svn commit: r1686974 - /tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java
Author: kfujino
Date: Tue Jun 23 07:18:54 2015
New Revision: 1686974
URL: http://svn.apache.org/r1686974
Log:
Avoid NPE if connection has been abandoned.
Modified:
tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java
Modified:
tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java?rev=1686974&r1=1686973&r2=1686974&view=diff
==
---
tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java
(original)
+++
tomcat/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java
Tue Jun 23 07:18:54 2015
@@ -102,9 +102,11 @@ public class SlowQueryReport extends Abs
long now = System.currentTimeMillis();
long delta = now - start;
QueryStats qs = this.getQueryStats(sql);
-qs.failure(delta, now);
-if (isLogFailed() && log.isWarnEnabled()) {
-log.warn("Failed Query Report SQL="+sql+"; time="+delta+"
ms;");
+if (qs != null) {
+qs.failure(delta, now);
+if (isLogFailed() && log.isWarnEnabled()) {
+log.warn("Failed Query Report SQL="+sql+"; time="+delta+"
ms;");
+}
}
}
return sql;
@@ -115,7 +117,7 @@ public class SlowQueryReport extends Abs
String sql = super.reportQuery(query, args, name, start, delta);
if (this.maxQueries > 0 ) {
QueryStats qs = this.getQueryStats(sql);
-qs.add(delta, start);
+if (qs != null) qs.add(delta, start);
}
return sql;
}
@@ -125,9 +127,11 @@ public class SlowQueryReport extends Abs
String sql = super.reportSlowQuery(query, args, name, start, delta);
if (this.maxQueries > 0 ) {
QueryStats qs = this.getQueryStats(sql);
-qs.add(delta, start);
-if (isLogSlow() && log.isWarnEnabled()) {
-log.warn("Slow Query Report SQL="+sql+"; time="+delta+" ms;");
+if (qs != null) {
+qs.add(delta, start);
+if (isLogSlow() && log.isWarnEnabled()) {
+log.warn("Slow Query Report SQL="+sql+"; time="+delta+"
ms;");
+}
}
}
return sql;
@@ -145,13 +149,13 @@ public class SlowQueryReport extends Abs
@Override
public void prepareStatement(String sql, long time) {
QueryStats qs = getQueryStats(sql);
-qs.prepare(time);
+if (qs != null) qs.prepare(time);
}
@Override
public void prepareCall(String sql, long time) {
QueryStats qs = getQueryStats(sql);
-qs.prepare(time);
+if (qs != null) qs.prepare(time);
}
/**
@@ -186,7 +190,10 @@ public class SlowQueryReport extends Abs
protected QueryStats getQueryStats(String sql) {
if (sql==null) sql = "";
ConcurrentHashMap queries =
SlowQueryReport.this.queries;
-if (queries==null) return null;
+if (queries==null) {
+if (log.isWarnEnabled()) log.warn("Connection has already been
closed or abandoned");
+return null;
+}
QueryStats qs = queries.get(sql);
if (qs == null) {
qs = new QueryStats(sql);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686975 - /tomcat/tc8.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java
Author: kfujino
Date: Tue Jun 23 07:21:01 2015
New Revision: 1686975
URL: http://svn.apache.org/r1686975
Log:
Avoid NPE if connection has been abandoned.
Modified:
tomcat/tc8.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java
Modified:
tomcat/tc8.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java?rev=1686975&r1=1686974&r2=1686975&view=diff
==
---
tomcat/tc8.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java
(original)
+++
tomcat/tc8.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java
Tue Jun 23 07:21:01 2015
@@ -102,9 +102,11 @@ public class SlowQueryReport extends Abs
long now = System.currentTimeMillis();
long delta = now - start;
QueryStats qs = this.getQueryStats(sql);
-qs.failure(delta, now);
-if (isLogFailed() && log.isWarnEnabled()) {
-log.warn("Failed Query Report SQL="+sql+"; time="+delta+"
ms;");
+if (qs != null) {
+qs.failure(delta, now);
+if (isLogFailed() && log.isWarnEnabled()) {
+log.warn("Failed Query Report SQL="+sql+"; time="+delta+"
ms;");
+}
}
}
return sql;
@@ -115,7 +117,7 @@ public class SlowQueryReport extends Abs
String sql = super.reportQuery(query, args, name, start, delta);
if (this.maxQueries > 0 ) {
QueryStats qs = this.getQueryStats(sql);
-qs.add(delta, start);
+if (qs != null) qs.add(delta, start);
}
return sql;
}
@@ -125,9 +127,11 @@ public class SlowQueryReport extends Abs
String sql = super.reportSlowQuery(query, args, name, start, delta);
if (this.maxQueries > 0 ) {
QueryStats qs = this.getQueryStats(sql);
-qs.add(delta, start);
-if (isLogSlow() && log.isWarnEnabled()) {
-log.warn("Slow Query Report SQL="+sql+"; time="+delta+" ms;");
+if (qs != null) {
+qs.add(delta, start);
+if (isLogSlow() && log.isWarnEnabled()) {
+log.warn("Slow Query Report SQL="+sql+"; time="+delta+"
ms;");
+}
}
}
return sql;
@@ -145,13 +149,13 @@ public class SlowQueryReport extends Abs
@Override
public void prepareStatement(String sql, long time) {
QueryStats qs = getQueryStats(sql);
-qs.prepare(time);
+if (qs != null) qs.prepare(time);
}
@Override
public void prepareCall(String sql, long time) {
QueryStats qs = getQueryStats(sql);
-qs.prepare(time);
+if (qs != null) qs.prepare(time);
}
/**
@@ -186,7 +190,10 @@ public class SlowQueryReport extends Abs
protected QueryStats getQueryStats(String sql) {
if (sql==null) sql = "";
ConcurrentHashMap queries =
SlowQueryReport.this.queries;
-if (queries==null) return null;
+if (queries==null) {
+if (log.isWarnEnabled()) log.warn("Connection has already been
closed or abandoned");
+return null;
+}
QueryStats qs = queries.get(sql);
if (qs == null) {
qs = new QueryStats(sql);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686976 - /tomcat/tc7.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java
Author: kfujino
Date: Tue Jun 23 07:21:49 2015
New Revision: 1686976
URL: http://svn.apache.org/r1686976
Log:
Avoid NPE if connection has been abandoned.
Modified:
tomcat/tc7.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java
Modified:
tomcat/tc7.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java?rev=1686976&r1=1686975&r2=1686976&view=diff
==
---
tomcat/tc7.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java
(original)
+++
tomcat/tc7.0.x/trunk/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java
Tue Jun 23 07:21:49 2015
@@ -93,9 +93,11 @@ public class SlowQueryReport extends Abs
long now = System.currentTimeMillis();
long delta = now - start;
QueryStats qs = this.getQueryStats(sql);
-qs.failure(delta, now);
-if (log.isWarnEnabled()) {
-log.warn("Failed Query Report SQL="+sql+"; time="+delta+"
ms;");
+if (qs != null) {
+qs.failure(delta, now);
+if (log.isWarnEnabled()) {
+log.warn("Failed Query Report SQL="+sql+"; time="+delta+"
ms;");
+}
}
}
return sql;
@@ -106,7 +108,7 @@ public class SlowQueryReport extends Abs
String sql = super.reportQuery(query, args, name, start, delta);
if (this.maxQueries > 0 ) {
QueryStats qs = this.getQueryStats(sql);
-qs.add(delta, start);
+if (qs != null) qs.add(delta, start);
}
return sql;
}
@@ -116,9 +118,11 @@ public class SlowQueryReport extends Abs
String sql = super.reportSlowQuery(query, args, name, start, delta);
if (this.maxQueries > 0 ) {
QueryStats qs = this.getQueryStats(sql);
-qs.add(delta, start);
-if (log.isWarnEnabled()) {
-log.warn("Slow Query Report SQL="+sql+"; time="+delta+" ms;");
+if (qs != null) {
+qs.add(delta, start);
+if (log.isWarnEnabled()) {
+log.warn("Slow Query Report SQL="+sql+"; time="+delta+"
ms;");
+}
}
}
return sql;
@@ -136,13 +140,13 @@ public class SlowQueryReport extends Abs
@Override
public void prepareStatement(String sql, long time) {
QueryStats qs = getQueryStats(sql);
-qs.prepare(time);
+if (qs != null) qs.prepare(time);
}
@Override
public void prepareCall(String sql, long time) {
QueryStats qs = getQueryStats(sql);
-qs.prepare(time);
+if (qs != null) qs.prepare(time);
}
/**
@@ -177,7 +181,10 @@ public class SlowQueryReport extends Abs
protected QueryStats getQueryStats(String sql) {
if (sql==null) sql = "";
ConcurrentHashMap queries =
SlowQueryReport.this.queries;
-if (queries==null) return null;
+if (queries==null) {
+if (log.isWarnEnabled()) log.warn("Connection has already been
closed or abandoned");
+return null;
+}
QueryStats qs = queries.get(sql);
if (qs == null) {
qs = new QueryStats(sql);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686977 - /tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
Author: kfujino Date: Tue Jun 23 07:24:23 2015 New Revision: 1686977 URL: http://svn.apache.org/r1686977 Log: Add changelog entry. Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1686977&r1=1686976&r2=1686977&view=diff == --- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Tue Jun 23 07:24:23 2015 @@ -185,6 +185,12 @@ Refactoring of the removeOldest method in SlowQueryReport to behave as expected. (kfujino) + +57783: Fix NullPointerException in +SlowQueryReport. To avoid this NPE, Refactor +SlowQueryReport#removeOldest and handle the abandoned +connection properly. (kfujino) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686978 - /tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Author: kfujino Date: Tue Jun 23 07:25:00 2015 New Revision: 1686978 URL: http://svn.apache.org/r1686978 Log: Add changelog entry. Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1686978&r1=1686977&r2=1686978&view=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Tue Jun 23 07:25:00 2015 @@ -202,6 +202,12 @@ Refactoring of the removeOldest method in SlowQueryReport to behave as expected. (kfujino) + +57783: Fix NullPointerException in +SlowQueryReport. To avoid this NPE, Refactor +SlowQueryReport#removeOldest and handle the abandoned +connection properly. (kfujino) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57783] NPE in SlowQueryReport - getQueryStats() returning null
https://bz.apache.org/bugzilla/show_bug.cgi?id=57783 Keiichi Fujino changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Keiichi Fujino --- Thanks for the report. I examined the code of SlowQueryReport. There were two problems that cause NPE. The first is Because SlowQueryReport#removeOldest has not been implemented correctly, If multiple threads invoke the same query at the same time, It is possible to return null. The second is If this Interceptor has executed a connection that had been closed by the removeAbandoned, It is possible to return null. The former issue has been fixed in r1686791 and r1686792, the latter issue has been fixed in r1686975 and r1686976. These revisions are scheduled to be included in the release of Tomcat8.0.24, Tomcat 7.0.63 or later. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot exception in ASF Buildbot on tomcat-8-trunk
The Buildbot has detected a build exception on builder tomcat-8-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-8-trunk/builds/300 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' triggered this build Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1686977 Blamelist: kfujino BUILD FAILED: exception upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in ASF Buildbot on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1433 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1686974 Blamelist: kfujino BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1686979 - /tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
Author: remm
Date: Tue Jun 23 07:33:23 2015
New Revision: 1686979
URL: http://svn.apache.org/r1686979
Log:
Harmonize, null the SSL engine as well.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java?rev=1686979&r1=1686978&r2=1686979&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNio2Channel.java Tue Jun
23 07:33:23 2015
@@ -119,6 +119,7 @@ public class SecureNio2Channel extends N
public void reset(AsynchronousSocketChannel channel,
SocketWrapperBase socket)
throws IOException {
super.reset(channel, socket);
+sslEngine = null;
sniComplete = false;
handshakeComplete = false;
closed = false;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1434 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1686979 Blamelist: remm Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687017 - /tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
Author: markt
Date: Tue Jun 23 10:09:16 2015
New Revision: 1687017
URL: http://svn.apache.org/r1687017
Log:
Fixed authentication caching within the session for JASPIC authenticator
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java?rev=1687017&r1=1687016&r2=1687017&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
Tue Jun 23 10:09:16 2015
@@ -65,6 +65,10 @@ public class JaspicAuthenticator extends
@Override
public boolean authenticate(Request request, HttpServletResponse response)
throws IOException {
+if (checkForCachedAuthentication(request, response, true)) {
+return true;
+}
+
MessageInfo messageInfo = new MessageInfoImpl(request, response, true,
getAuthMethod());
AuthConfigFactory factory = AuthConfigFactory.getFactory();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687004 - in /tomcat/trunk: java/org/apache/catalina/authenticator/jaspic/ test/org/apache/catalina/authenticator/jaspic/
Author: markt
Date: Tue Jun 23 09:26:15 2015
New Revision: 1687004
URL: http://svn.apache.org/r1687004
Log:
Change JASPIC callback handler to be a singleton
Implemented JAAS subject support
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java
tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestJaspicCallbackHandler.java
tomcat/trunk/test/org/apache/catalina/authenticator/jaspic/TestPrincipalGroupCallback.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java?rev=1687004&r1=1687003&r2=1687004&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
Tue Jun 23 09:26:15 2015
@@ -17,8 +17,8 @@
package org.apache.catalina.authenticator.jaspic;
import java.io.IOException;
-import java.security.Principal;
import java.util.Map;
+import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
@@ -34,6 +34,7 @@ import javax.servlet.http.HttpServletRes
import org.apache.catalina.LifecycleException;
import org.apache.catalina.authenticator.AuthenticatorBase;
import org.apache.catalina.connector.Request;
+import org.apache.catalina.realm.GenericPrincipal;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -52,18 +53,19 @@ public class JaspicAuthenticator extends
@SuppressWarnings("rawtypes")
private Map authProperties = null;
+private JaspicCallbackHandler callbackHandler;
@Override
protected synchronized void startInternal() throws LifecycleException {
super.startInternal();
serviceSubject = new Subject();
+callbackHandler = getJaspicCallbackHandler();
}
@Override
public boolean authenticate(Request request, HttpServletResponse response)
throws IOException {
MessageInfo messageInfo = new MessageInfoImpl(request, response, true);
-JaspicCallbackHandler callbackHandler = getJaspicCallbackHandler();
AuthConfigFactory factory = AuthConfigFactory.getFactory();
String appContext = getAppContextId(request);
@@ -76,20 +78,21 @@ public class JaspicAuthenticator extends
}
AuthStatus authStatus;
+Subject subject = new Subject();
try {
ServerAuthConfig authConfig =
configProvider.getServerAuthConfig(MESSAGE_LAYER,
appContext, callbackHandler);
String messageAuthContextId =
authConfig.getAuthContextID(messageInfo);
ServerAuthContext authContext =
authConfig.getAuthContext(messageAuthContextId,
serviceSubject, authProperties);
-authStatus = authContext.validateRequest(messageInfo, new
Subject(), serviceSubject);
+authStatus = authContext.validateRequest(messageInfo, subject,
serviceSubject);
} catch (AuthException e) {
handleUnauthorizedRequest(response, e);
return false;
}
if (authStatus == AuthStatus.SUCCESS) {
-Principal principal = callbackHandler.getPrincipal();
+GenericPrincipal principal = getPrincipal(subject);
if (principal != null) {
register(request, response, principal, AUTH_TYPE, null, null);
}
@@ -99,6 +102,20 @@ public class JaspicAuthenticator extends
}
+private GenericPrincipal getPrincipal(Subject subject) {
+if (subject == null) {
+return null;
+}
+
+Set principals =
subject.getPrivateCredentials(GenericPrincipal.class);
+if (principals.isEmpty()) {
+return null;
+}
+
+return principals.iterator().next();
+}
+
+
@Override
public void login(String userName, String password, Request request)
throws ServletException {
throw new IllegalStateException("not implemented yet!");
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java?rev=1687004&r1=1687003&r2=1687004&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java
svn commit: r1687009 - in /tomcat/trunk/java/org/apache/catalina: authenticator/jaspic/provider/ authenticator/jaspic/provider/modules/ startup/
Author: markt
Date: Tue Jun 23 09:41:20 2015
New Revision: 1687009
URL: http://svn.apache.org/r1687009
Log:
Implemented framework for default JASPIC modules registration
Patch by fjodorver
Added:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
(with props)
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
(with props)
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
(with props)
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
(with props)
Modified:
tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
Added:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java?rev=1687009&view=auto
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
(added)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
Tue Jun 23 09:41:20 2015
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.authenticator.jaspic.provider;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.config.ServerAuthContext;
+
+import
org.apache.catalina.authenticator.jaspic.provider.modules.TomcatAuthModule;
+
+public class TomcatAuthConfig implements ServerAuthConfig {
+
+private String messageLayer;
+private String appContext;
+private CallbackHandler handler;
+private TomcatServerAuthContext tomcatServerAuthContext;
+
+
+public TomcatAuthConfig(String layer, String appContext, CallbackHandler
callbackHandler) {
+this.messageLayer = layer;
+this.appContext = appContext;
+this.handler = callbackHandler;
+}
+
+
+@Override
+public String getMessageLayer() {
+return messageLayer;
+}
+
+
+@Override
+public String getAppContext() {
+return appContext;
+}
+
+
+@Override
+public String getAuthContextID(MessageInfo messageInfo) {
+return messageInfo.toString();
+}
+
+
+@Override
+public void refresh() {
+
+}
+
+
+@Override
+public boolean isProtected() {
+return false;
+}
+
+
+@Override
+@SuppressWarnings("rawtypes")
+public synchronized ServerAuthContext getAuthContext(String authContextID,
+Subject serviceSubject, Map properties) throws AuthException {
+if (this.tomcatServerAuthContext == null) {
+this.tomcatServerAuthContext = new
TomcatServerAuthContext(handler, getModules());
+}
+return tomcatServerAuthContext;
+}
+
+
+private Collection getModules() {
+List modules = new ArrayList<>();
+return modules;
+}
+}
Propchange:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
--
svn:eol-style = native
Added:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java?rev=1687009&view=auto
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
(added)
+++
tomcat/trunk/java/org/a
svn commit: r1687005 - in /tomcat/trunk/java/org/apache/catalina/authenticator/jaspic: JaspicAuthenticator.java MessageInfoImpl.java
Author: markt
Date: Tue Jun 23 09:30:08 2015
New Revision: 1687005
URL: http://svn.apache.org/r1687005
Log:
Store JASPIC auth method in security message
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java?rev=1687005&r1=1687004&r2=1687005&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
Tue Jun 23 09:30:08 2015
@@ -46,7 +46,7 @@ public class JaspicAuthenticator extends
private static final Log log =
LogFactory.getLog(JaspicAuthenticator.class);
private static final String AUTH_TYPE = "JASPIC";
-private static final String MESSAGE_LAYER = "HttpServlet";
+public static final String MESSAGE_LAYER = "HttpServlet";
private Subject serviceSubject;
@@ -65,7 +65,7 @@ public class JaspicAuthenticator extends
@Override
public boolean authenticate(Request request, HttpServletResponse response)
throws IOException {
-MessageInfo messageInfo = new MessageInfoImpl(request, response, true);
+MessageInfo messageInfo = new MessageInfoImpl(request, response, true,
getAuthMethod());
AuthConfigFactory factory = AuthConfigFactory.getFactory();
String appContext = getAppContextId(request);
@@ -149,6 +149,6 @@ public class JaspicAuthenticator extends
@Override
protected String getAuthMethod() {
-return AUTH_TYPE;
+return context.getLoginConfig().getAuthMethod();
}
}
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java?rev=1687005&r1=1687004&r2=1687005&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java
Tue Jun 23 09:30:08 2015
@@ -26,7 +26,8 @@ import javax.servlet.http.HttpServletRes
import org.apache.catalina.connector.Request;
public class MessageInfoImpl implements MessageInfo {
-private static final String IS_MANDATORY =
"javax.security.auth.message.MessagePolicy.isMandatory";
+public static final String IS_MANDATORY =
"javax.security.auth.message.MessagePolicy.isMandatory";
+public static final String AUTH_METHOD = "javax.servlet.http.authType";
private final Map map = new HashMap<>();
private HttpServletRequest request;
@@ -35,10 +36,12 @@ public class MessageInfoImpl implements
public MessageInfoImpl() {
}
-public MessageInfoImpl(Request request, HttpServletResponse response,
boolean authMandatory) {
+public MessageInfoImpl(Request request, HttpServletResponse response,
boolean authMandatory,
+String authMethod) {
this.request = request;
this.response = response;
map.put(IS_MANDATORY, Boolean.toString(authMandatory));
+map.put(AUTH_METHOD, authMethod);
}
@Override
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687016 - in /tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider: TomcatAuthConfig.java modules/DigestAuthModule.java
Author: markt
Date: Tue Jun 23 10:03:20 2015
New Revision: 1687016
URL: http://svn.apache.org/r1687016
Log:
Implemented JASPIC module for DIGEST authentication
Patch by fjodorver
Added:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
(with props)
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java?rev=1687016&r1=1687015&r2=1687016&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
Tue Jun 23 10:03:20 2015
@@ -30,6 +30,7 @@ import javax.security.auth.message.confi
import org.apache.catalina.Realm;
import
org.apache.catalina.authenticator.jaspic.provider.modules.BasicAuthModule;
+import
org.apache.catalina.authenticator.jaspic.provider.modules.DigestAuthModule;
import
org.apache.catalina.authenticator.jaspic.provider.modules.TomcatAuthModule;
public class TomcatAuthConfig implements ServerAuthConfig {
@@ -94,6 +95,7 @@ public class TomcatAuthConfig implements
private Collection getModules() {
List modules = new ArrayList<>();
modules.add(new BasicAuthModule());
+modules.add(new DigestAuthModule(realm));
return modules;
}
}
Added:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java?rev=1687016&view=auto
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
(added)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
Tue Jun 23 10:03:20 2015
@@ -0,0 +1,647 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.authenticator.jaspic.provider.modules;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.nio.charset.StandardCharsets;
+import java.security.Principal;
+import java.text.MessageFormat;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.Realm;
+import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.catalina.util.StandardSessionIdGenerator;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.http.parser.Authorization;
+import org.apache.tomcat.util.security.ConcurrentMessageDigest;
+import org.apache.tomcat.util.security.MD5Encoder;
+
+public class DigestAuthModule extends TomcatAuthModule {
+private static final Log log = LogFactory.getLog(DigestAuthModule.class);
+/**
+ * Tomcat's DIGEST implementation only supports auth quality of protection.
+ */
+protected static final String QOP = "auth";
+
+private Class[] supportedMessageTypes = new Class[] {
HttpServletRequest.class,
+HttpServletResponse.class };
+
+private CallbackHandler handler;
+
+private Realm realm;
+
+/**
+ * List of server nonce values currently being tracked
+ */
svn commit: r1687013 - /tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
Author: markt
Date: Tue Jun 23 09:49:36 2015
New Revision: 1687013
URL: http://svn.apache.org/r1687013
Log:
Configure JASPIC app context for embedded provider
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
Modified: tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java?rev=1687013&r1=1687012&r2=1687013&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java (original)
+++ tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java Tue Jun 23
09:49:36 2015
@@ -453,11 +453,14 @@ public class ContextConfig implements Li
private JaspicAuthenticator configureDefaultJaspicAuthModules() {
AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
TomcatAuthConfigProvider provider = new
TomcatAuthConfigProvider(context.getRealm());
-authConfigFactory.registerConfigProvider(provider,
-JaspicAuthenticator.MESSAGE_LAYER, null, "Tomcat Jaspic");
+authConfigFactory.registerConfigProvider(provider,
JaspicAuthenticator.MESSAGE_LAYER,
+getJaspicAppContext(), "Tomcat Jaspic");
return new JaspicAuthenticator();
}
+private String getJaspicAppContext() {
+return context.getServletContext().getVirtualServerName() + " " +
context.getPath();
+}
/**
* Create (if necessary) and return a Digester configured to process the
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in ASF Buildbot on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1436 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1687005 Blamelist: markt BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687001 - /tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java
Author: markt
Date: Tue Jun 23 09:18:44 2015
New Revision: 1687001
URL: http://svn.apache.org/r1687001
Log:
Implemented JASPIC password callback support
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java?rev=1687001&r1=1687000&r2=1687001&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java
Tue Jun 23 09:18:44 2015
@@ -17,7 +17,7 @@
package org.apache.catalina.authenticator.jaspic;
import java.io.IOException;
-import java.util.Collections;
+import java.security.Principal;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
@@ -80,9 +80,14 @@ public class JaspicCallbackHandler imple
private void handlePasswordValidationCallback(
PasswordValidationCallback passwordValidationCallback) {
Subject subject = passwordValidationCallback.getSubject();
+String username = passwordValidationCallback.getUsername();
+String password = new String(passwordValidationCallback.getPassword());
-passwordValidationCallback.setResult(true);
-subject.getPrincipals().add(
-new GenericPrincipal("user", "password",
Collections.singletonList("user")));
+Principal principal = realm.authenticate(username, password);
+passwordValidationCallback.setResult(principal != null);
+
+if (principal != null) {
+subject.getPrivateCredentials().add(principal);
+}
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687014 - /tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
Author: markt
Date: Tue Jun 23 09:52:02 2015
New Revision: 1687014
URL: http://svn.apache.org/r1687014
Log:
Add a TODO
Modified:
tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
Modified: tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java?rev=1687014&r1=1687013&r2=1687014&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java (original)
+++ tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java Tue Jun 23
09:52:02 2015
@@ -459,6 +459,7 @@ public class ContextConfig implements Li
}
private String getJaspicAppContext() {
+// TODO: This might not be unique
return context.getServletContext().getVirtualServerName() + " " +
context.getPath();
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687015 - in /tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider: TomcatAuthConfig.java modules/BasicAuthModule.java
Author: markt
Date: Tue Jun 23 09:57:16 2015
New Revision: 1687015
URL: http://svn.apache.org/r1687015
Log:
Implemented JASPIC module for BASIC authentication
Patch by fjodorver
Added:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
(with props)
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java?rev=1687015&r1=1687014&r2=1687015&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
Tue Jun 23 09:57:16 2015
@@ -29,6 +29,7 @@ import javax.security.auth.message.confi
import javax.security.auth.message.config.ServerAuthContext;
import org.apache.catalina.Realm;
+import
org.apache.catalina.authenticator.jaspic.provider.modules.BasicAuthModule;
import
org.apache.catalina.authenticator.jaspic.provider.modules.TomcatAuthModule;
public class TomcatAuthConfig implements ServerAuthConfig {
@@ -92,6 +93,7 @@ public class TomcatAuthConfig implements
private Collection getModules() {
List modules = new ArrayList<>();
+modules.add(new BasicAuthModule());
return modules;
}
}
Added:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java?rev=1687015&view=auto
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
(added)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
Tue Jun 23 09:57:16 2015
@@ -0,0 +1,278 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.authenticator.jaspic.provider.modules;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.text.MessageFormat;
+import java.util.Iterator;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
+import javax.security.auth.message.callback.PasswordValidationCallback;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.buf.MessageBytes;
+import org.apache.tomcat.util.codec.binary.Base64;
+
+public class BasicAuthModule extends TomcatAuthModule {
+
+private Class[] supportedMessageTypes = new Class[] {
HttpServletRequest.class,
+HttpServletResponse.class };
+
+private CallbackHandler handler;
+
+
+@Override
+public String getAuthenticationType() {
+return "BASIC";
+}
+
+
+@SuppressWarnings("rawtypes")
+@Override
+public void initialize(MessagePolicy requestPolicy, MessagePolicy
responsePolicy,
+CallbackHandler handler, Map options) throws AuthException {
+this.handler = handler;
+}
+
+
+@Override
+public AuthStatus validateRequest(MessageInfo messageInfo, Subject
clientSubject,
+Subject serviceSubject) throws AuthException {
+if (!isMandatory(messageInfo)) {
+return AuthStatus.SUCCESS;
+}
+
+HttpServletRequest request = (HttpServletRequest)
message
svn commit: r1687011 - in /tomcat/trunk/java/org/apache/catalina: authenticator/jaspic/provider/TomcatAuthConfig.java authenticator/jaspic/provider/TomcatAuthConfigProvider.java startup/ContextConfig.
Author: markt
Date: Tue Jun 23 09:45:34 2015
New Revision: 1687011
URL: http://svn.apache.org/r1687011
Log:
Added realm support for embedded JASPIC modules
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java?rev=1687011&r1=1687010&r2=1687011&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
Tue Jun 23 09:45:34 2015
@@ -28,6 +28,7 @@ import javax.security.auth.message.Messa
import javax.security.auth.message.config.ServerAuthConfig;
import javax.security.auth.message.config.ServerAuthContext;
+import org.apache.catalina.Realm;
import
org.apache.catalina.authenticator.jaspic.provider.modules.TomcatAuthModule;
public class TomcatAuthConfig implements ServerAuthConfig {
@@ -36,12 +37,15 @@ public class TomcatAuthConfig implements
private String appContext;
private CallbackHandler handler;
private TomcatServerAuthContext tomcatServerAuthContext;
+private Realm realm;
-public TomcatAuthConfig(String layer, String appContext, CallbackHandler
callbackHandler) {
+public TomcatAuthConfig(String layer, String appContext, CallbackHandler
callbackHandler,
+Realm realm) {
this.messageLayer = layer;
this.appContext = appContext;
this.handler = callbackHandler;
+this.realm = realm;
}
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java?rev=1687011&r1=1687010&r2=1687011&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
Tue Jun 23 09:45:34 2015
@@ -25,16 +25,24 @@ import javax.security.auth.message.confi
import javax.security.auth.message.config.ClientAuthConfig;
import javax.security.auth.message.config.ServerAuthConfig;
+import org.apache.catalina.Realm;
+
public class TomcatAuthConfigProvider implements AuthConfigProvider {
private Map providerProperties;
private ServerAuthConfig serverAuthConfig;
+private Realm realm;
public TomcatAuthConfigProvider() {
}
+public TomcatAuthConfigProvider(Realm realm) {
+this.realm = realm;
+}
+
+
public TomcatAuthConfigProvider(Map properties,
AuthConfigFactory factory) {
this.providerProperties = properties;
if (factory != null) {
@@ -54,7 +62,7 @@ public class TomcatAuthConfigProvider im
public synchronized ServerAuthConfig getServerAuthConfig(String layer,
String appContext,
CallbackHandler handler) throws AuthException {
if (this.serverAuthConfig == null) {
-this.serverAuthConfig = new TomcatAuthConfig(layer, appContext,
handler);
+this.serverAuthConfig = new TomcatAuthConfig(layer, appContext,
handler, realm);
}
return this.serverAuthConfig;
}
Modified: tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java?rev=1687011&r1=1687010&r2=1687011&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java (original)
+++ tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java Tue Jun 23
09:45:34 2015
@@ -452,7 +452,8 @@ public class ContextConfig implements Li
*/
private JaspicAuthenticator configureDefaultJaspicAuthModules() {
AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
-authConfigFactory.registerConfigProvider(new
TomcatAuthConfigProvider(),
+TomcatAuthConfigProvider provider = new
TomcatAuthConfigProvider(context.getRealm());
+authConfigFactory.registerConfigProvider(provider,
JaspicAuthenticator.MESSAGE_LAYER, null, "Tomcat Jaspic");
return new JaspicAuthenticator();
}
-
To unsubscribe, e-mail: dev-unsubscr...
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1437 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1687014 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687023 - /tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
Author: markt
Date: Tue Jun 23 11:08:13 2015
New Revision: 1687023
URL: http://svn.apache.org/r1687023
Log:
Better auto-boxing fix
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java?rev=1687023&r1=1687022&r2=1687023&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
Tue Jun 23 11:08:13 2015
@@ -41,7 +41,7 @@ public abstract class TomcatAuthModule i
protected boolean isMandatory(MessageInfo messageInfo) {
String mandatory = (String)
messageInfo.getMap().get(MessageInfoImpl.IS_MANDATORY);
-return Boolean.valueOf(mandatory).booleanValue();
+return Boolean.parseBoolean(mandatory);
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687025 - in /tomcat/trunk/java/org/apache/catalina/authenticator/jaspic: JaspicAuthenticator.java MessageInfoImpl.java provider/modules/TomcatAuthModule.java
Author: markt
Date: Tue Jun 23 11:13:20 2015
New Revision: 1687025
URL: http://svn.apache.org/r1687025
Log:
Added realm name support for JASPIC modules
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java?rev=1687025&r1=1687024&r2=1687025&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
Tue Jun 23 11:13:20 2015
@@ -23,7 +23,6 @@ import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
-import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.config.AuthConfigProvider;
import javax.security.auth.message.config.ServerAuthConfig;
@@ -69,7 +68,8 @@ public class JaspicAuthenticator extends
return true;
}
-MessageInfo messageInfo = new MessageInfoImpl(request, response, true,
getAuthMethod());
+MessageInfoImpl messageInfo = new MessageInfoImpl(request, response,
true, getAuthMethod());
+messageInfo.setRealmName(getRealmName(context));
AuthConfigFactory factory = AuthConfigFactory.getFactory();
String appContext = getAppContextId(request);
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java?rev=1687025&r1=1687024&r2=1687025&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java
Tue Jun 23 11:13:20 2015
@@ -28,6 +28,7 @@ import org.apache.catalina.connector.Req
public class MessageInfoImpl implements MessageInfo {
public static final String IS_MANDATORY =
"javax.security.auth.message.MessagePolicy.isMandatory";
public static final String AUTH_METHOD = "javax.servlet.http.authType";
+public static final String REALM_NAME = "javax.servlet.http.realmName";
private final Map map = new HashMap<>();
private HttpServletRequest request;
@@ -44,6 +45,10 @@ public class MessageInfoImpl implements
map.put(AUTH_METHOD, authMethod);
}
+public void setRealmName(String realmName) {
+map.put(REALM_NAME, realmName);
+}
+
@Override
@SuppressWarnings("rawtypes")
// JASPIC uses raw types
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java?rev=1687025&r1=1687024&r2=1687025&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
Tue Jun 23 11:13:20 2015
@@ -45,11 +45,11 @@ public abstract class TomcatAuthModule i
}
+@SuppressWarnings("unchecked")
protected static String getRealmName(MessageInfo messageInfo) {
if (messageInfo == null) {
return REALM_NAME;
}
-// TODO get realm name from message
-return REALM_NAME;
+return (String)
messageInfo.getMap().getOrDefault(MessageInfoImpl.REALM_NAME, REALM_NAME);
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687027 - in /tomcat/trunk/java/org/apache/catalina/authenticator/jaspic: LocalStrings.properties provider/TomcatServerAuthContext.java
Author: markt
Date: Tue Jun 23 11:15:27 2015
New Revision: 1687027
URL: http://svn.apache.org/r1687027
Log:
Fix i18n for unknown JASPIC authentication type
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties?rev=1687027&r1=1687026&r2=1687027&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/LocalStrings.properties
Tue Jun 23 11:15:27 2015
@@ -15,3 +15,4 @@
authenticator.jaspic.unauthorized=Cannot authenticate with the provided
credentials
authenticator.jaspic.unknownCallback=Unknown JASPIC callback: [{0}]
+authenticator.jaspic.unknownAuthType=Unknown authentication type: [{0}]
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java?rev=1687027&r1=1687026&r2=1687027&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
Tue Jun 23 11:15:27 2015
@@ -31,12 +31,15 @@ import javax.security.auth.message.modul
import org.apache.catalina.authenticator.jaspic.MessageInfoImpl;
import
org.apache.catalina.authenticator.jaspic.provider.modules.TomcatAuthModule;
+import org.apache.tomcat.util.res.StringManager;
/**
* This class contains references to different JASPIC modules.
*/
public class TomcatServerAuthContext implements ServerAuthContext {
+protected static final StringManager sm =
StringManager.getManager(TomcatServerAuthContext.class);
+
private Map serverAuthModules = new HashMap<>();
@@ -85,7 +88,8 @@ public class TomcatServerAuthContext imp
String authenticationType = (String)
properties.get(MessageInfoImpl.AUTH_METHOD);
ServerAuthModule module = serverAuthModules.get(authenticationType);
if (module == null) {
-throw new AuthException("Unknown auth module");// TODO message i18n
+throw new
AuthException(sm.getString("authenticator.jaspic.unknownAuthType",
+authenticationType));
}
return module;
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56108] Allow user-defined Diffie-Hellman parameters (secure DH-Cipher)
https://bz.apache.org/bugzilla/show_bug.cgi?id=56108 Michał Staruch changed: What|Removed |Added CC||m...@cinkciarz.pl -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58072] New: ECDH curve selection
https://bz.apache.org/bugzilla/show_bug.cgi?id=58072 Bug ID: 58072 Summary: ECDH curve selection Product: Tomcat 9 Version: unspecified Hardware: PC OS: All Status: NEW Severity: major Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: m...@cinkciarz.pl It should be possible to pick ECDH curve for EC-based cipher suites, in the same way it's possible in let's say nginx: ssl_ecdh_curve secp521r1; Curve names could be used as defined in RFC 4492, section 5.1.1: https://tools.ietf.org/html/rfc4492#section-5.1.1 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58072] ECDH curve selection
https://bz.apache.org/bugzilla/show_bug.cgi?id=58072 Michał Staruch changed: What|Removed |Added CC||m...@cinkciarz.pl -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: JASPIC Implementation pointers
On 22/06/2015 20:57, Fjodor Vershinin wrote: > Hi! > There are new bunch of patches ready in my github repo: > https://github.com/fjodorver/tomcat/commits/feature/jaspic-implementation Thanks. Patches applied. I've added comments to some of the patches. > My report for previous week + today: You still need to address the issue of a unique name for the JASPIC app context. > 1) I have prepared mechanism for registration embedded JASPIC modules > 2) Callback handler is singleton now > 3) Implemented JAAS Subject's support (it turned out, that it is mandatory). > 4) BASIC and DIGEST authenticators has been ported to JASPIC > I think these modules need to be carefully refactored though, then I will > prepare some tests. Why do you think these modules need to be refactored? Given the security nature of this code and that what you have currently is largely copied directly from the existing implementations, I'd be wary of making any changes without a good reason for doing so. > 5) Fixed some bugs in implementation, such as lack of session caching > 6) Currently, I am working on some javadoc's, but I'll commit them later. Remember, little and often is better than a few larger code dumps. The recent commits have been fine but I would prefer to see 1 or 2 commits a day rather than a batch of 10+ commits once a week. > Some problems I have: > 1) I need some convenient way to get user roles from Realm. I assume, that > every Principal is GenericPrincipal, but I guess that's not right. What for? The best way to handle this depends on why/where that information is needed. > 2) We need find a easy way for configuring embedded JASPIC modules. For > example, form authentication requires login page and error page. I think > that these parameters can be passed to JASPIC provider directly, but I'm > not sure. Currently the ContextConfig registers a new TomcatAuthConfigProvider for each web application. The TomcatAuthConfigProvider creates (lazily) a TomcatAuthConfig. The TomcatAuthConfig creates (lazily) TomcatServerAuthContext with all available modules. The TomcatAuthConfig then looks up the authentication type obtained from the request and maps it to the right module. Initialising all the modules when - typically - only one is required looks wrong to me. I'd expect the ContextConfig to specify (possibly even create and configure) the required modules and pass those to the TomcatAuthConfigProvider instance for the web application. Mark > 3) Arjan, can you have a look at current implementation and give some > comments on current implementation. > > 2015-06-17 12:47 GMT+03:00 Mark Thomas : > >> On 17/06/2015 08:32, Fjodor Vershinin wrote: >>> Could you provide me your eclipse config files for this project? I think >> it >>> would be most convenient way to fix such kind issues. >> >> This is something that would have been covered during community bonding. >> >> http://svn.apache.org/viewvc/tomcat/trunk/res/ide-support/ >> >>> I added some Javadocs, however current implementation is not that stable, >>> so I'll continue commenting code when code will be more solid. >> >> Comments in the code are just as importantas the Javadoc. I'm not too >> bothered about ensuring every public method is fully documented with >> Javadoc. The important thing is that there are enough comments for >> someone to understand the code. >> All user messages, exception messages etc. should use i18n >> (StringManager). >>> Fixed. Only "not implemented" exceptions had left, but they will be >>> removed after some time, so I think it's not mandatory to translate them. >> >> Yes, that is fine. No need to use i18n for temporary code. Do make sure >> there is a TODO marker there so nothing gets missed. >> In JaspicAuthenticator.authenticate() request.getLocalName() is not the >>> way to get a unique name for the web application (assuming that is what >> is >>> required). >>> >>> Has been fixed. Now I get unique name in JASPIC 1.1 style. >> >> That is better but it is still not unique. It is rare but Tomcat >> instances can be configured with multiple services and those services >> may have host names and contexts paths duplicated between them. You >> really need to find a way to include the engine name as well. You can't >> use the address:port since there may be multiple connectors with >> different addresses and/or ports. >> >> I'd ignore the request and use the fact that Valves have a Container and >> that that Container will have a reference to its ancestors. The >> >>> All ThreadLocal logic has been replaced with creation of a new instance >>> every time. I'm not sure about performance, but for now it's more >>> convenient. >> >> I'm not sure about performance either. My general approach is to focus >> on functional correctness and worry about performance once I have >> something that is working. Tuning a working implementation is a lot >> easier than fixing a tuned but broken implementation. I do try to avoid >> any obvio
[Bug 58072] ECDH curve selection
https://bz.apache.org/bugzilla/show_bug.cgi?id=58072 Michał Staruch changed: What|Removed |Added Target Milestone|- | Product|Tomcat 9|Tomcat 8 Version|unspecified |trunk Component|Connectors |Connectors -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: tc-native and multiple certificates for a single virtual host
2015-06-22 9:06 GMT+03:00 jean-frederic clere : > On 06/19/2015 10:01 PM, Mark Thomas wrote: >> >> I'm looking at integrating multiple certificate support with APR/native >> and the new OpenSSLContext. >> >> I have a query about the following method that I hope those that have >> been working in this area recently will be able to answer. >> >> SSLContext.setCertificate(long ctx, String cert, String key, >>String password, int idx) >> >> The idx can either be 0 (RSA) or 1 (DSS). > > > It is tested between 0 and <4. > >> >> I know the tc-native enforces that idx is 0 or 1. Does it require that >> idx is 0 for RSA keys and 1 for DSS keys? > > > According the include: > +++ > #define SSL_AIDX_RSA (0) > #define SSL_AIDX_DSA (1) > #define SSL_AIDX_ECC (3) > #define SSL_AIDX_MAX (4) > +++ As those look like indexes into an array, I wonder why "2" was skipped. Those defines were introduced in r1681509 Note that they were backported to native 1.1.x in r1681515 >> >> How does one specify an ECC key? > > > Using 3 I guess but I don't see a different handling for the different type > of key/cert... Basically it looks like the latest call tells which key/cert > will be used. > Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: tc-native and multiple certificates for a single virtual host
On 06/23/2015 02:11 PM, Konstantin Kolinko wrote: 2015-06-22 9:06 GMT+03:00 jean-frederic clere : On 06/19/2015 10:01 PM, Mark Thomas wrote: I'm looking at integrating multiple certificate support with APR/native and the new OpenSSLContext. I have a query about the following method that I hope those that have been working in this area recently will be able to answer. SSLContext.setCertificate(long ctx, String cert, String key, String password, int idx) The idx can either be 0 (RSA) or 1 (DSS). It is tested between 0 and <4. I know the tc-native enforces that idx is 0 or 1. Does it require that idx is 0 for RSA keys and 1 for DSS keys? According the include: +++ #define SSL_AIDX_RSA (0) #define SSL_AIDX_DSA (1) #define SSL_AIDX_ECC (3) #define SSL_AIDX_MAX (4) +++ As those look like indexes into an array, I wonder why "2" was skipped. Because it used to be SSL_AIDX_MAX :-( Those defines were introduced in r1681509 Note that they were backported to native 1.1.x in r1681515 I will ping Rainer then. Cheers Jean-Frederic How does one specify an ECC key? Using 3 I guess but I don't see a different handling for the different type of key/cert... Basically it looks like the latest call tells which key/cert will be used. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58072] ECDH curve selection
https://bz.apache.org/bugzilla/show_bug.cgi?id=58072 Mark Thomas changed: What|Removed |Added Severity|major |enhancement --- Comment #1 from Mark Thomas --- This should be doable for OpenSSL based connections. For JSSE based connections this is going to have to wait for the JRE to provide the necessary hooks. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57953] Support multiple TLS certificate types for a single TLS virtual host
https://bz.apache.org/bugzilla/show_bug.cgi?id=57953 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #2 from Mark Thomas --- Tested and working in APR/native as well. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687080 - /tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_2.java
Author: markt
Date: Tue Jun 23 14:42:26 2015
New Revision: 1687080
URL: http://svn.apache.org/r1687080
Log:
Initial test case for headers frame
Added:
tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_2.java (with
props)
Added: tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_2.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_2.java?rev=1687080&view=auto
==
--- tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_2.java (added)
+++ tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_2.java Tue Jun
23 14:42:26 2015
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.coyote.http2;
+
+import java.nio.ByteBuffer;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ * Unit tests for Section 6.2 of
+ * https://tools.ietf.org/html/rfc7540";>RFC 7540.
+ *
+ * The order of tests in this class is aligned with the order of the
+ * requirements in the RFC.
+ */
+public class TestHttp2Section_6_2 extends Http2TestBase {
+
+@Test
+public void testHeaderOnStreamZero() throws Exception {
+// HTTP2 upgrade
+http2Connect();
+
+// Part 1
+byte[] frameHeader = new byte[9];
+ByteBuffer headersPayload = ByteBuffer.allocate(128);
+buildSimpleGetRequestPart1(frameHeader, headersPayload, 0);
+writeFrame(frameHeader, headersPayload);
+
+// Go away
+parser.readFrame(true);
+
+Assert.assertTrue(output.getTrace(), output.getTrace().startsWith(
+"0-Goaway-[1]-[" + Http2Error.PROTOCOL_ERROR.getCode() +
"]-["));
+}
+}
Propchange: tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_2.java
--
svn:eol-style = native
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: JASPIC Implementation pointers
Hi there! > You still need to address the issue of a unique name for the JASPIC app > context. I see your point. However, tomcat's implementation of uniqueness is against JASPIC 1.1 specification. We must somehow document this feature. > > 1) I have prepared mechanism for registration embedded JASPIC modules > > 2) Callback handler is singleton now > > 3) Implemented JAAS Subject's support (it turned out, that it is > mandatory). > > 4) BASIC and DIGEST authenticators has been ported to JASPIC > > I think these modules need to be carefully refactored though, then I will > > prepare some tests. > > Why do you think these modules need to be refactored? Given the security > nature of this code and that what you have currently is largely copied > directly from the existing implementations, I'd be wary of making any > changes without a good reason for doing so. Yes, we must be very careful with security implementations. However, I would decouple JASPIC code from authentication algorithms and put them into separate classes. > 5) Fixed some bugs in implementation, such as lack of session caching > > 6) Currently, I am working on some javadoc's, but I'll commit them later. > > Remember, little and often is better than a few larger code dumps. The > recent commits have been fine but I would prefer to see 1 or 2 commits a > day rather than a batch of 10+ commits once a week. I agree, however I was intensively using rebase and squashing for commit rewriting in order to get "feature per commit". I think it depends on architectural tasks - currently we have architectural stuff done, so next commits will require less rewriting. > 1) I need some convenient way to get user roles from Realm. I assume, that > > every Principal is GenericPrincipal, but I guess that's not right. > > What for? The best way to handle this depends on why/where that > information is needed. I need this info in order to construct GenericPrincipal using callbacks. Currently, Realm is returning GenericPrincipal, however, implementation is hidden behind Principal interface. I need to do casting to get GenericPrincipal object, because Principal doesn't have getRoles() method. > > 2) We need find a easy way for configuring embedded JASPIC modules. For > > example, form authentication requires login page and error page. I think > > that these parameters can be passed to JASPIC provider directly, but I'm > > not sure. > > Currently the ContextConfig registers a new TomcatAuthConfigProvider for > each web application. > > The TomcatAuthConfigProvider creates (lazily) a TomcatAuthConfig. > > The TomcatAuthConfig creates (lazily) TomcatServerAuthContext with all > available modules. > > The TomcatAuthConfig then looks up the authentication type obtained from > the request and maps it to the right module. > > Initialising all the modules when - typically - only one is required > looks wrong to me. I'd expect the ContextConfig to specify (possibly > even create and configure) the required modules and pass those to the > TomcatAuthConfigProvider instance for the web application. Yes, I agree, that it's better solution. I am not sure about constructing auth modules in ContextConfig. May be we can pass LoginConfig info into provider, and construct modules inside. -- Thanks, Fjodor
Time for a mod_jk release?
All, There have been some questions lately on the users' list about a release date for mod_jk which includes a fix for slash-collapsing. http://svn.apache.org/viewvc?view=revision&revision=1647017 It's been a bit over a year since the last release, so it seems like mod_jk is fairly stable other than this issue. Does anyone have time to roll a release? -chris signature.asc Description: OpenPGP digital signature
Time for Tomcat 7.0.63?
All, Some recent bugs have been fixed and there is some community demand for 7.0.63. e.g. https://bz.apache.org/bugzilla/show_bug.cgi?id=57783 Violetta, are you up for another release? -chris signature.asc Description: OpenPGP digital signature
[Bug 54537] StatementFinalizer closeInvoked is too slow for large batch jobs.
https://bz.apache.org/bugzilla/show_bug.cgi?id=54537
--- Comment #3 from Rahul Singh ---
Can't we get keep ArrayList as it and instead of removing the object from the
list (first line of StatementFinalizer.closeInvoked() method), just get that
Statement reference and close that.
At the end of loop when all Statements have been closed, we can just call
clear() on the list. It will nullify all the references and those will GCed
latter.
Finding a particular entry in a linked list having millions of objects may also
have some cost.
With this code method closeInvoked() should look like
public void closeInvoked()
{
for (WeakReference ws : this.statements) {
Statement st = (Statement)ws.get();
if (st == null) continue;
try {
st.close();
} catch (Exception ignore) {
if (log.isDebugEnabled())
log.debug("Unable to closed statement upon connection close.",
ignore);
}
}
this.statements.clear();
}
Hope I am correct!!!
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58072] ECDH curve selection
https://bz.apache.org/bugzilla/show_bug.cgi?id=58072 --- Comment #2 from Michał Staruch --- Mark: providers available in Java 8 that enable EC cipher suites have to support all the named curves listed in RFC 4492 5.1.1: "The provider must support all the SECG curves referenced in RFC 4492 specification, section 5.1.1 (see also appendix A). In certificates, points should be encoded using the uncompressed form and curves should be encoded using the namedCurve choice, that is, using an object identifier." See the "Java Cryptography Architecture Oracle Providers Documentation for JDK 8" document, available here: https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 58072] ECDH curve selection
https://bz.apache.org/bugzilla/show_bug.cgi?id=58072 --- Comment #3 from Mark Thomas --- (In reply to Michał Staruch from comment #2) And which API should Tomcat use to specify the curve to use (in the cases where the server has a choice)? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54537] StatementFinalizer closeInvoked is too slow for large batch jobs.
https://bz.apache.org/bugzilla/show_bug.cgi?id=54537 --- Comment #4 from Christopher Schultz --- (In reply to Rahul Singh from comment #3) > Can't we get keep ArrayList as it and instead of removing the object from > the list (first line of StatementFinalizer.closeInvoked() method), just get > that Statement reference and close that. Why do you specifically want to use an ArrayList? Why are you commenting on a bug that was closed almost one year ago? > At the end of loop when all Statements have been closed, we can just call > clear() on the list. It will nullify all the references and those will GCed > latter. > > Finding a particular entry in a linked list having millions of objects may > also have some cost. When do you need to index into the middle of the list? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54537] StatementFinalizer closeInvoked is too slow for large batch jobs.
https://bz.apache.org/bugzilla/show_bug.cgi?id=54537 --- Comment #5 from Rahul Singh --- Have no love with ArrayList. Now noticed that it will always remove 0th index so that will not have any cost. I guessed this fix has not been released yet..sorry for commenting on FIXED thread. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54537] StatementFinalizer closeInvoked is too slow for large batch jobs.
https://bz.apache.org/bugzilla/show_bug.cgi?id=54537 --- Comment #6 from Christopher Schultz --- This fix was released long ago. It also has the advantage of being able to partially-process a list and remove those items processed. With ArrayList.clear, it's all or nothing. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687117 - in /tomcat/trunk: java/org/apache/coyote/http2/ test/org/apache/coyote/http2/
Author: markt
Date: Tue Jun 23 19:19:56 2015
New Revision: 1687117
URL: http://svn.apache.org/r1687117
Log:
Add support for header padding to the tests.
Add a simple test for a header frame with padding.
Fix a bug in the parser when parsing header frames with padding.
Modified:
tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java
tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java
tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_4_1.java
tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_4_3.java
tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_5_1.java
tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_2.java
Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java?rev=1687117&r1=1687116&r2=1687117&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java Tue Jun 23
19:19:56 2015
@@ -225,6 +225,7 @@ class Http2Parser {
}
payloadSize -= optionalLen;
+payloadSize -= padLength;
}
boolean endOfHeaders = Flags.isEndOfHeaders(flags);
Modified: tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java?rev=1687117&r1=1687116&r2=1687117&view=diff
==
--- tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java (original)
+++ tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java Tue Jun 23
19:19:56 2015
@@ -109,10 +109,15 @@ public abstract class Http2TestBase exte
protected void sendSimpleGetRequest(int streamId) throws IOException {
+sendSimpleGetRequest(streamId, null);
+}
+
+
+protected void sendSimpleGetRequest(int streamId, byte[] padding) throws
IOException {
byte[] frameHeader = new byte[9];
ByteBuffer headersPayload = ByteBuffer.allocate(128);
-buildSimpleGetRequest(frameHeader, headersPayload, streamId);
+buildSimpleGetRequest(frameHeader, headersPayload, padding, streamId);
writeFrame(frameHeader, headersPayload);
}
@@ -126,24 +131,30 @@ public abstract class Http2TestBase exte
}
-protected void buildSimpleGetRequest(byte[] frameHeader, ByteBuffer
headersPayload, int streamId) {
-buildGetRequest(frameHeader, headersPayload, streamId, "/simple");
+protected void buildSimpleGetRequest(byte[] frameHeader, ByteBuffer
headersPayload,
+byte[] padding, int streamId) {
+buildGetRequest(frameHeader, headersPayload, padding, streamId,
"/simple");
}
protected void buildLargeGetRequest(byte[] frameHeader, ByteBuffer
headersPayload, int streamId) {
-buildGetRequest(frameHeader, headersPayload, streamId, "/large");
+buildGetRequest(frameHeader, headersPayload, null, streamId, "/large");
}
-protected void buildGetRequest(byte[] frameHeader, ByteBuffer
headersPayload, int streamId,
-String url) {
+protected void buildGetRequest(byte[] frameHeader, ByteBuffer
headersPayload, byte[] padding,
+int streamId, String url) {
+if (padding != null) {
+headersPayload.put((byte) (0xFF & padding.length));
+}
MimeHeaders headers = new MimeHeaders();
headers.addValue(":method").setString("GET");
headers.addValue(":path").setString(url);
headers.addValue(":authority").setString("localhost:" + getPort());
hpackEncoder.encode(headers, headersPayload);
-
+if (padding != null) {
+headersPayload.put(padding);
+}
headersPayload.flip();
ByteUtil.setThreeBytes(frameHeader, 0, headersPayload.limit());
@@ -151,6 +162,9 @@ public abstract class Http2TestBase exte
frameHeader[3] = 0x01;
// Flags. end of headers (0x04). end of stream (0x01)
frameHeader[4] = 0x05;
+if (padding != null) {
+frameHeader[4] += 0x08;
+}
// Stream id
ByteUtil.set31Bits(frameHeader, 5, streamId);
}
Modified: tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_4_1.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_4_1.java?rev=1687117&r1=1687116&r2=1687117&view=diff
==
--- tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_4_1.java
(original)
+++ tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_4_1.java Tue Jun
23 19:19:56 2015
@@ -58,7 +58,7 @@ public class TestHttp2Section_4_1 extend
// Build the simple request
byte[] fram
buildbot exception in ASF Buildbot on tomcat-trunk
The Buildbot has detected a build exception on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1444 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1687117 Blamelist: markt BUILD FAILED: exception upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687119 - in /tomcat/trunk: java/org/apache/coyote/http2/Http2Parser.java java/org/apache/coyote/http2/LocalStrings.properties test/org/apache/coyote/http2/TestHttp2Section_6_2.java
Author: markt
Date: Tue Jun 23 19:28:15 2015
New Revision: 1687119
URL: http://svn.apache.org/r1687119
Log:
Add some more header frame + padding tests
Fix a bug in the parser (it didn't catch padding >= payload)
Modified:
tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java
tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties
tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_2.java
Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java?rev=1687119&r1=1687118&r2=1687119&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java Tue Jun 23
19:28:15 2015
@@ -144,7 +144,7 @@ class Http2Parser {
if (padLength >= payloadSize) {
throw new ConnectionException(
-
sm.getString("http2Parser.processFrameData.tooMuchPadding", connectionId,
+
sm.getString("http2Parser.processFrame.tooMuchPadding", connectionId,
Integer.toString(streamId),
Integer.toString(padLength),
Integer.toString(payloadSize)),
Http2Error.PROTOCOL_ERROR);
}
@@ -216,6 +216,12 @@ class Http2Parser {
int optionalPos = 0;
if (padding) {
padLength = ByteUtil.getOneByte(optional, optionalPos++);
+if (padLength >= payloadSize) {
+throw new ConnectionException(
+
sm.getString("http2Parser.processFrame.tooMuchPadding", connectionId,
+Integer.toString(streamId),
Integer.toString(padLength),
+Integer.toString(payloadSize)),
Http2Error.PROTOCOL_ERROR);
+}
}
if (priority) {
boolean exclusive = ByteUtil.isBit7Set(optional[optionalPos]);
Modified: tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties?rev=1687119&r1=1687118&r2=1687119&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties (original)
+++ tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties Tue Jun
23 19:28:15 2015
@@ -43,10 +43,10 @@ http2Parser.payloadTooBig=The payload is
http2Parser.preface.invalid=Invalid connection preface [{0}] presented
http2Parser.preface.io=Unable to read connection preface
http2Parser.processFrame=Connection [{0}], Stream [{1}], Frame type [{2}],
Flags [{3}], Payload size [{4}]
+http2Parser.processFrame.tooMuchPadding=Connection [{0}], Stream [{1}], The
padding length [{2}] was too big for the payload [{3}]
http2Parser.processFrame.unexpectedType=Expected frame type [{0}] but received
frame type [{1}]
http2Parser.processFrameContinuation.notExpected=Connection [{0}],
Continuation frame received for stream [{1}] when no headers were in progress
http2Parser.processFrameData.lengths=Connection [{0}], Stream [{1}], Data
length, [{2}], Padding length [{3}]
-http2Parser.processFrameData.tooMuchPadding=Connection [{0}], Stream [{1}],
The padding length [{2}] was too big for the payload [{3}]
http2Parser.processFrameGoaway.payloadTooSmall=Connection [{0}]: Goaway
payload size was [{1}] which is less than the minimum 8
http2Parser.processFrameHeaders.decodingFailed=There was an error during the
HPACK decoding of HTTP headers
http2Parser.processFrameHeaders.decodingDataLeft=Data left over after HPACK
decoding - it should have been consumed
Modified: tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_2.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_2.java?rev=1687119&r1=1687118&r2=1687119&view=diff
==
--- tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_2.java
(original)
+++ tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_2.java Tue Jun
23 19:28:15 2015
@@ -58,12 +58,62 @@ public class TestHttp2Section_6_2 extend
sendSimpleGetRequest(3, padding);
readSimpleGetResponse();
Assert.assertEquals(getSimpleResponseTrace(3), output.getTrace());
-output.clearTrace();
}
-// with non-zero padding
-// too much padding
+@Test
+public void testHeaderFrameWithNonZeroPadding() throws Exception {
+http2Connect();
-// zero length padding
+byte[] padding= new byte[8];
+padding[4] = 1;
+
+sendSimpleGetRequest(3, padding);
+
+// Goaway
+parser.readFrame(true);
+
+Ass
buildbot failure in ASF Buildbot on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1445 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1687119 Blamelist: markt BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: JASPIC Implementation pointers
On 23/06/2015 16:50, Fjodor Vershinin wrote: > Hi there! > > >> You still need to address the issue of a unique name for the JASPIC app >> context. > > I see your point. However, tomcat's implementation of uniqueness is against > JASPIC 1.1 specification. We must somehow document this feature. I'm reading that part of the spec now. Currently Tomcat returns the name of the host object (not necessarily the DNS host name) for ServletContext.getVirtualServerName(). Reading the Servlet spec more carefully, we can change that to engine-name/host-name and still be specification compliant. That would address the uniqueness issue for JASPIC as well as being a better implementation for getVirtualServerName(). >>> 1) I have prepared mechanism for registration embedded JASPIC modules >>> 2) Callback handler is singleton now >>> 3) Implemented JAAS Subject's support (it turned out, that it is >> mandatory). >>> 4) BASIC and DIGEST authenticators has been ported to JASPIC >>> I think these modules need to be carefully refactored though, then I will >>> prepare some tests. >> >> Why do you think these modules need to be refactored? Given the security >> nature of this code and that what you have currently is largely copied >> directly from the existing implementations, I'd be wary of making any >> changes without a good reason for doing so. > > Yes, we must be very careful with security implementations. However, I > would decouple JASPIC code from authentication algorithms and put them into > separate classes. I'm on the fence on this. I don't see it as a priority unless it is blocking something else. I'd file this under "come back to it if there is time at the end". >> 5) Fixed some bugs in implementation, such as lack of session caching >>> 6) Currently, I am working on some javadoc's, but I'll commit them later. >> >> Remember, little and often is better than a few larger code dumps. The >> recent commits have been fine but I would prefer to see 1 or 2 commits a >> day rather than a batch of 10+ commits once a week. > > > I agree, however I was intensively using rebase and squashing for commit > rewriting in order to get "feature per commit". I think it depends on > architectural tasks - currently we have architectural stuff done, so next > commits will require less rewriting. We don't have to merge into Tomcat until you are ready but it would be nice to see how the work is developing. >> 1) I need some convenient way to get user roles from Realm. I assume, that >>> every Principal is GenericPrincipal, but I guess that's not right. >> >> What for? The best way to handle this depends on why/where that >> information is needed. > > > I need this info in order to construct GenericPrincipal using callbacks. > Currently, Realm is returning GenericPrincipal, however, implementation is > hidden behind Principal interface. I need to do casting to get > GenericPrincipal object, because Principal doesn't have getRoles() method. I suspect that was the case. Casting is going to be fragile for users with custom realm implementation. I think what is required is a new method on Realm: String[] getRoles(Principal) For the current realms this should be a trivial implementation in RealmBase: - cast to GenericPrincipal - return getRoles() >>> 2) We need find a easy way for configuring embedded JASPIC modules. For >>> example, form authentication requires login page and error page. I think >>> that these parameters can be passed to JASPIC provider directly, but I'm >>> not sure. >> >> Currently the ContextConfig registers a new TomcatAuthConfigProvider for >> each web application. >> >> The TomcatAuthConfigProvider creates (lazily) a TomcatAuthConfig. >> >> The TomcatAuthConfig creates (lazily) TomcatServerAuthContext with all >> available modules. >> >> The TomcatAuthConfig then looks up the authentication type obtained from >> the request and maps it to the right module. >> >> Initialising all the modules when - typically - only one is required >> looks wrong to me. I'd expect the ContextConfig to specify (possibly >> even create and configure) the required modules and pass those to the >> TomcatAuthConfigProvider instance for the web application. > > > Yes, I agree, that it's better solution. I am not sure about constructing > auth modules in ContextConfig. May be we can pass LoginConfig info into > provider, and construct modules inside. That sounds even better to me. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56677] ApplicationHttpRequest does not override javax.servlet.ServletRequestWrapper#getServletContext()
https://bz.apache.org/bugzilla/show_bug.cgi?id=56677 --- Comment #6 from Sam Hokin --- I'm happy to report that this is indeed resolved in 7.0.62. Fedora 22 is still sitting on 7.0.59 (with the bug), but hopefully a tomcat update will reach the updates distro soon. Thanks! -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Time for Tomcat 7.0.63?
Hi, 2015-06-23 20:53 GMT+03:00 Christopher Schultz : > > All, > > Some recent bugs have been fixed and there is some community demand for > 7.0.63. > > e.g. > https://bz.apache.org/bugzilla/show_bug.cgi?id=57783 > > Violetta, are you up for another release? I want to fix this one https://bz.apache.org/bugzilla/show_bug.cgi?id=57700 Also I want to check this one https://bz.apache.org/bugzilla/show_bug.cgi?id=58063 So my plans are to start with Tomcat 7.0.63 preparation in 2-3 days. Regards, Violeta > > -chris >
