Re: [VOTE] Releasing Tomcat Connectors 1.2.28
Apache Tomcat Connectors 1.2.28 is: [X] Stable - no major issues, no regressions [ ] Beta - at least one significant issue -- tell us what it is [ ] Alpha - multiple significant issues -- tell us what they are Regards -- ^(TM) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r757148 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: mturk Date: Sun Mar 22 09:01:07 2009 New Revision: 757148 URL: http://svn.apache.org/viewvc?rev=757148&view=rev Log: Cast REMOTE_PORT env var vote Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=757148&r1=757147&r2=757148&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Mar 22 09:01:07 2009 @@ -119,5 +119,5 @@ attributes, we use generic attributes mechanism to forward the remote port. Backport of http://svn.apache.org/viewvc?rev=756926&view=rev - +1: rjung, pero + +1: rjung, pero, mturk -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r757149 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: mturk Date: Sun Mar 22 09:05:56 2009 New Revision: 757149 URL: http://svn.apache.org/viewvc?rev=757149&view=rev Log: Add a note for a REMOTE_PORT env var vote Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=757149&r1=757148&r2=757149&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Mar 22 09:05:56 2009 @@ -120,4 +120,7 @@ the remote port. Backport of http://svn.apache.org/viewvc?rev=756926&view=rev +1: rjung, pero, mturk + mturk: Perhaps we should consider prefixing all those private + variables with AJP_ so that is clear this is AJP protocol + extension environment variable. -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: mod_jk: getRemotePort returns -1 (issue 41263)
Rainer Jung wrote: On 21.03.2009 14:12, Mladen Turk wrote: I should read the entire logic before posting. I missed it's an env var. Sorry for the noise ;) No problem at all. Better safe than sorry. I just committed a change to TC trunk and backport proposals to pick up the REMOTE_PORT env var for request.getRemotePort(). So we might think about forwarding REMOTE_PORT by default in JK 1.2.29. See the note I added to 6.0 STATUS. IMO we should prefix all those env vars either with AJP_ or like you did already for some with JK_ Now, JK_ is fine, but the AJP_ is more intuitive because it can be reused by mod_proxy_ajp as well. Not sure, but those vars on Tomcat side should be removed when processed so that they don't end up in req attributes since they are protocol private, and if the AJP protocol would support this they would never be visible. Regards -- ^(TM) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r757202 - in /tomcat: container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/ container/tc5.5.x/webapps/docs/ current/tc5.5.x/
Author: markt
Date: Sun Mar 22 15:35:56 2009
New Revision: 757202
URL: http://svn.apache.org/viewvc?rev=757202&view=rev
Log:
Fix bug https://issues.apache.org/bugzilla/show_bug.cgi?id=45576
Get the JAASRealm working with DIGEST authentication.
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASCallbackHandler.java
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASMemoryLoginModule.java
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASRealm.java
tomcat/container/tc5.5.x/webapps/docs/changelog.xml
tomcat/current/tc5.5.x/STATUS.txt
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASCallbackHandler.java
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASCallbackHandler.java?rev=757202&r1=757201&r2=757202&view=diff
==
---
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASCallbackHandler.java
(original)
+++
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASCallbackHandler.java
Sun Mar 22 15:35:56 2009
@@ -24,6 +24,7 @@
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.TextInputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.catalina.util.StringManager;
@@ -78,6 +79,33 @@
}
}
+
+/**
+ * Construct a callback handler for DIGEST authentication.
+ *
+ * @param realm Our associated JAASRealm instance
+ * @param username Username to be authenticated with
+ * @param password Password to be authenticated with
+ * @param nonce Server generated nonce
+ * @param ncNonce count
+ * @param cnonceClient generated nonce
+ * @param qop Quality of protection aplied to the message
+ * @param realmName Realm name
+ * @param md5a2 Second MD5 digest used to calculate the digest
+ * MD5(Method + ":" + uri)
+ */
+public JAASCallbackHandler(JAASRealm realm, String username,
+ String password, String nonce, String nc,
+ String cnonce, String qop, String realmName,
+ String md5a2) {
+this(realm, username, password);
+this.nonce = nonce;
+this.nc = nc;
+this.cnonce = cnonce;
+this.qop = qop;
+this.realmName = realmName;
+this.md5a2 = md5a2;
+}
// - Instance Variables
@@ -104,14 +132,46 @@
*/
protected String username = null;
+/**
+ * Server generated nonce.
+ */
+protected String nonce = null;
+
+/**
+ * Nonce count.
+ */
+protected String nc = null;
+
+/**
+ * Client generated nonce.
+ */
+protected String cnonce = null;
+
+/**
+ * Quality of protection aplied to the message.
+ */
+protected String qop;
+
+/**
+ * Realm name.
+ */
+protected String realmName;
+
+/**
+ * Second MD5 digest.
+ */
+protected String md5a2;
+
// - Public Methods
/**
* Retrieve the information requested in the provided
Callbacks.
- * This implementation only recognizes NameCallback and
- * PasswordCallback instances.
+ * This implementation only recognizes {...@link NameCallback},
+ * {...@link PasswordCallback} and {...@link TextInputCallback}.
+ * {...@link TextInputCallback} is ued to pass the various additional
+ * parameters required for DIGEST authentication.
*
* @param callbacks The set of Callbacks to be processed
*
@@ -137,6 +197,23 @@
}
((PasswordCallback) callbacks[i]).setPassword
(passwordcontents);
+} else if (callbacks[i] instanceof TextInputCallback) {
+TextInputCallback cb = ((TextInputCallback) callbacks[i]);
+if (cb.getPrompt().equals("nonce")) {
+cb.setText(nonce);
+} else if (cb.getPrompt().equals("nc")) {
+cb.setText(nc);
+} else if (cb.getPrompt().equals("cnonce")) {
+cb.setText(cnonce);
+} else if (cb.getPrompt().equals("qop")) {
+cb.setText(qop);
+} else if (cb.getPrompt().equals("realmName")) {
+cb.setText(realmName);
+} else if (cb.getPrompt().equals("md5a2")) {
+cb.setText(md5a2);
+} else {
+throw new UnsupportedCallbackE
DO NOT REPLY [Bug 45576] JAASRealm not working with DigestAuthenticator
https://issues.apache.org/bugzilla/show_bug.cgi?id=45576 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #3 from Mark Thomas 2009-03-22 08:36:05 PST --- This has been fixed in 5.5.x and will be included in 5.5.28 onwards. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r757208 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: pero Date: Sun Mar 22 16:29:10 2009 New Revision: 757208 URL: http://svn.apache.org/viewvc?rev=757208&view=rev Log: Comment my vote Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=757208&r1=757207&r2=757208&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Mar 22 16:29:10 2009 @@ -123,4 +123,6 @@ mturk: Perhaps we should consider prefixing all those private variables with AJP_ so that is clear this is AJP protocol extension environment variable. + pero: But REMOTE_PORT is a existing apache httpd env var! +1 for prefixing. +What we can do at mod_jk/IIS? -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Releasing Tomcat Connectors 1.2.28
Good job :-) Apache Tomcat Connectors 1.2.28 is: [X] Stable - no major issues, no regressions [ ] Beta - at least one significant issue -- tell us what it is [ ] Alpha - multiple significant issues -- tell us what they are Peter - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r757217 - /tomcat/servletapi/branches/servlet2.3-jsp1.2-tc4.x/src/share/dtd/web-app_2_3.dtd.backup
Author: markt Date: Sun Mar 22 17:02:04 2009 New Revision: 757217 URL: http://svn.apache.org/viewvc?rev=757217&view=rev Log: Remove backup file from repo Removed: tomcat/servletapi/branches/servlet2.3-jsp1.2-tc4.x/src/share/dtd/web-app_2_3.dtd.backup - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r757218 - in /tomcat: container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/ container/tc5.5.x/webapps/docs/ current/tc5.5.x/
Author: markt
Date: Sun Mar 22 17:03:22 2009
New Revision: 757218
URL: http://svn.apache.org/viewvc?rev=757218&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=41407
Add support for CLIENT-CERT authentication to JAAS realm.
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASCallbackHandler.java
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASMemoryLoginModule.java
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASRealm.java
tomcat/container/tc5.5.x/webapps/docs/changelog.xml
tomcat/current/tc5.5.x/STATUS.txt
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASCallbackHandler.java
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASCallbackHandler.java?rev=757218&r1=757217&r2=757218&view=diff
==
---
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASCallbackHandler.java
(original)
+++
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASCallbackHandler.java
Sun Mar 22 17:03:22 2009
@@ -83,21 +83,22 @@
/**
* Construct a callback handler for DIGEST authentication.
*
- * @param realm Our associated JAASRealm instance
- * @param username Username to be authenticated with
- * @param password Password to be authenticated with
- * @param nonce Server generated nonce
- * @param ncNonce count
- * @param cnonceClient generated nonce
- * @param qop Quality of protection aplied to the message
- * @param realmName Realm name
- * @param md5a2 Second MD5 digest used to calculate the digest
+ * @param realm Our associated JAASRealm instance
+ * @param username Username to be authenticated with
+ * @param password Password to be authenticated with
+ * @param nonce Server generated nonce
+ * @param ncNonce count
+ * @param cnonceClient generated nonce
+ * @param qop Quality of protection aplied to the message
+ * @param realmName Realm name
+ * @param md5a2 Second MD5 digest used to calculate the digest
* MD5(Method + ":" + uri)
+ * @param authMethodThe authentication mehtod in use
*/
public JAASCallbackHandler(JAASRealm realm, String username,
String password, String nonce, String nc,
String cnonce, String qop, String realmName,
- String md5a2) {
+ String md5a2, String authMethod) {
this(realm, username, password);
this.nonce = nonce;
this.nc = nc;
@@ -105,6 +106,7 @@
this.qop = qop;
this.realmName = realmName;
this.md5a2 = md5a2;
+this.authMethod = authMethod;
}
// - Instance Variables
@@ -126,7 +128,6 @@
*/
protected JAASRealm realm = null;
-
/**
* The username to be authenticated with.
*/
@@ -162,6 +163,10 @@
*/
protected String md5a2;
+/**
+ * The authentication methdod to be used. If null, assume BASIC/FORM.
+ */
+protected String authMethod;
// - Public Methods
@@ -211,6 +216,8 @@
cb.setText(realmName);
} else if (cb.getPrompt().equals("md5a2")) {
cb.setText(md5a2);
+} else if (cb.getPrompt().equals("authMethod")) {
+cb.setText(authMethod);
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASMemoryLoginModule.java
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASMemoryLoginModule.java?rev=757218&r1=757217&r2=757218&view=diff
==
---
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASMemoryLoginModule.java
(original)
+++
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JAASMemoryLoginModule.java
Sun Mar 22 17:03:22 2009
@@ -39,6 +39,7 @@
import org.apache.catalina.Context;
import org.apache.catalina.Realm;
+import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.connector.Request;
import org.apache.catalina.deploy.SecurityConstraint;
import org.apache.catalina.util.RequestUtil;
@@ -309,7 +310,7 @@
// Set up our CallbackHandler requests
if (callbackHandler == null)
throw new LoginException("No Callback
DO NOT REPLY [Bug 41407] CLIENT-CERT Authentication with JAASRealm not working
https://issues.apache.org/bugzilla/show_bug.cgi?id=41407 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #4 from Mark Thomas 2009-03-22 10:03:44 PST --- This has been fixed in 5.5.x and will be included in 5.5.28 onwards. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r757219 - in /tomcat: container/tc5.5.x/webapps/docs/changelog.xml current/tc5.5.x/STATUS.txt jasper/tc5.5.x/src/share/org/apache/jasper/runtime/JspContextWrapper.java
Author: markt
Date: Sun Mar 22 17:08:41 2009
New Revision: 757219
URL: http://svn.apache.org/viewvc?rev=757219&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45666
Patch provided by Tom Wadzinski
Modified:
tomcat/container/tc5.5.x/webapps/docs/changelog.xml
tomcat/current/tc5.5.x/STATUS.txt
tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/runtime/JspContextWrapper.java
Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=757219&r1=757218&r2=757219&view=diff
==
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Sun Mar 22 17:08:41 2009
@@ -44,7 +44,15 @@
-
+
+
+
+45666: Fix infinite loop on include. Patch provided by Tom
+Wadzinski. (markt)
+
+
+
+
Fix CVE-2009-0781. XSS in calendar example. (markt)
Modified: tomcat/current/tc5.5.x/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=757219&r1=757218&r2=757219&view=diff
==
--- tomcat/current/tc5.5.x/STATUS.txt (original)
+++ tomcat/current/tc5.5.x/STATUS.txt Sun Mar 22 17:08:41 2009
@@ -38,12 +38,6 @@
+1: markt, rjung
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45666
- Prevent infinite loop on include
- http://svn.apache.org/viewvc?rev=690781&view=rev
- +1: markt, rjung, mturk
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=45628
http://svn.apache.org/viewvc?rev=691282&view=rev
JARs without deps should always be fulfilled
Modified:
tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/runtime/JspContextWrapper.java
URL:
http://svn.apache.org/viewvc/tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/runtime/JspContextWrapper.java?rev=757219&r1=757218&r2=757219&view=diff
==
---
tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/runtime/JspContextWrapper.java
(original)
+++
tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/runtime/JspContextWrapper.java
Sun Mar 22 17:08:41 2009
@@ -284,9 +284,9 @@
invokingJspCtxt.include(relativeUrlPath);
}
-public void include(String relativeUrlPath, boolean flush)
- throws ServletException, IOException {
- include(relativeUrlPath, false); // XXX
+public void include(String relativeUrlPath, boolean flush)
+throws ServletException, IOException {
+invokingJspCtxt.include(relativeUrlPath, false);
}
public VariableResolver getVariableResolver() {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 45666] JspContextWrapper contains infinite loop in include(String relativeUrlPath, boolean flush)
https://issues.apache.org/bugzilla/show_bug.cgi?id=45666 Mark Thomas changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution||FIXED --- Comment #6 from Mark Thomas 2009-03-22 10:08:57 PST --- This has been fixed in 5.5.x and will be included in 5.5.28 onwards. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: mod_jk: getRemotePort returns -1 (issue 41263)
Hi Mladen, On 22.03.2009 10:19, Mladen Turk wrote: Rainer Jung wrote: On 21.03.2009 14:12, Mladen Turk wrote: I just committed a change to TC trunk and backport proposals to pick up the REMOTE_PORT env var for request.getRemotePort(). So we might think about forwarding REMOTE_PORT by default in JK 1.2.29. See the note I added to 6.0 STATUS. IMO we should prefix all those env vars either with AJP_ or like you did already for some with JK_ Now, JK_ is fine, but the AJP_ is more intuitive because it can be reused by mod_proxy_ajp as well. Not sure, but those vars on Tomcat side should be removed when processed so that they don't end up in req attributes since they are protocol private, and if the AJP protocol would support this they would never be visible. You are right. We can use a private request attribute name like AJP_REMOTE_PORT. What would the value of the attribute be? It would be the port directly taken from the web server connection object (Apache and as far as possible also IIS). For Apache we would also provide a default environment variable JK_REMOTE_PORT which allows the web server admin to overwrite the port and a directive JkRemotePortIndicator to choose a different environment to look up for an overwrite (like setting JkRemoteIndicator to REMOTE_PORT). This part would be exactly the same as we allow to handle it for all other metadata since 1.2.28. Good point. I will correct the trunk patch for Tomcat and the backport proposals. Let's see, what others say. Regards, Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r757223 - in /tomcat/trunk/java/org/apache: coyote/ajp/AjpAprProcessor.java coyote/ajp/AjpProcessor.java coyote/ajp/Constants.java jk/common/AjpConstants.java jk/common/HandlerRequest.java
Author: rjung
Date: Sun Mar 22 17:55:35 2009
New Revision: 757223
URL: http://svn.apache.org/viewvc?rev=757223&view=rev
Log:
Followup to r756926 (forward remote port via AJP13).
- Use a more private attribute name and
define it in the Constants class.
- Do not set the attribute on the request,
only use it for the remote port.
Modified:
tomcat/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java
tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java
tomcat/trunk/java/org/apache/coyote/ajp/Constants.java
tomcat/trunk/java/org/apache/jk/common/AjpConstants.java
tomcat/trunk/java/org/apache/jk/common/HandlerRequest.java
Modified: tomcat/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java?rev=757223&r1=757222&r2=757223&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java (original)
+++ tomcat/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java Sun Mar 22
17:55:35 2009
@@ -715,18 +715,20 @@
String n = tmpMB.toString();
requestHeaderMessage.getBytes(tmpMB);
String v = tmpMB.toString();
-request.setAttribute(n, v);
/*
* AJP13 misses to forward the remotePort.
- * Apache automatically sets REMOTE_PORT to the remote port.
- * Allow the user to set "JkEnvVar REMOTE_PORT" and
- * let us accept the forwarded port as the remote port.
+ * Allow the AJP connector to add this info via
+ * a private request attribute.
+ * We will accept the forwarded data as the remote port,
+ * and remove it from the public list of request attributes.
*/
-if(n.equals("REMOTE_PORT")) {
+if(n.equals(Constants.SC_A_REQ_REMOTE_PORT)) {
try {
request.setRemotePort(Integer.parseInt(v));
} catch (NumberFormatException nfe) {
}
+} else {
+request.setAttribute(n, v);
}
break;
Modified: tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java?rev=757223&r1=757222&r2=757223&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java (original)
+++ tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java Sun Mar 22
17:55:35 2009
@@ -721,18 +721,20 @@
String n = tmpMB.toString();
requestHeaderMessage.getBytes(tmpMB);
String v = tmpMB.toString();
-request.setAttribute(n, v);
/*
* AJP13 misses to forward the remotePort.
- * Apache automatically sets REMOTE_PORT to the remote port.
- * Allow the user to set "JkEnvVar REMOTE_PORT" and
- * let us accept the forwarded port as the remote port.
+ * Allow the AJP connector to add this info via
+ * a private request attribute.
+ * We will accept the forwarded data as the remote port,
+ * and remove it from the public list of request attributes.
*/
-if(n.equals("REMOTE_PORT")) {
+if(n.equals(Constants.SC_A_REQ_REMOTE_PORT)) {
try {
request.setRemotePort(Integer.parseInt(v));
} catch (NumberFormatException nfe) {
}
+} else {
+request.setAttribute(n, v );
}
break;
Modified: tomcat/trunk/java/org/apache/coyote/ajp/Constants.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/ajp/Constants.java?rev=757223&r1=757222&r2=757223&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/ajp/Constants.java (original)
+++ tomcat/trunk/java/org/apache/coyote/ajp/Constants.java Sun Mar 22 17:55:35
2009
@@ -88,6 +88,11 @@
// Used for attributes which are not in the list above
public static final byte SC_A_REQ_ATTRIBUTE = 10;
+/**
+ * AJP private request attributes
+ */
+public static final String SC_A_REQ_REMOTE_PORT = "AJP_REMOTE_PORT";
+
// Terminates list of attributes
public static final byte SC_A_ARE_DONE = (byte)0xFF;
Modified: tomcat/trunk/java/org/apache/jk/common/AjpConstants.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jk/common/AjpConstants.java?rev=757223&r1=757222&r2=757223&view=diff
==
svn commit: r757224 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: rjung Date: Sun Mar 22 17:58:56 2009 New Revision: 757224 URL: http://svn.apache.org/viewvc?rev=757224&view=rev Log: Update backport proposal w.r.t the comments. Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=757224&r1=757223&r2=757224&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Mar 22 17:58:56 2009 @@ -119,10 +119,14 @@ attributes, we use generic attributes mechanism to forward the remote port. Backport of http://svn.apache.org/viewvc?rev=756926&view=rev + and http://svn.apache.org/viewvc?rev=757223&view=rev +1: rjung, pero, mturk + -1: mturk: Perhaps we should consider prefixing all those private variables with AJP_ so that is clear this is AJP protocol extension environment variable. pero: But REMOTE_PORT is a existing apache httpd env var! +1 for prefixing. What we can do at mod_jk/IIS? - -1: + rjung: I changed the name and we will *only* use the forwarded data + for setting the port and not set it as a request attribute. + IIS: will be handled similarly. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r757225 - /tomcat/current/tc5.5.x/STATUS.txt
Author: rjung Date: Sun Mar 22 18:01:07 2009 New Revision: 757225 URL: http://svn.apache.org/viewvc?rev=757225&view=rev Log: Update backport proposal. Modified: tomcat/current/tc5.5.x/STATUS.txt Modified: tomcat/current/tc5.5.x/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=757225&r1=757224&r2=757225&view=diff == --- tomcat/current/tc5.5.x/STATUS.txt (original) +++ tomcat/current/tc5.5.x/STATUS.txt Sun Mar 22 18:01:07 2009 @@ -237,3 +237,13 @@ Backport of http://svn.apache.org/viewvc?rev=755302&view=rev +1: rjung -1: + +* Allow AJP connectors to provide correct getRemotePort(). + The remote port is not part of the AJP13 protocol. + Since the protocol is not extensible enough for standard + attributes, we use generic attributes mechanism to forward + the remote port. + Backport of http://svn.apache.org/viewvc?rev=756926&view=rev + and http://svn.apache.org/viewvc?rev=757223&view=rev + +1: rjung + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Releasing Tomcat Connectors 1.2.28
Windows Bins (provided by Mladen) are now in place. Be careful: as long as the daily remove job hasn't run, there are now 1.2.28-dev bins and 1.2.28 bins in parallel directories. Don't use the 1.2.28-dev bins, they'll be gone sometime tomorrow morning. Regards, Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Releasing Tomcat Connectors 1.2.28
[X] Stable - no major issues, no regressions - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r757291 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: billbarker Date: Mon Mar 23 00:32:10 2009 New Revision: 757291 URL: http://svn.apache.org/viewvc?rev=757291&view=rev Log: votes Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=757291&r1=757290&r2=757291&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Mar 23 00:32:10 2009 @@ -71,7 +71,10 @@ 0: billbarker: Haven't tried to break it yet, but the 4th patch potentially offers access to static fields in ELContextImpl and ELResolverImpl that could possibly be exploited by a malicious webapp. - -1: + -1: billbarker: The 5th patch makes Jasper depend on Catalina, rendering Jasper useless + to any 3rd party that just wants a JSP compiler. Removing the Catalina dependancy + can change my vote to +1 (although, it means trusting modern JVMs to clean up after + themselves efficiently). * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46351 Build script re-factoring @@ -105,7 +108,7 @@ * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46816 http://svn.apache.org/viewvc?rev=751295&view=rev Align mbean with implementation - +1: markt + +1: markt, billbarker -1: * Fix use of setLoopbackMode() for tribes multicast. @@ -120,7 +123,7 @@ the remote port. Backport of http://svn.apache.org/viewvc?rev=756926&view=rev and http://svn.apache.org/viewvc?rev=757223&view=rev - +1: rjung, pero, mturk + +1: rjung, pero, mturk, billbarker -1: mturk: Perhaps we should consider prefixing all those private variables with AJP_ so that is clear this is AJP protocol - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Obtaining a Unique Connection ID?
Hi Again, In the near term absence of getRemotePort, I am struggling to determine a method for storing and retrieving per-connection state. Can anyone recommend another method for acquiring a unique connection identifier? I would be satisfied with a platform specific method at this point. Just to be clear as to why this is necessary, NTLMSSP is a three request "handshake". So if you have a frameset with 5 frames, IE will create 5 separate connections but will use the same session ID. So I cannot simply store the state of the authentication in the session because the multiple simultaneous authentication requests will incorrectly read or overwrite that state and cause strange concurrency errors. I need to store the authentication state in the session using a unique connection ID (normally getRemoteAddr+getRemotePort) to keep the simultaneous authentication requests straight. Any ideas? Is there a mod_jk or Tomcat specific feature that would allow me to get the socket file descriptor value, or port, or unique ID through HttpServletRequest.getAttribute()? Mike -- Michael B Allen Java Active Directory Integration http://www.ioplex.com/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat 3 [2009/03/22]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | | 412|Ver|Nor|2001-01-08|JspC on Windows fails to handle includes in subdir| | 2350|Ver|Nor|2001-06-27|ServletConfig.getInitParameter() requires url-patt| | 6488|Ver|Maj|2002-02-15|Error: 304. Apparent bug in default ErrorHandler c| | 9737|Ver|Nor|2002-06-10|ArrayIndexOutOfBoundsException when sending just p| +-+---+---+--+--+ | Total4 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Watchdog [2009/03/22]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | | 278|Unc|Nor|2000-12-04|Bug in GetParameterValuesTestServlet.java file Bug| | 279|Unc|Nor|2000-12-04|Logical Error in GetParameterValuesTestServlet Bug| | 469|Unc|Nor|2001-01-17|in example-taglib.tld "urn" should be "uri" BugRat| | 470|Unc|Nor|2001-01-17|FAIL positiveForward.jsp and positiveInclude.jsp B| | 9634|New|Enh|2002-06-05|No tests exist for ServletContext.getResourcePaths| |10703|New|Enh|2002-07-11|Need to test getRequestURI after RequestDispatcher| |11336|New|Enh|2002-07-31|Test wrapped path methods with RD.foward()| |11663|New|Maj|2002-08-13|JSP precompile tests rely on Jasper specific behav| |11664|New|Maj|2002-08-13|A sweep is needed of all Watchdog 4.0 tag librarie| |11665|New|Maj|2002-08-13|ServletToJSPErrorPageTest and ServletToServletErro| |11666|New|Maj|2002-08-13|SetBufferSize_1TestServlet is invalid.| |14004|New|Maj|2002-10-28|Incorrent behaviour of all attribute-related lifec| |15504|New|Nor|2002-12-18|JSP positiveGetValues test relies on order preserv| |24649|New|Nor|2003-11-12|getRemoteHost fails when agent has uppercase chara| |29398|New|Nor|2004-06-04|Update site and note current status | +-+---+---+--+--+ | Total 15 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat 4 [2009/03/22]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | | 3839|Opn|Enh|2001-09-26|Problem bookmarking login page| | 4227|Opn|Enh|2001-10-17|Invalid CGI path | | 5329|New|Enh|2001-12-08|NT Service exits startup before Tomcat is finished| | 5795|New|Enh|2002-01-10|Catalina Shutdown relies on localhost causing prob| | 5829|New|Enh|2002-01-13|StandardManager needs to cope with sessions throwi| | 5985|New|Enh|2002-01-23|Tomcat should perform a more restrictive validatio| | 6600|Opn|Enh|2002-02-20|enodeURL adds 'jsession' when 'isRequestedSessionI| | 6614|New|Enh|2002-02-21|Have Bootstrap and StandardClassLoader use the sam| | 6671|New|Enh|2002-02-25|Simple custom tag example uses old declaration sty| | 7043|New|Enh|2002-03-12|database user and password for JDBC Based Store | | 7374|New|Enh|2002-03-22|Apache Tomcat/4.0.1 message on standard output| | 7676|New|Enh|2002-04-02|Allow name property to use match experssions in without className in server.xml produces N| |11129|New|Enh|2002-07-24|New valve for putting the sessionIDs in the reques| |11248|New|Enh|2002-07-29|DefaultServlet doesn't send expires header| |11754|Opn|Enh|2002-08-15|Synchronous shutdown script - shutdown.sh should w| |12069|New|Enh|2002-08-27|Creation of more HttpSession objects for one previ| |12428|Opn|Enh|2002-09-09|request.getUserPrincipal(): Misinterpretation of s| |12658|New|Enh|2002-09-15|a proxy host and port at the element level | |12766|New|Enh|2002-09-18|Tomcat should use tld files in /WEB-INF/ over vers| |13309|Opn|Enh|2002-10-04|Catalina calls System.exit() | |13634|New|Enh|2002-10-15|Allowing system properties to be substituted in co| |13689|Opn|Enh|2002-10-16|Classloader paths for 'Common' classes and librari| |13731|New|Enh|2002-10-17|Final request, response, session and other variabl| |13941|New|Enh|2002-10-24|reload is VERY slow | |13965|New|Enh|2002-10-25|Catalina.sh correction request for Tru64 Unix | |14097|New|Enh|2002-10-30|hardcoded registry value for vm lets tomcat servic| |14416|New|Enh|2002-11-10|blank tag name in TLD cause NullPointerException | |14635|New|Enh|2002-11-18|Should be possible not to have -MM-DD in log f| |14766|New|Enh|2002-11-22|Redirect Vavle| |14993|New|Enh|2002-12-02|Possible obselete synchronized declaration| |15115|New|Enh|2002-12-05|correct docs... XML parser *cannot* be overridden | |15417|Opn|Enh|2002-12-16|Add port for forced compilation of JSP pages | |15688|New|Enh|2002-12-27|full-qualified names instead of imports | |15941|New|Enh|2003-01-10|Expose rootCause exceptions at deeper levels | |16294|New|Enh|2003-01-21|Configurable URL Decoding.| |16357|New|Enh|2003-01-23|"connection timeout reached" | |16531|New|Enh|2003-01-29|Updating already deployed ".war" files in a single| |16579|New|Enh|2003-01-30|documentation page layout/style breaks wrapping to| |16596|New|Enh|2003-01-30|option for disabling log rotation | |17070|New|Enh|2003-02-14|The Catalina Ant tasks do not allow for 'reusable'| |17146|New|Enh|2003-02-18|Simplify build.xml using
Bug report for Tomcat 5 [2009/03/22]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |27122|Opn|Enh|2004-02-20|IE plugins cannot access components through Tomcat| |28039|Opn|Enh|2004-03-30|Cluster Support for SingleSignOn | |29160|Ver|Enh|2004-05-23|precompile problem: _jspx_meth_* (javax.servlet.js| |29494|Inf|Enh|2004-06-10|No way to set PATH when running as a service on Wi| |30241|Ver|Enh|2004-07-21|Enhance build script to use branch argument when c| |33262|Inf|Enh|2005-01-27|Service Manager autostart should check for adminis| |33453|Opn|Enh|2005-02-08|Jasper should recompile JSP files whose datestamps| |33671|Opn|Enh|2005-02-21|Manual Windows service installation with custom na| |34801|New|Enh|2005-05-08|PATCH: CGIServlet does not terminate child after a| |34805|Ass|Enh|2005-05-08|warn about invalid security constraint url pattern| |34868|Ass|Enh|2005-05-11|allow to register a trust store for a session that| |35054|Inf|Enh|2005-05-25|warn if appBase is not existing as a File or direc| |36133|Inf|Enh|2005-08-10|Support JSS SSL implementation| |36362|New|Enh|2005-08-25|missing check for Java reserved keywords in tag fi| |36569|Inf|Enh|2005-09-09|Redirects produce illegal URL's | |36837|Inf|Enh|2005-09-28|Looking for ProxyHandler implementation of Http re| |36922|Inf|Enh|2005-10-04|setup.sh file mis-advertised and missing | |36923|New|Nor|2005-10-05|Deactivated EL expressions are not parsed for jsp | |37018|Ass|Enh|2005-10-11|Document how to use tomcat-SSL with a pkcs11 token| |37084|Ass|Nor|2005-10-14|JspC from ant fails on JSPs that use custom taglib| |37334|Inf|Enh|2005-11-02|Realm digest property not aligned with the adminis| |37449|Opn|Enh|2005-11-10|Two UserDatabaseRealm break manager user | |37458|Ass|Nor|2005-11-10|Datarace on org.apache.catalina.loader.WebappClass| |37485|Inf|Enh|2005-11-14|I'd like to run init SQL after JDBC Connection cre| |37498|New|Nor|2005-11-14|[PATCH] NPE in org.apache.catalina.core.ContainerB| |37515|Opn|Nor|2005-11-15|smap not generated by JspC when used from Ant for | |37627|Inf|Nor|2005-11-24|Slow and incomplete dynamic content generation aft| |37785|Inf|Nor|2005-12-05|Changing startup type via Tomcat Monitor does not | |37794|Opn|Nor|2005-12-05|getParameter() fails on POST with transfer-encodin| |37797|Inf|Maj|2005-12-05|Configure Tomcat utility truncates classpath to 96| |37847|Ass|Enh|2005-12-09|Allow User To Optionally Specify Catalina Output F| |37869|Opn|Nor|2005-12-12|Cannot obtain client certificate with SSL / client| |37984|New|Nor|2005-12-21|JNDIRealm.java not able to handle MD5 password| |38197|Opn|Maj|2006-01-09|taglib pool bug when tag is used with jsp:attribut| |38216|Inf|Enh|2006-01-10|Extend Jmxproxy to allow call of MBean Operations | |38217|Ver|Enh|2006-01-10|mention that private key password and keystore pas| |38268|Inf|Enh|2006-01-13|User friendly: Need submit button on adding/deleti| |38352|Inf|Nor|2006-01-22|Additional Entries for Default catalina.policy fil| |38360|Inf|Enh|2006-01-24|Domain for session cookies| |38483|New|Nor|2006-02-01|access log valve uses simpledateformat in tread-un| |38484|New|Min|2006-02-01|webapps Admin: Invalid path /login was requested | |38516|Inf|Nor|2006-02-05|Configuration Manager loses "Log On" settings | |38546|Inf|Enh|2006-02-07|Google bot sends invalid If-Modifed-Since Header, | |38553|New|Nor|2006-02-07|Wrong HTTP code for failed CLIENT-CERT authenticat| |38570|New|Nor|2006-02-08|if docBase path contains "webapps", a backslash is| |38577|Inf|Enh|2006-02-08|Enhance logging of security failures | |38630|Inf|Maj|2006-02-13|Environment (java:comp/env/) sometimes not availab| |38713|Ass|Nor|2006-02-20|java.io.IOException: tmpFile.renameTo(classFile) f| |38743|New|Min|2006-02-21|when using APR, JKS options are silently ignored | |38797|Opn|Nor|2006-02-27|5.5.12 and 5.5.15 emit different code on | |41007|Opn|Enh|2006-11-20|Can't define customized 503 error page| |41059|Ass|Maj|
