svn commit: r684233 - /tomcat/current/tc5.5.x/STATUS.txt
Author: markt Date: Sat Aug 9 05:09:54 2008 New Revision: 684233 URL: http://svn.apache.org/viewvc?rev=684233&view=rev Log: Add proposal to prevent regression Modified: tomcat/current/tc5.5.x/STATUS.txt Modified: tomcat/current/tc5.5.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=684233&r1=684232&r2=684233&view=diff == --- tomcat/current/tc5.5.x/STATUS.txt (original) +++ tomcat/current/tc5.5.x/STATUS.txt Sat Aug 9 05:09:54 2008 @@ -42,6 +42,7 @@ -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=43578 + Will need fix for 45585 below too http://svn.apache.org/viewvc?rev=651713&view=rev Tomcat doesn't start if installation path contains a space Patch provided by Ray Sauers @@ -116,3 +117,10 @@ http://svn.apache.org/viewvc?rev=684081&view=rev +1: markt -1: + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45585 + Tomcat failed to start if using $CATALINA_BASE but not JULI. Patch based on a + suggestion by Ian Ward Comfort + http://svn.apache.org/viewvc?rev=684001&view=rev + +1: markt + -1: \ No newline at end of file - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r684234 - in /tomcat/trunk/java/org/apache/catalina/realm: JAASCallbackHandler.java JAASMemoryLoginModule.java JAASRealm.java
Author: markt
Date: Sat Aug 9 05:10:34 2008
New Revision: 684234
URL: http://svn.apache.org/viewvc?rev=684234&view=rev
Log:
Fix bug https://issues.apache.org/bugzilla/show_bug.cgi?id=45576
Get the JAASRealm working with DIGEST authentication.
Modified:
tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java
Modified: tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java?rev=684234&r1=684233&r2=684234&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java Sat
Aug 9 05:10:34 2008
@@ -24,6 +24,7 @@
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.TextInputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.catalina.util.StringManager;
@@ -75,6 +76,33 @@
}
}
+
+/**
+ * Construct a callback handler for DIGEST authentication.
+ *
+ * @param realm Our associated JAASRealm instance
+ * @param username Username to be authenticated with
+ * @param password Password to be authenticated with
+ * @param nonce Server generated nonce
+ * @param ncNonce count
+ * @param cnonceClient generated nonce
+ * @param qop Quality of protection aplied to the message
+ * @param realmName Realm name
+ * @param md5a2 Second MD5 digest used to calculate the digest
+ * MD5(Method + ":" + uri)
+ */
+public JAASCallbackHandler(JAASRealm realm, String username,
+ String password, String nonce, String nc,
+ String cnonce, String qop, String realmName,
+ String md5a2) {
+this(realm, username, password);
+this.nonce = nonce;
+this.nc = nc;
+this.cnonce = cnonce;
+this.qop = qop;
+this.realmName = realmName;
+this.md5a2 = md5a2;
+}
// - Instance Variables
@@ -101,14 +129,46 @@
*/
protected String username = null;
+/**
+ * Server generated nonce.
+ */
+protected String nonce = null;
+
+/**
+ * Nonce count.
+ */
+protected String nc = null;
+
+/**
+ * Client generated nonce.
+ */
+protected String cnonce = null;
+
+/**
+ * Quality of protection aplied to the message.
+ */
+protected String qop;
+
+/**
+ * Realm name.
+ */
+protected String realmName;
+
+/**
+ * Second MD5 digest.
+ */
+protected String md5a2;
+
// - Public Methods
/**
* Retrieve the information requested in the provided
Callbacks.
- * This implementation only recognizes NameCallback and
- * PasswordCallback instances.
+ * This implementation only recognizes [EMAIL PROTECTED] NameCallback},
+ * [EMAIL PROTECTED] PasswordCallback} and [EMAIL PROTECTED]
TextInputCallback}.
+ * [EMAIL PROTECTED] TextInputCallback} is ued to pass the various
additional
+ * parameters required for DIGEST authentication.
*
* @param callbacks The set of Callbacks to be processed
*
@@ -134,6 +194,23 @@
}
((PasswordCallback) callbacks[i]).setPassword
(passwordcontents);
+} else if (callbacks[i] instanceof TextInputCallback) {
+TextInputCallback cb = ((TextInputCallback) callbacks[i]);
+if (cb.getPrompt().equals("nonce")) {
+cb.setText(nonce);
+} else if (cb.getPrompt().equals("nc")) {
+cb.setText(nc);
+} else if (cb.getPrompt().equals("cnonce")) {
+cb.setText(cnonce);
+} else if (cb.getPrompt().equals("qop")) {
+cb.setText(qop);
+} else if (cb.getPrompt().equals("realmName")) {
+cb.setText(realmName);
+} else if (cb.getPrompt().equals("md5a2")) {
+cb.setText(md5a2);
+} else {
+throw new UnsupportedCallbackException(callbacks[i]);
+}
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
Modified: tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
URL:
http://sv
svn commit: r684235 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Sat Aug 9 05:11:09 2008 New Revision: 684235 URL: http://svn.apache.org/viewvc?rev=684235&view=rev Log: Propose fix for 45576 Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=684235&r1=684234&r2=684235&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Aug 9 05:11:09 2008 @@ -96,8 +96,14 @@ +1: markt -1: -* JAASMemoryLoginModule didn't confirm to JAASRealm contract. This prevented any +* JAASMemoryLoginModule didn't conform to JAASRealm contract. This prevented any user from being assigned a role. http://svn.apache.org/viewvc?rev=684081&view=rev +1: markt -1: + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45576 + Add support for DIGEST to the JAASRealm + + +1: markt + -1: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r684235 - /tomcat/tc6.0.x/trunk/STATUS.txt
This proposal does not have URL of the patch. Only bugzilla URL is mentioned. I suppose that one meant to mention the following URL here: http://svn.apache.org/viewvc?rev=684234&view=rev 2008/8/9 <[EMAIL PROTECTED]>: > Author: markt > Date: Sat Aug 9 05:11:09 2008 > New Revision: 684235 > > URL: http://svn.apache.org/viewvc?rev=684235&view=rev > Log: > Propose fix for 45576 > > Modified: >tomcat/tc6.0.x/trunk/STATUS.txt > > Modified: tomcat/tc6.0.x/trunk/STATUS.txt > URL: > http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=684235&r1=684234&r2=684235&view=diff > == > --- tomcat/tc6.0.x/trunk/STATUS.txt (original) > +++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Aug 9 05:11:09 2008 > @@ -96,8 +96,14 @@ > +1: markt > -1: > > -* JAASMemoryLoginModule didn't confirm to JAASRealm contract. This prevented > any > +* JAASMemoryLoginModule didn't conform to JAASRealm contract. This prevented > any > user from being assigned a role. > http://svn.apache.org/viewvc?rev=684081&view=rev > +1: markt > -1: > + > +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45576 > + Add support for DIGEST to the JAASRealm > + > + +1: markt > + -1: > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r684235 - /tomcat/tc6.0.x/trunk/STATUS.txt
Konstantin Kolinko wrote: This proposal does not have URL of the patch. Only bugzilla URL is mentioned. I suppose that one meant to mention the following URL here: http://svn.apache.org/viewvc?rev=684234&view=rev Fixed. Thanks for the catch. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r684264 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Sat Aug 9 06:46:43 2008 New Revision: 684264 URL: http://svn.apache.org/viewvc?rev=684264&view=rev Log: Add svn url Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=684264&r1=684263&r2=684264&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Aug 9 06:46:43 2008 @@ -104,6 +104,6 @@ * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45576 Add support for DIGEST to the JAASRealm - + http://svn.apache.org/viewvc?rev=684234&view=rev +1: markt -1: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45600] request.getRequestDispatcher include priority is corrupted
https://issues.apache.org/bugzilla/show_bug.cgi?id=45600 Mark Thomas <[EMAIL PROTECTED]> changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Comment #1 from Mark Thomas <[EMAIL PROTECTED]> 2008-08-09 07:09:11 PST --- The behaviour you observe is as expected and is as per the spec, particularly section JSP.11.3 Please use the users list if you have further questions about this. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r684270 - in /tomcat/trunk/java/org/apache/catalina/realm: JAASCallbackHandler.java JAASMemoryLoginModule.java JAASRealm.java
Author: markt
Date: Sat Aug 9 07:32:47 2008
New Revision: 684270
URL: http://svn.apache.org/viewvc?rev=684270&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41407
Add support for CLIENT-CERT authentication to JAAS realm.
Modified:
tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java
Modified: tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java?rev=684270&r1=684269&r2=684270&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java Sat
Aug 9 07:32:47 2008
@@ -80,21 +80,22 @@
/**
* Construct a callback handler for DIGEST authentication.
*
- * @param realm Our associated JAASRealm instance
- * @param username Username to be authenticated with
- * @param password Password to be authenticated with
- * @param nonce Server generated nonce
- * @param ncNonce count
- * @param cnonceClient generated nonce
- * @param qop Quality of protection aplied to the message
- * @param realmName Realm name
- * @param md5a2 Second MD5 digest used to calculate the digest
+ * @param realm Our associated JAASRealm instance
+ * @param username Username to be authenticated with
+ * @param password Password to be authenticated with
+ * @param nonce Server generated nonce
+ * @param ncNonce count
+ * @param cnonceClient generated nonce
+ * @param qop Quality of protection aplied to the message
+ * @param realmName Realm name
+ * @param md5a2 Second MD5 digest used to calculate the digest
* MD5(Method + ":" + uri)
+ * @param authMethodThe authentication mehtod in use
*/
public JAASCallbackHandler(JAASRealm realm, String username,
String password, String nonce, String nc,
String cnonce, String qop, String realmName,
- String md5a2) {
+ String md5a2, String authMethod) {
this(realm, username, password);
this.nonce = nonce;
this.nc = nc;
@@ -102,6 +103,7 @@
this.qop = qop;
this.realmName = realmName;
this.md5a2 = md5a2;
+this.authMethod = authMethod;
}
// - Instance Variables
@@ -123,7 +125,6 @@
*/
protected JAASRealm realm = null;
-
/**
* The username to be authenticated with.
*/
@@ -159,6 +160,10 @@
*/
protected String md5a2;
+/**
+ * The authentication methdod to be used. If null, assume BASIC/FORM.
+ */
+protected String authMethod;
// - Public Methods
@@ -208,6 +213,8 @@
cb.setText(realmName);
} else if (cb.getPrompt().equals("md5a2")) {
cb.setText(md5a2);
+} else if (cb.getPrompt().equals("authMethod")) {
+cb.setText(authMethod);
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
Modified: tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java?rev=684270&r1=684269&r2=684270&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java Sat
Aug 9 07:32:47 2008
@@ -39,6 +39,7 @@
import org.apache.catalina.Context;
import org.apache.catalina.Realm;
+import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.connector.Request;
import org.apache.catalina.deploy.SecurityConstraint;
import org.apache.catalina.util.RequestUtil;
@@ -310,7 +311,7 @@
// Set up our CallbackHandler requests
if (callbackHandler == null)
throw new LoginException("No CallbackHandler specified");
-Callback callbacks[] = new Callback[8];
+Callback callbacks[] = new Callback[9];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
callbacks[2] = new TextInputCallback("nonce");
@@ -319,6 +320,7 @@
callbacks[5] = new TextInputCallback("qop");
callback
svn commit: r684271 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Sat Aug 9 07:35:28 2008 New Revision: 684271 URL: http://svn.apache.org/viewvc?rev=684271&view=rev Log: Propose fix for 41407 Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=684271&r1=684270&r2=684271&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Aug 9 07:35:28 2008 @@ -107,3 +107,9 @@ http://svn.apache.org/viewvc?rev=684234&view=rev +1: markt -1: + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41407 + Add support for CLIENT-CERT to the JASSRealm. Builds on DIGEST patch above. + https://issues.apache.org/bugzilla/show_bug.cgi?id=41407 + +1: markt + -1: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r684272 - /tomcat/current/tc5.5.x/STATUS.txt
Author: markt Date: Sat Aug 9 07:36:04 2008 New Revision: 684272 URL: http://svn.apache.org/viewvc?rev=684272&view=rev Log: Propose fix for 41407 (needs fix for 45576) Modified: tomcat/current/tc5.5.x/STATUS.txt Modified: tomcat/current/tc5.5.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=684272&r1=684271&r2=684272&view=diff == --- tomcat/current/tc5.5.x/STATUS.txt (original) +++ tomcat/current/tc5.5.x/STATUS.txt Sat Aug 9 07:36:04 2008 @@ -123,4 +123,16 @@ suggestion by Ian Ward Comfort http://svn.apache.org/viewvc?rev=684001&view=rev +1: markt - -1: \ No newline at end of file + -1: + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45576 + Add support for DIGEST to the JAASRealm + http://svn.apache.org/viewvc?rev=684234&view=rev + +1: markt + -1: + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41407 + Add support for CLIENT-CERT to the JASSRealm. Builds on DIGEST patch above. + https://issues.apache.org/bugzilla/show_bug.cgi?id=41407 + +1: markt + -1: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 41407] CLIENT-CERT Authentication with JAASRealm not working
https://issues.apache.org/bugzilla/show_bug.cgi?id=41407 --- Comment #2 from Mark Thomas <[EMAIL PROTECTED]> 2008-08-09 07:36:19 PST --- This has been fixed in trunk and proposed for 5.5.x and 6.0.x -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45576] JAASRealm not working with DigestAuthenticator
https://issues.apache.org/bugzilla/show_bug.cgi?id=45576 --- Comment #1 from Mark Thomas <[EMAIL PROTECTED]> 2008-08-09 07:36:45 PST --- This has been fixed in trunk and proposed for 5.5.x and 6.0.x -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45603] StandardWrapper.getRootCause(ServletException) omitting important information
https://issues.apache.org/bugzilla/show_bug.cgi?id=45603 Mark Thomas <[EMAIL PROTECTED]> changed: What|Removed |Added Status|NEW |RESOLVED Resolution||WONTFIX --- Comment #1 from Mark Thomas <[EMAIL PROTECTED]> 2008-08-09 08:04:40 PST --- StandardWrapper.getRootCause(ServletException) is doing what it is meant to - getting the the root cause of the problem. If we were to make the change you suggest it would significantly reduce its usefulness and make tracking down the root cause of problems very difficult. I would suggest that a better approach, and one that would be immune to the differences between the various container implementations, would be to log the information you find useful as part of your exception handling. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45601] Static Content Corruption
https://issues.apache.org/bugzilla/show_bug.cgi?id=45601 Mark Thomas <[EMAIL PROTECTED]> changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Comment #1 from Mark Thomas <[EMAIL PROTECTED]> 2008-08-09 09:29:02 PST --- (In reply to comment #0) > This problem is seen to happen in Tomcat 5.5.20 and 6.0.16 The line numbers quoted in the stack trace do not match either of the Tomcat versions above, nor could I find a Tomcat 5.5.x or 6.0.x version that they did match. I tried using the patch to identify an offset but that didn't work either. In short, it is very difficult to work out what exactly this stack trace represents. > In a highly threaded environment > ServletOutputStream's write method gets accessed by multiple threads, so > ServletOutputStream's write method may sometimes get called while the previous > thread's writing of the byte buffer is not yet finished or its own buffer is > not yet flushed, which results in corrupted output. Every response has its own ServletOutputStream. Since a response is handled by a single thread, I don't see how a threading issue can exist here unless response objects are being re-used across requests by the application. That would be an application bug. > The fix is to remove this optimization. The stack trace shows reading from a File. The optimisation the patch removes copies the data directly from the cache without any file reading. I can't see how the proposed fix relates to the stack trace. Further, removal of the optimisation makes it more likely that the content will be read from the file. Given that the stack trace is related to reading data from a file I would expect the proposed patch to make any error more likely not less likely. A Google search suggests that a lack of OS resources could also be a cause of this error. Given that the environment is highly threaded, and taking this to also mean highly loaded, this looks more like a JVM/OS issue to me. Therefore I am closing this as invalid as I can't see anything in the code that Tomcat is doing incorrectly. That said, I do have a nagging doubt I am missing the obvious so if I am, feel free to re-open and point it out. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r684291 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: remm Date: Sat Aug 9 09:41:32 2008 New Revision: 684291 URL: http://svn.apache.org/viewvc?rev=684291&view=rev Log: - Votes. Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=684291&r1=684290&r2=684291&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Aug 9 09:41:32 2008 @@ -81,35 +81,36 @@ still exists. http://svn.apache.org/viewvc?view=rev&revision=683969 +1: markt + 0: remm (looks risky, very minor problem) -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45591 NPE on start-up failure in some cases. Based on a patch by Matt Passell http://svn.apache.org/viewvc?rev=683982&view=rev - +1: markt + +1: markt, remm -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45585 Tomcat failed to start if using $CATALINA_BASE but not JULI. Patch based on a suggestion by Ian Ward Comfort http://svn.apache.org/viewvc?rev=684001&view=rev - +1: markt + +1: markt, remm -1: * JAASMemoryLoginModule didn't conform to JAASRealm contract. This prevented any user from being assigned a role. http://svn.apache.org/viewvc?rev=684081&view=rev - +1: markt + +1: markt, remm -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45576 Add support for DIGEST to the JAASRealm http://svn.apache.org/viewvc?rev=684234&view=rev - +1: markt + +1: markt, remm (the two people using digest could be interested) -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41407 Add support for CLIENT-CERT to the JASSRealm. Builds on DIGEST patch above. https://issues.apache.org/bugzilla/show_bug.cgi?id=41407 - +1: markt + +1: markt, remm -1: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45427] Unmatched quotes inside EL break JSP parser
https://issues.apache.org/bugzilla/show_bug.cgi?id=45427
ilango <[EMAIL PROTECTED]> changed:
What|Removed |Added
Status|NEW |NEEDINFO
--- Comment #1 from ilango <[EMAIL PROTECTED]> 2008-08-09 14:28:17 PST ---
(In reply to comment #0)
Can I test this under Tomcat under Ubuntu Fiesty Fawn?
thanks
ilango
> Created an attachment (id=22277)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=22277) [details]
> Simple WAR containing test JSPs for the working and broken expressions.
>
> According to my reading of Sun's EL spec for JSP 2.1, any of the following
> expressions should be legal -
> ${'This string contains unmatched escaped \' single and " double quotes,
> inside single quotes'}
> ${"This string contains unmatched ' single and escaped \" double quotes,
> inside double quotes"}
> ${"This string contains an ' unescaped single quote, inside double
> quotes"}
> ${'This string contains an " unescaped, unmatched double quote, inside
> single quotes'}
>
> - but in Tomcat, none of the above expressions compiles, at least not when
> alone. (In some files, the unmatched quote may be matched inside a later EL
> expression. In that case, the JSP will compile, but both expressions, together
> with everything in between them, will be merged into one string literal! This
> is especially insidious.)
>
> org.apache.jasper.JasperException: /broken1.jsp(2,2) Unterminated ${ tag
> org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:40)
> org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:407)
> org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:132)
> org.apache.jasper.compiler.Parser.parseELExpression(Parser.java:763)
> org.apache.jasper.compiler.Parser.parseElements(Parser.java:1451)
> org.apache.jasper.compiler.Parser.parse(Parser.java:133)
> org.apache.jasper.compiler.ParserController.doParse(ParserController.java:216)
> org.apache.jasper.compiler.ParserController.parse(ParserController.java:103)
> org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:153)
> org.apache.jasper.compiler.Compiler.compile(Compiler.java:314)
> org.apache.jasper.compiler.Compiler.compile(Compiler.java:294)
> org.apache.jasper.compiler.Compiler.compile(Compiler.java:281)
> org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:566)
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:317)
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:337)
> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>
>
> The EL parser implementation seems to think that nested quotes are only
> escaped
> if they are the same (single/double) as the surrounding quotes, but nested
> quotes don't have to be closed/matched. The JSP implementation, on the other
> hand, seems to think that quotes do have to be matched, unless they are
> escaped. For some strings (above), no combination of escaping will make both
> parsers happy. I'm not sure whether this is a bug in the JSP implementation,
> or
> perhaps a deficiency in the JSP/EL specs.
>
> I have collected the above expressions which break the parser
> (broken[1234].jsp), along with some illegal expressions and some working
> expressions (working.jsp) in a small WAR file which is attached to this
> report.
> I don't believe that the files broken[1234].jsp should be causing exceptions.
>
> Note: for some reason, single quoted strings are not allowed(!) to contain
> escaped double quotes, and vice versa, so these expressions are illegal, and
> thus it's okay that they don't compile (illegal[12].jsp):
> ${"This string contains an \' escaped single quote, inside double quotes"}
> ${'This string contains an \" escaped double quote, inside single quotes'}
> (Note that the text of the EL spec implies that these should be legal, but the
> EL grammar says otherwise. Not a good sign...)
>
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45603] StandardWrapper.getRootCause(ServletException) omitting important information
https://issues.apache.org/bugzilla/show_bug.cgi?id=45603 --- Comment #2 from Gili <[EMAIL PROTECTED]> 2008-08-09 18:17:02 PST --- Mark, I appreciate the fact that StandardWrapper.getRootCause(ServletException) is doing what it's supposed to do but I fail to understand the point of skipping 20 levels of exceptions. Wouldn't you get the same information by simply outputting printStackTrace() on the outermost exception? As far as I understand it, all other vendors output the outermost exception when it gets thrown. Is it possible for Tomcat to output both exceptions (the current one and the outermost one) or at least make it configurable via System properties? -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
