[Bug 57275] Constant "WriteClient failed with 1229"
https://issues.apache.org/bugzilla/show_bug.cgi?id=57275 --- Comment #3 from Rainer Jung --- (In reply to optimusprimed from comment #2) > "Concerning the log level: if you choose some log level, you will always get > the messages for that log level and all more serious log levels. That's > normal product behavior. If you don't want "info", increase configured log > level to "warn" etc." > > Not for us, Rainer. We have log_level "error" and we get "info" and "warn" > as well as "error". So much for normal product behaviour. That is a bug, is > it not? You originally write "In addition, the log level of the connector is not adhered to. We have log_level set to "info", yet we see "error", "warn" and "info"." and also your configuration shows it set to "info". In that case it is normal, that info, warn and error occur. If you have changed in the meantime to "error" and the behavior didn't change, then I suspect that the configuration is not found or used. Setting the log level works since many years. It also seems you flipped the configuration file names in your original problem report. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1642554 - /tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java
Author: rjung
Date: Sun Nov 30 15:42:08 2014
New Revision: 1642554
URL: http://svn.apache.org/r1642554
Log:
Add unit tests for RemoteAddrValve and RemoteHostValve.
Added:
tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java
(with props)
Added: tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java?rev=1642554&view=auto
==
--- tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java
(added)
+++ tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java
Sun Nov 30 15:42:08 2014
@@ -0,0 +1,170 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.catalina.valves;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+
+import org.junit.Test;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+
+/**
+ * {@link RequestFilterValve} Tests
+ */
+public class TestRequestFilterValve {
+
+private static final int OK= 200;
+private static final int FORBIDDEN = 403;
+private static final int CUSTOM= 499;
+
+private static final String ADDR_ALLOW_PAT= "127\\..*";
+private static final String ADDR_DENY_PAT = ".*\\.1";
+private static final String ADDR_ONLY_ALLOW = "127.0.0.2";
+private static final String ADDR_ONLY_DENY= "192.168.0.1";
+private static final String ADDR_ALLOW_AND_DENY = "127.0.0.1";
+private static final String ADDR_NO_ALLOW_NO_DENY = "192.168.0.2";
+
+private static final String HOST_ALLOW_PAT= "www\\.example\\..*";
+private static final String HOST_DENY_PAT = ".*\\.org";
+private static final String HOST_ONLY_ALLOW = "www.example.com";
+private static final String HOST_ONLY_DENY= "host.example.org";
+private static final String HOST_ALLOW_AND_DENY = "www.example.org";
+private static final String HOST_NO_ALLOW_NO_DENY = "host.example.com";
+
+
+static class TerminatingValve extends ValveBase {
+@Override
+public void invoke(Request request, Response response) throws
IOException, ServletException {
+}
+}
+
+public static class MockResponse extends Response {
+private int status = OK;
+
+@Override
+public void sendError(int status) throws IOException {
+this.status = status;
+}
+
+@Override
+public int getStatus() {
+return status;
+}
+}
+
+private void oneTest(String allow, String deny, boolean denyStatus,
+ String property, String type, boolean allowed) {
+// PREPARE
+RequestFilterValve valve = null;
+Request request = new Request();
+Response response = new MockResponse();
+StringBuilder msg = new StringBuilder();
+int expected = allowed ? OK : FORBIDDEN;
+
+if (type == null) {
+fail("Invalid test with null type");
+}
+if (property != null) {
+if (type.equals("Addr")) {
+valve = new RemoteAddrValve();
+request.setRemoteAddr(property);
+msg.append(" ip='" + property + "'");
+} else if (type.equals("Host")) {
+valve = new RemoteHostValve();
+request.setRemoteHost(property);
+msg.append(" host='" + property + "'");
+} else {
+fail("Invalid test type" + type);
+}
+}
+valve.setNext(new TerminatingValve());
+
+if (allow != null) {
+valve.setAllow(allow);
+msg.append(" allow='" + allow + "'");
+}
+if (deny != null) {
+valve.setDeny(deny);
+msg.append(" deny='" + deny + "'");
+}
+if (denyStatus) {
+valve.setDenyStatus(CUSTOM);
+msg.append(" denyStatus='" + CUSTOM + "'");
+
svn commit: r1642564 - in /tomcat/trunk: java/org/apache/catalina/valves/RemoteAddrValve.java java/org/apache/catalina/valves/RemoteHostValve.java test/org/apache/catalina/valves/TestRequestFilterValv
Author: rjung
Date: Sun Nov 30 16:43:23 2014
New Revision: 1642564
URL: http://svn.apache.org/r1642564
Log:
Add optional use of connector port in allow
and deny expressions for RemoteAddrValve
and RemoteHostValve.
For example one can let everybody access the
HTTPS connector but restrict access to HTTP
to localhost or a monitoring client.
Modified:
tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java
tomcat/trunk/java/org/apache/catalina/valves/RemoteHostValve.java
tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java
tomcat/trunk/webapps/docs/config/valve.xml
Modified: tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java?rev=1642564&r1=1642563&r2=1642564&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java (original)
+++ tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java Sun Nov
30 16:43:23 2014
@@ -27,12 +27,47 @@ import org.apache.catalina.connector.Res
/**
* Concrete implementation of RequestFilterValve that filters
- * based on the string representation of the remote client's IP address.
+ * based on the string representation of the remote client's IP address
+ * optionally combined with the server port number.
*
* @author Craig R. McClanahan
*/
public final class RemoteAddrValve extends RequestFilterValve {
+// - Instance Variables
+
+/**
+ * Flag deciding whether we add the server port to the property
+ * compared in the filtering method. The port will be appended
+ * using a "," as a separator.
+ */
+protected volatile boolean addLocalPort = false;
+
+// - Properties
+
+
+/**
+ * Get the flag deciding whether we add the server port to the
+ * property compared in the filtering method. The port will be appended
+ * using a "," as a separator.
+ */
+public boolean getAddLocalPort() {
+return addLocalPort;
+}
+
+
+/**
+ * Set the flag deciding whether we add the server port to the
+ * property compared in the filtering method. The port will be appended
+ * using a "," as a separator.
+ *
+ * @param addLocalPort The new flag
+ */
+public void setAddLocalPort(boolean addLocalPort) {
+this.addLocalPort = addLocalPort;
+}
+
+
// - Public Methods
/**
@@ -51,7 +86,13 @@ public final class RemoteAddrValve exten
public void invoke(Request request, Response response)
throws IOException, ServletException {
-process(request.getRequest().getRemoteAddr(), request, response);
+String property;
+if (addLocalPort) {
+property = request.getRequest().getRemoteAddr() + "," +
request.getConnector().getPort();
+} else {
+property = request.getRequest().getRemoteAddr();
+}
+process(property, request, response);
}
}
Modified: tomcat/trunk/java/org/apache/catalina/valves/RemoteHostValve.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteHostValve.java?rev=1642564&r1=1642563&r2=1642564&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/valves/RemoteHostValve.java (original)
+++ tomcat/trunk/java/org/apache/catalina/valves/RemoteHostValve.java Sun Nov
30 16:43:23 2014
@@ -27,12 +27,47 @@ import org.apache.catalina.connector.Res
/**
* Concrete implementation of RequestFilterValve that filters
- * based on the remote client's host name.
+ * based on the remote client's host name optionally combined with the
+ * server port number.
*
* @author Craig R. McClanahan
*/
public final class RemoteHostValve extends RequestFilterValve {
+// - Instance Variables
+
+/**
+ * Flag deciding whether we add the server port to the property
+ * compared in the filtering method. The port will be appended
+ * using a "," as a separator.
+ */
+protected volatile boolean addLocalPort = false;
+
+// - Properties
+
+
+/**
+ * Get the flag deciding whether we add the server port to the
+ * property compared in the filtering method. The port will be appended
+ * using a "," as a separator.
+ */
+public boolean getAddLocalPort() {
+return addLocalPort;
+}
+
+
+/**
+ * Set the flag deciding whether we add the server port to the
+ * property compared in the filtering method. The port will be appended
+ * using a "," as a separator.
+ *
+ * @param
svn commit: r1642588 - /tomcat/trunk/webapps/docs/config/valve.xml
Author: rjung Date: Sun Nov 30 18:17:56 2014 New Revision: 1642588 URL: http://svn.apache.org/r1642588 Log: Here it is Valve not Filter. Modified: tomcat/trunk/webapps/docs/config/valve.xml Modified: tomcat/trunk/webapps/docs/config/valve.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1642588&r1=1642587&r2=1642588&view=diff == --- tomcat/trunk/webapps/docs/config/valve.xml (original) +++ tomcat/trunk/webapps/docs/config/valve.xml Sun Nov 30 18:17:56 2014 @@ -455,15 +455,15 @@ - + -The Remote Address Filter allows you to compare the +The Remote Address Valve allows you to compare the IP address of the client that submitted this request against one or more regular expressions, and either allow the request to continue or refuse to process the request from this client. A Remote Address -Filter can be associated with any Catalina container +Valve can be associated with any Catalina container (Engine, Host, or Context), and must accept any request presented to this container for processing before it will be passed on. @@ -484,13 +484,13 @@ will be 0:0:0:0:0:0:0:1 instead of the more widely used ::1. Consult your access logs for the actual value. -See also: Remote Host Filter, +See also: Remote Host Valve, Remote IP Valve. -The Remote Address Filter supports the following +The Remote Address Valve supports the following configuration attributes: @@ -554,15 +554,15 @@ - + -The Remote Host Filter allows you to compare the +The Remote Host Valve allows you to compare the hostname of the client that submitted this request against one or more regular expressions, and either allow the request to continue or refuse to process the request from this client. A Remote Host -Filter can be associated with any Catalina container +Valve can be associated with any Catalina container (Engine, Host, or Context), and must accept any request presented to this container for processing before it will be passed on. @@ -580,13 +580,13 @@ to return proper host names, you have to enable "DNS lookups" feature on a Connector. -See also: Remote Address Filter, +See also: Remote Address Valve, HTTP Connector configuration. -The Remote Host Filter supports the following +The Remote Host Valve supports the following configuration attributes: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1642595 - in /tomcat/trunk: java/org/apache/catalina/valves/RequestFilterValve.java test/org/apache/catalina/valves/TestRequestFilterValve.java webapps/docs/config/valve.xml
Author: rjung
Date: Sun Nov 30 18:30:47 2014
New Revision: 1642595
URL: http://svn.apache.org/r1642595
Log:
Allow RemoteAddreValve and RemoteHostValve to
trigger authentication instead of denying a
request with a status code.
This only works in combination with preemptiveAuthentication
on the application context.
It can be used to add an additional authentication
without touching the application war.
Example:
This will allow normal access via the port 8009 connector (AJP)
but will trigger basic auth when accessed via any other connector.
An administrator can use an http port to check whether the app
works but public access will still be restricted to the AJP port.
Modified:
tomcat/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java
tomcat/trunk/webapps/docs/config/valve.xml
Modified: tomcat/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RequestFilterValve.java?rev=1642595&r1=1642594&r2=1642595&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/valves/RequestFilterValve.java Sun
Nov 30 18:30:47 2014
@@ -23,6 +23,7 @@ import java.util.regex.Pattern;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
+import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
@@ -52,6 +53,11 @@ import org.apache.catalina.connector.Res
* The request will be rejected with a "Forbidden" HTTP response.
*
*
+ * As an option the valve can generate an invalid authenticate
+ * header instead of denying the request. This can be combined with the
+ * context attribute preemptiveAuthentication="true" and an
+ * authenticator to force authentication instead of denial.
+ *
* This Valve may be attached to any Container, depending on the granularity
* of the filtering you wish to perform.
*
@@ -117,6 +123,14 @@ public abstract class RequestFilterValve
*/
protected int denyStatus = HttpServletResponse.SC_FORBIDDEN;
+/**
+ * If invalidAuthenticationWhenDeny is true
+ * and the context has preemptiveAuthentication
+ * set, set an invalid authorization header to trigger basic auth
+ * instead of denying the request..
+ */
+private boolean invalidAuthenticationWhenDeny = false;
+
// - Properties
@@ -221,6 +235,23 @@ public abstract class RequestFilterValve
this.denyStatus = denyStatus;
}
+
+/**
+ * Return true if a deny is handled by setting an invalid auth header.
+ */
+public boolean getInvalidAuthenticationWhenDeny() {
+return invalidAuthenticationWhenDeny;
+}
+
+
+/**
+ * Set invalidAuthenticationWhenDeny property.
+ */
+public void setInvalidAuthenticationWhenDeny(boolean value) {
+invalidAuthenticationWhenDeny = value;
+}
+
+
// - Public Methods
/**
@@ -290,6 +321,9 @@ public abstract class RequestFilterValve
/**
* Reject the request that was denied by this valve.
+ * If invalidAuthenticationWhenDeny is true
+ * and the context has preemptiveAuthentication
+ * set, set an invalid authorization header to trigger basic auth.
*
* @param request The servlet request to be processed
* @param response The servlet response to be processed
@@ -298,6 +332,16 @@ public abstract class RequestFilterValve
*/
protected void denyRequest(Request request, Response response)
throws IOException, ServletException {
+if (invalidAuthenticationWhenDeny) {
+Context context = request.getContext();
+if (context != null && context.getPreemptiveAuthentication()) {
+if
(request.getCoyoteRequest().getMimeHeaders().getValue("authorization") == null)
{
+
request.getCoyoteRequest().getMimeHeaders().addValue("authorization").setString("invalid");
+}
+getNext().invoke(request, response);
+return;
+}
+}
response.sendError(denyStatus);
}
Modified:
tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java?rev=1642595&r1=1642594&r2=1642595&view=diff
==
--- tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java
(original)
+++ tomcat/trunk/test/org/apache/catalina/val
buildbot failure in ASF Buildbot on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/707 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-vm_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1642588 Blamelist: rjung BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: buildbot failure in ASF Buildbot on tomcat-trunk
Test org.apache.tomcat.websocket.TestWebSocketFrameClientSSL FAILED (in nio2) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1642595 - in /tomcat/trunk: java/org/apache/catalina/valves/RequestFilterValve.java test/org/apache/catalina/valves/TestRequestFilterValve.java webapps/docs/config/valve.xml
2014-11-30 21:30 GMT+03:00 :
> Author: rjung
> Date: Sun Nov 30 18:30:47 2014
> New Revision: 1642595
>
> URL: http://svn.apache.org/r1642595
> Log:
> Allow RemoteAddreValve and RemoteHostValve to
> trigger authentication instead of denying a
> request with a status code.
>
> This only works in combination with preemptiveAuthentication
> on the application context.
>
> It can be used to add an additional authentication
> without touching the application war.
>
> Example:
>
>
> allow=".*,8009"
1) If you ever plan to backport this to Tomcat 6, then comma (',') is
a wrong choice, because in Tomcat 6 it cannot be used in a regular
expression, as it is treated as a separator between several regular
expressions.
If colon is no good (as part of ipv6 address), I propose to use semicolon (';').
> addLocalPort="true"
2) "local port" usually means request.getServerPort() (that is what
means "%p" in AccessLogValve) or request.getLocalPort().
Your request.getConnector().getPort() in r1642564 is different from
either of them, because it can return "-1" if Tomcat is configured to
autoselect a port number, while none of the above methods can do that.
(See Connector.getPort() vs. connector.getLocalPort())
The Connector.getPort() value is good for this task of identifying connectors.
Maybe name this feature "addConnectorPort" instead of "addLocalPort"?
> invalidAuthenticationWhenDeny="true"/>
>
>
>
> This will allow normal access via the port 8009 connector (AJP)
> but will trigger basic auth when accessed via any other connector.
> An administrator can use an http port to check whether the app
> works but public access will still be restricted to the AJP port.
3) Expose the new properties via JMX = ?
> Modified:
> tomcat/trunk/java/org/apache/catalina/valves/RequestFilterValve.java
> tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java
> tomcat/trunk/webapps/docs/config/valve.xml
>
Best regards,
Konstantin Kolinko
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/708 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-vm_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1642595 Blamelist: rjung Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1642604 - /tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/XmlUtil.java
Author: jboynes
Date: Sun Nov 30 20:49:36 2014
New Revision: 1642604
URL: http://svn.apache.org/r1642604
Log:
Use ClassLoader of JSTL library when locating XML factories
Modified:
tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/XmlUtil.java
Modified:
tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/XmlUtil.java
URL:
http://svn.apache.org/viewvc/tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/XmlUtil.java?rev=1642604&r1=1642603&r2=1642604&view=diff
==
---
tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/XmlUtil.java
(original)
+++
tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/XmlUtil.java
Sun Nov 30 20:49:36 2014
@@ -19,6 +19,10 @@ package org.apache.taglibs.standard.tag.
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.io.Reader;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.concurrent.Callable;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.jsp.PageContext;
@@ -50,39 +54,49 @@ import org.xml.sax.helpers.XMLReaderFact
* Utilities for working with JAXP and SAX.
*/
public class XmlUtil {
-private static final DocumentBuilderFactory dbf;
-private static final SAXTransformerFactory stf;
-
+/* Cache factory classes when this class is initialized (since Java1.5
factories are required
+ * to be thread safe).
+ *
+ * As JavaEE 5 requires JSTL to be provided by the container we use our
ClassLoader to locate
+ * the implementations rather than the application's. As we don't know the
actual implementation
+ * class in use we can't use the newInstance() variant that allows the
ClassLoader to be
+ * specified so we use the no-arg form and coerce the TCCL (which may be
restricted by the
+ * AccessController).
+ */
+private static final DocumentBuilderFactory PARSER_FACTORY;
+private static final SAXTransformerFactory TRANSFORMER_FACTORY;
static {
-// from Java5 on DocumentBuilderFactory is thread safe and hence can
be cached
-dbf = DocumentBuilderFactory.newInstance();
-dbf.setNamespaceAware(true);
-dbf.setValidating(false);
try {
-dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+PARSER_FACTORY = runWithOurClassLoader(new
Callable() {
+public DocumentBuilderFactory call() throws
ParserConfigurationException {
+return DocumentBuilderFactory.newInstance();
+}
+}, ParserConfigurationException.class);
+PARSER_FACTORY.setNamespaceAware(true);
+PARSER_FACTORY.setValidating(false);
+PARSER_FACTORY.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
true);
} catch (ParserConfigurationException e) {
-throw new AssertionError("Parser does not support secure
processing");
-}
-
-TransformerFactory tf = TransformerFactory.newInstance();
-if (!(tf instanceof SAXTransformerFactory)) {
-throw new AssertionError("TransformerFactory does not support
SAX");
+throw new ExceptionInInitializerError(e);
}
try {
-tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+TRANSFORMER_FACTORY = runWithOurClassLoader(new
Callable() {
+public SAXTransformerFactory call() throws
TransformerConfigurationException {
+TransformerFactory tf = TransformerFactory.newInstance();
+if (!(tf instanceof SAXTransformerFactory)) {
+throw new
TransformerConfigurationException("TransformerFactory does not support SAX");
+}
+return (SAXTransformerFactory) tf;
+}
+}, TransformerConfigurationException.class);
+
TRANSFORMER_FACTORY.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
} catch (TransformerConfigurationException e) {
-throw new AssertionError("TransformerFactory does not support
secure processing");
+throw new ExceptionInInitializerError(e);
}
-stf = (SAXTransformerFactory) tf;
}
-
/**
* Create a new empty document.
*
- * This method always allocates a new document as its root node might be
- * exposed to other tags and potentially be mutated.
- *
* @return a new empty document
*/
static Document newEmptyDocument() {
@@ -96,9 +110,9 @@ public class XmlUtil {
*/
static DocumentBuilder newDocumentBuilder() {
try {
-return dbf.newDoc
Re: svn commit: r1642595 - in /tomcat/trunk: java/org/apache/catalina/valves/RequestFilterValve.java test/org/apache/catalina/valves/TestRequestFilterValve.java webapps/docs/config/valve.xml
Am 30.11.2014 um 21:13 schrieb Konstantin Kolinko:
2014-11-30 21:30 GMT+03:00 :
Author: rjung
Date: Sun Nov 30 18:30:47 2014
New Revision: 1642595
URL: http://svn.apache.org/r1642595
Log:
Allow RemoteAddreValve and RemoteHostValve to
trigger authentication instead of denying a
request with a status code.
This only works in combination with preemptiveAuthentication
on the application context.
It can be used to add an additional authentication
without touching the application war.
Example:
RequestFilterValve is an abstract class...
Oups, yes, it would be either RequestAddrValve or RequestHostValve.
I should add an explicit working example to the docs-
allow=".*,8009"
1) If you ever plan to backport this to Tomcat 6, then comma (',') is
a wrong choice, because in Tomcat 6 it cannot be used in a regular
expression, as it is treated as a separator between several regular
expressions.
Thanks for the hint. I had originally used "-", but didn't like it
because it can show up in host names.
If colon is no good (as part of ipv6 address), I propose to use semicolon (';').
ACK, will adjust.
addLocalPort="true"
2) "local port" usually means request.getServerPort() (that is what
means "%p" in AccessLogValve) or request.getLocalPort().
Your request.getConnector().getPort() in r1642564 is different from
either of them, because it can return "-1" if Tomcat is configured to
autoselect a port number, while none of the above methods can do that.
(See Connector.getPort() vs. connector.getLocalPort())
The Connector.getPort() value is good for this task of identifying connectors.
Maybe name this feature "addConnectorPort" instead of "addLocalPort"?
Good point, thanks.
invalidAuthenticationWhenDeny="true"/>
This will allow normal access via the port 8009 connector (AJP)
but will trigger basic auth when accessed via any other connector.
An administrator can use an http port to check whether the app
works but public access will still be restricted to the AJP port.
3) Expose the new properties via JMX = ?
ACK
Thanks a bunch for your review!
Regards,
Rainer
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1642606 - in /tomcat/trunk: java/org/apache/catalina/valves/ test/org/apache/catalina/valves/ webapps/docs/config/
Author: rjung
Date: Sun Nov 30 21:37:27 2014
New Revision: 1642606
URL: http://svn.apache.org/r1642606
Log:
kkolinko review on i1642564 and 1642595:
- addLocalPort => addConnectorPort
- separator "," => ";"
- expose addConnectorPort and invalidAuthenticationWhenDeny
via JMX
- add complete example to docs
Bonus: replace deprecated request.setContext() in unit test.
Modified:
tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java
tomcat/trunk/java/org/apache/catalina/valves/RemoteHostValve.java
tomcat/trunk/java/org/apache/catalina/valves/mbeans-descriptors.xml
tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java
tomcat/trunk/webapps/docs/config/valve.xml
Modified: tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java?rev=1642606&r1=1642605&r2=1642606&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java (original)
+++ tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java Sun Nov
30 21:37:27 2014
@@ -28,7 +28,7 @@ import org.apache.catalina.connector.Res
/**
* Concrete implementation of RequestFilterValve that filters
* based on the string representation of the remote client's IP address
- * optionally combined with the server port number.
+ * optionally combined with the server connector port number.
*
* @author Craig R. McClanahan
*/
@@ -37,34 +37,34 @@ public final class RemoteAddrValve exten
// - Instance Variables
/**
- * Flag deciding whether we add the server port to the property
+ * Flag deciding whether we add the server connector port to the property
* compared in the filtering method. The port will be appended
- * using a "," as a separator.
+ * using a ";" as a separator.
*/
-protected volatile boolean addLocalPort = false;
+protected volatile boolean addConnectorPort = false;
// - Properties
/**
- * Get the flag deciding whether we add the server port to the
+ * Get the flag deciding whether we add the server connector port to the
* property compared in the filtering method. The port will be appended
- * using a "," as a separator.
+ * using a ";" as a separator.
*/
-public boolean getAddLocalPort() {
-return addLocalPort;
+public boolean getAddConnectorPort() {
+return addConnectorPort;
}
/**
- * Set the flag deciding whether we add the server port to the
+ * Set the flag deciding whether we add the server connector port to the
* property compared in the filtering method. The port will be appended
- * using a "," as a separator.
+ * using a ";" as a separator.
*
- * @param addLocalPort The new flag
+ * @param addConnectorPort The new flag
*/
-public void setAddLocalPort(boolean addLocalPort) {
-this.addLocalPort = addLocalPort;
+public void setAddConnectorPort(boolean addConnectorPort) {
+this.addConnectorPort = addConnectorPort;
}
@@ -87,8 +87,8 @@ public final class RemoteAddrValve exten
throws IOException, ServletException {
String property;
-if (addLocalPort) {
-property = request.getRequest().getRemoteAddr() + "," +
request.getConnector().getPort();
+if (addConnectorPort) {
+property = request.getRequest().getRemoteAddr() + ";" +
request.getConnector().getPort();
} else {
property = request.getRequest().getRemoteAddr();
}
Modified: tomcat/trunk/java/org/apache/catalina/valves/RemoteHostValve.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteHostValve.java?rev=1642606&r1=1642605&r2=1642606&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/valves/RemoteHostValve.java (original)
+++ tomcat/trunk/java/org/apache/catalina/valves/RemoteHostValve.java Sun Nov
30 21:37:27 2014
@@ -28,7 +28,7 @@ import org.apache.catalina.connector.Res
/**
* Concrete implementation of RequestFilterValve that filters
* based on the remote client's host name optionally combined with the
- * server port number.
+ * server connector port number.
*
* @author Craig R. McClanahan
*/
@@ -37,34 +37,34 @@ public final class RemoteHostValve exten
// - Instance Variables
/**
- * Flag deciding whether we add the server port to the property
+ * Flag deciding whether we add the server connector port to the property
* compared in the filtering method. The port will be appended
- * using a "," as a separator.
+ * using
svn commit: r1642609 - in /tomcat/taglibs/standard/trunk/impl/src: main/java/org/apache/taglibs/standard/tag/common/xml/ main/java/org/apache/taglibs/standard/util/ test/java/org/apache/taglibs/standa
Author: jboynes Date: Sun Nov 30 22:13:21 2014 New Revision: 1642609 URL: http://svn.apache.org/r1642609 Log: Move XmlUtil to util package as we can also use it from the TLVs Added: tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/util/XmlUtil.java - copied, changed from r1642607, tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/XmlUtil.java Removed: tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/XmlUtil.java Modified: tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/ParseSupport.java tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/TransformSupport.java tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/XalanUtil.java tomcat/taglibs/standard/trunk/impl/src/test/java/org/apache/taglibs/standard/tag/common/xml/ExprSupportTest.java tomcat/taglibs/standard/trunk/impl/src/test/java/org/apache/taglibs/standard/tag/common/xml/ForEachTagTest.java tomcat/taglibs/standard/trunk/impl/src/test/java/org/apache/taglibs/standard/tag/common/xml/JSTLVariableStackTest.java Modified: tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/ParseSupport.java URL: http://svn.apache.org/viewvc/tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/ParseSupport.java?rev=1642609&r1=1642608&r2=1642609&view=diff == --- tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/ParseSupport.java (original) +++ tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/ParseSupport.java Sun Nov 30 22:13:21 2014 @@ -32,6 +32,7 @@ import javax.xml.transform.sax.Transform import org.apache.taglibs.standard.resources.Resources; import org.apache.taglibs.standard.tag.common.core.Util; +import org.apache.taglibs.standard.util.XmlUtil; import org.w3c.dom.Document; import org.xml.sax.InputSource; import org.xml.sax.SAXException; Modified: tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/TransformSupport.java URL: http://svn.apache.org/viewvc/tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/TransformSupport.java?rev=1642609&r1=1642608&r2=1642609&view=diff == --- tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/TransformSupport.java (original) +++ tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/TransformSupport.java Sun Nov 30 22:13:21 2014 @@ -37,6 +37,7 @@ import javax.xml.transform.stream.Stream import org.apache.taglibs.standard.resources.Resources; import org.apache.taglibs.standard.tag.common.core.Util; import org.apache.taglibs.standard.util.UnclosableWriter; +import org.apache.taglibs.standard.util.XmlUtil; import org.w3c.dom.Document; import org.w3c.dom.Node; import org.xml.sax.SAXException; Modified: tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/XalanUtil.java URL: http://svn.apache.org/viewvc/tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/XalanUtil.java?rev=1642609&r1=1642608&r2=1642609&view=diff == --- tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/XalanUtil.java (original) +++ tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/XalanUtil.java Sun Nov 30 22:13:21 2014 @@ -21,6 +21,7 @@ import javax.servlet.jsp.tagext.Tag; import javax.servlet.jsp.tagext.TagSupport; import javax.xml.transform.TransformerException; +import org.apache.taglibs.standard.util.XmlUtil; import org.apache.xpath.VariableStack; import org.apache.xpath.XPathContext; import org.apache.xpath.objects.XBoolean; Copied: tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/util/XmlUtil.java (from r1642607, tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/XmlUtil.java) URL: http://svn.apache.org/viewvc/tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/util/XmlUtil.java?p2=tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/util/XmlUtil.java&p1=tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tag/common/xml/XmlUtil.java&r1=1642607&r2=1642609&rev=1642609&view=diff == --- tomcat/taglibs/standard/trunk/impl/src/main/j
[Bug 56546] Improve thread trace logging in WebappClassLoader.clearReferencesThreads()
https://issues.apache.org/bugzilla/show_bug.cgi?id=56546 Ahmed Hosni changed: What|Removed |Added CC||ahmedhosni...@gmail.com --- Comment #8 from Ahmed Hosni --- Created attachment 32241 --> https://issues.apache.org/bugzilla/attachment.cgi?id=32241&action=edit Diff file fort to list all stack traces before clearing threads Fix bug 56546 list all stack traces before clearing threads, using two loops one for each purposem as Konstantin Kolinko suggested -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57289] New: XML factories should be located using the JSTL libraries ClassLoader
https://issues.apache.org/bugzilla/show_bug.cgi?id=57289 Bug ID: 57289 Summary: XML factories should be located using the JSTL libraries ClassLoader Product: Taglibs Version: 1.2.1 Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Standard Taglib Assignee: dev@tomcat.apache.org Reporter: jboy...@apache.org When loading XML factories (e.g. the DocumentBuilderFactory used by the implementation is discovered using the TCCL which will be the web application's ClassLoader. When the JSTL implementation is bundled with an application server it should use the implementation's classloader instead. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57289] XML factories should be located using the JSTL library's ClassLoader
https://issues.apache.org/bugzilla/show_bug.cgi?id=57289 Jeremy Boynes changed: What|Removed |Added Summary|XML factories should be |XML factories should be |located using the JSTL |located using the JSTL |libraries ClassLoader |library's ClassLoader -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1642613 - in /tomcat/taglibs/standard/trunk: impl/src/main/java/org/apache/taglibs/standard/tlv/ impl/src/main/java/org/apache/taglibs/standard/util/ spec/src/main/java/javax/servlet/jsp/
Author: jboynes
Date: Sun Nov 30 23:32:00 2014
New Revision: 1642613
URL: http://svn.apache.org/r1642613
Log:
JSTL TLVs use common parser
Added:
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/ParserUtil.java
(with props)
Modified:
tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tlv/JstlBaseTLV.java
tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/util/XmlUtil.java
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLV.java
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/ScriptFreeTLV.java
Modified:
tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tlv/JstlBaseTLV.java
URL:
http://svn.apache.org/viewvc/tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tlv/JstlBaseTLV.java?rev=1642613&r1=1642612&r2=1642613&view=diff
==
---
tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tlv/JstlBaseTLV.java
(original)
+++
tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/tlv/JstlBaseTLV.java
Sun Nov 30 23:32:00 2014
@@ -18,6 +18,7 @@
package org.apache.taglibs.standard.tlv;
import java.io.IOException;
+import java.io.InputStream;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -30,13 +31,13 @@ import javax.servlet.jsp.tagext.PageData
import javax.servlet.jsp.tagext.TagData;
import javax.servlet.jsp.tagext.TagLibraryValidator;
import javax.servlet.jsp.tagext.ValidationMessage;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
import org.apache.taglibs.standard.resources.Resources;
+import org.apache.taglibs.standard.util.XmlUtil;
import org.xml.sax.Attributes;
+import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
+import org.xml.sax.XMLReader;
import org.xml.sax.helpers.DefaultHandler;
/**
@@ -149,11 +150,18 @@ public abstract class JstlBaseTLV extend
DefaultHandler h = getHandler();
// parse the page
-SAXParserFactory f = SAXParserFactory.newInstance();
-f.setValidating(false);
-f.setNamespaceAware(true);
-SAXParser p = f.newSAXParser();
-p.parse(page.getInputStream(), h);
+XMLReader xmlReader = XmlUtil.newXMLReader(null);
+xmlReader.setContentHandler(h);
+InputStream inputStream = page.getInputStream();
+try {
+xmlReader.parse(new InputSource(inputStream));
+} finally {
+try {
+inputStream.close();
+} catch (IOException e) {
+// Suppressed.
+}
+}
if (messageVector.size() == 0) {
return null;
@@ -163,8 +171,6 @@ public abstract class JstlBaseTLV extend
} catch (SAXException ex) {
return vmFromString(ex.toString());
-} catch (ParserConfigurationException ex) {
-return vmFromString(ex.toString());
} catch (IOException ex) {
return vmFromString(ex.toString());
}
Modified:
tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/util/XmlUtil.java
URL:
http://svn.apache.org/viewvc/tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/util/XmlUtil.java?rev=1642613&r1=1642612&r2=1642613&view=diff
==
---
tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/util/XmlUtil.java
(original)
+++
tomcat/taglibs/standard/trunk/impl/src/main/java/org/apache/taglibs/standard/util/XmlUtil.java
Sun Nov 30 23:32:00 2014
@@ -167,6 +167,7 @@ public class XmlUtil {
}
}, SAXException.class);
xmlReader.setEntityResolver(entityResolver);
+xmlReader.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
return xmlReader;
}
Added:
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/ParserUtil.java
URL:
http://svn.apache.org/viewvc/tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/ParserUtil.java?rev=1642613&view=auto
==
---
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/ParserUtil.java
(added)
+++
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/ParserUtil.java
Sun Nov 30 23:32:00 2014
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional informati
[Tomcat Wiki] Trivial Update of "HowTo" by SebastianBazley
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "HowTo" page has been changed by SebastianBazley:
https://wiki.apache.org/tomcat/HowTo?action=diff&rev1=140&rev2=141
Getting a thread dump depends a lot on your environment. Please choose the
section below that matches your environment best. The more universal and
convenient options are presented first, while the more difficult ones or those
for specific setups are provided later. Generally, you should start at the top
of the list and work your way down until you find a technique that works for
you.
=== If you are running Oracle (Sun) JDK ===
- Oracle JDK (not the JRE) (formerly Sun JDK) since version 1.6 (and since 1.4
on *nix systems) ships with a program called ''jstack'' (or ''jstack.exe'' on
Microsoft Windows) which will give you a thread dump on standard output. Pipe
the output into a file and you have your thread dump. You will need the process
id ("pid") of the process to dump. Use of the program ''jps'' (''jps.exe'' on
Microsoft Windows) can help you determine the pid of a specific Java process.
+ Oracle JDK (not the JRE) (formerly Sun JDK) since version 1.6 (and since 1.4
on *nix systems) ships with a program called ''jstack'' (or ''jstack.exe'' on
Microsoft Windows) which will give you a thread dump on standard output.
Redirect the output into a file and you have your thread dump. You will need
the process id ("pid") of the process to dump. Use of the program ''jps''
(''jps.exe'' on Microsoft Windows) can help you determine the pid of a specific
Java process.
See [[http://docs.oracle.com/javase/8/docs/technotes/tools/|Tools page]] in
JDK documentation for usage reference.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1642617 - in /tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv: PageParser.java ParserUtil.java PermittedTaglibsTLV.java ScriptFreeTLV.java
Author: jboynes
Date: Mon Dec 1 02:08:41 2014
New Revision: 1642617
URL: http://svn.apache.org/r1642617
Log:
JSTL TLVs need different namespace awareness
Added:
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/PageParser.java
- copied, changed from r1642613,
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/ParserUtil.java
Removed:
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/ParserUtil.java
Modified:
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLV.java
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/ScriptFreeTLV.java
Copied:
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/PageParser.java
(from r1642613,
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/ParserUtil.java)
URL:
http://svn.apache.org/viewvc/tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/PageParser.java?p2=tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/PageParser.java&p1=tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/ParserUtil.java&r1=1642613&r2=1642617&rev=1642617&view=diff
==
---
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/ParserUtil.java
(original)
+++
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/PageParser.java
Mon Dec 1 02:08:41 2014
@@ -35,14 +35,15 @@ import org.xml.sax.helpers.DefaultHandle
/**
* Support class for working with the SAX Parser.
*/
-class ParserUtil {
+class PageParser {
-private static final SAXParserFactory PARSER_FACTORY;
-static {
-PARSER_FACTORY = AccessController.doPrivileged(new
PrivilegedAction() {
+private final SAXParserFactory parserFactory;
+
+PageParser(boolean namespaceAware) {
+parserFactory = AccessController.doPrivileged(new
PrivilegedAction() {
public SAXParserFactory run() {
ClassLoader original =
Thread.currentThread().getContextClassLoader();
-ClassLoader ours = ParserUtil.class.getClassLoader();
+ClassLoader ours = PageParser.class.getClassLoader();
try {
if (original != ours) {
Thread.currentThread().setContextClassLoader(ours);
@@ -56,8 +57,9 @@ class ParserUtil {
}
});
try {
-PARSER_FACTORY.setValidating(true);
-PARSER_FACTORY.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
true);
+parserFactory.setNamespaceAware(namespaceAware);
+parserFactory.setValidating(false);
+parserFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
true);
} catch (ParserConfigurationException e) {
throw new ExceptionInInitializerError(e);
} catch (SAXNotRecognizedException e) {
@@ -67,11 +69,8 @@ class ParserUtil {
}
}
-private ParserUtil() {
-}
-
-static void parse(PageData pageData, DefaultHandler handler) throws
ParserConfigurationException, SAXException, IOException {
-SAXParser parser = PARSER_FACTORY.newSAXParser();
+void parse(PageData pageData, DefaultHandler handler) throws
ParserConfigurationException, SAXException, IOException {
+SAXParser parser = parserFactory.newSAXParser();
InputStream is = pageData.getInputStream();
try {
parser.parse(is, handler);
Modified:
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLV.java
URL:
http://svn.apache.org/viewvc/tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLV.java?rev=1642617&r1=1642616&r2=1642617&view=diff
==
---
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLV.java
(original)
+++
tomcat/taglibs/standard/trunk/spec/src/main/java/javax/servlet/jsp/jstl/tlv/PermittedTaglibsTLV.java
Mon Dec 1 02:08:41 2014
@@ -17,7 +17,6 @@
package javax.servlet.jsp.jstl.tlv;
import java.io.IOException;
-import java.io.InputStream;
import java.util.HashSet;
import java.util.Set;
import java.util.StringTokenizer;
@@ -26,8 +25,6 @@ import javax.servlet.jsp.tagext.PageData
import javax.servlet.jsp.tagext.TagLibraryValidator;
import javax.servlet.jsp.tagext.ValidationMessage;
import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
@@ -52,17 +49,18 @@ public class PermittedTaglibsTLV extends
// Constants
// parameter names
-private final String PERMITTED_TAGL
[Bug 57290] New: PermittedTaglibsTLV does not reject unspecified tags in JSP Documents
https://issues.apache.org/bugzilla/show_bug.cgi?id=57290 Bug ID: 57290 Summary: PermittedTaglibsTLV does not reject unspecified tags in JSP Documents Product: Taglibs Version: 1.2.1 Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Standard Taglib Assignee: dev@tomcat.apache.org Reporter: jboy...@apache.org PermittedTaglibsTLV checks the XML view of a page to determine which tag libraries are permitted to be used. It does this by examining the xmlns declarations on the element. This work for pages using standard JSP format because all taglib directives are translated to declarations on that root element. However, for JSP documents (.jspx XML files), the declarations are left as xmlns declarations on nested elements and so are not detected. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57290] PermittedTaglibsTLV does not reject unspecified tags in JSP Documents
https://issues.apache.org/bugzilla/show_bug.cgi?id=57290 --- Comment #1 from Jeremy Boynes --- A simple JSP Document produces the following XML View: http://java.sun.com/JSP/Page"; jsp:id="0"> In this view, the 'd' and 'x' prefixes refer to tag libraries but the 'o' prefix is part of the output text. Without access TagLibraryInfo I do not see a way determine that 'urn:dump' refers to a taglib but that 'urn:out' does not. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57289] XML factories should be located using the JSTL library's ClassLoader
https://issues.apache.org/bugzilla/show_bug.cgi?id=57289 Jeremy Boynes changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Jeremy Boynes --- Fixed as of http://svn.apache.org/r1642617 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
