CVS Issue
Hi, I am trying to download Webapp module for intergating apache web server with tomcat. setenv CVSROOT :pserver:[EMAIL PROTECTED]:/home/cvspublic cvs login CVS password: cvs [login aborted]: connect to [apache.org]:2401 failed: Connection refused As per the apache site I am entering the password as anoncvs but still it is failing to login. Am I missing something? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: CVS Issue
I am sorry, I only understand English. Not able to decipher your reply. Animesh On Sun, 2007-09-16 at 06:24 -0300, [EMAIL PROTECTED] wrote: > Prezado(a) Consumidor(a) > > Bem-vindo ao Serviço de Atendimento ao Consumidor da Unilever. > > Esta é uma resposta automática para confirmar que sua mensagem foi recebida > com sucesso e será respondida em breve. > > Caso prefira, entre em contato conosco através dos nossos telefones 0800 que > estão nas embalagens dos nossos produtos. > > Agradecemos pela sua colaboração e interesse pelos nossos serviços. > > > Atenciosamente, > > Serviço de Atendimento ao Consumidor da Unilever - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CVS Issue
The point you're missing is likely that Tomcat as a project has standardized on subversion. Try: http://www.apache.org/dev/version-control.html#anon-svn for help. Rick animesh saxena wrote: Hi, I am trying to download Webapp module for intergating apache web server with tomcat. setenv CVSROOT :pserver:[EMAIL PROTECTED]:/home/cvspublic cvs login CVS password: cvs [login aborted]: connect to [apache.org]:2401 failed: Connection refused As per the apache site I am entering the password as anoncvs but still it is failing to login. Am I missing something? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml
On Sep 14, 2007, at 11:08 PM, Bill Barker wrote: Now, I'd prefer that TC is just the Servlet/JSP container that it is meant to be, and not try to add on proprietary features. But that is just me ;). Others too I think. Open Source, esp open source at the ASF, has a long and useful tradition of code being developed to meet the wants and desires of the individual developers and the dev/user community around the project. Some faceless corporate entity doesn't determine what the code looks like, or what it does, or its future direction, the community does. As an example, httpd is designed to be "just" the ref implementation of HTTP that it is meant to be; but there is also a plethora of features, enhancements and "proprietary" features in there, based on what the developers and users wanted. Is a modular architecture "required" to impl HTTP? No. Is an internal filter chain? No. How about the capability to rewrite URLs on the fly? No. But people wanted them and people use them and it's one reason why httpd is a popular as it is and, even more so, why httpd continues to draw in people willing to work on and improve the code. I think, personally, if the TC development environment was seen as a more friendly and nurturing place, there wouldn't be so much trouble in people wanting to chip in and help support things. Instead, they see all the conflict and egos over the last 5+ years and say "To hell with that, who needs the aggravation". As mentioned before, enabling TC to satisfy both, is a Good Idea, since it satisfies everyone. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml
Mark Thomas wrote: Remy Maucherat wrote: Tim Funk wrote: 2) If a deploy tool is used which is doing checks - adding an extra check to allow/deny/restrict scope should not be too hard to do. Since users can disable symlink checks in the same class (FileDirContext) - the same exposure could be had with a little more effort. I'm not trying to hand wave the concerns away with the previous 2 points. I've thought a while about how I can exploit this patch and most examples relied on assumptions which if the assumption were true - your system would have already been compromised. I tested with the security manager, and it doesn't behave correctly. If the context.xml inside a webapp is: The docBase hack attempt doesn't do anything (it's overwritten, I think), but the security manager does not prevent browsing the HD as the policy grants all permissions to all JARs in lib. I don't see a problem with including the feature, but the current implmentation needs some work to resolve this bypassing of the security manager. I haven't looked at the code so I don't know how easy it will be to fix. If it looks like it will take some time, then I would prefer that the patch was reverted until the new version was ready. I think this should be doable by adding some sort of security check. As others have stated, the root issue is that all files in lib are given all permissions (not entirely bad, it has the advantage of being able to use anything in server.xml without headaches), and there are ways to fix it by setting a more restrictive policy. It is true that other components could allow similar problems, but I am not aware of any at the moment (maybe the logging could allow writing things, although this would most likely be heavily constrained by the user which is used to run Tomcat - not root), and they did sound a lot less explicit than this simple absolute redirection to somewhere else on the filesystem. Overall, the review process I discussed earlier would make it easy to discuss this sort of patch. That being said, I'm on vacation this week. Rémy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JNDIRealm can not support http digest mode
I want to use JNDIRealm in http digest mode. But I found that JNDIRealm have not overridden the method in RealmBase authenticate(String username, String clientDigest, String nOnce, String nc, String cnonce, String qop, String realm, String md5a2) and this method will invoke abstract method getPassword(String username) which in JNDIRealm just return null. Although I can change the getPassword function in JNDIRealm, I still want to know if tomcat can implement JNDIRealm in http digest mode without change code - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JNDIRealm can not support http digest mode
xiaojing xu wrote: > Although I can change the getPassword function in JNDIRealm, I still > want to know if tomcat can implement JNDIRealm > in http digest mode without change code No. See http://issues.apache.org/bugzilla/show_bug.cgi?id=37984 Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JNDIRealm can not support http digest mode
I think this bug is different from my problem.I want to use http digest mode (RFC2617 HTTP Authentication: Basic and Digest Access Authentication). And the bug 37984 just want to resolve password in MD5 digest(may be not use http digest mode). 2007/9/17, Mark Thomas <[EMAIL PROTECTED]>: > xiaojing xu wrote: > > Although I can change the getPassword function in JNDIRealm, I still > > want to know if tomcat can implement JNDIRealm > > in http digest mode without change code > > No. See http://issues.apache.org/bugzilla/show_bug.cgi?id=37984 > > Mark > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Bug report for Watchdog [2007/09/16]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=CriticalMAJ=Major | | | | MIN=Minor NOR=Normal ENH=Enhancement | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | | 278|Unc|Nor|2000-12-04|Bug in GetParameterValuesTestServlet.java file Bug| | 279|Unc|Nor|2000-12-04|Logical Error in GetParameterValuesTestServlet Bug| | 469|Unc|Nor|2001-01-17|in example-taglib.tld "urn" should be "uri" BugRat| | 470|Unc|Nor|2001-01-17|FAIL positiveForward.jsp and positiveInclude.jsp B| | 9634|New|Enh|2002-06-05|No tests exist for ServletContext.getResourcePaths| |10703|New|Enh|2002-07-11|Need to test getRequestURI after RequestDispatcher| |11336|New|Enh|2002-07-31|Test wrapped path methods with RD.foward()| |11663|New|Maj|2002-08-13|JSP precompile tests rely on Jasper specific behav| |11664|New|Maj|2002-08-13|A sweep is needed of all Watchdog 4.0 tag librarie| |11665|New|Maj|2002-08-13|ServletToJSPErrorPageTest and ServletToServletErro| |11666|New|Maj|2002-08-13|SetBufferSize_1TestServlet is invalid.| |14004|New|Maj|2002-10-28|Incorrent behaviour of all attribute-related lifec| |15504|New|Nor|2002-12-18|JSP positiveGetValues test relies on order preserv| |24649|New|Nor|2003-11-12|getRemoteHost fails when agent has uppercase chara| |29398|New|Nor|2004-06-04|Update site and note current status | +-+---+---+--+--+ | Total 15 bugs | +---+ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Bug report for Tomcat 3 [2007/09/16]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=CriticalMAJ=Major | | | | MIN=Minor NOR=Normal ENH=Enhancement | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | | 2350|Ver|Nor|2001-06-27|ServletConfig.getInitParameter() requires url-patt| | 5331|Ass|Nor|2001-12-09|getPathInfo vs URL normalization | | 6027|Inf|Maj|2002-01-25|Tomcat Automatically shuts down as service | | 6488|Ver|Maj|2002-02-15|Error: 304. Apparent bug in default ErrorHandler c| | 7785|Inf|Blk|2002-04-06|tomcat bug in context reloading | | 7863|Inf|Maj|2002-04-09|I have a problem when running Tomcat with IIS | | 8187|Inf|Cri|2002-04-17|Errors when Tomcat used with MS Access database | | 9737|Ver|Nor|2002-06-10|ArrayIndexOutOfBoundsException when sending just p| |10047|Ass|Cri|2002-06-20|IllegalStateException | |10406|Ass|Cri|2002-07-02|IllegalStateException | |11087|Inf|Blk|2002-07-23|IllegalStateException | |12156|Inf|Cri|2002-08-29|Apache and Tomcat 3.3.1 Interworking problem | |16363|Ass|Cri|2003-01-23|Stack Overflow accessing compiled JSP - Tomcat 3.2| |39250|Inf|Cri|2006-04-07|Tomcat 3.2.1 + JDK 1.4| +-+---+---+--+--+ | Total 14 bugs | +---+ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Bug report for Tomcat 4 [2007/09/16]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=CriticalMAJ=Major | | | | MIN=Minor NOR=Normal ENH=Enhancement | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | | 3839|Opn|Enh|2001-09-26|Problem bookmarking login page| | 4227|Opn|Enh|2001-10-17|Invalid CGI path | | 5329|New|Enh|2001-12-08|NT Service exits startup before Tomcat is finished| | 5795|New|Enh|2002-01-10|Catalina Shutdown relies on localhost causing prob| | 5829|New|Enh|2002-01-13|StandardManager needs to cope with sessions throwi| | 5985|New|Enh|2002-01-23|Tomcat should perform a more restrictive validatio| | 6600|Opn|Enh|2002-02-20|enodeURL adds 'jsession' when 'isRequestedSessionI| | 6614|New|Enh|2002-02-21|Have Bootstrap and StandardClassLoader use the sam| | 6671|New|Enh|2002-02-25|Simple custom tag example uses old declaration sty| | 7043|New|Enh|2002-03-12|database user and password for JDBC Based Store | | 7374|New|Enh|2002-03-22|Apache Tomcat/4.0.1 message on standard output| | 7676|New|Enh|2002-04-02|Allow name property to use match experssions in without className in server.xml produces N| |11069|Opn|Enh|2002-07-23|Tomcat not flag error if tld is outside of /WEB-IN| |11129|New|Enh|2002-07-24|New valve for putting the sessionIDs in the reques| |11248|New|Enh|2002-07-29|DefaultServlet doesn't send expires header| |11754|Opn|Enh|2002-08-15|Synchronous shutdown script - shutdown.sh should w| |12069|New|Enh|2002-08-27|Creation of more HttpSession objects for one previ| |12428|Opn|Enh|2002-09-09|request.getUserPrincipal(): Misinterpretation of s| |12658|New|Enh|2002-09-15|a proxy host and port at the element level | |12766|New|Enh|2002-09-18|Tomcat should use tld files in /WEB-INF/ over vers| |13309|Opn|Enh|2002-10-04|Catalina calls System.exit() | |13634|New|Enh|2002-10-15|Allowing system properties to be substituted in co| |13689|Opn|Enh|2002-10-16|Classloader paths for 'Common' classes and librari| |13731|New|Enh|2002-10-17|Final request, response, session and other variabl| |13941|New|Enh|2002-10-24|reload is VERY slow | |13965|New|Enh|2002-10-25|Catalina.sh correction request for Tru64 Unix | |14097|New|Enh|2002-10-30|hardcoded registry value for vm lets tomcat servic| |14416|New|Enh|2002-11-10|blank tag name in TLD cause NullPointerException | |14635|New|Enh|2002-11-18|Should be possible not to have -MM-DD in log f| |14766|New|Enh|2002-11-22|Redirect Vavle| |14993|New|Enh|2002-12-02|Possible obselete synchronized declaration| |15115|New|Enh|2002-12-05|correct docs... XML parser *cannot* be overridden | |15417|Opn|Enh|2002-12-16|Add port for forced compilation of JSP pages | |15688|New|Enh|2002-12-27|full-qualified names instead of imports | |15941|New|Enh|2003-01-10|Expose rootCause exceptions at deeper levels | |16294|New|Enh|2003-01-21|Configurable URL Decoding.| |16357|New|Enh|2003-01-23|"connection timeout reached" | |16531|New|Enh|2003-01-29|Updating already deployed ".war" files in a single| |16579|New|Enh|2003-01-30|documentation page layout/style breaks wrapping to| |16596|New|Enh|2003-01-30|option for disabling log rotation | |17070|New|Enh|2003-02-14|The Catalina Ant tasks do not allow for 'reusable'| |17146|New|Enh|2003-02-18|Simplify build.xml using
Bug report for Tomcat 5 [2007/09/16]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=CriticalMAJ=Major | | | | MIN=Minor NOR=Normal ENH=Enhancement | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |27122|Opn|Enh|2004-02-20|IE plugins cannot access components through Tomcat| |28039|Opn|Enh|2004-03-30|Cluster Support for SingleSignOn | |29160|Ver|Enh|2004-05-23|precompile problem: _jspx_meth_* (javax.servlet.js| |29494|Inf|Enh|2004-06-10|No way to set PATH when running as a service on Wi| |30241|Ver|Enh|2004-07-21|Enhance build script to use branch argument when c| |33262|Inf|Enh|2005-01-27|Service Manager autostart should check for adminis| |33453|Opn|Enh|2005-02-08|Jasper should recompile JSP files whose datestamps| |33650|Inf|Enh|2005-02-19|Jasper performance for multiple files processing | |33671|Opn|Enh|2005-02-21|Manual Windows service installation with custom na| |34801|New|Enh|2005-05-08|PATCH: CGIServlet does not terminate child after a| |34805|Ass|Enh|2005-05-08|warn about invalid security constraint url pattern| |34868|Ass|Enh|2005-05-11|allow to register a trust store for a session that| |35054|Inf|Enh|2005-05-25|warn if appBase is not existing as a File or direc| |35869|Inf|Enh|2005-07-26|Can't run as a service on Windows Server 2003 64-B| |36133|Inf|Enh|2005-08-10|Support JSS SSL implementation| |36169|New|Enh|2005-08-12|[PATCH] Enable chunked encoding for requests in II| |36362|New|Enh|2005-08-25|missing check for Java reserved keywords in tag fi| |36569|Inf|Enh|2005-09-09|Redirects produce illegal URL's | |36837|Inf|Enh|2005-09-28|Looking for ProxyHandler implementation of Http re| |36922|Inf|Enh|2005-10-04|setup.sh file mis-advertised and missing | |36923|New|Nor|2005-10-05|Deactivated EL expressions are not parsed for jsp | |37018|Ass|Enh|2005-10-11|Document how to use tomcat-SSL with a pkcs11 token| |37072|Ass|Nor|2005-10-13|Encoding mismatch in error condition | |37084|Opn| |2005-10-14|JspC from ant fails on JSPs that use custom taglib| |37334|Inf|Enh|2005-11-02|Realm digest property not aligned with the adminis| |37449|Opn|Enh|2005-11-10|Two UserDatabaseRealm break manager user | |37485|Inf|Enh|2005-11-14|I'd like to run init SQL after JDBC Connection cre| |37498|Inf|Nor|2005-11-14|[PATCH] NPE in org.apache.catalina.core.ContainerB| |37515|Inf|Nor|2005-11-15|smap not generated by JspC when used from Ant for | |37627|Opn|Nor|2005-11-24|Slow and incomplete dynamic content generation aft| |37785|Inf|Nor|2005-12-05|Changing startup type via Tomcat Monitor does not | |37794|Opn|Nor|2005-12-05|getParameter() fails on POST with transfer-encodin| |37797|Inf|Maj|2005-12-05|Configure Tomcat utility truncates classpath to 96| |37822|Opn|Nor|2005-12-07|WebappClassLoader interfering with Catalina core c| |37847|Ass|Enh|2005-12-09|Allow User To Optionally Specify Catalina Output F| |37869|Opn|Nor|2005-12-12|Cannot obtain client certificate with SSL / client| |37918|Inf|Nor|2005-12-15|EL cannot find valid getter from object when using| |37984|New|Nor|2005-12-21|JNDIRealm.java not able to handle MD5 password| |38001|Inf|Nor|2005-12-22|TruncatedClassFile when loadind applets | |38046|Ass| |2005-12-27|apache-tomcat-5.5.14-deployer doesn't work (Illega| |38131|New|Enh|2006-01-05|WatchedResource does not work if app is outside "w| |38216|Inf|Enh|2006-01-10|Extend Jmxproxy to allow call of MBean Operations | |38268|Inf|Enh|2006-01-13|User friendly: Need submit button on adding/deleti| |38290|Inf|Nor|2006-01-16|No SESSION_DESTROYED_EVENT sent for existing webap| |38291|Inf|Nor|2006-01-16|Form actions hanging in UDecoder.convert | |38352|Inf|Nor|2006-01-22|Additional Entries for Default catalina.policy fil| |38360|Inf|Enh|2006-01-24|Domain for session cookies| |38367|Inf|Nor|2006-01-24|Executing any Catalina Ant task results in an exce| |38372|Inf|Cri|2006-01-25|tcnative-1.dll response overflow corruption, parti| |38427|Inf|Nor|2006-01-27|ServletContextListener Notified Multiple Times Whe| |38483|Inf|Nor|2006-02-01|access log valve uses simpledateformat in tread-un| |38484|
