Re: [VOTE] Apache Tomcat Maven Plugin 2.1
+500! (non-binding). This version of Tomcat Maven plugin is much improved over present release version (both in deployment to a standalone Tomcat and its mvn tomcat:run-war feature), and I'm looking forward to switching my web service blog entries over to it as soon as it's released. Glen On 02/22/2013 05:51 AM, Olivier Lamy wrote: Hi, I'd like to release Apache Tomcat Maven Plugin 2.1. 24 issues fixed (see changelog: http://tomcat.apache.org/maven-plugin-2.1/jira-report.html) Staging maven repository: https://repository.apache.org/content/repositories/orgapachetomcat-282/ Source release files: https://dist.apache.org/repos/dist/dev/tomcat/maven-plugin/v2.1/ Documentation site: http://tomcat.apache.org/maven-plugin-2.1/ Vote open for 72H [+1] [0] [-1] Thanks -- Olivier Lamy Talend: http://coders.talend.com http://twitter.com/olamy | http://linkedin.com/in/olamy -- Glen Mazza Talend Community Coders - coders.talend.com blog: www.jroller.com/gmazza - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: JarScanning
2013/2/21 Mark Thomas : > An issue at work prompted me to take another look at this thread: > http://markmail.org/thread/qanw2psjsx32feek > > There are some useful things there that I think it is worth following up on. > >(..) > > jarsToScan > This is a little more complicated. > First of all, how does it work? The suggestion is: > - If jarsToScan matches, scan it > - else if jarsToSkip matches, skip it > - else scan it +1. In other words, it is a "force scan" option. > Assuming that the above is acceptable, it would require the following: > a) three new system properties > tomcat.util.scan.DefaultJarScanner.jarsToScan > org.apache.catalina.startup.ContextConfig.jarsToScan > org.apache.catalina.startup.TldConfig.jarsToScan I am not so interested in global options, but am very interested in per-webapp ones. My current thought is that a nice solution could be to have the same-named parameters in a ServletContext. So that those can be defined in WEB-INF/web.xml or using Parameter element in context.xml. >From implementation point of view though a) it will need some code to evaluate the effective value before usual merging of all web fragments has happened b) just document that the value cannot be specified in a web fragment or annotation, because of chicken vs. egg pattern. We may add a separate page to the configuration reference guide to document supported initialization parameters. E.g. websockets implementation in trunk already defines two of those, "org.apache.tomcat.websocket.binaryBufferSize" "org.apache.tomcat.websocket.textBufferSize" in org.apache.tomcat.websocket.server.Constants > b) add a parameter to JarScanner.scan() > > There are a couple of issues here. > > 1. Backwards compatibility. Adding the parameter to JarScanner.scan() > will break any custom Jar scanners. Without that parameter it would not > be possible to have different jarsToScan for pluggability and TLDs. > We do add methods to interfaces (e.g. Context), but we never remove them. I think the guidance here is that it allows a 3rd party class to be compiled for a later version of Tomcat and used with earlier ones as well. So I propose to add a second "scan" method and deprecate the first one. > 2. (and an issue with the current code [1]). These settings are all > global rather than per web application. I would prefer that they were > per web application with defaults configured globally. It is complicated > by the fact that the JARs to skip/scan may vary depending on how the > JarScanner is used. > > [1] https://issues.apache.org/bugzilla/show_bug.cgi?id=54083 > Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Apache Tomcat Maven Plugin 2.1
+1 Can't wait to update and start using this! Tim 2013/2/20 Olivier Lamy > Hi, > I'd like to release Apache Tomcat Maven Plugin 2.1. > > 24 issues fixed (see changelog: > http://tomcat.apache.org/maven-plugin-2.1/jira-report.html) > > Staging maven repository: > https://repository.apache.org/content/repositories/orgapachetomcat-282/ > > Source release files: > https://dist.apache.org/repos/dist/dev/tomcat/maven-plugin/v2.1/ > > Documentation site: http://tomcat.apache.org/maven-plugin-2.1/ > > Vote open for 72H > > [+1] > [0] > [-1] > > Thanks > -- > Olivier Lamy > Talend: http://coders.talend.com > http://twitter.com/olamy | http://linkedin.com/in/olamy > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54599] New: DataSource password is exposed to applications via toString method
https://issues.apache.org/bugzilla/show_bug.cgi?id=54599
Bug ID: 54599
Summary: DataSource password is exposed to applications via
toString method
Product: Tomcat Modules
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P2
Component: jdbc-pool
Assignee: dev@tomcat.apache.org
Reporter: dmik...@vmware.com
Classification: Unclassified
On the server side, create a DataSource using
"org.apache.tomcat.jdbc.pool.DataSourceFactory".
Ex:
In a web application, create a JSP file, add the following:
<%@ page import="javax.naming.*" session="false" %>
Display Password!
toString for Tomcat JDBC
<%
dataSource = (javax.sql.DataSource)
ctx.lookup("java:/comp/env/jdbc/testTomcatJdbc");
out.println("" + dataSource.toString() + "");
%>
Access the JSP in your browser. The output from toString on the DataSource
will display the password that was configured in the tag.
Example Output:
toString for Tomcat JDBC
org.apache.tomcat.jdbc.pool.DataSource@75cae120{ConnectionPool[defaultAutoCommit=null;
defaultReadOnly=null; defaultTransactionIsolation=-1; defaultCatalog=null;
driverClassName=org.h2.Driver; maxActive=100; maxIdle=100; minIdle=1;
initialSize=1; maxWait=3; testOnBorrow=false; testOnReturn=false;
timeBetweenEvictionRunsMillis=5000; numTestsPerEvictionRun=0;
minEvictableIdleTimeMillis=6; testWhileIdle=false; testOnConnect=false;
password=super-secret; url=jdbc:h2:mem:test; username=sa; validationQuery=null;
validatorClassName=null; validationInterval=3;
accessToUnderlyingConnectionAllowed=true; removeAbandoned=false;
removeAbandonedTimeout=60; logAbandoned=false; connectionProperties=null;
initSQL=null; jdbcInterceptors=null; jmxEnabled=true; fairQueue=true;
useEquals=true; abandonWhenPercentageFull=0; maxAge=0; useLock=false;
dataSource=null; dataSourceJNDI=null; suspectTimeout=0;
alternateUsernameAllowed=false; commitOnReturn=false; rollbackOnReturn=false;
useDisposableConnectionFacade=true; logValidationErrors=false;
propagateInterruptState=false; }
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54599] DataSource password is exposed to applications via toString method
https://issues.apache.org/bugzilla/show_bug.cgi?id=54599 --- Comment #1 from Daniel Mikusa --- Created attachment 29983 --> https://issues.apache.org/bugzilla/attachment.cgi?id=29983&action=edit Patch Attaching a simple patch to mask the password in toString. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54601] New: catalina.sh should not modify $JAVA_OPTS to add $LOGGING_MANAGER
https://issues.apache.org/bugzilla/show_bug.cgi?id=54601 Bug ID: 54601 Summary: catalina.sh should not modify $JAVA_OPTS to add $LOGGING_MANAGER Product: Tomcat 6 Version: 6.0.36 Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: Native:Integration Assignee: dev@tomcat.apache.org Reporter: jgl...@apache.org Classification: Unclassified See https://issues.jenkins-ci.org/browse/JENKINS-7702 and http://issues.gradle.org/browse/GRADLE-1245 for background. Reproduced in 6.0.36 though reported also in Tomcat 7. If you set an environment variable $JAVA_OPTS (say, ‘export JAVA_OPTS=-server’) before running startup.sh, the Catalina JVM will include an environment variable JAVA_OPTS set to e.g. ‘-server -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager’. (This is not true if you do _not_ set JAVA_OPTS yourself: catalina.sh will modify a local shell variable but it does not export it.) Normally this is harmless. But if the web application happens to fork an external process which happens to be one of the many Java applications that interpret $JAVA_OPTS when defined as JVM parameters, and that application uses java.util.logging at any point, then that application will generally crash because ClassLoaderLogManager is not in its classpath. Indeed we did not really want to be passing -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager to the subprocess. If the user decided to specify some JAVA_OPTS for Tomcat, we should either pass this var unmodified to the JVM, or not pass it at all. The fix seems simple enough (patch format upon request): in catalina.sh, replace if [ -z "$LOGGING_MANAGER" ]; then JAVA_OPTS="$JAVA_OPTS -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager" else JAVA_OPTS="$JAVA_OPTS $LOGGING_MANAGER" fi with if [ -z "$LOGGING_MANAGER" ]; then LOGGING_MANAGER=-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager fi CATALINA_JAVA_OPTS="$JAVA_OPTS $LOGGING_MANAGER" and then replace subsequent references to $JAVA_OPTS with $CATALINA_JAVA_OPTS. Optionally also unset JAVA_OPTS since any JVM options specified for the web server are likely to be inappropriate for other Java processes it spawns (though https://github.com/jenkinsci/gradle-plugin/pull/2 suggests otherwise). The workaround in the web application is to sanitize the JAVA_OPTS environment variable before forking the subprocess, deleting the ClassLoaderLogManager configuration if found. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54602] New: B2CConverter character decode underflow leaves bytes in buffer
https://issues.apache.org/bugzilla/show_bug.cgi?id=54602
Bug ID: 54602
Summary: B2CConverter character decode underflow leaves bytes
in buffer
Product: Tomcat 7
Version: 7.0.33
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: apa...@neworld.us
Classification: Unclassified
If a request contains a uri that ends in a multi byte character which is
missing a byte the extra bytes are left in a buffer which is reused by a future
request.
The problem comes from two different things:
1) If B2CConverter tries to convert a ByteChunk which ends in a character
underflow it does not convert that last character and it is left in a buffer in
B2CConver.
2) The B2CConverter in org.apache.catalina.connector.Request is not recycled
with the rest of the objects. It looks like this is done intentionally based on
the comment above it's declaration.
The issue with B2CConverter can be demonstrated with the code below, which is a
simplification of what is done inside of CoyoteAdapter.convertURI():
B2CConverter conv = new B2CConverter("UTF-8");
ByteChunk bc = new ByteChunk();
CharChunk cc = new CharChunk();
byte[] bytes = { 0x61, 0x62, 0x63, 0x64, -8, -69, -73, -77 };
bc.append(bytes, 0, bytes.length);
cc.allocate(bc.getLength(), -1);
conv.convert(bc, cc, cc.getBuffer().length - cc.getEnd());
System.out.println(cc);
cc.recycle();
bc.recycle();
bc.append(bytes, 0, bytes.length);
cc.allocate(bc.getLength(), -1);
conv.convert(bc, cc, cc.getBuffer().length - cc.getEnd());
System.out.println(cc);
If the B2CConverter was recycled with everything else in Request this would
prevent a previous request from corrupting the next request but it doesn't fix
the issue that a character is dropped from the initial decode.
I tried playing with B2CConverter and the only way I could get the convert to
get everything was by ignoring the limit argument and reading to the end of the
stream. It looks like tomcat8 is moving in this direction with the move to NIO,
however I tried playing with the latest B2CConverter and was still seeing
issues with the given byte sequence.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54595] [embed] ClassNotFoundException while parsing web.xml
https://issues.apache.org/bugzilla/show_bug.cgi?id=54595 --- Comment #2 from Violeta Georgieva --- Hi, Can you specify the exact Tomcat 7 version that you are using. Also specify whether you are using the "embedded" distribution or the full one. Please provide the configuration information that is used for the Embedded Tomcat. Also information for the loader that you are setting to the context. You may check one of the Tomcat tests that uses embedded Tomcat and deploys a web application with filter definitions [1]. Regards Violeta [1] http://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk/test/org/apache/catalina/core/TestStandardContext.java -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1449225 - /tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
Author: remm
Date: Fri Feb 22 21:38:20 2013
New Revision: 1449225
URL: http://svn.apache.org/r1449225
Log:
I forgot to port a portion of my patch, that 54602 had me look at what called
recycle.
Modified:
tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
Modified: tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java?rev=1449225&r1=1449224&r2=1449225&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java Fri Feb
22 21:38:20 2013
@@ -1036,6 +1036,8 @@ public class CoyoteAdapter implements Ad
if (conv == null) {
conv = new B2CConverter(enc);
request.setURIConverter(conv);
+} else {
+conv.recycle();
}
} catch (IOException e) {
// Ignore
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
