DO NOT REPLY [Bug 45624] javax.servlet.ServletException exception
https://issues.apache.org/bugzilla/show_bug.cgi?id=45624 Mark Thomas <[EMAIL PROTECTED]> changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Comment #1 from Mark Thomas <[EMAIL PROTECTED]> 2008-08-13 00:53:14 PST --- Bugzilla is not a support forum. Please use the users mailing list. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r685530 - /tomcat/trunk/java/org/apache/catalina/core/StandardHost.java
Author: funkman
Date: Wed Aug 13 05:58:47 2008
New Revision: 685530
URL: http://svn.apache.org/viewvc?rev=685530&view=rev
Log:
Let the user know why errorReportValveClass was not loaded. Since it could
be ClassNotFound, invalid class version, (or other)
Modified:
tomcat/trunk/java/org/apache/catalina/core/StandardHost.java
Modified: tomcat/trunk/java/org/apache/catalina/core/StandardHost.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardHost.java?rev=685530&r1=685529&r2=685530&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/core/StandardHost.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardHost.java Wed Aug 13
05:58:47 2008
@@ -707,7 +707,7 @@
} catch (Throwable t) {
log.error(sm.getString
("standardHost.invalidErrorReportValveClass",
- errorReportValveClass));
+ errorReportValveClass), t);
}
}
if(log.isDebugEnabled()) {
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r685535 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: funkman Date: Wed Aug 13 06:22:14 2008 New Revision: 685535 URL: http://svn.apache.org/viewvc?rev=685535&view=rev Log: some votes Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=685535&r1=685534&r2=685535&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Aug 13 06:22:14 2008 @@ -45,13 +45,13 @@ * Add in startup options, so that cluster can be started in TCP mode only, when using static membership Also document the multicast recovery options http://svn.apache.org/viewvc?rev=674125&view=rev - +1: fhanik, markt + +1: fhanik, markt, funkman -1: * Fix comet behavior Invoke READ when there is a body and make sure END is called if CometEvent.close is called during an invokation http://svn.apache.org/viewvc?rev=677473&view=rev - +1: fhanik + +1: fhanik, funkman 0: remm: no idea if it's better or worse (the fact that it's been closed is visible) -1: @@ -59,6 +59,8 @@ Include possible cause in error message since excpetion isn't that clear http://svn.apache.org/viewvc?rev=680710&view=rev +1: markt + -0: funkman ( Agree with Remy - just not as strongly (There is enough in the stacktrace that your fav search + engine can tell you what is wrong fairly quickly) -1: remm (this error seems to be displayed by Class.newInstance() which should be ok to use; I am not ok with the idea of working around every error message from JDKs) @@ -66,7 +68,7 @@ Add required sync to race condition Based on a patch by Santtu Hyrkk http://svn.apache.org/viewvc?rev=680725&view=rev - +1: markt, remm + +1: markt, remm, funkman -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45511 @@ -75,7 +77,7 @@ http://svn.apache.org/viewvc?rev=681735&view=rev (revert) http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/el/parser/ELParser.jjt?r1=681735&r2=681789 (new fix) Note: Auto-generated files will also need to be updated - +1: markt, remm + +1: markt, remm, funkman -1: * Fix issue where the first request for a deleted JSPs returns as if the JSP @@ -88,26 +90,26 @@ * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45591 NPE on start-up failure in some cases. Based on a patch by Matt Passell http://svn.apache.org/viewvc?rev=683982&view=rev - +1: markt, remm + +1: markt, remm, funkman -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45585 Tomcat failed to start if using $CATALINA_BASE but not JULI. Patch based on a suggestion by Ian Ward Comfort http://svn.apache.org/viewvc?rev=684001&view=rev - +1: markt, remm + +1: markt, remm, funkman -1: * JAASMemoryLoginModule didn't conform to JAASRealm contract. This prevented any user from being assigned a role. http://svn.apache.org/viewvc?rev=684081&view=rev - +1: markt, remm + +1: markt, remm, funkman -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45576 Add support for DIGEST to the JAASRealm http://svn.apache.org/viewvc?rev=684234&view=rev - +1: markt, remm (the two people using digest could be interested) + +1: markt, funkman, remm (the two people using digest could be interested) -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41407 @@ -115,7 +117,9 @@ https://issues.apache.org/bugzilla/show_bug.cgi?id=41407 +1: markt, remm -1: + 0: funkman - I see the bug URL twice with no patch + * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45528 Test the SSL socket for cert/cipher compatibility before returning it http://svn.apache.org/viewvc?rev=684559&view=rev - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r685551 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Wed Aug 13 06:51:28 2008 New Revision: 685551 URL: http://svn.apache.org/viewvc?rev=685551&view=rev Log: Put the right link in. Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=685551&r1=685550&r2=685551&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Aug 13 06:51:28 2008 @@ -114,7 +114,7 @@ * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41407 Add support for CLIENT-CERT to the JASSRealm. Builds on DIGEST patch above. - https://issues.apache.org/bugzilla/show_bug.cgi?id=41407 + http://svn.apache.org/viewvc?rev=684270&view=rev +1: markt, remm -1: 0: funkman - I see the bug URL twice with no patch - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Default error page generation logic in tomcat
Hi Guys, I had a specific requirement related to tomcat error generation. When a default error page is generated like 404 error page, tomcat appends its version info at the bottom of the page. I don't want this version to be displayed on the error page. I am trying to understand which part of the tomcat code actually does this? Any response will be appreciated. Thanks, Raghu
Re: Default error page generation logic in tomcat
Raghavendra Datt wrote: Hi Guys, I had a specific requirement related to tomcat error generation. When a default error page is generated like 404 error page, tomcat appends its version info at the bottom of the page. I don't want this version to be displayed on the error page. I am trying to understand which part of the tomcat code actually does this? Any response will be appreciated. Please don't cross post. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Default error page generation logic in tomcat
sorry... wasn't sure whether the quesiton was related to development side or users side. Sorry for the inconvenience. On Wed, Aug 13, 2008 at 11:56 AM, Mark Thomas <[EMAIL PROTECTED]> wrote: > Raghavendra Datt wrote: > >> Hi Guys, >> I had a specific requirement related to tomcat error generation. When a >> default error page is generated like 404 error page, tomcat appends its >> version info at the bottom of the page. I don't want this version to be >> displayed on the error page. I am trying to understand which part of the >> tomcat code actually does this? >> >> Any response will be appreciated. >> > > Please don't cross post. > > Mark > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
DO NOT REPLY [Bug 45628] New: ExtensionValidator doesn't handle wrapped lines in MANIFEST.MF
https://issues.apache.org/bugzilla/show_bug.cgi?id=45628 Summary: ExtensionValidator doesn't handle wrapped lines in MANIFEST.MF Product: Tomcat 5 Version: 5.5.26 Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Deploying webapps that contain commons-attributes-api.jar or commons-attributes-compiler.jar (downloaded from the Maven repository) fail with a message from ExtensionValidator along the lines of 'Required extension "ant" not found'. This happens because the MANIFEST.MF file in these jars contain wrapped lines. Per the JAR spec, lines longer than 72 bytes have to wrap. These MANIFEST.MF files contain lines like: ant-Implementation-URL: http://www.ibiblio.org/maven/ant/jars/ant-1.5. jar which evidently cause ExtensionValidator to complain. If you edit the MANIFEST.MF files to eliminate the continuation line: ant-Implementation-URL: http://www.ibiblio.org/maven/ant/jars/ant-1.5.jar there are no errors. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45628] ExtensionValidator doesn't handle wrapped lines in MANIFEST.MF
https://issues.apache.org/bugzilla/show_bug.cgi?id=45628 Larry Hartsook <[EMAIL PROTECTED]> changed: What|Removed |Added CC||[EMAIL PROTECTED] -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r685696 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/catalina/realm/JDBCRealm.java webapps/docs/changelog.xml
Author: markt
Date: Wed Aug 13 15:04:52 2008
New Revision: 685696
URL: http://svn.apache.org/viewvc?rev=685696&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45453
Additional syncs required.
Based on a patch provided by Santtu Hyrkk.
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=685696&r1=685695&r2=685696&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Aug 13 15:04:52 2008
@@ -64,13 +64,6 @@
-1: remm (this error seems to be displayed by Class.newInstance() which
should be ok to use; I am
not ok with the idea of working around every error message from
JDKs)
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45453
- Add required sync to race condition
- Based on a patch by Santtu Hyrkk
- http://svn.apache.org/viewvc?rev=680725&view=rev
- +1: markt, remm, funkman
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45511
Revert fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=42565
and implement alternative
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java?rev=685696&r1=685695&r2=685696&view=diff
==
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JDBCRealm.java Wed Aug
13 15:04:52 2008
@@ -38,10 +38,11 @@
* See the JDBCRealm.howto for more details on how to set up the database and
* for configuration options.
*
-* TODO - Support connection pooling (including message
-* format objects) so that authenticate(),
-* getPassword() and authenticate() do not have to be
-* synchronized and would fix the ugly connection logic.
+* For a Realm implementation that supports connection pooling and
+* doesn't require synchronisation of authenticate(),
+* getPassword(), roles() and
+* getPrincipal() or the ugly connection logic use the
+* DataSourceRealm.
*
* @author Craig R. McClanahan
* @author Carson McDonald
@@ -591,7 +592,7 @@
/**
* Return the Principal associated with the given user name.
*/
-protected Principal getPrincipal(String username) {
+protected synchronized Principal getPrincipal(String username) {
return (new GenericPrincipal(this,
username,
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=685696&r1=685695&r2=685696&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Wed Aug 13 15:04:52 2008
@@ -32,6 +32,16 @@
+
+
+
+
+45453: Remove potential race condition in JDBC Realm.
+Based on a patch by Santtu Hyrkk. (markt)
+
+
+
+
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45453] JDBCRealm.getRoles bad synchronization causes hangs w/ DIGEST authentication
https://issues.apache.org/bugzilla/show_bug.cgi?id=45453 Mark Thomas <[EMAIL PROTECTED]> changed: What|Removed |Added Component|Catalina|Catalina Product|Tomcat 6|Tomcat 5 Target Milestone|default |--- Version|6.0.16 |5.5.26 --- Comment #5 from Mark Thomas <[EMAIL PROTECTED]> 2008-08-13 15:05:09 PST --- This has been fixed in 6.0.x and will be included in 6.0.19 onwards. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r685699 - /tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParser.jjt
Author: markt
Date: Wed Aug 13 15:12:05 2008
New Revision: 685699
URL: http://svn.apache.org/viewvc?rev=685699&view=rev
Log:
Revert fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=42565 since
it caused https://issues.apache.org/bugzilla/show_bug.cgi?id=45511
A better fix for 42565 will follow
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParser.jjt
Modified: tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParser.jjt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParser.jjt?rev=685699&r1=685698&r2=685699&view=diff
==
--- tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParser.jjt (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParser.jjt Wed Aug 13
15:12:05 2008
@@ -31,7 +31,7 @@
NODE_DEFAULT_VOID=true;
JAVA_UNICODE_ESCAPE=false;
UNICODE_INPUT=true;
- BUILD_NODE_FILES=false;
+ BUILD_NODE_FILES=true;
}
/* == Parser Declaration == */
@@ -274,19 +274,20 @@
*/
void Function() #Function :
{
- Token tx = null;
+ Token t0 = null;
+ Token t1 = null;
}
{
- (tx=) (Expression() ( Expression())*)?
+ (t0=)? t1=
{
- int split = tx.image.indexOf(":");
- if (split!=-1) {
- jjtThis.setPrefix(tx.image.substring(0, split));
- jjtThis.setLocalName(tx.image.substring(split + 1,
tx.image.length() - 1));
+ if (t0 != null) {
+ jjtThis.setPrefix(t0.image.substring(0,
t0.image.length() - 1));
+ jjtThis.setLocalName(t1.image);
} else {
- jjtThis.setLocalName(tx.image.substring(0,
tx.image.length() - 1));
+ jjtThis.setLocalName(t1.image);
}
}
+(Expression() ( Expression())*)?
}
/*
@@ -427,9 +428,7 @@
| < MOD0 : "%" >
| < MOD1 : "mod" >
| < IDENTIFIER : (|) (|)* >
-| < #NAMESPACE : ( ) >
-| < #NAMESPACE_NAME: ( (|||)*) >
-| < FUNCTION_CALL: ()? >
+| < NAMESPACE : ( (||)* ) >
| < FUNCTIONSUFFIX : () >
| < #IMPL_OBJ_START: "#" >
| < #LETTER:
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r685701 - /tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParser.jjt
Author: markt
Date: Wed Aug 13 15:14:33 2008
New Revision: 685701
URL: http://svn.apache.org/viewvc?rev=685701&view=rev
Log:
Better fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=42565
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParser.jjt
Modified: tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParser.jjt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParser.jjt?rev=685701&r1=685700&r2=685701&view=diff
==
--- tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParser.jjt (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParser.jjt Wed Aug 13
15:14:33 2008
@@ -255,7 +255,7 @@
void NonLiteral() : {}
{
Expression()
- | LOOKAHEAD(3) Function()
+ | LOOKAHEAD(( )? ) Function()
| Identifier()
}
@@ -278,7 +278,7 @@
Token t1 = null;
}
{
- (t0=)? t1=
+ (t0= )? t1=
{
if (t0 != null) {
jjtThis.setPrefix(t0.image.substring(0,
t0.image.length() - 1));
@@ -428,7 +428,6 @@
| < MOD0 : "%" >
| < MOD1 : "mod" >
| < IDENTIFIER : (|) (|)* >
-| < NAMESPACE : ( (||)* ) >
| < FUNCTIONSUFFIX : () >
| < #IMPL_OBJ_START: "#" >
| < #LETTER:
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r685708 - in /tomcat/tc6.0.x/trunk/java/org/apache/el/parser: ELParser.java ELParserConstants.java ELParserTokenManager.java
Author: markt
Date: Wed Aug 13 15:26:12 2008
New Revision: 685708
URL: http://svn.apache.org/viewvc?rev=685708&view=rev
Log:
Complete the new fix for 42565 by updated the auto-generated code.
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParser.java
tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParserConstants.java
tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParserTokenManager.java
Modified: tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParser.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParser.java?rev=685708&r1=685707&r2=685708&view=diff
==
--- tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParser.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/el/parser/ELParser.java Wed Aug 13
15:26:12 2008
@@ -963,7 +963,6 @@
case NULL:
case LPAREN:
case IDENTIFIER:
-case FUNCTION_CALL:
Value();
break;
default:
@@ -1033,7 +1032,6 @@
break;
case LPAREN:
case IDENTIFIER:
-case FUNCTION_CALL:
NonLiteral();
break;
default:
@@ -1131,7 +1129,7 @@
break;
default:
jj_la1[28] = jj_gen;
- if (jj_2_1(3)) {
+ if (jj_2_1(2147483647)) {
Function();
} else {
switch ((jj_ntk==-1)?jj_ntk():jj_ntk) {
@@ -1176,9 +1174,26 @@
/[EMAIL PROTECTED](jjtree) Function */
AstFunction jjtn000 = new AstFunction(JJTFUNCTION);
boolean jjtc000 = true;
-jjtree.openNodeScope(jjtn000);Token tx = null;
+jjtree.openNodeScope(jjtn000);Token t0 = null;
+Token t1 = null;
try {
- tx = jj_consume_token(FUNCTION_CALL);
+ switch ((jj_ntk==-1)?jj_ntk():jj_ntk) {
+ case IDENTIFIER:
+t0 = jj_consume_token(IDENTIFIER);
+jj_consume_token(COLON);
+break;
+ default:
+jj_la1[30] = jj_gen;
+;
+ }
+ t1 = jj_consume_token(IDENTIFIER);
+if (t0 != null) {
+jjtn000.setPrefix(t0.image.substring(0,
t0.image.length() - 1));
+jjtn000.setLocalName(t1.image);
+} else {
+jjtn000.setLocalName(t1.image);
+}
+ jj_consume_token(LPAREN);
switch ((jj_ntk==-1)?jj_ntk():jj_ntk) {
case INTEGER_LITERAL:
case FLOATING_POINT_LITERAL:
@@ -1192,7 +1207,6 @@
case EMPTY:
case MINUS:
case IDENTIFIER:
- case FUNCTION_CALL:
Expression();
label_10:
while (true) {
@@ -1201,7 +1215,7 @@
;
break;
default:
-jj_la1[30] = jj_gen;
+jj_la1[31] = jj_gen;
break label_10;
}
jj_consume_token(COMMA);
@@ -1209,19 +1223,10 @@
}
break;
default:
-jj_la1[31] = jj_gen;
+jj_la1[32] = jj_gen;
;
}
jj_consume_token(RPAREN);
- jjtree.closeNodeScope(jjtn000, true);
- jjtc000 = false;
-int split = tx.image.indexOf(":");
-if (split!=-1) {
-jjtn000.setPrefix(tx.image.substring(0, split));
-jjtn000.setLocalName(tx.image.substring(split + 1,
tx.image.length() - 1));
-} else {
-jjtn000.setLocalName(tx.image.substring(0,
tx.image.length() - 1));
-}
} catch (Throwable jjte000) {
if (jjtc000) {
jjtree.clearNodeScope(jjtn000);
@@ -1266,7 +1271,7 @@
Null();
break;
default:
- jj_la1[32] = jj_gen;
+ jj_la1[33] = jj_gen;
jj_consume_token(-1);
throw new ParseException();
}
@@ -1303,7 +1308,7 @@
}
break;
default:
- jj_la1[33] = jj_gen;
+ jj_la1[34] = jj_gen;
jj_consume_token(-1);
throw new ParseException();
}
@@ -1398,497 +1403,17 @@
}
final private boolean jj_3R_11() {
-if (jj_scan_token(FUNCTION_CALL)) return true;
-Token xsp;
-xsp = jj_scanpos;
-if (jj_3R_12()) jj_scanpos = xsp;
-if (jj_scan_token(RPAREN)) return true;
-return false;
- }
-
- final private boolean jj_3R_28() {
-if (jj_3R_34()) return true;
-Token xsp;
-while (true) {
- xsp = jj_scanpos;
- if (jj_3R_35()) { jj_scanpos = xsp; break; }
-}
-return false;
- }
-
- final private boolean jj_3R_37() {
-if (jj_scan_token(MINUS)) return true;
-return false;
- }
-
- final private boolean jj_3R_29() {
-Token xsp;
-xsp = jj_scanpos;
-if (jj_3R_36()) {
-jj_scanpos = xsp;
-if (jj_3R_37()) return true;
-}
-return false;
- }
-
- final private boolean jj_3R_36() {
-if (jj_scan_token(PLUS)) return true;
-return false;
- }
-
- final private boolean jj_3R_69() {
if (jj_scan_token(IDENTIFIER)) return true;
-return false;
- }
-
- f
svn commit: r685709 - in /tomcat/tc6.0.x/trunk: STATUS.txt webapps/docs/changelog.xml
Author: markt Date: Wed Aug 13 15:27:06 2008 New Revision: 685709 URL: http://svn.apache.org/viewvc?rev=685709&view=rev Log: Document the new fix for 42565 Modified: tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=685709&r1=685708&r2=685709&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Aug 13 15:27:06 2008 @@ -64,15 +64,6 @@ -1: remm (this error seems to be displayed by Class.newInstance() which should be ok to use; I am not ok with the idea of working around every error message from JDKs) -* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45511 - Revert fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=42565 - and implement alternative - http://svn.apache.org/viewvc?rev=681735&view=rev (revert) - http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/el/parser/ELParser.jjt?r1=681735&r2=681789 (new fix) - Note: Auto-generated files will also need to be updated - +1: markt, remm, funkman - -1: - * Fix issue where the first request for a deleted JSPs returns as if the JSP still exists. http://svn.apache.org/viewvc?view=rev&revision=683969 Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=685709&r1=685708&r2=685709&view=diff == --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Wed Aug 13 15:27:06 2008 @@ -41,6 +41,16 @@ + + + +45511: The failure of the empty keyword was a +regression caused by the previous fix for 42565. The original +fix for 42565 has been reverted and a new fix applied. +(markt) + + + - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r685712 - in /tomcat/tc6.0.x/trunk: ./ STATUS.txt java/org/apache/jk/server/JkMain.java webapps/docs/changelog.xml
Author: markt
Date: Wed Aug 13 15:35:33 2008
New Revision: 685712
URL: http://svn.apache.org/viewvc?rev=685712&view=rev
Log:
Fix 45591. NPE on start-up failure in some cases. Based on a patch by Matt
Passell
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/jk/server/JkMain.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc6.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Aug 13 15:35:33 2008
@@ -1 +1 @@
-/tomcat/trunk:673796,673820
+/tomcat/trunk:673796,673820,683982
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=685712&r1=685711&r2=685712&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Aug 13 15:35:33 2008
@@ -71,12 +71,6 @@
0: remm (looks risky, very minor problem)
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45591
- NPE on start-up failure in some cases. Based on a patch by Matt Passell
- http://svn.apache.org/viewvc?rev=683982&view=rev
- +1: markt, remm, funkman
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45585
Tomcat failed to start if using $CATALINA_BASE but not JULI. Patch based on a
suggestion by Ian Ward Comfort
Modified: tomcat/tc6.0.x/trunk/java/org/apache/jk/server/JkMain.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/jk/server/JkMain.java?rev=685712&r1=685711&r2=685712&view=diff
==
--- tomcat/tc6.0.x/trunk/java/org/apache/jk/server/JkMain.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/jk/server/JkMain.java Wed Aug 13
15:35:33 2008
@@ -676,9 +676,12 @@
}
public void pause() throws Exception {
-for( int i=0; ihttp://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=685712&r1=685711&r2=685712&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Wed Aug 13 15:35:33 2008
@@ -39,6 +39,14 @@
45453: Remove potential race condition in JDBC Realm.
Based on a patch by Santtu Hyrkk. (markt)
+
+
+
+
+
+45591: NPE on start-up failure in some cases. Based on a
+patch by Matt Passell. (markt)
+
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45591] NullPointerException during shutdown in JKMain.pause()
https://issues.apache.org/bugzilla/show_bug.cgi?id=45591 --- Comment #3 from Mark Thomas <[EMAIL PROTECTED]> 2008-08-13 15:35:47 PST --- This has been fixed in 6.0.x and will be included in 6.0.19 onwards. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r685715 - in /tomcat/tc6.0.x/trunk: ./ STATUS.txt bin/catalina.sh webapps/docs/changelog.xml
Author: markt Date: Wed Aug 13 15:40:06 2008 New Revision: 685715 URL: http://svn.apache.org/viewvc?rev=685715&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45585 Tomcat failed to start if using $CATALINA_BASE but not JULI. Patch based on a suggestion by Ian Ward Comfort Modified: tomcat/tc6.0.x/trunk/ (props changed) tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/bin/catalina.sh tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc6.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Wed Aug 13 15:40:06 2008 @@ -1 +1 @@ -/tomcat/trunk:673796,673820,683982 +/tomcat/trunk:673796,673820,683982,684001 Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=685715&r1=685714&r2=685715&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Aug 13 15:40:06 2008 @@ -71,13 +71,6 @@ 0: remm (looks risky, very minor problem) -1: -* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45585 - Tomcat failed to start if using $CATALINA_BASE but not JULI. Patch based on a - suggestion by Ian Ward Comfort - http://svn.apache.org/viewvc?rev=684001&view=rev - +1: markt, remm, funkman - -1: - * JAASMemoryLoginModule didn't conform to JAASRealm contract. This prevented any user from being assigned a role. http://svn.apache.org/viewvc?rev=684081&view=rev Modified: tomcat/tc6.0.x/trunk/bin/catalina.sh URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/bin/catalina.sh?rev=685715&r1=685714&r2=685715&view=diff == --- tomcat/tc6.0.x/trunk/bin/catalina.sh (original) +++ tomcat/tc6.0.x/trunk/bin/catalina.sh Wed Aug 13 15:40:06 2008 @@ -183,6 +183,9 @@ if [ -r "$CATALINA_BASE"/conf/logging.properties ]; then JAVA_OPTS="$JAVA_OPTS -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager" LOGGING_CONFIG="-Djava.util.logging.config.file=$CATALINA_BASE/conf/logging.properties" +else + # Bugzilla 45585 + LOGGING_CONFIG="-Dnop" fi # - Execute The Requested Command - @@ -225,7 +228,7 @@ if [ "$1" = "-security" ] ; then echo "Using Security Manager" shift - exec "$_RUNJDB" $JAVA_OPTS "$LOGGING_CONFIG" $CATALINA_OPTS \ + exec "$_RUNJDB" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ -sourcepath "$CATALINA_HOME"/../../java \ -Djava.security.manager \ @@ -235,7 +238,7 @@ -Djava.io.tmpdir="$CATALINA_TMPDIR" \ org.apache.catalina.startup.Bootstrap "$@" start else - exec "$_RUNJDB" $JAVA_OPTS "$LOGGING_CONFIG" $CATALINA_OPTS \ + exec "$_RUNJDB" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ -sourcepath "$CATALINA_HOME"/../../java \ -Dcatalina.base="$CATALINA_BASE" \ @@ -251,7 +254,7 @@ if [ "$1" = "-security" ] ; then echo "Using Security Manager" shift -exec "$_RUNJAVA" $JAVA_OPTS "$LOGGING_CONFIG" $CATALINA_OPTS \ +exec "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ -Djava.security.manager \ -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \ @@ -260,7 +263,7 @@ -Djava.io.tmpdir="$CATALINA_TMPDIR" \ org.apache.catalina.startup.Bootstrap "$@" start else -exec "$_RUNJAVA" $JAVA_OPTS "$LOGGING_CONFIG" $CATALINA_OPTS \ +exec "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ -Dcatalina.base="$CATALINA_BASE" \ -Dcatalina.home="$CATALINA_HOME" \ @@ -275,7 +278,7 @@ if [ "$1" = "-security" ] ; then echo "Using Security Manager" shift -"$_RUNJAVA" $JAVA_OPTS "$LOGGING_CONFIG" $CATALINA_OPTS \ +"$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ -Djava.security.manager \ -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \ @@ -289,7 +292,7 @@ echo $! > $CATALINA_PID fi else -"$_RUNJAVA" $JAVA_OPTS "$LOGGING_CONFIG" $CATALINA_OPTS \ +"$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ -Dcatalina.base="$CATALINA_BASE" \ -Dcatalina.home="$CATALINA_HOME" \ Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=685715&r1=685714&r
DO NOT REPLY [Bug 45511] EL "empty" keyword does not work
https://issues.apache.org/bugzilla/show_bug.cgi?id=45511 Mark Thomas <[EMAIL PROTECTED]> changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #3 from Mark Thomas <[EMAIL PROTECTED]> 2008-08-13 15:46:42 PST --- This fix has been applied to 6.0.x and will be included in 6.0.19 onwards. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 42565] jsp /expression language ternary expression without space before colon stopped working
https://issues.apache.org/bugzilla/show_bug.cgi?id=42565 Bug 42565 depends on bug 45511, which changed state. Bug 45511 Summary: EL "empty" keyword does not work https://issues.apache.org/bugzilla/show_bug.cgi?id=45511 What|Old Value |New Value Status|NEW |RESOLVED Resolution||FIXED -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r685718 - in /tomcat/tc6.0.x/trunk: ./ STATUS.txt java/org/apache/catalina/realm/JAASMemoryLoginModule.java webapps/docs/changelog.xml
Author: markt
Date: Wed Aug 13 15:47:09 2008
New Revision: 685718
URL: http://svn.apache.org/viewvc?rev=685718&view=rev
Log:
JAASMemoryLoginModule didn't conform to JAASRealm contract. This prevented any
user from being assigned a role.
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc6.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Aug 13 15:47:09 2008
@@ -1 +1 @@
-/tomcat/trunk:673796,673820,683982,684001
+/tomcat/trunk:673796,673820,683982,684001,684081
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=685718&r1=685717&r2=685718&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Aug 13 15:47:09 2008
@@ -71,12 +71,6 @@
0: remm (looks risky, very minor problem)
-1:
-* JAASMemoryLoginModule didn't conform to JAASRealm contract. This prevented
any
- user from being assigned a role.
- http://svn.apache.org/viewvc?rev=684081&view=rev
- +1: markt, remm, funkman
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45576
Add support for DIGEST to the JAASRealm
http://svn.apache.org/viewvc?rev=684234&view=rev
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java?rev=685718&r1=685717&r2=685718&view=diff
==
---
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
(original)
+++
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
Wed Aug 13 15:47:09 2008
@@ -194,8 +194,19 @@
return (false);
// Add our Principal to the Subject if needed
-if (!subject.getPrincipals().contains(principal))
+if (!subject.getPrincipals().contains(principal)) {
subject.getPrincipals().add(principal);
+// Add the roles as additional sudjucts as per the contract with
the
+// JAASRealm
+if (principal instanceof GenericPrincipal) {
+String roles[] = ((GenericPrincipal) principal).getRoles();
+for (int i = 0; i < roles.length; i++) {
+subject.getPrincipals().add(
+new GenericPrincipal(null, roles[i], null));
+}
+
+}
+}
committed = true;
return (true);
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=685718&r1=685717&r2=685718&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Wed Aug 13 15:47:09 2008
@@ -44,6 +44,9 @@
$CATALINA_BASE but not JULI. Patch based on a suggestion
by
Ian Ward Comfort. (markt)
+
+The JAAS Realm did not assign roles to authenticated users. (markt)
+
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45585] Tomcat doesn't start when JULI is not used (NoClassDefFoundError)
https://issues.apache.org/bugzilla/show_bug.cgi?id=45585 Mark Thomas <[EMAIL PROTECTED]> changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #3 from Mark Thomas <[EMAIL PROTECTED]> 2008-08-13 15:47:46 PST --- This has been applied to 6.0.x and will be included in 6.0.19 onwards. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45576] JAASRealm not working with DigestAuthenticator
https://issues.apache.org/bugzilla/show_bug.cgi?id=45576 Mark Thomas <[EMAIL PROTECTED]> changed: What|Removed |Added Component|Catalina|Catalina Product|Tomcat 6|Tomcat 5 Target Milestone|default |--- Version|6.0.16 |5.5.26 --- Comment #2 from Mark Thomas <[EMAIL PROTECTED]> 2008-08-13 15:50:59 PST --- This has been fixed in 6.0.x and will be included in 6.0.19 onwards. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r685720 - in /tomcat/tc6.0.x/trunk: ./ STATUS.txt java/org/apache/catalina/realm/JAASCallbackHandler.java java/org/apache/catalina/realm/JAASMemoryLoginModule.java java/org/apache/catalina
Author: markt
Date: Wed Aug 13 15:50:40 2008
New Revision: 685720
URL: http://svn.apache.org/viewvc?rev=685720&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45576
Add support for DIGEST to the JAASRealm
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASRealm.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc6.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Aug 13 15:50:40 2008
@@ -1 +1 @@
-/tomcat/trunk:673796,673820,683982,684001,684081
+/tomcat/trunk:673796,673820,683982,684001,684081,684234
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=685720&r1=685719&r2=685720&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Aug 13 15:50:40 2008
@@ -71,12 +71,6 @@
0: remm (looks risky, very minor problem)
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45576
- Add support for DIGEST to the JAASRealm
- http://svn.apache.org/viewvc?rev=684234&view=rev
- +1: markt, funkman, remm (the two people using digest could be interested)
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41407
Add support for CLIENT-CERT to the JASSRealm. Builds on DIGEST patch above.
http://svn.apache.org/viewvc?rev=684270&view=rev
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java?rev=685720&r1=685719&r2=685720&view=diff
==
---
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
(original)
+++
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
Wed Aug 13 15:50:40 2008
@@ -24,6 +24,7 @@
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.TextInputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.catalina.util.StringManager;
@@ -75,6 +76,33 @@
}
}
+
+/**
+ * Construct a callback handler for DIGEST authentication.
+ *
+ * @param realm Our associated JAASRealm instance
+ * @param username Username to be authenticated with
+ * @param password Password to be authenticated with
+ * @param nonce Server generated nonce
+ * @param ncNonce count
+ * @param cnonceClient generated nonce
+ * @param qop Quality of protection aplied to the message
+ * @param realmName Realm name
+ * @param md5a2 Second MD5 digest used to calculate the digest
+ * MD5(Method + ":" + uri)
+ */
+public JAASCallbackHandler(JAASRealm realm, String username,
+ String password, String nonce, String nc,
+ String cnonce, String qop, String realmName,
+ String md5a2) {
+this(realm, username, password);
+this.nonce = nonce;
+this.nc = nc;
+this.cnonce = cnonce;
+this.qop = qop;
+this.realmName = realmName;
+this.md5a2 = md5a2;
+}
// - Instance Variables
@@ -101,14 +129,46 @@
*/
protected String username = null;
+/**
+ * Server generated nonce.
+ */
+protected String nonce = null;
+
+/**
+ * Nonce count.
+ */
+protected String nc = null;
+
+/**
+ * Client generated nonce.
+ */
+protected String cnonce = null;
+
+/**
+ * Quality of protection aplied to the message.
+ */
+protected String qop;
+
+/**
+ * Realm name.
+ */
+protected String realmName;
+
+/**
+ * Second MD5 digest.
+ */
+protected String md5a2;
+
// - Public Methods
/**
* Retrieve the information requested in the provided
Callbacks.
- * This implementation only recognizes NameCallback and
- * PasswordCallback instances.
+ * This implementation only recognizes [EMAIL PROTECTED] NameCallback},
+ * [EMAIL PROTECTED] PasswordCallback} and [EMAIL PROTECTED]
TextInputCallback}.
+ * [EMAIL PROTECTED] TextInputCallback} is ued to pass the various
additional
+ * parameters
Exploiting Tomcat
This is a worthwhile post to read regarding path traversal attacks against tomcat. http://www.0x00.com/?i=630 -- Jim Manico, Senior Application Security Engineer [EMAIL PROTECTED] | [EMAIL PROTECTED] (301) 604-4882 (work) (808) 652-3805 (cell) Aspect Security™ Securing your applications at the source http://www.aspectsecurity.com --- Management, Developers, Security Professionals ... ... can only result in one thing. BETTER SECURITY. http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Sept 22nd-25th 2008 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 45618] Selector is not closed.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45618 --- Comment #2 from Hao Zhong <[EMAIL PROTECTED]> 2008-08-13 18:17:39 PST --- (In reply to comment #1) > Have you observed a memory leak associated with these objects? If so, in what > circumstances? Actually, I am a PhD student in Computer Science and I am conducting an experiment on automatically detecting bugs. As my approach detected the bug statically, I cannot provide in what circumstances it will cause memory leak. Still, I will be quite happy if my tool really finds some useful results for you. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Exploiting Tomcat
Jim Manico wrote: This is a worthwhile post to read regarding path traversal attacks against tomcat. http://www.0x00.com/?i=630 Worthwhile? To note the community frustration against Tomcat parsers? Must be what you meant since the author adds nothing. New information is always welcome. Primary sources for the win; http://outian.org/tomcat.pdf https://issues.apache.org/bugzilla/show_bug.cgi?id=45417 http://www.securityfocus.com/archive/1/495318/30/0/threaded - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r685751 - /tomcat/current/tc5.5.x/STATUS.txt
Author: fhanik Date: Wed Aug 13 19:53:41 2008 New Revision: 685751 URL: http://svn.apache.org/viewvc?rev=685751&view=rev Log: vote Modified: tomcat/current/tc5.5.x/STATUS.txt Modified: tomcat/current/tc5.5.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=685751&r1=685750&r2=685751&view=diff == --- tomcat/current/tc5.5.x/STATUS.txt (original) +++ tomcat/current/tc5.5.x/STATUS.txt Wed Aug 13 19:53:41 2008 @@ -46,7 +46,7 @@ http://svn.apache.org/viewvc?rev=651713&view=rev Tomcat doesn't start if installation path contains a space Patch provided by Ray Sauers - +1: markt, yoavs + +1: markt, yoavs, fhanik -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44021 @@ -103,7 +103,7 @@ These patches are Rainer's port https://issues.apache.org/bugzilla/attachment.cgi?id=21872 https://issues.apache.org/bugzilla/attachment.cgi?id=21873 - +1: rjung, markt + +1: rjung, markt, fhanik -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45591 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r685752 - in /tomcat: connectors/trunk/util/java/org/apache/tomcat/util/buf/ container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/ container/tc5.5.x/webapps/docs/ current/tc5
Author: fhanik
Date: Wed Aug 13 19:54:59 2008
New Revision: 685752
URL: http://svn.apache.org/viewvc?rev=685752&view=rev
Log:
fix 44494
Modified:
tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/B2CConverter.java
tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/CharChunk.java
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/InputBuffer.java
tomcat/container/tc5.5.x/webapps/docs/changelog.xml
tomcat/current/tc5.5.x/STATUS.txt
Modified:
tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/B2CConverter.java
URL:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/B2CConverter.java?rev=685752&r1=685751&r2=685752&view=diff
==
---
tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/B2CConverter.java
(original)
+++
tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/B2CConverter.java
Wed Aug 13 19:54:59 2008
@@ -82,17 +82,12 @@
{
// Set the ByteChunk as input to the Intermediate reader
iis.setByteChunk( bb );
-convert(cb, limit);
-}
-
-private void convert(CharChunk cb, int limit)
-throws IOException
-{
try {
// read from the reader
-int count = 0;
+int bbLengthBeforeRead = 0;
while( limit > 0 ) {
int size = limit < BUFFER_SIZE ? limit : BUFFER_SIZE;
+bbLengthBeforeRead = bb.getLength();
int cnt=conv.read( result, 0, size );
if( cnt <= 0 ) {
// End of stream ! - we may be in a bad state
@@ -106,7 +101,7 @@
// XXX go directly
cb.append( result, 0, cnt );
-limit -= cnt;
+limit = limit - (bbLengthBeforeRead - bb.getLength());
}
} catch( IOException ex) {
if( debug>0)
@@ -222,6 +217,14 @@
/** Reset the buffer
*/
public final void recycle() {
+try {
+// Must clear super's buffer.
+while (ready()) {
+// InputStreamReader#skip(long) will allocate buffer to skip.
+read();
+}
+} catch(IOException ioe){
+}
}
}
Modified:
tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/CharChunk.java
URL:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/CharChunk.java?rev=685752&r1=685751&r2=685752&view=diff
==
--- tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/CharChunk.java
(original)
+++ tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/CharChunk.java
Wed Aug 13 19:54:59 2008
@@ -478,7 +478,7 @@
tmp=new char[newSize];
}
-System.arraycopy(buff, start, tmp, start, end-start);
+System.arraycopy(buff, 0, tmp, 0, end);
buff = tmp;
tmp = null;
}
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/InputBuffer.java
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/InputBuffer.java?rev=685752&r1=685751&r2=685752&view=diff
==
---
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/InputBuffer.java
(original)
+++
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/InputBuffer.java
Wed Aug 13 19:54:59 2008
@@ -333,8 +333,11 @@
cb.setOffset(0);
cb.setEnd(0);
}
+int limit = bb.getLength()+cb.getStart();
+if ( cb.getLimit() < limit )
+cb.setLimit(limit);
state = CHAR_STATE;
-conv.convert(bb, cb, len);
+conv.convert(bb, cb, bb.getLength());
bb.setOffset(bb.getEnd());
return cb.getLength();
@@ -441,11 +444,7 @@
cb.setOffset(0);
}
}
-int offset = readAheadLimit;
-if (offset < size) {
-offset = size;
-}
-cb.setLimit(cb.getStart() + offset);
+cb.setLimit(cb.getStart() + readAheadLimit + size);
markPos = cb.getStart();
}
Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=685752&r1=685751&r2=685752&view=diff
==
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Wed Aug 13 19:54:59 2008
@@ -43,6 +43,9 @@
+44494: Backport from 6.0 (rjung)
+
+
Add additional checks for URI normalization. (rem
svn commit: r685756 - /tomcat/current/tc5.5.x/STATUS.txt
Author: fhanik Date: Wed Aug 13 20:08:48 2008 New Revision: 685756 URL: http://svn.apache.org/viewvc?rev=685756&view=rev Log: votes Modified: tomcat/current/tc5.5.x/STATUS.txt Modified: tomcat/current/tc5.5.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=685756&r1=685755&r2=685756&view=diff == --- tomcat/current/tc5.5.x/STATUS.txt (original) +++ tomcat/current/tc5.5.x/STATUS.txt Wed Aug 13 20:08:48 2008 @@ -54,7 +54,7 @@ Add support for # to signify multi-level contexts for directories and wars. http://svn.apache.org/viewvc?rev=653549&view=rev - +1: markt, yoavs + +1: markt, yoavs, fhanik -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42899 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r685757 - in /tomcat: container/tc5.5.x/catalina/src/share/org/apache/catalina/startup/ container/tc5.5.x/webapps/docs/ container/tc5.5.x/webapps/manager/WEB-INF/classes/org/apache/catalin
Author: fhanik
Date: Wed Aug 13 20:10:28 2008
New Revision: 685757
URL: http://svn.apache.org/viewvc?rev=685757&view=rev
Log:
apply patches
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/startup/ContextConfig.java
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/startup/HostConfig.java
tomcat/container/tc5.5.x/webapps/docs/changelog.xml
tomcat/container/tc5.5.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/HTMLManagerServlet.java
tomcat/container/tc5.5.x/webapps/manager/WEB-INF/classes/org/apache/catalina/manager/ManagerServlet.java
tomcat/current/tc5.5.x/STATUS.txt
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/startup/ContextConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/startup/ContextConfig.java?rev=685757&r1=685756&r2=685757&view=diff
==
---
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/startup/ContextConfig.java
(original)
+++
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/startup/ContextConfig.java
Wed Aug 13 20:10:28 2008
@@ -855,9 +855,13 @@
String contextPath = context.getPath();
if (contextPath.equals("")) {
contextPath = "ROOT";
+} else {
+if (contextPath.lastIndexOf('/') > 0) {
+contextPath = "/" + contextPath.substring(1).replace('/','#');
+}
}
if (docBase.toLowerCase().endsWith(".war") && !file.isDirectory() &&
unpackWARs) {
-URL war = new URL("jar:" + (new File(docBase)).toURL() + "!/");
+URL war = new URL("jar:" + (new File(docBase)).toURI().toURL() +
"!/");
docBase = ExpandWar.expand(host, war, contextPath);
file = new File(docBase);
docBase = file.getCanonicalPath();
@@ -870,7 +874,8 @@
File warFile = new File(docBase + ".war");
if (warFile.exists()) {
if (unpackWARs) {
-URL war = new URL("jar:" + warFile.toURL() + "!/");
+URL war =
+new URL("jar:" + warFile.toURI().toURL() + "!/");
docBase = ExpandWar.expand(host, war, contextPath);
file = new File(docBase);
docBase = file.getCanonicalPath();
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/startup/HostConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/startup/HostConfig.java?rev=685757&r1=685756&r2=685757&view=diff
==
---
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/startup/HostConfig.java
(original)
+++
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/startup/HostConfig.java
Wed Aug 13 20:10:28 2008
@@ -463,14 +463,14 @@
/**
- * Given a context path, get the config file name.
+ * Given a context path, get the docBase.
*/
protected String getDocBase(String path) {
String basename = null;
if (path.equals("")) {
basename = "ROOT";
} else {
-basename = path.substring(1);
+basename = path.substring(1).replace('/', '#');
}
return (basename);
}
@@ -503,7 +503,7 @@
File appBase = appBase();
File configBase = configBase();
String baseName = getConfigFile(name);
-String docBase = getConfigFile(name);
+String docBase = getDocBase(name);
// Deploy XML descriptors from configBase
File xml = new File(configBase, baseName + ".xml");
@@ -705,7 +705,7 @@
if (files[i].toLowerCase().endsWith(".war")) {
// Calculate the context path and make sure it is unique
-String contextPath = "/" + files[i];
+String contextPath = "/" + files[i].replace('#','/');
int period = contextPath.lastIndexOf(".");
if (period >= 0)
contextPath = contextPath.substring(0, period);
@@ -843,6 +843,7 @@
name = path;
}
}
+name = name.replace('/', '#');
File docBase = new File(name);
if (!docBase.isAbsolute()) {
docBase = new File(appBase(), name);
@@ -879,7 +880,7 @@
if (dir.isDirectory()) {
// Calculate the context path and make sure it is unique
-String contextPath = "/" + files[i];
+String contextPath = "/" + files[i].replace('#','/');
if (files[i].equals("ROOT"))
contextPath = "";
Re: Exploiting Tomcat
I can feel the love. Thanks for your constructive comment, William. - Jim Jim Manico wrote: This is a worthwhile post to read regarding path traversal attacks against tomcat. http://www.0x00.com/?i=630 Worthwhile? To note the community frustration against Tomcat parsers? Must be what you meant since the author adds nothing. New information is always welcome. Primary sources for the win; http://outian.org/tomcat.pdf https://issues.apache.org/bugzilla/show_bug.cgi?id=45417 http://www.securityfocus.com/archive/1/495318/30/0/threaded - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Jim Manico, Senior Application Security Engineer [EMAIL PROTECTED] | [EMAIL PROTECTED] (301) 604-4882 (work) (808) 652-3805 (cell) Aspect Security™ Securing your applications at the source http://www.aspectsecurity.com --- Management, Developers, Security Professionals ... ... can only result in one thing. BETTER SECURITY. http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Sept 22nd-25th 2008 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r685758 - /tomcat/current/tc5.5.x/STATUS.txt
Author: fhanik Date: Wed Aug 13 21:18:18 2008 New Revision: 685758 URL: http://svn.apache.org/viewvc?rev=685758&view=rev Log: votes Modified: tomcat/current/tc5.5.x/STATUS.txt Modified: tomcat/current/tc5.5.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=685758&r1=685757&r2=685758&view=diff == --- tomcat/current/tc5.5.x/STATUS.txt (original) +++ tomcat/current/tc5.5.x/STATUS.txt Wed Aug 13 21:18:18 2008 @@ -53,14 +53,14 @@ When saving config from admin app, correctly handle case where old config file does not exist. http://people.apache.org/~markt/patches/2008-05-10-bug42899.patch - +1: markt, yoavs + +1: markt, yoavs, fhanik -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45015 You can't use an unescaped quote if you quote the value with that character http://svn.apache.org/viewvc?rev=657231&view=rev http://svn.apache.org/viewvc?rev=670074&view=rev - +1: markt, yoavs + +1: markt, yoavs, fhanik -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45195 @@ -68,7 +68,7 @@ is a regression from 5.0.x Also avoid NPE on remove http://svn.apache.org/viewvc?rev=667604&view=rev http://svn.apache.org/viewvc?rev=668854&view=rev - +1: markt, yoavs + +1: markt, yoavs, fhanik -1: * Remove the JDK 1.3 references from SSL How To @@ -80,49 +80,52 @@ Correctly handle request lines that are exact multiples of 4096 in length. Patch provided by Will Pugh. http://svn.apache.org/viewvc?rev=677759&view=rev - +1: markt, yoavs + +1: markt, yoavs, fhanik -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45453 Add required sync to race condition Based on a patch by Santtu Hyrkk http://svn.apache.org/viewvc?rev=680725&view=rev - +1: markt, yoavs + +1: markt, yoavs, fhanik -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45591 NPE on start-up failure in some cases. Based on a patch by Matt Passell http://svn.apache.org/viewvc?rev=683982&view=rev - +1: markt + +1: markt, fhanik -1: * JAASMemoryLoginModule didn't confirm to JAASRealm contract. This prevented any user from being assigned a role. http://svn.apache.org/viewvc?rev=684081&view=rev - +1: markt + +1: markt, fhanik -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45585 Tomcat failed to start if using $CATALINA_BASE but not JULI. Patch based on a suggestion by Ian Ward Comfort http://svn.apache.org/viewvc?rev=684001&view=rev - +1: markt + +1: markt, fhanik -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45576 Add support for DIGEST to the JAASRealm http://svn.apache.org/viewvc?rev=684234&view=rev - +1: markt + +1: markt, fhanik -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41407 Add support for CLIENT-CERT to the JASSRealm. Builds on DIGEST patch above. https://issues.apache.org/bugzilla/show_bug.cgi?id=41407 - +1: markt + +1: markt, fhanik -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45528 Test the SSL socket for cert/cipher compatibility before returning it http://svn.apache.org/viewvc?rev=684559&view=rev +1: markt - -1: + -1: fhanik - this is a misconfigured keystore. Solution is to fix the keystore. + The SSL-HOW-TO in tomcat is talking about this. + There are a few cases, in this users case, the 'tomcat' alias is not present + The keystore in this case doesn't even contain a private key - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r684559 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
-1: this is a misconfigured keystore. Solution is to fix the keystore.
The SSL-HOW-TO in tomcat is talking about this.
There are a few cases, in this users case, the 'tomcat' alias is
not present
The keystore in this case doesn't even contain a private key
The bug report is invalid, the tomcat documentation talks how to get
around this
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
Infinite loop is bad, but if we need to validate the keystore, lets
validate the keystore, doing it in the accept() call is not the correct
solution.
not even if it is the main accept loop
Filip
[EMAIL PROTECTED] wrote:
Author: markt
Date: Sun Aug 10 10:24:51 2008
New Revision: 684559
URL: http://svn.apache.org/viewvc?rev=684559&view=rev
Log:
Fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=45528. Test the SSL
socket before returning it to make sure the specified certificate will work
with the specified ciphers.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=684559&r1=684558&r2=684559&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Sun Aug 10 10:24:51 2008
@@ -26,6 +26,7 @@
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
+import java.net.SocketTimeoutException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CRL;
@@ -692,7 +693,7 @@
* Configures the given SSL server socket with the requested cipher suites,
* protocol versions, and need for client authentication
*/
-private void initServerSocket(ServerSocket ssocket) {
+private void initServerSocket(ServerSocket ssocket) throws IOException {
SSLServerSocket socket = (SSLServerSocket) ssocket;
@@ -704,9 +705,48 @@
setEnabledProtocols(socket, getEnabledProtocols(socket,
requestedProtocols));
+// Check the SSL config is OK
+checkSocket(ssocket);
+
// we don't know if client auth is needed -
// after parsing the request we may re-handshake
configureClientAuth(socket);
}
+/**
+ * Checks that the cetificate is compatible with the enabled cipher suites.
+ * If we don't check now, the JIoEndpoint can enter a nasty logging loop.
+ * See bug 45528.
+ */
+private void checkSocket(ServerSocket socket) throws IOException {
+int timeout = socket.getSoTimeout();
+
+socket.setSoTimeout(1);
+Socket s = null;
+try {
+s = socket.accept();
+// No expecting to get here but if we do, at least we know things
+// are working.
+} catch (SSLException ssle) {
+// Cert doesn't match ciphers
+IOException ioe =
+new IOException("Certificate / cipher mismatch");
+ioe.initCause(ssle);
+throw ioe;
+} catch (SocketTimeoutException ste) {
+// Expected - do nothing
+} finally {
+// In case we actually got a connection - close it.
+if (s != null) {
+try {
+s.close();
+} catch (IOException ioe) {
+// Ignore
+}
+}
+// Reset the timeout
+socket.setSoTimeout(timeout);
+}
+
+}
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r684559 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
the check would be as simple as
boolean b = keystore.isKeyEntry(alias);
Filip
Filip Hanik - Dev Lists wrote:
-1: this is a misconfigured keystore. Solution is to fix the keystore.
The SSL-HOW-TO in tomcat is talking about this.
There are a few cases, in this users case, the 'tomcat' alias is
not present
The keystore in this case doesn't even contain a private key
The bug report is invalid, the tomcat documentation talks how to get
around this
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
Infinite loop is bad, but if we need to validate the keystore, lets
validate the keystore, doing it in the accept() call is not the
correct solution.
not even if it is the main accept loop
Filip
[EMAIL PROTECTED] wrote:
Author: markt
Date: Sun Aug 10 10:24:51 2008
New Revision: 684559
URL: http://svn.apache.org/viewvc?rev=684559&view=rev
Log:
Fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=45528.
Test the SSL socket before returning it to make sure the specified
certificate will work with the specified ciphers.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=684559&r1=684558&r2=684559&view=diff
==
---
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
(original)
+++
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Sun Aug 10 10:24:51 2008
@@ -26,6 +26,7 @@
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
+import java.net.SocketTimeoutException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CRL;
@@ -692,7 +693,7 @@
* Configures the given SSL server socket with the requested
cipher suites,
* protocol versions, and need for client authentication
*/
-private void initServerSocket(ServerSocket ssocket) {
+private void initServerSocket(ServerSocket ssocket) throws
IOException {
SSLServerSocket socket = (SSLServerSocket) ssocket;
@@ -704,9 +705,48 @@
setEnabledProtocols(socket, getEnabledProtocols(socket,
requestedProtocols));
+// Check the SSL config is OK
+checkSocket(ssocket);
+
// we don't know if client auth is needed -
// after parsing the request we may re-handshake
configureClientAuth(socket);
}
+/**
+ * Checks that the cetificate is compatible with the enabled
cipher suites.
+ * If we don't check now, the JIoEndpoint can enter a nasty
logging loop.
+ * See bug 45528.
+ */
+private void checkSocket(ServerSocket socket) throws IOException {
+int timeout = socket.getSoTimeout();
++socket.setSoTimeout(1);
+Socket s = null;
+try {
+s = socket.accept();
+// No expecting to get here but if we do, at least we
know things
+// are working.
+} catch (SSLException ssle) {
+// Cert doesn't match ciphers
+IOException ioe =
+new IOException("Certificate / cipher mismatch");
+ioe.initCause(ssle);
+throw ioe;
+} catch (SocketTimeoutException ste) {
+// Expected - do nothing
+} finally {
+// In case we actually got a connection - close it.
+if (s != null) {
+try {
+s.close();
+} catch (IOException ioe) {
+// Ignore
+}
+}
+// Reset the timeout
+socket.setSoTimeout(timeout);
+}
++}
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
svn commit: r685761 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: fhanik Date: Wed Aug 13 21:25:14 2008 New Revision: 685761 URL: http://svn.apache.org/viewvc?rev=685761&view=rev Log: vote Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=685761&r1=685760&r2=685761&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Aug 13 21:25:14 2008 @@ -87,6 +87,10 @@ -1: billbarker The patch is horrible, since it drops connections for no good reason, simply to protect against a totally brain-dead miss-configurations. If the check is moved into the main except loop, then I can go for -0. + -1: fhanik - the problem in the bug is obvious, the keystore doesn't contain any private keys + that can be checked very easily + http://www.exampledepot.com/egs/java.security/ListAliases.html + Furthermore SSL-HOWTO in Tomcat, mentions this problem * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45608 Prevent race condition for allocate/deallocate in StandardWrapper - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
5.5.27
How about cutting a release candidate on Monday, Aug 18th and if all is well, have a release towards end of next week? Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AJP and PHP
I have a project where our presentation layer is in PHP and the business logic is Servlet based.. The interface is JSON via a CURL call.. I was thinking that I could gain some efficiencies if I created a native AJP implementation as a PHP PECL module using memcache and mod_jk as templates and create a persistent connection pool. That way I can dump the curl call.. Looked all over to see if this has been done before, but came up empty... Any thoughts on this ?? Thanks John Gentilin
Re: AJP and PHP
Why scary, all I am trying to acheive is persistant connections to a servlet from PHP.. The same interface is used from Apache to a servlet, both in mod_jk and mod_proxy_ajp. It seems less clumsy and more efficient than implementing a curl call and this same persistant interface could also be used as a Web Service transport instead of JSON.. John Gentilin --- On Wed, 8/13/08, Jim Manico <[EMAIL PROTECTED]> wrote: From: Jim Manico <[EMAIL PROTECTED]> Subject: Re: AJP and PHP To: [EMAIL PROTECTED] Date: Wednesday, August 13, 2008, 10:35 PM scary man - this cries for a web service interface. - Jim > I have a project where our presentation layer is in PHP and the business logic is Servlet based.. The interface is JSON via a CURL call.. > > I was thinking that I could gain some efficiencies if I created a native AJP implementation as a PHP PECL module using memcache and mod_jk as templates and create a > persistent connection pool. That way I can dump the curl call.. > > Looked all over to see if this has been done before, but came up empty... > > Any thoughts on this ?? > > Thanks > John Gentilin > > > > > > > > -- Jim Manico, Senior Application Security Engineer [EMAIL PROTECTED] | [EMAIL PROTECTED] (301) 604-4882 (work) (808) 652-3805 (cell) Aspect Security™ Securing your applications at the source http://www.aspectsecurity.com --- Management, Developers, Security Professionals ... ... can only result in one thing. BETTER SECURITY. http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Sept 22nd-25th 2008
Re: AJP and PHP
Hey, I once looked for an AJP implementation for Java, and what I found was that there is only one implementation, and that is for Apache. >From here, it's not a very complex protocol. It's basically a "compressed" http implementation. The concepts are very similar, with GET/POST requests, Headers, body, etc. It won't be a quick one though, as it's very binary, and this would end up messy and buggy in PHP if not done properly (from personal experience I found that PHP tends to get very messy very quickly with these type of things). If I were you, I would rather make a PHP module that makes use of mod_proxy_ajp to do the requests. PHP modules are not difficult to write. The idea I'm talking of goes something like this. 1. Make a PHP module that exposes a function ajp_request($target_url, $method, $encoding, mixed $data) (or more than one for different call types, ex. form encoded post, raw post, get, etc.) 2. Then inside this function (on the module or "c" language level) you would hook into mod_proxy_ajp and do a request, returning a stream from which can be read. For raw posts you can even expose an output stream. This function would also return a resource handle, which can be used to set headers. Just figured I'd share this with you. This is definitely the route I would go. Especially since you'll benefit from the 3rd party implementation, which would result in your application effectively growing as their's grow (Their bug fixes become your bug fixes). And on top of this you already have a high-performance, mature AJP implementation to work from. If you do decide to implement this, you should definitely make it open source. I'm sure if you did PECL you would have. And I'm sure it would even become a standard PHP module, as it can be very useful, especially for web services (like you mentioned). Q On Thu, Aug 14, 2008 at 7:53 AM, John G <[EMAIL PROTECTED]> wrote: > Why scary, all I am trying to acheive is persistant connections to a servlet > from PHP.. > > The same interface is used from Apache to a servlet, both in mod_jk and > mod_proxy_ajp. > It seems less clumsy and more efficient than implementing a curl call and > this same > persistant interface could also be used as a Web Service transport instead of > JSON.. > > John Gentilin > > --- On Wed, 8/13/08, Jim Manico <[EMAIL PROTECTED]> wrote: > > From: Jim Manico <[EMAIL PROTECTED]> > Subject: Re: AJP and PHP > To: [EMAIL PROTECTED] > Date: Wednesday, August 13, 2008, 10:35 PM > > scary man - this cries for a web service interface. > > - Jim >> I have a project where our presentation layer is in PHP and the business > logic is Servlet based.. The interface is JSON via a CURL call.. >> >> I was thinking that I could gain some efficiencies if I created a native > AJP implementation as a PHP PECL module using memcache and mod_jk as templates > and create a >> persistent connection pool. That way I can dump the curl call.. >> >> Looked all over to see if this has been done before, but came up empty... >> >> Any thoughts on this ?? >> >> Thanks >> John Gentilin >> >> >> >> >> >> >> >> > > > -- > Jim Manico, Senior Application Security Engineer > [EMAIL PROTECTED] | [EMAIL PROTECTED] > (301) 604-4882 (work) > (808) 652-3805 (cell) > > Aspect Security™ > Securing your applications at the source > http://www.aspectsecurity.com > > --- > Management, Developers, Security Professionals ... > ... can only result in one thing. BETTER SECURITY. > http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference > Sept 22nd-25th 2008 > > > > > > -- Quintin Beukes - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
