DO NOT REPLY [Bug 43687] - after repeated authentication tomcat again sends page with login form instead of protected static resource

2007-10-25 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43687


[EMAIL PROTECTED] changed:

   What|Removed |Added

  Component|Connectors  |Catalina




--- Additional Comments From [EMAIL PROTECTED]  2007-10-25 00:43 ---
After looking a bit into source i found (FormAuthenticator.java) save/restore
mechanism for requests done before/after authentication. I don't understand
needs for it, particularly for save/restore ALL request headers. IMHO restoring
headers like "If-None-Match" is incorrect.

After commenting out lines  (403-412) which serve to restore request headers
problem not occurs.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

tcnative-1 and windows vista pro 32 bits

2007-10-25 Thread Henri Gomez 
Hi to all,

I tried to make use of tcnative-1.dll (from
http://tomcat.heanet.ie/native/1.1.10/binaries/win32/) and installed
it under windows directory.

At runtime, Vista complains about it.

Did we need a special binary build for Vista (Pro).

Regards

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r588265 - /tomcat/tc6.0.x/trunk/STATUS

2007-10-25 Thread jim 
Author: jim
Date: Thu Oct 25 09:12:56 2007
New Revision: 588265

URL: http://svn.apache.org/viewvc?rev=588265&view=rev
Log:
Cast some votes - reviewed and tested

Modified:
tomcat/tc6.0.x/trunk/STATUS

Modified: tomcat/tc6.0.x/trunk/STATUS
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS?rev=588265&r1=588264&r2=588265&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS (original)
+++ tomcat/tc6.0.x/trunk/STATUS Thu Oct 25 09:12:56 2007
@@ -29,30 +29,30 @@
   Fixes the 100 Continue response, that got reversed through byte buffer 
manipulation
   last patch before tag, promise :)
   http://people.apache.org/~fhanik/patches/bz-43653-complimentary.patch
-  +1: fhanik, funkman
+  +1: fhanik, funkman, jim
   -1: 
 
 * Fix possible DoS condition for the experimental NIO/AJP module (reported by 
William Leung via email)
   http://issues.apache.org/bugzilla/show_bug.cgi?id=43621
-  +1: billbarker,fhanik,funkman, pero
+  +1: billbarker,fhanik,funkman, pero, jim
   -1:
 
 * Fix problem on a Forward when the outer most wrapper isn't a 
HttpServletRequest/ResponseWrapper.
   http://issues.apache.org/bugzilla/show_bug.cgi?id=43668
-  +1: billbarker, remm, funkman, pero
+  +1: billbarker, remm, funkman, pero, jim
   -1: 
 
 * Tests for unit tests for the cookie issues. 
http://people.apache.org/~jfclere/patches/CookiesTest.patch
-  +1: fhanik, funkman, pero
+  +1: fhanik, funkman, pero, jim
   -1:
 
 * Guess java location from the PATH environment. 
http://people.apache.org/~jfclere/patches/setclasspath.sh.patch
   And improve fix for 37284.
-  +1: fhanik, remm, funkman, pero
+  +1: fhanik, remm, funkman, pero, jim
   -1:
 
 * Harmonize with HTTP java.io code. Otherwise the socket is not closed. 
http://people.apache.org/~jfclere/patches/AjpPro.patch
-  +1: jfclere, fhanik, remm, pero
+  +1: jfclere, fhanik, remm, pero, jim
   -1:
 
 * Fix BZ 43588 - hard coded 127.0.0.1 for localhost



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 43699] New: - symlink in WEB-INF, to an NFS mount, and tomcat does not come up.

2007-10-25 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43699

   Summary: symlink in WEB-INF, to an NFS mount,  and tomcat does
not come up.
   Product: Tomcat 6
   Version: 6.0.14
  Platform: Other
OS/Version: Linux
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


If I place a symlink in WEB-INF, e.g. like so:
ls -la
total 12
drwxr-xr-x 2 michiel michiel 4096 2007-10-25 18:44 .
drwxr-xr-x 4 michiel michiel 4096 2007-10-25 18:37 ..
lrwxrwxrwx 1 michiel michiel7 2007-10-25 18:44 eo -> /mnt/eo
-rw-r--r-- 1 michiel michiel  297 2007-10-25 18:36 web.xml

Where /mnt/eo is a nfs mount.
80.79.41.7:/home/blob /mnt/eo nfs rw,noauto 0 0

Then Tomcat will not start up.

A Thread-dump looks like this:
Full thread dump Java HotSpot(TM) Server VM (1.5.0_11-b03 mixed mode):

"Low Memory Detector" daemon prio=1 tid=0x0813c608 nid=0x1328 runnable
[0x..0x]

"CompilerThread1" daemon prio=1 tid=0x0813b130 nid=0x1327 waiting on condition
[0x..0x85a840e8]

"CompilerThread0" daemon prio=1 tid=0x0813a080 nid=0x1326 waiting on condition
[0x..0x85b05068]

"AdapterThread" daemon prio=1 tid=0x08138ef0 nid=0x1325 waiting on condition
[0x..0x]

"Signal Dispatcher" daemon prio=1 tid=0x08137f58 nid=0x1324 waiting on condition
[0x..0x]

"Surrogate Locker Thread (CMS)" daemon prio=1 tid=0x081371d8 nid=0x1323 waiting
on condition [0x..0x]

"Finalizer" daemon prio=1 tid=0x0812c1a0 nid=0x1322 in Object.wait()
[0x85d09000..0x85d0a040]
at java.lang.Object.wait(Native Method)
- waiting on <0x88200428> (a java.lang.ref.ReferenceQueue$Lock)
at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:116)
- locked <0x88200428> (a java.lang.ref.ReferenceQueue$Lock)
at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:132)
at java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:159)

"Reference Handler" daemon prio=1 tid=0x0812bcc0 nid=0x1321 in Object.wait()
[0x85d8a000..0x85d8afc0]
at java.lang.Object.wait(Native Method)
- waiting on <0x88200438> (a java.lang.ref.Reference$Lock)
at java.lang.Object.wait(Object.java:474)
at java.lang.ref.Reference$ReferenceHandler.run(Reference.java:116)
- locked <0x88200438> (a java.lang.ref.Reference$Lock)

"main" prio=1 tid=0x0805d560 nid=0x1317 runnable [0xbf854000..0xbf855038]
at java.io.UnixFileSystem.checkAccess(Native Method)
at java.io.File.canRead(File.java:660)
at 
org.apache.naming.resources.FileDirContext.file(FileDirContext.java:822)
at 
org.apache.naming.resources.FileDirContext.list(FileDirContext.java:299)
at 
org.apache.naming.resources.ProxyDirContext.list(ProxyDirContext.java:482)
at
org.apache.catalina.startup.TldConfig.tldScanResourcePathsWebInf(TldConfig.java:634)
at
org.apache.catalina.startup.TldConfig.tldScanResourcePathsWebInf(TldConfig.java:649)
at
org.apache.catalina.startup.TldConfig.tldScanResourcePathsWebInf(TldConfig.java:649)
at
org.apache.catalina.startup.TldConfig.tldScanResourcePathsWebInf(TldConfig.java:649)
at
org.apache.catalina.startup.TldConfig.tldScanResourcePathsWebInf(TldConfig.java:649)
at
org.apache.catalina.startup.TldConfig.tldScanResourcePathsWebInf(TldConfig.java:649)
at
org.apache.catalina.startup.TldConfig.tldScanResourcePathsWebInf(TldConfig.java:649)
at 
org.apache.catalina.startup.TldConfig.tldScanResourcePaths(TldConfig.java:603)
at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:276)
at 
org.apache.catalina.core.StandardContext.processTlds(StandardContext.java:4428)
at 
org.apache.catalina.core.StandardContext.start(StandardContext.java:4235)
- locked <0x88316438> (a org.apache.catalina.core.StandardContext)
at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
- locked <0x88261740> (a java.util.HashMap)
at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at 
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:920)
at 
org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:883)
at 
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at 
org.apache.catalina.startup.HostConfig.lif

DO NOT REPLY [Bug 43699] - symlink in WEB-INF, to an NFS mount, and tomcat does not come up.

2007-10-25 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43699





--- Additional Comments From [EMAIL PROTECTED]  2007-10-25 09:57 ---
Created an attachment (id=21045)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=21045&action=view)
simple web-app.

This webapp reproduces the problem on my computer, if I unzip it in
${catalina.base}/webapps.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r588284 - in /tomcat/tc6.0.x/trunk: STATUS java/org/apache/coyote/http11/InternalNioOutputBuffer.java

2007-10-25 Thread fhanik 
Author: fhanik
Date: Thu Oct 25 10:20:57 2007
New Revision: 588284

URL: http://svn.apache.org/viewvc?rev=588284&view=rev
Log:
Remaining fix for NIO connector

Modified:
tomcat/tc6.0.x/trunk/STATUS

tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalNioOutputBuffer.java

Modified: tomcat/tc6.0.x/trunk/STATUS
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS?rev=588284&r1=588283&r2=588284&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS (original)
+++ tomcat/tc6.0.x/trunk/STATUS Thu Oct 25 10:20:57 2007
@@ -25,13 +25,6 @@
 PATCHES PROPOSED TO BACKPORT:
   [ New proposals should be added at the end of the list ]
 
-* Final fix for http://issues.apache.org/bugzilla/show_bug.cgi?id=43653
-  Fixes the 100 Continue response, that got reversed through byte buffer 
manipulation
-  last patch before tag, promise :)
-  http://people.apache.org/~fhanik/patches/bz-43653-complimentary.patch
-  +1: fhanik, funkman, jim
-  -1: 
-
 * Fix possible DoS condition for the experimental NIO/AJP module (reported by 
William Leung via email)
   http://issues.apache.org/bugzilla/show_bug.cgi?id=43621
   +1: billbarker,fhanik,funkman, pero, jim

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalNioOutputBuffer.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalNioOutputBuffer.java?rev=588284&r1=588283&r2=588284&view=diff
==
--- 
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalNioOutputBuffer.java 
(original)
+++ 
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/InternalNioOutputBuffer.java 
Thu Oct 25 10:20:57 2007
@@ -417,8 +417,8 @@
 
 if (!committed) {
 //Socket.send(socket, Constants.ACK_BYTES, 0, 
Constants.ACK_BYTES.length) < 0
-ByteBuffer buf = 
ByteBuffer.wrap(Constants.ACK_BYTES,0,Constants.ACK_BYTES.length);
-writeToSocket(buf,false);
+socket.getBufHandler() 
.getWriteBuffer().put(Constants.ACK_BYTES,0,Constants.ACK_BYTES.length);
+writeToSocket(socket.getBufHandler() .getWriteBuffer(),true);
 }
 
 }



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Measuring bytes sent and received from and to Tomcat

2007-10-25 Thread Dave Rathnow 

Hello Again,

I was wondering if someone could give me some help with this.  I think
using a connector is probably the way to go to solve this problem;
however, I'm not sure where to start.  How do I create my own connector
and the plumb it into Tomcat so it will be used. I will be using a
separate port other than 8080 for the devices that will be sending and
receiveing data so, if possible, I would like to leave the default
connector on port 8080.

Again, I don't want to reimplement the code that parses the HTTP.  All I
need to do is count the number of bytes arriving and being sent so if I
can reuse code from an existing connector, that would be great.

Thanks,
Dave. 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Costin
Manolache
Sent: October 22, 2007 04:50 PM
To: Dave Rathnow
Cc: Tomcat Developers List
Subject: Re: Measuring bytes sent and received from and to Tomcat

Well, if you want absolute byte - connector seems the only place, there
are space and tabs beeing skipped when parsing headers, etc.

If you are ok with an estimate - the AccessLogValve is ok, add all the
header lengths + method + http/1.1. You'll miss bytes for encodings,
spaces.

Re. where to add - each connector is different on how it reads/parse the
message, you probably want to do it close to the 'read()' call, save it
somewhere associated with the request ( a note or attribute ) and read
it in a valve or filter.

Costin


On 10/22/07, Dave Rathnow <[EMAIL PROTECTED]> wrote:
>
>
> I looked at connectors but wasn't sure if this was what I wanted.  To 
> avoid anther wild goose chase I decided to ask.  Can you point me in 
> the direction of some documentation where I might be able to get
started?
>
> Dave.
>
> -Original Message-
> From: Costin Manolache [mailto:[EMAIL PROTECTED]
> Sent: October 22, 2007 04:28 PM
> To: Tomcat Developers List
> Subject: Re: Measuring bytes sent and received from and to Tomcat
>
> 'bytes' should be counted at a lower level, in connector. I'm not sure

> this is something generic enough - but you can make some changes to 
> your tomcat, where read() is done from socket.
>
> I guess it would be nice to have a JMX graph with bytes/sec in/out.
>
> Costin
> 'bytes'
>
> On 10/22/07, Dave Rathnow <[EMAIL PROTECTED]> wrote:
> >
> >
> > We looked at using a valve but we weren't sure if it would work.
> > Correct me if I'm wrong, but it appears as though valves are chained

> > together in a calling sequence and that some valves could change the

> > content of the request or response.  This means we may not get an 
> > accurate measure of the number of total number bytes that make up 
> > the request.
> >
> > Also, the AccessLogValve has a pattern code to get the number of 
> > bytes
>
> > sent, excluding the HTTP headers, but does not have a pattern code 
> > to get the number of bytes sent, including the HTTP headers, which 
> > is what we really need.
> >
> > Have I missed something?
> >
> > Dave.
> >
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf

> > Of Yoav Shapira
> > Sent: October 22, 2007 02:36 PM
> > To: Tomcat Developers List
> > Subject: Re: Measuring bytes sent and received from and to Tomcat
> >
> > Hey,
> >
> > On 10/22/07, Dave Rathnow <[EMAIL PROTECTED]> wrote:
> > > Is there a way we can do the same thing with Tomcat?  It's simple 
> > > for us to measure the number of byte in the payload of the HTTP 
> > > request/response, however that isn't enough.  We need to know the 
> > > total number of bytes being sent and received for each HTTP
request.
> > >
> > > Can someone suggest a way I could get an accurate count of these
> > bytes?
> >
> > You can probably start with the AccessLogValve that ships with
Tomcat:
> > http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html
> >
> > Out of the box it will get you the complete bytes in the response.
> > See the above docs on how to configure that.  If you want to log the

> > complete bytes on the request, I think you'll have to extend the 
> > Valve, but it should be pretty easy to do.
> >
> > Yoav
> >
> > 
> > - To unsubscribe, e-mail: [EMAIL PROTECTED] For 
> > additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> > 
> > - To unsubscribe, e-mail: [EMAIL PROTECTED] For 
> > additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 22679] - how to access ssl session ID out of tomcat to prevent session hijacking and allow for phishing protection

2007-10-25 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=22679


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution||INVALID




--- Additional Comments From [EMAIL PROTECTED]  2007-10-25 18:43 ---
A browser is free to open multiple SSL connections to a single Tomcat, even when
doing this might be a performance hit. With this in mind, any way to tie the
JSESSIONID to the SSL id is not the proper way to prevent session hijacking.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: tcnative-1 and windows vista pro 32 bits

2007-10-25 Thread Mark Thomas 
Henri Gomez wrote:
> Hi to all,
> 
> I tried to make use of tcnative-1.dll (from
> http://tomcat.heanet.ie/native/1.1.10/binaries/win32/) and installed
> it under windows directory.
> 
> At runtime, Vista complains about it.

How does it complain?

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 43687] - after repeated authentication tomcat again sends page with login form instead of protected static resource

2007-10-25 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43687





--- Additional Comments From [EMAIL PROTECTED]  2007-10-25 19:20 ---
Created an attachment (id=21046)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=21046&action=view)
Patch so that complient browsers don't think the login page is the real page

Tomcat needs to replay the original request exactly to have any hope of
working.  This patch, against 6.0 trunk, should prevent any modern browser
confusing the login page with the actual resource that it requested.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41072] - tomcat (3.x/4.x/5.x/6.x) is not supporting http(1.0/1.1) CONNECT method.

2007-10-25 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41072


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution||INVALID




--- Additional Comments From [EMAIL PROTECTED]  2007-10-25 19:29 ---
(comment #7)
is the proper answer. This bug in invalid.


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 43687] - after repeated authentication tomcat again sends page with login form instead of protected static resource

2007-10-25 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43687





--- Additional Comments From [EMAIL PROTECTED]  2007-10-25 19:31 ---
(In reply to comment #4)
> Created an attachment (id=21046)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=21046&action=view) 
[edit]
> Patch so that complient browsers don't think the login page is the real page
> Tomcat needs to replay the original request exactly to have any hope of
> working.  This patch, against 6.0 trunk, should prevent any modern browser
> confusing the login page with the actual resource that it requested.

Ok, so I'm having a brain-dead moment (seem to be pretty common around 
here :).  This patch should do nothing at all, and it is a FireFox bug that 
you are looking at (it shouldn't be sending 'if-modified-since' and 'if-none-
match' headers, since it was already told that the page is uncachable).

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r588477 - /tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationDispatcher.java

2007-10-25 Thread billbarker 
Author: billbarker
Date: Thu Oct 25 19:37:39 2007
New Revision: 588477

URL: http://svn.apache.org/viewvc?rev=588477&view=rev
Log:
Continue to give Remy a headache by fixing the problem where when the outer 
most wrapper is a ServetRequest/ResponseWrapper, but not a 
HttpServletRequest/ResponseWrapper would cause an NPE.

Fix for bug: #43668
Reported by:   Mailmur  

Modified:

tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationDispatcher.java

Modified: 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationDispatcher.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationDispatcher.java?rev=588477&r1=588476&r2=588477&view=diff
==
--- 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationDispatcher.java 
(original)
+++ 
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationDispatcher.java 
Thu Oct 25 19:37:39 2007
@@ -138,6 +138,16 @@
  * Are we performing an include() instead of a forward()?
  */
 boolean including = false;
+
+/**
+ * Outer most HttpServletRequest in the chain
+ */
+HttpServletRequest hrequest = null;
+
+/**
+ * Outermost HttpServletResponse in the chain
+ */
+HttpServletResponse hresponse = null;
 }
 
 // --- Constructors
@@ -316,24 +326,13 @@
 checkSameObjects(request, response);
 }
 
-// Identify the HTTP-specific request and response objects (if any)
-HttpServletRequest hrequest = null;
-if (request instanceof HttpServletRequest)
-hrequest = (HttpServletRequest) request;
-HttpServletResponse hresponse = null;
-if (response instanceof HttpServletResponse)
-hresponse = (HttpServletResponse) response;
-
-// Handle a non-HTTP forward by passing the existing request/response
-if ((hrequest == null) || (hresponse == null)) {
-processRequest(hrequest,hresponse,state);
-}
-
+wrapResponse(state);
 // Handle an HTTP named dispatcher forward
-else if ((servletPath == null) && (pathInfo == null)) {
+if ((servletPath == null) && (pathInfo == null)) {
 
 ApplicationHttpRequest wrequest =
 (ApplicationHttpRequest) wrapRequest(state);
+HttpServletRequest hrequest = state.hrequest;
 wrequest.setRequestURI(hrequest.getRequestURI());
 wrequest.setContextPath(hrequest.getContextPath());
 wrequest.setServletPath(hrequest.getServletPath());
@@ -349,7 +348,7 @@
 ApplicationHttpRequest wrequest =
 (ApplicationHttpRequest) wrapRequest(state);
 String contextPath = context.getPath();
-
+HttpServletRequest hrequest = state.hrequest;
 if (hrequest.getAttribute(Globals.FORWARD_REQUEST_URI_ATTR) == 
null) {
 wrequest.setAttribute(Globals.FORWARD_REQUEST_URI_ATTR,
   hrequest.getRequestURI());
@@ -488,19 +487,8 @@
 // Create a wrapped response to use for this request
 wrapResponse(state);
 
-// Handle a non-HTTP include
-if (!(request instanceof HttpServletRequest) ||
-!(response instanceof HttpServletResponse)) {
-request.setAttribute(ApplicationFilterFactory.DISPATCHER_TYPE_ATTR,
-Integer.valueOf(ApplicationFilterFactory.INCLUDE));
-request.setAttribute(
-ApplicationFilterFactory.DISPATCHER_REQUEST_PATH_ATTR,
-servletPath);
-invoke(request, state.outerResponse, state);
-}
-
 // Handle an HTTP named dispatcher include
-else if (name != null) {
+if (name != null) {
 
 ApplicationHttpRequest wrequest =
 (ApplicationHttpRequest) wrapRequest(state);
@@ -584,7 +572,7 @@
 }
 
 // Initialize local variables we may need
-HttpServletResponse hresponse = (HttpServletResponse) response;
+HttpServletResponse hresponse = state.hresponse;
 Servlet servlet = null;
 IOException ioException = null;
 ServletException servletException = null;
@@ -817,6 +805,8 @@
 ServletRequest previous = null;
 ServletRequest current = state.outerRequest;
 while (current != null) {
+if(state.hrequest == null && (current instanceof 
HttpServletRequest))
+state.hrequest = (HttpServletRequest)current;
 if ("org.apache.catalina.servlets.InvokerHttpRequest".
 equals(current.getClass().getName()))
 break; // KLUDGE - Make nested RD.forward() using invoker work
@@ -878,6 +868,11 @@
 ServletResponse previous = null;
 ServletResponse current = state

svn commit: r588479 - /tomcat/tc6.0.x/trunk/java/org/apache/jk/common/ChannelNioSocket.java

2007-10-25 Thread billbarker 
Author: billbarker
Date: Thu Oct 25 19:41:57 2007
New Revision: 588479

URL: http://svn.apache.org/viewvc?rev=588479&view=rev
Log:
fix possible DoS condition when using the experimental NIO/AJP connector

Modified:
tomcat/tc6.0.x/trunk/java/org/apache/jk/common/ChannelNioSocket.java

Modified: tomcat/tc6.0.x/trunk/java/org/apache/jk/common/ChannelNioSocket.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/jk/common/ChannelNioSocket.java?rev=588479&r1=588478&r2=588479&view=diff
==
--- tomcat/tc6.0.x/trunk/java/org/apache/jk/common/ChannelNioSocket.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/jk/common/ChannelNioSocket.java Thu 
Oct 25 19:41:57 2007
@@ -36,6 +36,7 @@
 import java.net.ServerSocket;
 import java.net.Socket;
 import java.net.SocketException;
+import java.net.SocketTimeoutException;
 
 import javax.management.ListenerNotFoundException;
 import javax.management.MBeanNotificationInfo;
@@ -46,6 +47,7 @@
 import javax.management.NotificationListener;
 import javax.management.ObjectName;
 
+import org.apache.commons.modeler.Registry;
 import org.apache.jk.core.JkHandler;
 import org.apache.jk.core.Msg;
 import org.apache.jk.core.MsgContext;
@@ -54,7 +56,6 @@
 import org.apache.coyote.Request;
 import org.apache.coyote.RequestGroupInfo;
 import org.apache.coyote.RequestInfo;
-import org.apache.tomcat.util.modeler.Registry;
 import org.apache.tomcat.util.threads.ThreadPool;
 import org.apache.tomcat.util.threads.ThreadPoolRunnable;
 
@@ -85,8 +86,8 @@
  */
 public class ChannelNioSocket extends JkHandler
 implements NotificationBroadcaster, JkChannel {
-private static org.apache.juli.logging.Log log =
-org.apache.juli.logging.LogFactory.getLog( ChannelNioSocket.class );
+private static org.apache.commons.logging.Log log =
+org.apache.commons.logging.LogFactory.getLog( ChannelNioSocket.class );
 
 private int startPort=8009;
 private int maxPort=8019; // 0 for backward compat.
@@ -172,7 +173,6 @@
 return packetSize;
 }
 
-
 /**
  * jmx:managed-attribute description="Bind on a specified address" 
access="READ_WRITE"
  */
@@ -883,6 +883,8 @@
 
 synchronized void  process(SelectionKey sk) {
 if(!sk.isValid()) {
+SocketInputStream sis = (SocketInputStream)ep.getNote(isNote);
+sis.closeIt();
 return;
 }
 if(sk.isReadable()) {
@@ -960,15 +962,11 @@
 Iterator it = sels.iterator();
 while(it.hasNext()) {
 SelectionKey sk = (SelectionKey)it.next();
-if(sk.isValid()) {
-if(sk.isAcceptable()) {
-acceptConnections();
-} else {
-SocketConnection sc = 
(SocketConnection)sk.attachment();
-sc.process(sk);
-}
+if(sk.isAcceptable()) {
+acceptConnections();
 } else {
-sk.cancel();
+SocketConnection sc = 
(SocketConnection)sk.attachment();
+sc.process(sk);
 }
 it.remove();
 }
@@ -1082,8 +1080,7 @@
 nr = -1; // Can't handle this yet
 }
 if(nr < 0) {
-isClosed = true;
-notify();
+closeIt();
 return false;
 } else if(nr == 0) {
 if(!nioIsBroken) {
@@ -1094,6 +1091,12 @@
 return true;
 }
 
+synchronized void closeIt() {
+isClosed = true;
+if(blocking)
+notify();
+}
+
 public int read(byte [] data) throws IOException {
 return read(data, 0, data.length);
 }
@@ -1133,7 +1136,9 @@
 if(fill(len) < 0) {
 isClosed = true;
 } 
-}
+} else if(!isClosed) {
+   throw new SocketTimeoutException("Read request timed out");
+   }
 }
 }
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r588481 - /tomcat/tc6.0.x/trunk/STATUS

2007-10-25 Thread billbarker 
Author: billbarker
Date: Thu Oct 25 19:44:17 2007
New Revision: 588481

URL: http://svn.apache.org/viewvc?rev=588481&view=rev
Log:
removing committed patches from STATUS

Modified:
tomcat/tc6.0.x/trunk/STATUS

Modified: tomcat/tc6.0.x/trunk/STATUS
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS?rev=588481&r1=588480&r2=588481&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS (original)
+++ tomcat/tc6.0.x/trunk/STATUS Thu Oct 25 19:44:17 2007
@@ -25,15 +25,6 @@
 PATCHES PROPOSED TO BACKPORT:
   [ New proposals should be added at the end of the list ]
 
-* Fix possible DoS condition for the experimental NIO/AJP module (reported by 
William Leung via email)
-  http://issues.apache.org/bugzilla/show_bug.cgi?id=43621
-  +1: billbarker,fhanik,funkman, pero, jim
-  -1:
-
-* Fix problem on a Forward when the outer most wrapper isn't a 
HttpServletRequest/ResponseWrapper.
-  http://issues.apache.org/bugzilla/show_bug.cgi?id=43668
-  +1: billbarker, remm, funkman, pero, jim
-  -1: 
 
 * Tests for unit tests for the cookie issues. 
http://people.apache.org/~jfclere/patches/CookiesTest.patch
   +1: fhanik, funkman, pero, jim



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r588489 - /tomcat/tc6.0.x/trunk/java/org/apache/jk/common/ChannelNioSocket.java

2007-10-25 Thread billbarker 
Author: billbarker
Date: Thu Oct 25 20:05:02 2007
New Revision: 588489

URL: http://svn.apache.org/viewvc?rev=588489&view=rev
Log:
Note to self, you can't copy and paste from 5.5 to 6.0

Modified:
tomcat/tc6.0.x/trunk/java/org/apache/jk/common/ChannelNioSocket.java

Modified: tomcat/tc6.0.x/trunk/java/org/apache/jk/common/ChannelNioSocket.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/jk/common/ChannelNioSocket.java?rev=588489&r1=588488&r2=588489&view=diff
==
--- tomcat/tc6.0.x/trunk/java/org/apache/jk/common/ChannelNioSocket.java 
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/jk/common/ChannelNioSocket.java Thu 
Oct 25 20:05:02 2007
@@ -47,7 +47,7 @@
 import javax.management.NotificationListener;
 import javax.management.ObjectName;
 
-import org.apache.commons.modeler.Registry;
+import org.apache.tomcat.util.modeler.Registry;
 import org.apache.jk.core.JkHandler;
 import org.apache.jk.core.Msg;
 import org.apache.jk.core.MsgContext;
@@ -86,8 +86,8 @@
  */
 public class ChannelNioSocket extends JkHandler
 implements NotificationBroadcaster, JkChannel {
-private static org.apache.commons.logging.Log log =
-org.apache.commons.logging.LogFactory.getLog( ChannelNioSocket.class );
+private static org.apache.juli.logging.Log log =
+org.apache.juli.logging.LogFactory.getLog( ChannelNioSocket.class );
 
 private int startPort=8009;
 private int maxPort=8019; // 0 for backward compat.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 22679] - how to access ssl session ID out of tomcat to prevent session hijacking and allow for phishing protection

2007-10-25 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=22679





--- Additional Comments From [EMAIL PROTECTED]  2007-10-25 20:06 ---
Lucas, you are right that there can be multiple legitimate SSL Session IDs with
one JSESSIONID. So while I stick to the statement that observing the SSL Session
ID is still one good measure against Session Hijacking, if applied alone, it may
also lock out legitimate additional SSL sessions. At least for sequentially
changing SSL-IDs, we account for with the described "n-1 our of n" approach
(comment 12). So if the other n-1 parameters to considered stay the same, the
mechanism probably even works with simultanous sessions with IDs A, B, C since
the tomcat application for each request will just assume that it is a change
from A->B, then from B->C, C->A and so on - not noticing there are actually
multiple simultaneous SSL sessions going on in parallel. Anyway, we have the
approach in operation since months with hundreds of users and no problems.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 43621] - soTimeout not worked on channelNioSocket

2007-10-25 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43621





--- Additional Comments From [EMAIL PROTECTED]  2007-10-25 20:08 ---
Created an attachment (id=21047)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=21047&action=view)
TC6 version of the patch

No functional change, but fixes packaging from 5.5 (which I forgot about)

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 43621] - soTimeout not worked on channelNioSocket

2007-10-25 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43621


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||FIXED




--- Additional Comments From [EMAIL PROTECTED]  2007-10-25 20:08 ---
This is now fixed in TC 5.5 and 6.0 with the patches attached.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 43668] - ApplicationDispatcher.doForward for non-HTTP request is always NULL

2007-10-25 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43668


[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||FIXED




--- Additional Comments From [EMAIL PROTECTED]  2007-10-25 20:10 ---
Fixed in the next 6.0 release with the attached patch.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r588490 - /tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

2007-10-25 Thread billbarker 
Author: billbarker
Date: Thu Oct 25 20:11:08 2007
New Revision: 588490

URL: http://svn.apache.org/viewvc?rev=588490&view=rev
Log:
document changes

Modified:
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=588490&r1=588489&r2=588490&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu Oct 25 20:11:08 2007
@@ -133,6 +133,9 @@
   
 Call stopAwait in StandardServer.stop if port == -1. (pero)
   
+  
+43668 Fix NPE when the outer most wrapper is a 
ServletRequest/ResponseWrapper, but not a HttpServletRequest/ResponseWrapper on 
a Forward. (billbarker)
+  
 
   
   
@@ -155,6 +158,9 @@
   
   
 Fix explicit flush before response commit in the org.apache.jk AJP 
connector. (pero)
+  
+  
+43621 Fix possible Dos condition when using the 
experimental NIO/AJP Connector (billbarker)
   
 
   



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 41257] - EL in dynamic attribute causes NPE in Tomcat 6

2007-10-25 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41257





--- Additional Comments From [EMAIL PROTECTED]  2007-10-25 21:37 ---
Created an attachment (id=21048)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=21048&action=view)
Fix for Bug 41258

I am not sure that bug 41257 and bug 41258 are the same issue, but I will trust
funkman as he knows more about Tomcat that what I do (and bug 41257 is not a
very clear description of the bug anyhow.)
  This patch fixes the issue raised by 41258, this is literal expressions that
make use of EL escape syntax within custom tag attributes values are not
unescaped.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug, or are watching the assignee.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]