DO NOT REPLY [Bug 48011] Parameters with contentType=multipart/form-data from request is null after FORM authentification checking
https://issues.apache.org/bugzilla/show_bug.cgi?id=48011 --- Comment #3 from Serg Mavrov 2009-10-17 04:40:04 UTC --- (In reply to comment #2) > Please provide the source for the tets case. The first atachment contains contains the source. It is Netbeans project. But you can find src folder inside. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48011] Parameters with contentType=multipart/form-data from request is null after FORM authentification checking
https://issues.apache.org/bugzilla/show_bug.cgi?id=48011 --- Comment #4 from Serg Mavrov 2009-10-17 04:41:14 UTC --- (In reply to comment #2) > Please provide the source for the tets case. The first atachment contains contains the source. It is Netbeans project. But you can find src folder inside. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48019] New: StackOverflowError on "include"
https://issues.apache.org/bugzilla/show_bug.cgi?id=48019 Summary: StackOverflowError on "include" Product: Tomcat 6 Version: 6.0.20 Platform: PC OS/Version: Windows NT Status: NEW Severity: normal Priority: P2 Component: Jasper AssignedTo: dev@tomcat.apache.org ReportedBy: illm...@sina.com JSP file name: /common/headers.jsp It's cotent: <% // example: <%@ include file="/common/headers.jsp" % > %> Console output: java.lang.StackOverflowError at java.text.DateFormat.format(DateFormat.java:275) at java.text.Format.format(Format.java:140) at java.text.MessageFormat.subformat(MessageFormat.java:1288) at java.text.MessageFormat.format(MessageFormat.java:795) at java.util.logging.SimpleFormatter.format(SimpleFormatter.java:50) at java.util.logging.StreamHandler.publish(StreamHandler.java:179) at java.util.logging.ConsoleHandler.publish(ConsoleHandler.java:88) at java.util.logging.Logger.log(Logger.java:458) at java.util.logging.Logger.doLog(Logger.java:480) at java.util.logging.Logger.logp(Logger.java:680) at org.apache.juli.logging.DirectJDKLog.log(DirectJDKLog.java:167) at org.apache.juli.logging.DirectJDKLog.error(DirectJDKLog.java:135) at org.apache.jasper.compiler.JspReader.pushFile(JspReader.java:606) at org.apache.jasper.compiler.JspReader.(JspReader.java:141) at org.apache.jasper.compiler.JspReader.(JspReader.java:119) at org.apache.jasper.compiler.ParserController.determineSyntaxAndEncoding(ParserController.java:399) at org.apache.jasper.compiler.ParserController.doParse(ParserController.java:207) at org.apache.jasper.compiler.ParserController.parse(ParserController.java:137) at org.apache.jasper.compiler.Parser.processIncludeDirective(Parser.java:339) at org.apache.jasper.compiler.Parser.parseIncludeDirective(Parser.java:376) at org.apache.jasper.compiler.Parser.parseDirective(Parser.java:484) at org.apache.jasper.compiler.Parser.parseTagFileDirectives(Parser.java:1784) at org.apache.jasper.compiler.Parser.parse(Parser.java:127) This not exist in "6.0.18". -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r826291 - /tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
Author: markt
Date: Sat Oct 17 19:21:01 2009
New Revision: 826291
URL: http://svn.apache.org/viewvc?rev=826291&view=rev
Log:
Use string manager for i18n.
Modified:
tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
Modified: tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java?rev=826291&r1=826290&r2=826291&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java Sat
Oct 17 19:21:01 2009
@@ -186,13 +186,14 @@
HttpSession session = request.getSession();
String sessionNonce = (String) session.getAttribute(NONCE_SESSION);
if (sessionNonce == null) {
-message = "FAIL: No nonce found in session. Command [" + command +
"] was ignored.";
+message = sm.getString("htmlManagerServlet.noNonce", command);
// Reset the command
command = null;
} else {
if (!sessionNonce.equals(requestNonce)) {
// Nonce mis-match.
-message = "FAIL: Nonce mismatch. Command [" + command + "] was
ignored.";
+message =
+sm.getString("htmlManagerServlet.nonceMismatch", command);
// Reset the command
command = null;
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r826292 - in /tomcat/trunk/webapps/manager: 401.jsp WEB-INF/web.xml
Author: markt Date: Sat Oct 17 19:21:50 2009 New Revision: 826292 URL: http://svn.apache.org/viewvc?rev=826292&view=rev Log: Change name of role for scripts Modified: tomcat/trunk/webapps/manager/401.jsp tomcat/trunk/webapps/manager/WEB-INF/web.xml Modified: tomcat/trunk/webapps/manager/401.jsp URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/manager/401.jsp?rev=826292&r1=826291&r2=826292&view=diff == --- tomcat/trunk/webapps/manager/401.jsp (original) +++ tomcat/trunk/webapps/manager/401.jsp Sat Oct 17 19:21:50 2009 @@ -56,7 +56,7 @@ manager - allows access to the HTML GUI and the status pages - manager-scripts - allows access to the text interface and the + manager-script - allows access to the text interface and the status pages manager-jmx - allows access to the JMX proxy and the status pages Modified: tomcat/trunk/webapps/manager/WEB-INF/web.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/manager/WEB-INF/web.xml?rev=826292&r1=826291&r2=826292&view=diff == --- tomcat/trunk/webapps/manager/WEB-INF/web.xml (original) +++ tomcat/trunk/webapps/manager/WEB-INF/web.xml Sat Oct 17 19:21:50 2009 @@ -106,7 +106,7 @@ /text/* - manager-scripts + manager-script @@ -125,7 +125,7 @@ manager - manager-scripts + manager-script manager-jmx manager-status @@ -148,7 +148,7 @@ The role that is required to access the text Manager pages -manager-scripts +manager-script - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r826293 - /tomcat/trunk/webapps/docs/manager-howto.xml
Author: markt Date: Sat Oct 17 19:22:16 2009 New Revision: 826293 URL: http://svn.apache.org/viewvc?rev=826293&view=rev Log: Change of name for role Modified: tomcat/trunk/webapps/docs/manager-howto.xml Modified: tomcat/trunk/webapps/docs/manager-howto.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/manager-howto.xml?rev=826293&r1=826292&r2=826293&view=diff == --- tomcat/trunk/webapps/docs/manager-howto.xml (original) +++ tomcat/trunk/webapps/docs/manager-howto.xml Sat Oct 17 19:22:16 2009 @@ -146,15 +146,16 @@ anyone on the Internet to execute the Manager application on your server. Therefore, the Manager application is shipped with the requirement that anyone who attempts to use it must authenticate themselves, using a username and -password that have the role manager associated with them. -Further, there is no username in the default users file +password that have the role manager-script associated with +them. Further, there is no username in the default users file ($CATALINA_BASE/conf/tomcat-users.xml) that is assigned this role. Therefore, access to the Manager application is completely disabled by default. To enable access to the Manager web application, you must either create a new username/password combination and associate the role name -manager with it, or add the manager role +manager-script with it, or add the +manager-script role to some existing username/password combination. Exactly where this is done depends on which Realm implementation you are using: @@ -166,7 +167,7 @@for each individual user, which might look something like this: - + which defines the username and password used by this individual to log on, and the role names he or she is associated with. You can @@ -174,15 +175,15 @@ roles attribute for one or more existing users, and/or create new users with that assigned role. JDBCRealm - Your user and role information is stored in -a database accessed via JDBC. Add the manager role +a database accessed via JDBC. Add the manager-script role to one or more existing users, and/or create one or more new users with this role assigned, following the standard procedures for your environment. JNDIRealm - Your user and role information is stored in -a directory server accessed via LDAP. Add the manager -role to one or more existing users, and/or create one or more new users -with this role assigned, following the standard procedures for your -environment. +a directory server accessed via LDAP. Add the +manager-script role to one or more existing users, +and/or create one or more new users with this role assigned, following +the standard procedures for your environment. The first time you attempt to issue one of the Manager commands - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r826294 - in /tomcat/trunk/webapps/host-manager: 401.jsp 404.jsp WEB-INF/web.xml
Author: markt
Date: Sat Oct 17 19:25:11 2009
New Revision: 826294
URL: http://svn.apache.org/viewvc?rev=826294&view=rev
Log:
Part 1 of CSRF protection for host manager. Move text interface from / to
/text, add extra role for /text. Port 401.jsp and 404.jsp from manager.
Added:
tomcat/trunk/webapps/host-manager/401.jsp
tomcat/trunk/webapps/host-manager/404.jsp
Modified:
tomcat/trunk/webapps/host-manager/WEB-INF/web.xml
Added: tomcat/trunk/webapps/host-manager/401.jsp
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/host-manager/401.jsp?rev=826294&view=auto
==
--- tomcat/trunk/webapps/host-manager/401.jsp (added)
+++ tomcat/trunk/webapps/host-manager/401.jsp Sat Oct 17 19:25:11 2009
@@ -0,0 +1,62 @@
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%
+ response.setHeader("WWW-Authenticate", "Basic realm=\"Tomcat Host Manager
Application\"");
+%>
+http://www.w3.org/TR/html4/strict.dtd";>
+
+
+ 401 Unauthorized
+
+
+
+
+
+ 401 Unauthorized
+
+You are not authorized to view this page. If you have not changed
+any configuration files, please examine the file
+conf/tomcat-users.xml in your installation. That
+file must contain the credentials to let you use this webapp.
+
+
+For example, to add the admin role to a user named
+tomcat with a password of s3cret, add the following to
the
+config file listed above.
+
+
+
svn commit: r826295 - in /tomcat/trunk/java/org/apache/catalina/manager/host: Constants.java HTMLHostManagerServlet.java LocalStrings.properties
Author: markt
Date: Sat Oct 17 19:27:12 2009
New Revision: 826295
URL: http://svn.apache.org/viewvc?rev=826295&view=rev
Log:
Part 2 of CSRF protection for the host manager. Use POST and require valid
nonce.
Modified:
tomcat/trunk/java/org/apache/catalina/manager/host/Constants.java
tomcat/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
tomcat/trunk/java/org/apache/catalina/manager/host/LocalStrings.properties
Modified: tomcat/trunk/java/org/apache/catalina/manager/host/Constants.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/host/Constants.java?rev=826295&r1=826294&r2=826295&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/manager/host/Constants.java (original)
+++ tomcat/trunk/java/org/apache/catalina/manager/host/Constants.java Sat Oct
17 19:27:12 2009
@@ -27,7 +27,7 @@
"\n" +
"\n" +
"\n" +
-org.apache.catalina.util.TomcatCSS.TOMCAT_CSS +
+org.apache.catalina.util.TomcatCSS.TOMCAT_CSS + "\n" +
" table {\n" +
"width: 100%;\n" +
" }\n" +
@@ -96,7 +96,12 @@
"color: black;\n" +
"background: white;\n" +
" }\n" +
-"\n";
+" form {\n" +
+"margin: 1;\n" +
+" }\n" +
+" form.inline {\n" +
+"display: inline;\n" +
+" }\n" +"\n";
public static final String BODY_HEADER_SECTION =
"{0}\n" +
@@ -104,7 +109,7 @@
"\n" +
"\n" +
"\n" +
-"\n" +
+"\n" +
" \n" +
" \n" +
" http://www.apache.org/\";>\n" +
@@ -119,7 +124,7 @@
" \n" +
"\n" +
"\n" +
-"\n" +
+"\n" +
" \n" +
" \n" +
Modified:
tomcat/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java?rev=826295&r1=826294&r2=826295&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
Sat Oct 17 19:27:12 2009
@@ -25,11 +25,13 @@
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.Map;
+import java.util.Random;
import java.util.TreeMap;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import org.apache.catalina.Container;
import org.apache.catalina.Host;
@@ -61,6 +63,14 @@
public final class HTMLHostManagerServlet extends HostManagerServlet {
+private static final long serialVersionUID = 1L;
+
+protected static final String NONCE_SESSION =
+"org.apache.catalina.manager.host.NONCE";
+protected static final String NONCE_REQUEST = "nonce";
+
+private final Random randomSource = new Random();
+
// - Public Methods
/**
@@ -79,31 +89,120 @@
// Identify the request parameters that we need
String command = request.getPathInfo();
+// Prepare our output writer to generate the response message
+response.setContentType("text/html; charset=" + Constants.CHARSET);
+
+String message = "";
+// Process the requested command
+if (command == null) {
+// No command == list
+} else if (command.equals("/list")) {
+// Nothing to do - always generate list
+} else if (command.equals("/add") || command.equals("/remove") ||
+command.equals("/start") || command.equals("/stop")) {
+message =
+sm.getString("hostManagerServlet.postCommand", command);
+} else {
+message =
+sm.getString("hostManagerServlet.unknownCommand", command);
+}
+
+list(request, response, message);
+}
+
+
+/**
+ * Process a POST request for the specified resource.
+ *
+ * @param request The servlet request we are processing
+ * @param response The servlet response we are creating
+ *
+ * @exception IOException if an input/output error occurs
+ * @exception ServletException if a servlet-specified error occurs
+ */
+@Override
+public void doPost(HttpServletRequest request, HttpServletResponse
response)
+throws ServletException, IOException {
+
+// Identify the request parameters that we need
+String command = request.getPathInfo();
+
String name = request.getParameter("name");
+String requestNonce = request.getParameter(NONCE_REQUEST);
// Prepare
svn commit: r826296 - /tomcat/trunk/java/org/apache/catalina/manager/host/HostManagerServlet.java
Author: markt
Date: Sat Oct 17 19:28:15 2009
New Revision: 826296
URL: http://svn.apache.org/viewvc?rev=826296&view=rev
Log:
Fix Eclipse warnings
Modified:
tomcat/trunk/java/org/apache/catalina/manager/host/HostManagerServlet.java
Modified:
tomcat/trunk/java/org/apache/catalina/manager/host/HostManagerServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/host/HostManagerServlet.java?rev=826296&r1=826295&r2=826296&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/manager/host/HostManagerServlet.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/manager/host/HostManagerServlet.java
Sat Oct 17 19:28:15 2009
@@ -94,6 +94,7 @@
public class HostManagerServlet
extends HttpServlet implements ContainerServlet {
+private static final long serialVersionUID = 1L;
// - Instance Variables
@@ -366,12 +367,14 @@
// Validate and create appBase
File appBaseFile = null;
+File file = null;
if (appBase == null || appBase.length() == 0) {
-appBase = name;
+file = new File(name);
+} else {
+file = new File(appBase);
}
-File file = new File(appBase);
if (!file.isAbsolute())
-file = new File(System.getProperty("catalina.base"), appBase);
+file = new File(System.getProperty("catalina.base"),
file.getPath());
try {
appBaseFile = file.getCanonicalFile();
} catch (IOException e) {
@@ -408,12 +411,14 @@
try {
is.close();
} catch (IOException e) {
+// Ignore
}
}
if (os != null) {
try {
os.close();
} catch (IOException e) {
+// Ignore
}
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
