bug 33463: realy fixed?

Hi, I've just wrote a unit test to verify this bug has fixed (http://issues.apache.org/bugzilla/show_bug.cgi?id=33463). But looking at the code in StandardContext: 4276 // Stop our application listeners 4277 listenerStop(); 4278 4279 // Clear all a

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/valves ByteBufferAccessLogValve.java mbeans-descriptors.xml

Remy Maucherat wrote: Jean-Francois Arcand wrote: Yes, I can explore that. I will re-add the writerThread for now since the current implementation doesn't work since the byteBuffer will never be flushed. This is temporary. Again, consider this valve as exploration. I do agree to some e

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/valves ByteBufferAccessLogValve.java mbeans-descriptors.xml

Remy Maucherat wrote: Jean-Francois Arcand wrote: Without access log valve, we are 20% faster. With the ByteBuffer one, 13%. There are 3 access log valves ;) Maybe you should give a chart. I did formally benchmark + FastCommonAccessLogValve + ByteBufferAccessLogValve I didn't bother

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session PersistentManagerBase.java StandardManager.java StandardSession.java

Remy Maucherat wrote: Jean-Francois Arcand wrote: It's not useless. Normal permissions are still turned on. It's only the package protection that is disabled. When disabled, Tomcat 5 is as unsecure as Tomcat 4 in term of sniffing/loading classes, but still secure in term of browsin

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/valves ByteBufferAccessLogValve.java mbeans-descriptors.xml

Remy Maucherat wrote: Jean-Francois Arcand wrote: BTW, there's no way you get +13% over the fast access logger, since it has about 6% overhead on a static file test (compared with 25-30% for the normal one) ;) Well, it approx. 20% without valve. I can't understand what you mean her

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session PersistentManagerBase.java StandardManager.java StandardSession.java

Remy Maucherat wrote: Jean-Francois Arcand wrote: Actually, my next steps is to allows empty field in catalina.properties, which will disable the mechanism (next commit :-)). Right now you can only disable the mechanism by removing the catalina.properties or if you use the Embedded interfance

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/valves ByteBufferAccessLogValve.java mbeans-descriptors.xml

Remy Maucherat wrote: [EMAIL PROTECTED] wrote: jfarcand2004/11/19 08:46:27 Modified:catalina/src/conf server.xml catalina/src/share/org/apache/catalina/valves mbeans-descriptors.xml Added: catalina/src/share/org/apache/catalina/valves

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core ApplicationContextFacade.java ApplicationFilterChain.java StandardWrapper.java

Remy Maucherat wrote: Jean-Francois Arcand wrote: Bill Barker wrote: This can't possibly be thread-safe (and the changes to ACF look dubious as well). Hum...I did run a lot of stress tests that target the same servlet (ex: trade2 benchmarks) without seeing anything like that. I

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core ApplicationContextFacade.java ApplicationFilterChain.java StandardWrapper.java

Bill Barker wrote: @@ -1012,13 +1041,12 @@ DummyResponse res = new DummyResponse(); if( System.getSecurityManager() != null) { -Class[] classType = new Class[]{ServletRequest.class, - ServletResponse.class}; -

Re: Interesting usage of Tomcat...

Costin Manolache wrote: Mladen Turk wrote: Shapira, Yoav wrote: http://www.theserverside.com/talks/VendorPerspectives/Mainsoft/interview .tss Yes, indeed :) Almost a year ago I proposed a project that would enable Tomcat to seemesly integrate the legacy code. Something like moving the perspective

Re: Tomcat, other AppServer and ServletSpec_2.3

Hi, Tomcat behaviour is the right one (I've sopken with the spec lead). File a bug against your Container (or move to Tomcat :-) ) Thanks -- Jeanfrancois [EMAIL PROTECTED] wrote: I recognized a behaviour in Tomcat (version 4.1.29) and would like to no if you think this behaviour is a requirement

Re: Introduction

Hi, take a look at the current open bugs and submits patches. Someday one of us will propose you as committer, after looking at your patches :-) Thanks -- Jeanfrancois Felipe Leme wrote: Hi, My name is Felipe and I just joined the devs list recently, as I would like to more involved with Tomcat's

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenti cator SingleSignOnEntry.java AuthenticatorBase.java BasicAuthenticator.java DigestAuthenticator.java FormAuthenticator.java NonLoginAuthenticator.java SSLAut

Nelson, Luke wrote: I tested it and it didn't throw the exception indicated earlier in this thread. I would rather this part of the patch be replaced with something more robust. There really isn't a need to test for the timeout as we should be able to know how the session expired by the sessio

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenti cator SingleSignOnEntry.java AuthenticatorBase.java BasicAuthenticator.java DigestAuthenticator.java FormAuthenticator.java NonLoginAuthenticator.java SSLAuthentic

Brian Stansberry wrote: At 11:56 AM 11/24/2003 -0600, you wrote: I have tried applying the patch, and I found three problems with it. First, its removal of a session from the SingleSignOnEntry object causes an IndexOutOfBounds exception. Second, the method for determining whether the user ex

Re: J2EE 1.4 final?

Shapira, Yoav wrote: Hi, Supposedly J2EE 1.4 has now gone final and been released. Not yet :-) Yet the link on java.sun.com hot downloads section still says J2EE 1.4 Beta 2. The JSR pages for 152 and 154 on www.jcp.org say Final Approval Ballot is completed, so I suppose the spec are indeed f

Re: [VOTE] New committer: Mark Thomas

+1 -- Jeanfrancois Remy Maucherat wrote: Hi, I'd like to nominate Mark Thomas as a Tomcat committer. He has contibuted a significant amount of fixes already, and does what nobody else does: roam Bugzila to fix older issues and cleanup the database. He has special interest in the WebDAV code,

Re: [VOTE] Kurt Miller as commiter

+1 -- Jeanfrancois Henri Gomez wrote: Hi to all, I would like to propose you a new tomcat commiter, Kurt Miller which as proposed many usefull patches for JK2. Since we want to deprecated jk and focus jk2, we need more people involved on jk2. Vote please.

Re: [VOTE] New builds

Release 4.1.29 as Stable ? [ ] Yes [ ] No Release 5.0.14 as Beta ? [X] Yes [ ] No I've ran the Servlet/JSP tcks on 5.0.14 and they all passes (with and without SecurityManager). Validation is still working (wow 1 month without breaking...do not update xerces ;-) ) -- Jeanfrancois ---

Re: Tomcat CVS howto

I'm also having trouble those days when building the nightly build. It seems when you log in using anoncvs, you don't get all the source code. I have to use my account in order to make it work Anyone have such problem? -- Jeanfrancois Mark W. Webb wrote: I am looking for a doc that explai

Re: no main in Embedded.java

Remy Maucherat wrote: Jean-Francois Arcand wrote: The Embedded.main has been removed a long time ago (at the time of introducing JMX). As for the sh/bat, I did remove the option2 days ago (just browse the list). The JMX approach is in my opinion a good alternative: http

Re: no main in Embedded.java

The Embedded.main has been removed a long time ago (at the time of introducing JMX). As for the sh/bat, I did remove the option2 days ago (just browse the list). The JMX approach is in my opinion a good alternative: http://apache.crihan.fr/dist/jakarta/tomcat-5/v5.0.12-beta/bin/jakarta-tomc

[5] Embedded script support?

Hi, The catalina.sh/bat script still include the embedded option (BTW no longer works since the Embedded class is not in bootstrap.jar). Do we still want to support that option or should I remove it from the script? Thanks, -- Jeanfrancois -

Re: Digester and external entities with systemId only : Was: Important requirement : Re: [next] What's next ?

Henri Gomez wrote: I traced TC 5.0 and Digester and suspect what could be the problem with external entities when only SYTEM is defined ie : In Digester.java, at least in the 1.5 release, resolveEntity return null if publicId is null even if systemId is set. To make it works, I just replaced :

Re: Important requirement : Re: [next] What's next ?

Henri Gomez wrote: Remy Maucherat a écrit : Glenn Nielsen wrote: Henri Gomez wrote: Remy Maucherat a écrit : Henri Gomez wrote: No reply for this request ? Should I assume I could start to work on settings the currentWorking dir at web.xml dir location at web.xml parsing time ? I lik

[5] build broken

Hi, building from scratch I'm getting: BUILD FAILED file:/disk/raid0/home/jfarcand/jakarta-tomcat/jakarta-tomcat-5/build.xml:147: Warning: Could not find file /home/jfarcand/jakarta-tomcat/commons-daemon/commons-daemon.jar to copy. I've seens some change recently related to daemon. Where is the

Re: [next] What's next ?

Henri Gomez wrote: Henri Gomez a écrit : 3. Provide a complete working configuration example for a cluster of tomcat servers with a front-end tomcat as well, i.e. a pure tomcat-only solution. We already have the jvmRoute mechanism, but I think it needs more examples/documentation so that pe

Re: [next] What's next ?

I would be interested to: - implement jsr115 as an optional feature (based on a previous discussion with Costin on this thread (that may bring Costing back :-) ). - turn SecurityManager on by default ( already proposed by Costin sometime ago if I remember). - improve xml parsing performance (may

Re: [5.0] Schedule change

Bill Barker wrote: By the way, is there any plan to certify Tomcat 5? As everyone knows, Sun controls the RI now. While it's rumored to be based on Tomcat code, that's not the same thing. Also, as everyone knows, Geronimo is planning to test the Sun/Apache agreement by getting the test-suite

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup ContextConfig.java TldConfig.java

Remy Maucherat wrote: [EMAIL PROTECTED] wrote: jfarcand2003/09/23 14:37:01 Modified:catalina/src/share/org/apache/catalina/startup ContextConfig.java TldConfig.java Log: Revert my previous patch since it force validation even when the value is set to false (for schema). I didn't upgr

Re: [VOTE] 5.0.12 stability rating

Remy Maucherat wrote: [ ] Alpha [X ] Beta -- Jeanfrancois - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Re: [5.0] Session at ApacheCon

Filip Hanik wrote: >and clustering :) True. But I will try to speak about things that I know (or seems to know ;-)). For sure I will at least add it to the what's new list. Thanks, -- Jeanfrancois >- Original Message - >From: "Remy Maucherat" <[EMAIL PROTECTED]> >To: "Tomcat Devel

Re: [5.0] Session at ApacheCon

Remy Maucherat wrote: > http://apachecon.com/html/session-popup.html/e=MjAwMy9VUw?id=897 > > New XML Schema support > > Well, hum, it doesn't work for me ^_^; I hope it work at that time ;-) > > > New Connector Architecture > > It was already there in 4.1.x. If you do a diff, you'll see that

Re: [VOTE] 5.0.11 stability rating

Seems my apache/sun email are blocked when I reply. :-( Remy Maucherat wrote: > > [X] Alpha > [ ] Beta > When turning the security manager on: > java.security.AccessControlException: access denied (java.io.FilePermission > /home/ja120114/src/jakarta-tomcat-5/build/server/webapps/manag

Re: [VOTE] 5.0.9 stability rating

Bill Barker wrote: - Original Message - From: "Jean-Francois Arcand" <[EMAIL PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]> Sent: Monday, August 25, 2003 6:20 AM Subject: Re: [VOTE] 5.0.9 stability rating Bill Barker wrote: - Or

Re: [VOTE] 5.0.9 stability rating

Bill Barker wrote: - Original Message - From: "Remy Maucherat" <[EMAIL PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]> Sent: Monday, August 25, 2003 12:32 AM Subject: Re: [VOTE] 5.0.9 stability rating Bill Barker wrote: Tim Funk wrote: Installed 5.0.9 fro

Re: [VOTE] 5.0.9 stability rating

Remy Maucherat wrote: [ ] Alpha [X ] Beta Except for validation (which I'm still investigating (try to create smaller test case for the Xerces folks) -- Jeanfrancois - To unsubscribe, e-mail: [EMAIL PROTECTED] For addition

Xerces location and bug

Hi, I've just realized that when you install Tomcat 5 from a fresh workspace, Xerces is not copied under common/endorsed. I don't remember what was the decision regarding Xerces. Have we decide to completely remove it? If yes, then we shoud remove the dependency in build.properties and unpdate

Re: [VOTE] 5.0.7 stability rating

Remy Maucherat wrote: Jean-Francois Arcand wrote: Remy Maucherat wrote: [X ] Alpha [ ] Beta Please vote :) Add comments if needed. (1) Xerces validation doesn't work (seems the way we load the DTD is incorrect, producing the current error...but wait, we never know with X

Re: [VOTE] New committer: Eric Carmichael

+1. If he like Xerces, he can jump on that side too ;-) -- Jeanfrancois Remy Maucherat wrote: I'd like to nominate Eric Carmichael as a committer on the Tomcat project. Eric has been steadily supplying quality patches to the new Jasper which will implement the JSP 2.0 specification, and has h

Re: Resend: Tomcat 4.1.24 & JVM 1.4.2 security hole?

Oups I've missed the discussion . There is a 1.4.2 bug found by Remy (and reported in bugtraq as 4895132. I'm not sure you can access the bug). The workaround is to add the following property when starting Tomcat: -Dsun.io.useCanonCaches=false Can you try it and see if that fixe the problem (I

Re: Xerces location and bug

Remy Maucherat wrote: Jean-Francois Arcand wrote: Hi, I've just realized that when you install Tomcat 5 from a fresh workspace, Xerces is not copied under common/endorsed. I don't remember what was the decision regarding Xerces. Have we decide to completely remove it? If yes, the

Re: [VOTE] 5.0.7 stability rating

Remy Maucherat wrote: [X ] Alpha [ ] Beta Please vote :) Add comments if needed. (1) Xerces validation doesn't work (seems the way we load the DTD is incorrect, producing the current error...but wait, we never know with Xerces ;-) ). Since validation was by default supported in 4.x, I'm

Re: [VOTE] Tomcat 5.0 release plan

+1 -- Jeanfrancois Remy Maucherat wrote: I have updated the dates mentioned in the release plan (given that Tomcat 5 can't go to beta before the end of last month ;-) ). It now calls for a beta before the 15th of August, which means either Tomcat 5.0.6 or 5.0.7 would have to be declared beta t

Re: [5.0.7] New build by Sunday

+1. There is 1 bug in bugtraq currently open about *.jsp url mapping that I need to investigate (I'm not sure yet it's a bug) but I hope to have a fix before Sunday. -- Jeanfrancois Remy Maucherat wrote: Hi, I plan to make a new build available by Sunday. Comments ? Any issues which would nee

Re: [5.0.7] New build by Sunday

Remy Maucherat wrote: Jean-Francois Arcand wrote: +1. There is 1 bug in bugtraq currently open about *.jsp url mapping that I need to investigate (I'm not sure yet it's a bug) but I hope to have a fix before Sunday. And what would the bug be ? (I think I know the mapper code far b

Re: securityManager in JasperLoader.java

Hi Jean-Frederic, the current source have: int dot = name.lastIndexOf('.'); if (securityManager != null) { if (dot >= 0) { try { // Do not call the security manager since by default, we grant that package. if (!"org.a

Re: [VOTE] 4.1.26 stability rating

Finaly... Remy Maucherat wrote: [ ] Alpha [ ] Beta [X] Stable -- Jeanfrancois - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Re: [5] Mapper bug?

Forget that. The bug is in front of the computer! -- Jeanfrancois Jean-Francois Arcand wrote: Hi, I'm currently doing a very basic test: [EMAIL PROTECTED] jfarcand]$ wget http://localhost:8080/ --20:59:22-- http://localhost:8080/ => `index.html' Resolving loca

[5] Mapper bug?

Hi, I'm currently doing a very basic test: [EMAIL PROTECTED] jfarcand]$ wget http://localhost:8080/ --20:59:22-- http://localhost:8080/ => `index.html' Resolving localhost... done. Connecting to localhost[127.0.0.1]:8080... connected. HTTP request sent, awaiting response... 400 No Hos

Re: [5.0.5] New tag tomorrow ?

+1 Remy Maucherat wrote: To be able to reach beta quality around the end of this month, a new milestone will need to be released at the end of this week (and more generally, I think a one milestone per week schedule can't hurt when trying to go to beta - even if we end up missing the deadline

Re: [5] Authentication for Overlapping Constraints

Bill Barker wrote: Tomcat doesn't adhere to the (new) requirements in the 2.4 Servlet-Spec for handling the case of Overlapping Constraints: When a url-pattern and http-method pair occurs in multiple security constraints, the applicable constraints (on the pattern and method) are defined by com

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5MapperListener.java

Remy Maucherat wrote: [EMAIL PROTECTED] wrote: jfarcand2003/07/22 21:02:29 Modified:catalina/src/share/org/apache/coyote/tomcat5 MapperListener.java Log: When using the embedded interface (or jmx directly), context are never removed because of this condit

Re: cvs commit:jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5CoyoteRequest.java

Remy Maucherat wrote: [EMAIL PROTECTED] wrote: jfarcand2003/06/06 12:04:51 Modified:catalina/src/share/org/apache/coyote/tomcat5 CoyoteRequest.java Log: Revert the patch until I come with a better solution. I'd like to be convinced there's a bug here ;-)

Re: cvs commit:jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5CoyoteRequest.java

Remy Maucherat wrote: Jean-Francois Arcand wrote: OK, let's try to describe the problem. First, here is the stack trace the application is throwing when running: java.lang.NullPointerException at org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute(CoyoteRequestFaca de.jav

Re: cvs commit:jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5CoyoteRequest.java

OK, let's try to describe the problem. First, here is the stack trace the application is throwing when running: java.lang.NullPointerException at org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute(CoyoteRequestFaca de.java:271) at com.sun.web.ui.view.html.CCButton.getAttribute(CCButton

Re: [5.0] More dependencies

Remy Maucherat wrote: Remy Maucherat wrote: - daemon: Home of Mladen's procrun, a very promising exe wrapper for Java programs on Windows; this also contains a Unix wrapper for Java programs; the Unix wrapper could be advertised as "the" recommended solution to run Tomcat on 80 on Unix, and i

Re: [5.0] Commons dependencies

Remy Maucherat wrote: Costin Manolache wrote: Remy Maucherat wrote: - modeler: Basis for Tomcat 5 JMX features, with a lot of new impressively efficient functionality since release 1.0; again, a critical component [Costin (do you have enough time to continue being the RM of that component ?)]

Re: [5] reference to 2.3 dtd instead of 2.4?

Tim Funk wrote: The dtd in jakarta-servletapi-5\jsr154\examples\WEB-INF\web.xml says: http://java.sun.com/dtd/web-app_2_3.dtd";> Is this right? Yes it is. The examples doesn't contains any new 2.4 features. Of course it will be better if we improve the examples to demonstrate the new 2.4 feat

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/coreStandardContext.java

Remy Maucherat wrote: [EMAIL PROTECTED] wrote: jfarcand2003/05/28 21:13:24 Modified:catalina/src/share/org/apache/catalina/core StandardContext.java Log: Revert back my latest changes since it did not fix the problem completely. Don't worry about that I

Re: xerces in tomcat-4.1.x

Wait :-) I still did not ran all the tests that I have, specially the lovely XML schema one. It seems to work fine when validation is turned off, but I would like to be sure...mayb we can start using it with Tomcat 5 and change Tomcat 4.1.x once we are sure it work. -- Jeanfrancois jean-frede

Re: Why does Tomcat use xerces under java 1.4 instead of the internaljvm classes?

Costin Manolache wrote: Jean-Francois Arcand wrote: At least in tomcat5 I never use xerces - only the bundled parser, and so far I've seen no problems. Crimson is a very good parser, and it still faster that Xerces in some case. The only reason I see for bundling xerces is for

Re: [4.1.x] Next release

Remy Maucherat wrote: Costin Manolache wrote: Remy Maucherat wrote: Could I get some details on that filter/facade bug ? Yes, Filter.init() is called with the Context object instead of the facade. While Servlet.init() is called correctly. This may allow access to the internals, and is just

Re: [4.1.x] Next release

Costin Manolache wrote: Remy Maucherat wrote: Could I get some details on that filter/facade bug ? Yes, Filter.init() is called with the Context object instead of the facade. While Servlet.init() is called correctly. This may allow access to the internals, and is just weird ( getting

Re: Why does Tomcat use xerces under java 1.4 instead of the internaljvm classes?

Costin Manolache wrote: Jean-Francois Arcand wrote: Because the xerces version bundled with 1.4 is an older one, doesn't support XML schema properly, and contains bugs (and is not as performant as the 2.x version) Isn't Crimson in JDK1.4 ? I remember we decided to disable

Re: Why does Tomcat use xerces under java 1.4 instead of the internaljvm classes?

Because the xerces version bundled with 1.4 is an older one, doesn't support XML schema properly, and contains bugs (and is not as performant as the 2.x version) -- Jeanfrancois David Thielen wrote: thanks - dave - To unsubsc

Re: [5.0] Monitor servlet

Remy Maucherat wrote: Jean-Francois Arcand wrote: Hi Remy, the servlet doesn't compile with JDK 1.3.x : StatusManagerServlet.java:274: cannot resolve symbol [javac] symbol : method maxMemory () [javac] location: class java.lang.Runtime [javac] writer.

Re: [5.0] Monitor servlet

Hi Remy, the servlet doesn't compile with JDK 1.3.x : StatusManagerServlet.java:274: cannot resolve symbol [javac] symbol : method maxMemory () [javac] location: class java.lang.Runtime [javac] writer.print(Runtime.getRuntime().maxMemory()); [javac]

Re: [VOTE] [4.1.24] Stability rating

[ ] Alpha [ ] Beta [X ] Stable (GA) -- Jeanfrancois - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Re: Xerces Question

From your description, everything seems fine. Does the error occurs only inside Tomcat or if you parse your file using the command line if also choke? -- Jeanfrancois Bill Barker wrote: I've been trying to set up a CLIENT-CERT authentication for MemoryRealm (one of the few that handles it :).

build.xml still broken...

Hi, the nightly scriptm who starts from a clean workspace, fail with the following: downloadfile: [mkdir] Created dir: /home/jfarcand/jakarta-tomcat/tyrex-1.0 [get] Getting: http://telia.dl.sourceforge.net/sourceforge/tyrex/tyrex-1.0.jar init: [mkdir] Created dir: /disk/raid0/home/jfa

Re: Tomcat 5 build failing,

That stangethe nightly build script that start at 11:59pm each day doesn't break. The scripts starts from a clean workspace.What is the error you are seeing? -- Jeanfrancois Filip Hanik wrote: Is the regular "ant dist" command failing only for me, or are the build scripts broken or the

Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resourcesLocalStrings_fr.properties

Craig R. McClanahan wrote: On Thu, 31 Oct 2002, Jean-Francois Arcand wrote: De toute petite corrections ;-) ... ah ces Quebbecois! Is this going to be as bad as American versus British English speakers? :-) Mostly...but I'm in minority againts all the French peoples on the

Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/utilLocalStrings_fr.properties

Hi Henry, more translation recommendations ;-) [EMAIL PROTECTED] wrote: hgomez 2002/10/31 01:34:29 Added: catalina/src/share/org/apache/catalina/users LocalStrings_fr.properties catalina/src/share/org/apache/catalina/valves

Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resourcesLocalStrings_fr.properties

Hi Henry, a couple of comment about your translation :-) [EMAIL PROTECTED] wrote: hgomez 2002/10/31 01:34:44 Added: catalina/src/share/org/apache/naming LocalStrings_fr.properties catalina/src/share/org/apache/naming/resources

Re: 10/29/02 Notes

Oups..wrong list...sorry. -- Jeanfrancois Jean-Francois Arcand wrote: are available under http://javaweb.sfbay.sun.com/~ja120114/security-audit/SecurityAudit.html Let me know if something is missing. Thanks, -- jeanfrancois -- To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscr

10/29/02 Notes

are available under http://javaweb.sfbay.sun.com/~ja120114/security-audit/SecurityAudit.html Let me know if something is missing. Thanks, -- jeanfrancois -- To unsubscribe, e-mail: For additional commands, e-mail:

Re: accessClassInPackage.org.apache.catalina.realm permission

Renato wrote: Hi all, ( sorry to post here... in users list nobody answered ) One of my users is asking for the following permission in his context java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.realm) He is using th

Re: [5.0] New build documentation, docs online

Bob Herrmann wrote: On Mon, 2002-10-28 at 05:07, Remy Maucherat wrote: New Tomcat 5.0 docs online (linked from the main Tomcat page): http://jakarta.apache.org/tomcat/tomcat-5.0-doc/index.html New building documentation: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/BUILDING.txt Comments

Re: Package Protection: which one?

Remy Maucherat wrote: Jean-Francois Arcand wrote: Hi, testing package protection, I have come to the following conclusion: Packages that we can protect against access -- o.a.catalina o.a.jasper o.a.jsp o.a.jk Packages that we can protect against

Package Protection: which one?

Hi, testing package protection, I have come to the following conclusion: Packages that we can protect against access -- o.a.catalina o.a.jasper o.a.jsp o.a.jk Packages that we can protect against definition -

Re: DO NOT REPLY [Bug 13907] - security manager does not give readpermission on a context by default

Aditya wrote: Glenn, On Thu, Oct 24, 2002 at 10:03:47AM -, [EMAIL PROTECTED] wrote: This must be a problem in your local system configuration. Check the unix file ownerhsip and permissions for test2.new. I've done that and the fact is that it works fine without the security manage

Re: Security Check in Classloader.

Foget that email. The problem is in front of the computer, not in the class ;-) -- Jeanfrancois Jean-Francois Arcand wrote: Hi, In StandardClassLoader, starting line 815, the SecurityManager is invoked: // (.5) Permission to access this class when using a SecurityManager if

Security Check in Classloader.

Hi, In StandardClassLoader, starting line 815, the SecurityManager is invoked: // (.5) Permission to access this class when using a SecurityManager if (securityManager != null) { int i = name.lastIndexOf('.'); if (i >= 0) { try {

[3.3] Is methodo.a.c.http11.Http11Processor.addFilter used

Hi, is method o.a.c.http11.Http11Processor.addFilter used by Tomcat 3.x? The method is not used in 4.1.X and 5, and I would like to remove it. The method gives direct access to Class.forName, and this is a "lightweight" security issue. Thanks, -- Jeanfrancois -- To unsubscribe, e-mail:

[Off-topic] FYI Xerces 2.2

HI, just a quick update with Xerces 2.2. Two weeks ago, I tough I've found the problem Tomcat was having with Xerces 2,2 (by replacing struts.jar file with the 1.1 beta version, the bug did not show up again). I did some tests last week and the bug starts to re-appear, but not all the time (s

Re: [Security Audit] CoyoteRequest.doGetSession

OK, I have committed the change, do testing, and try to hack the code I just wrote. Of course, more testing will be appreciated :-) -- Jeanfrancois Glenn Nielsen wrote: Jean-Francois Arcand wrote: Glenn Nielsen wrote: Costin Manolache wrote: I'm in the middle on this one -

Re: MBean error when using o.a.c.session.PersistentManager

Sorry for the second postmy mail server is having problems Jean-Francois Arcand wrote: Hi, I got the following error when I start Tomcat with the o.a.c.session.PersistentManager manager: ServerLifecycleListener: createMBeans: MBeanException java.lang.Exception: ManagedBean is not

MBean error when using o.a.c.session.PersistentManager

Hi, I got the following error when I start Tomcat with the o.a.c.session.PersistentManager manager: ServerLifecycleListener: createMBeans: MBeanException java.lang.Exception: ManagedBean is not found with PersistentManager at org.apache.catalina.mbeans.MBeanUtils.createMBean(MBeanUtils.

MBean error when adding a new o.a.c.s.Manager.

Hi, I got the following error when I start Tomcat with the o.a.c.session.PersistentManager manager: ServerLifecycleListener: createMBeans: MBeanException java.lang.Exception: ManagedBean is not found with PersistentManager at org.apache.catalina.mbeans.MBeanUtils.createMBean(MBeanUtils.j

Re: [VOTE] New Committer John Turner

+1 He is quite impressive on tomcat-users list -- Jeanfrancois Bob Herrmann wrote: Mladen's word is enough for me. +1 for John Turner Cheers, -bob On Fri, 2002-10-18 at 15:11, Mladen Turk wrote: Hi, I'd like to propose John Turner [Jturner at AAS.com] as a new Tomcat committer. He do

Re: Tomcat 4.0.3 doesn't deploy WAR files with particular names

The appropriate forum for that type of questions will be first under tomcat-user mailling list :-) I've just rename one of my war " wiponline.war" file without any problems. So it is not related to Tomcat. Maybe you JDK have a bug? -- Jeanfrancois Markus Zänglein wrote: >HI > >I was faced

Re: [Proposal] Having a Tomcat.security file.

Glenn Nielsen wrote: > Jean-Francois Arcand wrote: > >> Hi, >> >> I've re-factored Catalina.java and CatalinaService.java and merge the >> security code into a single class: o.a.c.security.SecurityConfig. >> This class will manage all the package

[Proposal] Having a Tomcat.security file.

Hi, I've re-factored Catalina.java and CatalinaService.java and merge the security code into a single class: o.a.c.security.SecurityConfig. This class will manage all the package access/definition security properties. Actually, the list of package access/definition are harcoded in that class.

Re: [Security Audit] CoyoteRequest.doGetSession

not the best >> implementation, but I think you get my point ). >> > > Persisting session data is the responsibility of the container not > the web application. Session management/persistence should be completely > transparent to the webapp including security policy permissi

Re: [Security Audit] CoyoteRequest.doGetSession

d by default whatever they want. If I want to denied ManagerA file permissions, I have no way to do it right now...right? > > > -1 for changing/removing the doPrivileged() Other voices? > > > Regards, > > Glenn Thanks, -- Jeanfrancois > > > Jean-Franc

[Security Audit] CoyoteRequest.doGetSession

Hi, In o.a.c.tomcat5.CoyoteRequest (same in tomcat4), there is a doPrivilege block that grant the doGetSession method. This method delegate the logic to the o.a.c.Manager instance. A Manager can (but it's not required) uses a o.a.c.Store object . The Manager and the Store object may need spec

Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/startupCatalina.java CatalinaService.java

Hi Glenn, should it be org.apache.tomcat.util instead of org.apache.util ? Thanks, -- Jeanfrancois [EMAIL PROTECTED] wrote: >glenn 2002/10/15 13:33:19 > > Modified:catalina/src/share/org/apache/catalina/startup Catalina.java >CatalinaService.java > Log: >

[Security Audit] Package protection...

HI, is somebody aware why package org.apache.coyote.* and org.apache.tomcat.* are not protected againts package insertion/access in Catalina.java. What is the reasons? Actually, classes are not available to a Webapp (the Classloader is taking care of it) but when Tomcat is embedded in an app

Re: [VOTE] tomcat-commiters list

Costin Manolache wrote: >I would like to propose a new mailing list. > >The list will be closed to commiters only. The main purpose >will be discussions of security and other special issues. >This should avoid [Cc] threads. > >The main target should be active commiters - so it should >start em

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/netSSLServerSocketFactory.java

Hi Remy, when you start with the SecurityManager, the following exception is thrown. java.lang.ClassNotFoundException: org.apache.catalina.connector.HttpRequestBase$Privilege dGetSession at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.j ava:890)

  1   2   >