Re: SPNEGO/NEGOTIATE implementation for Apache Geronimo
Yes I am using a Spnego enabled browser and my motto is to enable single sign in geronimo through spnego. As of now I have a small POC of spnego working were it is able to recoganise the src machine, target machine and is able to establish a security context between client and server. However current implementation requires me to override one of the Basic, digest or form as these are the ones which can be specified in web.xml and we cannot specify Negotiate. So my questions are: Q1. Can you think of a way were we need not override any of the above mentioned mechanism? Q2. I need to disable the prompt for credentials by the browser. because once the user is logged into a machine which is part of domain controller he should be able to access the apps w/o any prompt. I have referred the following link to understand how spnego is supposed to work. http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/csec_SPNEGO_explain.html Thanks Ashish On Thu, Dec 10, 2009 at 6:26 AM, David Jencks wrote: > > On Dec 9, 2009, at 5:03 AM, Ashish Jain wrote: > > Hi folks, >> >> Can you please suggest if there is anyway to disable the prompt for >> username and password when using basic authentication?? >> > > That's browser behavior, so the only thing you can do from the server side > is not use plain BASIC auth. Are you using a SPNEGO enabled browser on a > platform where it can recognize your (client side) kerberos login? Do you > have a link to a description of how SPNEGO is supposed to work? > > thanks > david jencks > > > >> Thanks and Regards >> Ashish >> >> On 11/13/09, Costin Manolache wrote: >> >>> On Fri, Nov 13, 2009 at 6:44 AM, Mark Thomas wrote: >>> >>> Ashish Jain wrote: 4) Does this require code changes to BasicAuthenticator > FormAuthenticator, > AuthenticatorBase of tomcat. > Basic and form - no. Base - maybe. Please provide your comment and suggestions. > My instinct (that may be wrong) is that you'll need a new authenticator. If you get this working then I'd certainly consider it for inclusion in Tomcat. An OpenID would be nice too :-) >>> >>> Costin >>> >>> >>> >>> Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org >>> >> - >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: dev-h...@tomcat.apache.org >> >> > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Re: Tomcat 7 - META-INF/context.xml
Filip Hanik - Dev Lists wrote: > On 12/09/2009 07:06 AM, Mark Thomas wrote: >> 6.0.x was inconsistent between WARs and directories. That was made >> consistent in 6.0.19. >> >> META-INF/context.xml in WAR files always extracts/copies >> META-INF/context.xml in a directory doesn't copy<6.0.19, does copy >> 6.0.19 onwards >> > Then I suggest making everything in TC 7 consistent with directories > <6.0.19 > > That's the whole point, it creates nothing but confusion to move the > file out, since it remains there and results in a failed deployment if > you remove a WAR file/directory while the server is not running So a host option extractContextXml that defaults to false? Works for me. I might even code it if I get a chance later today ;) Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r889179 - in /tomcat/trunk: build.xml webapps/ROOT/index.html
Author: markt Date: Thu Dec 10 10:53:13 2009 New Revision: 889179 URL: http://svn.apache.org/viewvc?rev=889179&view=rev Log: Include the version on the homepage. Modified: tomcat/trunk/build.xml tomcat/trunk/webapps/ROOT/index.html Modified: tomcat/trunk/build.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/build.xml?rev=889179&r1=889178&r2=889179&view=diff == --- tomcat/trunk/build.xml (original) +++ tomcat/trunk/build.xml Thu Dec 10 10:53:13 2009 @@ -570,6 +570,7 @@ + Modified: tomcat/trunk/webapps/ROOT/index.html URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/ROOT/index.html?rev=889179&r1=889178&r2=889179&view=diff == --- tomcat/trunk/webapps/ROOT/index.html (original) +++ tomcat/trunk/webapps/ROOT/index.html Thu Dec 10 10:53:13 2009 @@ -94,7 +94,7 @@ - Apache Tomcat + Apache Tomcat @VERSION@ http://www.apache.org/";> - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48366] New: Class HostConfig uses File.list() method result to deploy webapp
https://issues.apache.org/bugzilla/show_bug.cgi?id=48366 Summary: Class HostConfig uses File.list() method result to deploy webapp Product: Tomcat 6 Version: 6.0.20 Platform: PC OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Catalina AssignedTo: dev@tomcat.apache.org ReportedBy: buffoon...@gmail.com The method ,File.list(),is not always returned a sorted array of String. In my test, under WinXPSP3/SunJDK1.5 or Debian5.02/SunJDK1.6 or AIX5.3/IBMJDK1.5, it works well. But, under RHEL4/SunJDK1.5, this method returned an out-of-order array of String. My webapps need to be loaded in order. This result let them breakdown. So,I think HostConfig.java should be modified like this: HostConfig.java Line490: before // Deploy XML descriptors from configBase deployDescriptors(configBase, configBase.list()); // Deploy WARs, and loop if additional descriptors are found deployWARs(appBase, appBase.list()); // Deploy expanded folders deployDirectories(appBase, appBase.list()); after // Deploy XML descriptors from configBase String[] configFiles = configBase.list(); Arrays.sort(configFiles, 0, configFiles.length); deployDescriptors(configBase, configFiles); // Deploy WARs, and loop if additional descriptors are found String[] appFiles = appBase.list(); Arrays.sort(appFiles, 0, appFiles.length); deployWARs(appBase, appFiles); // Deploy expanded folders deployDirectories(appBase, appFiles); -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48366] Class HostConfig uses File.list() method's result to deploy webapp
https://issues.apache.org/bugzilla/show_bug.cgi?id=48366 HellyGuo changed: What|Removed |Added Summary|Class HostConfig uses |Class HostConfig uses |File.list() method result |File.list() method's result |to deploy webapp|to deploy webapp -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48366] Class HostConfig uses File.list() method's result to deploy webapp
https://issues.apache.org/bugzilla/show_bug.cgi?id=48366 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Comment #1 from Mark Thomas 2009-12-10 06:27:35 GMT --- Web applications are meant to be independent. There is no guarantee on load order. There are better ways to achieve what you are trying to achieve. These have been discussed several times on the users list. Please ask any further questions you have on this topic there. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48367] New: issue stop/start tomcat55 webapp, process TLD, WebappClassLoader findResourceInternal
https://issues.apache.org/bugzilla/show_bug.cgi?id=48367 Summary: issue stop/start tomcat55 webapp, process TLD, WebappClassLoader findResourceInternal Product: Tomcat 5 Version: 5.5.17 Platform: PC OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: Webapps:Manager AssignedTo: dev@tomcat.apache.org ReportedBy: blop...@free.fr i've got a GRAVE issue while stopping/starting my webapp or (undeploy/deploy) Error logs on startup like you can see under. Webapp context finally start and i can get the welcome page of webapp but nothing else, error on login. But it works good if i stop tomcat process (with catalina.sh), clean all(work, temp, exploded webapp), letting only .WAR file and then start tomcat. I'm using Axis + WebServices(1 jar placed in shared/lib), Hibernate, C3P0 Struts, Log4J, dom4J, xalan, xerces, FOP, MessAdminFilter, xml-apis (placed in my webapp WEB-INF/lib) Since many days i'm on it and i still can't figure out what si the problem and what to do to fix it. I didnt found any bug about that or anything on Google. It's going on my nerves and chief start to ask news.. Please any help would be welcome! 8 déc. 2009 13:19:36 org.apache.catalina.core.StandardContext processTlds GRAVE: Error reading tld listeners javax.servlet.ServletException: Exception lors du traitement de la TLD indiqué par le chemin de ressource /WEB-INF/struts-logic.tld javax.servlet.ServletException: Exception lors du traitement de la TLD indiqué par le chemin de ressource /WEB-INF/struts-logic.tld at org.apache.catalina.startup.TldConfig.tldScanTld(TldConfig.java:555) at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:301) at org.apache.catalina.core.StandardContext.processTlds(StandardContext.java:4278) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4115) at org.apache.catalina.manager.ManagerServlet.start(ManagerServlet.java:1175) at org.apache.catalina.manager.ManagerServlet.doGet(ManagerServlet.java:368) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595) 8 déc. 2009 13:19:42 org.apache.catalina.loader.WebappClassLoader findResourceInternal INFO: Illegal access: this web application instance has been stopped already. Could not load META-INF/services/org.apache.axis.EngineConfigurationFactory. The eventual following stack trace is caused by an error thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access, and has no functional impact. ERROR [2009-12-08 13:19:42,181] [Sigabase] [http-8080-Processor24] StandardWrapper.Throwable [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/sigabase]] java.lang.NullPointerException at org.apache.catalina.loader.WebappClassLoader.findResources(WebappClassLoader.java:962) at java.lang.ClassLoader.getResources(ClassLoader.java:1015) at org.apache.commons.discovery.jdk.JDK12Hooks.getResources(JDK12Hooks.java:150) at org.apache.commons.discovery.resource.DiscoverResources$1.getNextResources(DiscoverResources.java:153) at org.apache.commons.discovery.resource.DiscoverResources$1.getNextResource(DiscoverResources.java:129) at org.apache.commons.discovery.resource.DiscoverResources$1.hasNext(DiscoverResources.java:116) at org.apache.commons.discovery.resource.names.DiscoverNamesInFile$1.getNextClassNames(DiscoverNamesInFile.java:186) at org.apache.commons.discovery.resource.names.D
DO NOT REPLY [Bug 48367] issue stop/start tomcat55 webapp, process TLD, WebappClassLoader findResourceInternal
https://issues.apache.org/bugzilla/show_bug.cgi?id=48367 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Comment #1 from Mark Thomas 2009-12-10 06:56:37 GMT --- Looks like you have multiple issues with your application here. However, Bugzilla is not a support forum - please direct your questions to the users list. If the discussion on the users list determines that there is a Tomcat bug here, feel free to re-open this bug and provide the steps to reproduce it. To save you a little time, pretty much the first thing you will be asked on the users list is to upgrade to 5.5.28. 5.5.17 is 3.5 years old and there have been many, many bug fixes since then - some of which may help you. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Tomcat 7, Valve > Filter project
Hello Devs, What progress was made on the Valve to Filter project over the summer, and is it intended to be included in Tomcat 7? I'm struggling to find the code submitted, in Bugzilla. Any pointers / clues appreciated. Cheers, Pid - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48358] JSP-unloading reloaded
https://issues.apache.org/bugzilla/show_bug.cgi?id=48358 --- Comment #1 from Peter Rossbach 2009-12-10 07:28:36 UTC --- Hi Isabel, feature looks fine for me :-) Many Thanks. But some comments... - Patch missing message jsp.warning.maxLoadedJsps at java/org/apache/jasper/resources/LocalStrings.properties - The oldest JSP search seams not cheap. Some CMS-Sites have more 3 active JSP's! - Have you tested your JSP unloading with heavy load? Peter -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r889336 - /tomcat/trunk/java/org/apache/catalina/connector/Request.java
Author: markt
Date: Thu Dec 10 16:59:29 2009
New Revision: 889336
URL: http://svn.apache.org/viewvc?rev=889336&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48324
Correct JavaDoc. Patch by sebb
Modified:
tomcat/trunk/java/org/apache/catalina/connector/Request.java
Modified: tomcat/trunk/java/org/apache/catalina/connector/Request.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Request.java?rev=889336&r1=889335&r2=889336&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/connector/Request.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Request.java Thu Dec 10
16:59:29 2009
@@ -932,19 +932,19 @@
/**
* Return the names of all request attributes for this Request, or an
* empty Enumeration if there are none. Note that the
attribute
- * names return will only be those for the attributes set via
+ * names returned will only be those for the attributes set via
* {...@link #setAttribute(String, Object)}. Tomcat internal attributes
will
* not be included although they are accessible via
* {...@link #getAttribute(String)}. The Tomcat internal attributes
include:
*
- * {...@link Globals.DISPATCHER_TYPE_ATTR}
- * {...@link Globals.DISPATCHER_REQUEST_PATH_ATTR}
- * {...@link Globals.ASYNC_SUPPORTED_ATTR}
- * {...@link Globals.CERTIFICATES_ATTR} (SSL connections only)
- * {...@link Globals.CIPHER_SUITE_ATTR} (SSL connections only)
- * {...@link Globals.KEY_SIZE_ATTR} (SSL connections only)
- * {...@link Globals.SSL_SESSION_ID_ATTR} (SSL connections only)
- * {...@link Globals.SSL_SESSION_MGR_ATTR} (SSL connections only)
+ * {...@link Globals#DISPATCHER_TYPE_ATTR}
+ * {...@link Globals#DISPATCHER_REQUEST_PATH_ATTR}
+ * {...@link Globals#ASYNC_SUPPORTED_ATTR}
+ * {...@link Globals#CERTIFICATES_ATTR} (SSL connections only)
+ * {...@link Globals#CIPHER_SUITE_ATTR} (SSL connections only)
+ * {...@link Globals#KEY_SIZE_ATTR} (SSL connections only)
+ * {...@link Globals#SSL_SESSION_ID_ATTR} (SSL connections only)
+ * {...@link Globals#SSL_SESSION_MGR_ATTR} (SSL connections only)
*
* The underlying connector may also expose request attributes. These all
* have names starting with "org.apache.tomcat" and include:
@@ -2264,7 +2264,7 @@
/**
* Get the event associated with the request.
- * @return
+ * @return the event
*/
public CometEventImpl getEvent() {
if (event == null) {
@@ -2313,7 +2313,7 @@
/**
* Not part of Servlet 3 spec but probably should be.
- * @return
+ * @return true if the requested session ID was obtained from the SSL
session
*/
public boolean isRequestedSessionIdFromSSL() {
return requestedSessionSSL;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48324] Javadoc fixes for connector.Request.java
https://issues.apache.org/bugzilla/show_bug.cgi?id=48324 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #1 from Mark Thomas 2009-12-10 08:59:49 GMT --- Patch applied. Many thanks. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48358] JSP-unloading reloaded
https://issues.apache.org/bugzilla/show_bug.cgi?id=48358 Mark Thomas changed: What|Removed |Added Severity|normal |enhancement --- Comment #2 from Mark Thomas 2009-12-10 09:22:47 GMT --- As a point of clarification, if a JSP is changed then the old implementation should be unloaded before the new implementation is loaded. Therefore, lots of changes to a small number of pages shouldn't cause an issue. If such a scenario does cause an issue then that is a bug and I would ask that you please open a separate issue. This enhancement appears to be addressing the use case where an application consists of many thousands of pages that are rarely used so, in an effort to conserve resources, pages that have not been accessed for a while are unloaded. I can see how this could be useful in development, particularly if memory is tight on an individual developer's machine. In production, I think it would be easier (and give better performance) to spend few hundred dollars on some extra memory for the server. I also share Peter's concerns about the cost of the oldest JSP search and think that this part of the patch needs to be revisited. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48346] org.apache.tomcat.util.net.NioEndpoint-NullPointerException-Start the Server
https://issues.apache.org/bugzilla/show_bug.cgi?id=48346 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Comment #1 from Mark Thomas 2009-12-10 09:30:54 GMT --- At a guess, you are trying to use a connector that isn't started. Bugzilla is not a support forum so please take any further questions you have on this topic to the Tomcat users mailing list. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r889363 - in /tomcat/trunk/webapps/docs: config/realm.xml jndi-resources-howto.xml realm-howto.xml
Author: markt Date: Thu Dec 10 18:46:39 2009 New Revision: 889363 URL: http://svn.apache.org/viewvc?rev=889363&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47507 Document the UserDatabaseRealm, in particular the readonly attribute of UserDartabase resources. Modified: tomcat/trunk/webapps/docs/config/realm.xml tomcat/trunk/webapps/docs/jndi-resources-howto.xml tomcat/trunk/webapps/docs/realm-howto.xml Modified: tomcat/trunk/webapps/docs/config/realm.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/realm.xml?rev=889363&r1=889362&r2=889363&view=diff == --- tomcat/trunk/webapps/docs/config/realm.xml (original) +++ tomcat/trunk/webapps/docs/config/realm.xml Thu Dec 10 18:46:39 2009 @@ -478,6 +478,31 @@ JNDI Directory Realm component. +UserDatabase Realm (org.apache.catalina.realm.UserDatabaseRealm) + +The UserDatabase Realm is a Realm implementation +that is based on a UserDatabase resource made available through the global +JNDI resources configured for this Tomcat instance. + +The Memory Based Realm implementation supports the following +additional attributes: + + + + +The name of the resource that this realm will use for user, password +and role information. + + + + +See the +Container-Managed Security Guide for more +information on setting up container managed security using the UserDatabase +Realm component and the +JNDI resources how-to for more +information on how to configure a UserDatabase resource. + Memory Based Realm (org.apache.catalina.realm.MemoryRealm) The Memory Based Realm is a simple Realm implementation Modified: tomcat/trunk/webapps/docs/jndi-resources-howto.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/jndi-resources-howto.xml?rev=889363&r1=889362&r2=889363&view=diff == --- tomcat/trunk/webapps/docs/jndi-resources-howto.xml (original) +++ tomcat/trunk/webapps/docs/jndi-resources-howto.xml Thu Dec 10 18:46:39 2009 @@ -309,6 +309,71 @@ + + +0. Introduction + +UserDatabase resources are typically configured as global resources for +use by a UserDatabase realm. Tomcat includes a UserDatabaseFactoory that +creates UserDatabase resources backed by an XML file - usually +tomcat-users.xml + +The steps required to set up a global UserDatabase resource are described +below. + +1. Create/edit the XML file + +The XMl file is typically located at +$CATALINA_BASE/conf/tomcat-users.xml however, you are free to +locate the file anywhere on the file system. It is recommended that the XML +files are placed in $CATALINA_BASE/conf. A typical XML would +look like: + + + ++ + + +2. Declare Your Resource + +Next, modify $CATALINA_BASE/conf/server.xml to create the +UserDatabase resource based on your XMl file. It should look something like +this: + + ++ + + + + + + +The pathname attribute can be absolute or relative. If +relative, it is relative to $CATALINA_BASE. + +The readonly attribute is optional and defaults to +false if not supplied. If the XML is writeable then it will be +written to when Tomcat starts. WARNING: When the file is +written it will inherit the default file permissions for the user Tomcat +is running as. Ensure that these are appropriate to maintain the security +of your installation. + +3. Configure the Realm + +Configure a UserDatabase Realm to use this resource as described in the +Realm configuration documentation. + + + + 0. Introduction Modified: tomcat/trunk/webapps/docs/realm-howto.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/realm-howto.xml?rev=889363&r1=889362&r2=889363&view=diff == --- tomcat/trunk/webapps/docs/realm-howto.xml (original) +++ tomcat/trunk/webapps/docs/realm-howto.xml Thu Dec 10 18:46:39 2009 @@ -119,6 +119,9 @@ JNDIRealm - Accesses authentication information stored in an LDAP based directory server, accessed via a JNDI provider. +UserDatabaseRealm - Accesses authen
Re: Tomcat 7, Valve > Filter project
On 10/12/2009 15:03, Pid wrote: > Hello Devs, > > What progress was made on the Valve to Filter project over the summer, > and is it intended to be included in Tomcat 7? > > I'm struggling to find the code submitted, in Bugzilla. > Any pointers / clues appreciated. The results are in org.apache.catalina.filters in trunk. In summary: - some valves were converted and the valve removed - some valves were converted but the valves kept - some valves weren't converted I imagine that as many valves as can be will be converted during the lifetime of Tomcat 7 and we'll look again at whether it makes sense to remove valves completely in Tomcat 8. That will probably depend on what the ServletAPI exposes to filters since some of the valves, particularly for authentication, require access to Tomcat internals. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48358] JSP-unloading reloaded
https://issues.apache.org/bugzilla/show_bug.cgi?id=48358 --- Comment #3 from Isabel Drost 2009-12-10 12:27:05 UTC --- > I also share Peter's concerns about the cost of the oldest JSP search and > think that this part of the patch needs to be revisited I agree - will look into that ASAP - Thanks pointing out the problem. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r889419 - in /tomcat/tc6.0.x/trunk: ./ webapps/docs/config/realm.xml webapps/docs/jndi-resources-howto.xml webapps/docs/realm-howto.xml
Author: markt Date: Thu Dec 10 20:37:28 2009 New Revision: 889419 URL: http://svn.apache.org/viewvc?rev=889419&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47507 Document the UserDatabaseRealm, in particular the readonly attribute of UserDartabase resources. Modified: tomcat/tc6.0.x/trunk/ (props changed) tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml tomcat/tc6.0.x/trunk/webapps/docs/jndi-resources-howto.xml tomcat/tc6.0.x/trunk/webapps/docs/realm-howto.xml Propchange: tomcat/tc6.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Thu Dec 10 20:37:28 2009 @@ -1 +1 @@ -/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,666232,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,753039,757335,757774,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,770809,770876,77 2872,776921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,814708,814876,815972,817442,817822,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,831106,831774,831785,831828,831850,831860,832218,833121,833545,834047,835036,835336 +/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,666232,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,753039,757335,757774,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,770809,770876,77 2872,776921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,814708,814876,815972,817442,817822,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,831106,831774,831785,831828,831850,831860,832218,833121,833545,834047,835036,835336,889363 Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml?rev=889419&r1=889418&r2=889419&view=diff == --- tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml Thu Dec 10 20:37:28 2009 @@ -477,6 +477,31 @@ JNDI Directory Realm component. +UserDatabase Realm (org.apache.catalina.realm.UserDatabaseRealm) + +The UserDatabase Realm is a Realm implementation +that is based on a UserDatabase resource made available through the global +JNDI resources co
svn commit: r889424 - in /tomcat/tc5.5.x/trunk/container/webapps/docs: config/realm.xml jndi-resources-howto.xml realm-howto.xml
Author: markt Date: Thu Dec 10 21:08:10 2009 New Revision: 889424 URL: http://svn.apache.org/viewvc?rev=889424&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47507 Document the UserDatabaseRealm, in particular the readonly attribute of UserDartabase resources. Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/config/realm.xml tomcat/tc5.5.x/trunk/container/webapps/docs/jndi-resources-howto.xml tomcat/tc5.5.x/trunk/container/webapps/docs/realm-howto.xml Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/config/realm.xml URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/config/realm.xml?rev=889424&r1=889423&r2=889424&view=diff == --- tomcat/tc5.5.x/trunk/container/webapps/docs/config/realm.xml (original) +++ tomcat/tc5.5.x/trunk/container/webapps/docs/config/realm.xml Thu Dec 10 21:08:10 2009 @@ -457,6 +457,31 @@ JNDI Directory Realm component. +UserDatabase Realm (org.apache.catalina.realm.UserDatabaseRealm) + +The UserDatabase Realm is a Realm implementation +that is based on a UserDatabase resource made available through the global +JNDI resources configured for this Tomcat instance. + +The Memory Based Realm implementation supports the following +additional attributes: + + + + +The name of the resource that this realm will use for user, password +and role information. + + + + +See the +Container-Managed Security Guide for more +information on setting up container managed security using the UserDatabase +Realm component and the +JNDI resources how-to for more +information on how to configure a UserDatabase resource. + Memory Based Realm (org.apache.catalina.realm.MemoryRealm) The Memory Based Realm is a simple Realm implementation Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/jndi-resources-howto.xml URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/jndi-resources-howto.xml?rev=889424&r1=889423&r2=889424&view=diff == --- tomcat/tc5.5.x/trunk/container/webapps/docs/jndi-resources-howto.xml (original) +++ tomcat/tc5.5.x/trunk/container/webapps/docs/jndi-resources-howto.xml Thu Dec 10 21:08:10 2009 @@ -305,6 +305,71 @@ + + +0. Introduction + +UserDatabase resources are typically configured as global resources for +use by a UserDatabase realm. Tomcat includes a UserDatabaseFactoory that +creates UserDatabase resources backed by an XML file - usually +tomcat-users.xml + +The steps required to set up a global UserDatabase resource are described +below. + +1. Create/edit the XML file + +The XMl file is typically located at +$CATALINA_BASE/conf/tomcat-users.xml however, you are free to +locate the file anywhere on the file system. It is recommended that the XML +files are placed in $CATALINA_BASE/conf. A typical XML would +look like: + + + ++ + + +2. Declare Your Resource + +Next, modify $CATALINA_BASE/conf/server.xml to create the +UserDatabase resource based on your XMl file. It should look something like +this: + + ++ + + + + + + +The pathname attribute can be absolute or relative. If +relative, it is relative to $CATALINA_BASE. + +The readonly attribute is optional and defaults to +false if not supplied. If the XML is writeable then it will be +written to when Tomcat starts. WARNING: When the file is +written it will inherit the default file permissions for the user Tomcat +is running as. Ensure that these are appropriate to maintain the security +of your installation. + +3. Configure the Realm + +Configure a UserDatabase Realm to use this resource as described in the +Realm configuration documentation. + + + + 0. Introduction Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/realm-howto.xml URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/realm-howto.xml?rev=889424&r1=889423&r2=889424&view=diff == --- tomcat/tc5.5.x/trunk/container/webapps/docs/realm-howto.xml (original) +++ t
DO NOT REPLY [Bug 47507] tomcat-users.xml is rewritten and made world-readable on startup (!)
https://issues.apache.org/bugzilla/show_bug.cgi?id=47507 Mark Thomas changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||FIXED --- Comment #3 from Mark Thomas 2009-12-10 13:10:46 GMT --- I've updated the docs for trunk, 6.0.x and 5.5.x to include information on the UserDatabaseRealm and configuring UserDatabase resources. The JavaAPI does not provide a mechanism to control file permissions so there is little Tomcat can do in that regard. I have included a warning about the side-effects of writing the file in the new documentation. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 47510] sessionId is not generated when switch between clusters
https://issues.apache.org/bugzilla/show_bug.cgi?id=47510 Mark Thomas changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||INVALID --- Comment #4 from Mark Thomas 2009-12-10 13:16:49 GMT --- For this to happen as described, a cookie intended for one cluster must be transmitted to a different cluster. This shouldn't happen. Given that the cookie will be selected by host and path, I don't see how this can happen. This looks like misconfiguration at this stage. I suggest you follow this up on the users list in the first instance. If that discussion concludes that there is a bug here, please re-open this issue and describe the steps to reproduce the bug. Note also that are are free to add custom valves and/or filters to manipulate the session cookie (or anything else) if necessary. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 47512] Binding java.lang.reflect.Proxy to JNDI directory raises java.lang.ClassCastException
https://issues.apache.org/bugzilla/show_bug.cgi?id=47512 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||WONTFIX --- Comment #8 from Mark Thomas 2009-12-10 13:24:48 GMT --- Whilst binding objects into the global JNDI directory where the classes are only available to the web application class loader may be possible, this is asking from all sorts of class loading pain and memory leaks. On that basis I am marking this as WONTFIX. If you want this functionality in your environment the simplest way to achieve it is to patch org.apache.naming.NamingContext, compile the class and then place the class file in CATALINA_HOME/lib/org/apache/naming/NamingContext.class I'd also put the .java file alongside it so people can easily see what you changed. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 47516] parameters in conf/context.xml and context.xml.default are ignored
https://issues.apache.org/bugzilla/show_bug.cgi?id=47516 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||WORKSFORME --- Comment #2 from Mark Thomas 2009-12-10 14:08:48 GMT --- This works for me in 6.0.x and trunk. Looks like a configuration problem. Please use the users list for assistance. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48370] New: PublishRequest.java can not be compiled
https://issues.apache.org/bugzilla/show_bug.cgi?id=48370 Summary: PublishRequest.java can not be compiled Product: Tomcat 7 Version: trunk Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Modules: bayeux AssignedTo: dev@tomcat.apache.org ReportedBy: wujunc...@gmail.com There is a log used in org.apache.tomcat.bayeux.request.PublishRequest,but it was not be defined,so the class can not be complied successfully,there should be something like this? private static final Log log = LogFactory.getLog(PublishRequest.class); -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48371] New: addWebXmlMappings does not place servlet tags correctly
https://issues.apache.org/bugzilla/show_bug.cgi?id=48371 Summary: addWebXmlMappings does not place servlet tags correctly Product: Tomcat 6 Version: 6.0.20 Platform: PC OS/Version: Windows XP Status: NEW Severity: major Priority: P2 Component: Jasper AssignedTo: dev@tomcat.apache.org ReportedBy: j...@leeclemens.net If there is a commented-out or commented-out tag and addWebXmlMappings="true", the JSP's servlet and servlet-mapping tags are placed incorrectly and Tomcat will not start due to "--" being inside a comment. Basically, it seems the web.xml is not parsed correctly when using addWebXmlMappings and you cannot have above tags commented out, or new servlet tags will be placed incorrectly and comment tags not respected. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r889525 - in /tomcat/trunk/res/procrun: amd64/tomcat7.exe ia64/tomcat7.exe tomcat7.exe tomcat7w.exe
Author: mturk Date: Fri Dec 11 07:51:09 2009 New Revision: 889525 URL: http://svn.apache.org/viewvc?rev=889525&view=rev Log: Update procrun to 2.0.6 Modified: tomcat/trunk/res/procrun/amd64/tomcat7.exe tomcat/trunk/res/procrun/ia64/tomcat7.exe tomcat/trunk/res/procrun/tomcat7.exe tomcat/trunk/res/procrun/tomcat7w.exe Modified: tomcat/trunk/res/procrun/amd64/tomcat7.exe URL: http://svn.apache.org/viewvc/tomcat/trunk/res/procrun/amd64/tomcat7.exe?rev=889525&r1=889524&r2=889525&view=diff == Binary files - no diff available. Modified: tomcat/trunk/res/procrun/ia64/tomcat7.exe URL: http://svn.apache.org/viewvc/tomcat/trunk/res/procrun/ia64/tomcat7.exe?rev=889525&r1=889524&r2=889525&view=diff == Binary files - no diff available. Modified: tomcat/trunk/res/procrun/tomcat7.exe URL: http://svn.apache.org/viewvc/tomcat/trunk/res/procrun/tomcat7.exe?rev=889525&r1=889524&r2=889525&view=diff == Binary files - no diff available. Modified: tomcat/trunk/res/procrun/tomcat7w.exe URL: http://svn.apache.org/viewvc/tomcat/trunk/res/procrun/tomcat7w.exe?rev=889525&r1=889524&r2=889525&view=diff == Binary files - no diff available. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r889526 - in /tomcat/tc5.5.x/trunk/connectors/procrun/bin: amd64/tomcat5.exe ia64/tomcat5.exe tomcat5.exe tomcat5w.exe
Author: mturk Date: Fri Dec 11 07:53:06 2009 New Revision: 889526 URL: http://svn.apache.org/viewvc?rev=889526&view=rev Log: Update procrun to 2.0.6 Modified: tomcat/tc5.5.x/trunk/connectors/procrun/bin/amd64/tomcat5.exe tomcat/tc5.5.x/trunk/connectors/procrun/bin/ia64/tomcat5.exe tomcat/tc5.5.x/trunk/connectors/procrun/bin/tomcat5.exe tomcat/tc5.5.x/trunk/connectors/procrun/bin/tomcat5w.exe Modified: tomcat/tc5.5.x/trunk/connectors/procrun/bin/amd64/tomcat5.exe URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/procrun/bin/amd64/tomcat5.exe?rev=889526&r1=889525&r2=889526&view=diff == Binary files - no diff available. Modified: tomcat/tc5.5.x/trunk/connectors/procrun/bin/ia64/tomcat5.exe URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/procrun/bin/ia64/tomcat5.exe?rev=889526&r1=889525&r2=889526&view=diff == Binary files - no diff available. Modified: tomcat/tc5.5.x/trunk/connectors/procrun/bin/tomcat5.exe URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/procrun/bin/tomcat5.exe?rev=889526&r1=889525&r2=889526&view=diff == Binary files - no diff available. Modified: tomcat/tc5.5.x/trunk/connectors/procrun/bin/tomcat5w.exe URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/procrun/bin/tomcat5w.exe?rev=889526&r1=889525&r2=889526&view=diff == Binary files - no diff available. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r889527 - in /tomcat/tc6.0.x/trunk/res/procrun: amd64/tomcat6.exe ia64/tomcat6.exe tomcat6.exe tomcat6w.exe
Author: mturk Date: Fri Dec 11 07:53:41 2009 New Revision: 889527 URL: http://svn.apache.org/viewvc?rev=889527&view=rev Log: Update procrun to 2.0.6 Modified: tomcat/tc6.0.x/trunk/res/procrun/amd64/tomcat6.exe tomcat/tc6.0.x/trunk/res/procrun/ia64/tomcat6.exe tomcat/tc6.0.x/trunk/res/procrun/tomcat6.exe tomcat/tc6.0.x/trunk/res/procrun/tomcat6w.exe Modified: tomcat/tc6.0.x/trunk/res/procrun/amd64/tomcat6.exe URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/res/procrun/amd64/tomcat6.exe?rev=889527&r1=889526&r2=889527&view=diff == Binary files - no diff available. Modified: tomcat/tc6.0.x/trunk/res/procrun/ia64/tomcat6.exe URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/res/procrun/ia64/tomcat6.exe?rev=889527&r1=889526&r2=889527&view=diff == Binary files - no diff available. Modified: tomcat/tc6.0.x/trunk/res/procrun/tomcat6.exe URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/res/procrun/tomcat6.exe?rev=889527&r1=889526&r2=889527&view=diff == Binary files - no diff available. Modified: tomcat/tc6.0.x/trunk/res/procrun/tomcat6w.exe URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/res/procrun/tomcat6w.exe?rev=889527&r1=889526&r2=889527&view=diff == Binary files - no diff available. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
