DO NOT REPLY [Bug 48685] Spnego Support in Tomcat
https://issues.apache.org/bugzilla/show_bug.cgi?id=48685 --- Comment #37 from Michael Osipov <1983-01...@gmx.net> 2011-04-01 04:59:26 EDT --- Mark, I tried to build the current trunk to validate the code and mark some improvements but I fails with: build-docs: [xslt] Transforming into E:\Projekte\tomcat-trunk\output\build\webapps\docs [xslt] Processing E:\Projekte\tomcat-trunk\webapps\docs\changelog.xml to E: \Projekte\tomcat-trunk\output\build\webapps\docs\changelog.html [xslt] Loading stylesheet E:\Projekte\tomcat-trunk\webapps\docs\tomcat-docs .xsl [xslt] E:\Projekte\tomcat-trunk\webapps\docs\tomcat-docs.xsl:470: Fatal Err or! Illegal HTML character: decimal 150 [xslt] Failed to process null -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48685] Spnego Support in Tomcat
https://issues.apache.org/bugzilla/show_bug.cgi?id=48685 --- Comment #38 from Mark Thomas 2011-04-01 05:07:36 EDT --- Looks like you have a build environment problem. It builds fine for me and the multiple CI systems (buildbot and gump) that build this codebase. The users list is the best place to get help with that. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GUMP@vmgump]: Project tomcat-trunk-validate (in module tomcat-trunk) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-trunk-validate has an issue affecting its community integration. This issue affects 1 projects, and has been outstanding for 2 runs. The current state of this project is 'Failed', with reason 'Build Failed'. For reference only, the following projects are affected by this: - tomcat-trunk-validate : Java Servlet 3.0, Java Server Pages 2.2 & Expression Languag... Full details are available at: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-validate/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -INFO- Failed with reason build failed The following work was performed: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-validate/gump_work/build_tomcat-trunk_tomcat-trunk-validate.html Work Name: build_tomcat-trunk_tomcat-trunk-validate (Type: Build) Work ended in a state of : Failed Elapsed: 3 secs Command Line: /usr/lib/jvm/java-6-openjdk/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Dcheckstyle.jar=/srv/gump/public/workspace/checkstyle/target/checkstyle-*[0-9T].jar -Dexecute.validate=true validate [Working Directory: /srv/gump/public/workspace/tomcat-trunk] CLASSPATH: /usr/lib/jvm/java-6-openjdk/lib/tools.jar:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/packages/junit3.8.1/junit.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/packages/javamail-1.4/mail.jar:/srv/gump/packages/javamail-1.4/lib/mailapi.jar:/srv/gump/packages/jaf-1.1ea/activation.jar:/srv/gump/public/workspace/checkstyle/target/checkstyle-5.3-SNAPSHOT.jar - Buildfile: /srv/gump/public/workspace/tomcat-trunk/build.xml download-validate: proxyflags: setproxy: testexist: [echo] Testing for /srv/gump/public/workspace/checkstyle/target/checkstyle-*[0-9T].jar downloadzip: [get] Getting: http://downloads.sourceforge.net/checkstyle/checkstyle-5.3-bin.zip [get] To: /usr/share/java/file.zip [get] http://downloads.sourceforge.net/checkstyle/checkstyle-5.3-bin.zip permanently moved to http://downloads.sourceforge.net/project/checkstyle/checkstyle/5.3/checkstyle-5.3-bin.zip [get] http://downloads.sourceforge.net/project/checkstyle/checkstyle/5.3/checkstyle-5.3-bin.zip moved to http://iweb.dl.sourceforge.net/project/checkstyle/checkstyle/5.3/checkstyle-5.3-bin.zip [get] Error getting http://downloads.sourceforge.net/checkstyle/checkstyle-5.3-bin.zip to /usr/share/java/file.zip BUILD FAILED /srv/gump/public/workspace/tomcat-trunk/build.xml:2107: The following error occurred while executing this line: /srv/gump/public/workspace/tomcat-trunk/build.xml:2321: java.io.FileNotFoundException: /usr/share/java/file.zip (Permission denied) at java.io.FileOutputStream.open(Native Method) at java.io.FileOutputStream.(FileOutputStream.java:209) at java.io.FileOutputStream.(FileOutputStream.java:160) at org.apache.tools.ant.taskdefs.Get$GetThread.downloadFile(Get.java:739) at org.apache.tools.ant.taskdefs.Get$GetThread.get(Get.java:586) at org.apache.tools.ant.taskdefs.Get$GetThread.run(Get.java:569) Total time: 3 seconds - To subscribe to this information via syndicated feeds: - RSS: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-validate/rss.xml - Atom: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-validate/atom.xml == Gump Tracking Only === Produced by Apache Gump(TM) version 2.3. Gump Run 06000601042011, vmgump.apache.org:vmgump:06000601042011 Gump E-mail Identifier (unique within run) #11. -- Apache Gump http://gump.apache.org/ [Instance: vmgump] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48685] Spnego Support in Tomcat
https://issues.apache.org/bugzilla/show_bug.cgi?id=48685 --- Comment #39 from Michael Osipov <1983-01...@gmx.net> 2011-04-01 05:46:38 EDT --- (In reply to comment #38) > Looks like you have a build environment problem. It builds fine for me and the > multiple CI systems (buildbot and gump) that build this codebase. The users > list is the best place to get help with that. I am sure it's not. The problem lies int he tomcat-docs.xsl. I have saxon9 on my ant/lib classpath and is notifies about broken data. Read this for reference: http://web.archiveorange.com/archive/v/rNJIEC48MBLYfxAORgpH Michael Kay even said that the user has to fix his xml. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087643 - in /tomcat/trunk: java/org/apache/catalina/ java/org/apache/catalina/authenticator/ java/org/apache/catalina/core/ java/org/apache/catalina/startup/ test/org/apache/catalina/cor
Author: markt
Date: Fri Apr 1 10:49:43 2011
New Revision: 1087643
URL: http://svn.apache.org/viewvc?rev=1087643&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=12428
Add optional support for preemptive authentication on a per context basis
Based on a patch suggested by Werner Donn
Added:
tomcat/trunk/test/webapp-3.0-servletsecurity2/
tomcat/trunk/test/webapp-3.0-servletsecurity2/WEB-INF/
tomcat/trunk/test/webapp-3.0-servletsecurity2/WEB-INF/web.xml (with props)
tomcat/trunk/test/webapp-3.0-servletsecurity2/protected.jsp (with props)
tomcat/trunk/test/webapp-3.0-servletsecurity2/unprotected.jsp (with props)
Modified:
tomcat/trunk/java/org/apache/catalina/Context.java
tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
tomcat/trunk/test/org/apache/catalina/core/TestStandardWrapper.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/context.xml
Modified: tomcat/trunk/java/org/apache/catalina/Context.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/Context.java?rev=1087643&r1=1087642&r2=1087643&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/Context.java (original)
+++ tomcat/trunk/java/org/apache/catalina/Context.java Fri Apr 1 10:49:43 2011
@@ -1349,5 +1349,18 @@ public interface Context extends Contain
*/
public boolean getFireRequestListenersOnForwards();
+/**
+ * Configures if a user presents authentication credentials, whether the
+ * context will process them when the request is for a non-protected
+ * resource.
+ */
+public void setPreemptiveAuthentication(boolean enable);
+
+/**
+ * Determines if a user presents authentication credentials, will the
+ * context will process them when the request is for a non-protected
+ * resource.
+ */
+public boolean getPreemptiveAuthentication();
}
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1087643&r1=1087642&r2=1087643&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
Fri Apr 1 10:49:43 2011
@@ -21,6 +21,7 @@ package org.apache.catalina.authenticato
import java.io.IOException;
import java.security.Principal;
+import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
@@ -32,6 +33,7 @@ import javax.servlet.http.HttpServletRes
import org.apache.catalina.Authenticator;
import org.apache.catalina.Container;
import org.apache.catalina.Context;
+import org.apache.catalina.Globals;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Manager;
import org.apache.catalina.Realm;
@@ -454,8 +456,7 @@ public abstract class AuthenticatorBase
SecurityConstraint [] constraints
= realm.findSecurityConstraints(request, this.context);
-if ((constraints == null) /* &&
-(!Constants.FORM_METHOD.equals(config.getAuthMethod())) */ ) {
+if (constraints == null && !context.getPreemptiveAuthentication()) {
if (log.isDebugEnabled())
log.debug(" Not subject to any constraint");
getNext().invoke(request, response);
@@ -464,7 +465,7 @@ public abstract class AuthenticatorBase
// Make sure that constrained resources are not cached by web proxies
// or browsers as caching can provide a security hole
-if (disableProxyCaching &&
+if (constraints != null && disableProxyCaching &&
// FIXME: Disabled for Mozilla FORM support over SSL
// (improper caching issue)
//!request.isSecure() &&
@@ -482,36 +483,55 @@ public abstract class AuthenticatorBase
}
int i;
-// Enforce any user data constraint for this security constraint
-if (log.isDebugEnabled()) {
-log.debug(" Calling hasUserDataPermission()");
-}
-if (!realm.hasUserDataPermission(request, response,
- constraints)) {
+if (constraints != null) {
+// Enforce any user data constraint for this security constraint
if (log.isDebugEnabled()) {
-log.debug(" Failed hasUserDataPermission() test");
+log.debug(" Calling hasUserDataPermission()");
+}
+if (!realm.hasUserDataPermission(request, response,
+
[GUMP@vmgump]: Project tomcat-trunk-test (in module tomcat-trunk) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-trunk-test has an issue affecting its community integration. This issue affects 1 projects, and has been outstanding for 2 runs. The current state of this project is 'Failed', with reason 'Build Timed Out'. For reference only, the following projects are affected by this: - tomcat-trunk-test : Java Servlet 3.0, Java Server Pages 2.2 & Expression Languag... Full details are available at: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -DEBUG- Dependency on tomcat-trunk-dbcp exists, no need to add for property tomcat-dbcp-src.jar. -DEBUG- Dependency on commons-daemon exists, no need to add for property commons-daemon.native.src.tgz. -DEBUG- Dependency on commons-daemon exists, no need to add for property tomcat-native.tar.gz. -DEBUG- Dependency on tomcat-trunk-dbcp exists, no need to add for property tomcat-dbcp.home. -INFO- Failed with reason build timed out -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-trunk/output/build/logs The following work was performed: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test/gump_work/build_tomcat-trunk_tomcat-trunk-test.html Work Name: build_tomcat-trunk_tomcat-trunk-test (Type: Build) Work ended in a state of : Failed Elapsed: 60 mins Command Line: /usr/lib/jvm/java-6-openjdk/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Djunit.jar=/srv/gump/public/workspace/junit/dist/junit-01042011.jar -Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-01042011-native-src.tar.gz -Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-01042011-native-src.tar.gz -Dexamples.sources.skip=true -Dtomcat-dbcp.home=/srv/gump/public/workspace/tomcat-trunk/tomcat-deps -Djdt.jar=/srv/gump/packages/eclipse/plugins/org.eclipse.jdt.core_3.4.2/jdtcore.jar -Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-01042011.jar -Dtomcat-dbcp-src.jar=/srv/gump/public/workspace/tomcat-trunk/tomcat-deps/tomcat-dbcp-src.jar -Dcommons-pool.home=/srv/gump/public/workspace/commons-pool-1.x -Dcommons-dbcp.home=/srv/gump/public/worksp ace/apache-commons/dbcp -Dcheckstyle.jar=/srv/gump/public/workspace/checkstyle/target/checkstyle-*[0-9T].jar -Dtomcat-dbcp.jar=/srv/gump/public/workspace/tomcat-trunk/tomcat-deps/tomcat-dbcp-01042011.jar test [Working Directory: /srv/gump/public/workspace/tomcat-trunk] CLASSPATH: /usr/lib/jvm/java-6-openjdk/lib/tools.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-trunk/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/packages/junit3.8.1/junit.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/servlet-api.jar:/srv /gump/public/workspace/tomcat-trunk/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ha.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-util.jar:/srv/gump/packages/javamail-1.4/mail.jar:/srv/gump/packages/javamail-1.4/lib/mailapi.jar:/srv/gump/packages/jaf-1.1ea/activation.jar:/srv/gump/packages/eclipse/plugins/org.eclipse.jdt.core_3.4.2/jdtcore. jar:/srv/gump/public/workspace/tomcat-trunk/tomcat-deps/tomcat-dbcp-010420
DO NOT REPLY [Bug 48685] Spnego Support in Tomcat
https://issues.apache.org/bugzilla/show_bug.cgi?id=48685 --- Comment #40 from Michael Osipov <1983-01...@gmx.net> 2011-04-01 07:10:15 EDT --- Mark, there are some glitches which have to be addressed in my opinion: Constants.java: - DEFAULT_SPN_CLASS is never used, forgot to delete? - DEFAULT_KRB5_CONF value: .ini is Windows style, on Unix is krb5.conf only. I would stick to that convention. I.e., split in two props. - DEFAULT_LOGIN_MODULE_NAME value: this is Oracle-specific, I would rather use a vendor-agnostic name like 'tomcat-accept'. (Same rule as in tomcat.keytab) SpnegoAuthenticator.java: - 'storeDelegatedCredentials' rename to 'storeDelegatedCredential' since GSSContext uses singular and the realm does the same, applies to may JavaDocs too - It might be worth checking of '/etc/krb5.conf' or 'C:\Windows\krb5.ini' because those are default locations on those OSs and this is what the JVM does if you did not overwrite the property. See http://download.oracle.com/javase/1.4.2/docs/guide/security/jgss/tutorials/KerberosReq.html => Locating the krb5.conf Configuration File RealmBase.java: - 'stripAtForGss' rename to 'stripRealm'. I think this one reads better. - There is no option to sign in with Kerberos into a directory server. Only delegated credential works. This might be problematic if some user account is not trusted for cred deleg. I don't like to fall back to plain password. Did I miss that spot in the code? - Property 'javax.security.sasl.server.authentication' should be configurable. It applies at least to GSSAPI. - Property 'javax.security.sasl.qop' should be configurable. It applies at least to GSSAPI *and* DIGEST-MD5. See here for more ref: http://download.oracle.com/javase/jndi/tutorial/ldap/security/sasl.html I did not yet try the code, I just made a review. I will check docs separately. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087650 - /tomcat/trunk/java/org/apache/catalina/authenticator/Constants.java
Author: markt
Date: Fri Apr 1 11:14:00 2011
New Revision: 1087650
URL: http://svn.apache.org/viewvc?rev=1087650&view=rev
Log:
Removed unused code
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/Constants.java
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/Constants.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/Constants.java?rev=1087650&r1=1087649&r2=1087650&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/authenticator/Constants.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/Constants.java Fri Apr
1 11:14:00 2011
@@ -38,8 +38,6 @@ public class Constants {
public static final String FORM_USERNAME = "j_username";
// SPNEGO authentication constants
-public static final String DEFAULT_KEYTAB = "conf/tomcat.keytab";
-public static final String DEFAULT_SPN_CLASS = "HTTP";
public static final String KRB5_CONF_PROPERTY = "java.security.krb5.conf";
public static final String DEFAULT_KRB5_CONF = "conf/krb5.ini";
public static final String JAAS_CONF_PROPERTY =
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087651 - in /tomcat/trunk: java/org/apache/catalina/authenticator/SpnegoAuthenticator.java webapps/docs/config/valve.xml
Author: markt
Date: Fri Apr 1 11:16:02 2011
New Revision: 1087651
URL: http://svn.apache.org/viewvc?rev=1087651&view=rev
Log:
Consistent naming
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
tomcat/trunk/webapps/docs/config/valve.xml
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java?rev=1087651&r1=1087650&r2=1087651&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
Fri Apr 1 11:16:02 2011
@@ -59,13 +59,13 @@ public class SpnegoAuthenticator extends
this.loginConfigName = loginConfigName;
}
-private boolean storeDelegatedCredentials = true;
-public boolean isStoreDelegatedCredentials() {
-return storeDelegatedCredentials;
-}
-public void setStoreDelegatedCredentials(
-boolean storeDelegatedCredentials) {
-this.storeDelegatedCredentials = storeDelegatedCredentials;
+private boolean storeDelegatedCredential = true;
+public boolean isStoreDelegatedCredential() {
+return storeDelegatedCredential;
+}
+public void setStoreDelegatedCredential(
+boolean storeDelegatedCredential) {
+this.storeDelegatedCredential = storeDelegatedCredential;
}
@@ -221,7 +221,7 @@ public class SpnegoAuthenticator extends
}
principal = context.getRealm().authenticate(gssContext,
-storeDelegatedCredentials);
+storeDelegatedCredential);
} catch (GSSException e) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("spnegoAuthenticator.ticketValidateFail",
Modified: tomcat/trunk/webapps/docs/config/valve.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1087651&r1=1087650&r2=1087651&view=diff
==
--- tomcat/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/trunk/webapps/docs/config/valve.xml Fri Apr 1 11:16:02 2011
@@ -891,9 +891,9 @@
specified, the platform default provider will be used.
-
-Controls if the user' delegated credentials will be stored in
-the user Principal. If available, the delegated credentials will be
+
+Controls if the user' delegated credential will be stored in
+the user Principal. If available, the delegated credential will be
available to applications (e.g. for onward authentication to external
services) via the org.apache.catalina.realm.GSS_CREDENTIAL
request attribute.If not set, the default value of true
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 12428] request.getUserPrincipal(): Misinterpretation of specification?
https://issues.apache.org/bugzilla/show_bug.cgi?id=12428 Mark Thomas changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||FIXED --- Comment #29 from Mark Thomas 2011-04-01 07:21:31 EDT --- This has been fixed in 7.0.x and will be included in 7.0.12 onwards. It is disable by default but can be enabled on a per context basis. To address some of the points raised in comment 26: I don't believe RFC2617 or the Servlet specification are sufficiently clear to enable preemptive authentication by default. They are open to interpretation and my reading of them is that there are ambiguities in the language that defines the server response in such a scenario. I did not say that an application cannot trigger authentication by returning a 401 response. My point was that if the application uses the Servlet 3.0 API to manually implement preemptive authentication, it needs to consider what to do if that authentication fails when the client has requested a non-protected resource. Returning a 401 in that case strikes me as the wrong thing to do but that goes back to the ambiguity in the Servlet spec and RFC2617. Regarding programmatic security and declarative security, the relationship between them is set out in section 13 if the servlet spec. The point I was making was that if an application uses both declarative security and programmatic security and the programmatic security performs actions normally handled by declarative security (e.g. sending and processing authentication headers) then you need to be careful to ensure that the two do not interfere. To summarise the current position: - with alwaysUseSession and cache enabled on an authenticator, the authenticated user name and principal will be available to all requests once the user has accessed a protected resource - with preemptiveAuthentication enabled on an authenticator, the authenticated user name and principal will always be available -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087652 - in /tomcat/trunk: java/org/apache/catalina/realm/RealmBase.java webapps/docs/config/realm.xml
Author: markt
Date: Fri Apr 1 11:23:54 2011
New Revision: 1087652
URL: http://svn.apache.org/viewvc?rev=1087652&view=rev
Log:
Better name
Modified:
tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java
tomcat/trunk/webapps/docs/config/realm.xml
Modified: tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=1087652&r1=1087651&r2=1087652&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java Fri Apr 1
11:23:54 2011
@@ -155,7 +155,7 @@ public abstract class RealmBase extends
* When processing users authenticated via the GSS-API, should any
* "@..." be stripped from the end of the user name?
*/
-protected boolean stripAtForGss = true;
+protected boolean stripRealmForGss = true;
// - Properties
@@ -279,13 +279,13 @@ public abstract class RealmBase extends
}
-public boolean isStripAtForGss() {
-return stripAtForGss;
+public boolean isStripRealmForGss() {
+return stripRealmForGss;
}
-public void setStripAtForGss(boolean stripAtForGss) {
-this.stripAtForGss = stripAtForGss;
+public void setStripRealmForGss(boolean stripRealmForGss) {
+this.stripRealmForGss = stripRealmForGss;
}
@@ -454,7 +454,7 @@ public abstract class RealmBase extends
if (gssName!= null) {
String name = gssName.toString();
-if (isStripAtForGss()) {
+if (isStripRealmForGss()) {
int i = name.indexOf('@');
if (i > 0) {
// Zero so we don;t leave a zero length name
Modified: tomcat/trunk/webapps/docs/config/realm.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/realm.xml?rev=1087652&r1=1087651&r2=1087652&view=diff
==
--- tomcat/trunk/webapps/docs/config/realm.xml (original)
+++ tomcat/trunk/webapps/docs/config/realm.xml Fri Apr 1 11:23:54 2011
@@ -143,7 +143,7 @@
a role name assigned to the corresponding user.
-
+
When processing users authenticated via the GSS-API, this attribute
controls if any "@..." is removed from the end of the user
name. If not specified, the default is true.
@@ -230,7 +230,7 @@
a role name assigned to the corresponding user.
-
+
When processing users authenticated via the GSS-API, this attribute
controls if any "@..." is removed from the end of the user
name. If not specified, the default is true.
@@ -451,7 +451,7 @@
0 is used which indicates no limit.
-
+
When processing users authenticated via the GSS-API, this attribute
controls if any "@..." is removed from the end of the user
name. If not specified, the default is true.
@@ -597,7 +597,7 @@
default value is conf/tomcat-users.xml.
-
+
When processing users authenticated via the GSS-API, this attribute
controls if any "@..." is removed from the end of the user
name. If not specified, the default is true.
@@ -672,7 +672,7 @@
for your role Principals.
-
+
When processing users authenticated via the GSS-API, this attribute
controls if any "@..." is removed from the end of the user
name. If not specified, the default is true.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48685] Spnego Support in Tomcat
https://issues.apache.org/bugzilla/show_bug.cgi?id=48685 --- Comment #41 from Mark Thomas 2011-04-01 07:30:16 EDT --- (In reply to comment #40) > - DEFAULT_SPN_CLASS is never used, forgot to delete? Fixed > - DEFAULT_KRB5_CONF value: .ini is Windows style, on Unix is krb5.conf only. I > would stick to that convention. I.e., split in two props. Happy with the current default. Can be set via system property. > - DEFAULT_LOGIN_MODULE_NAME value: this is Oracle-specific, I would rather use > a vendor-agnostic name like 'tomcat-accept'. (Same rule as in tomcat.keytab) Happy with the current default. Users can change if desired. > - 'storeDelegatedCredentials' rename to 'storeDelegatedCredential' fixed > - 'stripAtForGss' rename to 'stripRealm' Changed to stripRealmForGss > - There is no option to sign in with Kerberos into a directory server. Only > delegated credential works. This might be problematic if some user account is > not trusted for cred deleg. I don't like to fall back to plain password. Did I > miss that spot in the code? Nope. Please open an enhancement request. > - Property 'javax.security.sasl.server.authentication' should be configurable. > It applies at least to GSSAPI. > - Property 'javax.security.sasl.qop' should be configurable. It applies at > least to GSSAPI *and* DIGEST-MD5. Another enhancement request please. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087655 - in /tomcat/trunk: java/org/apache/catalina/authenticator/ java/org/apache/catalina/realm/ test/org/apache/catalina/authenticator/ webapps/docs/ webapps/docs/config/
Author: markt
Date: Fri Apr 1 11:36:54 2011
New Revision: 1087655
URL: http://svn.apache.org/viewvc?rev=1087655&view=rev
Log:
Add additional configuration options to the DIGEST authenticator
Added:
tomcat/trunk/test/org/apache/catalina/authenticator/TestDigestAuthenticator.java
(with props)
tomcat/trunk/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
(with props)
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml
tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/valve.xml
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java?rev=1087655&r1=1087654&r2=1087655&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java
Fri Apr 1 11:36:54 2011
@@ -23,11 +23,14 @@ import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
+import java.util.LinkedHashMap;
+import java.util.Map;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.catalina.LifecycleException;
import org.apache.catalina.Realm;
import org.apache.catalina.connector.Request;
import org.apache.catalina.deploy.LoginConfig;
@@ -46,8 +49,8 @@ import org.apache.juli.logging.LogFactor
* @version $Id$
*/
-public class DigestAuthenticator
-extends AuthenticatorBase {
+public class DigestAuthenticator extends AuthenticatorBase {
+
private static final Log log =
LogFactory.getLog(DigestAuthenticator.class);
@@ -66,6 +69,11 @@ public class DigestAuthenticator
"org.apache.catalina.authenticator.DigestAuthenticator/1.0";
+/**
+ * Tomcat's DIGEST implementation only supports auth quality of protection.
+ */
+protected static final String QOP = "auth";
+
// --- Constructors
@@ -91,15 +99,46 @@ public class DigestAuthenticator
/**
+ * List of client nonce values currently being tracked
+ */
+protected Map cnonces;
+
+
+/**
+ * Maximum number of client nonces to keep in the cache. If not specified,
+ * the default value of 1000 is used.
+ */
+protected int cnonceCacheSize = 1000;
+
+
+/**
* Private key.
*/
-protected String key = "Catalina";
+protected String key = null;
-// - Properties
+/**
+ * How long server nonces are valid for in milliseconds. Defaults to 5
+ * minutes.
+ */
+protected long nonceValidity = 5 * 60 * 1000;
+
+
+/**
+ * Opaque string.
+ */
+protected String opaque;
/**
+ * Should the URI be validated as required by RFC2617? Can be disabled in
+ * reverse proxies where the proxy has modified the URI.
+ */
+protected boolean validateUri = true;
+
+// - Properties
+
+/**
* Return descriptive information about this Valve implementation.
*/
@Override
@@ -110,9 +149,58 @@ public class DigestAuthenticator
}
-// - Public Methods
+public int getCnonceCacheSize() {
+return cnonceCacheSize;
+}
+
+
+public void setCnonceCacheSize(int cnonceCacheSize) {
+this.cnonceCacheSize = cnonceCacheSize;
+}
+
+
+public String getKey() {
+return key;
+}
+
+
+public void setKey(String key) {
+this.key = key;
+}
+
+
+public long getNonceValidity() {
+return nonceValidity;
+}
+
+
+public void setNonceValidity(long nonceValidity) {
+this.nonceValidity = nonceValidity;
+}
+
+
+public String getOpaque() {
+return opaque;
+}
+
+
+public void setOpaque(String opaque) {
+this.opaque = opaque;
+}
+
+
+public boolean isValidateUri() {
+return validateUri;
+}
+
+
+public void setValidateUri(boolean validateUri) {
+this.validateUri = validateUri;
+}
+// - Public Methods
+
/**
* Authenticate the user making this request, based on the specified
* login configuration. Return true if any specified
@@ -173,8 +261,13 @@ public
Time for 7.0.12
Hi, It is the beginning of the month so I am shortly going to start the release process for 7.0.12. Assuming no problems, expect the vote towards the end of today. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [GUMP@vmgump]: Project tomcat-trunk-test (in module tomcat-trunk) failed
On 01/04/2011 10:54, Bill Barker wrote: > Full details are available at: > > http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test/index.html I'm seeing a slightly different issue when I run the unit tests. Tomcat hangs during shutdown. It looks to be hanging in the DedicatedThreadExecutor. Taking a look now... Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48685] Spnego Support in Tomcat
https://issues.apache.org/bugzilla/show_bug.cgi?id=48685 --- Comment #42 from Michael Osipov <1983-01...@gmx.net> 2011-04-01 08:41:22 EDT --- Mark, I just compiled and deployed 7.0.12-dev to our test server. It works but fails at some point. The default server.xml is configured with: The Authentication fails at: UserDatabaseRealm line 215 because the use cannot be found in the database. I think there is a huge misconception from your point of view. Kerberos is not something which simply passes credentials to a realm. Kerberos IS THE REALM. You cannot and should not pass that username to any other realm but to an authorizing realm. In this case the user cannot be authenticated and gets locked out. The way it is coded right now won't work. Kerberos sole purpose is to indentify the user properly and this works flawlessly in my Eclipse debug session and in Fiddler. Mike -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48685] Spnego Support in Tomcat
https://issues.apache.org/bugzilla/show_bug.cgi?id=48685 --- Comment #43 from Michael Osipov <1983-01...@gmx.net> 2011-04-01 08:47:46 EDT --- (In reply to comment #41) > (In reply to comment #40) > > - DEFAULT_SPN_CLASS is never used, forgot to delete? > Fixed > > > - DEFAULT_KRB5_CONF value: .ini is Windows style, on Unix is krb5.conf > > only. I > > would stick to that convention. I.e., split in two props. > Happy with the current default. Can be set via system property. I personally disagree because Tomcat most popular platform is some Unix flavor. > > - DEFAULT_LOGIN_MODULE_NAME value: this is Oracle-specific, I would rather > > use > > a vendor-agnostic name like 'tomcat-accept'. (Same rule as in tomcat.keytab) > Happy with the current default. Users can change if desired. I disagree again because abstraction is not missing and not everyone uses an Oracle JVM. > > - There is no option to sign in with Kerberos into a directory server. Only > > delegated credential works. This might be problematic if some user account > > is > > not trusted for cred deleg. I don't like to fall back to plain password. > > Did I > > miss that spot in the code? > Nope. Please open an enhancement request. Will do! > > - Property 'javax.security.sasl.server.authentication' should be > > configurable. > > It applies at least to GSSAPI. > > - Property 'javax.security.sasl.qop' should be configurable. It applies at > > least to GSSAPI *and* DIGEST-MD5. > Another enhancement request please. Will do! -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 48685] Spnego Support in Tomcat
https://issues.apache.org/bugzilla/show_bug.cgi?id=48685 --- Comment #44 from Michael Osipov <1983-01...@gmx.net> 2011-04-01 08:49:08 EDT --- (In reply to comment #43) > I disagree again because abstraction is not missing and not everyone uses an > Oracle JVM. Should read: I disagree again because abstraction is missing and not everyone uses an... -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1087655 - in /tomcat/trunk: java/org/apache/catalina/authenticator/ java/org/apache/catalina/realm/ test/org/apache/catalina/authenticator/ webapps/docs/ webapps/docs/config/
2011/4/1 : > Author: markt > Date: Fri Apr 1 11:36:54 2011 > New Revision: 1087655 > > URL: http://svn.apache.org/viewvc?rev=1087655&view=rev > Log: > Add additional configuration options to the DIGEST authenticator > > Added: > > tomcat/trunk/test/org/apache/catalina/authenticator/TestDigestAuthenticator.java > (with props) > > tomcat/trunk/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java > (with props) Tester* ? Unusual name. > Modified: > > tomcat/trunk/java/org/apache/catalina/authenticator/DigestAuthenticator.java > tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties > tomcat/trunk/java/org/apache/catalina/authenticator/mbeans-descriptors.xml > tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java > tomcat/trunk/webapps/docs/changelog.xml > tomcat/trunk/webapps/docs/config/valve.xml > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1087655 - in /tomcat/trunk: java/org/apache/catalina/authenticator/ java/org/apache/catalina/realm/ test/org/apache/catalina/authenticator/ webapps/docs/ webapps/docs/config/
On 01/04/2011 14:09, Konstantin Kolinko wrote: > 2011/4/1 : >> Author: markt >> Date: Fri Apr 1 11:36:54 2011 >> New Revision: 1087655 >> >> URL: http://svn.apache.org/viewvc?rev=1087655&view=rev >> Log: >> Add additional configuration options to the DIGEST authenticator >> >> Added: >> >> tomcat/trunk/test/org/apache/catalina/authenticator/TestDigestAuthenticator.java >>(with props) >> >> tomcat/trunk/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java >>(with props) > > Tester* ? Unusual name. So it doesn't get triggered by the Ant test task. Anything called Tester* is skipped. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [GUMP@vmgump]: Project tomcat-trunk-test (in module tomcat-trunk) failed
2011/4/1 Mark Thomas : > On 01/04/2011 10:54, Bill Barker wrote: > >> Full details are available at: >> >> http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test/index.html > > I'm seeing a slightly different issue when I run the unit tests. Tomcat > hangs during shutdown. It looks to be hanging in the > DedicatedThreadExecutor. Taking a look now... > http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test/index.html Start: Fri, 01 Apr 2011 09:54:25 (UTC) Elapsed:60 mins >From quick glance I do not see hangs there. Last output is [junit] Running org.apache.naming.resources.TestNamingContext ... [junit] Apr 1, 2011 10:53:38 AM [junit] org.apache.catalina.core.StandardEngine startInternal [junit] INFO: Starting Servlet Engine: Apache Tomcat/7.0.12-dev The whole hour since 09:54 Tomcat was running the tests. And it is just the bio connector. The time used to run up to TestNamingContext test is about 80% of the test run for a single connector. > Tomcat hangs during shutdown. I did not observe any issues with DedicatedThreadExecutor. All runs OK for me. (three connectors, Win32, JDK 6u24). Running the tests several days ago I once saw hanging in the org.apache.tomcat.jni.Library.terminate(Native Method) call during shutdown. That is with APR connector, native 1.1.20 / win32. That happened only once and was not reproducible ever since. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [GUMP@vmgump]: Project tomcat-trunk-test (in module tomcat-trunk) failed
On 01/04/2011 14:37, Konstantin Kolinko wrote: > 2011/4/1 Mark Thomas : >> Tomcat hangs during shutdown. > > I did not observe any issues with DedicatedThreadExecutor. All runs OK > for me. (three connectors, Win32, JDK 6u24). I'm seeing random hangs will all three connectors. Win64, JDK 6u26, 8-core machine. > Running the tests several days ago I once saw hanging in the > org.apache.tomcat.jni.Library.terminate(Native Method) > > call during shutdown. That is with APR connector, native 1.1.20 / > win32. That happened only once and was not reproducible ever since. Haven't seen that one yet. I am just testing a work-around for the hanging on shutdown issue. It seems to be OK at the moment. I'll commit it if the unit tests all pass. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087709 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Fri Apr 1 13:55:25 2011 New Revision: 1087709 URL: http://svn.apache.org/viewvc?rev=1087709&view=rev Log: Proposal Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1087709&r1=1087708&r2=1087709&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Fri Apr 1 13:55:25 2011 @@ -179,3 +179,9 @@ PATCHES PROPOSED TO BACKPORT: http://svn.apache.org/viewvc?rev=1081334&view=rev +1: markt, kkolinko -1: + +* Add additional configuration options to the DIGEST authenticator + http://people.apache.org/~markt/patches/2011-04-01-digest-tc6.patch + +1: markt + -1: + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087710 - /tomcat/tc5.5.x/trunk/STATUS.txt
Author: markt Date: Fri Apr 1 13:56:12 2011 New Revision: 1087710 URL: http://svn.apache.org/viewvc?rev=1087710&view=rev Log: Proposal Modified: tomcat/tc5.5.x/trunk/STATUS.txt Modified: tomcat/tc5.5.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=1087710&r1=1087709&r2=1087710&view=diff == --- tomcat/tc5.5.x/trunk/STATUS.txt (original) +++ tomcat/tc5.5.x/trunk/STATUS.txt Fri Apr 1 13:56:12 2011 @@ -56,3 +56,8 @@ PATCHES PROPOSED TO BACKPORT: http://svn.apache.org/viewvc?rev=1078409&view=rev +1: markt, kfujino -1: + +* Add additional configuration options to the DIGEST authenticator + http://people.apache.org/~markt/patches/2011-04-01-digest-tc5.patch + +1: markt + -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [GUMP@vmgump]: Project tomcat-trunk-test (in module tomcat-trunk) failed
2011/4/1 Mark Thomas : > On 01/04/2011 14:37, Konstantin Kolinko wrote: >> 2011/4/1 Mark Thomas : > >>> Tomcat hangs during shutdown. >> >> I did not observe any issues with DedicatedThreadExecutor. All runs OK >> for me. (three connectors, Win32, JDK 6u24). > > I'm seeing random hangs will all three connectors. Win64, JDK 6u26, 6u24 as well, probably. It is the latest, http://www.oracle.com/technetwork/java/javase/downloads/index.html and u25 is in early access, http://jdk6.java.net/6uNea.html > 8-core machine. > >> Running the tests several days ago I once saw hanging in the >> org.apache.tomcat.jni.Library.terminate(Native Method) >> >> call during shutdown. That is with APR connector, native 1.1.20 / >> win32. That happened only once and was not reproducible ever since. > > Haven't seen that one yet. > > I am just testing a work-around for the hanging on shutdown issue. It > seems to be OK at the moment. I'll commit it if the unit tests all pass. > Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [GUMP@vmgump]: Project tomcat-trunk-test (in module tomcat-trunk) failed
On 01/04/2011 15:01, Konstantin Kolinko wrote: > 2011/4/1 Mark Thomas : >> On 01/04/2011 14:37, Konstantin Kolinko wrote: >>> 2011/4/1 Mark Thomas : >> Tomcat hangs during shutdown. >>> >>> I did not observe any issues with DedicatedThreadExecutor. All runs OK >>> for me. (three connectors, Win32, JDK 6u24). >> >> I'm seeing random hangs will all three connectors. Win64, JDK 6u26, > > 6u24 as well, probably. It is the latest, > http://www.oracle.com/technetwork/java/javase/downloads/index.html > and u25 is in early access, > http://jdk6.java.net/6uNea.html Sorry - 6u24 - I was typing too quickly. Mark > >> 8-core machine. >> >>> Running the tests several days ago I once saw hanging in the >>> org.apache.tomcat.jni.Library.terminate(Native Method) >>> >>> call during shutdown. That is with APR connector, native 1.1.20 / >>> win32. That happened only once and was not reproducible ever since. >> >> Haven't seen that one yet. >> >> I am just testing a work-around for the hanging on shutdown issue. It >> seems to be OK at the moment. I'll commit it if the unit tests all pass. >> > > Best regards, > Konstantin Kolinko > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087715 - in /tomcat/trunk: java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml
Author: markt
Date: Fri Apr 1 14:24:43 2011
New Revision: 1087715
URL: http://svn.apache.org/viewvc?rev=1087715&view=rev
Log:
Workaround shutdown issue in unit tests
Modified:
tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=1087715&r1=1087714&r2=1087715&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Fri Apr 1
14:24:43 2011
@@ -5414,14 +5414,21 @@ public class StandardContext extends Con
// we do it in a dedicated thread for memory leak protection, in
// case some webapp code registers some ThreadLocals that they
// forget to cleanup
-DedicatedThreadExecutor.executeInOwnThread(
-new Callable() {
+// TODO Figure out why DedicatedThreadExecutor hangs randomly in
the
+// unit tests if used here
+RunnableWithLifecycleException stop =
+new RunnableWithLifecycleException() {
@Override
-public Void call() throws Exception {
+public void run() {
ClassLoader old = bindThread();
try {
for (int i = 0; i < children.length; i++) {
-children[i].stop();
+try {
+children[i].stop();
+} catch (LifecycleException e) {
+le = e;
+return;
+}
}
// Stop our filters
@@ -5430,19 +5437,35 @@ public class StandardContext extends Con
// Stop ContainerBackgroundProcessor thread
threadStop();
-if ((manager != null) &&
-(manager instanceof Lifecycle)) {
-((Lifecycle) manager).stop();
+if (manager != null && manager instanceof Lifecycle) {
+try {
+((Lifecycle) manager).stop();
+} catch (LifecycleException e) {
+le = e;
+return;
+}
}
// Stop our application listeners
listenerStop();
-return null;
}finally{
unbindThread(old);
}
}
-});
+};
+
+Thread t = new Thread(stop);
+t.setName("stop children - " + getObjectName().toString());
+t.run();
+try {
+t.join();
+} catch (InterruptedException e) {
+// Shouldn't happen
+throw new LifecycleException(e);
+}
+if (stop.getLifecycleException() != null) {
+throw stop.getLifecycleException();
+}
// Finalize our character set mapper
setCharsetMapper(null);
@@ -6492,4 +6515,13 @@ public class StandardContext extends Con
return false;
}
+private abstract static class RunnableWithLifecycleException
+implements Runnable {
+
+protected LifecycleException le = null;
+
+public LifecycleException getLifecycleException() {
+return le;
+}
+}
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1087715&r1=1087714&r2=1087715&view=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Apr 1 14:24:43 2011
@@ -151,6 +151,10 @@
Provide additional configuration options for the DIGEST authenticator.
(markt)
+
+Provide a workaround for Tomcat hanging during shutdown when running
the
+unit tests. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087720 - in /tomcat: tc6.0.x/trunk/webapps/docs/config/http.xml trunk/webapps/docs/config/http.xml
Author: kkolinko Date: Fri Apr 1 14:30:25 2011 New Revision: 1087720 URL: http://svn.apache.org/viewvc?rev=1087720&view=rev Log: Correct typos in description of NIO connector in config/http.html, especially in TC6. An attribute is called "processorCache", not "processCache". Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml?rev=1087720&r1=1087719&r2=1087720&view=diff == --- tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/config/http.xml Fri Apr 1 14:30:25 2011 @@ -409,7 +409,7 @@ The NIO connector exposes all the low level socket properties that can be used to tune the connector. Most of these attributes are directly linked to the socket implementation in the JDK so you can find out about the actual meaning in the JDK API documentation. -NoteOn some JDK versions, setTrafficClass causes a problem, a work around for this is to add +Note: On some JDK versions, setTrafficClass causes a problem, a work around for this is to add the -Djava.net.preferIPv4Stack=true value to your command line @@ -466,7 +466,7 @@ (bool)Whether to allow comet servlets or not, Default value is true. - + (int)The protocol handler caches Http11NioProcessor objects to speed up performance. This setting dictates how many of these objects get cached. -1 means unlimited, default is 200. Set this value somewhere close to your maxThreads value. @@ -586,10 +586,11 @@ The following command line options are available for the NIO connector: --Dorg.apache.tomcat.util.net.NioSelectorShared=true|false - default is true. -Set this value to false if you wish to use a selector for each thread. -the property. If you do set it to false, you can control the size of the pool of selectors by using the -selectorPool.maxSelectors attribute +-Dorg.apache.tomcat.util.net.NioSelectorShared=true|false +- default is true. Set this value to false if you wish to +use a selector for each thread. When you set it to false, you can +control the size of the pool of selectors by using the +selectorPool.maxSelectors attribute (int)The NIO connector implements an OutOfMemoryError strategy called parachute. Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1087720&r1=1087719&r2=1087720&view=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Fri Apr 1 14:30:25 2011 @@ -519,7 +519,7 @@ (byte)Value between 0 and 255 for the traffic class on the socket. JVM default used if not set. -NoteOn some JDK versions, setting +Note: On some JDK versions, setting soTrafficClass causes a problem. A work around for this is to add the -Djava.net.preferIPv4Stack=true value to your JVM options. @@ -687,10 +687,10 @@ The following command line options are available for the NIO connector: -Dorg.apache.tomcat.util.net.NioSelectorShared=true|false -- default is true. Set this value to false if you wish to -use a selector for each thread. If you do set it to false, you can +- default is true. Set this value to false if you wish to +use a selector for each thread. When you set it to false, you can control the size of the pool of selectors by using the -selectorPool.maxSelectors attribute. +selectorPool.maxSelectors attribute. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087721 - /tomcat/tc6.0.x/trunk/java/org/apache/juli/FileHandler.java
Author: kkolinko
Date: Fri Apr 1 14:39:24 2011
New Revision: 1087721
URL: http://svn.apache.org/viewvc?rev=1087721&view=rev
Log:
Document configuration properties of o.a.juli.FileHandler.
It is backport of JavaDoc from TC7 except the "rotatable" property which is not
implemented yet.
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/juli/FileHandler.java
Modified: tomcat/tc6.0.x/trunk/java/org/apache/juli/FileHandler.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/juli/FileHandler.java?rev=1087721&r1=1087720&r2=1087721&view=diff
==
--- tomcat/tc6.0.x/trunk/java/org/apache/juli/FileHandler.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/juli/FileHandler.java Fri Apr 1
14:39:24 2011
@@ -39,8 +39,37 @@ import java.util.logging.SimpleFormatter
/**
* Implementation of Handler that appends log messages to a file
- * named {prefix}.{date}.{suffix} in a configured directory, with an
- * optional preceding timestamp.
+ * named {prefix}{date}{suffix} in a configured directory.
+ *
+ * The following configuration properties are available:
+ *
+ *
+ * directory - The directory where to create the log file.
+ *If the path is not absolute, it is relative to the current working
+ *directory of the application. The Apache Tomcat configuration files
usually
+ *specify an absolute path for this property,
+ *${catalina.base}/logs
+ *Default value: logs
+ * prefix - The leading part of the log file name.
+ *Default value: juli.
+ * suffix - The trailing part of the log file name. Default
value: .log
+ * bufferSize - Configures buffering. The value of
0
+ *uses system default buffering (typically an 8K buffer will be used). A
+ *value of <0 forces a writer flush upon each log write. A
+ *value >0 uses a BufferedOutputStream with the defined
+ *value but note that the system default buffering will also be
+ *applied. Default value: -1
+ * encoding - Character set used by the log file. Default
value:
+ *empty string, which means to use the system default character set.
+ * level - The level threshold for this Handler. See the
+ *java.util.logging.Level class for the possible levels.
+ *Default value: ALL
+ * filter - The java.util.logging.Filter
+ *implementation class name for this Handler. Default value: unset
+ * formatter - The java.util.logging.Formatter
+ *implementation class name for this Handler. Default value:
+ *java.util.logging.SimpleFormatter
+ *
*
* @version $Id$
*/
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087738 - in /tomcat/tc6.0.x/trunk: ./ STATUS.txt java/org/apache/naming/resources/DirContextURLConnection.java webapps/docs/changelog.xml
Author: markt Date: Fri Apr 1 15:12:06 2011 New Revision: 1087738 URL: http://svn.apache.org/viewvc?rev=1087738&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=27988 Improve reporting of missing files Modified: tomcat/tc6.0.x/trunk/ (props changed) tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/java/org/apache/naming/resources/DirContextURLConnection.java tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc6.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Fri Apr 1 15:12:06 2011 @@ -1 +1 @@ -/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,666232,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729681,729809,729815,729934,730250,730590,731651,732859,732863,734734,740675,740684,742677,742697,742714,744160,744238,746321,746384,746425,747834,747863,748344,750258,750291,750921,751286-751287,751289,751295,752323,753039,757335,757774,758249,758365,758596,758616,758664,759074,761601,762868,762929,762936-762937,763166,763183,763193,763228,763262,763298,763302,763325,763599,763611,763654,763681,763706,764985,764997,765662,768335,769979,770716,77 0809,770876,772872,776921,776924,776935,776945,777464,777466,777576,777625,778379,778523-778524,781528,781779,782145,782791,783316,783696,783724,783756,783762,783766,783863,783934,784453,784602,784614,785381,785688,785768,785859,786468,786487,786490,786496,786667,787627,787770,787985,789389,790405,791041,791184,791194,791224,791243,791326,791328,791789,792740,793372,793757,793882,793981,794082,794673,794822,795043,795152,795210,795457,795466,797168,797425,797596,797607,802727,802940,804462,804544,804734,805153,809131,809603,810916,810977,812125,812137,812432,813001,813013,813866,814180,814708,814876,815972,816252,817442,817822,819339,819361,820110,820132,820874,820954,821397,828196,828201,828210,828225,828759,830378-830379,830999,831106,831774,831785,831828,831850,831860,832214,832218,833121,833545,834047,835036,835336,836405,881396,881412,883130,883134,883146,883165,883177,883362,883565,884341,885038,885231,885241,885260,885901,885991,886019,888072,889363,889606,889716,8901 39,890265,890349-890350,890417,891185-891187,891583,892198,892341,892415,892464,892555,892812,892814,892817,892843,892887,893321,893493,894580,894586,894805,894831,895013,895045,895057,895191,895392,895703,896370,896384,897380-897381,897776,898126,898256,898468,898527,898555,898558,898718,898836,898906,899284,899348,899420,899653,899769-899770,899783,899788,899792,899916,899918-899919,899935,899949,903916,905020,905151,905722,905728,905735,907311,907513,907538,907652,907819,907825,907864,908002,908721,908754,908759,909097,909206,909212,909525,909636,909869,909875,909887,910266,910370,910442,910471,910485,910974,915226,915737,915861,916097,916141,916157,916170,917598,917633,918093,918489,918594,918684,918787,918792,918799,918803,918885,919851,919914,920025,920055,920298,920449,920596,920824,920840,921444,922010,926716,927062,927621,928482,928695,928732,928798,931709,932357,932967,935105,935983,939491,939551,940064,941356,941463,944409,944416,945231,945808,945835,945841,946686 ,948057,950164,950596,950614,950851,950905,951615,953434,954435,955648,955655,956832,957130,957830,958192,960701,961948,962865,962872,962881,962900,963106,963865,963868,964614,966177-966178,966292,966692,966863,981815,988448,991837,993042,1001955,1002185,1002263,1002274,1002349,1002359,1002362,1002481,1002514,1003461,1003481,1003488,1003556,1003572,1003581,1003861,1004393,1004409,1004415,1004868-1004869,1004912,1005452,1005467,1005647,1005802,1022120,1022134,1022323,1022415,1022606,1022623,1024224,1024251,1026042,1026784,1026912,1026920,1029767,1033415,1033448,1033842,1033897,1037715,1037794,1037887,1037924,1038041,1042022,1042029,1042447,1042452,1042494,1044944,1044987,1050249,1055055,1055236,1055458,1055975,1056264,1056828,1056889,1059881,1061412,1061442,1061446,1062398,1064652,1066244,1067039,1067139,1070609,1072042,1075458,1078412 +/tomcat/trunk:601180,606992,612607,630314,640888,652744,653247,666232,673796,673820,677910,683969,683982,684001,684081,684234,684269-684270,685177,687503,687645,689402,690781,691392,691805,692748,693378,694992,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,713953,714002,718360,719119,719124,719602,719626,719628,720046,720069,721040,721286,721708,721886,723404,723738,726052,727303,728032,728768,728947,729057,729
DO NOT REPLY [Bug 27988] Unhelpful FileNotFoundException raised
https://issues.apache.org/bugzilla/show_bug.cgi?id=27988 --- Comment #3 from Mark Thomas 2011-04-01 11:12:27 EDT --- Fixed in 6.0.x and will be included in 6.0.33 onwards. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50957] Blocking IO can serve wrong response data
https://issues.apache.org/bugzilla/show_bug.cgi?id=50957 --- Comment #15 from Brad Plies 2011-04-01 12:16:03 EDT --- (In reply to comment #14) > It may be unrelated, but I'm trying to track down a (very) reproducible error > on one of our products where using Firefox with HTTP pipelining enabled > results > in garbled responses (and a smattering of 401 and 505 responses). > > The user reports of this error went along the lines of seeing JavaScript > content where HTML responses were expected, images switched etc., which sounds > similar to this. Thank you for the report. This report certainly matches the primary characteristic of swapped content. During my tests I do not recall observing those response codes, but that wasn't what I was primarily paying attention to anyway. I was triggering the condition via rapid browser reloads so perhaps some responses could have had unusual codes like that and I just missed them. Can you confirm the Tomcat version and that BIO is used? Have you tried NIO? If it is very reproducible what are the exact conditions that you have established to trigger it? Would you be able to provide a "Wireshark trace" as Mark recommended? -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50957] Blocking IO can serve wrong response data
https://issues.apache.org/bugzilla/show_bug.cgi?id=50957 --- Comment #16 from Brad Plies 2011-04-01 12:18:46 EDT --- I cannot remember now, but I'm sure I observed this under IE as well during my proxy tests. So I'm not certain this problem is confined to Firefox -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087791 - /tomcat/trunk/webapps/docs/realm-howto.xml
Author: kkolinko
Date: Fri Apr 1 16:38:07 2011
New Revision: 1087791
URL: http://svn.apache.org/viewvc?rev=1087791&view=rev
Log:
Update the realm-howto:
In TC7 the tomcat-util.jar is also needed on the classpath to call the
o.a.c.realm.RealmBase class.
Modified:
tomcat/trunk/webapps/docs/realm-howto.xml
Modified: tomcat/trunk/webapps/docs/realm-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/realm-howto.xml?rev=1087791&r1=1087790&r2=1087791&view=diff
==
--- tomcat/trunk/webapps/docs/realm-howto.xml (original)
+++ tomcat/trunk/webapps/docs/realm-howto.xml Fri Apr 1 16:38:07 2011
@@ -215,12 +215,16 @@ java org.apache.catalina.realm.RealmBase
not specified in web.xml, the default value of Authentication
required is used.
-To use either of the above techniques, the
-$CATALINA_HOME/lib/catalina.jar and
-$CATALINA_HOME/bin/tomcat-juli.jar files will need to be
-on your class path to make the RealmBase class available.
+To use either of the above techniques, the following jar files will need
+to be on your class path to make the RealmBase class available:
+
+ $CATALINA_HOME/bin/tomcat-juli.jar
+ $CATALINA_HOME/lib/catalina.jar
+ $CATALINA_HOME/lib/tomcat-util.jar
+
+
Non-ASCII usernames and/or passwords are supported using
java org.apache.catalina.realm.RealmBase \
-a {algorithm} -e {encoding} {input}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087797 - in /tomcat/tc7.0.x/tags/TOMCAT_7_0_12: ./ build.properties.default modules/
Author: markt Date: Fri Apr 1 16:47:12 2011 New Revision: 1087797 URL: http://svn.apache.org/viewvc?rev=1087797&view=rev Log: Tag 7.0.12 Added: tomcat/tc7.0.x/tags/TOMCAT_7_0_12/ (props changed) - copied from r1087796, tomcat/trunk/ Removed: tomcat/tc7.0.x/tags/TOMCAT_7_0_12/modules/ Modified: tomcat/tc7.0.x/tags/TOMCAT_7_0_12/build.properties.default Propchange: tomcat/tc7.0.x/tags/TOMCAT_7_0_12/ -- --- svn:ignore (added) +++ svn:ignore Fri Apr 1 16:47:12 2011 @@ -0,0 +1,5 @@ +.* +output +build.properties +work +logs Propchange: tomcat/tc7.0.x/tags/TOMCAT_7_0_12/ -- svn:mergeinfo = /tomcat/tc6.0.x/trunk:742915 Modified: tomcat/tc7.0.x/tags/TOMCAT_7_0_12/build.properties.default URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/tags/TOMCAT_7_0_12/build.properties.default?rev=1087797&r1=1087796&r2=1087797&view=diff == --- tomcat/tc7.0.x/tags/TOMCAT_7_0_12/build.properties.default (original) +++ tomcat/tc7.0.x/tags/TOMCAT_7_0_12/build.properties.default Fri Apr 1 16:47:12 2011 @@ -29,7 +29,7 @@ version.major=7 version.minor=0 version.build=12 version.patch=0 -version.suffix=-dev +version.suffix= # - Build control flags - # Note enabling validation uses Checkstyle which is LGPL licensed - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087798 - in /tomcat/trunk: build.properties.default res/maven/mvn.properties.default
Author: markt Date: Fri Apr 1 16:49:16 2011 New Revision: 1087798 URL: http://svn.apache.org/viewvc?rev=1087798&view=rev Log: Bump version ready for next release Modified: tomcat/trunk/build.properties.default tomcat/trunk/res/maven/mvn.properties.default Modified: tomcat/trunk/build.properties.default URL: http://svn.apache.org/viewvc/tomcat/trunk/build.properties.default?rev=1087798&r1=1087797&r2=1087798&view=diff == --- tomcat/trunk/build.properties.default (original) +++ tomcat/trunk/build.properties.default Fri Apr 1 16:49:16 2011 @@ -27,7 +27,7 @@ # - Version Control Flags - version.major=7 version.minor=0 -version.build=12 +version.build=13 version.patch=0 version.suffix=-dev Modified: tomcat/trunk/res/maven/mvn.properties.default URL: http://svn.apache.org/viewvc/tomcat/trunk/res/maven/mvn.properties.default?rev=1087798&r1=1087797&r2=1087798&view=diff == --- tomcat/trunk/res/maven/mvn.properties.default (original) +++ tomcat/trunk/res/maven/mvn.properties.default Fri Apr 1 16:49:16 2011 @@ -33,12 +33,12 @@ maven.snapshot.repo.repositoryId=apache. #Maven release properties for Tomcat staging maven.release.repo.url=scp://people.apache.org/www/tomcat.apache.org/dev/dist/m2-repository maven.release.repo.repositoryId=tomcat-staging -maven.release.deploy.version=7.0.12 +maven.release.deploy.version=7.0.13 #Maven release properties for the main ASF repo maven.asf.release.repo.url=scp://people.apache.org/www/people.apache.org/repo/m2-ibiblio-rsync-repository maven.asf.release.repo.repositoryId=apache.releases -maven.asf.release.deploy.version=7.0.12 +maven.asf.release.deploy.version=7.0.13 #Where do we load the libraries from - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087819 - in /tomcat/trunk: java/org/apache/catalina/Realm.java webapps/docs/changelog.xml
Author: markt
Date: Fri Apr 1 17:19:39 2011
New Revision: 1087819
URL: http://svn.apache.org/viewvc?rev=1087819&view=rev
Log:
Correct a Javadoc mix-up
Modified:
tomcat/trunk/java/org/apache/catalina/Realm.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/Realm.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/Realm.java?rev=1087819&r1=1087818&r2=1087819&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/Realm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/Realm.java Fri Apr 1 17:19:39 2011
@@ -108,8 +108,8 @@ public interface Realm {
/**
- * Return the Principal associated with the specified chain of X509
- * client certificates. If there is none, return null.
+ * Return the Principal associated with the specified {@link GSSContext}.
+ * If there is none, return null.
*
* @param gssContext The gssContext processed by the {@link Authenticator}.
* @param storeCreds Should the realm attempt to store the delegated
@@ -119,10 +119,10 @@ public interface Realm {
/**
- * Return the Principal associated with the specified {@link GSSContext}.
- * If there is none, return null.
+ * Return the Principal associated with the specified chain of X509
+ * client certificates. If there is none, return null.
*
- * @param gssContext Array of client certificates, with the first one in
+ * @param certs Array of client certificates, with the first one in
* the array being the certificate of the client itself.
*/
public Principal authenticate(X509Certificate certs[]);
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1087819&r1=1087818&r2=1087819&view=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Apr 1 17:19:39 2011
@@ -42,6 +42,15 @@
General, Catalina, Coyote, Jasper, Cluster, Web applications, Extras, Tribes,
Other
-->
+
+
+
+
+Correct mix-up in Realm Javadoc. (markt)
+
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release Apache Tomcat 7.0.12
The proposed Apache Tomcat 7.0.12 release is now available for voting. It can be obtained from: http://people.apache.org/~markt/dev/tomcat-7/v7.0.12/ The svn tag is: http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_12/ The proposed 7.0.12 release is: [ ] Broken - do not release [ ] Alpha - go ahead and release as 7.0.12 Alpha [ ] Beta - go ahead and release as 7.0.12 Beta [ ] Stable - go ahead and release as 7.0.12 Stable Cheers, Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Merv Stevens" by Merv Stevens
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Merv Stevens" page has been changed by Merv Stevens. The comment on this change is: http://affiliatesystemexplosionhq.com. http://wiki.apache.org/tomcat/Merv%20Stevens -- New page: ##language:en == Your Name == Email: <> ... CategoryHomepage - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Page Merv Stevens deleted from Tomcat Wiki
Dear wiki user, You have subscribed to a wiki page "Tomcat Wiki" for change notification. The page "Merv Stevens" has been deleted by TimFunk. The comment on this change is: spam. http://wiki.apache.org/tomcat/Merv%20Stevens - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 12428] request.getUserPrincipal(): Misinterpretation of specification?
https://issues.apache.org/bugzilla/show_bug.cgi?id=12428 --- Comment #30 from Christopher Schultz 2011-04-01 17:07:10 EDT --- Fascinating reading. My question would be: why does anyone want to have a resource that doesn't need authentication (no security-constraint) but then checks the authentication status, anyway (calls getPrincipal, isUserInRole, etc.)? If this "bug" was really ruining anyone's day, isn't it a simple matter of providing an aliased URL to the same resource that /is/ protected by a security-constrains and always sending authenticated users to /that/ URL instead? Glad the 9-year saga is over... -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50957] Blocking IO can serve wrong response data
https://issues.apache.org/bugzilla/show_bug.cgi?id=50957 --- Comment #17 from Christopher Schultz 2011-04-01 17:47:27 EDT --- If all the bug takes is load to reproduce, it should be easy to set up a test that uses wget or something similar to just download a list of files a whole bunch of times. If you have filenames which match the expected byte count (4096.gif or whatever), the client can detect that an error has occurred and log a message including a timestamp. If keepalive is required to trigger this bug, then a test might be a bit more difficult to rig... I'm not even sure how to get HttpURLConnection to let me make multiple requests via a single connection. Any idea if keepalives either allow this bug to occur or increase the chances of it occurring? -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50957] Blocking IO can serve wrong response data
https://issues.apache.org/bugzilla/show_bug.cgi?id=50957 --- Comment #18 from Sebb 2011-04-01 18:05:02 EDT --- Sounds like a job for Apache JMeter ... that can issue a large load, and supports Keep-Alive and assertions to check for failures. The HttpClient version of the HTTP Sampler has better control over connection re-use. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087920 - /tomcat/tc5.5.x/trunk/connectors/juli/src/java/org/apache/juli/FileHandler.java
Author: kkolinko
Date: Fri Apr 1 22:24:26 2011
New Revision: 1087920
URL: http://svn.apache.org/viewvc?rev=1087920&view=rev
Log:
JavaDoc: Document configuration properties of o.a.juli.FileHandler.
These are the same as in TC6, except the "bufferSize" property which is not
implemented.
Modified:
tomcat/tc5.5.x/trunk/connectors/juli/src/java/org/apache/juli/FileHandler.java
Modified:
tomcat/tc5.5.x/trunk/connectors/juli/src/java/org/apache/juli/FileHandler.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/juli/src/java/org/apache/juli/FileHandler.java?rev=1087920&r1=1087919&r2=1087920&view=diff
==
---
tomcat/tc5.5.x/trunk/connectors/juli/src/java/org/apache/juli/FileHandler.java
(original)
+++
tomcat/tc5.5.x/trunk/connectors/juli/src/java/org/apache/juli/FileHandler.java
Fri Apr 1 22:24:26 2011
@@ -37,8 +37,32 @@ import java.util.logging.SimpleFormatter
/**
* Implementation of Handler that appends log messages to a file
- * named {prefix}.{date}.{suffix} in a configured directory, with an
- * optional preceding timestamp.
+ * named {prefix}{date}{suffix} in a configured directory.
+ *
+ * The following configuration properties are available:
+ *
+ *
+ * directory - The directory where to create the log file.
+ *If the path is not absolute, it is relative to the current working
+ *directory of the application. The Apache Tomcat configuration files
usually
+ *specify an absolute path for this property,
+ *${catalina.base}/logs
+ *Default value: logs
+ * prefix - The leading part of the log file name.
+ *Default value: juli.
+ * suffix - The trailing part of the log file name.
+ *Default value: .log
+ * encoding - Character set used by the log file. Default
value:
+ *empty string, which means to use the system default character set.
+ * level - The level threshold for this Handler. See the
+ *java.util.logging.Level class for the possible levels.
+ *Default value: ALL
+ * filter - The java.util.logging.Filter
+ *implementation class name for this Handler. Default value: unset
+ * formatter - The java.util.logging.Formatter
+ *implementation class name for this Handler. Default value:
+ *java.util.logging.SimpleFormatter
+ *
*
* @version $Id$
*/
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 39661] Please document JULI FileHandler configuration properties
https://issues.apache.org/bugzilla/show_bug.cgi?id=39661 Konstantin Kolinko changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||FIXED --- Comment #5 from Konstantin Kolinko 2011-04-01 18:31:07 EDT --- Done. Will be in 7.0.12, 6.0.33, 5.5.34. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GUMP@vmgump]: Project tomcat-trunk-test (in module tomcat-trunk) failed
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-trunk-test has an issue affecting its community integration. This issue affects 1 projects. The current state of this project is 'Failed', with reason 'Build Timed Out'. For reference only, the following projects are affected by this: - tomcat-trunk-test : Java Servlet 3.0, Java Server Pages 2.2 & Expression Languag... Full details are available at: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -DEBUG- Dependency on tomcat-trunk-dbcp exists, no need to add for property tomcat-dbcp-src.jar. -DEBUG- Dependency on commons-daemon exists, no need to add for property commons-daemon.native.src.tgz. -DEBUG- Dependency on commons-daemon exists, no need to add for property tomcat-native.tar.gz. -DEBUG- Dependency on tomcat-trunk-dbcp exists, no need to add for property tomcat-dbcp.home. -INFO- Failed with reason build timed out -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-trunk/output/build/logs The following work was performed: http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test/gump_work/build_tomcat-trunk_tomcat-trunk-test.html Work Name: build_tomcat-trunk_tomcat-trunk-test (Type: Build) Work ended in a state of : Failed Elapsed: 60 mins Command Line: /usr/lib/jvm/java-6-openjdk/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Djunit.jar=/srv/gump/public/workspace/junit/dist/junit-01042011.jar -Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-01042011-native-src.tar.gz -Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-01042011-native-src.tar.gz -Dexamples.sources.skip=true -Dtomcat-dbcp.home=/srv/gump/public/workspace/tomcat-trunk/tomcat-deps -Djdt.jar=/srv/gump/packages/eclipse/plugins/org.eclipse.jdt.core_3.4.2/jdtcore.jar -Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-01042011.jar -Dtomcat-dbcp-src.jar=/srv/gump/public/workspace/tomcat-trunk/tomcat-deps/tomcat-dbcp-src.jar -Dcommons-pool.home=/srv/gump/public/workspace/commons-pool-1.x -Dcommons-dbcp.home=/srv/gump/public/worksp ace/apache-commons/dbcp -Dcheckstyle.jar=/srv/gump/public/workspace/checkstyle/target/checkstyle-*[0-9T].jar -Dtomcat-dbcp.jar=/srv/gump/public/workspace/tomcat-trunk/tomcat-deps/tomcat-dbcp-01042011.jar test [Working Directory: /srv/gump/public/workspace/tomcat-trunk] CLASSPATH: /usr/lib/jvm/java-6-openjdk/lib/tools.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-trunk/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/packages/junit3.8.1/junit.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/servlet-api.jar:/srv /gump/public/workspace/tomcat-trunk/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ha.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-util.jar:/srv/gump/packages/javamail-1.4/mail.jar:/srv/gump/packages/javamail-1.4/lib/mailapi.jar:/srv/gump/packages/jaf-1.1ea/activation.jar:/srv/gump/packages/eclipse/plugins/org.eclipse.jdt.core_3.4.2/jdtcore. jar:/srv/gump/public/workspace/tomcat-trunk/tomcat-deps/tomcat-dbcp-01042011.jar:/srv/gump/public/workspace/apac
Re: [GUMP@vmgump]: Project tomcat-trunk-test (in module tomcat-trunk) failed
2011/4/1 Konstantin Kolinko : > 2011/4/1 Mark Thomas : >> On 01/04/2011 10:54, Bill Barker wrote: >> >>> Full details are available at: >>> >>> http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test/index.html >> >> I'm seeing a slightly different issue when I run the unit tests. Tomcat >> hangs during shutdown. It looks to be hanging in the >> DedicatedThreadExecutor. Taking a look now... >> > > http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test/index.html > Start: Fri, 01 Apr 2011 09:54:25 (UTC) > Elapsed: 60 mins > > From quick glance I do not see hangs there. > > Last output is > > [junit] Running org.apache.naming.resources.TestNamingContext > ... > [junit] Apr 1, 2011 10:53:38 AM > [junit] org.apache.catalina.core.StandardEngine startInternal > [junit] INFO: Starting Servlet Engine: Apache Tomcat/7.0.12-dev > > The whole hour since 09:54 Tomcat was running the tests. And it is > just the bio connector. The time used to run up to TestNamingContext > test is about 80% of the test run for a single connector. In the recent run: [junit] Apr 1, 2011 9:53:27 PM org.apache.catalina.util.SessionIdGenerator createSecureRandom [junit] INFO: Creation of SecureRandom instance fo [junit] r session ID generation using [SHA1PRNG] took [69,367] milliseconds. and so on in the next runs. That explains the slowness. It is good that we have this logging now. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087942 - in /tomcat/tc6.0.x/trunk: conf/logging.properties webapps/docs/changelog.xml webapps/docs/logging.xml
Author: kkolinko Date: Sat Apr 2 00:38:14 2011 New Revision: 1087942 URL: http://svn.apache.org/viewvc?rev=1087942&view=rev Log: Improve the logging documentation Updated the comment in conf/logging.properties as well. CTR: docs Modified: tomcat/tc6.0.x/trunk/conf/logging.properties tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml tomcat/tc6.0.x/trunk/webapps/docs/logging.xml Modified: tomcat/tc6.0.x/trunk/conf/logging.properties URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/conf/logging.properties?rev=1087942&r1=1087941&r2=1087942&view=diff == --- tomcat/tc6.0.x/trunk/conf/logging.properties (original) +++ tomcat/tc6.0.x/trunk/conf/logging.properties Sat Apr 2 00:38:14 2011 @@ -56,9 +56,9 @@ org.apache.catalina.core.ContainerBase.[ org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = 4host-manager.org.apache.juli.FileHandler -# For example, set the com.xyz.foo logger to only log SEVERE -# messages: +# For example, to log debug messages in ContextConfig and HostConfig +# classes and to log only warnings and errors in other +# org.apache.catalina.** classes, uncomment these lines: #org.apache.catalina.startup.ContextConfig.level = FINE #org.apache.catalina.startup.HostConfig.level = FINE -#org.apache.catalina.session.ManagerBase.level = FINE -#org.apache.catalina.core.AprLifecycleListener.level=FINE +#org.apache.catalina.level = WARNING Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1087942&r1=1087941&r2=1087942&view=diff == --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Apr 2 00:38:14 2011 @@ -92,6 +92,9 @@ 50804: Update links for Servlet 2.5 and JSP 2.1 Javadoc. (markt) + +Improve Tomcat Logging documentation. (kkolinko) + Modified: tomcat/tc6.0.x/trunk/webapps/docs/logging.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/logging.xml?rev=1087942&r1=1087941&r2=1087942&view=diff == --- tomcat/tc6.0.x/trunk/webapps/docs/logging.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/logging.xml Sat Apr 2 00:38:14 2011 @@ -65,11 +65,11 @@ -Use logging API provided by the Java Servlets specification, -javax.servlet.ServletContext.log(...) +Use system logging API, java.util.logging. -Use system logging API, java.util.logging. +Use logging API provided by the Java Servlets specification, +javax.servlet.ServletContext.log(...) Use any logging framework of its choice. @@ -85,6 +85,8 @@ by the system and is shared across web applications. + + Apache Tomcat has its own implementation of several key elements of java.util.logging API. This implementation is called "JULI". @@ -94,14 +96,30 @@ logging configurations. It is also notified by Tomcat when a web application is unloaded from memory, so that the references to its classes can be cleared, preventing memory leaks. + + + This java.util.logging implementation is enabled by providing certain system properties when starting Java. The Apache Tomcat startup scripts do this for you, but if you are using different tools to run Tomcat (such as jsvc, or running Tomcat from within an IDE), you should take care of them by yourself. + + + + More details about java.util.logging may be found in the documentation + for your JDK and on its Javadoc pages for the java.util.logging + package. + + + More details about Tomcat JULI may be found below. + + + + The calls to javax.servlet.ServletContext.log(...) to write log messages are handled by internal Tomcat logging. Such messages are @@ -114,34 +132,31 @@ - Old applications that still use System.out or System.err - can be tricked, by setting swallowOutput attribute on a - Context. If the attribute is set to - true, calls to System.out/err during request - processing will be intercepted, and their output will be fed to the - logging subsystem using the - javax.servlet.ServletContext.log(...) calls. - Note, that this feature is actually a trick, - and works only with direct calls to System.out/err, - and only during request processing cycle. It cannot be used to intercept - logging frameworks that themselves write to the system streams, - as tho
svn commit: r1087943 - /tomcat/trunk/webapps/docs/logging.xml
Author: kkolinko
Date: Sat Apr 2 00:42:29 2011
New Revision: 1087943
URL: http://svn.apache.org/viewvc?rev=1087943&view=rev
Log:
Improve the logging documentation
Modified:
tomcat/trunk/webapps/docs/logging.xml
Modified: tomcat/trunk/webapps/docs/logging.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/logging.xml?rev=1087943&r1=1087942&r2=1087943&view=diff
==
--- tomcat/trunk/webapps/docs/logging.xml (original)
+++ tomcat/trunk/webapps/docs/logging.xml Sat Apr 2 00:42:29 2011
@@ -261,7 +261,8 @@
plain java.util.logging, but uses a few
extensions to allow better flexibility in assigning loggers. The main
differences are:
-
+
+
A prefix may be added to handler names, so that multiple handlers of
a
single class may be instantiated. A prefix is a String which starts with
a
digit, and ends with '.'. For example, 22foobar. is a valid
@@ -276,18 +277,21 @@
boolean value.
The root logger can define its set of handlers using the
.handlers property.
- Several additional implementations of
java.util.logging.Handler,
- that can be used together with the ones provided by Java.
- The notable one is org.apache.juli.FileHandler
- org.apache.juli.FileHandler supports buffering of the
+
+
+There are several additional implementation classes, that can be used
+together with the ones provided by Java. The notable one is
+org.apache.juli.FileHandler.
+
+
+org.apache.juli.FileHandler supports buffering of the
logs. The buffering is not enabled by default. To configure it, use the
bufferSize property of a handler. The value of
0
uses system default buffering (typically an 8K buffer will be used). A
value of <0 forces a writer flush upon each log write. A
value >0 uses a BufferedOutputStream with the defined
value but note that the system default buffering will also be
- applied.
-
+ applied.
Example logging.properties file to be placed in $CATALINA_BASE/conf:
@@ -295,7 +299,6 @@
handlers = 1catalina.org.apache.juli.FileHandler, \
2localhost.org.apache.juli.FileHandler, \
3manager.org.apache.juli.FileHandler, \
- 4admin.org.apache.juli.FileHandler, \
java.util.logging.ConsoleHandler
.handlers = 1catalina.org.apache.juli.FileHandler,
java.util.logging.ConsoleHandler
@@ -316,11 +319,7 @@ handlers = 1catalina.org.apache.juli.Fil
3manager.org.apache.juli.FileHandler.level = FINE
3manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
3manager.org.apache.juli.FileHandler.prefix = manager.
-
-4admin.org.apache.juli.FileHandler.level = FINE
-4admin.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
-4admin.org.apache.juli.FileHandler.prefix = admin.
-4admin.org.apache.juli.FileHandler.bufferSize = 16384
+3manager.org.apache.juli.FileHandler.bufferSize = 16384
java.util.logging.ConsoleHandler.level = FINE
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
@@ -339,14 +338,10 @@ org.apache.catalina.core.ContainerBase.[
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers
= \
3manager.org.apache.juli.FileHandler
-org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/admin].level =
INFO
-org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/admin].handlers
= \
- 4admin.org.apache.juli.FileHandler
-
# For example, set the org.apache.catalina.util.LifecycleBase logger to log
# each component that extends LifecycleBase changing state:
#org.apache.catalina.util.LifecycleBase.level = FINE
-
+
@@ -366,7 +361,7 @@ org.apache.juli.FileHandler.prefix = ser
java.util.logging.ConsoleHandler.level = FINE
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
-
+
@@ -502,7 +497,7 @@ log4j.logger.org.apache.catalina.core.Co
log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost]=DEBUG
log4j.logger.org.apache.catalina.core=DEBUG
log4j.logger.org.apache.catalina.session=DEBUG
-
+
Be warned a level of DEBUG will produce megabytes of logging and slow
startup of Tomcat. This level should be used sparingly when debugging of
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1087949 - in /tomcat/trunk/webapps/docs: changelog.xml security-manager-howto.xml
Author: kkolinko Date: Sat Apr 2 00:59:38 2011 New Revision: 1087949 URL: http://svn.apache.org/viewvc?rev=1087949&view=rev Log: Configure Security Manager How-To to include a copy of the actual conf/catalina.policy file when the documentation is built, rather than maintaining a copy of its content. Modified: tomcat/trunk/webapps/docs/changelog.xml tomcat/trunk/webapps/docs/security-manager-howto.xml Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1087949&r1=1087948&r2=1087949&view=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Sat Apr 2 00:59:38 2011 @@ -50,6 +50,15 @@ + + + +Configure Security Manager How-To to include a copy of the actual +conf/catalina.policy file when the documentation is built, rather +than maintaining a copy of its content. (kkolinko) + + + Modified: tomcat/trunk/webapps/docs/security-manager-howto.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-manager-howto.xml?rev=1087949&r1=1087948&r2=1087949&view=diff == --- tomcat/trunk/webapps/docs/security-manager-howto.xml (original) +++ tomcat/trunk/webapps/docs/security-manager-howto.xml Sat Apr 2 00:59:38 2011 @@ -17,6 +17,7 @@ --> + ]> @@ -179,219 +180,10 @@ grant [signedBy,] [codeBa The default $CATALINA_BASE/conf/catalina.policy file looks like this: - -// -// catalina.policy - Security Policy Permissions for Tomcat 7 -// -// This file contains a default set of security policies to be enforced (by the -// JVM) when Catalina is executed with the "-security" option. In addition -// to the permissions granted here, the following additional permissions are -// granted specific to each web application: -// -// * Read access to its document root directory -// * Read, write and delete access to its working directory -// -// - - -// == SYSTEM CODE PERMISSIONS = - - -// These permissions apply to javac -grant codeBase "file:${java.home}/lib/-" { -permission java.security.AllPermission; -}; - -// These permissions apply to all shared system extensions -grant codeBase "file:${java.home}/jre/lib/ext/-" { -permission java.security.AllPermission; -}; - -// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre -grant codeBase "file:${java.home}/../lib/-" { -permission java.security.AllPermission; -}; - -// These permissions apply to all shared system extensions when -// ${java.home} points at $JAVA_HOME/jre -grant codeBase "file:${java.home}/lib/ext/-" { -permission java.security.AllPermission; -}; - - -// == CATALINA CODE PERMISSIONS === - -// These permissions apply to the daemon code -grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" { -permission java.security.AllPermission; -}; - -// These permissions apply to the logging API -// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home}, -// update this section accordingly. -// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..} -grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { -permission java.io.FilePermission - "${java.home}${file.separator}lib${file.separator}logging.properties", "read"; - -permission java.io.FilePermission - "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read"; -permission java.io.FilePermission - "${catalina.base}${file.separator}logs", "read, write"; -permission java.io.FilePermission - "${catalina.base}${file.separator}logs${file.separator}*", "read, write"; - -permission java.lang.RuntimePermission "shutdownHooks"; -permission java.lang.RuntimePermission "getClassLoader"; -permission java.lang.RuntimePermission "setContextClassLoader"; - -permission java.util.logging.LoggingPermission "control"; - -permission java.util.PropertyPermission "java.util.logging.config.class", "read"; -permission java.util.PropertyPermission "java.util.logging.config.file", "read"; -permission java.util.PropertyPermission "catalina.base", "read"; - -// Note: To enable per context logging configuration, permit read access to -// the appropriate file. Be sure that the logging configuration is -// secure before enabling such access. -// E.g. for the examples web application: -// permission java.io.FilePermission "
svn commit: r1087955 - in /tomcat/tc6.0.x/trunk: STATUS.txt webapps/docs/changelog.xml webapps/docs/security-manager-howto.xml
Author: kkolinko
Date: Sat Apr 2 01:41:55 2011
New Revision: 1087955
URL: http://svn.apache.org/viewvc?rev=1087955&view=rev
Log:
Configure Security Manager How-To to include a copy of the actual
conf/catalina.policy file when the documentation is built, rather
than maintaining a copy of its content.
CTR
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/docs/security-manager-howto.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1087955&r1=1087954&r2=1087955&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Apr 2 01:41:55 2011
@@ -144,8 +144,6 @@ PATCHES PROPOSED TO BACKPORT:
1) I think it would be nice to s/${catalina.home}/${catalina.base}/
for the /examples webapps at the end of the file, as done by r881432
Those are comments, so looks like CTR.
-2) The policy file is cited by security-manager-howto.xml. That
-document should be updated accordingly.
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50895
Don't initialize classes during compilation
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1087955&r1=1087954&r2=1087955&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Apr 2 01:41:55 2011
@@ -95,6 +95,11 @@
Improve Tomcat Logging documentation. (kkolinko)
+
+Configure Security Manager How-To to include a copy of the actual
+conf/catalina.policy file when the documentation is built, rather
+than maintaining a copy of its content. (kkolinko)
+
Modified: tomcat/tc6.0.x/trunk/webapps/docs/security-manager-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/security-manager-howto.xml?rev=1087955&r1=1087954&r2=1087955&view=diff
==
--- tomcat/tc6.0.x/trunk/webapps/docs/security-manager-howto.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/security-manager-howto.xml Sat Apr 2
01:41:55 2011
@@ -17,6 +17,7 @@
-->
+
]>
@@ -179,203 +180,10 @@ grant [signedBy ,] [codeBa
The default $CATALINA_BASE/conf/catalina.policy file
looks like this:
-
-//
-// catalina.policy - Security Policy Permissions for Tomcat 6
-//
-// This file contains a default set of security policies to be enforced (by the
-// JVM) when Catalina is executed with the "-security" option. In addition
-// to the permissions granted here, the following additional permissions are
-// granted to the codebase specific to each web application:
-//
-// * Read access to its document root directory
-// * Read, write and delete access to its working directory
-//
-//
-
-
-// == SYSTEM CODE PERMISSIONS =
-
-
-// These permissions apply to javac
-grant codeBase "file:${java.home}/lib/-" {
-permission java.security.AllPermission;
-};
-
-// These permissions apply to all shared system extensions
-grant codeBase "file:${java.home}/jre/lib/ext/-" {
-permission java.security.AllPermission;
-};
-
-// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
-grant codeBase "file:${java.home}/../lib/-" {
-permission java.security.AllPermission;
-};
-
-// These permissions apply to all shared system extensions when
-// ${java.home} points at $JAVA_HOME/jre
-grant codeBase "file:${java.home}/lib/ext/-" {
-permission java.security.AllPermission;
-};
-
-
-// == CATALINA CODE PERMISSIONS ===
-
-
-// These permissions apply to the daemon code
-grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
-permission java.security.AllPermission;
-};
-// These permissions apply to the logging API
-// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},
-// update this section accordingly.
-// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}
-grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
-permission java.io.FilePermission
-
"${java.home}${file.separator}lib${file.separator}logging.properties", "read";
-
-permission java.io.FilePermission
-
"${catalina.base}${file.separator}conf${file.separator}logging.properties",
"read";
-permission java.io.FilePermission
- "${catalina.base}${file.separator}logs", "r
svn commit: r1087957 - in /tomcat/tc5.5.x/trunk/container/webapps/docs: changelog.xml security-manager-howto.xml
Author: kkolinko Date: Sat Apr 2 01:56:48 2011 New Revision: 1087957 URL: http://svn.apache.org/viewvc?rev=1087957&view=rev Log: Configure Security Manager How-To to include a copy of the actual conf/catalina.policy file when the documentation is built, rather than maintaining a copy of its content. CTR Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml tomcat/tc5.5.x/trunk/container/webapps/docs/security-manager-howto.xml Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=1087957&r1=1087956&r2=1087957&view=diff == --- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original) +++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Sat Apr 2 01:56:48 2011 @@ -54,6 +54,15 @@ + + + +Configure Security Manager How-To to include a copy of the actual +conf/catalina.policy file when the documentation is built, rather +than maintaining a copy of its content. (kkolinko) + + + Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/security-manager-howto.xml URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/security-manager-howto.xml?rev=1087957&r1=1087956&r2=1087957&view=diff == --- tomcat/tc5.5.x/trunk/container/webapps/docs/security-manager-howto.xml (original) +++ tomcat/tc5.5.x/trunk/container/webapps/docs/security-manager-howto.xml Sat Apr 2 01:56:48 2011 @@ -17,6 +17,7 @@ --> + ]> @@ -171,152 +172,10 @@ grant [signedBy,] [codeBa The default $CATALINA_HOME/conf/catalina.policy file looks like this: - -// -// catalina.corepolicy - Security Policy Permissions for Tomcat 5 -// -// This file contains a default set of security policies to be enforced (by the -// JVM) when Catalina is executed with the "-security" option. In addition -// to the permissions granted here, the following additional permissions are -// granted to the codebase specific to each web application: -// -// * Read access to the document root directory -// -// $Id$ -// - - -// == SYSTEM CODE PERMISSIONS = - - -// These permissions apply to javac -grant codeBase "file:${java.home}/lib/-" { -permission java.security.AllPermission; -}; - -// These permissions apply to all shared system extensions -grant codeBase "file:${java.home}/jre/lib/ext/-" { -permission java.security.AllPermission; -}; - -// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre -grant codeBase "file:${java.home}/../lib/-" { -permission java.security.AllPermission; -}; - -// These permissions apply to all shared system extensions when -// ${java.home} points at $JAVA_HOME/jre -grant codeBase "file:${java.home}/lib/ext/-" { -permission java.security.AllPermission; -}; - - -// == CATALINA CODE PERMISSIONS === - - -// These permissions apply to the launcher code -grant codeBase "file:${catalina.home}/bin/commons-launcher.jar" { -permission java.security.AllPermission; -}; - -// These permissions apply to the server startup code -grant codeBase "file:${catalina.home}/bin/bootstrap.jar" { -permission java.security.AllPermission; -}; - -// These permissions apply to the servlet API classes -// and those that are shared across all class loaders -// located in the "common" directory -grant codeBase "file:${catalina.home}/common/-" { -permission java.security.AllPermission; -}; - -// These permissions apply to the container's core code, plus any additional -// libraries installed in the "server" directory -grant codeBase "file:${catalina.home}/server/-" { -permission java.security.AllPermission; -}; - -// == WEB APPLICATION PERMISSIONS = - -// These permissions are granted by default to all web applications -// In addition, a web application will be given a read FilePermission -// and JndiPermission for all files and directories in its document root. -grant { -// Required for JNDI lookup of named JDBC DataSource's and -// javamail named MimePart DataSource used to send mail -permission java.util.PropertyPermission "java.home", "read"; -permission java.util.PropertyPermission "java.naming.*", "read"; -permission java.util.PropertyPermission "javax.sql.*", "read"; - -// OS Specific properties to allow read access - permission java.util.PropertyPermission "os.name", "read"; - permission java.util.PropertyPermission "os.
svn commit: r1087959 - /tomcat/tc5.5.x/trunk/container/catalina/src/conf/catalina.policy
Author: kkolinko
Date: Sat Apr 2 02:03:35 2011
New Revision: 1087959
URL: http://svn.apache.org/viewvc?rev=1087959&view=rev
Log:
Wrap a long comment in catalina.policy
CTR
Modified:
tomcat/tc5.5.x/trunk/container/catalina/src/conf/catalina.policy
Modified: tomcat/tc5.5.x/trunk/container/catalina/src/conf/catalina.policy
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/catalina/src/conf/catalina.policy?rev=1087959&r1=1087958&r2=1087959&view=diff
==
--- tomcat/tc5.5.x/trunk/container/catalina/src/conf/catalina.policy (original)
+++ tomcat/tc5.5.x/trunk/container/catalina/src/conf/catalina.policy Sat Apr 2
02:03:35 2011
@@ -14,7 +14,7 @@
// limitations under the License.
//
-// catalina.corepolicy - Security Policy Permissions for Tomcat 5
+// catalina.policy - Security Policy Permissions for Tomcat 5
//
// This file contains a default set of security policies to be enforced (by the
// JVM) when Catalina is executed with the "-security" option. In addition
@@ -93,10 +93,14 @@ grant codeBase "file:${catalina.home}/bi
permission java.io.FilePermission
"${catalina.base}${file.separator}logs${file.separator}*", "read, write";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setContextClassLoader";
-// To enable per context logging configuration, permit read access to
the appropriate file.
-// Be sure that the logging configuration is secure before enabling
such access
-// eg for the examples web application:
-// permission java.io.FilePermission
"${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties",
"read";
+// Note: To enable per context logging configuration, permit read
access to
+// the appropriate file. Be sure that the logging configuration is
+// secure before enabling such access.
+// E.g. for the examples web application (uncomment and unwrap
+// the following to be on a single line):
+// permission java.io.FilePermission "${catalina.base}${file.separator}
+// webapps${file.separator}examples${file.separator}WEB-INF
+// ${file.separator}classes${file.separator}logging.properties",
"read";
};
// These permissions apply to the servlet API classes
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
