svn commit: r1687683 - in /tomcat/trunk/java/org/apache/catalina: core/ApplicationContext.java startup/ContextConfig.java
Author: markt
Date: Fri Jun 26 07:19:18 2015
New Revision: 1687683
URL: http://svn.apache.org/r1687683
Log:
Add engine name to virtual server name
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java
tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
Modified: tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java?rev=1687683&r1=1687682&r2=1687683&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java Fri Jun
26 07:19:18 2015
@@ -1458,7 +1458,9 @@ public class ApplicationContext
@Override
public String getVirtualServerName() {
// Constructor will fail if context or its parent is null
-return ((Host) context.getParent()).getName();
+Host host = (Host) context.getParent();
+Engine engine = (Engine) host.getParent();
+return engine.getName() + "/" + host.getName();
}
Modified: tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java?rev=1687683&r1=1687682&r2=1687683&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java (original)
+++ tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java Fri Jun 26
07:19:18 2015
@@ -459,7 +459,6 @@ public class ContextConfig implements Li
}
private String getJaspicAppContext() {
-// TODO: This might not be unique
return context.getServletContext().getVirtualServerName() + " " +
context.getPath();
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687685 - /tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java
Author: markt
Date: Fri Jun 26 07:20:29 2015
New Revision: 1687685
URL: http://svn.apache.org/r1687685
Log:
Simplify. Casts are unnecessary.
Modified:
tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java
Modified: tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java?rev=1687685&r1=1687684&r2=1687685&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java Fri Jun
26 07:20:29 2015
@@ -57,7 +57,6 @@ import org.apache.catalina.Container;
import org.apache.catalina.Context;
import org.apache.catalina.Engine;
import org.apache.catalina.Globals;
-import org.apache.catalina.Host;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.Service;
import org.apache.catalina.WebResourceRoot;
@@ -1458,8 +1457,8 @@ public class ApplicationContext
@Override
public String getVirtualServerName() {
// Constructor will fail if context or its parent is null
-Host host = (Host) context.getParent();
-Engine engine = (Engine) host.getParent();
+Container host = context.getParent();
+Container engine = host.getParent();
return engine.getName() + "/" + host.getName();
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot exception in ASF Buildbot on tomcat-trunk
The Buildbot has detected a build exception on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1465 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1687685 Blamelist: markt BUILD FAILED: exception upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687687 - in /tomcat/trunk/java/org/apache/catalina: authenticator/jaspic/provider/ startup/
Author: markt
Date: Fri Jun 26 07:27:49 2015
New Revision: 1687687
URL: http://svn.apache.org/r1687687
Log:
Use catalina context to configure jaspic provider
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java?rev=1687687&r1=1687686&r2=1687687&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
Fri Jun 26 07:27:49 2015
@@ -16,9 +16,6 @@
*/
package org.apache.catalina.authenticator.jaspic.provider;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
@@ -32,22 +29,27 @@ import org.apache.catalina.Realm;
import
org.apache.catalina.authenticator.jaspic.provider.modules.BasicAuthModule;
import
org.apache.catalina.authenticator.jaspic.provider.modules.DigestAuthModule;
import
org.apache.catalina.authenticator.jaspic.provider.modules.TomcatAuthModule;
+import org.apache.tomcat.util.descriptor.web.LoginConfig;
+import org.apache.tomcat.util.res.StringManager;
public class TomcatAuthConfig implements ServerAuthConfig {
+protected static final StringManager sm =
StringManager.getManager(TomcatAuthConfig.class);
private String messageLayer;
private String appContext;
private CallbackHandler handler;
private TomcatServerAuthContext tomcatServerAuthContext;
private Realm realm;
+private LoginConfig loginConfig;
public TomcatAuthConfig(String layer, String appContext, CallbackHandler
callbackHandler,
-Realm realm) {
+Realm realm, LoginConfig loginConfig) {
this.messageLayer = layer;
this.appContext = appContext;
this.handler = callbackHandler;
this.realm = realm;
+this.loginConfig = loginConfig;
}
@@ -70,8 +72,8 @@ public class TomcatAuthConfig implements
@Override
-public void refresh() {
-
+public synchronized void refresh() {
+this.tomcatServerAuthContext = null;
}
@@ -86,16 +88,34 @@ public class TomcatAuthConfig implements
public synchronized ServerAuthContext getAuthContext(String authContextID,
Subject serviceSubject, Map properties) throws AuthException {
if (this.tomcatServerAuthContext == null) {
-this.tomcatServerAuthContext = new
TomcatServerAuthContext(handler, getModules());
+this.tomcatServerAuthContext = new
TomcatServerAuthContext(handler, getModule());
}
return tomcatServerAuthContext;
}
-private Collection getModules() {
-List modules = new ArrayList<>();
-modules.add(new BasicAuthModule());
-modules.add(new DigestAuthModule(realm));
-return modules;
+private TomcatAuthModule getModule() throws AuthException {
+String authMethod = getAuthMethod();
+switch (authMethod) {
+case "BASIC": {
+return new BasicAuthModule();
+}
+case "DIGEST": {
+return new DigestAuthModule(realm);
+}
+default: {
+throw new AuthException(
+sm.getString("authenticator.jaspic.unknownAuthType",
authMethod));
+}
+}
+}
+
+
+/**
+ * Temporary workaround to get authentication method
+ * @return
+ */
+private String getAuthMethod() {
+return loginConfig.getAuthMethod().replace("JASPIC-", "");
}
}
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java?rev=1687687&r1=1687686&r2=1687687&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
Fri Jun 26 07:27:49 2015
@@ -25,21 +25,21 @@ import javax.security.auth.message.confi
import javax.security.auth.message.config.ClientAuthConfig;
import javax.security.auth.message.config.ServerAuthConfig;
+import org.apach
svn commit: r1687688 - /tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
Author: markt
Date: Fri Jun 26 07:29:01 2015
New Revision: 1687688
URL: http://svn.apache.org/r1687688
Log:
Add a TODO
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java?rev=1687688&r1=1687687&r2=1687688&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
Fri Jun 26 07:29:01 2015
@@ -84,6 +84,9 @@ public class JaspicAuthenticator extends
AuthStatus authStatus;
Subject subject = new Subject();
try {
+// TODO: A number of the method calls below are synchronised. For
+// something that may get called on every request that is a
+// potential bottleneck.
ServerAuthConfig authConfig =
configProvider.getServerAuthConfig(MESSAGE_LAYER,
appContext, callbackHandler);
String messageAuthContextId =
authConfig.getAuthContextID(messageInfo);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687691 - in /tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules: BasicAuthModule.java DigestAuthModule.java TomcatAuthModule.java
Author: markt
Date: Fri Jun 26 07:32:43 2015
New Revision: 1687691
URL: http://svn.apache.org/r1687691
Log:
Removed obsolete type methods from authentication modules
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java?rev=1687691&r1=1687690&r2=1687691&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
Fri Jun 26 07:32:43 2015
@@ -48,12 +48,6 @@ public class BasicAuthModule extends Tom
private CallbackHandler handler;
-@Override
-public String getAuthenticationType() {
-return "BASIC";
-}
-
-
@SuppressWarnings("rawtypes")
@Override
public void initialize(MessagePolicy requestPolicy, MessagePolicy
responsePolicy,
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java?rev=1687691&r1=1687690&r2=1687691&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
Fri Jun 26 07:32:43 2015
@@ -180,12 +180,6 @@ public class DigestAuthModule extends To
}
-@Override
-public String getAuthenticationType() {
-return "DIGEST";
-}
-
-
@SuppressWarnings("rawtypes")
@Override
public void initialize(MessagePolicy requestPolicy, MessagePolicy
responsePolicy,
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java?rev=1687691&r1=1687690&r2=1687691&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
Fri Jun 26 07:32:43 2015
@@ -36,9 +36,6 @@ public abstract class TomcatAuthModule i
protected static final StringManager sm =
StringManager.getManager(TomcatAuthModule.class);
-public abstract String getAuthenticationType();
-
-
protected boolean isMandatory(MessageInfo messageInfo) {
String mandatory = (String)
messageInfo.getMap().get(MessageInfoImpl.IS_MANDATORY);
return Boolean.parseBoolean(mandatory);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687700 - in /tomcat/trunk/java/org/apache/catalina/authenticator/jaspic: ./ provider/ provider/modules/
Author: markt
Date: Fri Jun 26 07:46:48 2015
New Revision: 1687700
URL: http://svn.apache.org/r1687700
Log:
Remove realm name and authentication type from security messages, this
information is set up per module now
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatServerAuthContext.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java?rev=1687700&r1=1687699&r2=1687700&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicAuthenticator.java
Fri Jun 26 07:46:48 2015
@@ -68,8 +68,7 @@ public class JaspicAuthenticator extends
return true;
}
-MessageInfoImpl messageInfo = new MessageInfoImpl(request, response,
true, getAuthMethod());
-messageInfo.setRealmName(getRealmName(context));
+MessageInfoImpl messageInfo = new MessageInfoImpl(request, response,
true);
AuthConfigFactory factory = AuthConfigFactory.getFactory();
String appContext = getAppContextId(request);
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java?rev=1687700&r1=1687699&r2=1687700&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/MessageInfoImpl.java
Fri Jun 26 07:46:48 2015
@@ -27,8 +27,6 @@ import org.apache.catalina.connector.Req
public class MessageInfoImpl implements MessageInfo {
public static final String IS_MANDATORY =
"javax.security.auth.message.MessagePolicy.isMandatory";
-public static final String AUTH_METHOD = "javax.servlet.http.authType";
-public static final String REALM_NAME = "javax.servlet.http.realmName";
private final Map map = new HashMap<>();
private HttpServletRequest request;
@@ -37,16 +35,10 @@ public class MessageInfoImpl implements
public MessageInfoImpl() {
}
-public MessageInfoImpl(Request request, HttpServletResponse response,
boolean authMandatory,
-String authMethod) {
+public MessageInfoImpl(Request request, HttpServletResponse response,
boolean authMandatory) {
this.request = request;
this.response = response;
map.put(IS_MANDATORY, Boolean.toString(authMandatory));
-map.put(AUTH_METHOD, authMethod);
-}
-
-public void setRealmName(String realmName) {
-map.put(REALM_NAME, realmName);
}
@Override
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java?rev=1687700&r1=1687699&r2=1687700&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfig.java
Fri Jun 26 07:46:48 2015
@@ -16,6 +16,7 @@
*/
package org.apache.catalina.authenticator.jaspic.provider;
+import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
@@ -88,12 +89,20 @@ public class TomcatAuthConfig implements
public synchronized ServerAuthContext getAuthContext(String authContextID,
Subject serviceSubject, Map properties) throws AuthException {
if (this.tomcatServerAuthContext == null) {
-this.tomcatServerAuthContext = new
TomcatServerAuthContext(handler, getModule());
+this.tomcatServerAuthContext = new
TomcatServerAuthContext(handler, getModule(),
+getOptions());
}
return tomcatServerAuthContext;
}
+private Map getOptions() {
+Map options = new HashMap<>();
+options.put(Tomca
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1466 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1687691 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687701 - in /tomcat/trunk/java/org/apache/catalina: Realm.java realm/LocalStrings.properties realm/RealmBase.java
Author: markt
Date: Fri Jun 26 07:48:29 2015
New Revision: 1687701
URL: http://svn.apache.org/r1687701
Log:
Added ability to get roles directly from realm
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/Realm.java
tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties
tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java
Modified: tomcat/trunk/java/org/apache/catalina/Realm.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/Realm.java?rev=1687701&r1=1687700&r2=1687701&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/Realm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/Realm.java Fri Jun 26 07:48:29 2015
@@ -208,4 +208,12 @@ public interface Realm {
* @param listener The listener to remove
*/
public void removePropertyChangeListener(PropertyChangeListener listener);
+
+
+/**
+ * Return roles associated with given principal
+ * @param principal
+ * @return principal roles
+ */
+public String[] getRoles(Principal principal);
}
Modified: tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties?rev=1687701&r1=1687700&r2=1687701&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/catalina/realm/LocalStrings.properties Fri Jun
26 07:48:29 2015
@@ -72,6 +72,7 @@ realmBase.createUsernameRetriever.ClassN
realmBase.createUsernameRetriever.InstantiationException=Cannot create object
of type {0}.
realmBase.createUsernameRetriever.IllegalAccessException=Cannot create object
of type {0}.
realmBase.credentialHandler.customCredentialHandler=Unable to set the property
[{0}] to value [{1}] as a custom CredentialHandler has been configured
+realmBase.cannotGetRoles=Cannot get roles from principal [{0}]
userDatabaseRealm.lookup=Exception looking up UserDatabase under key {0}
userDatabaseRealm.noDatabase=No UserDatabase component found under key {0}
dataSourceRealm.authenticateFailure=Username {0} NOT successfully authenticated
Modified: tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=1687701&r1=1687700&r2=1687701&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java Fri Jun 26
07:48:29 2015
@@ -1715,4 +1715,15 @@ public abstract class RealmBase extends
throw new
LifecycleException(sm.getString("realmBase.createUsernameRetriever.ClassCastException",
className), e);
}
}
+
+
+@Override
+public String[] getRoles(Principal principal) {
+if (principal instanceof GenericPrincipal) {
+return ((GenericPrincipal) principal).getRoles();
+}
+
+String className = principal.getClass().getSimpleName();
+throw new
IllegalStateException(sm.getString("realmBase.cannotGetRoles", className));
+}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687703 - /tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
Author: markt
Date: Fri Jun 26 07:50:24 2015
New Revision: 1687703
URL: http://svn.apache.org/r1687703
Log:
Get roles without casting in DIGEST auth module
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java?rev=1687703&r1=1687702&r2=1687703&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
Fri Jun 26 07:50:24 2015
@@ -38,7 +38,6 @@ import javax.servlet.http.HttpServletReq
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Realm;
-import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.util.StandardSessionIdGenerator;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -232,7 +231,7 @@ public class DigestAuthModule extends To
public AuthStatus validateRequest(MessageInfo messageInfo, Subject
clientSubject,
Subject serviceSubject) throws AuthException {
-GenericPrincipal principal = null;
+Principal principal = null;
HttpServletRequest request = (HttpServletRequest)
messageInfo.getRequestMessage();
HttpServletResponse response = (HttpServletResponse)
messageInfo.getResponseMessage();
String authorization = request.getHeader(AUTHORIZATION_HEADER);
@@ -252,8 +251,7 @@ public class DigestAuthModule extends To
}
if (digestInfo.validate(request)) {
-// TODO discuss a better way to get user roles
-principal = (GenericPrincipal) digestInfo.authenticate(realm);
+principal = digestInfo.authenticate(realm);
}
if (principal == null || digestInfo.isNonceStale()) {
@@ -266,8 +264,8 @@ public class DigestAuthModule extends To
try {
CallerPrincipalCallback principalCallback = new
CallerPrincipalCallback(clientSubject,
principal);
-GroupPrincipalCallback groupCallback = new
GroupPrincipalCallback(clientSubject,
-principal.getRoles());
+String[] roles = realm.getRoles(principal);
+GroupPrincipalCallback groupCallback = new
GroupPrincipalCallback(clientSubject, roles);
handler.handle(new Callback[] { principalCallback, groupCallback
});
} catch (IOException | UnsupportedCallbackException e) {
throw new AuthException(e.getMessage());
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687706 - in /tomcat/trunk/java/org/apache/catalina/authenticator/jaspic: ./ provider/ provider/modules/
Author: markt
Date: Fri Jun 26 07:56:50 2015
New Revision: 1687706
URL: http://svn.apache.org/r1687706
Log:
Some javadoc's for JASPIC implementation
Patch by fjodorver
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/TomcatAuthModule.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java?rev=1687706&r1=1687705&r2=1687706&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/JaspicCallbackHandler.java
Fri Jun 26 07:56:50 2015
@@ -31,7 +31,9 @@ import org.apache.catalina.Realm;
import org.apache.tomcat.util.res.StringManager;
/**
- * Callback handler which converts callbacks to realm.
+ * Callback handler which uses callbacks to construct JAAS Subject, which
+ * contains {@link org.apache.catalina.realm.GenericPrincipal} in private
+ * credentials.
*/
public class JaspicCallbackHandler implements CallbackHandler {
protected static final StringManager sm =
StringManager.getManager(JaspicCallbackHandler.class);
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java?rev=1687706&r1=1687705&r2=1687706&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/PrincipalGroupCallback.java
Fri Jun 26 07:56:50 2015
@@ -28,7 +28,7 @@ import javax.security.auth.message.callb
import org.apache.catalina.realm.GenericPrincipal;
/**
- * This class merges two principal callbacks into one tomcat's
+ * This class uses callbacks to construct JAAS Subject with
* {@link GenericPrincipal}.
*/
public class PrincipalGroupCallback {
@@ -44,6 +44,10 @@ public class PrincipalGroupCallback {
this.groupPrincipalCallback = groupPrincipalCallback;
}
+
+/**
+ * Enrich JAAS subject with Tomcat's {@link GenericPrincipal}.
+ */
public void configureSubject() {
GenericPrincipal principal = getPrincipal();
if (principal == null) {
@@ -66,7 +70,8 @@ public class PrincipalGroupCallback {
}
/**
- * Get tomcat's principal, which contains user principal and roles
+ * Get tomcat's principal, which contains user principal and roles.
+ *
* @return {@link GenericPrincipal}
*/
public GenericPrincipal getPrincipal() {
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java?rev=1687706&r1=1687705&r2=1687706&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/TomcatAuthConfigProvider.java
Fri Jun 26 07:56:50 2015
@@ -29,6 +29,10 @@ import org.apache.catalina.Context;
import org.apache.catalina.Realm;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
+/**
+ * Tomcat's context based JASPIC authentication provider. It returns
authentication
+ * modules depending on context login-config setup.
+ */
public class TomcatAuthConfigProvider implements AuthConfigProvider {
private Map providerProperties;
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java?rev=1687706&r1=1687705&r2=1687706&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/BasicAuthModule.java
Fri Jun 26 07:56:50 2015
@@ -40,6 +40,9 @@ import org.apache.tomcat.util.buf.ByteCh
import org.apache.tomcat.u
svn commit: r1687710 - in /tomcat/trunk: java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java test/org/apache/catalina/authenticator/TestJaspicDigestAuthenticator.java
Author: markt
Date: Fri Jun 26 08:07:37 2015
New Revision: 1687710
URL: http://svn.apache.org/r1687710
Log:
Ported test to validate JASPIC DIGEST implementation
Patch by fjodorver
Added:
tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicDigestAuthenticator.java
(with props)
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java?rev=1687710&r1=1687709&r2=1687710&view=diff
==
---
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/authenticator/jaspic/provider/modules/DigestAuthModule.java
Fri Jun 26 08:07:37 2015
@@ -238,18 +238,13 @@ public class DigestAuthModule extends To
DigestInfo digestInfo = new DigestInfo(getOpaque(),
getNonceValidity(), getKey(), nonces,
isValidateUri(), getRealmName());
-if (authorization == null) {
+if (authorization == null || !digestInfo.parse(request,
authorization)) {
String nonce = generateNonce(request);
-
String authenticateHeader = getAuthenticateHeader(nonce, false);
return sendUnauthorizedError(response, authenticateHeader);
}
-if (!digestInfo.parse(request, authorization)) {
-return AuthStatus.SEND_FAILURE;
-}
-
if (digestInfo.validate(request)) {
principal = digestInfo.authenticate(realm);
}
Added:
tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicDigestAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicDigestAuthenticator.java?rev=1687710&view=auto
==
---
tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicDigestAuthenticator.java
(added)
+++
tomcat/trunk/test/org/apache/catalina/authenticator/TestJaspicDigestAuthenticator.java
Fri Jun 26 08:07:37 2015
@@ -0,0 +1,410 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.authenticator;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.security.auth.message.config.AuthConfigFactory;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Assert;
+import org.junit.Ignore;
+import org.junit.Test;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.authenticator.jaspic.JaspicAuthenticator;
+import
org.apache.catalina.authenticator.jaspic.provider.TomcatAuthConfigProvider;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.core.TesterContext;
+import org.apache.catalina.startup.TesterMapRealm;
+import org.apache.catalina.startup.TesterServlet;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.catalina.startup.TomcatBaseTest;
+import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.descriptor.web.LoginConfig;
+import org.apache.tomcat.util.descriptor.web.SecurityCollection;
+import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+import org.apache.tomcat.util.security.ConcurrentMessageDigest;
+import org.apache.tomcat.util.security.MD5Encoder;
+
+public class TestJaspicDigestAuthenticator extends TomcatBaseTest {
+
+private static String USER = "user";
+private static String PWD = "pwd";
+private static String ROLE = "role";
+private static String URI = "/protected";
+private static String QUERY = "?foo=bar";
+private static String CONTEXT_PATH = "/foo";
+private static String CLIENT_AUTH_HEADER = "authorization";
+private static String REALM = "TestRealm";
+private static String C
Re: JASPIC Implementation pointers
On 25/06/2015 20:50, Fjodor Vershinin wrote: > Hi! > Fresh set of patches is ready. > What has been done: > 1) Added engine name to getVirtualServerName() > 2) Implemented method for getting roles directly from Realm, > 3) Authentication provider uses LoginConfig now, which gives us ability to > get different options directly from there. > 4) Added test for validating DIGEST auth module, however one test case is > ignored, because not implemented yet. > 5) Updated some javadocs to make them more specific and clear. All looks good and patches applied. I added a few comments to some of the patches. Thanks, Mark > > BR, > Fjodor > > 2015-06-23 23:18 GMT+03:00 Mark Thomas : > >> On 23/06/2015 16:50, Fjodor Vershinin wrote: >>> Hi there! >>> >>> You still need to address the issue of a unique name for the JASPIC app context. >>> >>> I see your point. However, tomcat's implementation of uniqueness is >> against >>> JASPIC 1.1 specification. We must somehow document this feature. >> >> I'm reading that part of the spec now. >> >> Currently Tomcat returns the name of the host object (not necessarily >> the DNS host name) for ServletContext.getVirtualServerName(). Reading >> the Servlet spec more carefully, we can change that to >> engine-name/host-name and still be specification compliant. That would >> address the uniqueness issue for JASPIC as well as being a better >> implementation for getVirtualServerName(). >> > 1) I have prepared mechanism for registration embedded JASPIC modules > 2) Callback handler is singleton now > 3) Implemented JAAS Subject's support (it turned out, that it is mandatory). > 4) BASIC and DIGEST authenticators has been ported to JASPIC > I think these modules need to be carefully refactored though, then I >> will > prepare some tests. Why do you think these modules need to be refactored? Given the security nature of this code and that what you have currently is largely copied directly from the existing implementations, I'd be wary of making any changes without a good reason for doing so. >>> >>> Yes, we must be very careful with security implementations. However, I >>> would decouple JASPIC code from authentication algorithms and put them >> into >>> separate classes. >> >> I'm on the fence on this. I don't see it as a priority unless it is >> blocking something else. I'd file this under "come back to it if there >> is time at the end". >> 5) Fixed some bugs in implementation, such as lack of session caching > 6) Currently, I am working on some javadoc's, but I'll commit them >> later. Remember, little and often is better than a few larger code dumps. The recent commits have been fine but I would prefer to see 1 or 2 commits a day rather than a batch of 10+ commits once a week. >>> >>> >>> I agree, however I was intensively using rebase and squashing for commit >>> rewriting in order to get "feature per commit". I think it depends on >>> architectural tasks - currently we have architectural stuff done, so next >>> commits will require less rewriting. >> >> We don't have to merge into Tomcat until you are ready but it would be >> nice to see how the work is developing. >> 1) I need some convenient way to get user roles from Realm. I assume, >> that > every Principal is GenericPrincipal, but I guess that's not right. What for? The best way to handle this depends on why/where that information is needed. >>> >>> >>> I need this info in order to construct GenericPrincipal using callbacks. >>> Currently, Realm is returning GenericPrincipal, however, implementation >> is >>> hidden behind Principal interface. I need to do casting to get >>> GenericPrincipal object, because Principal doesn't have getRoles() >> method. >> >> I suspect that was the case. Casting is going to be fragile for users >> with custom realm implementation. I think what is required is a new >> method on Realm: >> >> String[] getRoles(Principal) >> >> For the current realms this should be a trivial implementation in >> RealmBase: >> - cast to GenericPrincipal >> - return getRoles() >> >> > 2) We need find a easy way for configuring embedded JASPIC modules. For > example, form authentication requires login page and error page. I >> think > that these parameters can be passed to JASPIC provider directly, but >> I'm > not sure. Currently the ContextConfig registers a new TomcatAuthConfigProvider for each web application. The TomcatAuthConfigProvider creates (lazily) a TomcatAuthConfig. The TomcatAuthConfig creates (lazily) TomcatServerAuthContext with all available modules. The TomcatAuthConfig then looks up the authentication type obtained from the request and maps it to the right module. Initialising all the modules when - typically - only one is required looks wrong to me. I'd expect the ContextConfig to specify (p
svn commit: r1687714 - /tomcat/trunk/TOMCAT-NEXT.txt
Author: markt Date: Fri Jun 26 08:40:04 2015 New Revision: 1687714 URL: http://svn.apache.org/r1687714 Log: Update Modified: tomcat/trunk/TOMCAT-NEXT.txt Modified: tomcat/trunk/TOMCAT-NEXT.txt URL: http://svn.apache.org/viewvc/tomcat/trunk/TOMCAT-NEXT.txt?rev=1687714&r1=1687713&r2=1687714&view=diff == --- tomcat/trunk/TOMCAT-NEXT.txt (original) +++ tomcat/trunk/TOMCAT-NEXT.txt Fri Jun 26 08:40:04 2015 @@ -17,7 +17,7 @@ Notes of things to consider for the next major Tomcat release (9.0.x) - 1. Fix Java 8 Javadoc warnings. Currently ~2800. + 1. Fix Java 8 Javadoc warnings. Currently ~2650. 2. DONE. Remove BIO AJP and HTTP connector. @@ -25,7 +25,8 @@ Notes of things to consider for the next 3. DONE. Remove Comet support. - 4. Refactor the connectors to minimise code duplication. + 4. DONE. +Refactor the connectors to minimise code duplication. - All implementation specific per connector code -> Endpoint - All implementation specific per connection code -> SocketWrapper - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687715 - in /tomcat/tc7.0.x/trunk: java/org/apache/catalina/valves/SSLValve.java webapps/docs/changelog.xml webapps/docs/config/valve.xml
Author: remm
Date: Fri Jun 26 08:45:09 2015
New Revision: 1687715
URL: http://svn.apache.org/r1687715
Log:
Port r1607309 and followups to add header configuration for the SSLValve.
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/SSLValve.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/SSLValve.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/SSLValve.java?rev=1687715&r1=1687714&r2=1687715&view=diff
==
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/SSLValve.java
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/valves/SSLValve.java Fri Jun
26 08:45:09 2015
@@ -64,6 +64,10 @@ public class SSLValve extends ValveBase
private static final Log log = LogFactory.getLog(SSLValve.class);
+private String sslClientCertHeader = "ssl_client_cert";
+private String sslCipherHeader = "ssl_cipher";
+private String sslSessionIdHeader = "ssl_session_id";
+private String sslCipherUserKeySizeHeader = "ssl_cipher_usekeysize";
//-- Constructor
public SSLValve() {
@@ -71,6 +75,38 @@ public class SSLValve extends ValveBase
}
+public String getSslClientCertHeader() {
+return sslClientCertHeader;
+}
+
+public void setSslClientCertHeader(String sslClientCertHeader) {
+this.sslClientCertHeader = sslClientCertHeader;
+}
+
+public String getSslCipherHeader() {
+return sslCipherHeader;
+}
+
+public void setSslCipherHeader(String sslCipherHeader) {
+this.sslCipherHeader = sslCipherHeader;
+}
+
+public String getSslSessionIdHeader() {
+return sslSessionIdHeader;
+}
+
+public void setSslSessionIdHeader(String sslSessionIdHeader) {
+this.sslSessionIdHeader = sslSessionIdHeader;
+}
+
+public String getSslCipherUserKeySizeHeader() {
+return sslCipherUserKeySizeHeader;
+}
+
+public void setSslCipherUserKeySizeHeader(String
sslCipherUserKeySizeHeader) {
+this.sslCipherUserKeySizeHeader = sslCipherUserKeySizeHeader;
+}
+
public String mygetHeader(Request request, String header) {
String strcert0 = request.getHeader(header);
@@ -88,7 +124,7 @@ public class SSLValve extends ValveBase
throws IOException, ServletException {
/* mod_header converts the '\n' into ' ' so we have to rebuild the
client certificate */
-String strcert0 = mygetHeader(request, "ssl_client_cert");
+String strcert0 = mygetHeader(request, sslClientCertHeader);
if (strcert0 != null && strcert0.length()>28) {
String strcert1 = strcert0.replace(' ', '\n');
String strcert2 = strcert1.substring(28, strcert1.length()-26);
@@ -119,16 +155,16 @@ public class SSLValve extends ValveBase
}
request.setAttribute(Globals.CERTIFICATES_ATTR, jsseCerts);
}
-strcert0 = mygetHeader(request, "ssl_cipher");
+strcert0 = mygetHeader(request, sslCipherHeader);
if (strcert0 != null) {
request.setAttribute(Globals.CIPHER_SUITE_ATTR, strcert0);
}
-strcert0 = mygetHeader(request, "ssl_session_id");
+strcert0 = mygetHeader(request, sslSessionIdHeader);
if (strcert0 != null) {
request.setAttribute(Globals.SSL_SESSION_ID_ATTR, strcert0);
request.setAttribute(Globals.SSL_SESSION_ID_TOMCAT_ATTR, strcert0);
}
-strcert0 = mygetHeader(request, "ssl_cipher_usekeysize");
+strcert0 = mygetHeader(request, sslCipherUserKeySizeHeader);
if (strcert0 != null) {
request.setAttribute(Globals.KEY_SIZE_ATTR,
Integer.valueOf(strcert0));
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1687715&r1=1687714&r2=1687715&view=diff
==
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Fri Jun 26 08:45:09 2015
@@ -107,6 +107,9 @@
57700: Ensure that Container event
ADD_CHILD_EVENT will be sent in all cases. (violetagg)
+
+Add configuration fields for header names in SSLValve. (remm)
+
Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml?rev=1687715&r1=1687714&r2=1687715&view=diff
==
--- tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/co
svn commit: r1687719 - /tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_5.java
Author: markt
Date: Fri Jun 26 08:54:08 2015
New Revision: 1687719
URL: http://svn.apache.org/r1687719
Log:
Add unit tests for settings frames.
Added:
tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_5.java (with
props)
Added: tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_5.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_5.java?rev=1687719&view=auto
==
--- tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_5.java (added)
+++ tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_5.java Fri Jun
26 08:54:08 2015
@@ -0,0 +1,151 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.coyote.http2;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ * Unit tests for Section 6.4 of
+ * https://tools.ietf.org/html/rfc7540";>RFC 7540.
+ *
+ * The order of tests in this class is aligned with the order of the
+ * requirements in the RFC.
+ */
+public class TestHttp2Section_6_5 extends Http2TestBase {
+
+
+@Test
+public void testSettingsFrameNonEmptAck() throws Exception {
+// HTTP2 upgrade
+http2Connect();
+
+sendSettings(0, true, new Setting(1,1));
+
+// Go away
+parser.readFrame(true);
+
+Assert.assertTrue(output.getTrace(), output.getTrace().startsWith(
+"0-Goaway-[1]-[" + Http2Error.FRAME_SIZE_ERROR.getCode() +
"]-["));
+}
+
+
+@Test
+public void testSettingsFrameNonZeroStream() throws Exception {
+// HTTP2 upgrade
+http2Connect();
+
+sendPriority(3, 0, 15);
+sendSettings(3, true, new Setting(1,1));
+
+// Go away
+parser.readFrame(true);
+
+Assert.assertTrue(output.getTrace(), output.getTrace().startsWith(
+"0-Goaway-[1]-[" + Http2Error.PROTOCOL_ERROR.getCode() +
"]-["));
+}
+
+
+@Test
+public void testSettingsFrameWrongLength() throws Exception {
+// HTTP2 upgrade
+http2Connect();
+
+byte[] resetFrame = new byte[10];
+// length
+ByteUtil.setThreeBytes(resetFrame, 0, 1);
+// type
+resetFrame[3] = FrameType.SETTINGS.getIdByte();
+// No flags
+// Stream ID 0
+
+// Payload - left as zero
+
+os.write(resetFrame);
+os.flush();
+
+// Read GOAWAY frame
+parser.readFrame(true);
+
+Assert.assertTrue(output.getTrace(), output.getTrace().startsWith(
+"0-Goaway-[1]-[" + Http2Error.FRAME_SIZE_ERROR.getCode() +
"]-["));
+}
+
+
+// Need to test sending push promise when push promise suport is disabled
+
+@Test
+public void testSettingsFrameInvalidPushSetting() throws Exception {
+// HTTP2 upgrade
+http2Connect();
+
+sendSettings(0, false, new Setting(0x2,0x2));
+
+// Go away
+parser.readFrame(true);
+
+Assert.assertTrue(output.getTrace(), output.getTrace().startsWith(
+"0-Goaway-[1]-[" + Http2Error.PROTOCOL_ERROR.getCode() +
"]-["));
+}
+
+
+@Test
+public void testSettingsFrameInvalidWindowSizeSetting() throws Exception {
+// HTTP2 upgrade
+http2Connect();
+
+sendSettings(0, false, new Setting(0x4,1 << 31));
+
+// Go away
+parser.readFrame(true);
+
+Assert.assertTrue(output.getTrace(), output.getTrace().startsWith(
+"0-Goaway-[1]-[" + Http2Error.FLOW_CONTROL_ERROR.getCode() +
"]-["));
+}
+
+
+@Test
+public void testSettingsFrameInvalidMaxFrameSizeSetting() throws Exception
{
+// HTTP2 upgrade
+http2Connect();
+
+sendSettings(0, false, new Setting(0x5,1 << 31));
+
+// Go away
+parser.readFrame(true);
+
+Assert.assertTrue(output.getTrace(), output.getTrace().startsWith(
+"0-Goaway-[1]-[" + Http2Error.PROTOCOL_ERROR.getCode() +
"]-["));
+}
+
+
+@Test
+public void testSettingsUnknownSetting() throws Exception {
+// HTTP2 upgrade
+http2Connect();
+
+sendSettings(0, false, new Setting(0xFF,0xFF
svn commit: r1687720 - in /tomcat/trunk: java/org/apache/coyote/http2/ test/org/apache/coyote/http2/
Author: markt
Date: Fri Jun 26 09:17:57 2015
New Revision: 1687720
URL: http://svn.apache.org/r1687720
Log:
Add unit tests for HTTP/2 Ping frames
Expose the payload for ping ack frames as well as non-ack
Added:
tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_7.java (with
props)
Modified:
tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java
tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java
tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java
tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_5_5.java
tomcat/trunk/test/org/apache/coyote/http2/TestHttp2Section_6_5.java
Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java?rev=1687720&r1=1687719&r2=1687720&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http2/Http2Parser.java Fri Jun 26
09:17:57 2015
@@ -313,14 +313,10 @@ class Http2Parser {
private void readPingFrame(int flags) throws IOException {
-if (Flags.isAck(flags)) {
-output.pingAck();
-} else {
-// Read the payload
-byte[] payload = new byte[8];
-input.fill(true, payload);
-output.pingReceive(payload);
-}
+// Read the payload
+byte[] payload = new byte[8];
+input.fill(true, payload);
+output.pingReceive(payload, Flags.isAck(flags));
}
@@ -600,8 +596,7 @@ class Http2Parser {
void settingsEnd(boolean ack) throws IOException;
// Ping frames
-void pingReceive(byte[] payload) throws IOException;
-void pingAck();
+void pingReceive(byte[] payload, boolean ack) throws IOException;
// Goaway
void goaway(int lastStreamId, long errorCode, String debugData);
Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java?rev=1687720&r1=1687719&r2=1687720&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java Fri Jun
26 09:17:57 2015
@@ -903,22 +903,18 @@ public class Http2UpgradeHandler extends
@Override
-public void pingReceive(byte[] payload) throws IOException {
-// Echo it back
-synchronized (socketWrapper) {
-socketWrapper.write(true, PING_ACK, 0, PING_ACK.length);
-socketWrapper.write(true, payload, 0, payload.length);
-socketWrapper.flush(true);
+public void pingReceive(byte[] payload, boolean ack) throws IOException {
+if (!ack) {
+// Echo it back
+synchronized (socketWrapper) {
+socketWrapper.write(true, PING_ACK, 0, PING_ACK.length);
+socketWrapper.write(true, payload, 0, payload.length);
+socketWrapper.flush(true);
+}
}
}
-@Override
-public void pingAck() {
-// TODO Auto-generated method stub
-}
-
-
@Override
public void goaway(int lastStreamId, long errorCode, String debugData) {
if (log.isDebugEnabled()) {
Modified: tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java?rev=1687720&r1=1687719&r2=1687720&view=diff
==
--- tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java (original)
+++ tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java Fri Jun 26
09:17:57 2015
@@ -57,10 +57,6 @@ public abstract class Http2TestBase exte
{ 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00 };
static final String EMPTY_HTTP2_SETTINGS_HEADER;
-private static final byte[] PING_FRAME = new byte[] {
-0x00, 0x00, 0x08, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
-
static {
byte[] empty = new byte[0];
EMPTY_HTTP2_SETTINGS_HEADER = "HTTP2-Settings: " +
Base64.encodeBase64String(empty) + "\r\n";
@@ -488,7 +484,24 @@ public abstract class Http2TestBase exte
void sendPing() throws IOException {
-os.write(PING_FRAME);
+sendPing(0, false, new byte[8]);
+}
+
+
+void sendPing(int streamId, boolean ack, byte[] payload) throws
IOException {
+byte[] pingHeader = new byte[9];
+// length
+ByteUtil.setThreeBytes(pingHeader, 0, payload.length);
+// Type
+pingHeader[3] = FrameType.PING.getIdByte();
+// Flags
+
buildbot failure in ASF Buildbot on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1472 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1687720 Blamelist: markt BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687741 - /tomcat/trunk/test/org/apache/catalina/core/TestAsyncContextImpl.java
Author: markt Date: Fri Jun 26 10:35:53 2015 New Revision: 1687741 URL: http://svn.apache.org/r1687741 Log: Increase timeout in an attempt to reduce false failures in the CI systems Modified: tomcat/trunk/test/org/apache/catalina/core/TestAsyncContextImpl.java Modified: tomcat/trunk/test/org/apache/catalina/core/TestAsyncContextImpl.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/core/TestAsyncContextImpl.java?rev=1687741&r1=1687740&r2=1687741&view=diff == --- tomcat/trunk/test/org/apache/catalina/core/TestAsyncContextImpl.java (original) +++ tomcat/trunk/test/org/apache/catalina/core/TestAsyncContextImpl.java Fri Jun 26 10:35:53 2015 @@ -65,7 +65,7 @@ public class TestAsyncContextImpl extend // Timeout thread (where used) checks for timeout every second private static final long TIMEOUT_MARGIN = 1000; // Default timeout for these tests -private static final long TIMEOUT = 3000; +private static final long TIMEOUT = 5000; private static StringBuilder tracker; - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot exception in ASF Buildbot on tomcat-trunk
The Buildbot has detected a build exception on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1473 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1687741 Blamelist: markt BUILD FAILED: exception upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687748 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
Author: markt
Date: Fri Jun 26 10:53:42 2015
New Revision: 1687748
URL: http://svn.apache.org/r1687748
Log:
OpenSSL added ciphers 0x00A8 and 0x00A9
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java?rev=1687748&r1=1687747&r2=1687748&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java Fri
Jun 26 10:53:42 2015
@@ -1808,8 +1808,38 @@ public enum Cipher {
256,
256
),
+// Cipher A8
+TLS_PSK_WITH_AES_128_GCM_SHA256(
+0x00A8,
+"PSK-AES128-GCM-SHA256",
+KeyExchange.PSK,
+Authentication.PSK,
+Encryption.AES128GCM,
+MessageDigest.AEAD,
+Protocol.TLSv1_2,
+false,
+EncryptionLevel.HIGH,
+true,
+128,
+128
+),
+// Cipher A9
+TLS_PSK_WITH_AES_256_GCM_SHA384(
+0x00A9,
+"PSK-AES128-GCM-SHA384",
+KeyExchange.PSK,
+Authentication.PSK,
+Encryption.AES256GCM,
+MessageDigest.AEAD,
+Protocol.TLSv1_2,
+false,
+EncryptionLevel.HIGH,
+true,
+256,
+256
+),
-/* PSK ciphers 0x00A8 to 0x00B9
+/* PSK ciphers 0x00AA to 0x00B9
* Unsupported by both Java and OpenSSL
*/
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687750 - /tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
Author: markt
Date: Fri Jun 26 11:03:45 2015
New Revision: 1687750
URL: http://svn.apache.org/r1687750
Log:
Fix Gump. The IBM JRE does not implement this new cipher
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java?rev=1687750&r1=1687749&r2=1687750&view=diff
==
--- tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
(original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
Fri Jun 26 11:03:45 2015
@@ -605,6 +605,7 @@ public class TestCipher {
"IDEA-CBC-SHA+SSLv3",
"PSK-3DES-EDE-CBC-SHA+SSLv3",
"PSK-AES128-CBC-SHA+SSLv3",
+"PSK-AES128-GCM-SHA256+TLSv1.2",
"PSK-AES256-CBC-SHA+SSLv3",
"PSK-RC4-SHA+SSLv3",
"RC2-CBC-MD5+SSLv2",
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687751 - /tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
Author: markt
Date: Fri Jun 26 11:05:08 2015
New Revision: 1687751
URL: http://svn.apache.org/r1687751
Log:
Fix Gump. The IBM JRE does not implement this new cipher
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java?rev=1687751&r1=1687750&r2=1687751&view=diff
==
--- tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
(original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
Fri Jun 26 11:05:08 2015
@@ -607,6 +607,7 @@ public class TestCipher {
"PSK-AES128-CBC-SHA+SSLv3",
"PSK-AES128-GCM-SHA256+TLSv1.2",
"PSK-AES256-CBC-SHA+SSLv3",
+"PSK-AES256-GCM-SHA384+TLSv1.2",
"PSK-RC4-SHA+SSLv3",
"RC2-CBC-MD5+SSLv2",
"RC4-MD5+SSLv2",
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1474 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1687748 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687752 - /tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
Author: markt
Date: Fri Jun 26 11:12:35 2015
New Revision: 1687752
URL: http://svn.apache.org/r1687752
Log:
Fix Gump. The Oracle JRE does not implement these new ciphers either
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java?rev=1687752&r1=1687751&r2=1687752&view=diff
==
--- tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
(original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
Fri Jun 26 11:12:35 2015
@@ -404,6 +404,8 @@ public class TestCipher {
"EXP-RC2-CBC-MD5+SSLv2",
"EXP-RC4-MD5+SSLv2",
"IDEA-CBC-MD5+SSLv2",
+"PSK-AES128-GCM-SHA256+TLSv1.2",
+"PSK-AES256-GCM-SHA384+TLSv1.2",
"RC2-CBC-MD5+SSLv2",
"RC4-MD5+SSLv2")));
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot exception in ASF Buildbot on tomcat-trunk
The Buildbot has detected a build exception on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1476 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1687752 Blamelist: markt BUILD FAILED: exception svn upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687757 - /tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
Author: markt
Date: Fri Jun 26 11:22:27 2015
New Revision: 1687757
URL: http://svn.apache.org/r1687757
Log:
Correct OpenSSL name
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java?rev=1687757&r1=1687756&r2=1687757&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java Fri
Jun 26 11:22:27 2015
@@ -1826,7 +1826,7 @@ public enum Cipher {
// Cipher A9
TLS_PSK_WITH_AES_256_GCM_SHA384(
0x00A9,
-"PSK-AES128-GCM-SHA384",
+"PSK-AES256-GCM-SHA384",
KeyExchange.PSK,
Authentication.PSK,
Encryption.AES256GCM,
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687758 - /tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
Author: markt
Date: Fri Jun 26 11:22:46 2015
New Revision: 1687758
URL: http://svn.apache.org/r1687758
Log:
Oracle does know about these
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java?rev=1687758&r1=1687757&r2=1687758&view=diff
==
--- tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
(original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
Fri Jun 26 11:22:46 2015
@@ -404,8 +404,6 @@ public class TestCipher {
"EXP-RC2-CBC-MD5+SSLv2",
"EXP-RC4-MD5+SSLv2",
"IDEA-CBC-MD5+SSLv2",
-"PSK-AES128-GCM-SHA256+TLSv1.2",
-"PSK-AES256-GCM-SHA384+TLSv1.2",
"RC2-CBC-MD5+SSLv2",
"RC4-MD5+SSLv2")));
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1477 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1687758 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687770 - in /tomcat/tc8.0.x/trunk: java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java test/org/apache/tomcat/util/net/j
Author: markt
Date: Fri Jun 26 12:54:56 2015
New Revision: 1687770
URL: http://svn.apache.org/r1687770
Log:
Update Ciphers to:
- add IDs
- correct strength bits
- comment on missing Ciphers
- add new Ciphers
Update unit tests to account for above changes
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestCipher.java
tomcat/tc8.0.x/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
Modified:
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
URL:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java?rev=1687770&r1=1687769&r2=1687770&view=diff
==
---
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
(original)
+++
tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/net/jsse/openssl/Cipher.java
Fri Jun 26 12:54:56 2015
@@ -19,12 +19,16 @@ package org.apache.tomcat.util.net.jsse.
import java.util.Arrays;
import java.util.Collections;
+import java.util.HashMap;
import java.util.HashSet;
+import java.util.Map;
import java.util.Set;
/**
* All the standard cipher suites for SSL/TSL.
*
+ * @see https://github.com/openssl/openssl/blob/master/ssl/s3_lib.c";
+ * >OpenSSL cipher definitions
* @see http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4";
* >The cipher suite registry
* @see https://www.thesprawl.org/research/tls-and-ssl-cipher-suites/";
@@ -33,11 +37,23 @@ import java.util.Set;
* >Oracle standard names for cipher suites
* @see https://www.openssl.org/docs/apps/ciphers.html";
* >Mapping of OpenSSL cipher suites names to registry names
+ * @see https://github.com/ssllabs/sslhaf/blob/0.1.x/suites.csv";
+ * >SSL Labs tool - list of ciphers
+ * @see http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/e30cd0d37abf/src/java.base/share/classes/sun/security/ssl/CipherSuite.java";
+ * >OpenJDK source code
*/
public enum Cipher {
+
+/* Cipher 0
+ * TLS_NULL_WITH_NULL_NULL
+ * Must never be negotiated. Used internally to represent the initial
+ * unprotected state of a connection.
+ */
+
/* The RSA ciphers */
// Cipher 01
TLS_RSA_WITH_NULL_MD5(
+0x0001,
"NULL-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -53,6 +69,7 @@ public enum Cipher {
),
// Cipher 02
TLS_RSA_WITH_NULL_SHA(
+0x0002,
"NULL-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -68,6 +85,7 @@ public enum Cipher {
),
// Cipher 03
TLS_RSA_EXPORT_WITH_RC4_40_MD5(
+0x0003,
"EXP-RC4-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -83,6 +101,7 @@ public enum Cipher {
),
// Cipher 04
TLS_RSA_WITH_RC4_128_MD5(
+0x0004,
"RC4-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -98,6 +117,7 @@ public enum Cipher {
),
// Cipher 05
TLS_RSA_WITH_RC4_128_SHA(
+0x0005,
"RC4-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -113,6 +133,7 @@ public enum Cipher {
),
// Cipher 06
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5(
+0x0006,
"EXP-RC2-CBC-MD5",
KeyExchange.RSA,
Authentication.RSA,
@@ -128,6 +149,7 @@ public enum Cipher {
),
// Cipher 07
TLS_RSA_WITH_IDEA_CBC_SHA(
+0x0007,
"IDEA-CBC-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -143,6 +165,7 @@ public enum Cipher {
),
// Cipher 08
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA(
+0x0008,
"EXP-DES-CBC-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -158,6 +181,7 @@ public enum Cipher {
),
// Cipher 09
TLS_RSA_WITH_DES_CBC_SHA(
+0x0009,
"DES-CBC-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -173,6 +197,7 @@ public enum Cipher {
),
// Cipher 0A
TLS_RSA_WITH_3DES_EDE_CBC_SHA(
+0x000A,
"DES-CBC3-SHA",
KeyExchange.RSA,
Authentication.RSA,
@@ -182,13 +207,14 @@ public enum Cipher {
false,
EncryptionLevel.HIGH,
true,
-168,
+112,
168,
"SSL_RSA_WITH_3DES_EDE_CBC_SHA"
),
/* The DH ciphers */
// Cipher 0B
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA(
+0x000B,
"EXP-DH-DSS-DES-CBC-SHA",
KeyExchange.DHd,
Authentication.DH,
@@ -204,6 +230,7 @@ public enum Cipher {
),
// Cipher 0C
TLS_DH_DSS_WITH_DES_CBC_SHA(
+0x000C,
svn commit: r1687781 - /tomcat/native/trunk/native/src/ssl.c
Author: jfclere
Date: Fri Jun 26 14:53:21 2015
New Revision: 1687781
URL: http://svn.apache.org/r1687781
Log:
Fix a warning.
Modified:
tomcat/native/trunk/native/src/ssl.c
Modified: tomcat/native/trunk/native/src/ssl.c
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/ssl.c?rev=1687781&r1=1687780&r2=1687781&view=diff
==
--- tomcat/native/trunk/native/src/ssl.c (original)
+++ tomcat/native/trunk/native/src/ssl.c Fri Jun 26 14:53:21 2015
@@ -1149,7 +1149,7 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SS
}
if ((con = apr_pcalloc(c->pool, sizeof(tcn_ssl_conn_t))) == NULL) {
tcn_ThrowAPRException(e, apr_get_os_error());
-return NULL;
+return 0;
}
con->pool = c->pool;
con->ctx = c;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687824 - /tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java
Author: markt
Date: Fri Jun 26 17:46:45 2015
New Revision: 1687824
URL: http://svn.apache.org/r1687824
Log:
Remove unnecessary code
Modified:
tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java
Modified: tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java?rev=1687824&r1=1687823&r2=1687824&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java
(original)
+++ tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java Fri Jun
26 17:46:45 2015
@@ -268,7 +268,6 @@ public class Http2UpgradeHandler extends
log.debug(sm.getString("upgradeHandler.ioerror",
connectionId), ioe);
}
close();
-result = SocketState.CLOSED;
break;
}
@@ -283,7 +282,6 @@ public class Http2UpgradeHandler extends
log.debug(sm.getString("upgradeHandler.ioerror",
connectionId), ioe);
}
close();
-result = SocketState.CLOSED;
break;
}
@@ -305,7 +303,6 @@ public class Http2UpgradeHandler extends
// For all of the above, including the unexpected values, close the
// connection.
close();
-result = SocketState.CLOSED;
break;
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687833 - /tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
Author: markt
Date: Fri Jun 26 18:41:49 2015
New Revision: 1687833
URL: http://svn.apache.org/r1687833
Log:
Correct the description. This is the Poller, not the Acceptor.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?rev=1687833&r1=1687832&r2=1687833&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Fri Jun 26
18:41:49 2015
@@ -789,9 +789,11 @@ public class NioEndpoint extends Abstrac
}
return ka;
}
+
/**
- * The background thread that listens for incoming TCP/IP connections
and
- * hands them off to an appropriate processor.
+ * The background thread that adds sockets to the Poller, checks the
+ * poller for triggered events and hands the associated socket off to
an
+ * appropriate processor as events occur.
*/
@Override
public void run() {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687834 - /tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
Author: markt
Date: Fri Jun 26 18:43:46 2015
New Revision: 1687834
URL: http://svn.apache.org/r1687834
Log:
Pausing the endpoint should not pause the poller. The poller needs to continue
to operate to enable async, non-blocking I/O and HTTP/2 connections to complete.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?rev=1687834&r1=1687833&r2=1687834&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Fri Jun 26
18:43:46 2015
@@ -799,14 +799,6 @@ public class NioEndpoint extends Abstrac
public void run() {
// Loop until destroy() is called
while (true) {
-// Loop if endpoint is paused
-while (paused && (!close) ) {
-try {
-Thread.sleep(100);
-} catch (InterruptedException e) {
-// Ignore
-}
-}
boolean hasEvents = false;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687835 - /tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
Author: markt
Date: Fri Jun 26 18:44:33 2015
New Revision: 1687835
URL: http://svn.apache.org/r1687835
Log:
Correct the description. This is the Poller, not the Acceptor.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1687835&r1=1687834&r2=1687835&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Fri Jun 26
18:44:33 2015
@@ -1607,8 +1607,9 @@ public class AprEndpoint extends Abstrac
}
/**
- * The background thread that listens for incoming TCP/IP connections
- * and hands them off to an appropriate processor.
+ * The background thread that adds sockets to the Poller, checks the
+ * poller for triggered events and hands the associated socket off to
an
+ * appropriate processor as events occur.
*/
@Override
public void run() {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687836 - /tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
Author: markt
Date: Fri Jun 26 18:45:04 2015
New Revision: 1687836
URL: http://svn.apache.org/r1687836
Log:
Pausing the endpoint should not pause the poller. The poller needs to continue
to operate to enable async, non-blocking I/O and HTTP/2 connections to complete.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1687836&r1=1687835&r2=1687836&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Fri Jun 26
18:45:04 2015
@@ -1620,14 +1620,6 @@ public class AprEndpoint extends Abstrac
// Loop until we receive a shutdown command
while (pollerRunning) {
-// Loop if endpoint is paused
-while (pollerRunning && paused) {
-try {
-Thread.sleep(1000);
-} catch (InterruptedException e) {
-// Ignore
-}
-}
// Check timeouts if the poller is empty.
while (pollerRunning && connectionCount.get() < 1 &&
addList.size() < 1 && closeList.size() < 1) {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687839 - /tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java
Author: markt
Date: Fri Jun 26 19:07:09 2015
New Revision: 1687839
URL: http://svn.apache.org/r1687839
Log:
Add utility method to help with testing goaway frames
Modified:
tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java
Modified: tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java?rev=1687839&r1=1687838&r2=1687839&view=diff
==
--- tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java (original)
+++ tomcat/trunk/test/org/apache/coyote/http2/Http2TestBase.java Fri Jun 26
19:07:09 2015
@@ -506,6 +506,30 @@ public abstract class Http2TestBase exte
}
+void sendGoaway(int streamId, int lastStreamId, long errorCode, byte[]
debug)
+throws IOException {
+byte[] goawayFrame = new byte[17];
+int len = 8;
+if (debug != null) {
+len += debug.length;
+}
+ByteUtil.setThreeBytes(goawayFrame, 0, len);
+// Type
+goawayFrame[3] = FrameType.GOAWAY.getIdByte();
+// No flags
+// Stream
+ByteUtil.set31Bits(goawayFrame, 5, streamId);
+// Last stream
+ByteUtil.set31Bits(goawayFrame, 9, lastStreamId);
+ByteUtil.setFourBytes(goawayFrame, 13, errorCode);
+os.write(goawayFrame);
+if (debug != null && debug.length > 0) {
+os.write(debug);
+}
+os.flush();
+}
+
+
void sendWindowUpdate(int streamId, int increment) throws IOException {
byte[] updateFrame = new byte[13];
// length is always 4
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1687840 - in /tomcat/trunk: java/org/apache/coyote/ java/org/apache/coyote/ajp/ java/org/apache/coyote/http11/ java/org/apache/coyote/http11/upgrade/ java/org/apache/coyote/http2/ java/or
Author: markt
Date: Fri Jun 26 19:17:16 2015
New Revision: 1687840
URL: http://svn.apache.org/r1687840
Log:
Expose the calling of pause() on the endpoint to the HTTP/2 upgrade processor
so it can stop accepting additional streams.
This commit is just the plumbing to make this possible. The implementation that
prevents new streams from being accepted will follow in a subsequent commit.
Modified:
tomcat/trunk/java/org/apache/coyote/AbstractProtocol.java
tomcat/trunk/java/org/apache/coyote/Processor.java
tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java
tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java
tomcat/trunk/java/org/apache/coyote/http11/upgrade/InternalHttpUpgradeHandler.java
tomcat/trunk/java/org/apache/coyote/http11/upgrade/UpgradeProcessorExternal.java
tomcat/trunk/java/org/apache/coyote/http11/upgrade/UpgradeProcessorInternal.java
tomcat/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java
tomcat/trunk/java/org/apache/coyote/http2/LocalStrings.properties
tomcat/trunk/java/org/apache/coyote/http2/StreamProcessor.java
tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
tomcat/trunk/java/org/apache/tomcat/websocket/server/WsHttpUpgradeHandler.java
tomcat/trunk/test/org/apache/coyote/http11/upgrade/TestUpgradeInternalHandler.java
Modified: tomcat/trunk/java/org/apache/coyote/AbstractProtocol.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/AbstractProtocol.java?rev=1687840&r1=1687839&r2=1687840&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/AbstractProtocol.java (original)
+++ tomcat/trunk/java/org/apache/coyote/AbstractProtocol.java Fri Jun 26
19:17:16 2015
@@ -945,6 +945,22 @@ public abstract class AbstractProtocol
Modified: tomcat/trunk/java/org/apache/coyote/Processor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/Processor.java?rev=1687840&r1=1687839&r2=1687840&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/Processor.java (original)
+++ tomcat/trunk/java/org/apache/coyote/Processor.java Fri Jun 26 19:17:16 2015
@@ -76,4 +76,12 @@ public interface Processor {
* @return leftover bytes
*/
ByteBuffer getLeftoverInput();
+
+/**
+ * Informs the processor that the underlying I/O layer has stopped
accepting
+ * new connections. This is primarily intended to enable processors that
+ * use multiplexed connections to prevent further 'streams' being added to
+ * an existing multiplexed connection.
+ */
+void pause();
}
Modified: tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java?rev=1687840&r1=1687839&r2=1687840&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java (original)
+++ tomcat/trunk/java/org/apache/coyote/ajp/AjpProcessor.java Fri Jun 26
19:17:16 2015
@@ -888,6 +888,12 @@ public class AjpProcessor extends Abstra
}
+@Override
+public void pause() {
+// NOOP for AJP
+}
+
+
// -- Protected Methods
// Methods used by SocketInputBuffer
Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java?rev=1687840&r1=1687839&r2=1687840&view=diff
==
--- tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java (original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java Fri Jun 26
19:17:16 2015
@@ -1887,4 +1887,10 @@ public class Http11Processor extends Abs
return inputBuffer.getLeftover();
}
+
+@Override
+public void pause() {
+// NOOP for HTTP
+}
+
}
Modified:
tomcat/trunk/java/org/apache/coyote/http11/upgrade/InternalHttpUpgradeHandler.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/upgrade/InternalHttpUpgradeHandler.java?rev=1687840&r1=1687839&r2=1687840&view=diff
==
---
tomcat/trunk/java/org/apache/coyote/http11/upgrade/InternalHttpUpgradeHandler.java
(original)
+++
tomcat/trunk/java/org/apache/coyote/http11/upgrade/InternalHttpUpgradeHandler.java
Fri Jun 26 19:17:16 2015
@@ -35,4 +35,6 @@ public interface InternalHttpUpgradeHand
void setSocketWrapper(SocketWrapperBase wrapper);
void
buildbot exception in ASF Buildbot on tomcat-trunk
The Buildbot has detected a build exception on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1481 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1687840 Blamelist: markt BUILD FAILED: exception upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Memory" by KonstantinKolinko
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/Memory" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/FAQ/Memory?action=diff&rev1=12&rev2=13 Comment: Remove comment about memory leak during JSP recompliation. Tomcat 4.1 docs said to set fork="true" in Jasper due to leaks in Sun's javac. http://tomcat.apache.org/tomcat-4.1-doc/jasper-howto.html * [[http://marc.info/?t=10451996172&r=1&w=2|Tracking memory usage over time]] Also look at [[http://www.yourkit.com/|YourKit]], or maybe you IDE has a profiling tool in it, or other profiling tools are available. (The following tools were recommended by many people in the past, but now seem to be discontinued by their vendors: JProbe by Quest Software — the company was [[http://software.dell.com/acquisitions/quest-software.aspx|acquired by Dell]], !OptimizeIt by Borland). This is not an endorsement for them, I just notice other people like them. - - === JSP Recompilation === - If your application uses JSPs which are frequently recompiled at runtime, e.g. headers that change value hourly, please make sure to read the JSP HOW-TO page and RELEASE NOTES documents. You may wish to tune the JSP compiler configuration to prevent memory leaks. Of course, these are documents you should have read by now anyways.. == Questions == 1. [[#Q1|How do I adjust memory settings?]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Memory" by KonstantinKolinko
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "FAQ/Memory" page has been changed by KonstantinKolinko:
https://wiki.apache.org/tomcat/FAQ/Memory?action=diff&rev1=13&rev2=14
Comment:
Recommend using CATALINA_OPTS. Using JAVA_OPTS to set memory settings is a bad
idea.
== Answers ==
<>'''How do I adjust memory settings?'''
- First look at {{{java -X}}} to determine what parameters to set. Then you can
set them via the environment variable {{{JAVA_OPTS}}}. Read the files
catalina.bat or catalina.sh for more information on JAVA_OPTS.
+ First look at {{{java -X}}} to determine what parameters to set. Then you can
set them via the environment variable {{{CATALINA_OPTS}}} (using `JAVA_OPTS`
also works, but is not recommended). This variable is usually set in a file
`bin/setenv.sh` or `bin/setenv.bat` that you may need to create by yourselves.
+
+ The `setenv` file is documented in RUNNING.txt in your version of Tomcat. The
environment variables are described in a comment at the top of catalina.bat or
catalina.sh files.
<>'''Why do I get {{{OutOfMemoryError}}} errors?'''
@@ -54, +56 @@
* That being said, a memory profiling tool might prove the above statements
wrong - but you probably don't want to use them in a production environment.
- [[CategoryFAQ|CategoryFAQ]]
+ [[CategoryFAQ]]
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
