Re: Late Binding
On 11/11/2013 04:35, Suresh Mathew wrote: > Hi Mark, > Thank you very much for the response. Sounds good. Would the init be > also initializing the app?. No. The Containers would start normally. It would just be the the connector(s) that had to be started later. > Because we want the bind(start in this > scenario) to be as small as possible. The more you articulate your requirement, the more I think this is the wrong solution and that what you really need to be doing is either using a load-balancer or using parallel deployment. You also have the option of the approach Konstantin suggested elsewhere in this thread. I'm reluctant to add yet another configuration option for a use case that can already be met in multiple ways. Mark > Thanks > Suresh > > > > > > > On Fri, Nov 8, 2013 at 12:25 AM, Mark Thomas wrote: > >> On 08/11/2013 04:18, Suresh Mathew wrote: >>> All, >>> Can we add a new state to bind the port after the startup is completed. >>> >>> Right now start will start the app after binding to the port. We can >> delay >>> the binf after connector is started using bindOnInit. But this is a >> little >>> different. >>> >>> StartOnly - Starts The Server and the apps. >>> Bind - Then Binds it to the Port and the server starts listening >>> Unbind - Unbinds the port, but keep the server running not listening >>> Stop- Will Stop(and unbind if bound) the server. >>> >>> The usecase for this is instant rollback (which can also be achieved with >>> parallel deployment, but within the same process), Two servers will be >>> running but one will be bound, and if there is a need to rollback to the >>> old version, we can unbind this and bind the other. >>> >>> This will also help make the best use of the PORT_REUSE of the latest >> 3.9.0 >>> linux kernel feature. >>> >>> Does that make any sense? >> >> It does, but I think I'd implement it a different way. A flag could be >> added to the Service to decouple the init() and start() of the >> connectors. They could then be started and stoped as required via JMX. >> Stopping the Service would always stop and attached connectors. >> >> Mark >> >> >> - >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: dev-h...@tomcat.apache.org >> >> > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1540641 - in /tomcat/trunk/java/org/apache/tomcat/util/net: AprEndpoint.java res/LocalStrings.properties
Author: markt
Date: Mon Nov 11 09:02:14 2013
New Revision: 1540641
URL: http://svn.apache.org/r1540641
Log:
Follow-up to r1540539 after kkolinko review
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1540641&r1=1540640&r2=1540641&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Mon Nov 11
09:02:14 2013
@@ -523,6 +523,7 @@ public class AprEndpoint extends Abstrac
throw new Exception(
sm.getString("endpoint.apr.failSslContextMake"), e);
}
+
if (SSLInsecureRenegotiation) {
boolean legacyRenegSupported = false;
try {
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties?rev=1540641&r1=1540640&r2=1540641&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
Mon Nov 11 09:02:14 2013
@@ -50,7 +50,7 @@ endpoint.sendfile.error=Unexpected sendf
endpoint.sendfile.addfail=Sendfile failure: [{0}] {1}
endpoint.setAttribute=Set [{0}] to [{1}]
endpoint.timeout.err=Error processing socket timeout
-endpoint.apr.failSslContextMake=Unable to create SSLContext. Check SSLEngine
is enabled in the AprLifecycleListener and that a valid SSLProtocol has been
specified
+endpoint.apr.failSslContextMake=Unable to create SSLContext. Check that
SSLEngine is enabled in the AprLifecycleListener, the AprLifecycleListener has
initialised correctly and that a valid SSLProtocol has been specified
endpoint.apr.invalidSslProtocol=An invalid value [{0}] was provided for the
SSLProtocol attribute
endpoint.apr.noSendfileWithSSL=Sendfile is not supported for the APR/native
connector when SSL is enabled
endpoint.apr.noSslCertFile=Connector attribute SSLCertificateFile must be
defined when using SSL with APR
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1540539 - in /tomcat/trunk/java/org/apache/tomcat/util/net: AprEndpoint.java res/LocalStrings.properties
On 10/11/2013 23:06, Konstantin Kolinko wrote:
> 2013/11/11 :
>> Author: markt
>> Date: Sun Nov 10 20:20:37 2013
>> New Revision: 1540539
>>
>> URL: http://svn.apache.org/r1540539
>> Log:
>> Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55749
>> Improve error message when SSLEngine is disabled in AprLifecycleListener and
>> SSL is configured for an APR/native connector.
>>
>> Modified:
>> tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
>> tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
>>
>> Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
>> URL:
>> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1540539&r1=1540538&r2=1540539&view=diff
>> ==
>> --- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
>> +++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Sun Nov 10
>> 20:20:37 2013
>> @@ -514,7 +514,15 @@ public class AprEndpoint extends Abstrac
>> }
>>
>> // Create SSL Context
>> -sslContext = SSLContext.make(rootPool, value,
>> SSL.SSL_MODE_SERVER);
>> +try {
>> +sslContext = SSLContext.make(rootPool, value,
>> SSL.SSL_MODE_SERVER);
>> +} catch (Exception e) {
>> +// If the sslEngine is disabled on the AprLifecycleListener
>> +// there will be an Exception here but there is no way to
>> check
>> +// the AprLifecycleListener settings from here
>> +throw new Exception(
>> +sm.getString("endpoint.apr.failSslContextMake"), e);
>> +}
>> if (SSLInsecureRenegotiation) {
>> boolean legacyRenegSupported = false;
>> try {
>>
>> Modified:
>> tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
>> URL:
>> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties?rev=1540539&r1=1540538&r2=1540539&view=diff
>> ==
>> --- tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
>> (original)
>> +++ tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
>> Sun Nov 10 20:20:37 2013
>
>> +endpoint.apr.failSslContextMake=Unable to create SSLContext. Check
>> SSLEngine is enabled in the AprLifecycleListener and that a valid
>> SSLProtocol has been specified
>
> 1. A missing word in the message:
> s/ Check SSLEngine / Check that SSLEngine / or "Check whether SSLEngine ..."?
Fixed.
> 2. Maybe mention that "Check that AprLifecycleListener has initialized
> successfully", in case one missed previous log messages.
Fixed.
> 3. You aren't improving the message reported in Bugzilla, but a different one.
>
> In OP's stacktrace from Tomcat 6:
>
> java.lang.Exception: Socket bind failed: [226] Adresse bereits im Zugriff
> at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:671)
> at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:851)
>
> The above is an implicit call to init() from within start().
>
> I think that there should have been a previous explicit call to
> init() that failed and should have printed an error message.
Ah. I see what you mean. That first error message was equally cryptic so
I fixed that.
> It looks like the message that you are improving should have already
> been in the logs, but OP failed to notice it. The "Address already in
> use" message reported in Bugzilla would still occur when init() is
> called by the second time.
Agreed.
> I do not know whether repeated call to init() is possible in Tomcat 7
> (I hope better lifecycles prevent it),
It doesn't appear to happen in trunk.
> but it looks possible in Tomcat 6.
>
> In AprEndpoint of Tomcat 6
> [[[
> public void init()
> throws Exception {
>
> if (initialized)
> return;
>
> // Create the root APR memory pool
> rootPool = Pool.create(0);
> ...
> ]]]
>
> Maybe add a sanity check just below the "if (initialized) return;" lines
> above:
>
> if (rootPool != 0) then it means that the pool has already been
> created. In other words, init() has already been called once, but
> failed.
I'll take a look at a Tomcat 6 specific patch.
Mark
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1540642 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/util/net/AprEndpoint.java java/org/apache/tomcat/util/net/res/LocalStrings.properties
Author: markt
Date: Mon Nov 11 09:06:55 2013
New Revision: 1540642
URL: http://svn.apache.org/r1540642
Log:
Follow-up to r1540539 after kkolinko review
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
Propchange: tomcat/tc7.0.x/trunk/
--
Merged /tomcat/trunk:r1540641
Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1540642&r1=1540641&r2=1540642&view=diff
==
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Mon
Nov 11 09:06:55 2013
@@ -502,6 +502,7 @@ public class AprEndpoint extends Abstrac
throw new Exception(
sm.getString("endpoint.apr.failSslContextMake"), e);
}
+
if (SSLInsecureRenegotiation) {
boolean legacyRenegSupported = false;
try {
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties?rev=1540642&r1=1540641&r2=1540642&view=diff
==
---
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
Mon Nov 11 09:06:55 2013
@@ -49,7 +49,7 @@ endpoint.process.fail=Error allocating s
endpoint.sendfile.error=Unexpected sendfile error
endpoint.sendfile.addfail=Sendfile failure: [{0}] {1}
endpoint.timeout.err=Error processing socket timeout
-endpoint.apr.failSslContextMake=Unable to create SSLContext. Check SSLEngine
is enabled in the AprLifecycleListener and that a valid SSLProtocol has been
specified
+endpoint.apr.failSslContextMake=Unable to create SSLContext. Check that
SSLEngine is enabled in the AprLifecycleListener, the AprLifecycleListener has
initialised correctly and that a valid SSLProtocol has been specified
endpoint.apr.invalidSslProtocol=An invalid value [{0}] was provided for the
SSLProtocol attribute
endpoint.apr.noSslCertFile=Connector attribute SSLCertificateFile must be
defined when using SSL with APR
endpoint.apr.pollAddInvalid=Invalid attempted to add a socket [{0}] to the
poller
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1540645 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: markt Date: Mon Nov 11 09:15:35 2013 New Revision: 1540645 URL: http://svn.apache.org/r1540645 Log: Update proposal Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1540645&r1=1540644&r2=1540645&view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Nov 11 09:15:35 2013 @@ -117,7 +117,7 @@ PATCHES PROPOSED TO BACKPORT: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55749 Improve the error message when SSLEngine is disabled in AprLifecycleListener and SSL is configured for an APR/native connector. - http://svn.apache.org/r1540539 + http://people.apache.org/~markt/patches/2013-11-11-bug55749-tc6.patch +1: markt -1: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1540647 - /tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
Author: markt Date: Mon Nov 11 09:45:49 2013 New Revision: 1540647 URL: http://svn.apache.org/r1540647 Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55760 Remove unnecessary setting of property that causes problems whe using SPNEGO with IBM JDKs. Modified: tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java Modified: tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java?rev=1540647&r1=1540646&r2=1540647&view=diff == --- tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java (original) +++ tomcat/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java Mon Nov 11 09:45:49 2013 @@ -118,9 +118,6 @@ public class SpnegoAuthenticator extends System.setProperty(Constants.JAAS_CONF_PROPERTY, jaasConfFile.getAbsolutePath()); } - -// This property must be false for SPNEGO to work -System.setProperty(Constants.USE_SUBJECT_CREDS_ONLY_PROPERTY, "false"); } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1540649 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/authenticator/SpnegoAuthenticator.java webapps/docs/changelog.xml
Author: markt Date: Mon Nov 11 09:49:19 2013 New Revision: 1540649 URL: http://svn.apache.org/r1540649 Log: Remove unnecessary setting of property that causes problems whe using SPNEGO with IBM JDKs. Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ -- Merged /tomcat/trunk:r1540647 Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java?rev=1540649&r1=1540648&r2=1540649&view=diff == --- tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java (original) +++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java Mon Nov 11 09:49:19 2013 @@ -126,9 +126,6 @@ public class SpnegoAuthenticator extends System.setProperty(Constants.JAAS_CONF_PROPERTY, jaasConfFile.getAbsolutePath()); } - -// This property must be false for SPNEGO to work -System.setProperty(Constants.USE_SUBJECT_CREDS_ONLY_PROPERTY, "false"); } Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1540649&r1=1540648&r2=1540649&view=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Nov 11 09:49:19 2013 @@ -117,6 +117,13 @@ javax.websocket.server.ServerEndpointConfig$Configurator implementation. (violetagg) + +55760: Remove the unnecessary setting of the +javax.security.auth.useSubjectCredsOnly system property in +the SpnegoAuthenticator as in addition to it being +unnecessary, it causes problems with using SPENGO with IBM JDKs. Patch +provided by Arunav Sanyal. (mark) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55760] Tomcat SPNEGO authenticator incompatible with IBM JDK in case of Keytab based initiate and accept authentication
https://issues.apache.org/bugzilla/show_bug.cgi?id=55760 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #6 from Mark Thomas --- Thanks for the updated patch. I have confirmed in my test environment that removing this line does not break SPNEGO authentication so I have applied the patch to trunk and 7.0.x. It will be included in 8.0.0-RC6 and 7.0.48 onwards. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in ASF Buildbot on tomcat-7-trunk
The Buildbot has detected a new failure on builder tomcat-7-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-7-trunk/builds/1544 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-vm_ubuntu Build Reason: scheduler Build Source Stamp: [branch tomcat/tc7.0.x/trunk] 1540649 Blamelist: markt BUILD FAILED: failed compile_1 sincerely, -The Buildbot
svn commit: r1540670 - /tomcat/trunk/webapps/docs/security-howto.xml
Author: markt Date: Mon Nov 11 11:25:50 2013 New Revision: 1540670 URL: http://svn.apache.org/r1540670 Log: Add more detail to the security how-to Modified: tomcat/trunk/webapps/docs/security-howto.xml Modified: tomcat/trunk/webapps/docs/security-howto.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-howto.xml?rev=1540670&r1=1540669&r2=1540670&view=diff == --- tomcat/trunk/webapps/docs/security-howto.xml (original) +++ tomcat/trunk/webapps/docs/security-howto.xml Mon Nov 11 11:25:50 2013 @@ -72,10 +72,74 @@ -Tomcat ships with a number of web applications by default. -Vulnerabilities have been discovered in these applications in the past. -Applications that are not required should be removed so the system will not -be at risk if another vulnerability is discovered. + + + Tomcat ships with a number of web applications that are enabled by + default. Vulnerabilities have been discovered in these applications in the + past. Applications that are not required should be removed so the system + will not be at risk if another vulnerability is discovered. + + + + The ROOT web application presents a very low security risk but it does + include the version of Tomcat that is being used. The ROOT web application + should normally be removed from a publicly accessible Tomcat instance, not + for security reasons, but so that a more appropriate default page is shown + to users. + + + + The documentation web application presents a very low security risk but + it does identify the version of Tomcat that is being used. It should + normally be removed from a publicly accessible Tomcat instance. + + + + The examples web application should always be removed from any security + sensitive installation. While the examples web application does not + contain any known vulnerabilities, it is known to contain features + (particularly the cookie examples that display the contents of all + received and allow new cookies to be set) that may be used by an attacker + in conjunction with a vulnerability in another application deployed on the + Tomcat instance to obtain additional information that would otherwise be + unavailable. + + + + The Manager application allows the remote deployment of web + applications and is frequently targeted by attackers due to the widespread + use of weak passwords and publicly accessible Tomcat instances with the + Manager application enabled. The Manager application is not accessible by + default as no users are configured with the necessary access. If the + Manager application is enabled then guidance in the section + Securing Management Applications section should be + followed. + + + + The Host Manager application allows the creation and management of + virtual hosts - including the enabling of the Manager application for a + virtual host. The Host Manager application is not accessible by default a + no users are configured with the necessary access. If the Manager + application is enabled then guidance in the section Securing + Management Applications section should be followed. + + + + When deploying a web application that provides management functions for + the Tomcat instance, the following guidelines should be followed: + + Ensure that any users permitted to access the management application + have strong passwords. + Do not remove the use of the LockOutRealm + which prevents brute force attacks against user passwords. + Uncomment the RemoteAddrValve + in /META-INF/context.xml which limits access to + localhost. If remote access is required, limit it to specific IP + addresses using this valve. + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1540672 - in /tomcat/tc7.0.x/trunk: ./ webapps/docs/changelog.xml webapps/docs/security-howto.xml
Author: markt Date: Mon Nov 11 11:27:30 2013 New Revision: 1540672 URL: http://svn.apache.org/r1540672 Log: Add more detail to the security how-to Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml Propchange: tomcat/tc7.0.x/trunk/ -- Merged /tomcat/trunk:r1540670 Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1540672&r1=1540671&r2=1540672&view=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Nov 11 11:27:30 2013 @@ -217,6 +217,11 @@ the CombinedRealm and LockOutRealm. Patch by Cédric Couralet. (markt) + +Expand the information on web applications that ship as part of Tomcat +in the security how-to section of the documentation web application. +(markt) + Modified: tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml?rev=1540672&r1=1540671&r2=1540672&view=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml Mon Nov 11 11:27:30 2013 @@ -72,10 +72,74 @@ -Tomcat ships with a number of web applications by default. -Vulnerabilities have been discovered in these applications in the past. -Applications that are not required should be removed so the system will not -be at risk if another vulnerability is discovered. + + + Tomcat ships with a number of web applications that are enabled by + default. Vulnerabilities have been discovered in these applications in the + past. Applications that are not required should be removed so the system + will not be at risk if another vulnerability is discovered. + + + + The ROOT web application presents a very low security risk but it does + include the version of Tomcat that is being used. The ROOT web application + should normally be removed from a publicly accessible Tomcat instance, not + for security reasons, but so that a more appropriate default page is shown + to users. + + + + The documentation web application presents a very low security risk but + it does identify the version of Tomcat that is being used. It should + normally be removed from a publicly accessible Tomcat instance. + + + + The examples web application should always be removed from any security + sensitive installation. While the examples web application does not + contain any known vulnerabilities, it is known to contain features + (particularly the cookie examples that display the contents of all + received and allow new cookies to be set) that may be used by an attacker + in conjunction with a vulnerability in another application deployed on the + Tomcat instance to obtain additional information that would otherwise be + unavailable. + + + + The Manager application allows the remote deployment of web + applications and is frequently targeted by attackers due to the widespread + use of weak passwords and publicly accessible Tomcat instances with the + Manager application enabled. The Manager application is not accessible by + default as no users are configured with the necessary access. If the + Manager application is enabled then guidance in the section + Securing Management Applications section should be + followed. + + + + The Host Manager application allows the creation and management of + virtual hosts - including the enabling of the Manager application for a + virtual host. The Host Manager application is not accessible by default a + no users are configured with the necessary access. If the Manager + application is enabled then guidance in the section Securing + Management Applications section should be followed. + + + + When deploying a web application that provides management functions for + the Tomcat instance, the following guidelines should be followed: + + Ensure that any users permitted to access the management application + have strong passwords. + Do not remove the use of the LockOutRealm + which prevents brute force attacks against user passwords. + Uncomment the RemoteAddrValve + in /META-INF/context.xml which limits access to + localhost. If remote access is required, limit it to specific IP + address
[Bug 55765] New: Server Becomes unreponsive
https://issues.apache.org/bugzilla/show_bug.cgi?id=55765 Bug ID: 55765 Summary: Server Becomes unreponsive Product: Tomcat 7 Version: 7.0.42 Hardware: Other Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: tmo...@gmail.com Tomcat Server becomes unresponsive after two three days of start. CPU and Memory Usage is normal and nothing is found in the logs as well. Environment Details : Operating System : Windows Server 2012 64 bit Memory(RAM) : 24 GB Tomcat Server is running as windows service on Oracle JVM 1.6 64 bit. Memory Usage : 15.5GB CPU Usage : 9% Box runs two nodes of Tomcat : Node 1 : 8080,8005,8009 Node 2 : 8081,8006,8010 Node 2 become unresponsive first than after couple of hours of time Node 1 became unresponsive. Both Nodes have xms 2GB and xmx 8GB. Have analyzed error, threaddumps,access,catalina logs as well nothing is found in the same. please let us know if you need any info. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55765] Server Becomes unreponsive
https://issues.apache.org/bugzilla/show_bug.cgi?id=55765 tmo...@gmail.com changed: What|Removed |Added OS||All -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55765] Server Becomes unreponsive
https://issues.apache.org/bugzilla/show_bug.cgi?id=55765 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #1 from Mark Thomas --- Bugzilla is not a support forum. Please use the Tomcat users mailing list. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1540687 - /tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
Author: markt
Date: Mon Nov 11 12:12:48 2013
New Revision: 1540687
URL: http://svn.apache.org/r1540687
Log:
If a request that includes an "Expect: 100-continue" header receives anything
other than a 2xx response, close the connection.
This protects against mis-behaving clients that may not sent the request body
in that case and send the next request instead.
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
Modified:
tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java?rev=1540687&r1=1540686&r2=1540687&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java Mon
Nov 11 12:12:48 2013
@@ -1053,6 +1053,18 @@ public abstract class AbstractHttp11Proc
// thread if the servlet has rejected it.
getInputBuffer().setSwallowInput(false);
}
+if (response.getStatus() < 200 || response.getStatus() > 299) {
+if (expectation) {
+// Client sent Expect: 100-continue but received a
+// non-2xx response. Disable keep-alive (if enabled) to
+// ensure the connection is closed. Some clients may
+// still send the body, some may send the next request.
+// No way to differentiate, so close the connection to
+// force the client to send the next request.
+getInputBuffer().setSwallowInput(false);
+keepAlive = false;
+}
+}
endRequest();
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1540689 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/coyote/http11/AbstractHttp11Processor.java webapps/docs/changelog.xml
Author: markt
Date: Mon Nov 11 12:14:15 2013
New Revision: 1540689
URL: http://svn.apache.org/r1540689
Log:
If a request that includes an "Expect: 100-continue" header receives anything
other than a 2xx response, close the connection.
This protects against mis-behaving clients that may not sent the request body
in that case and send the next request instead.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc7.0.x/trunk/
--
Merged /tomcat/trunk:r1540687
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java?rev=1540689&r1=1540688&r2=1540689&view=diff
==
---
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java
Mon Nov 11 12:14:15 2013
@@ -1082,6 +1082,18 @@ public abstract class AbstractHttp11Proc
// thread if the servlet has rejected it.
getInputBuffer().setSwallowInput(false);
}
+if (response.getStatus() < 200 || response.getStatus() > 299) {
+if (expectation) {
+// Client sent Expect: 100-continue but received a
+// non-2xx response. Disable keep-alive (if enabled) to
+// ensure the connection is closed. Some clients may
+// still send the body, some may send the next request.
+// No way to differentiate, so close the connection to
+// force the client to send the next request.
+getInputBuffer().setSwallowInput(false);
+keepAlive = false;
+}
+}
endRequest();
}
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1540689&r1=1540688&r2=1540689&view=diff
==
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Nov 11 12:14:15 2013
@@ -153,6 +153,12 @@
is disabled in the AprLifecycleListener and SSL is
configured for an APR/native connector. (markt)
+
+If a request that includes an Expect: 100-continue header
+receives anything other than a 2xx response, close the connection This
+protects against misbehaving clients that may not sent the request body
+in that case and send the next request instead. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-7-trunk
The Buildbot has detected a restored build on builder tomcat-7-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-7-trunk/builds/1545 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-vm_ubuntu Build Reason: scheduler Build Source Stamp: [branch tomcat/tc7.0.x/trunk] 1540672 Blamelist: markt Build succeeded! sincerely, -The Buildbot
buildbot failure in ASF Buildbot on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/5204 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-vm_ubuntu Build Reason: scheduler Build Source Stamp: [branch tomcat/trunk] 1540670 Blamelist: markt BUILD FAILED: failed compile_1 sincerely, -The Buildbot
svn commit: r1540749 - /tomcat/taglibs/standard/trunk/CHANGES.txt
Author: jboynes Date: Mon Nov 11 15:12:16 2013 New Revision: 1540749 URL: http://svn.apache.org/r1540749 Log: set eol-style property Modified: tomcat/taglibs/standard/trunk/CHANGES.txt (props changed) Propchange: tomcat/taglibs/standard/trunk/CHANGES.txt -- svn:eol-style = native - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot exception in ASF Buildbot on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/5205 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-vm_ubuntu Build Reason: scheduler Build Source Stamp: [branch tomcat/trunk] 1540687 Blamelist: markt BUILD FAILED: exception interrupted sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1540765 - /tomcat/trunk/webapps/docs/security-howto.xml
Author: kkolinko Date: Mon Nov 11 16:43:48 2013 New Revision: 1540765 URL: http://svn.apache.org/r1540765 Log: Correct two typos. s/a users/as users/, /Manager/Host Manager/ Modified: tomcat/trunk/webapps/docs/security-howto.xml Modified: tomcat/trunk/webapps/docs/security-howto.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-howto.xml?rev=1540765&r1=1540764&r2=1540765&view=diff == --- tomcat/trunk/webapps/docs/security-howto.xml (original) +++ tomcat/trunk/webapps/docs/security-howto.xml Mon Nov 11 16:43:48 2013 @@ -119,8 +119,8 @@ The Host Manager application allows the creation and management of virtual hosts - including the enabling of the Manager application for a - virtual host. The Host Manager application is not accessible by default a - no users are configured with the necessary access. If the Manager + virtual host. The Host Manager application is not accessible by default + as no users are configured with the necessary access. If the Host Manager application is enabled then guidance in the section Securing Management Applications section should be followed. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1540777 - in /tomcat/tc7.0.x/trunk: ./ webapps/docs/security-howto.xml
Author: kkolinko Date: Mon Nov 11 17:00:39 2013 New Revision: 1540777 URL: http://svn.apache.org/r1540777 Log: Merged r1540765 from tomcat/trunk: Correct two typos. s/a users/as users/, /Manager/Host Manager/ Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml Propchange: tomcat/tc7.0.x/trunk/ -- Merged /tomcat/trunk:r1540765 Modified: tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml?rev=1540777&r1=1540776&r2=1540777&view=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml Mon Nov 11 17:00:39 2013 @@ -119,8 +119,8 @@ The Host Manager application allows the creation and management of virtual hosts - including the enabling of the Manager application for a - virtual host. The Host Manager application is not accessible by default a - no users are configured with the necessary access. If the Manager + virtual host. The Host Manager application is not accessible by default + as no users are configured with the necessary access. If the Host Manager application is enabled then guidance in the section Securing Management Applications section should be followed. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1540672 - in /tomcat/tc7.0.x/trunk: ./ webapps/docs/changelog.xml webapps/docs/security-howto.xml
2013/11/11 : > Author: markt > Date: Mon Nov 11 11:27:30 2013 > New Revision: 1540672 > > URL: http://svn.apache.org/r1540672 > Log: > Add more detail to the security how-to > > Modified: > tomcat/tc7.0.x/trunk/ (props changed) > tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml > tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml > > > Modified: tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml > URL: > http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml?rev=1540672&r1=1540671&r2=1540672&view=diff > == > --- tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml (original) > +++ tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml Mon Nov 11 11:27:30 > 2013 > @@ -72,10 +72,74 @@ > > > > -Tomcat ships with a number of web applications by default. > -Vulnerabilities have been discovered in these applications in the past. > -Applications that are not required should be removed so the system will > not > -be at risk if another vulnerability is discovered. > + > + > + Tomcat ships with a number of web applications that are enabled by > + default. Vulnerabilities have been discovered in these applications in > the > + past. Applications that are not required should be removed so the > system > + will not be at risk if another vulnerability is discovered. > + > + > + > + The ROOT web application presents a very low security risk but it > does > + include the version of Tomcat that is being used. The ROOT web > application > + should normally be removed from a publicly accessible Tomcat instance, > not > + for security reasons, but so that a more appropriate default page is > shown > + to users. > + > + > + > + The documentation web application presents a very low security risk > but > + it does identify the version of Tomcat that is being used. It should > + normally be removed from a publicly accessible Tomcat instance. > + > + > + > + The examples web application should always be removed from any > security > + sensitive installation. While the examples web application does not > + contain any known vulnerabilities, it is known to contain features > + (particularly the cookie examples that display the contents of all > + received and allow new cookies to be set) that may be used by an > attacker > + in conjunction with a vulnerability in another application deployed on > the > + Tomcat instance to obtain additional information that would otherwise > be > + unavailable. > + > + > + > + The Manager application allows the remote deployment of web > + applications and is frequently targeted by attackers due to the > widespread > + use of weak passwords and publicly accessible Tomcat instances with the > + Manager application enabled. The Manager application is not accessible > by > + default as no users are configured with the necessary access. If the > + Manager application is enabled then guidance in the section > + Securing Management Applications section should be > + followed. > + > + > + > + The Host Manager application allows the creation and management of > + virtual hosts - including the enabling of the Manager application for a > + virtual host. The Host Manager application is not accessible by > default a > + no users are configured with the necessary access. If the Manager > + application is enabled then guidance in the section Securing > + Management Applications section should be followed. > + > + > + > + When deploying a web application that provides management functions > for > + the Tomcat instance, the following guidelines should be followed: > + > + Ensure that any users permitted to access the management > application > + have strong passwords. > + Do not remove the use of the + > href="config/realm.html#LockOut_Realm_-_org.apache.catalina.realm.LockOutRealm">LockOutRealm > + which prevents brute force attacks against user passwords. > + Uncomment the href="config/valve.html#Remote_Address_Filter">RemoteAddrValve > + in /META-INF/context.xml which limits access to > + localhost. If remote access is required, limit it to specific IP > + addresses using this valve. > + > + Good! Several notes: 1) Re "no users are configured with the necessary access". While the above is true, it is easy to configure such users if one is not cautious. If one either follows the Windows installation wizard and types in name and password, or follows some 3rd party installation guide that shows an example of configuring tomcat-users.xml but does not mention the implications of such configuration. (E.g. some installation guide for MacOs
svn commit: r1540784 - /tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Author: kkolinko Date: Mon Nov 11 17:07:49 2013 New Revision: 1540784 URL: http://svn.apache.org/r1540784 Log: Followup to r1540649: correct a typo Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1540784&r1=1540783&r2=1540784&view=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Nov 11 17:07:49 2013 @@ -121,8 +121,8 @@ 55760: Remove the unnecessary setting of the javax.security.auth.useSubjectCredsOnly system property in the SpnegoAuthenticator as in addition to it being -unnecessary, it causes problems with using SPENGO with IBM JDKs. Patch -provided by Arunav Sanyal. (mark) +unnecessary, it causes problems with using SPNEGO with IBM JDKs. Patch +provided by Arunav Sanyal. (markt) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1540539 - in /tomcat/trunk/java/org/apache/tomcat/util/net: AprEndpoint.java res/LocalStrings.properties
2013/11/11 Mark Thomas :
> On 10/11/2013 23:06, Konstantin Kolinko wrote:
>> 2013/11/11 :
>
> Fixed.
>
Looks good.
>> 3. You aren't improving the message reported in Bugzilla, but a different
>> one.
>>
>> In OP's stacktrace from Tomcat 6:
>>
>> java.lang.Exception: Socket bind failed: [226] Adresse bereits im Zugriff
>> at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:671)
>> at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:851)
>>
>> The above is an implicit call to init() from within start().
>>
>> I think that there should have been a previous explicit call to
>> init() that failed and should have printed an error message.
>
> Ah. I see what you mean. That first error message was equally cryptic so
> I fixed that.
>
>> It looks like the message that you are improving should have already
>> been in the logs, but OP failed to notice it. The "Address already in
>> use" message reported in Bugzilla would still occur when init() is
>> called by the second time.
>
> Agreed.
>
>> I do not know whether repeated call to init() is possible in Tomcat 7
>> (I hope better lifecycles prevent it),
>
> It doesn't appear to happen in trunk.
>
>> but it looks possible in Tomcat 6.
>>
>> In AprEndpoint of Tomcat 6
>> [[[
>> public void init()
>> throws Exception {
>>
>> if (initialized)
>> return;
>>
>> // Create the root APR memory pool
>> rootPool = Pool.create(0);
>> ...
>> ]]]
>>
>> Maybe add a sanity check just below the "if (initialized) return;" lines
>> above:
>>
>> if (rootPool != 0) then it means that the pool has already been
>> created. In other words, init() has already been called once, but
>> failed.
>
> I'll take a look at a Tomcat 6 specific patch.
>
Regarding the patch,
http://people.apache.org/~markt/patches/2013-11-11-bug55749-tc6.patch
[[[
-if (initialized)
+if (initialized || rootPool != 0)
return;
]]]
The above change in init() means that AprEndpoint.start() wouldn't
notice the failure. It will continue the startup sequence and fail in
some obscure way.
I meant something like this, to make the initialization to fail:
(not tested)
[[[
if (initialized)
return;
+if (rootPool != 0)
+throw new Exception("AprEndpoint initialization failed.
See previous log messages.");
]]]
Best regards,
Konstantin Kolinko
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 52319] Tomcat 6 crashes with [libapr-1.so.0+0x196da] signed char+0x3a
https://issues.apache.org/bugzilla/show_bug.cgi?id=52319 Christopher Schultz changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #1 from Christopher Schultz --- There have been some improvements to tcnative particularly with the acceptor threads, etc. lately. Any chance you could re-test with an updated version? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1540787 - /tomcat/taglibs/standard/trunk/README_bin.txt
Author: kkolinko Date: Mon Nov 11 17:26:58 2013 New Revision: 1540787 URL: http://svn.apache.org/r1540787 Log: Followup to r1540558: Chapter 1.3 of JSTL 1.2 specification says: "JSTL 1.2 requires a JSP 2.1 web container." Modified: tomcat/taglibs/standard/trunk/README_bin.txt Modified: tomcat/taglibs/standard/trunk/README_bin.txt URL: http://svn.apache.org/viewvc/tomcat/taglibs/standard/trunk/README_bin.txt?rev=1540787&r1=1540786&r2=1540787&view=diff == --- tomcat/taglibs/standard/trunk/README_bin.txt (original) +++ tomcat/taglibs/standard/trunk/README_bin.txt Mon Nov 11 17:26:58 2013 @@ -19,10 +19,10 @@ LIBRARY DEPENDENCIES This version of the Standard Tag Library has the following runtime dependencies: - 1. Dependencies provided by a JSP 2.0 container: + 1. Dependencies provided by a JSP 2.1 container: - Java 1.5 or later - Servlet 2.5 or later - - JSP 2.0 or later + - JSP 2.1 or later 2. Additional dependencies - The XML tag library requires Apache Xalan 2.7.1 or later @@ -89,7 +89,7 @@ The JSTL tag library can be imported int COMPATIBILITY The 1.2 version of the Standard Taglib has been tested under Tomcat 7.0.47 -and should work in any compliant JSP 2.0 (or later) container. +and should work in any compliant JSP 2.1 (or later) container. --- COMMENTS AND QUESTIONS - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 53605] use tcnative-1.1.24 Tomcat shutdown still crash
https://issues.apache.org/bugzilla/show_bug.cgi?id=53605 Christopher Schultz changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #3 from Christopher Schultz --- Possible dupe of bug #52319. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Late Binding
2013/11/11 Suresh Mathew : > Got it Konstantin, Thank you... But stopping and starting would mean that > we spend time in between and wont be able to instance switch?. > You meant s/instance/instant/ ? Starting from a new connector and starting a previously stopped connector needs exactly the same time. Stopping a previously started connector requires some time, but when it is not under active usage it should stop fast. Anyway you can stop it at any time before the actual start up. Top-posting is bad. http://tomcat.apache.org/lists.html#tomcat-users -> "6.". >> Best regards, >> Konstantin Kolinko >> - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1540789 - in /tomcat/site/trunk: docs/index.html docs/oldnews.html xdocs/index.xml xdocs/oldnews.xml
Author: kkolinko Date: Mon Nov 11 17:44:20 2013 New Revision: 1540789 URL: http://svn.apache.org/r1540789 Log: Move maven plugin announcement to the top. Add old announcement to "old news" page. Modified: tomcat/site/trunk/docs/index.html tomcat/site/trunk/docs/oldnews.html tomcat/site/trunk/xdocs/index.xml tomcat/site/trunk/xdocs/oldnews.xml Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1540789&r1=1540788&r2=1540789&view=diff == --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Mon Nov 11 17:44:20 2013 @@ -238,6 +238,48 @@ project logo are trademarks of the Apach + +2013-11-11 Tomcat Maven Plugin 2.2 Released + + + +The Apache Tomcat team is pleased to announce the release of Tomcat Maven Plugin 2.2. +Changelog available here. + + + +The Apache Tomcat Maven Plugin provides goals +to manipulate WAR projects within the Apache Tomcat servlet container. + + + +The binaries are available from Maven repositories. You should specify the +version in your project's plugin configuration: + + + + ++ + + + +or + + + +org.apache.tomcat.maven +tomcat7-maven-plugin +2.2 ++ + + + + 2013-10-24 Tomcat 7.0.47 Released @@ -378,48 +420,6 @@ Apache Tomcat. This release includes sec - -2013-11-11 Tomcat Maven Plugin 2.2 Released - - - -The Apache Tomcat team is pleased to announce the release of Tomcat Maven Plugin 2.2. -Changelog available http://tomcat.apache.org/maven-plugin-2.2/jira-report.html"; target="_blank">here. - - - -The Apache Tomcat Maven Plugin provides goals -to manipulate WAR projects within the Apache Tomcat servlet container. - - - -The binaries are available from Maven repositories. You should specify the -version in your project's plugin configuration: - - - - -org.apache.tomcat.maven +tomcat6-maven-plugin +2.2 +- - - - -or - - - -org.apache.tomcat.maven -tomcat7-maven-plugin -2.2 -- - - - - 2012-05-31 Tomcat Connectors 1.2.37 Released Modified: tomcat/site/trunk/docs/oldnews.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/oldnews.html?rev=1540789&r1=1540788&r2=1540789&view=diff == --- tomcat/site/trunk/docs/oldnews.html (original) +++ tomcat/site/trunk/docs/oldnews.html Mon Nov 11 17:44:20 2013 @@ -489,6 +489,49 @@ Full details of these changes, and all t + +2013-02-25 Tomcat Maven Plugin 2.1 Released + + + +The Apache Tomcat team is pleased to +http://mail-archives.apache.org/mod_mbox/tomcat-users/201302.mbox/%3CCAPoyBqQwb6wHOFnOn5Pd3BoQ-TsvYMu%2BYeAjxSzcZRaX2ZR-hw%40mail.gmail.com%3E";>announce +the release of Tomcat Maven Plugin 2.1. + + + +The Apache Tomcat Maven Plugin provides goals +to manipulate WAR projects within the Apache Tomcat servlet container. + + + +The binaries are available from Maven repositories. You should specify the +version in your project's plugin configuration: + + + + +org.apache.tomcat.maven -tomcat6-maven-plugin -2.2 -+ + + + +or + + + +org.apache.tomcat.maven +tomcat7-maven-plugin +2.1 ++ + + + + 2013-02-18 Tomcat 7.0.37 Released Modified: tomcat/site/trunk/xdocs/index.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/index.xml?rev=1540789&r1=1540788&r2=1540789&view=diff == --- tomcat/site/trunk/xdocs/index.xml (original) +++ tomcat/site/trunk/xdocs/index.xml Mon Nov 11 17:44:20 2013 @@ -37,6 +37,32 @@ project logo are trademarks of the Apach + + +The Apache Tomcat team is pleased to announce the release of Tomcat Maven Plugin 2.2. +Changelog available here. + + +The Apache Tomcat Maven Plugin provides goals +to manipulate WAR projects within the Apache Tomcat servlet container. + + +The binaries are available from Maven repositories. You should specify the +version in your project's plugin configuration: + + +or + + + The Apache Tomcat Project is proud to announce the release of version 7.0.47 of @@ -133,32 +159,6 @@ Apache Tomcat. This release includes sec - - -The Apache Tomcat team is pleased to announce the release of Tomcat Maven Plugin 2.2. -Changelog available http://tomcat.apache.org/maven-plugin-2.2/jira-report.html"; target="_blank">here. - - -The Apache Tomcat Maveorg.apache.tomcat.maven +tomcat6-maven-plugin +2.1 +
svn commit: r1540790 - /tomcat/taglibs/standard/trunk/README_bin.txt
Author: kkolinko Date: Mon Nov 11 17:58:17 2013 New Revision: 1540790 URL: http://svn.apache.org/r1540790 Log: The jstl page on java.sun.com does not exist anymore (it redirects to /technetwork/java/). Replace it with a JSR link. Modified: tomcat/taglibs/standard/trunk/README_bin.txt Modified: tomcat/taglibs/standard/trunk/README_bin.txt URL: http://svn.apache.org/viewvc/tomcat/taglibs/standard/trunk/README_bin.txt?rev=1540790&r1=1540789&r2=1540790&view=diff == --- tomcat/taglibs/standard/trunk/README_bin.txt (original) +++ tomcat/taglibs/standard/trunk/README_bin.txt Mon Nov 11 17:58:17 2013 @@ -11,7 +11,7 @@ please see the included NOTICE and LICEN JSTL is an effort of the Java Community Process (JCP) and comes out of the JSR-052 expert group. For more information on JSTL, -please go to http://java.sun.com/products/jstl. +please go to http://jcp.org/en/jsr/detail?id=52 . --- LIBRARY DEPENDENCIES - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/5206 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-vm_ubuntu Build Reason: scheduler Build Source Stamp: [branch tomcat/trunk] 1540765 Blamelist: kkolinko Build succeeded! sincerely, -The Buildbot
svn commit: r1540807 - /tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/drawboard/Room.java
Author: kpreisser
Date: Mon Nov 11 19:05:35 2013
New Revision: 1540807
URL: http://svn.apache.org/r1540807
Log:
Only schedule a TimerTask when the first player enters the Room (and cancel it
if the last player exits the Room).
Modified:
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/drawboard/Room.java
Modified:
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/drawboard/Room.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/drawboard/Room.java?rev=1540807&r1=1540806&r2=1540807&view=diff
==
--- tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/drawboard/Room.java
(original)
+++ tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/drawboard/Room.java
Mon Nov 11 19:05:35 2013
@@ -109,6 +109,15 @@ public final class Room {
*/
private final Timer drawmessageBroadcastTimer = new Timer();
+private static final int TIMER_DELAY = 30;
+
+/**
+ * The current active broadcast timer task. If null, then no Broadcast
task is scheduled.
+ * The Task will be scheduled if the first player enters the Room, and
+ * cancelled if the last player exits the Room, to avoid unnecessary timer
executions.
+ */
+private TimerTask activeBroadcastTimerTask;
+
/**
* The current image of the room drawboard. DrawMessages that are
@@ -139,9 +148,10 @@ public final class Room {
roomGraphics.setBackground(Color.WHITE);
roomGraphics.clearRect(0, 0, roomImage.getWidth(),
roomImage.getHeight());
+}
-// Schedule a TimerTask that broadcasts draw messages.
-drawmessageBroadcastTimer.schedule(new TimerTask() {
+private TimerTask createBroadcastTimerTask() {
+return new TimerTask() {
@Override
public void run() {
invokeAndWait(new Runnable() {
@@ -151,7 +161,7 @@ public final class Room {
}
});
}
-}, 30, 30);
+};
}
/**
@@ -172,6 +182,13 @@ public final class Room {
// Add the new player to the list.
players.add(p);
+// If currently no Broacast Timer Task is scheduled, then we need to
create one.
+if (activeBroadcastTimerTask == null) {
+activeBroadcastTimerTask = createBroadcastTimerTask();
+drawmessageBroadcastTimer.schedule(activeBroadcastTimerTask,
+TIMER_DELAY, TIMER_DELAY);
+}
+
// Send him the current number of players and the current room image.
String content = String.valueOf(players.size());
p.sendRoomMessage(MessageType.IMAGE_MESSAGE, content);
@@ -200,6 +217,18 @@ public final class Room {
boolean removed = players.remove(p);
assert removed;
+// If the last player left the Room, we need to cancel the Broadcast
Timer Task.
+if (players.size() == 0) {
+// Cancel the task.
+// Note that it can happen that the TimerTask is just about to
execute (from
+// the Timer thread) but waits until all players are gone (or even
until a new
+// player is added to the list), and then executes. This is OK. To
prevent it,
+// a TimerTask subclass would need to have some boolan "cancel"
instance variable and
+// query it in the invocation of Room#invokeAndWait.
+activeBroadcastTimerTask.cancel();
+activeBroadcastTimerTask = null;
+}
+
// Broadcast that one player is removed.
broadcastRoomMessage(MessageType.PLAYER_CHANGED, "-");
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Late Binding
On 11/11/2013 04:35, Suresh Mathew wrote: > Hi Mark, > Thank you very much for the response. Sounds good. Would the init be > also initializing the app?. >>No. The Containers would start normally. It would just be the the >>connector(s) that had to be started later. I agree, Let me try the connector solution and get back to you. > Because we want the bind(start in this > scenario) to be as small as possible. >>The more you articulate your requirement, the more I think this is the >>wrong solution and that what you really need to be doing is either using >>a load-balancer or using parallel deployment. You also have the option >>of the approach Konstantin suggested elsewhere in this thread. >>I'm reluctant to add yet another configuration option for a use case >>that can already be met in multiple ways. Parallel deployment may not work for us as the apps will be sharing the same process. Loadbalancer will definitely work for us, but is another application(software load balancer) to manage. Suresh On Mon, Nov 11, 2013 at 12:50 AM, Mark Thomas wrote: > On 11/11/2013 04:35, Suresh Mathew wrote: > > Hi Mark, > > Thank you very much for the response. Sounds good. Would the init be > > also initializing the app?. > > No. The Containers would start normally. It would just be the the > connector(s) that had to be started later. > > > Because we want the bind(start in this > > scenario) to be as small as possible. > > The more you articulate your requirement, the more I think this is the > wrong solution and that what you really need to be doing is either using > a load-balancer or using parallel deployment. You also have the option > of the approach Konstantin suggested elsewhere in this thread. > > I'm reluctant to add yet another configuration option for a use case > that can already be met in multiple ways. > > Mark > > > Thanks > > Suresh > > > > > > > > > > > > > > On Fri, Nov 8, 2013 at 12:25 AM, Mark Thomas wrote: > > > >> On 08/11/2013 04:18, Suresh Mathew wrote: > >>> All, > >>> Can we add a new state to bind the port after the startup is > completed. > >>> > >>> Right now start will start the app after binding to the port. We can > >> delay > >>> the binf after connector is started using bindOnInit. But this is a > >> little > >>> different. > >>> > >>> StartOnly - Starts The Server and the apps. > >>> Bind - Then Binds it to the Port and the server starts listening > >>> Unbind - Unbinds the port, but keep the server running not listening > >>> Stop- Will Stop(and unbind if bound) the server. > >>> > >>> The usecase for this is instant rollback (which can also be achieved > with > >>> parallel deployment, but within the same process), Two servers will be > >>> running but one will be bound, and if there is a need to rollback to > the > >>> old version, we can unbind this and bind the other. > >>> > >>> This will also help make the best use of the PORT_REUSE of the latest > >> 3.9.0 > >>> linux kernel feature. > >>> > >>> Does that make any sense? > >> > >> It does, but I think I'd implement it a different way. A flag could be > >> added to the Service to decouple the init() and start() of the > >> connectors. They could then be started and stoped as required via JMX. > >> Stopping the Service would always stop and attached connectors. > >> > >> Mark > >> > >> > >> - > >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: dev-h...@tomcat.apache.org > >> > >> > > > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
svn commit: r1540809 - in /tomcat/tc7.0.x/trunk: ./ webapps/examples/WEB-INF/classes/websocket/drawboard/Room.java
Author: kpreisser
Date: Mon Nov 11 19:06:36 2013
New Revision: 1540809
URL: http://svn.apache.org/r1540809
Log:
Merged revision(s) 1540807 from tomcat/trunk:
Only schedule a TimerTask when the first player enters the Room (and cancel it
if the last player exits the Room).
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/websocket/drawboard/Room.java
Propchange: tomcat/tc7.0.x/trunk/
--
Merged /tomcat/trunk:r1540807
Modified:
tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/websocket/drawboard/Room.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/websocket/drawboard/Room.java?rev=1540809&r1=1540808&r2=1540809&view=diff
==
---
tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/websocket/drawboard/Room.java
(original)
+++
tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/websocket/drawboard/Room.java
Mon Nov 11 19:06:36 2013
@@ -109,6 +109,15 @@ public final class Room {
*/
private final Timer drawmessageBroadcastTimer = new Timer();
+private static final int TIMER_DELAY = 30;
+
+/**
+ * The current active broadcast timer task. If null, then no Broadcast
task is scheduled.
+ * The Task will be scheduled if the first player enters the Room, and
+ * cancelled if the last player exits the Room, to avoid unnecessary timer
executions.
+ */
+private TimerTask activeBroadcastTimerTask;
+
/**
* The current image of the room drawboard. DrawMessages that are
@@ -139,9 +148,10 @@ public final class Room {
roomGraphics.setBackground(Color.WHITE);
roomGraphics.clearRect(0, 0, roomImage.getWidth(),
roomImage.getHeight());
+}
-// Schedule a TimerTask that broadcasts draw messages.
-drawmessageBroadcastTimer.schedule(new TimerTask() {
+private TimerTask createBroadcastTimerTask() {
+return new TimerTask() {
@Override
public void run() {
invokeAndWait(new Runnable() {
@@ -151,7 +161,7 @@ public final class Room {
}
});
}
-}, 30, 30);
+};
}
/**
@@ -172,6 +182,13 @@ public final class Room {
// Add the new player to the list.
players.add(p);
+// If currently no Broacast Timer Task is scheduled, then we need to
create one.
+if (activeBroadcastTimerTask == null) {
+activeBroadcastTimerTask = createBroadcastTimerTask();
+drawmessageBroadcastTimer.schedule(activeBroadcastTimerTask,
+TIMER_DELAY, TIMER_DELAY);
+}
+
// Send him the current number of players and the current room image.
String content = String.valueOf(players.size());
p.sendRoomMessage(MessageType.IMAGE_MESSAGE, content);
@@ -200,6 +217,18 @@ public final class Room {
boolean removed = players.remove(p);
assert removed;
+// If the last player left the Room, we need to cancel the Broadcast
Timer Task.
+if (players.size() == 0) {
+// Cancel the task.
+// Note that it can happen that the TimerTask is just about to
execute (from
+// the Timer thread) but waits until all players are gone (or even
until a new
+// player is added to the list), and then executes. This is OK. To
prevent it,
+// a TimerTask subclass would need to have some boolan "cancel"
instance variable and
+// query it in the invocation of Room#invokeAndWait.
+activeBroadcastTimerTask.cancel();
+activeBroadcastTimerTask = null;
+}
+
// Broadcast that one player is removed.
broadcastRoomMessage(MessageType.PLAYER_CHANGED, "-");
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Late Binding
On Mon, Nov 11, 2013 at 9:32 AM, Konstantin Kolinko wrote: > 2013/11/11 Suresh Mathew : > > Got it Konstantin, Thank you... But stopping and starting would mean that > > we spend time in between and wont be able to instance switch?. > > > > >>You meant s/instance/instant/ ? > > I meant instant. Typo..My bad.. > > >>Starting from a new connector and starting a previously stopped > >>connector needs exactly the same time. > > >>Stopping a previously started connector requires some time, but when > >>it is not under active usage it should stop fast. Anyway you can stop > >>it at any time before the actual start up. > > I got it. Let me try the connector approach and get back to you. Thanks for the suggestion. > >>Top-posting is bad. > >>http://tomcat.apache.org/lists.html#tomcat-users > >>-> "6.". > Thanks for pointing this out. > > > >> Best regards, > >> Konstantin Kolinko > >> > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
buildbot failure in ASF Buildbot on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/5207 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-vm_ubuntu Build Reason: scheduler Build Source Stamp: [branch tomcat/trunk] 1540807 Blamelist: kpreisser BUILD FAILED: failed compile_1 sincerely, -The Buildbot
svn commit: r1540848 - /tomcat/trunk/java/org/apache/jasper/servlet/JasperInitializer.java
Author: kkolinko Date: Mon Nov 11 21:30:58 2013 New Revision: 1540848 URL: http://svn.apache.org/r1540848 Log: Re: r1540522 Fix unneeded boxing/unboxing. Modified: tomcat/trunk/java/org/apache/jasper/servlet/JasperInitializer.java Modified: tomcat/trunk/java/org/apache/jasper/servlet/JasperInitializer.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/servlet/JasperInitializer.java?rev=1540848&r1=1540847&r2=1540848&view=diff == --- tomcat/trunk/java/org/apache/jasper/servlet/JasperInitializer.java (original) +++ tomcat/trunk/java/org/apache/jasper/servlet/JasperInitializer.java Mon Nov 11 21:30:58 2013 @@ -49,7 +49,7 @@ public class JasperInitializer implement LOG.debug(Localizer.getMessage(MSG + ".onStartup", context.getServletContextName())); } -boolean validate = Boolean.valueOf(context.getInitParameter(VALIDATE)); +boolean validate = Boolean.parseBoolean(context.getInitParameter(VALIDATE)); // scan the application for TLDs TldScanner scanner = new TldScanner(context, true, validate); - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat Standard Taglib 1.2.0
On 11.11.2013 00:15, Jeremy Boynes wrote: > I have taken a go at addressing these in trunk and have deployed a SNAPSHOT > of that here: > https://repository.apache.org/content/repositories/snapshots/org/apache/taglibs/taglibs-standard/1.2.1-SNAPSHOT/ > > Could you take a look and see if there is anything else? Looks good to me, seems to be build with 1.7.0_45 now, so javadoc should be fine now. > I did update the README files related to building, including use of the > apache-release profile: > $ mvn -Papache-release install > to build a local copy of the artifacts. Thanks a lot, very helpful. Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1539873 - /tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java
2013/11/8 :
> Author: markt
> Date: Fri Nov 8 00:09:19 2013
> New Revision: 1539873
>
> URL: http://svn.apache.org/r1539873
> Log:
> Correctly implement delegation filtering for container packages.
>
> Modified:
> tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java
>
> Modified: tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java
> URL:
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java?rev=1539873&r1=1539872&r2=1539873&view=diff
> ==
> --- tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java
> (original)
> +++ tomcat/trunk/java/org/apache/catalina/loader/WebappClassLoader.java Fri
> Nov 8 00:09:19 2013
> @@ -47,7 +47,6 @@ import java.util.ConcurrentModificationE
> import java.util.Date;
> import java.util.Enumeration;
> import java.util.HashMap;
> -import java.util.HashSet;
> import java.util.Iterator;
> import java.util.LinkedHashSet;
> import java.util.List;
> @@ -61,6 +60,8 @@ import java.util.concurrent.ThreadPoolEx
> import java.util.jar.Attributes;
> import java.util.jar.Attributes.Name;
> import java.util.jar.Manifest;
> +import java.util.regex.Matcher;
> +import java.util.regex.Pattern;
>
> import org.apache.catalina.Globals;
> import org.apache.catalina.Lifecycle;
> @@ -179,18 +180,23 @@ public class WebappClassLoader extends U
> // --- Static
> Variables
>
> /**
> - * Set of package names which are not allowed to be loaded from a webapp
> - * class loader without delegating first.
> + * Regular expression of package names which are not allowed to be loaded
> + * from a webapp class loader without delegating first.
> */
> -protected static final Set packageTriggersDeny = new HashSet<>();
> +protected final Matcher packageTriggersDeny = Pattern.compile(
> +"^javax\\.el\\.|" +
> +"^javax\\.servlet\\.|" +
> +
> "^org\\.apache\\.(catalina|coyote|el|jasper|juli|naming|tomcat)\\."
> +).matcher("");
>
>
> /**
> - * Set of package names which are allowed to be loaded from a webapp
> class
> - * loader without delegating first and override any set by
> + * Regular expression of package names which are allowed to be loaded
> from a
> + * webapp class loader without delegating first and override any set by
> * {@link #packageTriggersDeny}.
> */
> -protected static final Set packageTriggersPermit = new
> HashSet<>();
> +protected final Matcher packageTriggersPermit =
> +Pattern.compile("^javax\\.servlet\\.jsp\\.jstl\\.").matcher("");
>
Looking at other Tomcat projects...
Standard Taglib uses org.apache.taglibs.standard.**, so it is not
affected by the above patterns.
Maven Plugin uses org.apache.tomcat.maven.**, so it is affected.
(Even though it is unlikely that those classes would be used in a web
application, it is not illegal).
Best regards,
Konstantin Kolinko
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/5208 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-vm_ubuntu Build Reason: scheduler Build Source Stamp: [branch tomcat/trunk] 1540848 Blamelist: kkolinko Build succeeded! sincerely, -The Buildbot
