svn commit: r1590453 - in /tomcat/tc7.0.x/trunk: ./ webapps/docs/changelog.xml webapps/docs/config/valve.xml webapps/docs/security-howto.xml

Sun, 27 Apr 2014 11:51:12 -0700 

Author: kkolinko
Date: Sun Apr 27 18:50:08 2014
New Revision: 1590453

URL: http://svn.apache.org/r1590453
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56383
Merged r1590451 from tomcat/trunk:
Document the new feature on the "security HowTO" page.
Move error valve documentation lower in the valves list
(access log valves and access control valves should be the first ones there).

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml
    tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1590451

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1590453&r1=1590452&r2=1590453&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Sun Apr 27 18:50:08 2014
@@ -101,7 +101,7 @@
       <add>
         <bug>56383</bug>: Properties for disabling server information and error
         report are added to the 
<code>org.apache.catalina.valves.ErrorReportValve</code>.
-        Based on the patch provided by Nick Bunn. (violetagg)
+        Based on the patch provided by Nick Bunn. (violetagg/kkolinko)
       </add>
       <fix>
         Only create XML parsing objects if required and fix associated 
potential

Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml?rev=1590453&r1=1590452&r2=1590453&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml Sun Apr 27 18:50:08 2014
@@ -328,54 +328,6 @@
 </section>
 
 
-<section name="Error Report Valve">
-
-  <subsection name="Introduction">
-
-    <p>The <strong>Error Report Valve</strong> is a simple error handler 
-    for HTTP status codes that will generate and return HTML error pages.</p>
-
-    <p><strong>NOTE:</strong> Disabling both showServerInfo and showReport will
-    only return the HTTP status code and remove all CSS.</p>
-
-  </subsection>
-
-  <subsection name="Attributes">
-
-    <p>The <strong>Error Report Valve</strong> supports the following
-    configuration attributes:</p>
-
-    <attributes>
-
-      <attribute name="className" required="true">
-        <p>Java class name of the implementation to use.  This MUST be set to
-        <strong>org.apache.catalina.valves.ErrorReportValve</strong> to use the
-        default error report valve.</p>
-      </attribute>
-
-      <attribute name="showReport" required="false">
-        <p>Flag to determine if the error report is presented when an error 
occurs.
-           If set to <code>false</code>, then the error report is not in 
-           the HTML response.
-           Default value: <code>true</code>
-        </p>
-      </attribute>
-
-      <attribute name="showServerInfo" required="false">
-        <p>Flag to determine if server information is presented when an error 
occurs.
-           If set to <code>false</code>, then the server version is not 
returned in 
-           the HTML response.
-           Default value: <code>true</code>
-        </p>
-      </attribute>
-
-    </attributes>
-
-  </subsection>
-
-</section>
-
-
 <section name="Extended Access Log Valve">
 
   <subsection name="Introduction">
@@ -628,6 +580,54 @@
 </section>
 
 
+<section name="Error Report Valve">
+
+  <subsection name="Introduction">
+
+    <p>The <strong>Error Report Valve</strong> is a simple error handler
+    for HTTP status codes that will generate and return HTML error pages.</p>
+
+    <p><strong>NOTE:</strong> Disabling both showServerInfo and showReport will
+    only return the HTTP status code and remove all CSS.</p>
+
+  </subsection>
+
+  <subsection name="Attributes">
+
+    <p>The <strong>Error Report Valve</strong> supports the following
+    configuration attributes:</p>
+
+    <attributes>
+
+      <attribute name="className" required="true">
+        <p>Java class name of the implementation to use.  This MUST be set to
+        <strong>org.apache.catalina.valves.ErrorReportValve</strong> to use the
+        default error report valve.</p>
+      </attribute>
+
+      <attribute name="showReport" required="false">
+        <p>Flag to determine if the error report is presented when an error
+           occurs. If set to <code>false</code>, then the error report is not 
in
+           the HTML response.
+           Default value: <code>true</code>
+        </p>
+      </attribute>
+
+      <attribute name="showServerInfo" required="false">
+        <p>Flag to determine if server information is presented when an error
+           occurs. If set to <code>false</code>, then the server version is not
+           returned in the HTML response.
+           Default value: <code>true</code>
+        </p>
+      </attribute>
+
+    </attributes>
+
+  </subsection>
+
+</section>
+
+
 <section name="Single Sign On Valve">
 
   <subsection name="Introduction">

Modified: tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml?rev=1590453&r1=1590452&r2=1590453&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml Sun Apr 27 18:50:08 
2014
@@ -349,8 +349,10 @@
 
       <p>The default ErrorReportValve includes the Tomcat version number in the
       response sent to clients. To avoid this, custom error handling can be
-      configured within each web application. Alternatively, the version number
-      can be changed by creating the file
+      configured within each web application. Alternatively, you can explicitly
+      configure an <a href="config/valve.html">ErrorReportValve</a> and set its
+      <strong>showServerInfo</strong> attribute to <code>false</code>.
+      Alternatively, the version number can be changed by creating the file
       CATALINA_BASE/lib/org/apache/catalina/util/ServerInfo.properties with
       content as follows:</p>
       <source>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to