[Bug 54336] New: connection may not close in JDBCRealm when some exception happen
https://issues.apache.org/bugzilla/show_bug.cgi?id=54336 Bug ID: 54336 Summary: connection may not close in JDBCRealm when some exception happen Product: Tomcat 7 Version: 7.0.34 Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: cndoubleh...@gmail.com Classification: Unclassified connection may not close in JDBCRealm when some exception happen. Take public synchronized Principal authenticate(String username, String credentials) method for a example, if some exception (not SQLException) is been throw by the code , without finally code, the connection will never close. I think this is a issue. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54337] New: StatementCache leaks statements/cursors
https://issues.apache.org/bugzilla/show_bug.cgi?id=54337
Bug ID: 54337
Summary: StatementCache leaks statements/cursors
Product: Tomcat Modules
Version: unspecified
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: jdbc-pool
Assignee: dev@tomcat.apache.org
Reporter: pat...@rufflar.com
Classification: Unclassified
It seems that the StatementCache has issues in highly multi-threaded situations
where high numbers of PreparedStatements are created.
The application quickly fails with the well-known "Internal Exception:
java.sql.SQLException: ORA-01000: maximum open cursors exceeded"
Without the StatementCache the application just runs fine.
All threads invoke the same SQLs. Of course, each thread uses its own
Connection exclusively.
Two things are conspicuous:
1.
The AtomicInteger field
org.apache.tomcat.jdbc.pool.interceptor.StatementCache.cacheSize
which seems to be not in sync with the real size of the cache Map.
It's too high (higher than 50) and the StatementCache (erroneously) assumes
that the cache capacity is exceeded.
I suggest calling size() on the cache Map instead.
2.
When the capacity seems (or really is) exceeded, statement.close() will not
causing to close the wrapped statement causing the cursor to leak.
The reason can be seen in
org.apache.tomcat.jdbc.pool.interceptor.StatementCache$CachedStatement.closeInvoked()
line: 244-288:
closed = true;
delegate = null;
if (shouldClose) {
super.closeInvoked();
}
The delegate is set to null but only _afterwards_ super.closeInvoked() is
invoked which is unable to close the underlying preparedStatement => the
statement remains unclosed. It should be the other way round.
Best regards,
Patric
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54338] New: Class cast exception in tagPlugin Set generated code
https://issues.apache.org/bugzilla/show_bug.cgi?id=54338 Bug ID: 54338 Summary: Class cast exception in tagPlugin Set generated code Product: Tomcat 7 Version: trunk Hardware: PC OS: All Status: NEW Severity: normal Priority: P2 Component: Jasper Assignee: dev@tomcat.apache.org Reporter: xs...@ebay.com Classification: Unclassified Created attachment 29786 --> https://issues.apache.org/bugzilla/attachment.cgi?id=29786&action=edit Test case for "Set" It uses "Class.cast" to convert an object to a given class in the code generated by tagPlugin "Set". It causes an exception when the value is primitive type, Here is a sample, Caused by: java.lang.ClassCastException: Cannot cast class java.lang.Integer to int at java.lang.Class.cast(Class.java:1711) at org.apache.jsp.WEB_002dINF.views.error_jsp._jspService(error_jsp.java:108) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:668) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432) ... 52 more The correct way is to use "ELSupport.coerceToType". Attached a patch and test case for this issue. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54338] Class cast exception in tagPlugin Set generated code
https://issues.apache.org/bugzilla/show_bug.cgi?id=54338 --- Comment #1 from Sheldon Shao --- Created attachment 29787 --> https://issues.apache.org/bugzilla/attachment.cgi?id=29787&action=edit Patch for Set.java -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1424894 - /tomcat/trunk/modules/jdbc-pool/doc/jdbc-pool.xml
Author: kkolinko Date: Fri Dec 21 12:31:14 2012 New Revision: 1424894 URL: http://svn.apache.org/viewvc?rev=1424894&view=rev Log: Correct a pair of typos Modified: tomcat/trunk/modules/jdbc-pool/doc/jdbc-pool.xml Modified: tomcat/trunk/modules/jdbc-pool/doc/jdbc-pool.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/doc/jdbc-pool.xml?rev=1424894&r1=1424893&r2=1424894&view=diff == --- tomcat/trunk/modules/jdbc-pool/doc/jdbc-pool.xml (original) +++ tomcat/trunk/modules/jdbc-pool/doc/jdbc-pool.xml Fri Dec 21 12:31:14 2012 @@ -309,11 +309,11 @@ (boolean) Property not used. Access can be achieved by calling unwrap on the pooled connection. see javax.sql.DataSource interface, or call getConnection through reflection or - or cast the object as javax.sql.PooledConnection + cast the object as javax.sql.PooledConnection - (boolean) Flag to remove abandoned connections if they exceed the removeAbandonedTimout. + (boolean) Flag to remove abandoned connections if they exceed the removeAbandonedTimeout. If set to true a connection is considered abandoned and eligible for removal if it has been in use longer than the removeAbandonedTimeout Setting this to true can recover db connections from applications that fail to close a connection. See also logAbandoned - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1424904 - in /tomcat/tc7.0.x/trunk: ./ modules/jdbc-pool/doc/jdbc-pool.xml
Author: kkolinko Date: Fri Dec 21 12:57:28 2012 New Revision: 1424904 URL: http://svn.apache.org/viewvc?rev=1424904&view=rev Log: Merged revision 1424894 from tomcat/trunk: Correct a pair of typos Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/modules/jdbc-pool/doc/jdbc-pool.xml Propchange: tomcat/tc7.0.x/trunk/ -- Merged /tomcat/trunk:r1424894 Modified: tomcat/tc7.0.x/trunk/modules/jdbc-pool/doc/jdbc-pool.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/modules/jdbc-pool/doc/jdbc-pool.xml?rev=1424904&r1=1424903&r2=1424904&view=diff == --- tomcat/tc7.0.x/trunk/modules/jdbc-pool/doc/jdbc-pool.xml (original) +++ tomcat/tc7.0.x/trunk/modules/jdbc-pool/doc/jdbc-pool.xml Fri Dec 21 12:57:28 2012 @@ -309,11 +309,11 @@ (boolean) Property not used. Access can be achieved by calling unwrap on the pooled connection. see javax.sql.DataSource interface, or call getConnection through reflection or - or cast the object as javax.sql.PooledConnection + cast the object as javax.sql.PooledConnection - (boolean) Flag to remove abandoned connections if they exceed the removeAbandonedTimout. + (boolean) Flag to remove abandoned connections if they exceed the removeAbandonedTimeout. If set to true a connection is considered abandoned and eligible for removal if it has been in use longer than the removeAbandonedTimeout Setting this to true can recover db connections from applications that fail to close a connection. See also logAbandoned - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Heads up: comments coming to live TC 7 docs
On 20.12.2012 19:41, Christopher Schultz wrote: > Rainer, > > On 12/15/12 6:04 AM, Rainer Jung wrote: >> André, Chris, Chuck and Pid have moderator status. Every ASF committer >> is also a moderator if she logs in using her LDAP credentials. > > D'oh. I wish I had known that -- I wouldn't have created a separate set > of credentials. Care to remove my duplicate login? Done (by Humbedooh). Happy holidays! Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54324] Support is required to disable TLS compression to prevent against CRIME attacks
https://issues.apache.org/bugzilla/show_bug.cgi?id=54324 --- Comment #1 from Christopher Schultz --- I'm looking at OpenSSL to see how to do this. Any proper solution will likely depend on bug 53969 in tcnative, and therefore require tcnative 1.1.25 which has not yet been released. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1424947 - /tomcat/native/trunk/native/src/ssl.c
Author: schultz Date: Fri Dec 21 15:13:27 2012 New Revision: 1424947 URL: http://svn.apache.org/viewvc?rev=1424947&view=rev Log: Partial fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=54324 Add SSL_OP_NO_COMPRESSION to the set of OpenSSL options recognized by ssl.c::hasOp. Modified: tomcat/native/trunk/native/src/ssl.c Modified: tomcat/native/trunk/native/src/ssl.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/ssl.c?rev=1424947&r1=1424946&r2=1424947&view=diff == --- tomcat/native/trunk/native/src/ssl.c (original) +++ tomcat/native/trunk/native/src/ssl.c Fri Dec 21 15:13:27 2012 @@ -150,6 +150,10 @@ static const jint supported_ssl_opts = 0 | SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG #endif +#ifdef SSL_OP_NO_COMPRESSION + | SSL_OP_NO_COMPRESSION +#endif + #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION #endif - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1424971 - /tomcat/native/trunk/native/src/ssl.c
Author: schultz Date: Fri Dec 21 15:26:51 2012 New Revision: 1424971 URL: http://svn.apache.org/viewvc?rev=1424971&view=rev Log: Added missing relevant SSL_OP_ constants from OpenSSL 1.0. Modified: tomcat/native/trunk/native/src/ssl.c Modified: tomcat/native/trunk/native/src/ssl.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/ssl.c?rev=1424971&r1=1424970&r2=1424971&view=diff == --- tomcat/native/trunk/native/src/ssl.c (original) +++ tomcat/native/trunk/native/src/ssl.c Fri Dec 21 15:26:51 2012 @@ -110,6 +110,10 @@ static const jint supported_ssl_opts = 0 | SSL_OP_CIPHER_SERVER_PREFERENCE #endif +#ifdef SSL_OP_CRYPTOPRO_TLSEXT_BUG + | SSL_OP_CRYPTOPRO_TLSEXT_BUG +#endif + #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS #endif @@ -154,6 +158,10 @@ static const jint supported_ssl_opts = 0 | SSL_OP_NO_COMPRESSION #endif +#ifdef SSL_OP_NO_QUERY_MTU + | SSL_OP_NO_QUERY_MTU +#endif + #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION #endif @@ -186,6 +194,10 @@ static const jint supported_ssl_opts = 0 | SSL_OP_SINGLE_DH_USE #endif +#ifdef SSL_OP_SINGLE_ECDH_USE + | SSL_OP_SINGLE_ECDH_USE +#endif + #ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG | SSL_OP_SSLEAY_080_CLIENT_DH_BUG #endif - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54330] Patch with some refactoring of Member.java
https://issues.apache.org/bugzilla/show_bug.cgi?id=54330 Mark Thomas changed: What|Removed |Added Attachment #29779|0 |1 is patch|| Attachment #29779|application/octet-stream|text/plain mime type|| --- Comment #1 from Mark Thomas --- Comment on attachment 29779 --> https://issues.apache.org/bugzilla/attachment.cgi?id=29779 patch file made against tomcat trunk Correct MIME Type. Mark as patch. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1424974 - /tomcat/trunk/test/org/apache/catalina/tribes/demos/ChannelCreator.java
Author: markt
Date: Fri Dec 21 15:37:24 2012
New Revision: 1424974
URL: http://svn.apache.org/viewvc?rev=1424974&view=rev
Log:
Use interface
Modified:
tomcat/trunk/test/org/apache/catalina/tribes/demos/ChannelCreator.java
Modified: tomcat/trunk/test/org/apache/catalina/tribes/demos/ChannelCreator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/tribes/demos/ChannelCreator.java?rev=1424974&r1=1424973&r2=1424974&view=diff
==
--- tomcat/trunk/test/org/apache/catalina/tribes/demos/ChannelCreator.java
(original)
+++ tomcat/trunk/test/org/apache/catalina/tribes/demos/ChannelCreator.java Fri
Dec 21 15:37:24 2012
@@ -133,7 +133,7 @@ public class ChannelCreator {
String d = args[++i];
String h = d.substring(0,d.indexOf(":"));
String p = d.substring(h.length()+1);
-MemberImpl m = new MemberImpl(h,Integer.parseInt(p),2000);
+Member m = new MemberImpl(h,Integer.parseInt(p),2000);
staticMembers.add(m);
} else if ("-throughput".equals(args[i])) {
throughput = true;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
SSL compression / bug 54324
All, https://issues.apache.org/bugzilla/show_bug.cgi?id=54324 The enhancement request (marked MAJOR) is to allow the APR connector to configure SSL_OP_NO_COMPRESSION in OpenSSL, disabling SSL compression even when it is supported by the client. This prevents CRIME attacks. My question is whether we want to disable compression by default or leave compression enabled when supported (which is the current default). Since this is security-related, my preference is to disable SSL compression /by default/ and allow users to specifically enable it if necessary. But, this represents a change in default so I figured I'd ask. Any comments? Thanks, -chris signature.asc Description: OpenPGP digital signature
Re: SSL compression / bug 54324
All, On 12/21/12 10:37 AM, Christopher Schultz wrote: > Since this is security-related, my preference is to disable SSL > compression /by default/ and allow users to specifically enable it if > necessary. But, this represents a change in default so I figured I'd ask. One more note which reverses my original position: if compression is explicitly requested to be disabled and it can /not/ be disabled, I think we should fail-safe and throw an exception -- thereby failing to start the connector. There is a similar security-related option, SSLInsecureRenegotiation, that does *not* fail-safe: if you request disabling insecure renegotiation and that option is not supported by OpenSSL, you get a warning message in the log but the connector starts up nonetheless. -chris signature.asc Description: OpenPGP digital signature
[jira] [Created] (MTOMCAT-195) Plugin uploads WAR file twice
George Smith created MTOMCAT-195:
Summary: Plugin uploads WAR file twice
Key: MTOMCAT-195
URL: https://issues.apache.org/jira/browse/MTOMCAT-195
Project: Apache Tomcat Maven Plugin
Issue Type: Bug
Components: tomcat6
Affects Versions: 2.0
Environment: Win7/64, Maven 3.0.4
Reporter: George Smith
Assignee: Olivier Lamy (*$^¨%`£)
When I deploy my WAR using maven, the target war (exact the same one) is being
uploaded to the server twice. Can someone explain that?
I am using this on my module:
{code}clean install org.apache.tomcat.maven:tomcat6-maven-plugin:2.0:redeploy
{code}
>From the Log file
{code}
[INFO] --- maven-war-plugin:2.1.1:war (default-war) @ mobile-server ---
[INFO] Packaging webapp
[INFO] Assembling webapp [mobile-server] in
[C:\develope\mobile\mobile-server\target\mobile-server]
[INFO] Processing war project
[INFO] Copying webapp resources
[C:\develope\mobile\mobile-server\src\main\webapp]
[INFO] Webapp assembled in [241 msecs]
[INFO] Building war: C:\develope\mobile\mobile-server\target\mobile-server.war
[INFO]
[INFO] <<< tomcat6-maven-plugin:2.0:redeploy (default-cli) @ mobile-server <<<
[INFO]
[INFO] --- tomcat6-maven-plugin:2.0:redeploy (default-cli) @ mobile-server ---
[INFO] Deploying war to http://myserver.eu/pra-mobile-server
Uploading:
http://myserver.eu/manager-test/deploy?path=%2Fmobile-server&update=true
Uploaded:
http://myserver.eu/manager-test/deploy?path=%2Fmobile-server&update=true (12678
KB at 49.3 KB/sec)
Uploading:
http://myserver.eu/manager-test/deploy?path=%2Fmobile-server&update=true
Uploaded:
http://myserver.eu/manager-test/deploy?path=%2Fmobile-server&update=true
{code}
http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd";>
4.0.0
eu.company.prj.pramobile
mobile-parent
../mobile-parent/pom.xml
1.0-SNAPSHOT
mobile-server
war
mobile server
1.1.2
com.springsource.repository.libs-milestone
SpringSource Enterprise Bundle Repository - libs
http://repo.springsource.org/libs-milestone/
${project.groupId}
mobile-test
${project.version}
test
${project.groupId}
mobile-common
${project.version}
org.springframework
spring-asm
${version.spring}
org.springframework
spring-aop
${version.spring}
org.springframework.security
spring-security-config
${version.spring}
org.springframework
spring-web
${version.spring}
org.springframework
spring-oxm
${version.spring}
org.springframework
spring-webmvc
${version.spring}
org.springframework.security
spring-security-web
${version.spring}
commons-codec
commons-codec
1.7
javax.servlet
jsp-api
2.0
provided
commons-io
commons-io
2.4
commons-fileupload
commons-fileupload
1.2.2
javax.servlet
servlet-api
2.5
provided
javax.servlet
jstl
1.1.2
provided
taglibs
standard
1.1.2
provided
commons-httpclient
commons-httpclient
3.1
net.sf.ehcache
ehcache
1.6.1
org.springmodules
spring-modules-cache
0.8a
org.springframework
spring
gigaspaces
gigaspaces-ce
jini
jsk-lib
jini
jsk-platform
jini
mahalo
jini
reggie
jini
start
jini
boot
jini
webster
commons-attributes
commons-attributes-api
commons-attributes
commons-attributes-compiler
jboss
javassist
jboss
jboss-cache
jboss
jboss-common
[jira] [Updated] (MTOMCAT-195) Plugin uploads WAR file twice
[
https://issues.apache.org/jira/browse/MTOMCAT-195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
George Smith updated MTOMCAT-195:
-
Description:
When I deploy my WAR using maven, the target war (exact the same one) is being
uploaded to the server twice. Can someone explain that?
I am using this on my module:
{code}clean install org.apache.tomcat.maven:tomcat6-maven-plugin:2.0:redeploy
{code}
>From the Log file
{code =xml}
[INFO] --- maven-war-plugin:2.1.1:war (default-war) @ mobile-server ---
[INFO] Packaging webapp
[INFO] Assembling webapp [mobile-server] in
[C:\develope\mobile\mobile-server\target\mobile-server]
[INFO] Processing war project
[INFO] Copying webapp resources
[C:\develope\mobile\mobile-server\src\main\webapp]
[INFO] Webapp assembled in [241 msecs]
[INFO] Building war: C:\develope\mobile\mobile-server\target\mobile-server.war
[INFO]
[INFO] <<< tomcat6-maven-plugin:2.0:redeploy (default-cli) @ mobile-server <<<
[INFO]
[INFO] --- tomcat6-maven-plugin:2.0:redeploy (default-cli) @ mobile-server ---
[INFO] Deploying war to http://myserver.eu/pra-mobile-server
Uploading:
http://myserver.eu/manager-test/deploy?path=%2Fmobile-server&update=true
Uploaded:
http://myserver.eu/manager-test/deploy?path=%2Fmobile-server&update=true (12678
KB at 49.3 KB/sec)
Uploading:
http://myserver.eu/manager-test/deploy?path=%2Fmobile-server&update=true
Uploaded:
http://myserver.eu/manager-test/deploy?path=%2Fmobile-server&update=true
{code}
http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd";>
4.0.0
eu.company.prj.pramobile
mobile-parent
../mobile-parent/pom.xml
1.0-SNAPSHOT
mobile-server
war
mobile server
1.1.2
com.springsource.repository.libs-milestone
SpringSource Enterprise Bundle Repository - libs
http://repo.springsource.org/libs-milestone/
${project.groupId}
mobile-test
${project.version}
test
${project.groupId}
mobile-common
${project.version}
org.springframework
spring-asm
${version.spring}
org.springframework
spring-aop
${version.spring}
org.springframework.security
spring-security-config
${version.spring}
org.springframework
spring-web
${version.spring}
org.springframework
spring-oxm
${version.spring}
org.springframework
spring-webmvc
${version.spring}
org.springframework.security
spring-security-web
${version.spring}
commons-codec
commons-codec
1.7
javax.servlet
jsp-api
2.0
provided
commons-io
commons-io
2.4
commons-fileupload
commons-fileupload
1.2.2
javax.servlet
servlet-api
2.5
provided
javax.servlet
jstl
1.1.2
provided
taglibs
standard
1.1.2
provided
commons-httpclient
commons-httpclient
3.1
net.sf.ehcache
ehcache
1.6.1
org.springmodules
spring-modules-cache
0.8a
org.springframework
spring
gigaspaces
gigaspaces-ce
jini
jsk-lib
jini
jsk-platform
jini
mahalo
jini
reggie
jini
start
jini
boot
jini
webster
commons-attributes
commons-attributes-api
commons-attributes
commons-attributes-compiler
jboss
javassist
jboss
jboss-cache
jboss
jboss-common
jboss
jboss-jmx
jboss
jboss-minimal
jboss
jboss-system
jcs
[Bug 54340] New: Form-based authentication + url rewriting does not work
https://issues.apache.org/bugzilla/show_bug.cgi?id=54340 Bug ID: 54340 Summary: Form-based authentication + url rewriting does not work Product: Tomcat 7 Version: unspecified Hardware: PC OS: Linux Status: NEW Severity: major Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: k...@emweb.be Classification: Unclassified Created attachment 29788 --> https://issues.apache.org/bugzilla/attachment.cgi?id=29788&action=edit Test case that reproduces the bug Form-based authentication in combination with URL rewriting does not work: when the user successfully authenticates he is redirected to the application but, the login page is shown again. When he reloads this page then he does get to the actual application ! The correct behaviour (which can be observed in for example jetty) is that the user correctly can access the actual application after logging in. The following access log illustrates the odd behaviour: 127.0.0.1 - - [21/Dec/2012:17:10:30 +0100] "GET /test-form-auth/protected HTTP/1.1" 200 450 127.0.0.1 - - [21/Dec/2012:17:10:35 +0100] "POST /test-form-auth/j_security_check;jsessionid=DBE966BD9F3CA8A7F57B5677F1D831F4 HTTP/1.1" 302 - 127.0.0.1 - - [21/Dec/2012:17:10:35 +0100] "GET /test-form-auth/protected;jsessionid=DBE966BD9F3CA8A7F57B5677F1D831F4 HTTP/1.1" 200 450 127.0.0.1 - koen [21/Dec/2012:17:10:38 +0100] "GET /test-form-auth/protected;jsessionid=DBE966BD9F3CA8A7F57B5677F1D831F4 HTTP/1.1" 200 59 Notice the two last requests: they are identical, yet, the server returns the first time the login.jsp page, and the second time the actual web application. On top of this (and perhaps related to these problems), in the actual web application a different session ID is actually printed. The same application in jetty regenerates the session ID (after authentication) and directly redirects to this new session, reporting the same session ID within the application as is visible in the URL. The project in attachment is a self-contained test case that reproduces the problem, including an ant script to create the war file. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54340] Form-based authentication + url rewriting does not work
https://issues.apache.org/bugzilla/show_bug.cgi?id=54340 --- Comment #1 from Konstantin Kolinko --- 1. Tomcat version = ? I'd guess that you are facing bug 53584, which was fixed in 7.0.30. > On top of this (and perhaps related to these problems), in the actual web > application a different session ID is actually printed. 2. As expected. See "changeSessionIdOnAuthentication" in http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html 3. It works for me in 7.0.34 To be sure, I changed the element in your web.xml to use version="3.0" and relevant version of the schema, instead of 2.3 that you are using. A fragment of my access log: 127.0.0.1 - - [21/Dec/2012:20:38:59 +0400] "GET /test-form-auth/protected HTTP/1.1" 200 450 127.0.0.1 - - [21/Dec/2012:20:39:15 +0400] "POST /test-form-auth/j_security_check;jsessionid=38B9A84964A6005AA58ABC5CDA9F6367 HTTP/1.1" 302 - 127.0.0.1 - tomcat [21/Dec/2012:20:39:15 +0400] "GET /test-form-auth/protected HTTP/1.1" 200 59 Tested both with Firefox 17.0.1 and IE 8. Tomcat 7.0.34, BIO connector. Though there are two bits of a mystery: -- a) Why access log did print jsessionid in the second request, but did not in the third one? FireBug shows that there was jsessionid in the request that Firefox sent. b) The page that is shown after the test. I tried to refresh it. It worked, but it ended up with 2 jsessionid parameters in the URL (as displayed in the address bar). Steps to reproduce for b): 1. Go to http://localhost:8080/test-form-auth/protected;jsessionid=84C65A4F88EFC446C0DADAC649BD53BE 2. Login form is displayed (as expected). Log in. 3. After logging in the test page is displayed (as expected), but somehow the address bar shows 2 jsessionid path parameters in the URL: http://localhost:8080/test-form-auth/protected;jsessionid=C578A9AAB9E8020B438270DD65DC174C;jsessionid=9DB72687A728F05162C1C3D1B7E94F90 Reproducible both with Firefox 17 and IE 8. Firebug shows that Location header in the 302 response for the POST request to j_security_check had 2 jsessionid: Location: http://localhost:8080/test-form-auth/protected;jsessionid=C578A9AAB9E8020B438270DD65DC174C;jsessionid=9DB72687A728F05162C1C3D1B7E94F90 Access log: 127.0.0.1 - - [21/Dec/2012:21:06:31 +0400] "GET /test-form-auth/protected;jsessionid=C578A9AAB9E8020B438270DD65DC174C HTTP/1.1" 200 450 127.0.0.1 - - [21/Dec/2012:21:06:47 +0400] "POST /test-form-auth/j_security_check;jsessionid=9DB72687A728F05162C1C3D1B7E94F90 HTTP/1.1" 302 - 127.0.0.1 - tomcat [21/Dec/2012:21:06:47 +0400] "GET /test-form-auth/protected;jsessionid=C578A9AAB9E8020B438270DD65DC174C HTTP/1.1" 200 59 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54330] Patch with some refactoring of Member.java
https://issues.apache.org/bugzilla/show_bug.cgi?id=54330 Greg Turnquist changed: What|Removed |Added OS||All --- Comment #2 from Greg Turnquist --- I tagged it as patch, but can't seem to change mime type. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54324] Support is required to disable TLS compression to prevent against CRIME attacks
https://issues.apache.org/bugzilla/show_bug.cgi?id=54324 --- Comment #2 from Maik Hemani --- Is there a road map for releases available for TC Native/Apache/Tomcat in general? Perhaps this is related? https://issues.apache.org/bugzilla/show_bug.cgi?id=53219 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54324] Support is required to disable TLS compression to prevent against CRIME attacks
https://issues.apache.org/bugzilla/show_bug.cgi?id=54324 --- Comment #3 from Christopher Schultz --- tcnative is independent from Apache httpd, though it does depend upon the Apache Portable Runtime library which is "part" of Apache httpd. In this case, we're only relying on support from OpenSSL, so the version of Apache httpd is not relevant. Tomcat 7.x releases have historically come about once per month. There is no guarantee this will continue, but it's a reasonable bet. tcnative 1.1.24 was released 2012-06-13. I've just added a number of SSL_OP_* from OpenSSL 1.0 that were missing to tcnative's option-support capabilities, and the option-support caps-detection has been added since 1.1.24 so I'm going to propose 1.1.25 sometime soon. Once you have both of these (tcnative + Tomcat) supporting SSL_OP_NO_COMPRESSION then you should be able to pass your audit. Note that no current versions of mainstream browsers enable SSL compression by default, so this issue is, for the most part, a non-issue. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1425135 - in /tomcat/native/branches/1.1.x: ./ native/src/ssl.c
Author: schultz Date: Fri Dec 21 20:45:32 2012 New Revision: 1425135 URL: http://svn.apache.org/viewvc?rev=1425135&view=rev Log: Back-port r1424947, r1424971 from trunk. Add new SSL_OP_* constants to OpenSSL option-detection. Modified: tomcat/native/branches/1.1.x/ (props changed) tomcat/native/branches/1.1.x/native/src/ssl.c Propchange: tomcat/native/branches/1.1.x/ -- Merged /tomcat/native/trunk:r1424947,1424971 Modified: tomcat/native/branches/1.1.x/native/src/ssl.c URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/ssl.c?rev=1425135&r1=1425134&r2=1425135&view=diff == --- tomcat/native/branches/1.1.x/native/src/ssl.c (original) +++ tomcat/native/branches/1.1.x/native/src/ssl.c Fri Dec 21 20:45:32 2012 @@ -110,6 +110,10 @@ static const jint supported_ssl_opts = 0 | SSL_OP_CIPHER_SERVER_PREFERENCE #endif +#ifdef SSL_OP_CRYPTOPRO_TLSEXT_BUG + | SSL_OP_CRYPTOPRO_TLSEXT_BUG +#endif + #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS #endif @@ -150,6 +154,14 @@ static const jint supported_ssl_opts = 0 | SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG #endif +#ifdef SSL_OP_NO_COMPRESSION + | SSL_OP_NO_COMPRESSION +#endif + +#ifdef SSL_OP_NO_QUERY_MTU + | SSL_OP_NO_QUERY_MTU +#endif + #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION #endif @@ -182,6 +194,10 @@ static const jint supported_ssl_opts = 0 | SSL_OP_SINGLE_DH_USE #endif +#ifdef SSL_OP_SINGLE_ECDH_USE + | SSL_OP_SINGLE_ECDH_USE +#endif + #ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG | SSL_OP_SSLEAY_080_CLIENT_DH_BUG #endif - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1425136 - /tomcat/trunk/java/org/apache/coyote/http11/upgrade/
Author: markt
Date: Fri Dec 21 20:49:59 2012
New Revision: 1425136
URL: http://svn.apache.org/viewvc?rev=1425136&view=rev
Log:
Need to be able to close the upgraded input/output streams
Modified:
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletInputStream.java
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletOutputStream.java
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AprServletInputStream.java
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AprServletOutputStream.java
tomcat/trunk/java/org/apache/coyote/http11/upgrade/BioServletInputStream.java
tomcat/trunk/java/org/apache/coyote/http11/upgrade/BioServletOutputStream.java
tomcat/trunk/java/org/apache/coyote/http11/upgrade/NioServletInputStream.java
tomcat/trunk/java/org/apache/coyote/http11/upgrade/NioServletOutputStream.java
Modified:
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletInputStream.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletInputStream.java?rev=1425136&r1=1425135&r2=1425136&view=diff
==
---
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletInputStream.java
(original)
+++
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletInputStream.java
Fri Dec 21 20:49:59 2012
@@ -120,6 +120,13 @@ public abstract class AbstractServletInp
}
+
+@Override
+public void close() throws IOException {
+doClose();
+}
+
+
private void preReadChecks() {
if (listener != null && (ready == null || !ready.booleanValue())) {
throw new IllegalStateException(
@@ -170,4 +177,6 @@ public abstract class AbstractServletInp
protected abstract int doRead(boolean block, byte[] b, int off, int len)
throws IOException;
+
+protected abstract void doClose() throws IOException;
}
Modified:
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletOutputStream.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletOutputStream.java?rev=1425136&r1=1425135&r2=1425136&view=diff
==
---
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletOutputStream.java
(original)
+++
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletOutputStream.java
Fri Dec 21 20:49:59 2012
@@ -68,6 +68,11 @@ public abstract class AbstractServletOut
}
+@Override
+public void close() throws IOException {
+doClose();
+}
+
private void preWriteChecks() {
if (buffer != null) {
throw new IllegalStateException(
@@ -110,4 +115,6 @@ public abstract class AbstractServletOut
throws IOException;
protected abstract void doFlush() throws IOException;
+
+protected abstract void doClose() throws IOException;
}
Modified:
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AprServletInputStream.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/upgrade/AprServletInputStream.java?rev=1425136&r1=1425135&r2=1425136&view=diff
==
---
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AprServletInputStream.java
(original)
+++
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AprServletInputStream.java
Fri Dec 21 20:49:59 2012
@@ -78,4 +78,8 @@ public class AprServletInputStream exten
return false;
}
+@Override
+protected void doClose() throws IOException {
+// TODO Auto-generated method stub
+}
}
Modified:
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AprServletOutputStream.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/upgrade/AprServletOutputStream.java?rev=1425136&r1=1425135&r2=1425136&view=diff
==
---
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AprServletOutputStream.java
(original)
+++
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AprServletOutputStream.java
Fri Dec 21 20:49:59 2012
@@ -41,4 +41,10 @@ public class AprServletOutputStream exte
protected void doFlush() throws IOException {
// TODO Auto-generated method stub
}
+
+
+@Override
+protected void doClose() throws IOException {
+// TODO Auto-generated method stub
+}
}
Modified:
tomcat/trunk/java/org/apache/coyote/http11/upgrade/BioServletInputStream.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/upgrade/BioServletInputStream.java?rev=1425136&r1=1425135&r2=1425136&view=diff
==
---
tomcat/trunk/java/org/apache/coyote/http11/upgrade/BioServletInputStr
[Bug 54324] Support is required to disable TLS compression to prevent against CRIME attacks
https://issues.apache.org/bugzilla/show_bug.cgi?id=54324 Christopher Schultz changed: What|Removed |Added Depends on||53969 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 53969] JNI method hasOp only supports SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION and should support others
https://issues.apache.org/bugzilla/show_bug.cgi?id=53969 Christopher Schultz changed: What|Removed |Added Blocks||54324 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Time for tcnative 1.1.25?
All, There is a particular fix in tcnative-trunk ant the 1.1.x branch to the ssl.c::hasOp function that I'd like to get out there in the wild: there are now two Tomcat enhancements (one committed, one not yet committed) that rely upon it: https://issues.apache.org/bugzilla/show_bug.cgi?id=53481 https://issues.apache.org/bugzilla/show_bug.cgi?id=54324 Once another version of tcnative 1.1.x is released, Tomcat can truly support these SSL-related features. Would anyone (Mladen?) be willing to roll another release in the near future? Thanks, -chris signature.asc Description: OpenPGP digital signature
svn commit: r1425141 - /tomcat/trunk/java/org/apache/tomcat/websocket/Util.java
Author: markt
Date: Fri Dec 21 21:00:52 2012
New Revision: 1425141
URL: http://svn.apache.org/viewvc?rev=1425141&view=rev
Log:
int -> CloseCode
Modified:
tomcat/trunk/java/org/apache/tomcat/websocket/Util.java
Modified: tomcat/trunk/java/org/apache/tomcat/websocket/Util.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/websocket/Util.java?rev=1425141&r1=1425140&r2=1425141&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/websocket/Util.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/websocket/Util.java Fri Dec 21 21:00:52
2012
@@ -16,6 +16,9 @@
*/
package org.apache.tomcat.websocket;
+import javax.websocket.CloseReason.CloseCode;
+import javax.websocket.CloseReason.CloseCodes;
+
/**
* Utility class for internal use only within the
* {@link org.apache.tomcat.websocket} package.
@@ -51,4 +54,42 @@ class Util {
}
}
}
+
+
+static CloseCode getCloseCode(int code) {
+switch (code) {
+case 1000:
+return CloseCodes.NORMAL_CLOSURE;
+case 1001:
+return CloseCodes.GOING_AWAY;
+case 1002:
+return CloseCodes.PROTOCOL_ERROR;
+case 1003:
+return CloseCodes.CANNOT_ACCEPT;
+case 1004:
+return CloseCodes.RESERVED;
+case 1005:
+return CloseCodes.NO_STATUS_CODE;
+case 1006:
+return CloseCodes.CLOSED_ABNORMALLY;
+case 1007:
+return CloseCodes.NOT_CONSISTENT;
+case 1008:
+return CloseCodes.VIOLATED_POLICY;
+case 1009:
+return CloseCodes.TOO_BIG;
+case 1010:
+return CloseCodes.NO_EXTENSION;
+case 1011:
+return CloseCodes.UNEXPECTED_CONDITION;
+case 1012:
+return CloseCodes.SERVICE_RESTART;
+case 1013:
+return CloseCodes.TRY_AGAIN_LATER;
+case 1015:
+return CloseCodes.TLS_HANDSHAKE_FAILURE;
+default:
+return CloseCodes.PROTOCOL_ERROR;
+}
+}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1425142 - /tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/echo/EchoAnnotation.java
Author: markt
Date: Fri Dec 21 21:01:58 2012
New Revision: 1425142
URL: http://svn.apache.org/viewvc?rev=1425142&view=rev
Log:
Echo binary messages as well as text messages.
Modified:
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/echo/EchoAnnotation.java
Modified:
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/echo/EchoAnnotation.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/echo/EchoAnnotation.java?rev=1425142&r1=1425141&r2=1425142&view=diff
==
---
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/echo/EchoAnnotation.java
(original)
+++
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/echo/EchoAnnotation.java
Fri Dec 21 21:01:58 2012
@@ -16,6 +16,8 @@
*/
package websocket.echo;
+import java.nio.ByteBuffer;
+
import javax.websocket.WebSocketEndpoint;
import javax.websocket.WebSocketMessage;
@@ -23,7 +25,12 @@ import javax.websocket.WebSocketMessage;
public class EchoAnnotation {
@WebSocketMessage
-public String printMessage(String msg) {
+public String echoTextMessage(String msg) {
return msg;
}
+
+@WebSocketMessage
+public ByteBuffer echoBinaryMessage(ByteBuffer bb) {
+return bb;
+}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1425143 - /tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletInputStream.java
Author: markt
Date: Fri Dec 21 21:02:34 2012
New Revision: 1425143
URL: http://svn.apache.org/viewvc?rev=1425143&view=rev
Log:
Avoid NPE
Modified:
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletInputStream.java
Modified:
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletInputStream.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletInputStream.java?rev=1425143&r1=1425142&r2=1425143&view=diff
==
---
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletInputStream.java
(original)
+++
tomcat/trunk/java/org/apache/coyote/http11/upgrade/AbstractServletInputStream.java
Fri Dec 21 21:02:34 2012
@@ -62,6 +62,7 @@ public abstract class AbstractServletInp
ready = Boolean.valueOf(doIsReady());
} catch (IOException e) {
listener.onError(e);
+ready = Boolean.FALSE;
}
return ready.booleanValue();
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1425145 - in /tomcat/trunk: java/javax/websocket/ java/org/apache/tomcat/websocket/ webapps/examples/WEB-INF/classes/websocket/chat/ webapps/examples/WEB-INF/classes/websocket/echo/
Author: markt
Date: Fri Dec 21 21:04:07 2012
New Revision: 1425145
URL: http://svn.apache.org/viewvc?rev=1425145&view=rev
Log:
Improve close behaviour - fixes various issues highlighted by the Autobahn
WebSocket test suite
Modified:
tomcat/trunk/java/javax/websocket/Session.java
tomcat/trunk/java/org/apache/tomcat/websocket/WsEndpointPojo.java
tomcat/trunk/java/org/apache/tomcat/websocket/WsFrame.java
tomcat/trunk/java/org/apache/tomcat/websocket/WsProtocolHandler.java
tomcat/trunk/java/org/apache/tomcat/websocket/WsRemoteEndpoint.java
tomcat/trunk/java/org/apache/tomcat/websocket/WsSession.java
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/echo/EchoEndpoint.java
Modified: tomcat/trunk/java/javax/websocket/Session.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/javax/websocket/Session.java?rev=1425145&r1=1425144&r2=1425145&view=diff
==
--- tomcat/trunk/java/javax/websocket/Session.java (original)
+++ tomcat/trunk/java/javax/websocket/Session.java Fri Dec 21 21:04:07 2012
@@ -54,8 +54,22 @@ public interface Session {
RemoteEndpoint getRemote();
+/**
+ * Close the connection to the remote end point using the code
+ * {@link javax.websocket.CloseReason.CloseCodes#NORMAL_CLOSURE} and an
+ * empty reason phrase.
+ *
+ * @throws IOException
+ */
void close() throws IOException;
+
+/**
+ * Close the connection to the remote end point using the specified code
+ * and reason phrase.
+ *
+ * @throws IOException
+ */
void close(CloseReason closeStatus) throws IOException;
URI getRequestURI();
Modified: tomcat/trunk/java/org/apache/tomcat/websocket/WsEndpointPojo.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/websocket/WsEndpointPojo.java?rev=1425145&r1=1425144&r2=1425145&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/websocket/WsEndpointPojo.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/websocket/WsEndpointPojo.java Fri Dec
21 21:04:07 2012
@@ -16,6 +16,7 @@
*/
package org.apache.tomcat.websocket;
+import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import javax.websocket.CloseReason;
@@ -68,7 +69,15 @@ public class WsEndpointPojo extends Endp
@Override
public void onClose(CloseReason closeReason) {
-if (methodMapping.getOnClose() != null) {
+if (methodMapping.getOnClose() == null) {
+// If the POJO doesn't handle the close, close the connection
+try {
+session.close(closeReason);
+} catch (IOException e) {
+// TODO Auto-generated catch block
+e.printStackTrace();
+}
+} else {
try {
methodMapping.getOnClose().invoke(pojo,
methodMapping.getOnCloseArgs(pathInfo, session));
Modified: tomcat/trunk/java/org/apache/tomcat/websocket/WsFrame.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/websocket/WsFrame.java?rev=1425145&r1=1425144&r2=1425145&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/websocket/WsFrame.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/websocket/WsFrame.java Fri Dec 21
21:04:07 2012
@@ -21,6 +21,8 @@ import java.io.IOException;
import java.nio.ByteBuffer;
import javax.servlet.ServletInputStream;
+import javax.websocket.CloseReason;
+import javax.websocket.CloseReason.CloseCodes;
import javax.websocket.MessageHandler;
import javax.websocket.PongMessage;
@@ -194,7 +196,19 @@ public class WsFrame {
return false;
}
if (opCode == Constants.OPCODE_CLOSE) {
-wsSession.close();
+messageBuffer.flip();
+String reason = null;
+int code = CloseCodes.NO_STATUS_CODE.getCode();
+if (messageBuffer.remaining() > 1) {
+code = messageBuffer.getShort();
+if (messageBuffer.remaining() > 0) {
+ reason = new String(messageBuffer.array(),
+messageBuffer.arrayOffset() +
messageBuffer.position(),
+messageBuffer.remaining(), "UTF8");
+}
+}
+wsSession.onClose(
+new CloseReason(Util.getCloseCode(code), reason));
} else if (opCode == Constants.OPCODE_PING) {
messageBuffer.flip();
wsSession.getRemote().sendPong(messageBuffer);
Modified: tomcat/trunk/java/org/apache/tomcat/websocket/WsProtocolHandler.java
URL:
h
svn commit: r1425175 - in /tomcat/trunk/java/org/apache/tomcat/websocket: WsFrame.java WsRemoteEndpoint.java
Author: markt
Date: Fri Dec 21 23:02:35 2012
New Revision: 1425175
URL: http://svn.apache.org/viewvc?rev=1425175&view=rev
Log:
Send a close frame telling the client why the connection is being closed if the
server buffers can't cope.
Modified:
tomcat/trunk/java/org/apache/tomcat/websocket/WsFrame.java
tomcat/trunk/java/org/apache/tomcat/websocket/WsRemoteEndpoint.java
Modified: tomcat/trunk/java/org/apache/tomcat/websocket/WsFrame.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/websocket/WsFrame.java?rev=1425175&r1=1425174&r2=1425175&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/websocket/WsFrame.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/websocket/WsFrame.java Fri Dec 21
23:02:35 2012
@@ -327,9 +327,13 @@ public class WsFrame {
return;
}
if (inputBuffer.length < frameSize) {
-// Never going to work
// TODO i18n - buffer too small
-throw new IOException();
+CloseReason cr = new CloseReason(CloseCodes.TOO_BIG,
+"Buffer size: [" + inputBuffer.length +
+"], frame size: [" + frameSize + "]");
+wsSession.close(cr);
+wsSession.onClose(cr);
+throw new IOException(cr.getReasonPhrase());
}
makeRoom();
}
Modified: tomcat/trunk/java/org/apache/tomcat/websocket/WsRemoteEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/websocket/WsRemoteEndpoint.java?rev=1425175&r1=1425174&r2=1425175&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/websocket/WsRemoteEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/websocket/WsRemoteEndpoint.java Fri Dec
21 23:02:35 2012
@@ -91,7 +91,10 @@ public class WsRemoteEndpoint implements
CharBuffer cb = CharBuffer.wrap(fragment);
CoderResult cr = encoder.encode(cb, textToByte, true);
while (cr.isOverflow()) {
+textToByte.flip();
sendMessage(Constants.OPCODE_TEXT, textToByte, first, false);
+textToByte.clear();
+cr = encoder.encode(cb, textToByte, true);
first = false;
}
sendMessage(Constants.OPCODE_TEXT, textToByte, first, isLast);
@@ -217,7 +220,6 @@ public class WsRemoteEndpoint implements
}
// If not the first fragment, it is a continuation with opCode of zero
-message.flip();
header.put(first);
// Next write the length
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1425178 - /tomcat/trunk/java/org/apache/tomcat/websocket/WsRemoteEndpoint.java
Author: markt
Date: Fri Dec 21 23:07:29 2012
New Revision: 1425178
URL: http://svn.apache.org/viewvc?rev=1425178&view=rev
Log:
Make sure buffer is flipped before sending
Modified:
tomcat/trunk/java/org/apache/tomcat/websocket/WsRemoteEndpoint.java
Modified: tomcat/trunk/java/org/apache/tomcat/websocket/WsRemoteEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/websocket/WsRemoteEndpoint.java?rev=1425178&r1=1425177&r2=1425178&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/websocket/WsRemoteEndpoint.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/websocket/WsRemoteEndpoint.java Fri Dec
21 23:07:29 2012
@@ -90,11 +90,12 @@ public class WsRemoteEndpoint implements
textToByte.clear();
CharBuffer cb = CharBuffer.wrap(fragment);
CoderResult cr = encoder.encode(cb, textToByte, true);
+textToByte.flip();
while (cr.isOverflow()) {
-textToByte.flip();
sendMessage(Constants.OPCODE_TEXT, textToByte, first, false);
textToByte.clear();
cr = encoder.encode(cb, textToByte, true);
+textToByte.flip();
first = false;
}
sendMessage(Constants.OPCODE_TEXT, textToByte, first, isLast);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: WebSocket progress report
On 12/12/2012 21:23, Mark Thomas wrote: > The next step is to implement support for outgoing messages from server > endpoints. Done. > Once that is in place, I will update the examples to use the > new implementation and fix any issues that identifies. Done. > After that, I > intend to run the Autobahn test suite and fix any issues that identifies. Pass 1.1.1-1.1.5, 1.2.1-1.2.5 Fail 1.1.6-1.1.8, 1.2.6-1.1.8 (all because server side buffer is too small) Not tested 2 onwards As expected, the Autobahn test suite has already identified numerous issues with the initial implementation as it is far less forgiving than browsers - particularly about ensuring connections are closed cleanly. Next step will be to look at making the buffer sizes configurable to address the failures above before moving on to the rest of the test suite. > Once I have something that passes the Autobahn test suite my next set of > priorities will be to clean up the code. By that I mean: > - consistent formatting > - complete the Javadoc > - consistent naming conventions > - i18n > - refactor to reduce duplication > - reduce visibility to the minimum require to function correctly > > The next block of work will be to complete the WebSocket client > implementation and then use that to generate unit tests. My aim then > will be to go through the API and get as close as practical to 100% code > coverage with the unit tests. > > Alongside all of this will be updating the implementation for changes to > the draft specification which may well mean going back several steps. > > Finally, I want to do some performance testing. Some of this may get > pulled forward if the Autobahn test suite finds something truly awful > (given my approach to date of focussing on getting something that works > this is quite likely). > > Help in any form is always appreciated. > > Mark > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: SSL compression / bug 54324
On 21.12.2012 16:37, Christopher Schultz wrote: > All, > > https://issues.apache.org/bugzilla/show_bug.cgi?id=54324 > > The enhancement request (marked MAJOR) is to allow the APR connector to > configure SSL_OP_NO_COMPRESSION in OpenSSL, disabling SSL compression > even when it is supported by the client. This prevents CRIME attacks. > > My question is whether we want to disable compression by default or > leave compression enabled when supported (which is the current default). > > Since this is security-related, my preference is to disable SSL > compression /by default/ and allow users to specifically enable it if > necessary. But, this represents a change in default so I figured I'd ask. > > Any comments? The web server in the current branch had SSL compression set to on by default until the latest release (2.4.3), if OpenSSL supported it. The next release 2.4.4 will have it disabled by default for the same reasons. Considering the current state of affairs I'm comfortable switching the defaults here. Regards, Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54324] Support is required to disable TLS compression to prevent against CRIME attacks
https://issues.apache.org/bugzilla/show_bug.cgi?id=54324 --- Comment #4 from Rainer Jung --- Note also, that as a short time workaround you can compile OpenSSL without compression support. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
