Re: [VOTE] Tomcat 6 release plan

2006-10-18 Thread Rainer Jung 

 > 

[X] +1
[ ] +0
[ ] -1



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: mod_proxy_ajp vs mod_jk

2006-10-18 Thread Rainer Jung 

Hi,

fredk2 wrote:

The question is - how can you set secret in mod_proxy_ajp ?


Not at the moment.


If this feature is not (yet) implemented, can this be easily added - aka can
we expect this in a later version :) ?

Please let me know if this post should be made on apache-httpd dev forum.


You'll reach Mladen, who ported mod_jk to mod_proxy_* on this list, but 
you should better post to httpd-dev to make sure, all the other 
developers are able to read it.


Rainer

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [VOTE] Tomcat 6 release plan

2006-10-18 Thread Peter Rossbach 

Good work...

Am 18.10.2006 um 02:01 schrieb Remy Maucherat:



[ X] +1
[ ] +0
[ ] -1

Re: mod_proxy_ajp vs mod_jk

2006-10-18 Thread Mladen Turk 

Rainer Jung wrote:

Hi,

fredk2 wrote:

The question is - how can you set secret in mod_proxy_ajp ?


Not at the moment.

If this feature is not (yet) implemented, can this be easily added - 
aka can

we expect this in a later version :) ?

Please let me know if this post should be made on apache-httpd dev forum.


You'll reach Mladen, who ported mod_jk to mod_proxy_* on this list, but 
you should better post to httpd-dev to make sure, all the other 
developers are able to read it.




This feature is pretty much useless and gives no higher
security whatsoever. The same thing can be done by IP Filter
in Tomcat, that would give much higher security then this.

Regards,
Mladen.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r465195 - /tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/StandardSession.java

2006-10-18 Thread remm 
Author: remm
Date: Wed Oct 18 03:13:28 2006
New Revision: 465195

URL: http://svn.apache.org/viewvc?view=rev&rev=465195
Log:
- Fix NPE on isValid for an expired session when activity check is enabled.

Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/StandardSession.java

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/StandardSession.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/StandardSession.java?view=diff&rev=465195&r1=465194&r2=465195
==
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/StandardSession.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/StandardSession.java 
Wed Oct 18 03:13:28 2006
@@ -710,7 +710,9 @@
 }
 }
 }
-accessCount = null;
+if (ACTIVITY_CHECK) {
+accessCount.set(0);
+}
 setValid(false);
 
 /*



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r465208 - /tomcat/tc6.0.x/trunk/native/connector/

2006-10-18 Thread mturk 
Author: mturk
Date: Wed Oct 18 04:09:50 2006
New Revision: 465208

URL: http://svn.apache.org/viewvc?view=rev&rev=465208
Log:
Copy the tomcat-connector/jni/native to the native/connector.

Added:
tomcat/tc6.0.x/trunk/native/connector/
  - copied from r465207, tomcat/connectors/trunk/jni/native/


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [VOTE] Tomcat 6 release plan

2006-10-18 Thread Tim Funk 


Remy Maucherat wrote:

Hi,

The release plan is located here:
http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/RELEASE-PLAN-6.0.txt


[X] +1
[ ] +0
[ ] -1




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r465217 - in /tomcat/tc6.0.x/trunk/native/connector/srclib: ./ VERSIONS

2006-10-18 Thread mturk 
Author: mturk
Date: Wed Oct 18 04:30:36 2006
New Revision: 465217

URL: http://svn.apache.org/viewvc?view=rev&rev=465217
Log:
Add srclib build repository.

Added:
tomcat/tc6.0.x/trunk/native/connector/srclib/
tomcat/tc6.0.x/trunk/native/connector/srclib/VERSIONS

Added: tomcat/tc6.0.x/trunk/native/connector/srclib/VERSIONS
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/native/connector/srclib/VERSIONS?view=auto&rev=465217
==
--- tomcat/tc6.0.x/trunk/native/connector/srclib/VERSIONS (added)
+++ tomcat/tc6.0.x/trunk/native/connector/srclib/VERSIONS Wed Oct 18 04:30:36 
2006
@@ -0,0 +1,4 @@
+Use the following version of the libraries
+
+- APR 1.2.7, http://apr.apache.org
+- OpenSSL 0.9.8d, http://www.openssl.org



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: mod_proxy_ajp vs mod_jk

2006-10-18 Thread fredk2 

Hi Mladen,



I am curious about your last statement.
I understant that an ip filter is more secure. However, if I am not
mistaken, to setup IPFilter you need to be a sysadmin (aka Root) and you can
lock yourself out if you do not have physical access to the server(s), right
? 

So why not a secret word ? It is easy to set and correct. If the file access
permissions are applied properly you can then be certain that the tomcat
will only communicate with the proper Apache(s).  I am sure that the
security gurus would like to see SSL, but that is another thread:)

Thanks - Fred

(Interesting, I just saw that IPFilter is now bundled in Solaris 10, but
many Linux ship with IPTables :(


Mladen Turk wrote:
> 
> Rainer Jung wrote:
>> Hi,
>> 
>> fredk2 wrote:
>>> The question is - how can you set secret in mod_proxy_ajp ?
>> 
>> Not at the moment.
>> 
>>> If this feature is not (yet) implemented, can this be easily added - 
>>> aka can
>>> we expect this in a later version :) ?
>>>
>>> Please let me know if this post should be made on apache-httpd dev
>>> forum.
>> 
>> You'll reach Mladen, who ported mod_jk to mod_proxy_* on this list, but 
>> you should better post to httpd-dev to make sure, all the other 
>> developers are able to read it.
>> 
> 
> This feature is pretty much useless and gives no higher
> security whatsoever. The same thing can be done by IP Filter
> in Tomcat, that would give much higher security then this.
> 
> Regards,
> Mladen.
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/mod_proxy_ajp-vs-mod_jk-tf2463710.html#a6877291
Sent from the Tomcat - Dev mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [VOTE] Tomcat 6 release plan

2006-10-18 Thread Yoav Shapira 

Hi,

On 10/17/06, Remy Maucherat <[EMAIL PROTECTED]> wrote:

The release plan is located here:
http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/RELEASE-PLAN-6.0.txt


[ X ] +1
[ ] +0
[ ] -1



Yoav

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: mod_proxy_ajp vs mod_jk

2006-10-18 Thread Yoav Shapira 

Hi,
Fred, I think you may be confusing IPFilter (the Solaris-specific
package) with a generic IP filter.  I might be misunderstanding Mladen
myself, but I think he meant a simple configuration of Tomcat's Remote
Address Valve (http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html)
or a similar component at the javax.servlet.Filter level.

Yoav

On 10/18/06, fredk2 <[EMAIL PROTECTED]> wrote:


Hi Mladen,



I am curious about your last statement.
I understant that an ip filter is more secure. However, if I am not
mistaken, to setup IPFilter you need to be a sysadmin (aka Root) and you can
lock yourself out if you do not have physical access to the server(s), right
?

So why not a secret word ? It is easy to set and correct. If the file access
permissions are applied properly you can then be certain that the tomcat
will only communicate with the proper Apache(s).  I am sure that the
security gurus would like to see SSL, but that is another thread:)

Thanks - Fred

(Interesting, I just saw that IPFilter is now bundled in Solaris 10, but
many Linux ship with IPTables :(


Mladen Turk wrote:
>
> Rainer Jung wrote:
>> Hi,
>>
>> fredk2 wrote:
>>> The question is - how can you set secret in mod_proxy_ajp ?
>>
>> Not at the moment.
>>
>>> If this feature is not (yet) implemented, can this be easily added -
>>> aka can
>>> we expect this in a later version :) ?
>>>
>>> Please let me know if this post should be made on apache-httpd dev
>>> forum.
>>
>> You'll reach Mladen, who ported mod_jk to mod_proxy_* on this list, but
>> you should better post to httpd-dev to make sure, all the other
>> developers are able to read it.
>>
>
> This feature is pretty much useless and gives no higher
> security whatsoever. The same thing can be done by IP Filter
> in Tomcat, that would give much higher security then this.
>
> Regards,
> Mladen.
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>

--
View this message in context: 
http://www.nabble.com/mod_proxy_ajp-vs-mod_jk-tf2463710.html#a6877291
Sent from the Tomcat - Dev mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [VOTE] Tomcat 6 release plan

2006-10-18 Thread Jeanfrancois Arcand 




[X] +1
[ ] +0
[ ] -1




-- Jeanfrancois

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Problem with Tomcat 5.5.17 and LDAP binding

2006-10-18 Thread miriam 

I am connecting to LDAP using Tomcat 5.5.12 and everything is fine. However,
when I change over to Tomcat 5.5.16, I can no longer connect to LDAP because
of a binding error. 

The error I see is -

javax.naming.NamingException: [LDAP: error code 1 - : LdapErr:
DSID-0C0905FF, comment: In order to perform this operation a successful bind
must be completed on the connection., data 0, vece  remaining name
'qtest\fmccarthy' 
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3025)




The cause of my problem is due to a change made to the JNDIRealm class, the
getUserByPattern(). The change made ( I don’t think) has not been documented
in the change log html. Two lines of code have been removed from the above
class and method. Basically, can you tell me why the change was made and
also can you tell me is there a complimentary change I need to make to my
code, to get the LDAP to work.

This the Realm that works with Tomcat 5.5.12, but doesn't work with Tomcat
5.5.16
ldap://1.0.0.0:389"; 
userPattern="({0})"
resourceName="UserDatabase" referrals="follow" />


-- 
View this message in context: 
http://www.nabble.com/Problem-with-Tomcat-5.5.17-and-LDAP-binding-tf2467214.html#a6878278
Sent from the Tomcat - Dev mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 40751] - the jsp pages consume a 100% of CPU usage on Pentium III (but on the 5.5.17 work fine)

2006-10-18 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40751





--- Additional Comments From [EMAIL PROTECTED]  2006-10-18 08:57 ---
i cant provide the testcase at the moment, i'm running out of time, keep the bug
open for some time and i'll try to check it again with both installed instances
of tomcat

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r465293 - in /tomcat/container/tc5.5.x: modules/cluster/src/share/org/apache/catalina/cluster/tcp/ webapps/docs/

2006-10-18 Thread pero 
Author: pero
Date: Wed Oct 18 09:37:42 2006
New Revision: 465293

URL: http://svn.apache.org/viewvc?view=rev&rev=465293
Log:
Made recovery more robust.

Modified:

tomcat/container/tc5.5.x/modules/cluster/src/share/org/apache/catalina/cluster/tcp/FastAsyncSocketSender.java

tomcat/container/tc5.5.x/modules/cluster/src/share/org/apache/catalina/cluster/tcp/LocalStrings.properties

tomcat/container/tc5.5.x/modules/cluster/src/share/org/apache/catalina/cluster/tcp/mbeans-descriptors.xml
tomcat/container/tc5.5.x/webapps/docs/changelog.xml

Modified: 
tomcat/container/tc5.5.x/modules/cluster/src/share/org/apache/catalina/cluster/tcp/FastAsyncSocketSender.java
URL: 
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/modules/cluster/src/share/org/apache/catalina/cluster/tcp/FastAsyncSocketSender.java?view=diff&rev=465293&r1=465292&r2=465293
==
--- 
tomcat/container/tc5.5.x/modules/cluster/src/share/org/apache/catalina/cluster/tcp/FastAsyncSocketSender.java
 (original)
+++ 
tomcat/container/tc5.5.x/modules/cluster/src/share/org/apache/catalina/cluster/tcp/FastAsyncSocketSender.java
 Wed Oct 18 09:37:42 2006
@@ -54,7 +54,7 @@
 /**
  * The descriptive information about this implementation.
  */
-private static final String info = "FastAsyncSocketSender/3.0";
+private static final String info = "FastAsyncSocketSender/3.1";
 
 // - Instance Variables
 
@@ -69,6 +69,16 @@
 private FastQueueThread queueThread = null;
 
 /**
+ * recover timeout ( default 5 secs)
+ */
+private long recoverTimeout = 5000;
+
+/**
+ * number of recover tries
+ */
+private int recoverCounter = 5;
+
+/**
  * Count number of queue message
  */
 private long inQueueCounter = 0;
@@ -229,6 +239,40 @@
 }
 
 /**
+ * get current push message recover timeout 
+ * @return current push message recover timeout
+ */
+public long getRecoverTimeout() {
+
+return recoverTimeout;
+}
+
+/**
+ * Set recover timeout (default 5000 msec)
+ * @param timeout
+ */
+public void setRecoverTimeout(long timeout) {
+recoverTimeout = timeout;
+}
+
+/**
+ * get current push message recover counter 
+ * @return current push message recover counter
+ */
+public int getRecoverCounter() {
+
+return recoverCounter;
+}
+
+/**
+ * Set recover couner (default 5 )
+ * @param counter
+ */
+public void setRecoverCounter(int counter) {
+recoverCounter = counter;
+}
+
+/**
  * change active the queue Thread priority 
  * @param threadPriority value must be between MIN and MAX Thread Priority
  * @exception IllegalArgumentException
@@ -465,25 +509,62 @@
 }
 
 /**
- * @param entry
+ * Push all messages from queue to other nodes. Is revovery configured
+ * make a resends with some waits.
+ * @param entry list of messages
  */
 protected void pushQueuedMessages(LinkObject entry) {
 do {
 int messagesize = 0;
+ClusterData data = null ;
 try {
-ClusterData data = (ClusterData) entry.data();
+data = (ClusterData) entry.data();
 messagesize = data.getMessage().length;
 sender.pushMessage(data);
 } catch (Exception x) {
-log.warn(sm.getString(
-"AsyncSocketSender.send.error", entry
+long rTimeout = sender.getRecoverTimeout() ;
+int rCounter = sender.getRecoverCounter() ;
+if(data != null && 
+   rTimeout > 0 && 
+   rCounter > 0) {
+// wait that network get stabler
+int counter = 1;
+boolean success = false ;
+do {
+try {
+Thread.sleep(rTimeout*counter);
+} catch (Exception sleep) {
+}
+try {
+if(log.isDebugEnabled()) {
+
log.debug(sm.getString("AsyncSocketSender.send.recover",
+entry.getKey(),
+new Integer(counter), 
+new Integer(rCounter), new 
Long(rTimeout))) ;
+}
+sender.pushMessage(data);
+success = true;
+} catch (Exception xx) {
+  counter++; 
+

svn commit: r465301 - /tomcat/connectors/trunk/jk/xdocs/index.xml

2006-10-18 Thread rjung 
Author: rjung
Date: Wed Oct 18 10:07:44 2006
New Revision: 465301

URL: http://svn.apache.org/viewvc?view=rev&rev=465301
Log:
Replace broken links to install sub directory on 
documentation start page with links to HowTos.

Modified:
tomcat/connectors/trunk/jk/xdocs/index.xml

Modified: tomcat/connectors/trunk/jk/xdocs/index.xml
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/index.xml?view=diff&rev=465301&r1=465300&r2=465301
==
--- tomcat/connectors/trunk/jk/xdocs/index.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/index.xml Wed Oct 18 10:07:44 2006
@@ -221,25 +221,25 @@
 
 
 
-
+
 
 
-Apache 1.3.x installation 
documentation
-This section contains detail description of how to build and
-install mod_jk for Apache 1.3.x web server. Browse to this section if you need 
to
-build mod_jk for Apache 1.3.x web server from sources.
+-rw---   1 jung kippdata   16209 Sep 17 00:26 domino.xml
+-rw---   1 jung kippdata   13478 Sep 17 00:26 nes.xml
+
+Apache HowTo and installation 
documentation
+This section contains a detailed description of how to build and
+install mod_jk for the Apache web server.
 
 
-Apache 2.0.x installation 
documentation
-This section contains detail description of how to build and
-install mod_jk for Apache 2.0.x web server. Browse to this section if you need 
to
-build mod_jk for Apache 2.0.x web server from sources.
+IIS HowTo and installation 
documentation
+This section contains a detailed description of how to build and
+install ISAPI redirector for the IIS web server.
 
 
-
-IIS installation documentation
-This section contains detail description of how to build and
-install isapi_redirector for IIS web server.
+Netscape/SunOne/Sun web server HowTo and 
installation documentation
+This section contains a detailed description of how to build and
+install NSAPI redirector for the etscape/SunOne/Sun web server.
 
 
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r465303 - in /tomcat/tc6.0.x/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/

2006-10-18 Thread fhanik 
Author: fhanik
Date: Wed Oct 18 10:10:44 2006
New Revision: 465303

URL: http://svn.apache.org/viewvc?view=rev&rev=465303
Log:
Implemented SSLEngine attribute on the Java HTTP connectors.
This allows one to specify secure=true and scheme=https to prevent tomcat from 
redirecting 
when using a SSL accelerator in front of tomcat

Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml
tomcat/tc6.0.x/trunk/webapps/docs/ssl-howto.xml

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java?view=diff&rev=465303&r1=465302&r2=465303
==
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java 
Wed Oct 18 10:10:44 2006
@@ -103,7 +103,7 @@
 response.setOutputBuffer(outputBuffer);
 request.setResponse(response);
 
-ssl = endpoint.getSecure();
+ssl = "on".equalsIgnoreCase(endpoint.getSSLEngine());
 
 initializeFilters();
 

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java?view=diff&rev=465303&r1=465302&r2=465303
==
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java 
Wed Oct 18 10:10:44 2006
@@ -516,6 +516,8 @@
 
 public String getKeystoreFile() { return ep.getKeystoreFile();}
 public void setKeystoreFile(String s ) { ep.setKeystoreFile(s);}
+public void setKeystore(String s) { setKeystoreFile(s);}
+public String getKeystore(){ return getKeystoreFile();}
 
 public String getAlgorithm() { return ep.getAlgorithm();}
 public void setAlgorithm(String s ) { ep.setAlgorithm(s);}
@@ -534,6 +536,10 @@
 
 public String getCiphers() { return ep.getCiphers();}
 public void setCiphers(String s) { ep.setCiphers(s);}
+
+public String getSSLEngine() { return ep.getSSLEngine(); }
+public void setSSLEngine(String SSLEngine) { ep.setSSLEngine(SSLEngine); }
+
 
 
 //   Connection handler 

Modified: tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java?view=diff&rev=465303&r1=465302&r2=465303
==
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Protocol.java Wed 
Oct 18 10:10:44 2006
@@ -146,7 +146,7 @@
 
 // Verify the validity of the configured socket factory
 try {
-if (secure) {
+if ("on".equalsIgnoreCase(getSSLEngine())) {
 sslImplementation =
 SSLImplementation.getInstance(sslImplementationName);
 socketFactory = sslImplementation.getServerSocketFactory();
@@ -251,7 +251,10 @@
 protected boolean secure;
 public boolean getSecure() { return secure; }
 public void setSecure(boolean b) { secure = b; }
-
+
+protected String SSLEngine = "off";
+public String getSSLEngine() { return SSLEngine;}
+public void setSSLEngine(String SSLEngine) {this.SSLEngine = SSLEngine;}   
 
 
 /**
  * Name of the socket factory.

Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?view=diff&rev=465303&r1=465302&r2=465303
==
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Wed 
Oct 18 10:10:44 2006
@@ -350,8 +350,10 @@
 //   SSL related properties 
 protected String keystoreFile = 
System.getProperty("user.home")+"/.keystore";
 public String getKeystoreFile() { return keystoreFile;}
-public void setKeystoreFile(String s ) { this.keystoreFile = s;}
-
+public void setKeystoreFile(String s ) { this.keystoreFile = s; }
+public void setKeystore(String s ) {

svn commit: r465304 - /tomcat/connectors/trunk/jk/xdocs/index.xml

2006-10-18 Thread rjung 
Author: rjung
Date: Wed Oct 18 10:12:35 2006
New Revision: 465304

URL: http://svn.apache.org/viewvc?view=rev&rev=465304
Log:
Ups: Forgot to delete two memo lines.

Modified:
tomcat/connectors/trunk/jk/xdocs/index.xml

Modified: tomcat/connectors/trunk/jk/xdocs/index.xml
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/xdocs/index.xml?view=diff&rev=465304&r1=465303&r2=465304
==
--- tomcat/connectors/trunk/jk/xdocs/index.xml (original)
+++ tomcat/connectors/trunk/jk/xdocs/index.xml Wed Oct 18 10:12:35 2006
@@ -224,8 +224,6 @@
 
 
 
--rw---   1 jung kippdata   16209 Sep 17 00:26 domino.xml
--rw---   1 jung kippdata   13478 Sep 17 00:26 nes.xml
 
 Apache HowTo and installation 
documentation
 This section contains a detailed description of how to build and



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 40789] New: - Key for signature on 5.5.20 tar.gz missing from KEYS file

2006-10-18 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40789

   Summary: Key for signature on 5.5.20 tar.gz missing from KEYS
file
   Product: Tomcat 5
   Version: 5.5.20
  Platform: All
OS/Version: All
Status: NEW
  Severity: major
  Priority: P2
 Component: Unknown
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]


The web page at:
   http://tomcat.apache.org/download-55.cgi
says, "We provide PGP signatures for every release file. This signature should
be matched against the KEYS file which contains the PGP keys of Tomcat's Release
Managers."

However, the key used to sign the tar.gz core distribution for 5.5.20 is not in
the KEYS.htm file available at http://www.apache.org/dist/tomcat/tomcat-5/KEYS.

Running gpg --verify on the .asc file downloaded from
http://www.apache.org/dist/tomcat/tomcat-5/v5.5.20/bin/apache-tomcat-5.5.20.tar.gz.asc
(for file
http://apache.edgescape.com/tomcat/tomcat-5/v5.5.20/bin/apache-tomcat-5.5.20.tar.gz)
shows that the key ID is D7B65864.  A grep for D7B65864 on the KEYS file shows
it isn't there.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r465308 - /tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

2006-10-18 Thread fhanik 
Author: fhanik
Date: Wed Oct 18 10:30:57 2006
New Revision: 465308

URL: http://svn.apache.org/viewvc?view=rev&rev=465308
Log:
added new changes

Modified:
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?view=diff&rev=465308&r1=465307&r2=465308
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Wed Oct 18 10:30:57 2006
@@ -37,10 +37,16 @@

   
 
+  
+SSLEngine attribute required for SSL to be turned on, on all HTTP 
connectors(fhanik)
+  
 

   
 
+  
+New cluster configuration and new documentation (fhanik)
+  
 

   



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r465303 - in /tomcat/tc6.0.x/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/

2006-10-18 Thread Mladen Turk 

[EMAIL PROTECTED] wrote:
 
-ssl = endpoint.getSecure();

+ssl = "on".equalsIgnoreCase(endpoint.getSSLEngine());



Like Remy said, anything except "Off" is acceptable.
It can be either "On" or "EngineName" (eg, SSLEngine="nuron")

Regards,
Mladen.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r465303 - in /tomcat/tc6.0.x/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/

2006-10-18 Thread Filip Hanik - Dev Lists 



Mladen Turk wrote:

[EMAIL PROTECTED] wrote:
 
-ssl = endpoint.getSecure();

+ssl = "on".equalsIgnoreCase(endpoint.getSSLEngine());



Like Remy said, anything except "Off" is acceptable.
It can be either "On" or "EngineName" (eg, SSLEngine="nuron")

that's for APR, because of
   if (!"off".equalsIgnoreCase(SSLEngine)) {
   // Initialize SSL
   // FIXME: one per VM call ?
   if ("on".equalsIgnoreCase(SSLEngine)) {
   SSL.initialize(null);
   } else {
   SSL.initialize(SSLEngine);
   }

In the HTTP connector, there is no other engine to initialize, hence the 
only values are on/off


Filip




Regards,
Mladen.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r465303 - in /tomcat/tc6.0.x/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/

2006-10-18 Thread Filip Hanik - Dev Lists 

Filip Hanik - Dev Lists wrote:



Mladen Turk wrote:

[EMAIL PROTECTED] wrote:
 
-ssl = endpoint.getSecure();

+ssl = "on".equalsIgnoreCase(endpoint.getSSLEngine());



Like Remy said, anything except "Off" is acceptable.
It can be either "On" or "EngineName" (eg, SSLEngine="nuron")

that's for APR, because of
   if (!"off".equalsIgnoreCase(SSLEngine)) {
   // Initialize SSL
   // FIXME: one per VM call ?
   if ("on".equalsIgnoreCase(SSLEngine)) {
   SSL.initialize(null);
   } else {
   SSL.initialize(SSLEngine);
   }

In the HTTP connector, there is no other engine to initialize, hence 
the only values are on/off \
btw, if the value for SSLEngine can only be used/initialized once per 
VM, why not put the actual engine value in the APR listener, and not in 
the connector


Filip

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r465303 - in /tomcat/tc6.0.x/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/

2006-10-18 Thread Filip Hanik - Dev Lists 


Filip Hanik - Dev Lists wrote:

Filip Hanik - Dev Lists wrote:



Mladen Turk wrote:

[EMAIL PROTECTED] wrote:
 
-ssl = endpoint.getSecure();

+ssl = "on".equalsIgnoreCase(endpoint.getSSLEngine());



Like Remy said, anything except "Off" is acceptable.
It can be either "On" or "EngineName" (eg, SSLEngine="nuron")

that's for APR, because of
   if (!"off".equalsIgnoreCase(SSLEngine)) {
   // Initialize SSL
   // FIXME: one per VM call ?
   if ("on".equalsIgnoreCase(SSLEngine)) {
   SSL.initialize(null);
   } else {
   SSL.initialize(SSLEngine);
   }

In the HTTP connector, there is no other engine to initialize, hence 
the only values are on/off \
btw, if the value for SSLEngine can only be used/initialized once per 
VM, why not put the actual engine value in the APR listener, and not 
in the connector
to eager to press send, that way the connector would have only on/off 
values, while the actual SSLEngine value neuron would be in the 
APRLifeCycleListener,

much cleaner, and all our connectors become consistent on that value



Filip

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [VOTE] Tomcat 6 release plan

2006-10-18 Thread Ian Darwin 

Remy Maucherat wrote:

Hi,

The release plan is located here:
http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/RELEASE-PLAN-6.0.txt


[X] +1
[ ] +0
[ ] -1



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

TC 6.0 TCK

2006-10-18 Thread Filip Hanik - Dev Lists 
does anyone have these, I assume I wouldn't have to sign another 
agreement to upgrade TCK, as I already signed the agreement to use TCK 
with tomcat 5.5


Filip

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: TC 6.0 TCK

2006-10-18 Thread Yoav Shapira 

I don't have them.  You don't need to sign antoher agreement I think.
You do simply need to ask Geir ([EMAIL PROTECTED], our JCP liaison) for a
copy, assuming these TCKs already exist, and he will get it for you.

Yoav

On 10/18/06, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:

does anyone have these, I assume I wouldn't have to sign another
agreement to upgrade TCK, as I already signed the agreement to use TCK
with tomcat 5.5

Filip

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [VOTE] Tomcat 6 release plan

2006-10-18 Thread Sam Ewing 
Hi folks,

There was talk earlier in the year about having a
'6.5' release after 6.0 with 'major functionality',
just as was done for Tomcat 5.0/5.5. Is that still the
plan?

Thanks,

/s

http://marc.theaimsgroup.com/?l=tomcat-dev&m=114684703111576&w=2

Remy Maucherat wrote:
> Hi,
> 
> The release plan is located here:
>
http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/RELEASE-PLAN-6.0.txt
> 
> 
> [X] +1
> [ ] +0
> [ ] -1
> 



__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r465303 - in /tomcat/tc6.0.x/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/

2006-10-18 Thread Mladen Turk 

Filip Hanik - Dev Lists wrote:


to eager to press send, that way the connector would have only on/off 
values, while the actual SSLEngine value neuron would be in the 
APRLifeCycleListener,

much cleaner, and all our connectors become consistent on that value



Look, SSLEngine concept was derived from mod_ssl where SSLEngine
toggles the usage of SSL/TLS (usually per VHost).
We extended that (because we can not have per-vhost connectors)
on the connector basis and added optional initialization for
hardware SSL engines, and thus conceptually has nothing to
do with the thing you are trying to use it for.

It would mean that the same directive (SSLEngine) would
have two different meanings/purposes depending on the
connector itself.

I would suggest that you came up with a different name
(as well as documentation) that would properly describe
what you are trying to do.


Regards,
Mladen.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [VOTE] Tomcat 6 release plan

2006-10-18 Thread Yoav Shapira 

Hi,
Assuming you mean the small thread that started with
http://marc.theaimsgroup.com/?l=tomcat-dev&m=114684618907238&w=2, I
would say no.  That whole thread was conjecture and was never
discussed seriously.  Of course we may do such things (major features
= a .5 release increment rather than a .1) as features come up, but
there's no such firm plan at the moment.  AFAIK.

Yoav

On 10/18/06, Sam Ewing <[EMAIL PROTECTED]> wrote:

Hi folks,

There was talk earlier in the year about having a
'6.5' release after 6.0 with 'major functionality',
just as was done for Tomcat 5.0/5.5. Is that still the
plan?

Thanks,

/s

http://marc.theaimsgroup.com/?l=tomcat-dev&m=114684703111576&w=2

Remy Maucherat wrote:
> Hi,
>
> The release plan is located here:
>
http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/RELEASE-PLAN-6.0.txt
>
> 
> [X] +1
> [ ] +0
> [ ] -1
> 



__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r465303 - in /tomcat/tc6.0.x/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/

2006-10-18 Thread Filip Hanik - Dev Lists 

Mladen Turk wrote:

Filip Hanik - Dev Lists wrote:


to eager to press send, that way the connector would have only on/off 
values, while the actual SSLEngine value neuron would be in the 
APRLifeCycleListener,

much cleaner, and all our connectors become consistent on that value



Look, 


no need to get edgy :), your point is well taken.

SSLEngine concept was derived from mod_ssl where SSLEngine
toggles the usage of SSL/TLS (usually per VHost).
We extended that (because we can not have per-vhost connectors)
on the connector basis and added optional initialization for
hardware SSL engines, and thus conceptually has nothing to
do with the thing you are trying to use it for.
I understand the concept, but because the JNI API has a limitation of 
"one per VM" according to the code, then the connector is the wrong 
place to put it in.




It would mean that the same directive (SSLEngine) would
have two different meanings/purposes depending on the
connector itself.

> I would suggest that you came up with a different name

(as well as documentation) that would properly describe
what you are trying to do.
Lets expand on that suggestion then, lets come up with an attribute that 
goes across all three connectors, currently APR is using SSLEngine for 
dual purposes, including the "on" value which does the same as the Java 
connectors. So instead of having attributes with dual features, that 
always at some point become problems cause folks will want one feature 
but not the other, lets agree on something.


I have two suggestions
1. The SSLEngine attribute should be in the APR lifecycle listener, and 
not in the connector, since its static, I can't have more than one, so 
why do I have to define it more than once.
2. Add a SSLEnabled (or sslEnabled) attribute to the connector with only 
true/false values.


The goal from the beginning was consistency, and also support 
secure=true scheme=https even though its not actually running SSL, a 
pretty important feature.
I think this is a good step, as our connectors are/will be going in the 
same direction, not different directions based on who is working on them.


Filip





Regards,
Mladen.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [VOTE] Tomcat 6 release plan

2006-10-18 Thread Costin Manolache 

+1

Costin

On 10/17/06, Remy Maucherat <[EMAIL PROTECTED]> wrote:


Hi,

The release plan is located here:
http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/RELEASE-PLAN-6.0.txt


[ ] +1
[ ] +0
[ ] -1


This calls for a first build to be released by friday, and it will use
the same release process as 5.5.x. At the moment, there's no plan to
port the admin webapp, but it would certainly be possible to do so
should volunteers show up.

Any comments ?

Thanks,
Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r465303 - in /tomcat/tc6.0.x/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/

2006-10-18 Thread Mladen Turk 

Filip Hanik - Dev Lists wrote:


no need to get edgy :), your point is well taken.


I was edgy? Wasn't my intention.



I have two suggestions
1. The SSLEngine attribute should be in the APR lifecycle listener, and 
not in the connector, since its static, I can't have more than one, so 
why do I have to define it more than once.


This would require doubling directives for enabling SSL, once in
Listener and once in Connector.

2. Add a SSLEnabled (or sslEnabled) attribute to the connector with only 
true/false values.
The goal from the beginning was consistency, and also support 
secure=true scheme=https even though its not actually running SSL, a 
pretty important feature.


I agree, but then SSLEngine implicitly enables ssl processing with APR
connector, while on other it would depend on scheme.
Perhaps we should consider scheme for enabling ssl in APR as well
and if SSLEngine != Off && sheme=https then calling SSL.initialize

Regards,
Mladen.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 40677] - PKCS11 keystore instead of JKS or PKCS12 keystore

2006-10-18 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40677


[EMAIL PROTECTED] changed:

   What|Removed |Added

 CC||[EMAIL PROTECTED]




-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r465303 - in /tomcat/tc6.0.x/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/

2006-10-18 Thread Filip Hanik - Dev Lists 

Mladen Turk wrote:

I have two suggestions
1. The SSLEngine attribute should be in the APR lifecycle listener, 
and not in the connector, since its static, I can't have more than 
one, so why do I have to define it more than once.


This would require doubling directives for enabling SSL, once in
Listener and once in Connector.

2. Add a SSLEnabled (or sslEnabled) attribute to the connector with 
only true/false values.
The goal from the beginning was consistency, and also support 
secure=true scheme=https even though its not actually running SSL, a 
pretty important feature.


I agree, but then SSLEngine implicitly enables ssl processing with APR
connector, while on other it would depend on scheme.
Perhaps we should consider scheme for enabling ssl in APR as well
and if SSLEngine != Off && sheme=https then calling SSL.initialize

My suggestion would be this:

[1]
SSLEngine="someengine/on/off"/>


[2]
protocol="org.apache.coyote.http11.Http11AprProtocol" SSLEnabled="true"/>

[3]
protocol="org.apache.coyote.http11.Http11AprProtocol" SSLEnabled="false"/>




[1] - this calls SSL.initialize if the value is set to anything but "off".
[2] - this is a SSL connector, handshake/encryption/decryption is done 
by Tomcat
[3] - this is a non SSL connector, but tricking the application to think 
it is, in this example, my network card does the SSL enc/dec, and passes 
HTTP to tomcat


It's the [3] feature I am looking after, as APR already has this, but 
hidden into the connector.

[3] is accomplished with APR today like this,
protocol="org.apache.coyote.http11.Http11AprProtocol" SSLEngine="off"/>

But this functionality should exist for the java connectors as well.

The benefits:
1. SSL.initialize is only called once per VM, I can add multiple APR SSL 
connectors
2. [3] & [4] have the same attributes, I could swap out 
Http11AprProtocol with Http11NioProtocol or Http11Protocol

3. Consistency across the connectors

does this make sense, no connector depends on "secure" or "scheme" these 
are just values passed onto the request if the admin wants to force 
those values.


Filip


Regards,
Mladen.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r465303 - in /tomcat/tc6.0.x/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/

2006-10-18 Thread Remy Maucherat 

Filip Hanik - Dev Lists wrote:

Mladen Turk wrote:

Filip Hanik - Dev Lists wrote:


to eager to press send, that way the connector would have only on/off 
values, while the actual SSLEngine value neuron would be in the 
APRLifeCycleListener,

much cleaner, and all our connectors become consistent on that value



Look, 


no need to get edgy :), your point is well taken.

SSLEngine concept was derived from mod_ssl where SSLEngine
toggles the usage of SSL/TLS (usually per VHost).
We extended that (because we can not have per-vhost connectors)
on the connector basis and added optional initialization for
hardware SSL engines, and thus conceptually has nothing to
do with the thing you are trying to use it for.
I understand the concept, but because the JNI API has a limitation of 
"one per VM" according to the code, then the connector is the wrong 
place to put it in.




It would mean that the same directive (SSLEngine) would
have two different meanings/purposes depending on the
connector itself.

 > I would suggest that you came up with a different name

(as well as documentation) that would properly describe
what you are trying to do.
Lets expand on that suggestion then, lets come up with an attribute that 
goes across all three connectors, currently APR is using SSLEngine for 
dual purposes, including the "on" value which does the same as the Java 
connectors. So instead of having attributes with dual features, that 
always at some point become problems cause folks will want one feature 
but not the other, lets agree on something.


Let's keep SSLEngine: it's explicit, and it works.

Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r465303 - in /tomcat/tc6.0.x/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/

2006-10-18 Thread Filip Hanik - Dev Lists 

Remy Maucherat wrote:

Filip Hanik - Dev Lists wrote:

Mladen Turk wrote:

Filip Hanik - Dev Lists wrote:


to eager to press send, that way the connector would have only 
on/off values, while the actual SSLEngine value neuron would be in 
the APRLifeCycleListener,

much cleaner, and all our connectors become consistent on that value



Look, 


no need to get edgy :), your point is well taken.

SSLEngine concept was derived from mod_ssl where SSLEngine
toggles the usage of SSL/TLS (usually per VHost).
We extended that (because we can not have per-vhost connectors)
on the connector basis and added optional initialization for
hardware SSL engines, and thus conceptually has nothing to
do with the thing you are trying to use it for.
I understand the concept, but because the JNI API has a limitation of 
"one per VM" according to the code, then the connector is the wrong 
place to put it in.




It would mean that the same directive (SSLEngine) would
have two different meanings/purposes depending on the
connector itself.

 > I would suggest that you came up with a different name

(as well as documentation) that would properly describe
what you are trying to do.
Lets expand on that suggestion then, lets come up with an attribute 
that goes across all three connectors, currently APR is using 
SSLEngine for dual purposes, including the "on" value which does the 
same as the Java connectors. So instead of having attributes with 
dual features, that always at some point become problems cause folks 
will want one feature but not the other, lets agree on something.


Let's keep SSLEngine: it's explicit, and it works.

not really, this wouldn't work
protocol="org.apache.coyote.http11.Http11AprProtocol" 
SSLEngine="oneengine"/>
protocol="org.apache.coyote.http11.Http11AprProtocol" 
SSLEngine="otherengine"/>


Fully valid configuration, and the docs don't mention that a uniqueness 
have to be enforced, configuration should be as easy as possible,
and I believe we have a spot here to make it easier, if it is a one per 
server value, then lets put it where it would only be initialized once.


Filip


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r465303 - in /tomcat/tc6.0.x/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/

2006-10-18 Thread Remy Maucherat 

Filip Hanik - Dev Lists wrote:

not really, this wouldn't work
protocol="org.apache.coyote.http11.Http11AprProtocol" 
SSLEngine="oneengine"/>
protocol="org.apache.coyote.http11.Http11AprProtocol" 
SSLEngine="otherengine"/>


Fully valid configuration, and the docs don't mention that a uniqueness 
have to be enforced, configuration should be as easy as possible,
and I believe we have a spot here to make it easier, if it is a one per 
server value, then lets put it where it would only be initialized once.


Sure, if you'd like to clean that up, no problem.

Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 40782] - Getting Readonly connection from ds.getConnection

2006-10-18 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40782





--- Additional Comments From [EMAIL PROTECTED]  2006-10-18 15:59 ---
(In reply to comment #0)

> Is this is a problem of Java  or Tomcat ?

Neither - I would say it's a DBCP problem. However, Tomcat distributes its own
refactored version of DBCP, so perhaps someone here needs to check this out?

A self-contained test case would be useful..

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r465417 - in /tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11: Http11NioProcessor.java InternalNioInputBuffer.java

2006-10-18 Thread fhanik 
Author: fhanik
Date: Wed Oct 18 16:24:52 2006
New Revision: 465417

URL: http://svn.apache.org/viewvc?view=rev&rev=465417
Log:
Implement non blocking read on HTTP requests.

A common scalability problem when it comes to HTTP is the fact that there are 
slow clients, that will block a server resources while sending a HTTP request. 
Especially when you have larger request headers.

On FreeBSD the kernel has a built in http filter to not wake up the application 
socket handle until the entire request has been received, however on other 
platforms this is not available.

With the Tomcat connectors, there is an obvious problem when it comes to slow 
clients, if the client sends up a partial request, Tomcat will block the thread 
until the client has finished sending the request. For example, if the client 
has 10 headers it sends up the first 5 headers, then the next 5 in a sequential 
batch, the tomcat thread is locked in a blocking read
I've tried to fix that problem by making the NIO connector be non blocking. The 
only time the NIO connector will block now is when the servlet asks for data, 
usually the request body, as we don't have a way to suspend a thread, like 
continuations.
Once we have continuations(that can truly remember thread stack data), we can 
have a truly non blocking server, but we are not there yet.

I believe this code could be easily ported to APR connector with very little 
effort.
When you review this code, please note that I have not attemtped to rewrite the 
header parse logic, I might do that in a later stage as this got a little 
messy, but I wanted the proof of concept done first and reuse as much code as 
possible.

Please feel free to review and even flame me if needed, at least that means 
this got some attention :)


Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java

tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java?view=diff&rev=465417&r1=465416&r2=465417
==
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java 
Wed Oct 18 16:24:52 2006
@@ -820,7 +820,7 @@
 
 boolean keptAlive = false;
 boolean openSocket = false;
-
+boolean recycle = true;
 while (!error && keepAlive && !comet) {
 
 // Parsing the request header
@@ -829,8 +829,7 @@
 
socket.getIOChannel().socket().setSoTimeout((int)soTimeout);
 inputBuffer.readTimeout = soTimeout;
 }
-if (!inputBuffer.parseRequestLine
-(keptAlive && (endpoint.getCurrentThreadsBusy() > 
limit))) {
+if (!inputBuffer.parseRequestLine(keptAlive && 
(endpoint.getCurrentThreadsBusy() > limit))) {
 // This means that no data is available right now
 // (long keepalive), so that the processor should be 
recycled
 // and the method should return true
@@ -839,13 +838,18 @@
 socket.getPoller().add(socket);
 break;
 }
-request.setStartTime(System.currentTimeMillis());
 keptAlive = true;
-if (!disableUploadTimeout) {
+if ( !inputBuffer.parseHeaders() ) {
+openSocket = true;
+socket.getPoller().add(socket);
+recycle = false;
+break;
+}
+request.setStartTime(System.currentTimeMillis());
+if (!disableUploadTimeout) { //only for body, not for request 
headers
 socket.getIOChannel().socket().setSoTimeout((int)timeout);
 inputBuffer.readTimeout = soTimeout;
 }
-inputBuffer.parseHeaders();
 } catch (IOException e) {
 error = true;
 break;
@@ -934,7 +938,7 @@
 return SocketState.LONG;
 }
 } else {
-recycle();
+if ( recycle ) recycle();
 return (openSocket) ? SocketState.OPEN : SocketState.CLOSED;
 }
 

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java?view=diff&rev=465417&r1=465416&r2=465417
==
--- 
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalNioInputBuffer.java 
(original)
+++ 
tomcat/tc6.0.x/trunk/java/org/apache/coyote/h

Re: svn commit: r465293 - in /tomcat/container/tc5.5.x: modules/cluster/src/share/org/apache/catalina/cluster/tcp/ webapps/docs/

2006-10-18 Thread Filip Hanik - Dev Lists 

Hi Peter,

with this fix, if I read it correctly, and a node crashes while sending 
data, the sending thread will be stuck sleeping for 25 seconds 
(recoverTimeout*recoverCounter)?
if that is the case, I suggest that we use recoverCounter=0 as the 
default value.


did I miss something?

Filip

[EMAIL PROTECTED] wrote:

Author: pero
Date: Wed Oct 18 09:37:42 2006
New Revision: 465293

URL: http://svn.apache.org/viewvc?view=rev&rev=465293
Log:
Made recovery more robust.

Modified:

tomcat/container/tc5.5.x/modules/cluster/src/share/org/apache/catalina/cluster/tcp/FastAsyncSocketSender.java

tomcat/container/tc5.5.x/modules/cluster/src/share/org/apache/catalina/cluster/tcp/LocalStrings.properties

tomcat/container/tc5.5.x/modules/cluster/src/share/org/apache/catalina/cluster/tcp/mbeans-descriptors.xml
tomcat/container/tc5.5.x/webapps/docs/changelog.xml

Modified: 
tomcat/container/tc5.5.x/modules/cluster/src/share/org/apache/catalina/cluster/tcp/FastAsyncSocketSender.java
URL: 
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/modules/cluster/src/share/org/apache/catalina/cluster/tcp/FastAsyncSocketSender.java?view=diff&rev=465293&r1=465292&r2=465293
==
--- 
tomcat/container/tc5.5.x/modules/cluster/src/share/org/apache/catalina/cluster/tcp/FastAsyncSocketSender.java
 (original)
+++ 
tomcat/container/tc5.5.x/modules/cluster/src/share/org/apache/catalina/cluster/tcp/FastAsyncSocketSender.java
 Wed Oct 18 09:37:42 2006
@@ -54,7 +54,7 @@
 /**
  * The descriptive information about this implementation.
  */
-private static final String info = "FastAsyncSocketSender/3.0";
+private static final String info = "FastAsyncSocketSender/3.1";
 
 // - Instance Variables
 
@@ -69,6 +69,16 @@

 private FastQueueThread queueThread = null;
 
 /**

+ * recover timeout ( default 5 secs)
+ */
+private long recoverTimeout = 5000;
+
+/**

+ * number of recover tries
+ */
+private int recoverCounter = 5;
+
+/**
  * Count number of queue message
  */
 private long inQueueCounter = 0;
@@ -229,6 +239,40 @@
 }
 
 /**
+ * get current push message recover timeout 
+ * @return current push message recover timeout

+ */
+public long getRecoverTimeout() {
+
+return recoverTimeout;

+}
+
+/**
+ * Set recover timeout (default 5000 msec)
+ * @param timeout
+ */
+public void setRecoverTimeout(long timeout) {
+recoverTimeout = timeout;
+}
+
+/**
+ * get current push message recover counter 
+ * @return current push message recover counter

+ */
+public int getRecoverCounter() {
+
+return recoverCounter;

+}
+
+/**
+ * Set recover couner (default 5 )
+ * @param counter
+ */
+public void setRecoverCounter(int counter) {
+recoverCounter = counter;
+}
+
+/**
  * change active the queue Thread priority 
  * @param threadPriority value must be between MIN and MAX Thread Priority

  * @exception IllegalArgumentException
@@ -465,25 +509,62 @@
 }
 
 /**

- * @param entry
+ * Push all messages from queue to other nodes. Is revovery configured
+ * make a resends with some waits.
+ * @param entry list of messages
  */
 protected void pushQueuedMessages(LinkObject entry) {
 do {
 int messagesize = 0;
+ClusterData data = null ;
 try {
-ClusterData data = (ClusterData) entry.data();
+data = (ClusterData) entry.data();
 messagesize = data.getMessage().length;
 sender.pushMessage(data);
 } catch (Exception x) {
-log.warn(sm.getString(
-"AsyncSocketSender.send.error", entry
+long rTimeout = sender.getRecoverTimeout() ;
+int rCounter = sender.getRecoverCounter() ;
+if(data != null && 
+   rTimeout > 0 && 
+   rCounter > 0) {

+// wait that network get stabler
+int counter = 1;
+boolean success = false ;
+do {
+try {
+Thread.sleep(rTimeout*counter);
+} catch (Exception sleep) {
+}
+try {
+if(log.isDebugEnabled()) {
+
log.debug(sm.getString("AsyncSocketSender.send.recover",
+entry.getKey(),
+new Integer(counter), 
+

svn commit: r465418 - in /tomcat/container/tc5.5.x: catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java webapps/docs/changelog.xml

2006-10-18 Thread markt 
Author: markt
Date: Wed Oct 18 16:32:37 2006
New Revision: 465418

URL: http://svn.apache.org/viewvc?view=rev&rev=465418
Log:
Fix bug 38048. memory leak with EL in JSPs. Patch provided by Taras Tielkes.

Modified:

tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java
tomcat/container/tc5.5.x/webapps/docs/changelog.xml

Modified: 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java
URL: 
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java?view=diff&rev=465418&r1=465417&r2=465418
==
--- 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java
 (original)
+++ 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java
 Wed Oct 18 16:32:37 2006
@@ -41,7 +41,10 @@
 import java.util.ArrayList;
 import java.util.Enumeration;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
 import java.util.Vector;
 import java.util.jar.Attributes;
 import java.util.jar.JarEntry;
@@ -1630,7 +1633,10 @@
 }
 }
 
- // Clear the IntrospectionUtils cache.
+// Remove entries for this webapp from the JSP EL BeanInfo cache
+cleanElCache();
+
+// Clear the IntrospectionUtils cache.
 IntrospectionUtils.clear();
 
 // Clear the classloader reference in common-logging
@@ -1642,6 +1648,34 @@
 }
 
 
+protected void cleanElCache() {
+try {
+Class managerClass =
+Class.forName("org.apache.commons.el.BeanInfoManager");
+Field cacheField =
+managerClass.getDeclaredField("mBeanInfoManagerByClass");
+cacheField.setAccessible(true);
+Map map = (Map) cacheField.get(null);
+
+Set victims = new HashSet();
+
+for (Iterator i = map.keySet().iterator(); i.hasNext();) {
+Class cachedClass = (Class) i.next();
+if(loadedByThisOrChild(cachedClass)) {
+victims.add(cachedClass);
+}
+}
+
+map.keySet().removeAll(victims);
+
+} catch (Throwable t) {
+if (log.isDebugEnabled()) {
+log.debug("Could not clean EL cache", t);
+}
+}
+}
+
+
 protected void nullInstance(Object instance) {
 if (instance == null) {
 return;

Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?view=diff&rev=465418&r1=465417&r2=465418
==
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Wed Oct 18 16:32:37 2006
@@ -79,6 +79,10 @@
 Patch provided by Tristan Marly. (markt)
   
   
+38048: Fix memory leak assoaciated with use of expression
+language in JSPs. Patch provided by Taras Tielkes. (markt)
+  
+  
 40633: Remove references to the DefaultContext from the
 documentation. (markt)
   



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 38048] - Classloader leak caused by EL evaluation

2006-10-18 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38048


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||FIXED




--- Additional Comments From [EMAIL PROTECTED]  2006-10-18 16:32 ---
Fixed in SVN and will be included in 5.5.21 onwards. Many thanks for the patch.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r465418 - in /tomcat/container/tc5.5.x: catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java webapps/docs/changelog.xml

2006-10-18 Thread Filip Hanik - Dev Lists 

is this existent in 6.0 as well?


[EMAIL PROTECTED] wrote:

Author: markt
Date: Wed Oct 18 16:32:37 2006
New Revision: 465418

URL: http://svn.apache.org/viewvc?view=rev&rev=465418
Log:
Fix bug 38048. memory leak with EL in JSPs. Patch provided by Taras Tielkes.

Modified:

tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java
tomcat/container/tc5.5.x/webapps/docs/changelog.xml

Modified: 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java
URL: 
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java?view=diff&rev=465418&r1=465417&r2=465418
==
--- 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java
 (original)
+++ 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java
 Wed Oct 18 16:32:37 2006
@@ -41,7 +41,10 @@
 import java.util.ArrayList;
 import java.util.Enumeration;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
 import java.util.Vector;
 import java.util.jar.Attributes;
 import java.util.jar.JarEntry;
@@ -1630,7 +1633,10 @@
 }
 }
 
- // Clear the IntrospectionUtils cache.

+// Remove entries for this webapp from the JSP EL BeanInfo cache
+cleanElCache();
+
+// Clear the IntrospectionUtils cache.

 IntrospectionUtils.clear();
 
 // Clear the classloader reference in common-logging

@@ -1642,6 +1648,34 @@
 }
 
 
+protected void cleanElCache() {

+try {
+Class managerClass =
+Class.forName("org.apache.commons.el.BeanInfoManager");
+Field cacheField =
+managerClass.getDeclaredField("mBeanInfoManagerByClass");
+cacheField.setAccessible(true);
+Map map = (Map) cacheField.get(null);
+
+Set victims = new HashSet();
+
+for (Iterator i = map.keySet().iterator(); i.hasNext();) {

+Class cachedClass = (Class) i.next();
+if(loadedByThisOrChild(cachedClass)) {
+victims.add(cachedClass);
+}
+}
+
+map.keySet().removeAll(victims);
+
+} catch (Throwable t) {

+if (log.isDebugEnabled()) {
+log.debug("Could not clean EL cache", t);
+}
+}
+}
+
+
 protected void nullInstance(Object instance) {

 if (instance == null) {
 return;

Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?view=diff&rev=465418&r1=465417&r2=465418
==
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Wed Oct 18 16:32:37 2006
@@ -79,6 +79,10 @@
 Patch provided by Tristan Marly. (markt)
   
   
+38048: Fix memory leak assoaciated with use of expression
+language in JSPs. Patch provided by Taras Tielkes. (markt)
+  
+  
 40633: Remove references to the DefaultContext from the
 documentation. (markt)
   



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


  



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r465418 - in /tomcat/container/tc5.5.x: catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java webapps/docs/changelog.xml

2006-10-18 Thread Remy Maucherat 

Filip Hanik - Dev Lists wrote:

is this existent in 6.0 as well?


It's possible there are leaks, but we'll have to find them, as the 
implementation is completely different.


Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 40792] New: - 500 error from Tomcat causes modjk lb worker to consider tomcat unusable for timeout period

2006-10-18 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40792

   Summary: 500 error from Tomcat causes modjk lb worker to consider
tomcat unusable for timeout period
   Product: Tomcat 5
   Version: 5.5.15
  Platform: Other
OS/Version: Linux
Status: NEW
  Severity: normal
  Priority: P2
 Component: Native:JK
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]


It seems that there is a bug in the error handling code in the lb worker.

I was using a modjk/tomcat configuration with a lb worker and two ajp13 workers.
One of the ajp13 workers was marked disabled and stopped.  The other tomcat
worker returned a 500 HTTP response for one user of the system.  This caused the
following log messages from modjk code:

[Mon Oct 16 13:39:16 2006] [info] ajp_process_callback::jk_ajp_common.c (1375):
Connection aborted or network problems
[Mon Oct 16 13:39:16 2006] [info] ajp_service::jk_ajp_common.c (1719): Receiving
from tomcat failed, because of client error without recovery
 in send loop 0
[Mon Oct 16 13:39:16 2006] [info] service::jk_lb_worker.c (677): unrecoverable
error 400, request failed. Client failed in the middle of requ
est, we can't recover to another instance.
[Mon Oct 16 13:39:16 2006] [info] jk_handler::mod_jk.c (1970): Aborting
connection for worker=lb

The error caused other users at the time to receive 503 error from apache
because modjk considered no workers to be OK. After awhile (about 1 minute)
modjk recognized that the Tomcat worker was ok and started working again.

In looking at the code, it appears that the problem might be that the worker's
busy flag is not cleared in this snippet of code:

(from jk_lb_worker.c: line 666 revision 1.89)
else if (service_stat == JK_CLIENT_ERROR) {
  /*
   * Clent error !!!
   * Since this is bad request do not fail over.
   */
  rec->s->errors++;
  rec->s->in_error_state = JK_FALSE;
  rec->s->in_recovering = JK_FALSE;
  rec->s->error_time = 0;
  *is_error = is_service_error;

  jk_log(l, JK_LOG_INFO,
   "unrecoverable error %d, request failed."
   " Client failed in the middle of request,"
   " we can't recover to another instance.",
   is_service_error);
   JK_TRACE_EXIT(l);
   return JK_CLIENT_ERROR;
 }

The JK_WORKER_IN_ERROR and JK_WORKER_USABLE macros check the is_busy flag so it
seems that not clearing it could cause a problem.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 40793] New: - Documentation Errors: Tomcat Connector: Apache HowTo: Installation: Using Tomcat auto-configure

2006-10-18 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40793

   Summary: Documentation Errors: Tomcat Connector: Apache HowTo:
Installation: Using Tomcat auto-configure
   Product: Tomcat 5
   Version: 5.5.20
  Platform: Macintosh
   URL: http://tomcat.apache.org/connectors-
doc/howto/apache.html
OS/Version: Mac OS X 10.4
Status: NEW
  Severity: minor
  Priority: P2
 Component: Connector:AJP
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: [EMAIL PROTECTED]


===
--- howto/apache.xml(revision 465431)
+++ howto/apache.xml(working copy)
@@ -244,16 +244,27 @@
 
 
 
+Note: this file may also be generated as $TOMCAT_HOME/conf/auto/mod_jk.conf 
+
+
+
 This will tell Apache to use directives in the mod_jk.conf-auto file in
the Apache configuration.
 This file is created by enabling the Apache auto-configuration as follows, in
your server.xml file.
 Please note that this example is specific to Tomcat 5.x, unlike other
sections of this document
-   which also apply to previous Tomcat branches.
+   which also apply to previous Tomcat branches.  Also, this entry goes
within the block for your current 
+   'Engine', not in a block of its own.
 
 
   ...
   
+  .
+  .
+  .
 
-  
+  .
+  .
+  .
+
   ...
 

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 40793] - Documentation Errors: Tomcat Connector: Apache HowTo: Installation: Using Tomcat auto-configure

2006-10-18 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40793





--- Additional Comments From [EMAIL PROTECTED]  2006-10-18 17:43 ---
Created an attachment (id=19028)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=19028&action=view)
Patch to documentation on automating Tomcat to generate Apache conf file


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: TC 6.0 TCK

2006-10-18 Thread Filip Hanik - Dev Lists 

much thanks!

Yoav Shapira wrote:

I don't have them.  You don't need to sign antoher agreement I think.
You do simply need to ask Geir ([EMAIL PROTECTED], our JCP liaison) for a
copy, assuming these TCKs already exist, and he will get it for you.

Yoav

On 10/18/06, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:

does anyone have these, I assume I wouldn't have to sign another
agreement to upgrade TCK, as I already signed the agreement to use TCK
with tomcat 5.5

Filip

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 40792] - 500 error from Tomcat causes modjk lb worker to consider tomcat unusable for timeout period

2006-10-18 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40792





--- Additional Comments From [EMAIL PROTECTED]  2006-10-18 21:28 ---
Which version of mod_jk?

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 38048] - Classloader leak caused by EL evaluation

2006-10-18 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38048





--- Additional Comments From [EMAIL PROTECTED]  2006-10-18 23:15 ---
Thanks.

I'll check 6.x for similar problems as soon as the first early releases show up.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r465303 - in /tomcat/tc6.0.x/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/ webapps/docs/config/

2006-10-18 Thread Mladen Turk 

Filip Hanik - Dev Lists wrote:


Let's keep SSLEngine: it's explicit, and it works.

not really, this wouldn't work
protocol="org.apache.coyote.http11.Http11AprProtocol" 
SSLEngine="oneengine"/>
protocol="org.apache.coyote.http11.Http11AprProtocol" 
SSLEngine="otherengine"/>


Fully valid configuration, and the docs don't mention that a uniqueness 
have to be enforced, configuration should be as easy as possible,
and I believe we have a spot here to make it easier, if it is a one per 
server value, then lets put it where it would only be initialized once.




I do not understand what is the implication when someone sets:
1. scheme="https" secure="true"
2. scheme="https" secure="false"
3. scheme="http" secure="false"
4. scheme="http" secure="true"

IIUC you wish to make Connector thinking its ssl while in fact
the communication in not encrypted, correct?
According to the docs:
scheme="theScheme" -> request.getScheme()
secure="value" -> request.isSecure()

Are the cases [2] (https/false) and [4] (http/true) valid?

From the servlet spec...
isSecure():
Returns a boolean indicating whether this request was made using a secure 
channel, such as HTTPS.

So IMHO scheme="https" implicitly set the isSecure==true, or am I missing 
something?
I see no usage for having the ssl connection with scheme="https" and isSecure() 
returning false.
If that is the case the secure="true|false" can be used to determine
if the transport is ssl or not, and fake the front end handled https/ssl 
connection.

Regards,
Mladen.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]