DO NOT REPLY [Bug 50991] New: Data source is closed before contextDestroyed is executed. tomcat 7.0.11
https://issues.apache.org/bugzilla/show_bug.cgi?id=50991 Summary: Data source is closed before contextDestroyed is executed. tomcat 7.0.11 Product: Tomcat 7 Version: 7.0.11 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: dev@tomcat.apache.org ReportedBy: mark.shif...@yale.edu In my ServletContextListener contextDestroyed method I do a database update to clean up a table. In tomcat 7.0.11, I get the error (see below) when I shutdown tomcat. Mar 28, 2011 10:47:57 AM org.apache.catalina.core.ApplicationContext log > INFO: ContextListener: contextDestroyed() > Mar 28, 2011 10:47:57 AM org.apache.catalina.core.StandardContext listenerStop > SEVERE: Exception sending context destroyed event to listener instance of > class org.ycmi.listeners.contextListener > java.lang.RuntimeException: java.sql.SQLException: Data source is closed > at org.ycmi.prot.ypresults.db.dbUtils.update(dbUtils.java:495) > at > org.ycmi.listeners.contextListener.contextDestroyed(contextListener.java:58) This looks like the DataSource is being closed before contextDestroyed is run so I can't do the clean up. This wasn't a problem in tomcat 6. As noted by Mark Thomas, this may be related to https://issues.apache.org/bugzilla/show_bug.cgi?id=25060 -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1086611 - /tomcat/trunk/webapps/docs/windows-auth-howto.xml
Author: markt Date: Tue Mar 29 14:51:17 2011 New Revision: 1086611 URL: http://svn.apache.org/viewvc?rev=1086611&view=rev Log: Add domain configuration that is known to work Modified: tomcat/trunk/webapps/docs/windows-auth-howto.xml Modified: tomcat/trunk/webapps/docs/windows-auth-howto.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/windows-auth-howto.xml?rev=1086611&r1=1086610&r2=1086611&view=diff == --- tomcat/trunk/webapps/docs/windows-auth-howto.xml (original) +++ tomcat/trunk/webapps/docs/windows-auth-howto.xml Tue Mar 29 14:51:17 2011 @@ -51,7 +51,66 @@ sections. -TBD. +This is a work in progress. This warning should be removed once the +end-to-end testing is complete +There are four components to the configuration of the built-in Tomcat +support for Windows authentication. The domain controller, the server hosting +Tomcat, the web application wishing to use Windows authentication and the client +machine. The following sections describe the configuration required for each +component. +The names of the three machines used in the configuration examples below are +win-dc01.dev.local (the domain controller), win-tc01.dev.local (the Tomcat +instance) and win-pc01.dev.local (client). The Tomcat server and the client are +both members of the domain. +Note: In order to use the passwords in the steps below, the domain password +policy had to be relaxed. This is not recommended for production environments. + + + + These steps assume that the server has already been configured to act as a + domain controller. Configuration of a Windows server as a domain controller is + outside the scope of this how-to. The steps to configure the domain controller + to enable Tomcat to support Windows authentication are as follows: + + Create a domain user that will be mapped to the service name used by the + Tomcat server. In this how-to, this user is called tc01 and has a + password of tc01pass. + Map the service principal name (SPN) to the user account. SPNs take the + form +/ : / . + The SPN used in this how-to is HTTP/win-tc01.dev.local. To + map the user to the SPN, run the following: + setspn -A HTTP/win-tc01.dev.local tc01 + + Generate the keytab file that the Tomcat server will use to authenticate + itself to the domain controller. This file contains the Tomcat private key for + the service provider account and should be protected accordingly. To generate + the file, run the following command (all on a single line): + ktpass /out c:\tc01.keytab /mapuser tc01@DEV.LOCAL + /princ HTTP/win-tc01.dev.local@DEV.LOCAL + +andPass /kvno 0 + Create a domain user to be used on the client. In this how-to the domain + user is test with a password of testpass. + + + The above steps have been tested on a domain controller running Windows + Server 2008 R2 64-bit Standard using the Windows Server 2003 functional level + for both the forest and the domain. + + + + + TBD + + + + TBD + + + + TBD + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1079575 - in /tomcat/trunk: java/org/apache/catalina/core/StandardContext.java java/org/apache/catalina/deploy/LocalStrings.properties java/org/apache/catalina/deploy/NamingResources.
namingResources.cleanupNoClose
couldn't you implement a closeMethod="close" in the element, that
way the name of the method is configurable.
Filip
On 3/8/2011 3:15 PM, ma...@apache.org wrote:
Author: markt
Date: Tue Mar 8 22:15:34 2011
New Revision: 1079575
URL: http://svn.apache.org/viewvc?rev=1079575&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=25060
When stopping naming resources look for DataSource resources with a zero-arg
close() method and call it if one is found
Works with Commons DBCP.
Modified:
tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/trunk/java/org/apache/catalina/deploy/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/deploy/NamingResources.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=1079575&r1=1079574&r2=1079575&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Tue Mar 8
22:15:34 2011
@@ -5384,15 +5384,13 @@ public class StandardContext extends Con
setState(LifecycleState.STOPPING);
-// Currently this is effectively a NO-OP but needs to be called to
-// ensure the NamingResources follows the correct lifecycle
+// Binding thread
+ClassLoader oldCCL = bindThread();
+
if (namingResources != null) {
namingResources.stop();
}
-// Binding thread
-ClassLoader oldCCL = bindThread();
-
try {
// Stop our child containers, if any
Modified: tomcat/trunk/java/org/apache/catalina/deploy/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/deploy/LocalStrings.properties?rev=1079575&r1=1079574&r2=1079575&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/deploy/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/catalina/deploy/LocalStrings.properties Tue
Mar 8 22:15:34 2011
@@ -43,5 +43,10 @@ webxml.unrecognisedPublicId=The public I
webXml.version.nfe=Unable to parse [{0}] from the version string [{1}]. This
component of the version string will be ignored.
webXml.wrongFragmentName=Used a wrong fragment name {0} at web.xml
absolute-ordering tag!
+namingResources.cleanupCloseFailed=Failed to invoke close method for resource
[{0}] in container [{1}] so no cleanup was performed for that resource
+namingResources.cleanupCloseSecurity=Unable to retrieve close method for
resource [{0}] in container [{1}] so no cleanup was performed for that resource
+namingResources.cleanupNoClose=Resource [{0}] in container [{1}] does not have
a close method so no cleanup was performed for that resource
+namingResources.cleanupNoContext=Failed to retrieve JNDI naming context for
container [{0}] so no cleanup was performed for that container
+namingResources.cleanupNoResource=Failed to retrieve JNDI resource [{0}] for
container [{1}] so no cleanup was performed for that resource
namingResources.mbeanCreateFail=Failed to create MBean for naming resource
[{0}]
namingResources.mbeanDestroyFail=Failed to destroy MBean for naming resource
[{0}]
Modified: tomcat/trunk/java/org/apache/catalina/deploy/NamingResources.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/deploy/NamingResources.java?rev=1079575&r1=1079574&r2=1079575&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/deploy/NamingResources.java (original)
+++ tomcat/trunk/java/org/apache/catalina/deploy/NamingResources.java Tue Mar
8 22:15:34 2011
@@ -22,9 +22,14 @@ package org.apache.catalina.deploy;
import java.beans.PropertyChangeListener;
import java.beans.PropertyChangeSupport;
import java.io.Serializable;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Hashtable;
+import javax.naming.NamingException;
+import javax.sql.DataSource;
+
import org.apache.catalina.Container;
import org.apache.catalina.Context;
import org.apache.catalina.Engine;
@@ -35,6 +40,7 @@ import org.apache.catalina.mbeans.MBeanU
import org.apache.catalina.util.LifecycleMBeanBase;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
+import org.apache.naming.ContextBindings;
import org.apache.tomcat.util.res.StringManager;
@@ -949,11 +955,84 @@ public class NamingResources extends Lif
@Override
protected void stopInternal() throws LifecycleException {
+cleanUp();
setState(LifecycleState.STOPPING);
Re: svn commit: r1086611 - /tomcat/trunk/webapps/docs/windows-auth-howto.xml
2011/3/29 : > Author: markt > Date: Tue Mar 29 14:51:17 2011 > New Revision: 1086611 > > URL: http://svn.apache.org/viewvc?rev=1086611&view=rev > Log: > Add domain configuration that is known to work > > Modified: > tomcat/trunk/webapps/docs/windows-auth-howto.xml > > + Typo above. > + TBD > + The rest of the text looks OK. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1086611 - /tomcat/trunk/webapps/docs/windows-auth-howto.xml
On 29/03/2011 15:59, Konstantin Kolinko wrote: > 2011/3/29 : >> Author: markt >> Date: Tue Mar 29 14:51:17 2011 >> New Revision: 1086611 >> >> URL: http://svn.apache.org/viewvc?rev=1086611&view=rev >> Log: >> Add domain configuration that is known to work >> >> Modified: >>tomcat/trunk/webapps/docs/windows-auth-howto.xml >> > >> + > > Typo above. Thanks. I've corrected that locally and will include it in the next commit. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1079575 - in /tomcat/trunk: java/org/apache/catalina/core/StandardContext.java java/org/apache/catalina/deploy/LocalStrings.properties java/org/apache/catalina/deploy/NamingResources.
On 29/03/2011 15:52, Filip Hanik - Dev Lists wrote:
> namingResources.cleanupNoClose
>
> couldn't you implement a closeMethod="close" in the element,
> that way the name of the method is configurable.
Like it. There was a bug reported with the timing of this call so there
is some work to do here already. Shouldn't be too hard to add this.
Mark
>
> Filip
>
>
>
> On 3/8/2011 3:15 PM, ma...@apache.org wrote:
>> Author: markt
>> Date: Tue Mar 8 22:15:34 2011
>> New Revision: 1079575
>>
>> URL: http://svn.apache.org/viewvc?rev=1079575&view=rev
>> Log:
>> Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=25060
>> When stopping naming resources look for DataSource resources with a
>> zero-arg close() method and call it if one is found
>> Works with Commons DBCP.
>>
>> Modified:
>> tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
>> tomcat/trunk/java/org/apache/catalina/deploy/LocalStrings.properties
>> tomcat/trunk/java/org/apache/catalina/deploy/NamingResources.java
>> tomcat/trunk/webapps/docs/changelog.xml
>>
>> Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
>> URL:
>> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=1079575&r1=1079574&r2=1079575&view=diff
>>
>> ==
>>
>> --- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
>> (original)
>> +++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
>> Tue Mar 8 22:15:34 2011
>> @@ -5384,15 +5384,13 @@ public class StandardContext extends Con
>>
>> setState(LifecycleState.STOPPING);
>>
>> -// Currently this is effectively a NO-OP but needs to be
>> called to
>> -// ensure the NamingResources follows the correct lifecycle
>> +// Binding thread
>> +ClassLoader oldCCL = bindThread();
>> +
>> if (namingResources != null) {
>> namingResources.stop();
>> }
>>
>> -// Binding thread
>> -ClassLoader oldCCL = bindThread();
>> -
>> try {
>>
>> // Stop our child containers, if any
>>
>> Modified:
>> tomcat/trunk/java/org/apache/catalina/deploy/LocalStrings.properties
>> URL:
>> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/deploy/LocalStrings.properties?rev=1079575&r1=1079574&r2=1079575&view=diff
>>
>> ==
>>
>> ---
>> tomcat/trunk/java/org/apache/catalina/deploy/LocalStrings.properties
>> (original)
>> +++
>> tomcat/trunk/java/org/apache/catalina/deploy/LocalStrings.properties
>> Tue Mar 8 22:15:34 2011
>> @@ -43,5 +43,10 @@ webxml.unrecognisedPublicId=The public I
>> webXml.version.nfe=Unable to parse [{0}] from the version string
>> [{1}]. This component of the version string will be ignored.
>> webXml.wrongFragmentName=Used a wrong fragment name {0} at web.xml
>> absolute-ordering tag!
>>
>> +namingResources.cleanupCloseFailed=Failed to invoke close method for
>> resource [{0}] in container [{1}] so no cleanup was performed for that
>> resource
>> +namingResources.cleanupCloseSecurity=Unable to retrieve close method
>> for resource [{0}] in container [{1}] so no cleanup was performed for
>> that resource
>> +namingResources.cleanupNoClose=Resource [{0}] in container [{1}] does
>> not have a close method so no cleanup was performed for that resource
>> +namingResources.cleanupNoContext=Failed to retrieve JNDI naming
>> context for container [{0}] so no cleanup was performed for that
>> container
>> +namingResources.cleanupNoResource=Failed to retrieve JNDI resource
>> [{0}] for container [{1}] so no cleanup was performed for that resource
>> namingResources.mbeanCreateFail=Failed to create MBean for naming
>> resource [{0}]
>> namingResources.mbeanDestroyFail=Failed to destroy MBean for naming
>> resource [{0}]
>>
>> Modified:
>> tomcat/trunk/java/org/apache/catalina/deploy/NamingResources.java
>> URL:
>> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/deploy/NamingResources.java?rev=1079575&r1=1079574&r2=1079575&view=diff
>>
>> ==
>>
>> --- tomcat/trunk/java/org/apache/catalina/deploy/NamingResources.java
>> (original)
>> +++ tomcat/trunk/java/org/apache/catalina/deploy/NamingResources.java
>> Tue Mar 8 22:15:34 2011
>> @@ -22,9 +22,14 @@ package org.apache.catalina.deploy;
>> import java.beans.PropertyChangeListener;
>> import java.beans.PropertyChangeSupport;
>> import java.io.Serializable;
>> +import java.lang.reflect.InvocationTargetException;
>> +import java.lang.reflect.Method;
>> import java.util.HashMap;
>> import java.util.Hashtable;
>>
>> +import javax.naming.NamingException;
>> +import javax.sql.DataSource;
>> +
>> import org.apache.catalina.Container;
>> import org.apache.catalina.Context;
>> import org.apache
DO NOT REPLY [Bug 50991] Data source is closed before contextDestroyed is executed. tomcat 7.0.11
https://issues.apache.org/bugzilla/show_bug.cgi?id=50991 --- Comment #1 from Mark Thomas 2011-03-29 11:26:13 EDT --- When working on this, it is worth taking a look at Filip's suggestion: http://markmail.org/message/av4if6mstsh6qw4n -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50989] JSP causing memory leaks under high load, multi-version
https://issues.apache.org/bugzilla/show_bug.cgi?id=50989 Konstantin Kolinko changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Comment #2 from Konstantin Kolinko 2011-03-29 11:40:52 EDT --- The usual pitfall in the tests like this one is that you forget to add session="false" to your <%@page%> declaration. The result is that you get a ton of session objects eating up memory. Additional notes: 1) Support questions should be sent to the users mailing list. Bugzilla is not a place for them. 2) If there is a memory leak, you should better take some preliminary steps to analyze it. E.g., start with taking a memory dump and use some tool to look what eats up memory, e.g. Eclipse MAT [1]. More information might be in the Wiki and in the archives of the mailing list. Ask on the list if additional help is needed. [1] http://eclipse.org/mat/ -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1086683 - in /tomcat/trunk: java/org/apache/catalina/authenticator/ java/org/apache/catalina/startup/ java/org/apache/catalina/util/ webapps/docs/ webapps/docs/config/
Author: markt
Date: Tue Mar 29 19:08:43 2011
New Revision: 1086683
URL: http://svn.apache.org/viewvc?rev=1086683&view=rev
Log:
Part 1 of SPNEGO/Windows authentication support.
This adds authentication support but not authorisation. Some Realm refactoring
is required to get authorisation working.
SPNEGO is tricky to configure correctly. Some things I know will break it, some
I suspect might. There is a long list of questions in the Javadoc that need to
be tested.
This authenticator started off as a patch by Michael Osipov.
Added:
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
(with props)
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/Constants.java
tomcat/trunk/java/org/apache/catalina/startup/Authenticators.properties
tomcat/trunk/java/org/apache/catalina/util/Base64.java
tomcat/trunk/webapps/docs/config/valve.xml
tomcat/trunk/webapps/docs/windows-auth-howto.xml
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/Constants.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/Constants.java?rev=1086683&r1=1086682&r2=1086683&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/authenticator/Constants.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/Constants.java Tue Mar
29 19:08:43 2011
@@ -24,16 +24,23 @@ public class Constants {
public static final String Package = "org.apache.catalina.authenticator";
// Authentication methods for login configuration
+// Servlet spec schemes
public static final String BASIC_METHOD = "BASIC";
public static final String CERT_METHOD = "CLIENT_CERT";
public static final String DIGEST_METHOD = "DIGEST";
public static final String FORM_METHOD = "FORM";
+// Vendor specific schemes
+public static final String SPNEGO_METHOD = "SPNEGO";
// Form based authentication constants
public static final String FORM_ACTION = "/j_security_check";
public static final String FORM_PASSWORD = "j_password";
public static final String FORM_USERNAME = "j_username";
+// SPNEGO authentication constants
+public static final String DEFAULT_KEYTAB = "conf/tomcat.keytab";
+public static final String DEFAULT_SPN_CLASS = "HTTP";
+
// Cookie name for single sign on support
public static final String SINGLE_SIGN_ON_COOKIE =
System.getProperty(
Added:
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java?rev=1086683&view=auto
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
(added)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
Tue Mar 29 19:08:43 2011
@@ -0,0 +1,317 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.authenticator;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.security.Principal;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.deploy.LoginConfig;
+import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.catalina.startup.Bootstrap;
+import org.apache.catalina.util.Base64;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.buf.MessageBytes;
+import org.ietf.jgss.GSSContext;
+import org.ietf.jg
svn commit: r1086706 - in /tomcat/trunk/java/org/apache/catalina: Realm.java authenticator/SpnegoAuthenticator.java realm/CombinedRealm.java realm/LocalStrings.properties realm/LockOutRealm.java realm
Author: markt
Date: Tue Mar 29 20:05:04 2011
New Revision: 1086706
URL: http://svn.apache.org/viewvc?rev=1086706&view=rev
Log:
Part 2 of SPNEGO/Windows authentication support.
Authorisation support. Works essentially the same way as CLIENT-CERT, i.e. the
Realm doesn't actually authenticate the user but it does create the Principal
and add the roles.
Modified:
tomcat/trunk/java/org/apache/catalina/Realm.java
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
tomcat/trunk/java/org/apache/catalina/realm/CombinedRealm.java
tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/realm/LockOutRealm.java
tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java
Modified: tomcat/trunk/java/org/apache/catalina/Realm.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/Realm.java?rev=1086706&r1=1086705&r2=1086706&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/Realm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/Realm.java Tue Mar 29 20:05:04 2011
@@ -26,6 +26,7 @@ import java.security.cert.X509Certificat
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.SecurityConstraint;
+import org.ietf.jgss.GSSContext;
/**
* A Realm is a read-only facade for an underlying security realm
* used to authenticate individual users, and identify the security roles
@@ -110,7 +111,16 @@ public interface Realm {
* Return the Principal associated with the specified chain of X509
* client certificates. If there is none, return null.
*
- * @param certs Array of client certificates, with the first one in
+ * @param certs The gssContext processed by the {@link Authenticator}.
+ */
+public Principal authenticate(GSSContext gssContext);
+
+
+/**
+ * Return the Principal associated with the specified {@link GSSContext}.
+ * If there is none, return null.
+ *
+ * @param gssContext Array of client certificates, with the first one in
* the array being the certificate of the client itself.
*/
public Principal authenticate(X509Certificate certs[]);
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java?rev=1086706&r1=1086705&r2=1086706&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
Tue Mar 29 20:05:04 2011
@@ -33,10 +33,10 @@ import javax.security.auth.login.LoginCo
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletResponse;
+import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.deploy.LoginConfig;
-import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.startup.Bootstrap;
import org.apache.catalina.util.Base64;
import org.apache.juli.logging.Log;
@@ -47,7 +47,7 @@ import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
-import org.ietf.jgss.GSSName;
+
/**
* A SPNEGO authenticator that uses the SPENGO/Kerberos support built in to
Java
@@ -208,7 +208,8 @@ public class SpnegoAuthenticator extends
try {
principal = Subject.doAs(serviceSubject,
-new KerberosAuthAction(decoded.getBytes(),
response));
+new KerberosAuthAction(decoded.getBytes(),
+response, context));
} catch (PrivilegedActionException e) {
// TODO Auto-generated catch block
e.printStackTrace();
@@ -235,10 +236,13 @@ public class SpnegoAuthenticator extends
private byte[] inToken;
private HttpServletResponse resp;
+private Context context;
-public KerberosAuthAction(byte[] inToken, HttpServletResponse resp) {
+public KerberosAuthAction(byte[] inToken, HttpServletResponse resp,
+Context context) {
this.inToken = inToken;
this.resp = resp;
+this.context = context;
}
@Override
@@ -246,7 +250,7 @@ public class SpnegoAuthenticator extends
// Assume the GSSContext is stateless
// TODO: Confirm this assumption
-GSSContext context =
+GSSContext gssContext =
GSSManager.getInstance().createContext((GSSCredential) null);
svn commit: r1086709 - in /tomcat/trunk/java/org/apache/catalina/authenticator: LocalStrings.properties SpnegoAuthenticator.java
Author: markt
Date: Tue Mar 29 20:10:48 2011
New Revision: 1086709
URL: http://svn.apache.org/viewvc?rev=1086709&view=rev
Log:
Fix some TODOs
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties?rev=1086709&r1=1086708&r2=1086709&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
Tue Mar 29 20:10:48 2011
@@ -29,3 +29,7 @@ authenticator.userDataConstraint=This re
formAuthenticator.forwardErrorFail=Unexpected error forwarding to error page
formAuthenticator.forwardLoginFail=Unexpected error forwarding to login page
+
+spnegoAuthenticator.hostnameFail=Unable to determine the host name to
construct the default SPN. Please set the spn attribute of the authenticator.
+spnegoAuthenticator.serviceLoginFail=Unable to login as the service principal
+spnegoAuthenticator.ticketValidateFail=Failed to validate client supplied
ticket
\ No newline at end of file
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java?rev=1086709&r1=1086708&r2=1086709&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
Tue Mar 29 20:10:48 2011
@@ -138,8 +138,8 @@ public class SpnegoAuthenticator extends
try {
name.append(InetAddress.getLocalHost().getCanonicalHostName());
} catch (UnknownHostException e) {
-// TODO add a message
-throw new LifecycleException(e);
+throw new LifecycleException(
+sm.getString("spnegoAuthenticator.hostnameFail"), e);
}
serviceProvideName = name.toString();
} else {
@@ -154,8 +154,8 @@ public class SpnegoAuthenticator extends
lc.login();
serviceSubject = lc.getSubject();
} catch (LoginException e) {
-// TODO add a message
-throw new LifecycleException(e);
+throw new LifecycleException(
+sm.getString("spnegoAuthenticator.serviceLoginFail"), e);
}
}
@@ -211,8 +211,10 @@ public class SpnegoAuthenticator extends
new KerberosAuthAction(decoded.getBytes(),
response, context));
} catch (PrivilegedActionException e) {
-// TODO Auto-generated catch block
-e.printStackTrace();
+if (log.isDebugEnabled()) {
+log.debug(sm.getString(
+"spnegoAuthenticator.ticketValidateFail"));
+}
}
if (principal != null) {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1086780 - in /tomcat/trunk/webapps/docs: changelog.xml windows-auth-howto.xml
Author: markt Date: Tue Mar 29 22:09:00 2011 New Revision: 1086780 URL: http://svn.apache.org/viewvc?rev=1086780&view=rev Log: Update changelog for SPNEGO. Add note to docs about major todo areas. Modified: tomcat/trunk/webapps/docs/changelog.xml tomcat/trunk/webapps/docs/windows-auth-howto.xml Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1086780&r1=1086779&r2=1086780&view=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Tue Mar 29 22:09:00 2011 @@ -94,6 +94,11 @@ Don't register Contexts that fail to start with the Mapper. (markt) + +Add initial support for SPNEGO/Kerberos authentication also referred to +as integrated Windows authentication. This is a work in progress. See +the documentation for details. (markt) + Modified: tomcat/trunk/webapps/docs/windows-auth-howto.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/windows-auth-howto.xml?rev=1086780&r1=1086779&r2=1086780&view=diff == --- tomcat/trunk/webapps/docs/windows-auth-howto.xml (original) +++ tomcat/trunk/webapps/docs/windows-auth-howto.xml Tue Mar 29 22:09:00 2011 @@ -53,7 +53,8 @@ sections. This is a work in progress. This warning should be removed once the various questions and TODOs (see the Javadoc and implementation class) have been -resolved. +resolved. In particular, onwards delegation is not yet supported and +roles are not retrieved from the domain controller. There are four components to the configuration of the built-in Tomcat support for Windows authentication. The domain controller, the server hosting Tomcat, the web application wishing to use Windows authentication and the client - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1086783 - in /tomcat/trunk: java/org/apache/catalina/servlets/DefaultServlet.java webapps/docs/changelog.xml
Author: markt
Date: Tue Mar 29 22:12:00 2011
New Revision: 1086783
URL: http://svn.apache.org/viewvc?rev=1086783&view=rev
Log:
HTTP range requests cannot be reliably served when a Writer is in use so
prevent the DefaultServlet from attempting to do so.
This is kkolinko's patch that stemmed from a private discussion about a TCK
test.
Modified:
tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java?rev=1086783&r1=1086782&r2=1086783&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java Tue Mar
29 22:12:00 2011
@@ -876,6 +876,8 @@ public class DefaultServlet
|| (contentType.startsWith("text"))
|| (contentType.endsWith("xml")) ) {
writer = response.getWriter();
+// Cannot reliably serve partial content with a Writer
+ranges = FULL;
} else {
throw e;
}
@@ -896,7 +898,8 @@ public class DefaultServlet
contentType + "'");
response.setContentType(contentType);
}
-if ((cacheEntry.resource != null) && (contentLength >= 0)) {
+if ((cacheEntry.resource != null) && (contentLength >= 0)
+&& (!serveContent || ostream != null)) {
if (debug > 0)
log("DefaultServlet.serveFile: contentLength=" +
contentLength);
@@ -974,7 +977,8 @@ public class DefaultServlet
if (!checkSendfile(request, response, cacheEntry,
range.end - range.start + 1, range))
copy(cacheEntry, ostream, range);
} else {
-copy(cacheEntry, writer, range);
+// we should not get here
+throw new IllegalStateException();
}
}
@@ -993,8 +997,8 @@ public class DefaultServlet
copy(cacheEntry, ostream, ranges.iterator(),
contentType);
} else {
-copy(cacheEntry, writer, ranges.iterator(),
- contentType);
+// we should not get here
+throw new IllegalStateException();
}
}
@@ -1939,44 +1943,6 @@ public class DefaultServlet
* (even in the face of an exception).
*
* @param cacheEntry The cache entry for the source resource
- * @param writer The writer to write to
- * @param range Range the client wanted to retrieve
- * @exception IOException if an input/output error occurs
- */
-protected void copy(CacheEntry cacheEntry, PrintWriter writer,
- Range range)
-throws IOException {
-
-IOException exception = null;
-
-InputStream resourceInputStream = cacheEntry.resource.streamContent();
-
-Reader reader;
-if (fileEncoding == null) {
-reader = new InputStreamReader(resourceInputStream);
-} else {
-reader = new InputStreamReader(resourceInputStream,
- fileEncoding);
-}
-
-exception = copyRange(reader, writer, range.start, range.end);
-
-// Clean up the input stream
-reader.close();
-
-// Rethrow any exception that has occurred
-if (exception != null)
-throw exception;
-
-}
-
-
-/**
- * Copy the contents of the specified input stream to the specified
- * output stream, and ensure that both streams are closed before returning
- * (even in the face of an exception).
- *
- * @param cacheEntry The cache entry for the source resource
* @param ostream The output stream to write to
* @param ranges Enumeration of the ranges the client wanted to retrieve
* @param contentType Content type of the resource
@@ -2029,65 +1995,6 @@ public class DefaultServlet
* output stream, and ensure that both streams are closed before returning
* (even in the face of an exception).
*
- * @param cacheEntry The cache entry for the source resource
- * @param writer The writer to write to
- * @param ranges Enumeration of the ranges the client wanted to retrieve
- * @param contentType Content type of the resource
- * @exception IOException if an input/output error occurs
- */
-protected void copy(CacheEntry cacheEntry, PrintWriter writer,
-
svn commit: r1086794 - /tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
Author: markt
Date: Tue Mar 29 22:39:36 2011
New Revision: 1086794
URL: http://svn.apache.org/viewvc?rev=1086794&view=rev
Log:
Correct fix for http://issues.apache.org/bugzilla/show_bug.cgi?id=50928
Default for keyPass is keystorePass
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1086794&r1=1086793&r2=1086794&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Tue Mar
29 22:39:36 2011
@@ -30,7 +30,6 @@ import javax.net.ssl.KeyManagerFactory;
import org.apache.juli.logging.Log;
import org.apache.tomcat.util.IntrospectionUtils;
-import org.apache.tomcat.util.net.jsse.JSSESocketFactory;
import org.apache.tomcat.util.res.StringManager;
import org.apache.tomcat.util.threads.CounterLatch;
import org.apache.tomcat.util.threads.ResizableExecutor;
@@ -672,7 +671,7 @@ public abstract class AbstractEndpoint {
public String getKeyAlias() { return keyAlias;}
public void setKeyAlias(String s ) { keyAlias = s;}
-private String keyPass = JSSESocketFactory.DEFAULT_KEY_PASS;
+private String keyPass = null;
public String getKeyPass() { return keyPass;}
public void setKeyPass(String s ) { this.keyPass = s;}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50995] New: bug of log
https://issues.apache.org/bugzilla/show_bug.cgi?id=50995 Summary: bug of log Product: Tomcat 7 Version: 7.0.8 Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: dev@tomcat.apache.org ReportedBy: litianyu...@126.com The description of question is : one tomcat run at localhost,and another run at server machine,then deploy a prgram bms.war to localhost and server machine. This programe have a servlet named A extents httpservlet,and another servlet extents A named B,servlet A used a url of localhost but servlet B used a url of server machine. Then run servlet B,the result will only record in server machine catalina.out, but localhost hava no log infomation.The next day you can find caralina log of yesterday on the machine ,but you can not find the catalina log on your localhost,and the catalina log of server machine lost part you operator yesterday.I dont know why and can't solution it? My English is very poor,hope you can understand my mean. Happy work. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
