Bug 13477] New: - tomcat 4.1.2 installed from rpms fails to start


DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13477.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13477

tomcat 4.1.2 installed from rpms fails to start

   Summary: tomcat 4.1.2 installed from rpms fails to start
   Product: Tomcat 4
   Version: 4.1.12
  Platform: Other
OS/Version: Linux
Status: NEW
  Severity: Normal
  Priority: Other
 Component: Installable Packages
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


I installed the current version of tomcat (4.1.2) from RPMs using the version as
of 9 October (tomcat4-4.1.12-full.2jpp.noarch.rpm). The install worked after I
removed all traces of the prior tomcat install (user and group, etc). When I try
to start tomcat from /etc/init.d/tomcat4 I get an OK but tomcat does not start.

When I start tomcat using /usr/bin/dtomcat4 as root, tomcat starts. When I su -
tomcat4 and start tomcat using /usr/bin/dtomcat4 I get:

-bash-2.05b$ /usr/bin/dtomcat4 start
Using CATALINA_BASE:   /var/tomcat4
Using CATALINA_HOME:   /var/tomcat4
Using CATALINA_TMPDIR: /var/tomcat4/temp
Using JAVA_HOME:   /usr/java/j2sdk1.4
touch: creating `/var/tomcat4/logs/catalina.out': Permission denied
-bash-2.05b$ /usr/bin/dtomcat4: line 205: /var/tomcat4/logs/catalina.out:
Permission denied
q

In /var/tomcat4/logs I see:

-rw-r--r--1 root tomcat4  1731 Oct  9 20:44 catalina.out 

In order for tomcat to touch catalina.out, permissions need to be changed for
the group tomcat4. Once this is done, then tomcat4 will start as expected.

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: [Proposal] Security Audit

2002-10-09 Thread Glenn Nielsen


The more who review/audit tomcat for security, the better. :-)

Comments intermixed below.

Jean-Francois Arcand wrote:
 Hi,
 
 I'm looking to do a Security Audit on the current Tomcat 5.0 codebase. I 
 would like to collect as more as information as where you think I should 
 look at (code, security hole, etc.). I'm planning to do the audit using 
 the default SecurityManager. Rigth now, I have started looking at:
 
 - doPrivilege blocks. Are they small enough? Can they be reduced?

I don't think there are more than a dozen doPrivileged() blocks in all
of catalina and jasper.  They are relatively few and restricted to a
few specific methods in catalina which may get executed by some action
a servlet or jsp performs.  For example, when a jsp page does a forward.

 - JSP generated code. Are they secure? Can a malicious app uses the code 
 to access o.a.catalina code?

Class restrictions are implemented in two ways.
First, the catalina core API's are in server/lib so that they are not
one of the parent class loaders visible to a web app.  Second, the
WebappClassLoader implements checkPackageAccess() and checkPackageDefinition().
These are only implemented if Tomcat was started with the SecurityManager.

One change we considered with Tomcat 4 was whether it should require using
the Java SecurityManager.  You may want to open up that debate again with
Tomcat 5.

 - Is catalina.policy restricted enough?

Not for my needs, my security policies are much more restrictive.
But restrictive enough for some users.  Perhaps there should be a second more
restrictive example catalina.policy.

 - Is our Classloader secure?
 
 Any direction/ideas/recommendations will be appreciated.
 

I don't have time right now to particpate in the security audit, but I will
make sure I review any findings.

One item that has been on my todo list for a while is a document on how to
write SecurityManager and web application friendly code.  I find numerous
packages, frameworks, etc. which perform things in ways which are not
friendly to the SecurityManager or a web application.

I have been known to file bug reports with other jakarta projects when I run
across these issues. :-)

Regards,

Glenn




--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: apps conversion from 3.3.1 to 4.1.12