Re: Possibly found a bug in Tomcat
Hello Filip,
i think you are right, OpenSSO does create an invalid cookie.
I first read the following:
"This string is a sequence of characters excluding semi-colon, comma and
white space. If there is a need to place such data in the name or value,
some encoding method such as URL style %XX encoding is recommended,
though no encoding is defined or required."
on
http://209.85.135.104/search?q=cache:W6VJIqv-__MJ:wp.netscape.com/newsref/std/cookie_spec.html
but now i found the actual specification
http://www.w3.org/Protocols/rfc2109/rfc2109
and
http://www.w3.org/Protocols/rfc2068/rfc2068
which does not allow the following characters in the cookies value:
tspecials = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT
Thanks,
Hendrik
Filip Hanik - Dev Lists schrieb:
> that looks like an invalid cookie to me, = is a delimiter, so a proper
> parser would end when it hits the 2nd =
>
> Filip
>
> Hendrik Helwich wrote:
>> Hello tomcat developers,
>>
>> i tried to integrate OpenSSO (https://opensso.dev.java.net/) with
>> liferay (http://www.liferay.com), which is a web-application which is
>> recommended to run in Tomcat 5.5.
>> It does not work and i found out, that it is a cookie problem.
>>
>> In the request a cookie is send:
>> [EMAIL PROTECTED];
>>
>>
>> But in the corresponding instance of javax.servlet.http.Cookie the
>> value is:
>> AQIC5wM2LY4SfcyGIL7gS99bMIQ5i2cP7jYw2bFMCztKUw0
>>
>> The end of the value is missing and it seems there is a bug in
>> Cookie-Parser.
>>
>> I tried to figure it out by myself and followed the instructions on
>> http://tomcat.apache.org/tomcat-6.0-doc/building.html
>> to build tomcat, but i got an error while executing "ant download" (log
>> is appended).
>> My Java version is 1.6.0_01-b06.
>>
>> Can you help or give me a hint?
>>
>> Thanks
>> Hendrik
>>
>>
>>
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Possibly found a bug in Tomcat
I believe you should be able to quote the value to put in invalid chars
in there
Filip
Hendrik Helwich wrote:
Hello Filip,
i think you are right, OpenSSO does create an invalid cookie.
I first read the following:
"This string is a sequence of characters excluding semi-colon, comma and
white space. If there is a need to place such data in the name or value,
some encoding method such as URL style %XX encoding is recommended,
though no encoding is defined or required."
on
http://209.85.135.104/search?q=cache:W6VJIqv-__MJ:wp.netscape.com/newsref/std/cookie_spec.html
but now i found the actual specification
http://www.w3.org/Protocols/rfc2109/rfc2109
and
http://www.w3.org/Protocols/rfc2068/rfc2068
which does not allow the following characters in the cookies value:
tspecials = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT
Thanks,
Hendrik
Filip Hanik - Dev Lists schrieb:
that looks like an invalid cookie to me, = is a delimiter, so a proper
parser would end when it hits the 2nd =
Filip
Hendrik Helwich wrote:
Hello tomcat developers,
i tried to integrate OpenSSO (https://opensso.dev.java.net/) with
liferay (http://www.liferay.com), which is a web-application which is
recommended to run in Tomcat 5.5.
It does not work and i found out, that it is a cookie problem.
In the request a cookie is send:
[EMAIL PROTECTED];
But in the corresponding instance of javax.servlet.http.Cookie the
value is:
AQIC5wM2LY4SfcyGIL7gS99bMIQ5i2cP7jYw2bFMCztKUw0
The end of the value is missing and it seems there is a bug in
Cookie-Parser.
I tried to figure it out by myself and followed the instructions on
http://tomcat.apache.org/tomcat-6.0-doc/building.html
to build tomcat, but i got an error while executing "ant download" (log
is appended).
My Java version is 1.6.0_01-b06.
Can you help or give me a hint?
Thanks
Hendrik
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [VOTE] bayeux inclusion
Costin Manolache wrote: On Tue, Jul 22, 2008 at 10:17 AM, Filip Hanik - Dev Lists < [EMAIL PROTECTED]> wrote: As promised, here is the vote for inclusion of the bayeux toolkit https://issues.apache.org/bugzilla/show_bug.cgi?id=45413 I think this toolkit should [X] +1 include it as an independent component, I'm interested [ ] 0 sounds interesting [ ] -1 throw it away I plan to put it under svn.apache.org/repos/asf/tomcat/cometd/bayeux thinking that there may be more cometd components in the future I don't know about this - don't you think we have too many svn trees ? Is there any reason for this ? I wouldn't mind having it in the trunk. Not in the java/ dir, but maybe some extensions/bayeux ? I agree we have (in the past) had too many svn trees. I would much prefer that this went into trunk/java. As long as it is in it's own package, it is easy to include/exclude from the main distro. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Server Header Change
Jim Manico wrote: I would like to change Tomcat so that configuring the Connector to server="" will completely remove the Server header. This used to be the base before the header customization code was put in place. Does anyone have a strong objection, if not, I'll add a bug for it in bugzilla and provide a patch. Go for it. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
