[Bug 55958] Tomcat tries to deploy dir as zip archive even when it is a directory if the name ends with .war

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=55958

Radim Hatlapatka  changed:

   What|Removed |Added

 Status|NEEDINFO|NEW

--- Comment #2 from Radim Hatlapatka  ---
This is the relevant output in catalina.out including the stacktrace

INFO: Deploying web application directory
/home/rhatlapa/projects/redhat_projects/eap/eap63-development/apache-tomcat-7.0.47/webapps/byteslounge.war
Jan 06, 2014 10:08:48 AM org.apache.catalina.startup.ContextConfig init
SEVERE: Exception fixing docBase for context [/byteslounge]
java.io.FileNotFoundException:
/home/rhatlapa/projects/redhat_projects/eap/eap63-development/apache-tomcat-7.0.47/webapps/byteslounge.war
(Is a directory)
  at java.util.zip.ZipFile.open(Native Method)
  at java.util.zip.ZipFile.(ZipFile.java:215)
  at java.util.zip.ZipFile.(ZipFile.java:145)
  at java.util.jar.JarFile.(JarFile.java:153)
  at java.util.jar.JarFile.(JarFile.java:90)
  at sun.net.www.protocol.jar.URLJarFile.(URLJarFile.java:93)
  at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69)
  at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:99)
  at
sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
  at
sun.net.www.protocol.jar.JarURLConnection.getJarFile(JarURLConnection.java:89)
  at org.apache.catalina.startup.ExpandWar.expand(ExpandWar.java:113)
  at
org.apache.catalina.startup.ContextConfig.fixDocBase(ContextConfig.java:741)
  at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:843)
  at
org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:387)
  at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
  at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
  at
org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
  at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:110)
  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139)
  at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
  at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
  at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:633)
  at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1120)
  at
org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1678)
  at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
  at java.util.concurrent.FutureTask.run(FutureTask.java:262)
  at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
  at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
  at java.lang.Thread.run(Thread.java:744)

Jan 06, 2014 10:08:48 AM org.apache.catalina.core.StandardContext
resourcesStart
SEVERE: Error starting static Resources
java.lang.IllegalArgumentException: Document base
/home/rhatlapa/projects/redhat_projects/eap/eap63-development/apache-tomcat-7.0.47/webapps/byteslounge
does not exist or is not a readable directory
  at
org.apache.naming.resources.FileDirContext.setDocBase(FileDirContext.java:138)
  at
org.apache.catalina.core.StandardContext.resourcesStart(StandardContext.java:5055)
  at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5235)
  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
  at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
  at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
  at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:633)
  at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1120)
  at
org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1678)
  at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
  at java.util.concurrent.FutureTask.run(FutureTask.java:262)
  at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
  at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
  at java.lang.Thread.run(Thread.java:744)

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Tomcat 7.0.50 status?

[Bob DeRemer]

The voting so far seems to indicate 7.0.50 is stable, so I wanted to see if 
there were any further issues keeping it from going GA?   If not, when do you 
anticipate releasing?


Thanks,

_
ThingWorx, A PTC Company

Bob DeRemer, Sr. Director Architecture/Development
bob.dere...@thingworx.com | 
www.thingworx.com | www.ptc.com
M: 717.881.3986 | O: 610.594.6200 x 812

[VOTE] Release Apache Tomcat 7.0.50

[Violeta Georgieva]

+1

Tested Tomcat in OSGi environment - successful.
Basic performance tests - successful.

Regards,
Violeta

На 20 декември 2013, петък Violeta Georgieva  написа:
> The proposed Apache Tomcat 7.0.50 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.50/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-004/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_50/
>
> The proposed 7.0.50 release is:
> [ ] Broken - do not release
> [ ] Stable - go ahead and release as 7.0.50 Stable
>
> Regards
> Violeta

the trunk build.xml breaks because of missing commons-pool2-2.1

[Daniel Baktiar]

Hi there,

I don't know whether anyone was aware or it's been discussed here earlier.

I just rejoined this milis after around 1 year ago.

I just checkout the tomcat trunk (rev 1556266) and tried to follow the
build instruction, running the ant build.
The build breaks, and later I found out that the content of the
build.properties.default (which I copied to build.properties and modified
locally) had a stale version of commons-pool2 version (2.1) which is no
longer exists in the repository.

Somewhere in line 169, we need to update the version from 2.1 to 2.2.

 commons-pool.version=2.2-20140107.135000-1
171 commons-pool.home=${base.path}/commons-pool2-2.2-SNAPSHOT-src
172 commons-pool-src.loc.1=
https://repository.apache.org/content/repositories/snapshots/org/apache/commons/commons-pool2/2.2-SNAPSHOT/commons-pool2-${c
  ommons-pool.version}-src.tar.gz
173 commons-pool-src.loc.2=
https://repository.apache.org/content/repositories/snapshots/org/apache/commons/commons-pool2/2.2-SNAPSHOT/commons-pool2-${c
  ommons-pool.version}-src.tar.gz


After modifying those 3 lines, it works.

Regards,
Daniel Baktiar

Re: the trunk build.xml breaks because of missing commons-pool2-2.1

[Mark Thomas]

On 07/01/2014 16:35, Daniel Baktiar wrote:
> Hi there,
> 
> I don't know whether anyone was aware or it's been discussed here earlier.
> 
> I just rejoined this milis after around 1 year ago.
> 
> I just checkout the tomcat trunk (rev 1556266) and tried to follow the
> build instruction, running the ant build.
> The build breaks, and later I found out that the content of the
> build.properties.default (which I copied to build.properties and modified
> locally) had a stale version of commons-pool2 version (2.1) which is no
> longer exists in the repository.
> 
> Somewhere in line 169, we need to update the version from 2.1 to 2.2.
> 
>  commons-pool.version=2.2-20140107.135000-1
> 171 commons-pool.home=${base.path}/commons-pool2-2.2-SNAPSHOT-src
> 172 commons-pool-src.loc.1=
> https://repository.apache.org/content/repositories/snapshots/org/apache/commons/commons-pool2/2.2-SNAPSHOT/commons-pool2-${c
>   ommons-pool.version}-src.tar.gz
> 173 commons-pool-src.loc.2=
> https://repository.apache.org/content/repositories/snapshots/org/apache/commons/commons-pool2/2.2-SNAPSHOT/commons-pool2-${c
>   ommons-pool.version}-src.tar.gz
> 
> 
> After modifying those 3 lines, it works.

The CI server that produces snapshots was off-line for several months
and came back today. That resulted in all the snapshots being updated
and the old ones were removed.

Right now trunk should actually be using the 2.1 release rather than the
snapshot. I'll get that fixed later today.

Mark


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: the trunk build.xml breaks because of missing commons-pool2-2.1

[Daniel Baktiar]

Oh, I see. Now they have released the commons-pool2 2.1.
That'll be great.

Thanks for the info, Mark.

Daniel

On Wed, Jan 8, 2014 at 12:40 AM, Mark Thomas  wrote:

> On 07/01/2014 16:35, Daniel Baktiar wrote:
> > Hi there,
> >
> > I don't know whether anyone was aware or it's been discussed here
> earlier.
> >
> > I just rejoined this milis after around 1 year ago.
> >
> > I just checkout the tomcat trunk (rev 1556266) and tried to follow the
> > build instruction, running the ant build.
> > The build breaks, and later I found out that the content of the
> > build.properties.default (which I copied to build.properties and modified
> > locally) had a stale version of commons-pool2 version (2.1) which is no
> > longer exists in the repository.
> >
> > Somewhere in line 169, we need to update the version from 2.1 to 2.2.
> >
> >  commons-pool.version=2.2-20140107.135000-1
> > 171 commons-pool.home=${base.path}/commons-pool2-2.2-SNAPSHOT-src
> > 172 commons-pool-src.loc.1=
> >
> https://repository.apache.org/content/repositories/snapshots/org/apache/commons/commons-pool2/2.2-SNAPSHOT/commons-pool2-${c
> >   ommons-pool.version}-src.tar.gz
> > 173 commons-pool-src.loc.2=
> >
> https://repository.apache.org/content/repositories/snapshots/org/apache/commons/commons-pool2/2.2-SNAPSHOT/commons-pool2-${c
> >   ommons-pool.version}-src.tar.gz
> >
> >
> > After modifying those 3 lines, it works.
>
> The CI server that produces snapshots was off-line for several months
> and came back today. That resulted in all the snapshots being updated
> and the old ones were removed.
>
> Right now trunk should actually be using the 2.1 release rather than the
> snapshot. I'll get that fixed later today.
>
> Mark
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

svn commit: r1556276 - in /tomcat/trunk/test/javax/servlet/http: TestCookie.java TestCookieStrict.java

[jboynes]

Author: jboynes
Date: Tue Jan  7 17:00:06 2014
New Revision: 1556276

URL: http://svn.apache.org/r1556276
Log:
Add test cases for name checks in spec Cookie class

Added:
tomcat/trunk/test/javax/servlet/http/TestCookie.java   (with props)
tomcat/trunk/test/javax/servlet/http/TestCookieStrict.java   (with props)

Added: tomcat/trunk/test/javax/servlet/http/TestCookie.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookie.java?rev=1556276&view=auto
==
--- tomcat/trunk/test/javax/servlet/http/TestCookie.java (added)
+++ tomcat/trunk/test/javax/servlet/http/TestCookie.java Tue Jan  7 17:00:06 
2014
@@ -0,0 +1,150 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javax.servlet.http;
+
+import java.util.BitSet;
+
+import org.junit.Assert;
+import org.junit.Ignore;
+import org.junit.Test;
+
+/**
+ * Basic tests for Cookie in default configuration.
+ */
+public class TestCookie {
+public static final BitSet CHAR;  // 
+public static final BitSet CTL;   // 
+public static final BitSet SEPARATORS;
+public static final BitSet TOKEN; // 1*
+
+public static final BitSet NETSCAPE_NAME; // "any character except comma, 
semicolon and whitespace"
+
+static {
+CHAR = new BitSet(256);
+CHAR.set(0, 128);
+
+CTL = new BitSet(256);
+CTL.set(0, 32);
+CTL.set(127);
+
+SEPARATORS = new BitSet(256);
+for (char ch : "()<>@,;:\\\"/[]?={} \t".toCharArray()) {
+SEPARATORS.set(ch);
+}
+
+TOKEN = new BitSet(256);
+TOKEN.or(CHAR); // any CHAR
+TOKEN.andNot(CTL); // except CTLs
+TOKEN.andNot(SEPARATORS); // or separators
+
+NETSCAPE_NAME = new BitSet(256);
+NETSCAPE_NAME.or(CHAR);
+NETSCAPE_NAME.andNot(CTL);
+NETSCAPE_NAME.clear(';');
+NETSCAPE_NAME.clear(',');
+NETSCAPE_NAME.clear(' ');
+}
+
+@Test
+public void testDefaults() {
+Cookie cookie = new Cookie("foo", null);
+Assert.assertEquals("foo", cookie.getName());
+Assert.assertNull(cookie.getValue());
+Assert.assertEquals(0, cookie.getVersion());
+Assert.assertEquals(-1, cookie.getMaxAge());
+}
+
+@Test
+public void testInitialValue() {
+Cookie cookie = new Cookie("foo", "bar");
+Assert.assertEquals("foo", cookie.getName());
+Assert.assertEquals("bar", cookie.getValue());
+Assert.assertEquals(0, cookie.getVersion());
+}
+
+@Test
+public void actualCharactersAllowedInName() {
+checkCharInName(NETSCAPE_NAME);
+}
+
+@Test(expected = IllegalArgumentException.class)
+public void leadingDollar() {
+new Cookie("$Version", null);
+}
+
+@Test(expected = IllegalArgumentException.class)
+public void tokenVersion() {
+new Cookie("Version", null);
+}
+
+@Test(expected = IllegalArgumentException.class)
+public void attributeVersion() {
+new Cookie("Comment", null);
+}
+
+@Test(expected = IllegalArgumentException.class)
+public void attributeDiscard() {
+new Cookie("Discard", null);
+}
+
+@Test(expected = IllegalArgumentException.class)
+public void attributeExpires() {
+new Cookie("Expires", null);
+}
+
+@Test(expected = IllegalArgumentException.class)
+public void attributeMaxAge() {
+new Cookie("Max-Age", null);
+}
+
+@Test(expected = IllegalArgumentException.class)
+public void attributeDomain() {
+new Cookie("Domain", null);
+}
+
+@Test(expected = IllegalArgumentException.class)
+public void attributePath() {
+new Cookie("Path", null);
+}
+
+@Test(expected = IllegalArgumentException.class)
+public void attributeSecure() {
+new Cookie("Secure", null);
+}
+
+@Ignore("HttpOnly is not checked for")
+@Test(expected = IllegalArgumentException.class)
+public void attributeHttpOnly() {
+new Cookie("HttpOnly", null);
+}
+
+public static void checkCharInName(BitSet allowed) {
+for (char ch = 0; ch < allowed.size(); ch++

[Bug 55969] New: Security-related enhancements to the Windows Installer

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=55969

Bug ID: 55969
   Summary: Security-related enhancements to the Windows Installer
   Product: Tomcat 8
   Version: trunk
  Hardware: PC
Status: NEW
  Severity: enhancement
  Priority: P2
 Component: Packaging
  Assignee: dev@tomcat.apache.org
  Reporter: kpreis...@apache.org

Hi,

as discussed on the Tomcat Users List [1], I'd like to propose the following
enhancements to the Windows Installer (explanations are below):


1. Provide an option to automatically adjust file permissions (ACLs) of the
Tomcat installation directory so that only the Windows user under which the
Tomcat service runs (see 2.) has full access (additionaly to mandatory users
like Administrators and SYSTEM), but normal users don't have any access.

2. Provide an option to let the user chose under which Windows user the Tomcat
service should run, and set the "LocalService" user [2] (instead of SYSTEM) as
default. "LocalService" exists since Windows XP and Windows Server 2003.

3. (optional) 
Change the default value for the shutdown port to -1 (or disable the shutdown
port textbox and always use -1).



Motivation:

1) When installing Tomcat with the Windows Service Installer, it installs by
default in "%ProgramFiles%\Apache Software Foundation\Tomcat 8.0". A problem
that I see here is that this directory is intended to be the place for binaries
of programs that every user which has an account on this Windows installation
should be able to use (read). However, by default, Tomcat places not only
binaries, but also data (conf, logs, webapps, work, temp) in this directory (I
think it's possible to run Tomcat with a different data directory by setting a
different CATALINA_BASE env, but the Installer doesn't seem to do this).

This means e.g. if you have some passwords in your Tomcat config, every other
user on the server will be able to read them (or, webapp binaries which you
place in the webapps directory, etc.). Of course, a user which installs a
program on the server should know how to secure the data, but I think a
Installer should make sure that by default, everything is secure. 

For example, if you install Microsoft SQL Server 2012, it will place binaries
and data files into C:\Program Files\Microsoft SQL Server, but the setup
adjusts the permissions for the DATA directory so that ordinary users can't
access it.

Therefore, the Tomcat Installer should adjust the permissions of the Tomcat
Installation directory so that normal users don't have access.


I have not yet looked into how this can be done with the NSIS script, but it
seems it should be possible using the "Access Control" plugin [3].

If using the command line, a way to adjust the permissions so that only
Administrators, SYSTEM and LocalService (if 2. is implemented and the service
runs as LocalService) have full access would be the following command (see [4]
for well-known SIDs in Windows):

"%SystemRoot%\system32\icacls.exe" "" /inheritance:r
/grant *S-1-5-19:(OI)(CI)(F) /grant *S-1-5-32-544:(OI)(CI)(F) /grant
*S-1-5-18:(OI)(CI)(F)


Note: When UAC is turned on and you are not logged in with the integrated
Administrator account, you cannot open the Tomcat folder with the Windows
Explorer, because even if your user is a member of the "Administrators" group,
with enabled UAC the Explorer has reduced rights, so the ACL act as if you are
not a member of the Administrators group and you therefore cannot display the
contents of this folder.

However, if you double-click on the Tomcat folder, the Explorer asks you if you
would like to gain full access rights to this folder. This will change the ACL
so that your current user gets full access. This has the side-effect that other
applications that you execute can write to the Tomcat directory even they are
executed with reduced rights, but I think this is OK on a server. (Previously,
you could browse the Tomcat Installation directory but not change any file.
Windows Explorer would ask you for administrative rights to copy a file into it
or delete one. This however did not change the File ACLs.)

Maybe the installer could also add "read" or "full access" rights for the
current user to the Tomcat directory.


Note that on a Windows Server (2012), the default "Administrator" account seems
to not be impacted by UAC - this user always runs with full privileges.



2) By default, the installer sets the Tomcat Service to run under the
LocalSystem account which as administrative privileges.

Normally, Tomcat shouldn't run as root/Administrator user for security reasons.
An alternative would be to run as LocalService or NetworkService which are
users that exist by default and don't have administrative privileges (i.e. they
has only normal user rights) [2]. AFAIK, this user can only be used for run
services, but it cannot be used with things like the "runas" command so every
other user will n

[Bug 55970] New: A reloadable context is reloaded repeatedly if WEB-INF/lib contains non-jar files

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=55970

Bug ID: 55970
   Summary: A reloadable context is reloaded repeatedly if
WEB-INF/lib contains non-jar files
   Product: Tomcat 8
   Version: 8.0.0-RC10
  Hardware: PC
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: knst.koli...@gmail.com

This is reproduction recipe for an issue reported on the users@ list.

See "rc-10 bug?" thread.
http://tomcat.markmail.org/thread/m6eecxjuygj6yjxq

Steps to reproduce with 8.0.0-RC10:
-
1. Mark the "examples" web application as reloadable, by adding the following
file: /META-INF/context.xml



2. Add a stray non-jar file to the WEB-INF/lib directory.
E.g. /WEB-INF/lib/foo.txt

3. Start Tomcat.
4. Every 10 seconds the examples webapp is reloaded.
This is accompanied by the following log messages:

07-Jan-2014 22:01:58.672 INFO
[ContainerBackgroundProcessor[StandardEngine[Catalina]]]
org.apache.catalina.loader.WebappClassLoader.modified One of more JARs have
been added to the web application [/examples]
07-Jan-2014 22:01:58.673 INFO
[ContainerBackgroundProcessor[StandardEngine[Catalina]]]
org.apache.catalina.core.StandardContext.reload Reloading Context with name
[/examples] has started
07-Jan-2014 22:01:59.704 INFO
[ContainerBackgroundProcessor[StandardEngine[Catalina]]]
org.apache.catalina.core.StandardContext.reload Reloading Context with name
[/examples] is completed
-

Quoting from the e-mail:
[quote]
>From webappclassloader.java snippet below (line 737), jars[] does not only
contain jars, but also any other resources. i added a howTo.txt file in
WEB-INF/lib, which results in  jars.length will NEVER equal
jarModificationTimes.size().

Fix is simple - just filter out the non-jar, non-executable elements b4
comparing. Workaround is equally trivial - remove said elements from the the
lib folder.
Hope this helps,
Peter

// Check if JARs have been added or removed
WebResource[] jars = resources.listResources("/WEB-INF/lib");

if (jars.length > jarModificationTimes.size()) {
log.info(sm.getString("webappClassLoader.jarsAdded",
resources.getContext().getName()));
return true;
} else if (jars.length < jarModificationTimes.size()){
log.info(sm.getString("webappClassLoader.jarsRemoved",
resources.getContext().getName()));
return true;
}

for (WebResource jar : jars) {
if (jar.getName().endsWith(".jar") && jar.isFile() &&
jar.canRead()) {
[/quote]

This affects only those web applications that were explicitly marked as
"reloadable" in their or in the default context.xml file.

In the default configuration the "reloadable" flag is false and thus the
"modified()" check in WebappLoader.backgroundProcess() is skipped.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 55958] Tomcat tries to deploy dir as zip archive even when it is a directory if the name ends with .war

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=55958

--- Comment #3 from Christopher Schultz  ---
So you have a directory named
"/home/rhatlapa/projects/redhat_projects/eap/eap63-development/apache-tomcat-7.0.47/webapps/byteslounge.war"?
What else is in your
"/home/rhatlapa/projects/redhat_projects/eap/eap63-development/apache-tomcat-7.0.47/webapps/"
directory before you try to start Tomcat?

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 55958] Tomcat tries to deploy dir as zip archive even when it is a directory if the name ends with .war

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=55958

--- Comment #4 from Radim Hatlapatka  ---
Yes, that is right, I have the directory named byteslounge.war, if I remove
.war from the name => by renaming it to byteslounge it works just fine.

The rest of webapps in the webapps directory are only the default ones which
are in clean tomact installation.

The only issue is that if you decide to name the webapp with suffix .war it is
automatically treated as zip file instead of being treated as directory.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 7.0.50

[Jeanfrancois Arcand]

On 12/20/2013, 7:52 AM, Violeta Georgieva wrote:

The proposed Apache Tomcat 7.0.50 release is now available for voting.

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.50/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-004/
The svn tag is:
http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_50/

The proposed 7.0.50 release is:
[ ] Broken - do not release
[X ] Stable - go ahead and release as 7.0.50 Stable


Tested Native WebSocket, jsr356, Native Comet and AsyncContext.

-- Jeanfrancois






--
Async-io.org , the company behind the Atmosphere 
Framework!

svn commit: r1556313 - /tomcat/trunk/test/javax/servlet/http/TestCookieStrict.java

[jboynes]

Author: jboynes
Date: Tue Jan  7 18:52:02 2014
New Revision: 1556313

URL: http://svn.apache.org/r1556313
Log:
fix test after switching from STRICT_SERVLET to more specific properties

Modified:
tomcat/trunk/test/javax/servlet/http/TestCookieStrict.java

Modified: tomcat/trunk/test/javax/servlet/http/TestCookieStrict.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/javax/servlet/http/TestCookieStrict.java?rev=1556313&r1=1556312&r2=1556313&view=diff
==
--- tomcat/trunk/test/javax/servlet/http/TestCookieStrict.java (original)
+++ tomcat/trunk/test/javax/servlet/http/TestCookieStrict.java Tue Jan  7 
18:52:02 2014
@@ -24,7 +24,8 @@ import org.junit.Test;
  */
 public class TestCookieStrict {
 static {
-System.setProperty("org.apache.catalina.STRICT_NAMING", "true");
+
System.setProperty("org.apache.tomcat.util.http.ServerCookie.STRICT_NAMING", 
"true");
+
System.setProperty("org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR",
 "true");
 }
 
 @Test



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1556328 - in /tomcat/trunk/java/org/apache: catalina/connector/Response.java tomcat/util/http/ServerCookie.java tomcat/util/http/SetCookieSupport.java

[jboynes]

Author: jboynes
Date: Tue Jan  7 19:21:20 2014
New Revision: 1556328

URL: http://svn.apache.org/r1556328
Log:
Refactor ServerCookie to separate cookie state from the helper code used to 
generate the header. This change is purely a movement of code to improve 
readability.

ServerCookie is now a pure data object holding MessageBytes, typically 
resulting from the parse of the Cookie header done by Cookies. 
The appendCookieValue static helper method is moved to a new class, 
SetCookieSupport, that Response uses when addCookie is called.

Added:
tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java   (with 
props)
Modified:
tomcat/trunk/java/org/apache/catalina/connector/Response.java
tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java

Modified: tomcat/trunk/java/org/apache/catalina/connector/Response.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Response.java?rev=1556328&r1=1556327&r2=1556328&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/connector/Response.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Response.java Tue Jan  7 
19:21:20 2014
@@ -49,7 +49,7 @@ import org.apache.tomcat.util.buf.CharCh
 import org.apache.tomcat.util.buf.UEncoder;
 import org.apache.tomcat.util.http.FastHttpDateFormat;
 import org.apache.tomcat.util.http.MimeHeaders;
-import org.apache.tomcat.util.http.ServerCookie;
+import org.apache.tomcat.util.http.SetCookieSupport;
 import org.apache.tomcat.util.http.parser.MediaTypeCache;
 import org.apache.tomcat.util.net.URL;
 import org.apache.tomcat.util.res.StringManager;
@@ -913,21 +913,21 @@ public class Response
 AccessController.doPrivileged(new PrivilegedAction() {
 @Override
 public Void run(){
-ServerCookie.appendCookieValue
-(sb, cookie.getVersion(), cookie.getName(),
- cookie.getValue(), cookie.getPath(),
- cookie.getDomain(), cookie.getComment(),
- cookie.getMaxAge(), cookie.getSecure(),
- cookie.isHttpOnly());
+SetCookieSupport.appendCookieValue
+(sb, cookie.getVersion(), cookie.getName(),
+cookie.getValue(), cookie.getPath(),
+cookie.getDomain(), cookie.getComment(),
+cookie.getMaxAge(), cookie.getSecure(),
+cookie.isHttpOnly());
 return null;
 }
 });
 } else {
-ServerCookie.appendCookieValue
-(sb, cookie.getVersion(), cookie.getName(), cookie.getValue(),
- cookie.getPath(), cookie.getDomain(), cookie.getComment(),
- cookie.getMaxAge(), cookie.getSecure(),
- cookie.isHttpOnly());
+SetCookieSupport.appendCookieValue
+(sb, cookie.getVersion(), cookie.getName(), 
cookie.getValue(),
+cookie.getPath(), cookie.getDomain(), 
cookie.getComment(),
+cookie.getMaxAge(), cookie.getSecure(),
+cookie.isHttpOnly());
 }
 return sb;
 }

Modified: tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java?rev=1556328&r1=1556327&r2=1556328&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookie.java Tue Jan  7 
19:21:20 2014
@@ -17,12 +17,6 @@
 package org.apache.tomcat.util.http;
 
 import java.io.Serializable;
-import java.text.DateFormat;
-import java.text.FieldPosition;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Locale;
-import java.util.TimeZone;
 
 import org.apache.tomcat.util.buf.MessageBytes;
 
@@ -51,30 +45,9 @@ public class ServerCookie implements Ser
 private final MessageBytes comment=MessageBytes.newInstance();
 private int version = 0;
 
-// Other fields
-private static final String OLD_COOKIE_PATTERN =
-"EEE, dd-MMM- HH:mm:ss z";
-private static final ThreadLocal OLD_COOKIE_FORMAT =
-new ThreadLocal() {
-@Override
-protected DateFormat initialValue() {
-DateFormat df =
-new SimpleDateFormat(OLD_COOKIE_PATTERN, Locale.US);
-df.setTimeZone(TimeZone.getTimeZone("GMT"));
-return df;
-}
-};
-private static final String ancientDate;
+// Note: Servlet Spec =< 3.0 only refers to Netscape and RFC2109, not 
RFC2965
 
-s

svn commit: r1556336 - /tomcat/trunk/build.properties.default

[markt]

Author: markt
Date: Tue Jan  7 20:02:18 2014
New Revision: 1556336

URL: http://svn.apache.org/r1556336
Log:
Back to a proper Commons Pool release now 2.1 has been released (DBCP snapshot 
requires Pool 2.1 or later)

Modified:
tomcat/trunk/build.properties.default

Modified: tomcat/trunk/build.properties.default
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/build.properties.default?rev=1556336&r1=1556335&r2=1556336&view=diff
==
--- tomcat/trunk/build.properties.default (original)
+++ tomcat/trunk/build.properties.default Tue Jan  7 20:02:18 2014
@@ -161,14 +161,10 @@ commons-dbcp-src.loc.1=https://repositor
 
commons-dbcp-src.loc.2=https://repository.apache.org/content/repositories/snapshots/org/apache/commons/commons-dbcp2/2.0-SNAPSHOT/commons-dbcp2-${commons-dbcp.version}-src.tar.gz
 
 # - Commons Pool, version 2.1 or later -
-#commons-pool.version=2.0
-#commons-pool.home=${base.path}/commons-pool2-${commons-pool.version}-src
-#commons-pool-src.loc.1=${base-commons.loc.1}/pool/source/commons-pool2-${commons-pool.version}-src.tar.gz
-#commons-pool-src.loc.2=${base-commons.loc.2}/pool/source/commons-pool2-${commons-pool.version}-src.tar.gz
-commons-pool.version=2.1-20131211.110902-1
-commons-pool.home=${base.path}/commons-pool2-2.1-SNAPSHOT-src
-commons-pool-src.loc.1=https://repository.apache.org/content/repositories/snapshots/org/apache/commons/commons-pool2/2.1-SNAPSHOT/commons-pool2-${commons-pool.version}-src.tar.gz
-commons-pool-src.loc.2=https://repository.apache.org/content/repositories/snapshots/org/apache/commons/commons-pool2/2.1-SNAPSHOT/commons-pool2-${commons-pool.version}-src.tar.gz
+commons-pool.version=2.1
+commons-pool.home=${base.path}/commons-pool2-${commons-pool.version}-src
+commons-pool-src.loc.1=${base-commons.loc.1}/pool/source/commons-pool2-${commons-pool.version}-src.tar.gz
+commons-pool-src.loc.2=${base-commons.loc.2}/pool/source/commons-pool2-${commons-pool.version}-src.tar.gz
 
 
 



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 55973] New: Failure to parse MergedWebXml when validation is enabled in Jasper

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=55973

Bug ID: 55973
   Summary: Failure to parse MergedWebXml when validation is
enabled in Jasper
   Product: Tomcat 7
   Version: trunk
  Hardware: PC
Status: NEW
  Severity: normal
  Priority: P2
 Component: Jasper
  Assignee: dev@tomcat.apache.org
  Reporter: knst.koli...@gmail.com

See e-mail on dev@:
"[7.0.x] Document is invalid: no grammar found. for MergedWebXml in Jasper"
http://markmail.org/message/jbnbmezbdegoufm5

This issue affects the current TC7 code (7.0.51-dev), since the following
commit: http://svn.apache.org/r1552826

It does not affect 7.0.50.
(The error is generated internally, but the list of error is not checked, so it
is effectively ignored).

Steps to reproduce:
1. Enable validation, by adding the following line to conf/catalina.properties

org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true

2. Set JAVA_HOME variable to point a Java 6 JDK. I am using 6u45.
3. Start Tomcat
4. Go to http://localhost:8080/

Expected: index.jsp of the ROOT web application
Actual: Error 500, with the following message in localhost.DATE.log file:

08.01.2014 1:20:11 org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [jsp] in context with path [] threw
exception [org.apache.jasper.JasperException: XML parsing error on file
org.apache.tomcat.util.scan.MergedWebXml: (line 2, col 9)] with root cause
org.xml.sax.SAXParseException: Document is invalid: no grammar found.
at
com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:195)
at
com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:131)
at
com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:384)
at
com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:318)
at
com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:250)
at
com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook(XMLNSDocumentScannerImpl.java:626)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:3104)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:921)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:647)
at
com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:140)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:511)
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:808)
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
at
com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:119)
at
com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:232)
at
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:284)
at
org.apache.jasper.xmlparser.ParserUtils.parseXMLDocument(ParserUtils.java:105)
at org.apache.jasper.compiler.JspConfig.processWebDotXml(JspConfig.java:95)
at org.apache.jasper.compiler.JspConfig.init(JspConfig.java:243)
at org.apache.jasper.compiler.JspConfig.findJspProperty(JspConfig.java:302)
at org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:114)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:373)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:353)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:340)
at
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:657)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:357)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at
org.apache.catalina.valves.AccessLogValve.inv

buildbot success in ASF Buildbot on tomcat-trunk

[buildbot]

The Buildbot has detected a restored build on builder tomcat-trunk while 
building ASF Buildbot.
Full details are available at:
 http://ci.apache.org/builders/tomcat-trunk/builds/5374

Buildbot URL: http://ci.apache.org/

Buildslave for this Build: bb-vm_ubuntu

Build Reason: scheduler
Build Source Stamp: [branch tomcat/trunk] 1556336
Blamelist: markt

Build succeeded!

sincerely,
 -The Buildbot

[Bug 55973] Failure to parse MergedWebXml when validation is enabled in Jasper

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=55973

Konstantin Kolinko  changed:

   What|Removed |Added

 OS||All

--- Comment #1 from Konstantin Kolinko  ---
The cause of this issue is that Jasper uses DOM parser, while the rest of
Tomcat code uses Apache Commons Digester.

When DOM parser is used directly, calling "factory.setValidating(validating);"
on DocumentBuilderFactory enables DOM validation only, but not the schema one.
(in ParserUtils.java in jasper)

When Digester is used, calling digester.setValidating(true) enables not only
DOM validation, but schema one as well.

See Digester#getFactory() for a fragment of code that enables schema
validation.


By the way, XmlErrorHandler used by Japser here stores the errors and warnings
in a HashSet. In this case, there are 2 errors, and which one is reported is
random, as the HashSet has no order. From debugger:

[org.xml.sax.SAXParseException: Document root element "web-app", must match
DOCTYPE root "null"., org.xml.sax.SAXParseException: Document is invalid: no
grammar found.]

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1556377 - in /tomcat/tc7.0.x/trunk: java/org/apache/jasper/xmlparser/ParserUtils.java webapps/docs/changelog.xml

[kkolinko]

Author: kkolinko
Date: Tue Jan  7 22:10:02 2014
New Revision: 1556377

URL: http://svn.apache.org/r1556377
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55973
Fix processing of XML schemas when validation is enabled in Jasper.

The code is based on a similar fragment in Digester#getFactory().

Modified:
tomcat/tc7.0.x/trunk/java/org/apache/jasper/xmlparser/ParserUtils.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc7.0.x/trunk/java/org/apache/jasper/xmlparser/ParserUtils.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/jasper/xmlparser/ParserUtils.java?rev=1556377&r1=1556376&r2=1556377&view=diff
==
--- tomcat/tc7.0.x/trunk/java/org/apache/jasper/xmlparser/ParserUtils.java 
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/jasper/xmlparser/ParserUtils.java Tue 
Jan  7 22:10:02 2014
@@ -98,6 +98,16 @@ public class ParserUtils {
 DocumentBuilderFactory.newInstance();
 factory.setNamespaceAware(true);
 factory.setValidating(validating);
+if (validating) {
+// Enable DTD validation
+factory.setFeature(
+"http://xml.org/sax/features/validation";,
+true);
+// Enable schema validation
+factory.setFeature(
+"http://apache.org/xml/features/validation/schema";,
+true);
+}
 DocumentBuilder builder = factory.newDocumentBuilder();
 builder.setEntityResolver(entityResolverInstance);
 XmlErrorHandler handler = new XmlErrorHandler();

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1556377&r1=1556376&r2=1556377&view=diff
==
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Tue Jan  7 22:10:02 2014
@@ -70,6 +70,10 @@
 Correct a regression in the XML refactoring that meant that errors in
 TLD files were swallowed. (markt)
   
+  
+55973: Fix processing of XML schemas when validation is
+enabled in Jasper. (kkolinko)
+  
 
   
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1556394 - /tomcat/tc6.0.x/trunk/STATUS.txt

[remm]

Author: remm
Date: Tue Jan  7 22:54:04 2014
New Revision: 1556394

URL: http://svn.apache.org/r1556394
Log:
Votes.

Modified:
tomcat/tc6.0.x/trunk/STATUS.txt

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1556394&r1=1556393&r2=1556394&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Jan  7 22:54:04 2014
@@ -37,7 +37,7 @@ PATCHES PROPOSED TO BACKPORT:
   http://svn.apache.org/r1500065 (excluding tests) - original fix
   http://svn.apache.org/r1539176 (excluding tests) - required for following fix
   http://svn.apache.org/r1539177 (excluding tests) - fixes regression in 
original
-  +1: markt, schultz
+  +1: markt, schultz, remm
   -1:
 
 * Fix issue with Manager app and other apps that use i18n in the UI when a
@@ -45,21 +45,21 @@ PATCHES PROPOSED TO BACKPORT:
   or Japanese.
   Port all the other improvements to the StringManager from trunk as well
   http://people.apache.org/~markt/patches/2013-12-17-webapp-locale-tc6.patch
-  +1: markt
+  +1: markt, remm
   +1: kkolinko (a typo in changelog: s/associated/associate/)
   -1:
 
 * Add support for limiting the size of chunk extensions when using chunked
   encoding.
   
http://people.apache.org/~markt/patches/2013-12-17-chunk-extensions-tc6-v2.patch
-  +1: markt, kkolinko
+  +1: markt, kkolinko, remm
   -1:
 
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55749
   Improve the error message when SSLEngine is disabled in AprLifecycleListener
   and SSL is configured for an APR/native connector.
   http://people.apache.org/~markt/patches/2013-11-12-bug55749-tc6.patch
-  +1: markt, kkolinko
+  +1: markt, kkolinko, remm
   -1:
 
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55759
@@ -83,7 +83,7 @@ PATCHES PROPOSED TO BACKPORT:
   Tomcat 7 (which meant re-ordering methods in places) to make it easier to
   compare 6.0.x code with 7.0.x code.
   
http://people.apache.org/~markt/patches/2013-12-20-xml-prep-part1-tc6-v2.patch
-  +1: markt
+  +1: markt, remm
   +1: kkolinko:
   I do not like that you change the values of validation flags when
   STRICT_SERVLET_COMPLIANCE is set. This was a feature required for
@@ -109,7 +109,7 @@ PATCHES PROPOSED TO BACKPORT:
   implementation is required. This is essentially a back-port of
   http://svn.apache.org/r1552306
   
http://people.apache.org/~markt/patches/2013-12-19-xml-prep-part2-tc6-v1.patch
-  +1: markt, kkolinko
+  +1: markt, kkolinko, remm
   -1:
 
 * Back-port some XML processing improvements (part 3)
@@ -118,7 +118,7 @@ PATCHES PROPOSED TO BACKPORT:
   being added. When actually making the commit, they will be copied from 7.0.x 
   and amended to retain history.
   
http://people.apache.org/~markt/patches/2013-12-19-xml-prep-part3-tc6-v1.patch
-  +1: markt
+  +1: markt, remm
   +1: kkolinko (Looks OK. I have not tested into what jar the new package
   goes and whether it requires an update to build.xml).
   -1:
@@ -129,7 +129,7 @@ PATCHES PROPOSED TO BACKPORT:
   being added. When actually making the commit, they will be copied from 7.0.x 
   and amended to retain history.
   
http://people.apache.org/~markt/patches/2013-12-19-xml-prep-part4-tc6-v1.patch
-  +1: markt
+  +1: markt, remm
   +0: kkolinko:
   This requires JUnit4. Formally, "eclipse.classpath" file still uses
   JUnit 3 and if I understand correctly build.xml does not have JUnit
@@ -143,7 +143,7 @@ PATCHES PROPOSED TO BACKPORT:
 * Avoid possible NPE when a content type with no charset is specified
   (Followup to r1548971)
   http://svn.apache.org/r1552805
-  +1: markt, kkolinko
+  +1: markt, kkolinko, remm
   -1:
 
 



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 55974] New: Honor the order when reporting XML parsing errors and warnings in XmlErrorHandler class

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=55974

Bug ID: 55974
   Summary: Honor the order when reporting XML parsing errors and
warnings in XmlErrorHandler class
   Product: Tomcat 7
   Version: 7.0.47
  Hardware: PC
Status: NEW
  Severity: enhancement
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: knst.koli...@gmail.com

Originally reported in comment 1 of bug 55973.

o.a.t.util.descriptor.XmlErrorHandler class stores the errors and warnings in a
HashSet. A hashset does not preserve ordering.

If there are several errors, then

a) When all errors are printed (e.g. via XmlErrorHandler#logFindings(...)),
their order is random.

b) When only one error is reported (e.g. by code added in r1552826), the one
error is chosen randomly.

The ordering can be preserved if the collection is stored as LinkedHashSet or
an ArrayList. Is there a benefit of using a 'set' here, or a 'list' would
suffice?

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1556397 - /tomcat/tc6.0.x/trunk/STATUS.txt

[kkolinko]

Author: kkolinko
Date: Tue Jan  7 23:13:57 2014
New Revision: 1556397

URL: http://svn.apache.org/r1556397
Log:
proposal

Modified:
tomcat/tc6.0.x/trunk/STATUS.txt

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1556397&r1=1556396&r2=1556397&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Tue Jan  7 23:13:57 2014
@@ -136,8 +136,10 @@ PATCHES PROPOSED TO BACKPORT:
   on classpath, but uses whatever version is available with Ant, with

 
-  A patch to introduce JUnit 4 may be based on r1408413, but note that
-  it requires Ant >= 1.8.0.
+  A patch to introduce JUnit 4 may be to fix the Eclipse file and
+  fix the availability check to look for a JUnit 4 class.
+  (A more detailed solution may be based on r1408413, but that
+  requires Ant >= 1.8.0).
   -1:
 
 * Avoid possible NPE when a content type with no charset is specified
@@ -146,6 +148,12 @@ PATCHES PROPOSED TO BACKPORT:
   +1: markt, kkolinko, remm
   -1:
 
+* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55973
+  Fix processing of XML schemas when validation is enabled in Jasper
+  http://svn.apache.org/r1556377
+  +1: kkolinko
+  -1:
+
 
 PATCHES/ISSUES THAT ARE STALLED
 



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 55973] Failure to parse MergedWebXml when validation is enabled in Jasper

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=55973

Konstantin Kolinko  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #2 from Konstantin Kolinko  ---
Fixed in 7.0 by r1556377 and will be in 7.0.51.

The ordering issue has been filed separately as
https://issues.apache.org/bugzilla/show_bug.cgi?id=55974

Proposed for Tomcat 6.
Tomcat 8 is not affected.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 7.0.50

[Konstantin Kolinko]

2013/12/20 Violeta Georgieva :
> The proposed Apache Tomcat 7.0.50 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.50/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-004/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_50/
>
> The proposed 7.0.50 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.50 Stable
>

Test suite passes on Windows 7 with all 3 connectors, built with
32-bit JDK 6u45 + 7u45.

Smoke testing and my webapps are OK.

Regarding the issues that are already fixed in 7.0.x:
a) The fix in r1552805 (NPE in o.a.coyote.Response.setContentType())
does not affect 7.0.50. A simple test does not trigger the error.
The code changed by that patch is actually not used, but similar code
in o.a.catalina.connector.Request.setContentType() is used instead.

b) Ignoring errors in Jasper and broken validation (bug 55973) are an
issue only when it is used standalone (e.g. JSPC). I think it is not a
stopper.

When used in Tomcat the files are parsed twice by Catalina and by
Jasper, and Catalina will report all those errors.

A simple test that TLD errors are reported in 7.0.50:
1. Place the following file as ROOT/WEB-INF/broken.tld
[[[

http://java.sun.com/xml/ns/j2ee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd";
version="2.0">
  

]]]
2. Enable validation. Start Tomcat.
3. The (non-fatal) parse error is logged twice:
a) by org.apache.tomcat.util.digester.Digester error
b) by org.apache.tomcat.util.descriptor.XmlErrorHandler logFindings

Thus 7.0.50 is OK.

I have not tested ValidatorTask. I suspect that it will print errors,
but wouldn't fail a build. I think the old code behaves the same, so
it is not a regression.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1556418 - in /tomcat/trunk/java/org/apache: catalina/connector/Response.java tomcat/util/http/SetCookieSupport.java

[jboynes]

Author: jboynes
Date: Wed Jan  8 01:10:34 2014
New Revision: 1556418

URL: http://svn.apache.org/r1556418
Log:
Simplify interface to SetCookieSupport.

Modified:
tomcat/trunk/java/org/apache/catalina/connector/Response.java
tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java

Modified: tomcat/trunk/java/org/apache/catalina/connector/Response.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Response.java?rev=1556418&r1=1556417&r2=1556418&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/connector/Response.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Response.java Wed Jan  8 
01:10:34 2014
@@ -865,12 +865,12 @@ public class Response
 return;
 }
 
-final StringBuffer sb = generateCookieString(cookie);
+String header = generateCookieString(cookie);
 //if we reached here, no exception, cookie is valid
 // the header name is Set-Cookie for both "old" and v.1 ( RFC2109 )
 // RFC2965 is not supported by browsers and the Servlet spec
 // asks for 2109.
-addHeader("Set-Cookie", sb.toString());
+addHeader("Set-Cookie", header);
 }
 
 /**
@@ -886,50 +886,38 @@ public class Response
 String name = cookie.getName();
 final String headername = "Set-Cookie";
 final String startsWith = name + "=";
-final StringBuffer sb = generateCookieString(cookie);
+String header = generateCookieString(cookie);
 boolean set = false;
 MimeHeaders headers = coyoteResponse.getMimeHeaders();
 int n = headers.size();
 for (int i = 0; i < n; i++) {
 if (headers.getName(i).toString().equals(headername)) {
 if (headers.getValue(i).toString().startsWith(startsWith)) {
-headers.getValue(i).setString(sb.toString());
+headers.getValue(i).setString(header);
 set = true;
 }
 }
 }
 if (!set) {
-addHeader(headername, sb.toString());
+addHeader(headername, header);
 }
 
 
 }
 
-public StringBuffer generateCookieString(final Cookie cookie) {
-final StringBuffer sb = new StringBuffer();
+public String generateCookieString(final Cookie cookie) {
 //web application code can receive a IllegalArgumentException
 //from the appendCookieValue invocation
 if (SecurityUtil.isPackageProtectionEnabled()) {
-AccessController.doPrivileged(new PrivilegedAction() {
+return AccessController.doPrivileged(new 
PrivilegedAction() {
 @Override
-public Void run(){
-SetCookieSupport.appendCookieValue
-(sb, cookie.getVersion(), cookie.getName(),
-cookie.getValue(), cookie.getPath(),
-cookie.getDomain(), cookie.getComment(),
-cookie.getMaxAge(), cookie.getSecure(),
-cookie.isHttpOnly());
-return null;
+public String run(){
+return SetCookieSupport.generateHeader(cookie);
 }
 });
 } else {
-SetCookieSupport.appendCookieValue
-(sb, cookie.getVersion(), cookie.getName(), 
cookie.getValue(),
-cookie.getPath(), cookie.getDomain(), 
cookie.getComment(),
-cookie.getMaxAge(), cookie.getSecure(),
-cookie.isHttpOnly());
+return SetCookieSupport.generateHeader(cookie);
 }
-return sb;
 }
 
 

Modified: tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java?rev=1556418&r1=1556417&r2=1556418&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java Wed Jan 
 8 01:10:34 2014
@@ -23,6 +23,8 @@ import java.util.Date;
 import java.util.Locale;
 import java.util.TimeZone;
 
+import javax.servlet.http.Cookie;
+
 /**
  * Support class for generating Set-Cookie header values.
  */
@@ -45,7 +47,16 @@ public class SetCookieSupport {
 ancientDate = OLD_COOKIE_FORMAT.get().format(new Date(1));
 }
 
-public static void appendCookieValue( StringBuffer headerBuf,
+public static String generateHeader(Cookie cookie) {
+StringBuffer sb = new StringBuffer();
+appendCookieValue(sb, cookie.getVersion(), cookie.getName(), 
cookie.getValue(),
+cookie.getPa

svn commit: r1556423 - /tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java

[jboynes]

Author: jboynes
Date: Wed Jan  8 01:47:40 2014
New Revision: 1556423

URL: http://svn.apache.org/r1556423
Log:
Inline method call and eliminate an unneeded StringBuffer allocation.

Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java

Modified: tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java?rev=1556423&r1=1556422&r2=1556423&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java Wed Jan 
 8 01:47:40 2014
@@ -48,28 +48,11 @@ public class SetCookieSupport {
 }
 
 public static String generateHeader(Cookie cookie) {
-StringBuffer sb = new StringBuffer();
-appendCookieValue(sb, cookie.getVersion(), cookie.getName(), 
cookie.getValue(),
-cookie.getPath(), cookie.getDomain(), cookie.getComment(),
-cookie.getMaxAge(), cookie.getSecure(),
-cookie.isHttpOnly());
-return sb.toString();
-}
 
-private static void appendCookieValue( StringBuffer headerBuf,
-  int version,
-  String name,
-  String value,
-  String path,
-  String domain,
-  String comment,
-  int maxAge,
-  boolean isSecure,
-  boolean isHttpOnly)
-{
-StringBuffer buf = new StringBuffer();
+StringBuffer buf = new StringBuffer(); // can't use StringBuilder due 
to DateFormat
+
 // Servlet implementation checks name
-buf.append( name );
+buf.append(cookie.getName());
 buf.append("=");
 // Servlet implementation does not check anything else
 
@@ -82,8 +65,14 @@ public class SetCookieSupport {
  * Note that by checking for tokens we will also throw an exception if 
a
  * control character is encountered.
  */
+
+String value = cookie.getValue();
+String path = cookie.getPath();
+String domain = cookie.getDomain();
+String comment = cookie.getComment();
+
 // Start by using the version we were asked for
-int newVersion = version;
+int newVersion = cookie.getVersion();
 
 // If it is v0, check if we need to switch
 if (newVersion == 0 &&
@@ -140,6 +129,7 @@ public class SetCookieSupport {
 }
 
 // Max-Age=secs ... or use old "Expires" format
+int maxAge = cookie.getMaxAge();
 if (maxAge >= 0) {
 if (newVersion > 0) {
 buf.append ("; Max-Age=");
@@ -155,9 +145,9 @@ public class SetCookieSupport {
 buf.append( ancientDate );
 } else {
 OLD_COOKIE_FORMAT.get().format(
-new Date(System.currentTimeMillis() +
-maxAge*1000L),
-buf, new FieldPosition(0));
+new Date(System.currentTimeMillis() + maxAge * 
1000L),
+buf,
+new FieldPosition(0));
 }
 }
 }
@@ -169,15 +159,15 @@ public class SetCookieSupport {
 }
 
 // Secure
-if (isSecure) {
+if (cookie.getSecure()) {
   buf.append ("; Secure");
 }
 
 // HttpOnly
-if (isHttpOnly) {
+if (cookie.isHttpOnly()) {
 buf.append("; HttpOnly");
 }
-headerBuf.append(buf);
+return buf.toString();
 }
 
 /**



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Tomcat Wiki] Trivial Update of "Development" by KonstantinKolinko

[Apache Wiki]

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change 
notification.

The "Development" page has been changed by KonstantinKolinko:
https://wiki.apache.org/tomcat/Development?action=diff&rev1=2&rev2=3

Comment:
Correct a typo

  
  This is where development and design issues can be fleshed out before 
implementation.
  
- * '''[[Cookies]]''' - Reveiwing Tomcat's cookie support
+ * '''[[Cookies]]''' - Reviewing Tomcat's cookie support
  

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Tomcat Wiki] Trivial Update of "Development" by KonstantinKolinko

[Apache Wiki]

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change 
notification.

The "Development" page has been changed by KonstantinKolinko:
https://wiki.apache.org/tomcat/Development?action=diff&rev1=3&rev2=4

Comment:
Fix list formatting (List formatting is recognized only when there is a space 
before '*').

  
  This is where development and design issues can be fleshed out before 
implementation.
  
- * '''[[Cookies]]''' - Reviewing Tomcat's cookie support
+  * '''[[Cookies]]''' - Reviewing Tomcat's cookie support
  

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1556427 - /tomcat/tc6.0.x/trunk/STATUS.txt

[jboynes]

Author: jboynes
Date: Wed Jan  8 02:35:04 2014
New Revision: 1556427

URL: http://svn.apache.org/r1556427
Log:
votes

Modified:
tomcat/tc6.0.x/trunk/STATUS.txt

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1556427&r1=1556426&r2=1556427&view=diff
==
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Wed Jan  8 02:35:04 2014
@@ -37,7 +37,7 @@ PATCHES PROPOSED TO BACKPORT:
   http://svn.apache.org/r1500065 (excluding tests) - original fix
   http://svn.apache.org/r1539176 (excluding tests) - required for following fix
   http://svn.apache.org/r1539177 (excluding tests) - fixes regression in 
original
-  +1: markt, schultz, remm
+  +1: markt, schultz, remm, jboynes
   -1:
 
 * Fix issue with Manager app and other apps that use i18n in the UI when a
@@ -45,14 +45,14 @@ PATCHES PROPOSED TO BACKPORT:
   or Japanese.
   Port all the other improvements to the StringManager from trunk as well
   http://people.apache.org/~markt/patches/2013-12-17-webapp-locale-tc6.patch
-  +1: markt, remm
+  +1: markt, remm, jboynes
   +1: kkolinko (a typo in changelog: s/associated/associate/)
   -1:
 
 * Add support for limiting the size of chunk extensions when using chunked
   encoding.
   
http://people.apache.org/~markt/patches/2013-12-17-chunk-extensions-tc6-v2.patch
-  +1: markt, kkolinko, remm
+  +1: markt, kkolinko, remm, jboynes
   -1:
 
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55749
@@ -75,7 +75,7 @@ PATCHES PROPOSED TO BACKPORT:
   being added. When actually making the commit, they will be copied from 7.0.x 
   and amended to retain history.
   http://people.apache.org/~markt/patches/2013-12-19-javaee-xml-tc6-v1.patch
-  +1: markt, kkolinko
+  +1: markt, kkolinko, jboynes
   -1:
 
 * Back-port some XML processing improvements (part 1)
@@ -83,7 +83,7 @@ PATCHES PROPOSED TO BACKPORT:
   Tomcat 7 (which meant re-ordering methods in places) to make it easier to
   compare 6.0.x code with 7.0.x code.
   
http://people.apache.org/~markt/patches/2013-12-20-xml-prep-part1-tc6-v2.patch
-  +1: markt, remm
+  +1: markt, remm, jboynes
   +1: kkolinko:
   I do not like that you change the values of validation flags when
   STRICT_SERVLET_COMPLIANCE is set. This was a feature required for
@@ -109,7 +109,7 @@ PATCHES PROPOSED TO BACKPORT:
   implementation is required. This is essentially a back-port of
   http://svn.apache.org/r1552306
   
http://people.apache.org/~markt/patches/2013-12-19-xml-prep-part2-tc6-v1.patch
-  +1: markt, kkolinko, remm
+  +1: markt, kkolinko, remm, jboynes
   -1:
 
 * Back-port some XML processing improvements (part 3)
@@ -121,6 +121,8 @@ PATCHES PROPOSED TO BACKPORT:
   +1: markt, remm
   +1: kkolinko (Looks OK. I have not tested into what jar the new package
   goes and whether it requires an update to build.xml).
+  +1: jboynes (Looks OK, have not verified if schema references work when the
+  XSDs are still split between servlet/resources and jsp/resources).
   -1:
 
 * Back-port some XML processing improvements (part 4)
@@ -145,13 +147,13 @@ PATCHES PROPOSED TO BACKPORT:
 * Avoid possible NPE when a content type with no charset is specified
   (Followup to r1548971)
   http://svn.apache.org/r1552805
-  +1: markt, kkolinko, remm
+  +1: markt, kkolinko, remm, jboynes
   -1:
 
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55973
   Fix processing of XML schemas when validation is enabled in Jasper
   http://svn.apache.org/r1556377
-  +1: kkolinko
+  +1: kkolinko, jboynes
   -1:
 
 



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1556434 - in /tomcat/trunk/java/org/apache/tomcat/util/http: CookieSupport.java SetCookieSupport.java

[jboynes]

Author: jboynes
Date: Wed Jan  8 03:22:13 2014
New Revision: 1556434

URL: http://svn.apache.org/r1556434
Log:
Move methods only used by SetCookieSupport into that class.

Modified:
tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java

Modified: tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java?rev=1556434&r1=1556433&r2=1556434&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java Wed Jan  8 
03:22:13 2014
@@ -173,29 +173,6 @@ public final class CookieSupport {
 return V0_SEPARATOR_FLAGS[c];
 }
 
-public static boolean isV0Token(String value) {
-if( value==null) {
-return false;
-}
-
-int i = 0;
-int len = value.length();
-
-if (alreadyQuoted(value)) {
-i++;
-len--;
-}
-
-for (; i < len; i++) {
-char c = value.charAt(i);
-
-if (isV0Separator(c)) {
-return true;
-}
-}
-return false;
-}
-
 /**
  * Returns true if the byte is a separator as defined by V1 of the cookie
  * spec, RFC2109.
@@ -213,36 +190,6 @@ public final class CookieSupport {
 return HTTP_SEPARATOR_FLAGS[c];
 }
 
-public static boolean isHttpToken(String value) {
-if( value==null) {
-return false;
-}
-
-int i = 0;
-int len = value.length();
-
-if (alreadyQuoted(value)) {
-i++;
-len--;
-}
-
-for (; i < len; i++) {
-char c = value.charAt(i);
-
-if (isHttpSeparator(c)) {
-return true;
-}
-}
-return false;
-}
-
-public static boolean alreadyQuoted (String value) {
-if (value==null || value.length() < 2) {
-return false;
-}
-return (value.charAt(0)=='\"' && value.charAt(value.length()-1)=='\"');
-}
-
 
 // - 
Constructor
 private CookieSupport() {

Modified: tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java?rev=1556434&r1=1556433&r2=1556434&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/SetCookieSupport.java Wed Jan 
 8 03:22:13 2014
@@ -77,9 +77,9 @@ public class SetCookieSupport {
 // If it is v0, check if we need to switch
 if (newVersion == 0 &&
 (!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
- CookieSupport.isHttpToken(value) ||
+ isHttpToken(value) ||
  CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
- CookieSupport.isV0Token(value))) {
+ isV0Token(value))) {
 // HTTP token in value - need to use v1
 newVersion = 1;
 }
@@ -91,18 +91,18 @@ public class SetCookieSupport {
 
 if (newVersion == 0 &&
 (!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
- CookieSupport.isHttpToken(path) ||
+ isHttpToken(path) ||
  CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
- CookieSupport.isV0Token(path))) {
+ isV0Token(path))) {
 // HTTP token in path - need to use v1
 newVersion = 1;
 }
 
 if (newVersion == 0 &&
 (!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
- CookieSupport.isHttpToken(domain) ||
+ isHttpToken(domain) ||
  CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
- CookieSupport.isV0Token(domain))) {
+ isV0Token(domain))) {
 // HTTP token in domain - need to use v1
 newVersion = 1;
 }
@@ -178,13 +178,13 @@ public class SetCookieSupport {
 private static void maybeQuote (StringBuffer buf, String value) {
 if (value==null || value.length()==0) {
 buf.append("\"\"");
-} else if (CookieSupport.alreadyQuoted(value)) {
+} else if (alreadyQuoted(value)) {
 buf.append('"');
 buf.append(escapeDoubleQuotes(value,1,value.length()-1));
 buf.append('"');
-} else if (CookieSupport.isHttpToken(value) &&
+} else if (isHttpToken(value) &&
 !CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 ||
-CookieSupport.isV0To

[Bug 55975] New: Inconsistent escaping applied to V0 cookie values

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=55975

Bug ID: 55975
   Summary: Inconsistent escaping applied to V0 cookie values
   Product: Tomcat 8
   Version: trunk
  Hardware: PC
OS: Mac OS X 10.4
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: jboy...@apache.org

If a V0 value contains a backslash or a dquote then it will be converted to a
V1 cookie and transformed into a quoted-string. During that transformation
checks are made for backslash and dquote characters but they are not escaped
consistently.

If the value contains a dquote, then it will be escaped. For example, the value
«a"b» results in
  Set-Cookie: foo="a\"b"; Version=1

If the value contains a backslash then it will not be escaped. For example, the
value «a\b» results in
  Set-Cookie: foo="a\b"; Version=1
which means the backslash is then incorrectly escaping the "b" character.

If the value contains a dquote and a backslash, then the dquote will be escaped
and the backslash will not so «a"b\c» results in
  Set-Cookie: foo="a\"b\c"; Version=1

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1556449 - in /tomcat/trunk/test/org/apache/tomcat/util/http: TestSetCookieSupport.java TestSetCookieSupportSeparatorsAllowed.java

[jboynes]

Author: jboynes
Date: Wed Jan  8 05:54:43 2014
New Revision: 1556449

URL: http://svn.apache.org/r1556449
Log:
test cases for Set-Cookie generation

Added:
tomcat/trunk/test/org/apache/tomcat/util/http/TestSetCookieSupport.java   
(with props)

tomcat/trunk/test/org/apache/tomcat/util/http/TestSetCookieSupportSeparatorsAllowed.java
   (with props)

Added: tomcat/trunk/test/org/apache/tomcat/util/http/TestSetCookieSupport.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestSetCookieSupport.java?rev=1556449&view=auto
==
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestSetCookieSupport.java 
(added)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestSetCookieSupport.java Wed 
Jan  8 05:54:43 2014
@@ -0,0 +1,112 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.http;
+
+import javax.servlet.http.Cookie;
+
+import org.junit.Assert;
+import org.junit.Ignore;
+import org.junit.Test;
+
+public class TestSetCookieSupport {
+
+@Test
+public void v0simpleCookie() {
+Cookie cookie = new Cookie("foo", "bar");
+Assert.assertEquals("foo=bar", 
SetCookieSupport.generateHeader(cookie));
+}
+
+@Test
+public void v0NullValue() {
+Cookie cookie = new Cookie("foo", null);
+//Assert.assertEquals("foo=", SetCookieSupport.generateHeader(cookie));
+Assert.assertEquals("foo=\"\"", 
SetCookieSupport.generateHeader(cookie));
+}
+
+@Test
+public void v0QuotedValue() {
+Cookie cookie = new Cookie("foo", "\"bar\"");
+Assert.assertEquals("foo=\"bar\"", 
SetCookieSupport.generateHeader(cookie));
+}
+
+@Test
+public void v0ValueContainsSemicolon() {
+Cookie cookie = new Cookie("foo", "a;b");
+// should probably throw IAE?
+Assert.assertEquals("foo=\"a;b\"; Version=1", 
SetCookieSupport.generateHeader(cookie));
+}
+
+@Test
+public void v0ValueContainsComma() {
+Cookie cookie = new Cookie("foo", "a,b");
+// should probably throw IAE?
+Assert.assertEquals("foo=\"a,b\"; Version=1", 
SetCookieSupport.generateHeader(cookie));
+}
+
+@Test
+public void v0ValueContainsSpace() {
+Cookie cookie = new Cookie("foo", "a b");
+// should probably throw IAE?
+Assert.assertEquals("foo=\"a b\"; Version=1", 
SetCookieSupport.generateHeader(cookie));
+}
+
+@Test
+public void v0ValueContainsEquals() {
+Cookie cookie = new Cookie("foo", "a=b");
+Assert.assertEquals("foo=\"a=b\"; Version=1", 
SetCookieSupport.generateHeader(cookie));
+}
+
+@Test
+public void v0ValueContainsQuote() {
+Cookie cookie = new Cookie("foo", "a\"b");
+//Assert.assertEquals("foo=a\"b", 
SetCookieSupport.generateHeader(cookie));
+Assert.assertEquals("foo=\"a\\\"b\"; Version=1", 
SetCookieSupport.generateHeader(cookie));
+}
+
+@Ignore("bug 55975")
+@Test
+public void v0ValueContainsNonV0Separator() {
+Cookie cookie = new Cookie("foo", "a()<>@:\\\"/[]?={}b");
+// Assert.assertEquals("foo=a()<>@:\\\"/[]?{}=b", 
SetCookieSupport.generateHeader(cookie));
+Assert.assertEquals("foo=\"a()<>@,;:\\\"/[]?={}b\"; Version=1", 
SetCookieSupport.generateHeader(cookie));
+}
+
+@Ignore("bug 55975")
+@Test
+public void v0ValueContainsBackslash() {
+Cookie cookie = new Cookie("foo", "a\\b");
+//Assert.assertEquals("foo=a\\b", 
SetCookieSupport.generateHeader(cookie));
+Assert.assertEquals("foo=\"ab\"; Version=1", 
SetCookieSupport.generateHeader(cookie));
+}
+
+
+@Ignore("bug 55975")
+@Test
+public void v0ValueContainsBackslashAtEnd() {
+Cookie cookie = new Cookie("foo", "a\\");
+//Assert.assertEquals("foo=a\\", 
SetCookieSupport.generateHeader(cookie));
+Assert.assertEquals("foo=\"a\"; Version=1", 
SetCookieSupport.generateHeader(cookie));
+}
+
+@Ignore("bug 55975")
+@Test
+public void v0ValueContainsBackslashAndQuote() {
+Cookie cookie = new Cookie("foo", "a\"b\\c");
+//Asse