DO NOT REPLY [Bug 46193] Potential Thread problem with SessionManager
https://issues.apache.org/bugzilla/show_bug.cgi?id=46193 Konstantin Kolinko changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Comment #1 from Konstantin Kolinko 2008-12-28 08:45:09 PST --- It is JDK issue, not Tomcat one. As said in the class summary ([1]) (and the JavaDoc serves as the official spec for the class), this class is designed to be a replacement for java.util.Hashtable. If the implementation does not behave, it is not Tomcat to blame. [1] http://java.sun.com/javase/6/docs/api/java/util/concurrent/ConcurrentHashMap.html The first stacktrace of yours is a ConcurentHashMap.values().toArray(T[]) call, the second one is ConcurentHashMap.remove(Object). The both ones are valid API calls. The second one is failing due to unpaired lock() / unlock() calls inside a segment of ConcurentHashMap. All those call pairs are internal to ConcurentHashMap implementation and do not span more that one API method call. The first one is specifically addressed in Sun JDK implementation of AbstractCollection.toArray(), see bug 5067025 [2] for the date when it was spotted and fixed. [2] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=5067025 I wonder, why you are still seeing such issues, as ConcurentHashMap class is available since JDK 5.0 and should have been well tested in practice since then. It might be there is something more subtle, specific to your CPU / libraries, or else it is a regression, and there are good chances that it is already fixed. You may try to solve the issue with your JDK vendor. > * However, iterators are > * designed to be used by only one thread at a time. It does not apply to your stack traces. There is a toArray() API call. Well, most if not all iterators are to be used by only one thread at a time. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r729688 - in /tomcat/trunk: build.xml res/maven/catalina.pom res/maven/jasper.pom res/maven/mvn-pub.xml
David Jencks wrote: > Since you are putting this in a separate jar, what would you think of > using a package name appropriate for the tomcat project, since these > classes are tomcat/jasper specific and not a product of apache as a whole? I think that would be a very good idea and I was thinking along those lines when I wrote this patch but I didn't want to mix the two ideas. I actually got to thinking about a major package renaming for Tomcat 7 - putting everything under org.apache.tomcat. I didn't finish that thought. I've got some time now - I'll put together a proposal and see what folks think. One obvious downside is custom code that interacts with or extends custom internals will need to change. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
URL Rewriting
URL Rewriting is consider to be a significant security risk (session ID's get exposed in browser history, bookmarks, proxy servers and other server-side application logs). I would like to propose that we create a patch for Tomcat that allows URL Rewriting to be completely disabled via configuration. Since this is a bit off the 2.5 spec, I think we might want to keep this turned on by default, with an option to disable. Several other Servlet 2.5 containers have implemented this idea some way. Anyone think this is a reasonable patch? How difficult do you think this will be, it so? Best Regards, Jim Manico - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46339] Recursive tag files with JspFragment attributes fails
https://issues.apache.org/bugzilla/show_bug.cgi?id=46339 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Comment #1 from Mark Thomas 2008-12-28 15:05:19 PST --- Thanks for the excellent test case. It made investigating this much, much easier. Unfortunately, the behaviour you are expecting appears to be in breach of the JSP spec. I say "appears" since the JSP spec itself isn't 100% clear. JSP.5.12.3 states that: "When a tag file invokes a fragment that appears in the calling page, the JSP container provides a way to synchronize variables between the local page scope in the tag file and the page scope of the calling page." What wasn't clear to me was how should this be interpreted for iterative and/or nested tags. Should the tag's local page scope be synchronised with the page scope of the page/tag that calls it (i.e. its immediate parent) or should it be synchronised with the outermost calling JSP page? Currently, Tomcat synchronises local page scope with the parent's page scope. Your test case requires that the local page scope is synchronised with the outermost calling JSP page. I modified Tomcat so your test would pass and ran the JSP Technology Compatibility Kit (TCK). The changes caused several failures. Further investigation showed that the TCK expects the local page scope to be synchronised only with the immediate parent. Based on experience, if there is an ambiguity in the specification language and the TCK requires a particular interpretation of the spec language then the TCK interpretation is the correct one. Therefore, I conclude that this bug in invalid since it attempts to do something in breach of the spec. To be sure, I will raise this with the EG in case the TCK is based on an incorrect interpretation. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46339] Recursive tag files with JspFragment attributes fails
https://issues.apache.org/bugzilla/show_bug.cgi?id=46339 --- Comment #2 from Mark Thomas 2008-12-28 15:16:20 PST --- Created an attachment (id=23055) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=23055) Patch used for testing I have attached the patch I used for testing. It enabled your test case to pass but it breaks Tomcat's spec compatibility. I have attached it in case you wish to apply it locally or if I need to return to it in light of the EG's response. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: URL Rewriting
Jim Manico wrote: > URL Rewriting is consider to be a significant security risk (session > ID's get exposed in browser history, bookmarks, proxy servers and other > server-side application logs). > > I would like to propose that we create a patch for Tomcat that allows > URL Rewriting to be completely disabled via configuration. Since this is > a bit off the 2.5 spec, I think we might want to keep this turned on by > default, with an option to disable. > > Several other Servlet 2.5 containers have implemented this idea some way. > > Anyone think this is a reasonable patch? Makes sense to me. > How difficult do you think this will be, it so? I haven't looked in great detail but it looks like a trivial change to o.a.c.connector.Response.toEncoded() would do the trick. Configuration should probably be on the context to be consistent with the cookies parameter. Mark > > Best Regards, > Jim Manico > > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r729809 - in /tomcat/trunk/java/org/apache/catalina/realm: JDBCRealm.java LocalStrings.properties
Author: markt
Date: Sun Dec 28 15:46:49 2008
New Revision: 729809
URL: http://svn.apache.org/viewvc?rev=729809&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46298
Throw an exception if the driver doesn't support the supplied URL
Based on a patch by Owen Jacobson
Modified:
tomcat/trunk/java/org/apache/catalina/realm/JDBCRealm.java
tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties
Modified: tomcat/trunk/java/org/apache/catalina/realm/JDBCRealm.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JDBCRealm.java?rev=729809&r1=729808&r2=729809&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/realm/JDBCRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JDBCRealm.java Sun Dec 28
15:46:49 2008
@@ -700,6 +700,10 @@
if (connectionPassword != null)
props.put("password", connectionPassword);
dbConnection = driver.connect(connectionURL, props);
+if (dbConnection == null) {
+throw new SQLException(sm.getString(
+"jdbcRealm.open.invalidurl",driverName, connectionURL));
+}
dbConnection.setAutoCommit(false);
return (dbConnection);
Modified: tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties?rev=729809&r1=729808&r2=729809&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties Sun Dec
28 15:46:49 2008
@@ -53,6 +53,7 @@
jdbcRealm.getPassword.exception=Exception retrieving password for "{0}"
jdbcRealm.getRoles.exception=Exception retrieving roles for "{0}"
jdbcRealm.open=Exception opening database connection
+jdbcRealm.open.invalidurl=Driver "{0}" does not support the url "{1}"
jndiRealm.authenticateFailure=Username {0} NOT successfully authenticated
jndiRealm.authenticateSuccess=Username {0} successfully authenticated
jndiRealm.close=Exception closing directory server connection
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46298] JDBCRealm.open() throws NullPointerException if the specified driver doesn't handle the specified JDBC URL
https://issues.apache.org/bugzilla/show_bug.cgi?id=46298 --- Comment #1 from Mark Thomas 2008-12-28 15:49:35 PST --- Thanks for the patch. I have applied a variation to trunk and will propose it for 6.0.x The changes I made were: - test dbConnection for null rather than driver (which is always non-null) - use the StringManager to provide i18n for the exception message -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r729810 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Sun Dec 28 15:49:39 2008 New Revision: 729810 URL: http://svn.apache.org/viewvc?rev=729810&view=rev Log: Propose fix for 46298 Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=729810&r1=729809&r2=729810&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Dec 28 15:49:39 2008 @@ -281,3 +281,11 @@ http://svn.apache.org/viewvc?rev=729681&view=rev +1: markt -1: + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46298 + Throw and SQLException with a useful message rather than a NPE if the URL for + the JDBCRealm is invalid. + Based on a patch by Owen Jacobson + http://svn.apache.org/viewvc?rev=729809&view=rev + +1: markt + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46262] Undeploying context with %2F in it does not work
https://issues.apache.org/bugzilla/show_bug.cgi?id=46262 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||DUPLICATE --- Comment #3 from Mark Thomas 2008-12-28 15:59:35 PST --- The fix for 46261 also addresses this bug so I am marking this as a duplicate. *** This bug has been marked as a duplicate of bug 46261 *** -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46261] Context with %2F in name causes tomcat crash on shutdown
https://issues.apache.org/bugzilla/show_bug.cgi?id=46261 --- Comment #5 from Mark Thomas 2008-12-28 15:59:35 PST --- *** Bug 46262 has been marked as a duplicate of this bug. *** -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r729812 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Sun Dec 28 16:03:10 2008 New Revision: 729812 URL: http://svn.apache.org/viewvc?rev=729812&view=rev Log: Propose fix for 46261 Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=729812&r1=729811&r2=729812&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Dec 28 16:03:10 2008 @@ -289,3 +289,10 @@ http://svn.apache.org/viewvc?rev=729809&view=rev +1: markt -1: + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46261 + %2F in a context path should be interpreted literally, not as /. That is what + # is for. + http://svn.apache.org/viewvc?rev=729571&view=rev + +1: markt + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46261] Context with %2F in name causes tomcat crash on shutdown
https://issues.apache.org/bugzilla/show_bug.cgi?id=46261 --- Comment #6 from Mark Thomas 2008-12-28 16:03:37 PST --- I couldn't break my fix in my testing so I have proposed the fix for 6.0.x -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46223] FairBlockingQueue throws ArrayIndexOutOfBoundsException
https://issues.apache.org/bugzilla/show_bug.cgi?id=46223 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #1 from Mark Thomas 2008-12-28 16:11:30 PST --- Thanks for the report. This has been fixed in trunk. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r729813 - /tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
Author: markt
Date: Sun Dec 28 16:11:28 2008
New Revision: 729813
URL: http://svn.apache.org/viewvc?rev=729813&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46223
Throw NoSuchElementException if next() is called on the Iterator when
hasNext()==false
Modified:
tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
Modified:
tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java?rev=729813&r1=729812&r2=729813&view=diff
==
---
tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
(original)
+++
tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
Sun Dec 28 16:11:28 2008
@@ -19,6 +19,7 @@
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
+import java.util.NoSuchElementException;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutionException;
@@ -428,6 +429,9 @@
}
public E next() {
+if (!hasNext()) {
+throw new NoSuchElementException();
+}
element = elements[index++];
return element;
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r729814 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Sun Dec 28 16:15:49 2008 New Revision: 729814 URL: http://svn.apache.org/viewvc?rev=729814&view=rev Log: Propose fix for 42707 Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=729814&r1=729813&r2=729814&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Dec 28 16:15:49 2008 @@ -296,3 +296,9 @@ http://svn.apache.org/viewvc?rev=729571&view=rev +1: markt -1: + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=42707 + Make adding a host alias via jmx take effect immediately + http://svn.apache.org/viewvc?rev=712467&view=rev + +1: markt + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 42707] add host alias using jmx doesn't take affect until restart
https://issues.apache.org/bugzilla/show_bug.cgi?id=42707 --- Comment #5 from Mark Thomas 2008-12-28 16:16:01 PST --- No-one commented so I have proposed the fix for 6.0.x -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r729815 - in /tomcat/trunk: java/org/apache/catalina/tribes/group/interceptors/SimpleCoordinator.java webapps/docs/config/cluster-interceptor.xml
Author: markt
Date: Sun Dec 28 16:30:00 2008
New Revision: 729815
URL: http://svn.apache.org/viewvc?rev=729815&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46223
Add a simple co-ordinator provided by Robert Newson
Added:
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/SimpleCoordinator.java
Modified:
tomcat/trunk/webapps/docs/config/cluster-interceptor.xml
Added:
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/SimpleCoordinator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/SimpleCoordinator.java?rev=729815&view=auto
==
---
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/SimpleCoordinator.java
(added)
+++
tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/SimpleCoordinator.java
Sun Dec 28 16:30:00 2008
@@ -0,0 +1,117 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ */
+package org.apache.catalina.tribes.group.interceptors;
+
+import static java.util.concurrent.TimeUnit.MILLISECONDS;
+
+import java.util.Arrays;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+import org.apache.catalina.tribes.ChannelException;
+import org.apache.catalina.tribes.Member;
+import org.apache.catalina.tribes.group.AbsoluteOrder;
+import org.apache.catalina.tribes.group.ChannelInterceptorBase;
+
+/**
+ * A dinky coordinator, just uses a sorted version of the member array.
+ *
+ * @author rnewson
+ *
+ */
+public class SimpleCoordinator extends ChannelInterceptorBase {
+
+private Member[] view;
+
+private AtomicBoolean membershipChanged = new AtomicBoolean();
+
+private void membershipChanged() {
+membershipChanged.set(true);
+}
+
+@Override
+public void memberAdded(final Member member) {
+super.memberAdded(member);
+membershipChanged();
+installViewWhenStable();
+}
+
+@Override
+public void memberDisappeared(final Member member) {
+super.memberDisappeared(member);
+membershipChanged();
+installViewWhenStable();
+}
+
+/**
+ * Override to receive view changes.
+ *
+ * @param view
+ */
+protected void viewChange(final Member[] view) {
+}
+
+@Override
+public void start(int svc) throws ChannelException {
+super.start(svc);
+installViewWhenStable();
+}
+
+private void installViewWhenStable() {
+int stableCount = 0;
+
+while (stableCount < 10) {
+if (membershipChanged.compareAndSet(true, false)) {
+stableCount = 0;
+} else {
+stableCount++;
+}
+try {
+MILLISECONDS.sleep(250);
+} catch (final InterruptedException e) {
+Thread.currentThread().interrupt();
+}
+}
+
+final Member[] members = getMembers();
+final Member[] view = Arrays.copyOf(members, members.length + 1);
+view[members.length] = getLocalMember(false);
+Arrays.sort(view, AbsoluteOrder.comp);
+if (Arrays.equals(view, this.view)) {
+return;
+}
+this.view = view;
+viewChange(view);
+}
+
+@Override
+public void stop(int svc) throws ChannelException {
+super.stop(svc);
+}
+
+public Member[] getView() {
+return view;
+}
+
+public Member getCoordinator() {
+return view == null ? null : view[0];
+}
+
+public boolean isCoordinator() {
+return view == null ? false : getLocalMember(false).equals(
+getCoordinator());
+}
+
+}
Modified: tomcat/trunk/webapps/docs/config/cluster-interceptor.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/cluster-interceptor.xml?rev=729815&r1=729814&r2=729815&view=diff
==
--- tomcat/trunk/webapps/docs/config/cluster-interceptor.xml (original)
+++ tomcat/trunk/webapps/docs/config/cluster-interceptor.xml Sun Dec 28
16:30:00 2008
@@ -46,6 +46,7 @@
org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor
svn commit: r729818 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Sun Dec 28 16:36:36 2008 New Revision: 729818 URL: http://svn.apache.org/viewvc?rev=729818&view=rev Log: Propose fix for 45261 Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=729818&r1=729817&r2=729818&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Dec 28 16:36:36 2008 @@ -302,3 +302,9 @@ http://svn.apache.org/viewvc?rev=712467&view=rev +1: markt -1: + +* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45261 + Add a new SimpleCoordinator for tribes provided by Robert Newson + http://svn.apache.org/viewvc?rev=729815&view=rev + +1: markt + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 46298] JDBCRealm.open() throws NullPointerException if the specified driver doesn't handle the specified JDBC URL
https://issues.apache.org/bugzilla/show_bug.cgi?id=46298 --- Comment #2 from Owen Jacobson 2008-12-28 17:06:48 PST --- Thanks for catching the typo in the patch! Clearly, I fat-finger a lot of things. I18n is also a nice touch. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r729825 - in /tomcat/tc6.0.x/trunk: STATUS.txt java/org/apache/coyote/http11/Http11Processor.java webapps/docs/changelog.xml
Author: billbarker
Date: Sun Dec 28 19:12:16 2008
New Revision: 729825
URL: http://svn.apache.org/viewvc?rev=729825&view=rev
Log:
Make certain that classes are first loaded by trusted code when working in a
sandbox.
Remove vetoed proposal
comment on proposal
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=729825&r1=729824&r2=729825&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Dec 28 19:12:16 2008
@@ -31,17 +31,6 @@
PATCHES PROPOSED TO BACKPORT:
[ New proposals should be added at the end of the list ]
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=36155
- Port the fix from the JK Connector to the AJP and APR Connectors
- http://svn.apache.org/viewvc?rev=672454&view=rev
- +1: billbarker
- -1: remm: No, this gets called all the time, and we're trying to fix a
small issue. The real
- solution would be to recycle the fields since as mentioned here
it is the cause of
- the problem (the "local" fields will often never change, but
there's no real
- guarantee overall - it mostly breaks down if there are multiple
connectors, with AJP,
- and seems impossible to anticipate):
- https://issues.apache.org/bugzilla/show_bug.cgi?id=36155#c17
-
* Fix issue where the first request for a deleted JSPs returns as if the JSP
still exists.
http://svn.apache.org/viewvc?view=rev&revision=683969
@@ -235,6 +224,9 @@
http://svn.apache.org/viewvc?rev=721708&view=rev
http://svn.apache.org/viewvc?rev=721886&view=rev
+1: markt, fhanik
+ 0: billbarker: Haven't tried to break it yet, but the 4th patch potentially
+ offers access to static fields in ELContextImpl and ELResolverImpl that
could
+ possibly be exploited by a malicious webapp.
-1:
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44285
@@ -257,12 +249,6 @@
+1: markt, fhanik
-1:
-* Make certain that classes are first loaded by trusted code
- when working in a sandbox.
- http://svn.apache.org/viewvc?rev=729206&view=rev
- +1: billbarker, fhanik, markt
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46357
Correct test for host's parent must be an engine
http://svn.apache.org/viewvc?rev=729567&view=rev
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java?rev=729825&r1=729824&r2=729825&view=diff
==
--- tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/Http11Processor.java Sun
Dec 28 19:12:16 2008
@@ -73,6 +73,8 @@
protected static StringManager sm =
StringManager.getManager(Constants.Package);
+protected static boolean isSecurityEnabled =
+ org.apache.coyote.Constants.IS_SECURITY_ENABLED;
// Constructor
@@ -1560,7 +1562,7 @@
// Add date header
String date = null;
-if (org.apache.coyote.Constants.IS_SECURITY_ENABLED){
+if (isSecurityEnabled){
date = (String)AccessController.doPrivileged(
new PrivilegedAction() {
public Object run(){
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=729825&r1=729824&r2=729825&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sun Dec 28 19:12:16 2008
@@ -242,6 +242,9 @@
46125: Return a status code of 400 if the request headers
are
too large. (markt)
+
+ Make certain that classes are first loaded by trusted code when working
in a sandbox. (billbarker)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Denis LULLIER/Paris est absent(e).
Je serai absent(e) du 29/12/2008 au 02/01/2009. Je répondrai à votre message dès mon retour. En cas d'urgence, vous pouvez contacter Christine Duhau JOUAN
Re: URL Rewriting
Great, Mark, I'll add this as a bug and take it on. - Jim > Jim Manico wrote: > >> URL Rewriting is consider to be a significant security risk (session >> ID's get exposed in browser history, bookmarks, proxy servers and other >> server-side application logs). >> >> I would like to propose that we create a patch for Tomcat that allows >> URL Rewriting to be completely disabled via configuration. Since this is >> a bit off the 2.5 spec, I think we might want to keep this turned on by >> default, with an option to disable. >> >> Several other Servlet 2.5 containers have implemented this idea some way. >> >> Anyone think this is a reasonable patch? >> > Makes sense to me. > > >> How difficult do you think this will be, it so? >> > I haven't looked in great detail but it looks like a trivial change to > o.a.c.connector.Response.toEncoded() would do the trick. Configuration > should probably be on the context to be consistent with the cookies > parameter. > > Mark > > >> Best Regards, >> Jim Manico >> >> >> >> - >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: dev-h...@tomcat.apache.org >> >> > > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Arrays.copyOf support?
Hi Filip or Mark, the Arrays.copyOf method are only support at java 6. Please change the following implementation at tomcat 6 trunk: compile: [javac] Compiling 182 source files to xxx/tomcat6currenttrunk/ output/classes [javac] xxx/tomcat6currenttrunk/java/org/apache/catalina/tribes/ group/interceptors/SimpleCoordinator.java:89: cannot find symbol [javac] symbol : method copyOf(org.apache.catalina.tribes.Member [],int) [javac] location: class java.util.Arrays [javac] final Member[] view = Arrays.copyOf(members, members.length + 1); [javac] ^ [javac] Note: Some input files use or override a deprecated API. [javac] Note: Recompile with -Xlint:deprecation for details. [javac] Note: Some input files use unchecked or unsafe operations. [javac] Note: Recompile with -Xlint:unchecked for details. [javac] 1 error Regards Peter
systemprop.xml and spaces
Hi Mark, Why some attributes at systemprop.xml has spaces? Regards Peter
Bug report for Tomcat 3 [2008/12/28]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | | 412|Ver|Nor|2001-01-08|JspC on Windows fails to handle includes in subdir| | 2350|Ver|Nor|2001-06-27|ServletConfig.getInitParameter() requires url-patt| | 6488|Ver|Maj|2002-02-15|Error: 304. Apparent bug in default ErrorHandler c| | 9737|Ver|Nor|2002-06-10|ArrayIndexOutOfBoundsException when sending just p| |44911|Ass|Nor|2008-04-30|Test again from Chirag| +-+---+---+--+--+ | Total5 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Watchdog [2008/12/28]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | | 278|Unc|Nor|2000-12-04|Bug in GetParameterValuesTestServlet.java file Bug| | 279|Unc|Nor|2000-12-04|Logical Error in GetParameterValuesTestServlet Bug| | 469|Unc|Nor|2001-01-17|in example-taglib.tld "urn" should be "uri" BugRat| | 470|Unc|Nor|2001-01-17|FAIL positiveForward.jsp and positiveInclude.jsp B| | 9634|New|Enh|2002-06-05|No tests exist for ServletContext.getResourcePaths| |10703|New|Enh|2002-07-11|Need to test getRequestURI after RequestDispatcher| |11336|New|Enh|2002-07-31|Test wrapped path methods with RD.foward()| |11663|New|Maj|2002-08-13|JSP precompile tests rely on Jasper specific behav| |11664|New|Maj|2002-08-13|A sweep is needed of all Watchdog 4.0 tag librarie| |11665|New|Maj|2002-08-13|ServletToJSPErrorPageTest and ServletToServletErro| |11666|New|Maj|2002-08-13|SetBufferSize_1TestServlet is invalid.| |14004|New|Maj|2002-10-28|Incorrent behaviour of all attribute-related lifec| |15504|New|Nor|2002-12-18|JSP positiveGetValues test relies on order preserv| |24649|New|Nor|2003-11-12|getRemoteHost fails when agent has uppercase chara| |29398|New|Nor|2004-06-04|Update site and note current status | +-+---+---+--+--+ | Total 15 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat 4 [2008/12/28]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | | 3839|Opn|Enh|2001-09-26|Problem bookmarking login page| | 4227|Opn|Enh|2001-10-17|Invalid CGI path | | 5329|New|Enh|2001-12-08|NT Service exits startup before Tomcat is finished| | 5795|New|Enh|2002-01-10|Catalina Shutdown relies on localhost causing prob| | 5829|New|Enh|2002-01-13|StandardManager needs to cope with sessions throwi| | 5985|New|Enh|2002-01-23|Tomcat should perform a more restrictive validatio| | 6600|Opn|Enh|2002-02-20|enodeURL adds 'jsession' when 'isRequestedSessionI| | 6614|New|Enh|2002-02-21|Have Bootstrap and StandardClassLoader use the sam| | 6671|New|Enh|2002-02-25|Simple custom tag example uses old declaration sty| | 7043|New|Enh|2002-03-12|database user and password for JDBC Based Store | | 7374|New|Enh|2002-03-22|Apache Tomcat/4.0.1 message on standard output| | 7676|New|Enh|2002-04-02|Allow name property to use match experssions in without className in server.xml produces N| |11129|New|Enh|2002-07-24|New valve for putting the sessionIDs in the reques| |11248|New|Enh|2002-07-29|DefaultServlet doesn't send expires header| |11754|Opn|Enh|2002-08-15|Synchronous shutdown script - shutdown.sh should w| |12069|New|Enh|2002-08-27|Creation of more HttpSession objects for one previ| |12428|Opn|Enh|2002-09-09|request.getUserPrincipal(): Misinterpretation of s| |12658|New|Enh|2002-09-15|a proxy host and port at the element level | |12766|New|Enh|2002-09-18|Tomcat should use tld files in /WEB-INF/ over vers| |13309|Opn|Enh|2002-10-04|Catalina calls System.exit() | |13634|New|Enh|2002-10-15|Allowing system properties to be substituted in co| |13689|Opn|Enh|2002-10-16|Classloader paths for 'Common' classes and librari| |13731|New|Enh|2002-10-17|Final request, response, session and other variabl| |13941|New|Enh|2002-10-24|reload is VERY slow | |13965|New|Enh|2002-10-25|Catalina.sh correction request for Tru64 Unix | |14097|New|Enh|2002-10-30|hardcoded registry value for vm lets tomcat servic| |14416|New|Enh|2002-11-10|blank tag name in TLD cause NullPointerException | |14635|New|Enh|2002-11-18|Should be possible not to have -MM-DD in log f| |14766|New|Enh|2002-11-22|Redirect Vavle| |14993|New|Enh|2002-12-02|Possible obselete synchronized declaration| |15115|New|Enh|2002-12-05|correct docs... XML parser *cannot* be overridden | |15417|Opn|Enh|2002-12-16|Add port for forced compilation of JSP pages | |15688|New|Enh|2002-12-27|full-qualified names instead of imports | |15941|New|Enh|2003-01-10|Expose rootCause exceptions at deeper levels | |16294|New|Enh|2003-01-21|Configurable URL Decoding.| |16357|New|Enh|2003-01-23|"connection timeout reached" | |16531|New|Enh|2003-01-29|Updating already deployed ".war" files in a single| |16579|New|Enh|2003-01-30|documentation page layout/style breaks wrapping to| |16596|New|Enh|2003-01-30|option for disabling log rotation | |17070|New|Enh|2003-02-14|The Catalina Ant tasks do not allow for 'reusable'| |17146|New|Enh|2003-02-18|Simplify build.xml using
Bug report for Tomcat 5 [2008/12/28]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |27122|Opn|Enh|2004-02-20|IE plugins cannot access components through Tomcat| |28039|Opn|Enh|2004-03-30|Cluster Support for SingleSignOn | |29160|Ver|Enh|2004-05-23|precompile problem: _jspx_meth_* (javax.servlet.js| |29494|Inf|Enh|2004-06-10|No way to set PATH when running as a service on Wi| |30241|Ver|Enh|2004-07-21|Enhance build script to use branch argument when c| |33262|Inf|Enh|2005-01-27|Service Manager autostart should check for adminis| |33453|Opn|Enh|2005-02-08|Jasper should recompile JSP files whose datestamps| |33650|Inf|Enh|2005-02-19|Jasper performance for multiple files processing | |33671|Opn|Enh|2005-02-21|Manual Windows service installation with custom na| |34801|New|Enh|2005-05-08|PATCH: CGIServlet does not terminate child after a| |34805|Ass|Enh|2005-05-08|warn about invalid security constraint url pattern| |34868|Ass|Enh|2005-05-11|allow to register a trust store for a session that| |35054|Inf|Enh|2005-05-25|warn if appBase is not existing as a File or direc| |36133|Inf|Enh|2005-08-10|Support JSS SSL implementation| |36362|New|Enh|2005-08-25|missing check for Java reserved keywords in tag fi| |36569|Inf|Enh|2005-09-09|Redirects produce illegal URL's | |36837|Inf|Enh|2005-09-28|Looking for ProxyHandler implementation of Http re| |36911|Opn|Min|2005-10-04|Make fails while building jsvc on mac os x, multip| |36922|Inf|Enh|2005-10-04|setup.sh file mis-advertised and missing | |36923|New|Nor|2005-10-05|Deactivated EL expressions are not parsed for jsp | |37018|Ass|Enh|2005-10-11|Document how to use tomcat-SSL with a pkcs11 token| |37084|Opn|Reg|2005-10-14|JspC from ant fails on JSPs that use custom taglib| |37334|Inf|Enh|2005-11-02|Realm digest property not aligned with the adminis| |37449|Opn|Enh|2005-11-10|Two UserDatabaseRealm break manager user | |37458|Opn|Nor|2005-11-10|Datarace on org.apache.catalina.loader.WebappClass| |37485|Inf|Enh|2005-11-14|I'd like to run init SQL after JDBC Connection cre| |37498|Inf|Nor|2005-11-14|[PATCH] NPE in org.apache.catalina.core.ContainerB| |37515|Inf|Nor|2005-11-15|smap not generated by JspC when used from Ant for | |37627|Opn|Nor|2005-11-24|Slow and incomplete dynamic content generation aft| |37785|Inf|Nor|2005-12-05|Changing startup type via Tomcat Monitor does not | |37794|Opn|Nor|2005-12-05|getParameter() fails on POST with transfer-encodin| |37797|Inf|Maj|2005-12-05|Configure Tomcat utility truncates classpath to 96| |37847|Ass|Enh|2005-12-09|Allow User To Optionally Specify Catalina Output F| |37869|Opn|Nor|2005-12-12|Cannot obtain client certificate with SSL / client| |37918|Inf|Nor|2005-12-15|EL cannot find valid getter from object when using| |37984|New|Nor|2005-12-21|JNDIRealm.java not able to handle MD5 password| |38046|Ass|Reg|2005-12-27|apache-tomcat-5.5.14-deployer doesn't work (Illega| |38197|Opn|Maj|2006-01-09|taglib pool bug when tag is used with jsp:attribut| |38216|Inf|Enh|2006-01-10|Extend Jmxproxy to allow call of MBean Operations | |38217|Ver|Enh|2006-01-10|mention that private key password and keystore pas| |38268|Inf|Enh|2006-01-13|User friendly: Need submit button on adding/deleti| |38352|Inf|Nor|2006-01-22|Additional Entries for Default catalina.policy fil| |38360|Inf|Enh|2006-01-24|Domain for session cookies| |38427|Inf|Nor|2006-01-27|ServletContextListener Notified Multiple Times Whe| |38483|New|Nor|2006-02-01|access log valve uses simpledateformat in tread-un| |38484|New|Min|2006-02-01|webapps Admin: Invalid path /login was requested | |38516|Inf|Nor|2006-02-05|Configuration Manager loses "Log On" settings | |38546|Inf|Enh|2006-02-07|Google bot sends invalid If-Modifed-Since Header, | |38553|Inf|Nor|2006-02-07|Wrong HTTP code for failed CLIENT-CERT authenticat| |38570|Inf|Nor|2006-02-08|if docBase path contains "webapps", a backslash is| |38577|Inf|Enh|2006-02-08|Enhance logging of security failures | |38630|
