Alexander Koch/LDM/DFS ist außer Haus.

2004-09-14 Thread Alexander . Koch
Ich werde ab  14.09.2004 nicht im Büro sein. Ich kehre zurück am
16.09.2004.

Ihre Mail wird nicht weitergeleitet.

Mit freundlichen Grüßen

Alexander Koch


DFS Deutsche Flugsicherung GmbH
Unternehmenszentrale
Am DFS-Campus 10
D - 63225 Langen

Tel.: +49-(0)6103-707-0
Home Page: http://www.dfs.de

-BEGIN PGP PUBLIC KEY BLOCK-
Version: PGP 6.5.8

mQGiBECbVgwRBAD09k4R2DiCObeUeO+FZCBJ8OkjzEIQ3niUMHSwlQmX5prKCJQe
NjEGvsS4Ex6qdYQ/awmXkNtOpsF0mN3aBoKUyRDF6KkkfsTNYQQ6WyK5RHu2Q4wQ
G93DL+Ryhgs2oNH3Ou4FbEiYATJCl14fpxd08D0DCsmL0ZfeaZlZeBCUzwCg/8sY
qJ2uSj5JgHWEp170menK6CUEAIlI3gXegKbBY1PFSpzNpjVGQJg9bQR4B6tqdASP
nLfsQR+1BIIz0WFgiIickqPSRbGYP7slpw9onE43su3HVg2sBMI25Q5kK6WujPUG
n72PDy8yogXCcYS807FcqMqKTqYjiRQxbcQn3gJaoTau0/HJTHF9jES89SyIDXdm
CjphA/9FZ0tmotILaxyL53X8G01lf28NhykkGzbBTiIAsgTcvCx6b1GxBwUb/WlL
KmWG3kjwSsZxtPzrUPN3Z83pavfCQI4E9tNI4mVgX9gtklKoVtJPglu2jPrJ+umZ
UO78anBrsTnPzOJ954+uziMe3imsFAC8T2gAmgsAvZgZP98gBLQYREZTIEdtYkgg
PHB1YmtleUBkZnMuZGU+iQBOBBARAgAOBQJAm1YMBAsDAQICGQEACgkQN3h5OLny
dHrchQCgmuRvdqRthFARXOQatgKCc+5pWs4AoPkSU2XeYbNq4AVmv0BJOpRgOsCJ
uQMNBECbVosQDADMHXdXJDhK4sTw6I4TZ5dOkhNh9tvrJQ4X/faY98h8ebByHTh1
+/bBc8SDESYrQ2DD4+jWCv2hKCYLrqmus2UPogBTAaB81qujEh76DyrOH3SET8rz
F/OkQOnX0ne2Qi0CNsEmy2henXyYCQqNfi3t5F159dSST5sYjvwqp0t8MvZCV7cI
fwgXcqK61qlC8wXo+VMROU+28W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ
+AyDvWXpF9Sh01D49Vlf3HZSTz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm
/xX5u/2RXscBqtNbno2gpXI61Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1F
HQ98iLMcfFstjvbzySPAQ/ClWxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzh
sSlAGBGNfISnCnLWhsQDGcgHKXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZ
Jrqrol7DVelMMm8AAgIL/2zbjaNlPL+13ZFiJwAGg0yj4zciLkp141Pwvn2OtY+B
JZxnIfcPKINj2f5QiW4weqV9OMJ5EgZcx8aRxkk5uJsJv3S1JFUUNaSwCl0xynpr
Spw5QsoCAQAhzmOlqj1tvCJW3bm3iniiud6UzGjbdpvU9oeiSOGMFYVpfGCHC5fb
4TnnsLcrmARXh3COKle27X7TGOROUWyxqKWdHvBsMEjO2ERF2A+nMEYz4dd8kezd
Iiw9hjftJtp9GpCJ5CWq4jcyQ5Bb+D0IUqI0FdH9Mfe8ytMnDRwDPH1r9FaCNkaH
Q+8Aqp20QbSHe03CaT8UbYziNCNdzCFt4QjDqAfDsTKEHGeBzKfBprsKbox6CURk
IikAiUX0YE1P3bxH2ovP5bxEormlPfFN870QYNZYmo03hX41H6LnOaI4YaHzfiXG
Plrm/mtkDryXoqA57f09vcQcAmS6Qa50qyqheGK49lSM9MndqXGWrmddtccE3qUJ
/U1UAxqX11l80Yz8Wk+brokARgQYEQIABgUCQJtWiwAKCRA3eHk4ufJ0enLHAJ9R
3Z0uPt+U+qSJU/63IpU/y+Ho3QCgg571CpdVdsohBeaF21f4uckz3nU=
=h1ys
-END PGP PUBLIC KEY BLOCK-




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: 5.5.2-alpha tomorrow

2004-09-14 Thread Mladen Turk
Remy Maucherat wrote:
Mladen Turk wrote:
Some results for current HEAD build:
It's fixed now. The bug which caused this was minor, but was still worth 
fixing (it was causing session creation as long as an authenticator was 
configured).

Great!
All the tests are passing now.
Regards,
MT.


smime.p7s
Description: S/MIME Cryptographic Signature


cvs commit: jakarta-tomcat-5 tomcat.nsi

2004-09-14 Thread mturk
mturk   2004/09/14 00:59:41

  Modified:.tomcat.nsi
  Log:
  Fix function findJVMPath. It failed to set the custom jre path if the
  path was not JDK path. Now that we can use only JRE, enable that.
  The JRE paths does not have 'jre\bin\', but just 'bin\' prefix.
  Also add checking for client (Not sure if we still need the hotspot and classic).
  Think they've been used on older JVM's we cannot use anyhow.
  
  Revision  ChangesPath
  1.61  +29 -27jakarta-tomcat-5/tomcat.nsi
  
  Index: tomcat.nsi
  ===
  RCS file: /home/cvs/jakarta-tomcat-5/tomcat.nsi,v
  retrieving revision 1.60
  retrieving revision 1.61
  diff -u -r1.60 -r1.61
  --- tomcat.nsi13 Sep 2004 19:11:41 -  1.60
  +++ tomcat.nsi14 Sep 2004 07:59:41 -  1.61
  @@ -151,7 +151,6 @@
 !insertmacro MUI_INSTALLOPTIONS_READ $2 jvm.ini Field 2 State
   
 StrCpy $JavaHome $2
  -  Push $2
 Call findJVMPath
 Pop $2
   
  @@ -183,7 +182,6 @@
 !insertmacro MUI_INSTALLOPTIONS_READ $2 jvm.ini Field 2 State
   
 StrCpy $JavaHome $2
  -  Push $2
 Call findJVMPath
 Pop $2
   
  @@ -387,37 +385,42 @@
   ;
   Function findJVMPath
   
  -  Pop $1
  -
  -  IfFileExists $1\jre\bin\hotspot\jvm.dll 0 TryJDK14
  -StrCpy $2 $1\jre\bin\hotspot\jvm.dll
  -Goto EndIfFileExists
  -  TryJDK14:
  -  IfFileExists $1\jre\bin\server\jvm.dll 0 TryClassic
  -StrCpy $2 $1\jre\bin\server\jvm.dll
  -Goto EndIfFileExists
  -  TryClassic:
  -  IfFileExists $1\jre\bin\classic\jvm.dll 0 JDKNotFound
  -StrCpy $2 $1\jre\bin\classic\jvm.dll
  -Goto EndIfFileExists
  -  JDKNotFound:
  -SetErrors
  -  EndIfFileExists:
  +  ClearErrors
  +  
  +  ;Step one: Is this a JRE path (Program Files\Java\XXX)
  +  StrCpy $1 $JavaHome
  +  
  +  StrCpy $2 $1\bin\hotspot\jvm.dll
  +  IfFileExists $2 FoundJvmDll
  +  StrCpy $2 $1\bin\server\jvm.dll
  +  IfFileExists $2 FoundJvmDll
  +  StrCpy $2 $1\bin\client\jvm.dll  
  +  IfFileExists $2 FoundJvmDll
  +  StrCpy $2 $1\bin\classic\jvm.dll
  +  IfFileExists $2 FoundJvmDll
   
  -  IfErrors 0 FoundJVMPath
  +  ;Step two: Is this a JDK path (Program Files\XXX\jre)
  +  StrCpy $1 $JavaHome\jre
  +  
  +  StrCpy $2 $1\bin\hotspot\jvm.dll
  +  IfFileExists $2 FoundJvmDll
  +  StrCpy $2 $1\bin\server\jvm.dll
  +  IfFileExists $2 FoundJvmDll
  +  StrCpy $2 $1\bin\client\jvm.dll  
  +  IfFileExists $2 FoundJvmDll
  +  StrCpy $2 $1\bin\classic\jvm.dll
  +  IfFileExists $2 FoundJvmDll
   
 ClearErrors
  -
  +  ;Step tree: Read defaults from registry
  +  
 ReadRegStr $1 HKLM SOFTWARE\JavaSoft\Java Runtime Environment CurrentVersion
 ReadRegStr $2 HKLM SOFTWARE\JavaSoft\Java Runtime Environment\$1 RuntimeLib
 
  -  FoundJVMPath:
  -
  -  IfErrors 0 NoErrors
  +  IfErrors 0 FoundJvmDll
 StrCpy $2 
   
  -NoErrors:
  -
  +  FoundJvmDll:
 ClearErrors
   
 ; Put the result in the stack
  @@ -438,7 +441,6 @@
 Quit
   NoErrors1:
 StrCpy $JavaHome $3
  -  Push $3
 Call findJVMPath
 Pop $4
 StrCmp $4  0 NoErrors2
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



DO NOT REPLY [Bug 21616] - Upload fails under iis5-jk2 and not under tomcat alone

2004-09-14 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=21616.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=21616

Upload fails under iis5-jk2 and not under tomcat alone





--- Additional Comments From [EMAIL PROTECTED]  2004-09-14 09:53 ---
No, i was not suggesting you'd decompile the dll. I just attached it so the 
others could use it. Anyway, i got the patch from here:
http://marc.theaimsgroup.com/?l=tomcat-devm=103944368410308w=2

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Alexander Koch/LDM/DFS ist außer Haus.

2004-09-14 Thread Alexander . Koch
Ich werde ab  14.09.2004 nicht im Büro sein. Ich kehre zurück am
16.09.2004.

Ihre Mail wird nicht weitergeleitet.

Mit freundlichen Grüßen

Alexander Koch


DFS Deutsche Flugsicherung GmbH
Unternehmenszentrale
Am DFS-Campus 10
D - 63225 Langen

Tel.: +49-(0)6103-707-0
Home Page: http://www.dfs.de

-BEGIN PGP PUBLIC KEY BLOCK-
Version: PGP 6.5.8

mQGiBECbVgwRBAD09k4R2DiCObeUeO+FZCBJ8OkjzEIQ3niUMHSwlQmX5prKCJQe
NjEGvsS4Ex6qdYQ/awmXkNtOpsF0mN3aBoKUyRDF6KkkfsTNYQQ6WyK5RHu2Q4wQ
G93DL+Ryhgs2oNH3Ou4FbEiYATJCl14fpxd08D0DCsmL0ZfeaZlZeBCUzwCg/8sY
qJ2uSj5JgHWEp170menK6CUEAIlI3gXegKbBY1PFSpzNpjVGQJg9bQR4B6tqdASP
nLfsQR+1BIIz0WFgiIickqPSRbGYP7slpw9onE43su3HVg2sBMI25Q5kK6WujPUG
n72PDy8yogXCcYS807FcqMqKTqYjiRQxbcQn3gJaoTau0/HJTHF9jES89SyIDXdm
CjphA/9FZ0tmotILaxyL53X8G01lf28NhykkGzbBTiIAsgTcvCx6b1GxBwUb/WlL
KmWG3kjwSsZxtPzrUPN3Z83pavfCQI4E9tNI4mVgX9gtklKoVtJPglu2jPrJ+umZ
UO78anBrsTnPzOJ954+uziMe3imsFAC8T2gAmgsAvZgZP98gBLQYREZTIEdtYkgg
PHB1YmtleUBkZnMuZGU+iQBOBBARAgAOBQJAm1YMBAsDAQICGQEACgkQN3h5OLny
dHrchQCgmuRvdqRthFARXOQatgKCc+5pWs4AoPkSU2XeYbNq4AVmv0BJOpRgOsCJ
uQMNBECbVosQDADMHXdXJDhK4sTw6I4TZ5dOkhNh9tvrJQ4X/faY98h8ebByHTh1
+/bBc8SDESYrQ2DD4+jWCv2hKCYLrqmus2UPogBTAaB81qujEh76DyrOH3SET8rz
F/OkQOnX0ne2Qi0CNsEmy2henXyYCQqNfi3t5F159dSST5sYjvwqp0t8MvZCV7cI
fwgXcqK61qlC8wXo+VMROU+28W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ
+AyDvWXpF9Sh01D49Vlf3HZSTz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm
/xX5u/2RXscBqtNbno2gpXI61Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1F
HQ98iLMcfFstjvbzySPAQ/ClWxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzh
sSlAGBGNfISnCnLWhsQDGcgHKXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZ
Jrqrol7DVelMMm8AAgIL/2zbjaNlPL+13ZFiJwAGg0yj4zciLkp141Pwvn2OtY+B
JZxnIfcPKINj2f5QiW4weqV9OMJ5EgZcx8aRxkk5uJsJv3S1JFUUNaSwCl0xynpr
Spw5QsoCAQAhzmOlqj1tvCJW3bm3iniiud6UzGjbdpvU9oeiSOGMFYVpfGCHC5fb
4TnnsLcrmARXh3COKle27X7TGOROUWyxqKWdHvBsMEjO2ERF2A+nMEYz4dd8kezd
Iiw9hjftJtp9GpCJ5CWq4jcyQ5Bb+D0IUqI0FdH9Mfe8ytMnDRwDPH1r9FaCNkaH
Q+8Aqp20QbSHe03CaT8UbYziNCNdzCFt4QjDqAfDsTKEHGeBzKfBprsKbox6CURk
IikAiUX0YE1P3bxH2ovP5bxEormlPfFN870QYNZYmo03hX41H6LnOaI4YaHzfiXG
Plrm/mtkDryXoqA57f09vcQcAmS6Qa50qyqheGK49lSM9MndqXGWrmddtccE3qUJ
/U1UAxqX11l80Yz8Wk+brokARgQYEQIABgUCQJtWiwAKCRA3eHk4ufJ0enLHAJ9R
3Z0uPt+U+qSJU/63IpU/y+Ho3QCgg571CpdVdsohBeaF21f4uckz3nU=
=h1ys
-END PGP PUBLIC KEY BLOCK-




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Tomcat, other AppServer and ServletSpec_2.3

2004-09-14 Thread anton . grimm




I recognized a behaviour in Tomcat (version 4.1.29) and would like to no if
you
think this behaviour is a requirement to confirm to the servlet-spec-2.3.

The reason for this question is that our production environment uses
another
appserver than tomcat (sorry for that!) which does not behave as expected.
The
support is (of course) of the opinion they do confirm to the spec.

My question is about the following feature:

An application which uses container security with form-based login secures
a certain
url (in my case a struts action). If I send a request for this url using
HttpPost and the
user-session is not(!) already authenticated Tomcat preserves the request
parameters
of the recent request after successfull authentication.

This is not true for our production environment.

Reading the servlet-spec-2.3 I find the following:

###

J2EE.12.5.3.1 Login Form Notes

...

/form

If the form based login is invoked because of an HTTP request, the original
request parameters must be preserved by the container for use if, on
successful
authentication, it redirects the call to the requested resource.

###

What do you think?

Regards,

A. Grimm

---
Anton Grimm
MAN Nutzfahrzeuge AG
IDP - Software Produktionsumgebungen
Dachauerstr.667
D - 80995 München

Fon:   +49-89-1580-1054
Fax:   +49-89-1580-4550
mailto:[EMAIL PROTECTED]
Internet: http://www.man-trucks.com
---



This message and any attachments are confidential and may be privileged or otherwise 
protected from disclosure.
If you are not the intended recipient, please telephone or email the sender and delete 
this message and any attachment
from your system. If you are not the intended recipient, you must not copy this 
message or attachment or disclose the
contents to any other person.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



DO NOT REPLY [Bug 31216] New: - Can't find server.xml file starting tomat

2004-09-14 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=31216.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31216

Can't find server.xml file starting tomat

   Summary: Can't find server.xml file starting tomat
   Product: Tomcat 5
   Version: 5.0.27
  Platform: PC
OS/Version: Windows NT/2K
Status: NEW
  Severity: Minor
  Priority: Other
 Component: Catalina
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


I set the following before starting Tomcat:
set JAVA_HOME=c:\j2sdk1.4.1_07
set CATALINA_HOME=C:\jakarta-tomcat-5.0.27\
set PATH=%JAVA_HOME%\bin;%PATH%

Tomcat / Catalina would not start and complained it could not find server.xml.  

When I set:
set JAVA_HOME=c:\j2sdk1.4.1_07
set CATALINA_HOME=C:\jakarta-tomcat-5.0.27
set PATH=%JAVA_HOME%\bin;%PATH%

Catalina / Tomcat would start.  Note I have now omitted the trailing '\' from 
CATALINA_HOME.  It was my own fault that I set the variable incorrectly, but 
IMHO some valaidation should account for the inclusion of the additional '\'.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Thank you for your e-mail

2004-09-14 Thread OCR ESCR
If you are submitting your 2002 ES Survey DataDisk, this serves as a confirmation of 
receipt. The Survey Project Office will contact you if we have difficulty reading your 
submission. 
If you are requesting technical assistance on how to complete the 2002 OCR ES Survey 
or regarding Survey related matters, you will be contacted by a School Survey Office 
staff within three working days. To facilitate the processing of your request, please 
provide us (in a reply to this e-mail) your district's 7-digit LEA ID or the name of 
your district or institution, if the information was not included in your e-mail 
message.



RE: 5.5.2-alpha tomorrow

2004-09-14 Thread Shapira, Yoav

Hi,
Great ;)

Yoav Shapira
Millennium Research Informatics

-Original Message-
From: Mladen Turk [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 14, 2004 2:45 AM
To: Tomcat Developers List
Subject: Re: 5.5.2-alpha tomorrow

Remy Maucherat wrote:
 Mladen Turk wrote:

 Some results for current HEAD build:

 It's fixed now. The bug which caused this was minor, but was still
worth
 fixing (it was causing session creation as long as an authenticator
was
 configured).


Great!
All the tests are passing now.


Regards,
MT.



This e-mail, including any attachments, is a confidential business communication, and 
may contain information that is confidential, proprietary and/or privileged.  This 
e-mail is intended only for the individual(s) to whom it is addressed, and may not be 
saved, copied, printed, disclosed or used by anyone else.  If you are not the(an) 
intended recipient, please immediately delete this e-mail from your computer system 
and notify the sender.  Thank you.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup Embedded.java

2004-09-14 Thread remm
remm2004/09/14 06:20:03

  Modified:catalina/src/share/org/apache/catalina/startup Embedded.java
  Log:
  - Fix classname of the connector.
  - Remove socket factory.
  
  Revision  ChangesPath
  1.21  +2 -34 
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/Embedded.java
  
  Index: Embedded.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/Embedded.java,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- Embedded.java 29 Aug 2004 16:46:13 -  1.20
  +++ Embedded.java 14 Sep 2004 13:20:03 -  1.21
  @@ -177,16 +177,6 @@
   
   
   /**
  - * The socket factory that will be used when a codesecure/code
  - * Connector is created.  If a standard Connector is created, the
  - * internal (to the Connector class default socket factory class)
  - * will be used instead.
  - */
  -protected String socketFactory =
  -org.apache.catalina.net.SSLSocketFactory;
  -
  -
  -/**
* Has this component been started yet?
*/
   protected boolean started = false;
  @@ -248,28 +238,6 @@
   
   }
   
  -
  -/**
  - * Return the secure socket factory class name.
  - */
  -public String getSocketFactory() {
  -
  -return (this.socketFactory);
  -
  -}
  -
  -
  -/**
  - * Set the secure socket factory class name.
  - *
  - * @param socketFactory The new secure socket factory class name
  - */
  -public void setSocketFactory(String socketFactory) {
  -
  -this.socketFactory = socketFactory;
  -
  -}
  -
   public void setAwait(boolean b) {
   await = b;
   }
  @@ -414,7 +382,7 @@
   try {
   
   Class clazz = 
  -Class.forName(org.apache.coyote.tomcat5.CoyoteConnector);
  +Class.forName(org.apache.catalina.connector.Connector);
   connector = (Connector) clazz.newInstance();
   
   if (address != null) {
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Reminder: 5.5.2-alpha CVS tag today at 1600h GMT

2004-09-14 Thread Shapira, Yoav




Yoav Shapira
Millennium Research Informatics





This e-mail, including any attachments, is a confidential business communication, and 
may contain information that is confidential, proprietary and/or privileged.  This 
e-mail is intended only for the individual(s) to whom it is addressed, and may not be 
saved, copied, printed, disclosed or used by anyone else.  If you are not the(an) 
intended recipient, please immediately delete this e-mail from your computer system 
and notify the sender.  Thank you.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: IIS Connector and chunked encoding

2004-09-14 Thread steve_olson
Well if you already have a patch, then it would be polite to share :).
Anyhow you can post either to this thread or create a bugzilla #.

Regards,
MT.

Before I post this for real, can we talk? :-)  Below is the diff of the
changes I'm testing today.  I'm gonna
wait to post this as an attachment/bugzilla until after the simple testing
we're gonna do today is
done.  But in the meantime It'd be good if you could review this and
suggest better ways to do
it, as I'm a total newbie to this code and what I came up in a short amount
of time feels low
on quality.

I ran into two issues in this test case.  One was the is_chunked flag never
being set.  The
other was once is_chunked is set, stopping the read logic when the chunked
stream has
been read so that it doesn't pass on any extra junk bytes as content.

As you can see from the diff there are two new ifs.  The first one tries to
detect end-of-stream
during the read of the last 8186 byte chunk in the incoming stream.
Without this code it passes
the entire last 8186 byte block as message content, and if only part of the
block has real data,
the remainder gets repeating fragments of whatever is left in the buffer
from previous work (I have
a trace of this if it would help).  I couldn't see a good way to tell
whether a true end-of-stream has
happened, so please point out any better ways if you know them and I'll
make the change.
This new if, which only applies to chunked content, works for our early
tests but I'm afraid in a
real-world slow internet test that maybe a false positive can happen with
my wimpy approach of
assuming the first short block means end-of-stream. BTW, there is code
elsewhere that already
(I think) handles the boundary condition of is_chunked==1 and the chunked
payload is an exact
multiple of 8186 bytes in length.

The second if adds the code to set is_chunked.  I assume chunked encoding
when content
length is unknown.  From looking at the HTTP specs I think this is a valid
assumption,
but if you think it'd be better to explicitly check for the
Transfer-Encoding header of chunked
instead of a missing content-length, lemme know.


diff -r1.30 jk_service_iis.c
227c227,232
 if ((s-content_read + *actually_read) == lpEcb-cbTotalBytes) {
---

 if (s-is_chunked  (*actually_read  len)) {
 s-end_of_stream = JK_TRUE;
 s-no_more_chunks = 1;
 }
 else if ((s-content_read + *actually_read) == lpEcb-cbTotalBytes) {
398a404,408
 if (s-content_length == -1) {
 env-l-jkLog(env, env-l, JK_LOG_DEBUG,
   jk_ws_service_t::init, Unknown content length,
using chunked transfer encoding\n);
 s-is_chunked = 1;
 }




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Tomcat 4.1.30 (although its still there in tomcat 5.0.28) temp file issue.

2004-09-14 Thread David Cassidy

Guys,

We run an internal mass web hosting platform for our clients.
In order to protect them as much as poss we make their areas read only.
We set the normal java.io.tmpdir to be a writeable area.

We've hit an issue at the moment where sometimes under certain conditions the
DefaultCompilerAdapter gets called. This seems to think that as getJavac().getTempdir()
has returned null (if anyone knows how to get the tempdir set please let me know)
it should write its temp file in the users home dir.
The users home dir is read only.

How do i set what ever it needs to write the temp file in the right place ?
I've set the scrachdir for org.apache.jasper.servlet.JspServlet
but still to no avail.
Or failing that could not


protected int executeExternalCompile(String args[], int firstFileName, boolean 
quoteFiles)
{
String commandArray[];
File tmpFile;
commandArray = null;
tmpFile = null;
if(Commandline.toString(args).length()  4096  firstFileName = 0)
{
PrintWriter out = null;
try
{
File userDir = getJavac().getTempdir();
if(userDir == null)
{
String userDirName = System.getProperty(user.dir);
userDir = new File(userDirName);
}
tmpFile = fileUtils.createTempFile(files, , userDir);
tmpFile.deleteOnExit();


be written as

protected int executeExternalCompile(String args[], int firstFileName, boolean 
quoteFiles)
{
String commandArray[];
File tmpFile;
commandArray = null;
tmpFile = null;
if(Commandline.toString(args).length()  4096  firstFileName = 0)
{
PrintWriter out = null;
try
{
tmpFile = java.io.File.createTempFile( files, );
tmpFile.deleteOnExit();

Thanks
david


--

This e-mail may contain confidential and/or privileged information. If you are not the 
intended recipient (or have received this e-mail in error) please notify the sender 
immediately and destroy this e-mail. Any unauthorized copying, disclosure or 
distribution of the material in this e-mail is strictly forbidden.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: Tomcat 4.1.30 (although its still there in tomcat 5.0.28) temp file issue.

2004-09-14 Thread Shapira, Yoav

Hi,
Ant 1.6 adds a tempdir attribute to the Javac task.  You can use that to
se the tempdir via Ant or in the DefaultCompilerAdapter.  You will need
to run with Ant 1.6 or later obviously, and also have a custom version
of DefaultCompilerAdapter.  If you'd like your enhancement to be ported
into the main tomcat code, please submit an enhancement issue to
Bugzilla with the .diff that includes the new compiler option.

Yoav Shapira
Millennium Research Informatics


-Original Message-
From: David Cassidy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 14, 2004 10:52 AM
To: Tomcat Developers List
Subject: Tomcat 4.1.30 (although its still there in tomcat 5.0.28) temp
file issue.


Guys,

We run an internal mass web hosting platform for our clients.
In order to protect them as much as poss we make their areas read only.
We set the normal java.io.tmpdir to be a writeable area.

We've hit an issue at the moment where sometimes under certain
conditions
the
DefaultCompilerAdapter gets called. This seems to think that as
getJavac().getTempdir()
has returned null (if anyone knows how to get the tempdir set please
let me
know)
it should write its temp file in the users home dir.
The users home dir is read only.

How do i set what ever it needs to write the temp file in the right
place ?
I've set the scrachdir for org.apache.jasper.servlet.JspServlet
but still to no avail.
Or failing that could not


protected int executeExternalCompile(String args[], int
firstFileName,
boolean quoteFiles)
{
String commandArray[];
File tmpFile;
commandArray = null;
tmpFile = null;
if(Commandline.toString(args).length()  4096  firstFileName
=
0)
{
PrintWriter out = null;
try
{
File userDir = getJavac().getTempdir();
if(userDir == null)
{
String userDirName =
System.getProperty(user.dir);
userDir = new File(userDirName);
}
tmpFile = fileUtils.createTempFile(files, ,
userDir);
tmpFile.deleteOnExit();


be written as

protected int executeExternalCompile(String args[], int
firstFileName,
boolean quoteFiles)
{
String commandArray[];
File tmpFile;
commandArray = null;
tmpFile = null;
if(Commandline.toString(args).length()  4096  firstFileName
=
0)
{
PrintWriter out = null;
try
{
tmpFile = java.io.File.createTempFile( files, );
tmpFile.deleteOnExit();

Thanks
david


--

This e-mail may contain confidential and/or privileged information. If
you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in
this e-
mail is strictly forbidden.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




This e-mail, including any attachments, is a confidential business communication, and 
may contain information that is confidential, proprietary and/or privileged.  This 
e-mail is intended only for the individual(s) to whom it is addressed, and may not be 
saved, copied, printed, disclosed or used by anyone else.  If you are not the(an) 
intended recipient, please immediately delete this e-mail from your computer system 
and notify the sender.  Thank you.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Tomcat, other AppServer and ServletSpec_2.3

2004-09-14 Thread Jean-Francois Arcand
Hi,
Tomcat behaviour is the right one (I've sopken with the spec lead). File 
a bug against your Container (or move to Tomcat :-) )

Thanks
-- Jeanfrancois
[EMAIL PROTECTED] wrote:

I recognized a behaviour in Tomcat (version 4.1.29) and would like to no if
you
think this behaviour is a requirement to confirm to the servlet-spec-2.3.
The reason for this question is that our production environment uses
another
appserver than tomcat (sorry for that!) which does not behave as expected.
The
support is (of course) of the opinion they do confirm to the spec.
My question is about the following feature:
An application which uses container security with form-based login secures
a certain
url (in my case a struts action). If I send a request for this url using
HttpPost and the
user-session is not(!) already authenticated Tomcat preserves the request
parameters
of the recent request after successfull authentication.
This is not true for our production environment.
Reading the servlet-spec-2.3 I find the following:
###
J2EE.12.5.3.1 Login Form Notes
...
/form
If the form based login is invoked because of an HTTP request, the original
request parameters must be preserved by the container for use if, on
successful
authentication, it redirects the call to the requested resource.
###
What do you think?
Regards,
A. Grimm
---
Anton Grimm
MAN Nutzfahrzeuge AG
IDP - Software Produktionsumgebungen
Dachauerstr.667
D - 80995 München
Fon:   +49-89-1580-1054
Fax:   +49-89-1580-4550
mailto:[EMAIL PROTECTED]
Internet: http://www.man-trucks.com
---

This message and any attachments are confidential and may be privileged or otherwise 
protected from disclosure.
If you are not the intended recipient, please telephone or email the sender and delete 
this message and any attachment
from your system. If you are not the intended recipient, you must not copy this 
message or attachment or disclose the
contents to any other person.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


RE: Tomcat 4.1.30 (although its still there in tomcat 5.0.28) temp file issue.

2004-09-14 Thread Mark Thomas
This is already in bugzilla as
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29570

This was fixed in CVS for TC4 and TC5 2 days ago and should be included in the
next release.

Mark 

 -Original Message-
 From: David Cassidy [mailto:[EMAIL PROTECTED] 
 Sent: Tuesday, September 14, 2004 3:52 PM
 To: Tomcat Developers List
 Subject: Tomcat 4.1.30 (although its still there in tomcat 
 5.0.28) temp file issue.
 
 
 Guys,
 
 We run an internal mass web hosting platform for our clients.
 In order to protect them as much as poss we make their areas 
 read only.
 We set the normal java.io.tmpdir to be a writeable area.
 
 We've hit an issue at the moment where sometimes under 
 certain conditions the
 DefaultCompilerAdapter gets called. This seems to think that 
 as getJavac().getTempdir()
 has returned null (if anyone knows how to get the tempdir set 
 please let me know)
 it should write its temp file in the users home dir.
 The users home dir is read only.
 
 How do i set what ever it needs to write the temp file in the 
 right place ?
 I've set the scrachdir for org.apache.jasper.servlet.JspServlet
 but still to no avail.
 Or failing that could not
 
 
 protected int executeExternalCompile(String args[], int 
 firstFileName, boolean quoteFiles)
 {
 String commandArray[];
 File tmpFile;
 commandArray = null;
 tmpFile = null;
 if(Commandline.toString(args).length()  4096  
 firstFileName = 0)
 {
 PrintWriter out = null;
 try
 {
 File userDir = getJavac().getTempdir();
 if(userDir == null)
 {
 String userDirName = 
 System.getProperty(user.dir);
 userDir = new File(userDirName);
 }
 tmpFile = fileUtils.createTempFile(files, 
 , userDir);
 tmpFile.deleteOnExit();
 
 
 be written as
 
 protected int executeExternalCompile(String args[], int 
 firstFileName, boolean quoteFiles)
 {
 String commandArray[];
 File tmpFile;
 commandArray = null;
 tmpFile = null;
 if(Commandline.toString(args).length()  4096  
 firstFileName = 0)
 {
 PrintWriter out = null;
 try
 {
 tmpFile = java.io.File.createTempFile( files, );
 tmpFile.deleteOnExit();
 
 Thanks
 david
 
 
 --
 
 This e-mail may contain confidential and/or privileged 
 information. If you are not the intended recipient (or have 
 received this e-mail in error) please notify the sender 
 immediately and destroy this e-mail. Any unauthorized 
 copying, disclosure or distribution of the material in this 
 e-mail is strictly forbidden.
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



DO NOT REPLY [Bug 31227] New: - org.apache.tomcat.util.threads.ThreadPool MAX_THREADS_MIN value too high.

2004-09-14 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=31227.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31227

org.apache.tomcat.util.threads.ThreadPool MAX_THREADS_MIN value too high.

   Summary: org.apache.tomcat.util.threads.ThreadPool
MAX_THREADS_MIN value too high.
   Product: Tomcat 4
   Version: 4.1.30
  Platform: All
OS/Version: All
Status: NEW
  Severity: Normal
  Priority: Other
 Component: Connector:Coyote HTTP/1.1
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


The org.apache.tomcat.util.threads.ThreadPool.adjustLimits() method denies a
maxProcessors (maxThreads) value less than that established by the (class
private) constant MAX_THREADS_MIN variable. MAX_THREADS_MIN is hardwired to a
value of 10. The adjustLimits() method therefore forces a minimum of 10 threads,
providing servicing of up to 9 concurrent connections.

This is problematic in some deployment scenarios where support for a very
limited number of concurrent connections is desired due to resource and/or other
limitations. While all of the other sanity checks and corresponding value
adjustments in the adjustLimits() method appear reasonable, the MAX_THREADS_MIN
value seems simply arbitrary.

I have tested a ThreadPool variant with MAX_THREADS_MIN = 2 and managed to run
Tomcat V4.1.30 configured to service a single connection with no apparent ill
effects (beyond the occasional warning message).

IMHO, the MAX_THREADS_MIN value should be set to 2.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



DO NOT REPLY [Bug 31227] - org.apache.tomcat.util.threads.ThreadPool MAX_THREADS_MIN value too high.

2004-09-14 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=31227.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31227

org.apache.tomcat.util.threads.ThreadPool MAX_THREADS_MIN value too high.

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||WONTFIX



--- Additional Comments From [EMAIL PROTECTED]  2004-09-14 22:32 ---
This was discussed some time ago on the dev list (see 
http://marc.theaimsgroup.com/?l=tomcat-devm=106767463421462w=2). The minimum 
value of 10 was reached after some discussion. On this basis, I am going to 
mark this as WONTFIX.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



DO NOT REPLY [Bug 12428] - request.getUserPrincipal(): Misinterpretation of specification?

2004-09-14 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=12428.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=12428

request.getUserPrincipal(): Misinterpretation of specification?

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution||INVALID



--- Additional Comments From [EMAIL PROTECTED]  2004-09-14 22:52 ---
There is a an exception.

spec-quote
SRV.12.9 Default Policies
By default, authentication is not needed to access resources. Authentication is
needed for requests for a web resource collection only when specified by the
deployment descriptor.
/spec-quote

Hence the user is only authenticated for protected resources.

I appreciate the application design issues raised above, but it remains the 
case that TC4 is compliant with the spec.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: cvs commit: jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11 Http11Processor.java

2004-09-14 Thread Mark Thomas
From: Remy Maucherat [mailto:[EMAIL PROTECTED] 
 The issue is that there's no value in this: it would likely take 5 
 minutes for an attacker to figure out the webserver is 
 running Tomcat. 
 The Server header is maybe the less visible of them (and gives little 
 information when compared to the others).
 
 So why bother about this ? (that's my point)

Because users want the functionality.

If it can be done without hitting performance, why not do it?

Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Information

2004-09-14 Thread hgomez
--  Virus Warning Message (on uusnwa0p)  --

Found virus WORM_NETSKY.Z in file Textfile.txt 
   
 .exe (in Textfile.zip)
The uncleanable file is deleted.

-
Important textfile!


--  Virus Warning Message (on uusnwa0p)  --

Textfile.zip is removed from here because it contains a virus.

-
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11 Http11Processor.java Http11Protocol.java

2004-09-14 Thread funkman
funkman 2004/09/14 17:16:05

  Modified:http11/src/java/org/apache/coyote/http11
Http11Processor.java Http11Protocol.java
  Log:
  Allow for customized server header at config time.
  So now one can do this:
  
  Connector port=8080 server=TinFoil Hats R US (1.00)  /
  
  Revision  ChangesPath
  1.110 +116 -90   
jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java
  
  Index: Http11Processor.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Http11Processor.java,v
  retrieving revision 1.109
  retrieving revision 1.110
  diff -u -r1.109 -r1.110
  --- Http11Processor.java  13 Sep 2004 21:39:39 -  1.109
  +++ Http11Processor.java  15 Sep 2004 00:16:05 -  1.110
  @@ -56,7 +56,7 @@
   
   /**
* Processes HTTP requests.
  - * 
  + *
* @author Remy Maucherat
*/
   public class Http11Processor implements Processor, ActionHook {
  @@ -65,7 +65,7 @@
   /**
* Logger.
*/
  -protected static org.apache.commons.logging.Log log 
  +protected static org.apache.commons.logging.Log log
   = org.apache.commons.logging.LogFactory.getLog(Http11Processor.class);
   
   
  @@ -210,31 +210,31 @@
* Remote Host associated with the current connection.
*/
   protected String remoteHost = null;
  -
  -
  +
  +
   /**
* Local Host associated with the current connection.
*/
   protected String localName = null;
  -
  -
  -
  +
  +
  +
   /**
* Local port to which the socket is connected
*/
   protected int localPort = -1;
  -
  -
  +
  +
   /**
* Remote port to which the socket is connected
*/
   protected int remotePort = -1;
  -
  -
  +
  +
   /**
* The local Host address.
*/
  -protected String localAddr = null; 
  +protected String localAddr = null;
   
   
   /**
  @@ -277,11 +277,11 @@
* List of user agents to not use gzip with
*/
   protected Pattern noCompressionUserAgents[] = null;
  -
  +
   /**
* List of MIMES which could be gzipped
*/
  -protected String[] compressableMimeTypes = 
  +protected String[] compressableMimeTypes =
   { text/html, text/xml, text/plain };
   
   
  @@ -297,6 +297,12 @@
   protected ThreadPool threadPool;
   
   
  +/**
  + * Allow a customized the server header for the tin-foil hat folks.
  + */
  +protected String server = Constants.SERVER;
  +
  +
   // - Properties
   
   
  @@ -344,7 +350,7 @@
   public void setCompressionMinSize(int compressionMinSize) {
   this.compressionMinSize = compressionMinSize;
   }
  -
  +
   
   public void setThreadPool(ThreadPool threadPool) {
   this.threadPool = threadPool;
  @@ -354,13 +360,13 @@
* Add user-agent for which gzip compression didn't works
* The user agent String given will be exactly matched
* to the user-agent header submitted by the client.
  - * 
  + *
* @param userAgent user-agent string
*/
   public void addNoCompressionUserAgent(String userAgent) {
   try {
   Pattern nRule = Pattern.compile(userAgent);
  -noCompressionUserAgents = 
  +noCompressionUserAgents =
   addREArray(noCompressionUserAgents, nRule);
   } catch (PatternSyntaxException pse) {
   log.error(Error parsing regular expression:  + userAgent, pse);
  @@ -369,8 +375,8 @@
   
   
   /**
  - * Set no compression user agent list (this method is best when used with 
  - * a large number of connectors, where it would be better to have all of 
  + * Set no compression user agent list (this method is best when used with
  + * a large number of connectors, where it would be better to have all of
* them referenced a single array).
*/
   public void setNoCompressionUserAgents(Pattern[] noCompressionUserAgents) {
  @@ -381,13 +387,13 @@
   /**
* Set no compression user agent list.
* List contains users agents separated by ',' :
  - * 
  + *
* ie: gorilla,desesplorer,tigrus
*/
   public void setNoCompressionUserAgents(String noCompressionUserAgents) {
   if (noCompressionUserAgents != null) {
   StringTokenizer st = new StringTokenizer(noCompressionUserAgents, ,);
  -
  +
   while (st.hasMoreTokens()) {
   addNoCompressionUserAgent(st.nextToken().trim());
   }
  @@ -398,18 +404,18 @@
* Add a mime-type which will be compressable
* The mime-type String will be exactly matched
* in the response 

cvs commit: jakarta-tomcat-catalina/webapps/docs/config http.xml

2004-09-14 Thread funkman
funkman 2004/09/14 17:21:22

  Modified:webapps/docs/config http.xml
  Log:
  Document the server attribute.
  
  Revision  ChangesPath
  1.14  +30 -25jakarta-tomcat-catalina/webapps/docs/config/http.xml
  
  Index: http.xml
  ===
  RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/config/http.xml,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- http.xml  1 Sep 2004 22:04:29 -   1.13
  +++ http.xml  15 Sep 2004 00:21:22 -  1.14
  @@ -79,9 +79,9 @@
   /attribute
   
   attribute name=maxPostSize required=false
  -  pThe maximum size in bytes of the POST which will be handled by 
  -  the container FORM URL parameter parsing. The feature can be disbled by 
  -  setting this attribute to a value inferior or equal to 0. 
  +  pThe maximum size in bytes of the POST which will be handled by
  +  the container FORM URL parameter parsing. The feature can be disbled by
  +  setting this attribute to a value inferior or equal to 0.
 If not specified, this attribute is set to 2097152 (2 megabytes)./p
   /attribute
   
  @@ -116,9 +116,9 @@
   
   attribute name=useBodyEncodingForURI required=false
 pThis specifies if the encoding specified in contentType should be used
  -  for URI query parameters, instead of using the URIEncoding. This 
  -  setting is present for compatibility with Tomcat 4.1.x, where the 
  -  encoding specified in the contentType, or explicitely set using 
  +  for URI query parameters, instead of using the URIEncoding. This
  +  setting is present for compatibility with Tomcat 4.1.x, where the
  +  encoding specified in the contentType, or explicitely set using
 Request.setCharacterEncoding method was also used for the parameters from
 the URL. The default value is codefalse/code.
 /p
  @@ -130,8 +130,8 @@
   
 subsection name=Standard Implementation
   
  -  pThe standard implementation of the strongHTTP 
  -  Connector/strong is 
  +  pThe standard implementation of the strongHTTP
  +  Connector/strong is
 strongorg.apache.coyote.tomcat5.CoyoteConnector/strong.
 It supports the following additional attributes (in addition to the
 common attributes listed above):/p
  @@ -171,7 +171,7 @@
   
   attribute name=connectionLinger required=false
 pThe number of milliseconds during which the sockets used by this
  -  strongConnector/strong will linger when they are closed. 
  +  strongConnector/strong will linger when they are closed.
 The default value is -1 (socket linger is disabled)./p
   /attribute
   
  @@ -185,7 +185,7 @@
 pThis flag allows the servlet container to use a different, longer
 connection timeout while a servlet is being executed, which in the end
 allows either the servlet a longer amount of time to complete its
  -  execution, or a longer timeout during data upload. If not specified, 
  +  execution, or a longer timeout during data upload. If not specified,
 this attribute is set to false./p
   /attribute
   
  @@ -198,14 +198,14 @@
   attribute name=maxKeepAliveRequests required=false
 pThe maximum number of HTTP requests which can be pipelined until
 the connection is closed by the server. Setting this attribute to 1 will
  -  disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and 
  -  pipelining. Setting this to -1 will allow an unlimited amount of 
  -  pipelined or keep-alive HTTP requests. 
  +  disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and
  +  pipelining. Setting this to -1 will allow an unlimited amount of
  +  pipelined or keep-alive HTTP requests.
 If not specified, this attribute is set to 100./p
   /attribute
   
   attribute name=maxSpareThreads required=false
  -  pThe maximum number of unused request processing threads that 
  +  pThe maximum number of unused request processing threads that
 will be allowed to exist until the thread pool starts stopping the
 unnecessary threads.  The default value is 50./p
   /attribute
  @@ -221,14 +221,14 @@
 pThe number of request processing threads that will be created
 when this strongConnector/strong is first started.  The connector
 will also make sure it has the specified number of idle processing
  -  threads available. This attribute should be set to a value smaller 
  +  threads available. This attribute should be set to a value smaller
 than that set for codemaxThreads/code.  The default value is 4./p
   /attribute
   
   attribute name=noCompressionUserAgents required=false
 pThe value is a comma separated list of regular expressions matching
  -  user-agents of HTTP clients for which compression should not be 

DO NOT REPLY [Bug 31232] New: - response.encodeURL() not encoding URL when mix of cookies and URL rewriting

2004-09-14 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=31232.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31232

response.encodeURL() not encoding URL when mix of cookies and URL rewriting

   Summary: response.encodeURL() not encoding URL when mix of
cookies and URL rewriting
   Product: Tomcat 5
   Version: 5.0.28
  Platform: All
OS/Version: All
Status: NEW
  Severity: Normal
  Priority: Other
 Component: Catalina
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


Setup:
~~
I have two contexts. The root context allows cookies and the sub context does 
URL rewriting. ie:

Context path= docBase=sub reloadable=true privileged=false/
Context path=/sub docBase=sub cookies=false reloadable=true 
privileged=false/

In the docBase is only an index.jsp which justs print out the session and 
cookie info and does encodeURL() for the link to the sub context.

If I do:
1) goto http://localhost:8080/index.jsp (uses cookies)
2) goto http://localhost:8080/sub/index.jsp (uses URL rewrite)
3) click on the link which is response.encodeURL(/sub/index.jsp)

Issue:
~~
I find that the root context's cookie is passed onto the sub context. Because 
of this the encodeURL() doesn't encode the URL for rewriting in the sub 
context. Each time I click on the response.encodeURL(/sub/index.jsp) link a 
new session id is generated each time.

Example:

Request URI = /sub/index.jsp
Session ID = 80A6E1BEC167333A8E05E3588EA0C3A8
Is New = true
Is Valid = false
From Cookie = true
From URL = false

Cookie[0] (from /index.jsp)
getComment() = null
getDomain() = null
getMaxAge() = -1
getName() = JSESSIONID
getPath() = null
getSecure() = false
getValue() = F436A1045778EC9E794449A0192BD406
getVersion() = 0

-
Because request.isRequestedSessionIdFromCookie() returns true (since the root's 
cookie is passed to the sub context) the URL is not encoded with the sub 
context's session id. 

I've tried this on Windows  Linux, and with IE  Firefox...all produced the 
same results.

I've attached example of this issue.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



DO NOT REPLY [Bug 31232] - response.encodeURL() not encoding URL when mix of cookies and URL rewriting

2004-09-14 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=31232.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31232

response.encodeURL() not encoding URL when mix of cookies and URL rewriting





--- Additional Comments From [EMAIL PROTECTED]  2004-09-15 01:17 ---
Created an attachment (id=12736)
example tomcat instance of this issue.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



DO NOT REPLY [Bug 12428] - request.getUserPrincipal(): Misinterpretation of specification?

2004-09-14 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=12428.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=12428

request.getUserPrincipal(): Misinterpretation of specification?

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|RESOLVED|REOPENED
 Resolution|INVALID |



--- Additional Comments From [EMAIL PROTECTED]  2004-09-15 04:08 ---
That's fine.  You are right, there is no need to Authenticate for non protected
resources, however, once authenticated and the Principal is available it should
be returned regardless if authenticated or un-authenticated resource is being
accessed.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: cvs commit: jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11 Http11Processor.java

2004-09-14 Thread Remy Maucherat
Mark Thomas wrote:
From: Remy Maucherat [mailto:[EMAIL PROTECTED] 
 

The issue is that there's no value in this: it would likely take 5 
minutes for an attacker to figure out the webserver is 
running Tomcat. 
The Server header is maybe the less visible of them (and gives little 
information when compared to the others).

So why bother about this ? (that's my point)
   

Because users want the functionality.
 

Cool. Let the morons rule, then ;)
If it can be done without hitting performance, why not do it?
Because useless functionality is bloat, and should not be added.
Rémy
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


DO NOT REPLY [Bug 31233] New: - jsp compile errors with Chinese Characters

2004-09-14 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=31233.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31233

jsp compile errors with Chinese Characters

   Summary: jsp compile errors with Chinese Characters
   Product: Tomcat 5
   Version: 5.5.1
  Platform: All
OS/Version: All
Status: NEW
  Severity: Major
  Priority: Other
 Component: Jasper
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


My jsp pages (which contains Chinese characters and encoded in UTF8) can be 
executed without any problems in Tomcat 4.1 and Tomcat 5.0. When I try to run 
these jsp pages in Tomcat 5.5, either it will result in compile errors or the 
Chinese characters can not be displayed correctly on the browser. Then I tried 
to replace jasper-compiler.jar and jasper-runtime.jar in Tomcat 5.5 with those 
in Tomcat 5.0 and all back to normal.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



DO NOT REPLY [Bug 31233] - jsp compile errors with Chinese Characters

2004-09-14 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://issues.apache.org/bugzilla/show_bug.cgi?id=31233.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31233

jsp compile errors with Chinese Characters





--- Additional Comments From [EMAIL PROTECTED]  2004-09-15 05:13 ---
Can you provide a test case ?

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]