[Bug 58530] Proposal for new Manager HTML GUI

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58530

--- Comment #5 from Remy Maucherat  ---
I guess it looks better now.

In the "code" there are a lot of style left in the HTML, I suppose this will
move away right ?

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Adding request/session valve to Tomcat

2015-10-28 Thread Milo van der Zee 

Hello Chris,

With request I mean the 'org.apache.catalina.connector.Request' but this 
implements 'javax.servlet.http.HttpServletRequest'. So, one and the same 
thing for my situation.
And I don't only want access to that information during authentication 
but it can also be used to pass information from the authentication to 
the rest of the application. Like storing the password in the 
subject.privateCredentials... This is needed in some rare cases where 
the server has to do some kind of proxy login to another service based 
on the client credentials.

Or using the usersession for misc info.

I'll have a look into the JASPIC discussion. Thanks. A valve looks 
simpler though... (but Tomcat specific)


MAG,
Milo

On 10/27/2015 08:17 PM, Christopher Schultz wrote:


On 10/25/15 9:40 AM, Milo van der Zee wrote:

Hello,

There are some default valves available with Tomcat. None of these
expose the request to later phases in the request cycle. Is it an idea
to add a valve that does this? And make this available through a
callback in the jaas loginModule. Just like WebLogic and Websphere do
it. Or just use a static threadlocal variable in the valve with a static
getter.

Why?
If the jaas login module needs to communicate anything to the filter or
other request phases this is needed. When the request is available this
info can (for example) be added to the session.
Or when someone wants to use request info for jaas authentication this
could also be used.

Thanks for any ideas or comments.

Are you asking about access to the internal Tomcat "Request" object, or
are you asking about the HttpServletRequest?

I know it's inconvenient in Tomcat authenticators not to be able to get
things like the remote user's IP address -- for example, to log a failed
login attempt.

There is some discussion going on right now about using JASPIC as an
authentication API; perhaps you could join that discussion and advocate
for access to some of this information.

I would certainly be interested in having access to information from the
user's request during authentication.

-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GUMP@vmgump]: Project tomcat-trunk-test-apr (in module tomcat-trunk) failed

2015-10-28 Thread Bill Barker 
To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-trunk-test-apr has an issue affecting its community integration.
This issue affects 1 projects,
 and has been outstanding for 2 runs.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-trunk-test-apr :  Tomcat 9.x, a web server implementing the Java 
Servlet 4.0,
...


Full details are available at:

http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-apr/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.native.src.tgz.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
tomcat-native.tar.gz.
 -INFO- Failed with reason build failed
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-trunk/output/logs-APR
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-trunk/output/test-tmp-APR/logs
 -WARNING- No directory 
[/srv/gump/public/workspace/tomcat-trunk/output/test-tmp-APR/logs]



The following work was performed:
http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-apr/gump_work/build_tomcat-trunk_tomcat-trunk-test-apr.html
Work Name: build_tomcat-trunk_tomcat-trunk-test-apr (Type: Build)
Work ended in a state of : Failed
Elapsed: 49 mins 34 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.3-SNAPSHOT.jar
 -Dtest.reports=output/logs-APR 
-Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20151028-native-src.tar.gz
 -Dexamples.sources.skip=true 
-Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.apr.loc=/srv/gump/public/workspace/tomcat-native-trunk/dest-20151028/lib 
-Dtest.relaxTiming=true 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20151028.jar
 
-Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20151028-native-src.tar.gz
 -Dtest.temp=output/test-tmp-APR -Dtest.accesslog=true -
 Dexecute.test.nio=false 
-Dtest.openssl.path=/srv/gump/public/workspace/openssl-master/dest-20151028/bin/openssl
 -Dexecute.test.apr=true -Dtest.excludePerformance=true 
-Dexecute.test.nio2=false 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.5-SNAPSHOT.jar
 -Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-trunk]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-trunk/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/servlet-api.ja
 
r:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jaspic-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-tribes.jar:/srv/g

[Bug 58508] role_name in tomcat-users.xml : invalid character

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58508

--- Comment #3 from Fred 33  ---
Bonjour, 

the version of my tomcat server is 7.057 , and not 6.x

Regards 
Frederic

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58508] role_name in tomcat-users.xml : invalid character

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58508

--- Comment #4 from Violeta Georgieva  ---
Hello,

The issue is fixed for Tomcat 7 and Tomcat 8.
We moved the issue to Tomcat 6 and proposed a fix there, because of this the
version now is Tomcat 6.

Regards,
Violeta

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58530] Proposal for new Manager HTML GUI

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58530

--- Comment #6 from Ognjen Blagojevic  ---
(In reply to Remy Maucherat from comment #5)
> In the "code" there are a lot of style left in the HTML, I suppose this will
> move away right ?

Right.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58560] New: Load time weaving not working in struts2 action classes

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58560

Bug ID: 58560
   Summary: Load time weaving not working in struts2 action
classes
   Product: Tomcat 7
   Version: 7.0.64
  Hardware: PC
Status: NEW
  Severity: normal
  Priority: P2
 Component: Integration
  Assignee: dev@tomcat.apache.org
  Reporter: marek.stanulew...@gmail.com

We're writing a web application using latest versions of aspectj, spring and
struts2 and load time weaving enabled with spring.
We're using aspects with pointcuts in many classes including our own action
classes extending com.opensymphony.xwork2.ActionSupport. Up to 7.0.63
everything worked perfectly, but since 7.0.64 all pointcuts inside our action
classes stopped working. Load time weaving debug shows it's still working
correctly (detecting aspects, pointcuts and applying aspects). But it isn't.
Even spring's @Transactional annotation stopped working.
I've seend in change logs that you did some changes to classloaders in 7.0.64.
All struts actions still work (@Action annotations), but our action classes are
effectively not woven.
The issue is still present in 7.0.65.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58560] Load time weaving not working in struts2 action classes

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58560

marek.stanulew...@gmail.com changed:

   What|Removed |Added

 OS||All

--- Comment #1 from marek.stanulew...@gmail.com ---
Java 8u60.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58560] Load time weaving not working in struts2 action classes

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58560

--- Comment #2 from Andrei Ivanov  ---
See https://jira.spring.io/browse/SPR-13210

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1710980 - /tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java

2015-10-28 Thread remm 
Author: remm
Date: Wed Oct 28 10:24:08 2015
New Revision: 1710980

URL: http://svn.apache.org/viewvc?rev=1710980&view=rev
Log:
Remove TODO that will never be done.

Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java?rev=1710980&r1=1710979&r2=1710980&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java Wed 
Oct 28 10:24:08 2015
@@ -648,7 +648,6 @@ public final class OpenSSLEngine extends
 @Override
 public Runnable getDelegatedTask() {
 // Currently, we do not delegate SSL computation tasks
-// TODO: in the future, possibly create tasks to do encrypt / decrypt 
async
 return null;
 }
 



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Session management

2015-10-28 Thread Roel Storms 
Hello,


I was looking into session management  on Tomcat 8.0.29 and found this
comment:

In apache.catalina.connector.Request method doGetSession(bool) line 2886:

   * // Attempt to reuse session id if one was submitted in a cookie*
*// Do not reuse the session id if it is from a URL, to prevent
possible*
*// phishing attacks*
// Use the SSL session ID if one is present.

Why do you put more trust in a session id from a *cookie* then from a *URL*?
Is there an (invalid) assumption that cookies are hard to manipulate?

Additionally I was hoping to find some* design documentation on the session
mechanism*. Has anyone constructed any diagram or created some other form
of documentation useful for figuring out how sessions are created and
maintained?


Rgds,

Roel Storms

svn commit: r1711006 - in /tomcat/trunk/java/org/apache/catalina/manager: HTMLManagerServlet.java util/ReverseComparator.java

2015-10-28 Thread violetagg 
Author: violetagg
Date: Wed Oct 28 13:27:10 2015
New Revision: 1711006

URL: http://svn.apache.org/viewvc?rev=1711006&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58535
Use Collections.reverseOrder instead of home made 
org.apache.catalina.manager.util.ReverseComparator

Removed:
tomcat/trunk/java/org/apache/catalina/manager/util/ReverseComparator.java
Modified:
tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java

Modified: tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java?rev=1711006&r1=1711005&r2=1711006&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java Wed 
Oct 28 13:27:10 2015
@@ -46,7 +46,6 @@ import org.apache.catalina.DistributedMa
 import org.apache.catalina.Manager;
 import org.apache.catalina.Session;
 import org.apache.catalina.manager.util.BaseSessionComparator;
-import org.apache.catalina.manager.util.ReverseComparator;
 import org.apache.catalina.manager.util.SessionUtils;
 import org.apache.catalina.util.ContextName;
 import org.apache.catalina.util.RequestUtil;
@@ -891,7 +890,7 @@ public final class HTMLManagerServlet ex
 if (comparator != null) {
 orderBy = req.getParameter("order");
 if ("DESC".equalsIgnoreCase(orderBy)) {
-comparator = new ReverseComparator(comparator);
+comparator = Collections.reverseOrder(comparator);
 orderBy = "ASC";
 } else {
 orderBy = "DESC";



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1711008 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/manager/HTMLManagerServlet.java java/org/apache/catalina/manager/util/ReverseComparator.java webapps/docs/changelog.xml

2015-10-28 Thread violetagg 
Author: violetagg
Date: Wed Oct 28 13:34:10 2015
New Revision: 1711008

URL: http://svn.apache.org/viewvc?rev=1711008&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58535
Merged revision 1711006 from tomcat/trunk:
Use Collections.reverseOrder instead of home made 
org.apache.catalina.manager.util.ReverseComparator

Removed:

tomcat/tc8.0.x/trunk/java/org/apache/catalina/manager/util/ReverseComparator.java
Modified:
tomcat/tc8.0.x/trunk/   (props changed)

tomcat/tc8.0.x/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Oct 28 13:34:10 2015
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
 
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657
 
609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,1
 
37,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-1684527,1684549-1684550,1685556,1685591,1685739,1685744,168577
 
2,1685816,1685826,1685891,1687242,1687261,1687268,1687340,1688563,1688841,1688878,165,1688896,1688901,1689345-1689346,1689357,1689656,1689675-1689677,1689679,1689687,1689825,16

svn commit: r1711009 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/manager/HTMLManagerServlet.java java/org/apache/catalina/manager/util/ReverseComparator.java webapps/docs/changelog.xml

2015-10-28 Thread violetagg 
Author: violetagg
Date: Wed Oct 28 13:39:17 2015
New Revision: 1711009

URL: http://svn.apache.org/viewvc?rev=1711009&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58535
Merged revision 1711006 from tomcat/trunk:
Use Collections.reverseOrder instead of home made 
org.apache.catalina.manager.util.ReverseComparator

Removed:

tomcat/tc7.0.x/trunk/java/org/apache/catalina/manager/util/ReverseComparator.java
Modified:
tomcat/tc7.0.x/trunk/   (props changed)

tomcat/tc7.0.x/trunk/java/org/apache/catalina/manager/HTMLManagerServlet.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Oct 28 13:39:17 2015
@@ -1,2 +1,2 @@
 
/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988,1667553
 
-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702739,1702742,1702744,1702
 
748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578
-/tomcat/trunk:1156115-1157160,1157162-1157859,1157862-1157942,1157945-1160347,1160349-1163716,1163718-1166689,1166691-1174340,1174342-1175596,1175598-1175611,1175613-1175932,1175934-1177783,1177785-1177980,1178006-1180720,1180722-1183094,1183096-1187753,1187755,1187775,1187801,1187806,1187809,1187826-1188312,1188314-1188401,1188646-1188840,1188842-1190176,1190178-1195223,1195225-1195953,1195955,1195957-1201238,1201240-1203345,1203347-1206623,1206625-1208046,1208073,1208096,1208114,1208145,1208772,1209194-1212125,1212127-1220291,1220293,1220295-1221321,1221323-1222329,1222332-1222401,1222405-1222795,1222850-1222950,1222969-1225326,1225328-1225463,1225465,1225627,1225629-1226534,1226536-1228908,1228911-1228923,1228927-1229532,1229534-1230766,1230768-1231625,1231627-1233414,1233419-1235207,1235209-1237425,1237427,1237429-1237977,1237981,1237985,1237995,1238070,1238073,1239024-1239048,1239050-1239062,1239135,1239256,1239258-1239485,1239785-1240046,1240101,1240106,1240109,1240112,1240114
 
,1240116,1240118,1240121,1240329,1240474-1240850,1240857,1241087,1241160,1241408-1241822,1241908-1241909,1241912-1242110,1242371-1292130,1292134-1292458,1292464-1292670,1292672-1292776,1292780-1293392,1293397-1297017,1297019-1297963,1297965-1299820,1300108,1300111-1300460,1300520-1300948,1300997,1301006,1301280,1302332,1302348,1302608-1302610,1302649,1302837,1303138,1303163,1303338,1303521,1303587,1303698,1303803,1303852,1304011,1304035,1304037,1304135,1304249,1304253,1304260,1304271,1304275,1304468,1304895,1304930-1304932,1305194,1305943,1305965,1306556,1306579-1306580,1307084,1307310,1307511-1307512,1307579,1307591,1307597,1310636,1310639-1310640,1310642,1310701,1311212,1311995,1327617,1327670,1331766,1333161,1333173,1333827,1334787,1335026,1335257,1335547,1335692,1335711,1335731,1336515,1336813,1336864,1336868,1336884,1337419,1337426,1337546,1337572,1337591-1337595,1337643,1337707,1337719,1337734,1337741,1337745,1338151-1338154,1338178,1342027,1342029,1342315,1342320,1342476,1342
 
498,1342503,1342717,1342795,134280

[Bug 58535] ReverseComparator unsafely negates result

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58535

Violeta Georgieva  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #1 from Violeta Georgieva  ---
Hi,

Thanks for the report and the patch.
I decided to remove this class and to use the standard
Collections.reverseOrder(Comparator) method.
The fix is available in trunk, 8.0.x (for 8.0.29 onwards) and 7.0.x (for 7.0.66
onwards)

Regards,
Violeta

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1711016 - /tomcat/trunk/java/org/apache/catalina/filters/RequestDumperFilter.java

2015-10-28 Thread violetagg 
Author: violetagg
Date: Wed Oct 28 14:02:47 2015
New Revision: 1711016

URL: http://svn.apache.org/viewvc?rev=1711016&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58544
Switch from request.getContentLength to request.getContentLengthLong

Modified:
tomcat/trunk/java/org/apache/catalina/filters/RequestDumperFilter.java

Modified: tomcat/trunk/java/org/apache/catalina/filters/RequestDumperFilter.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/RequestDumperFilter.java?rev=1711016&r1=1711015&r2=1711016&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/filters/RequestDumperFilter.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/filters/RequestDumperFilter.java Wed 
Oct 28 14:02:47 2015
@@ -109,7 +109,7 @@ public class RequestDumperFilter extends
 
 doLog(" characterEncoding", request.getCharacterEncoding());
 doLog(" contentLength",
-Integer.toString(request.getContentLength()));
+Long.toString(request.getContentLengthLong()));
 doLog("   contentType", request.getContentType());
 
 if (hRequest == null) {



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1711017 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/filters/RequestDumperFilter.java

2015-10-28 Thread violetagg 
Author: violetagg
Date: Wed Oct 28 14:05:19 2015
New Revision: 1711017

URL: http://svn.apache.org/viewvc?rev=1711017&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58544
Merged revision 1711016 from tomcat/trunk:
Switch from request.getContentLength to request.getContentLengthLong

Modified:
tomcat/tc8.0.x/trunk/   (props changed)

tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/RequestDumperFilter.java

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Oct 28 14:05:19 2015
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
 
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657
 
609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,1
 
37,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-1684527,1684549-1684550,1685556,1685591,1685739,1685744,168577
 
2,1685816,1685826,1685891,1687242,1687261,1687268,1687340,1688563,1688841,1688878,165,1688896,1688901,1689345-1689346,1689357,1689656,1689675-1689677,1689679,1689687,1689825,1689856,1689918,1690011,1690021,1690054,1690080,1690209,1691134,1691487,1691813,1692744-1692747,1692849,1693088,1693105,1693429,1693461,1694058,1694111,1694290,1694501,1694548,169465

[Bug 58544] RequestDumperFilter contentLength inefficiently creating Integer

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58544

--- Comment #3 from Violeta Georgieva  ---
I switched to request.getContentLengthLong in trunk and Tomcat 8 trunk

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58544] RequestDumperFilter contentLength inefficiently creating Integer

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58544

--- Comment #4 from Remy Maucherat  ---
Good move, the "efficiency" of the request dumper valve is meaningless, this
issue is really nonsense. However, using the int version may not work properly,
so that's a real fix.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1711022 - in /tomcat/trunk/java/javax/servlet: ServletRequest.java ServletRequestWrapper.java

2015-10-28 Thread kkolinko 
Author: kkolinko
Date: Wed Oct 28 14:38:59 2015
New Revision: 1711022

URL: http://svn.apache.org/viewvc?rev=1711022&view=rev
Log:
Add @since annotation to request.getContentLengthLong() method and update some 
javadocs. This method is since Tomcat 8 / Servlet 3.1.

Modified:
tomcat/trunk/java/javax/servlet/ServletRequest.java
tomcat/trunk/java/javax/servlet/ServletRequestWrapper.java

Modified: tomcat/trunk/java/javax/servlet/ServletRequest.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/ServletRequest.java?rev=1711022&r1=1711021&r2=1711022&view=diff
==
--- tomcat/trunk/java/javax/servlet/ServletRequest.java (original)
+++ tomcat/trunk/java/javax/servlet/ServletRequest.java Wed Oct 28 14:38:59 2015
@@ -116,6 +116,7 @@ public interface ServletRequest {
  *
  * @return a long integer containing the length of the request body or -1 
if
  * the length is not known
+ * @since Servlet 3.1
  */
 public long getContentLengthLong();
 
@@ -409,7 +410,7 @@ public interface ServletRequest {
  * proxy that sent the request.
  *
  * @return an integer specifying the port number
- * @since 2.4
+ * @since Servlet 2.4
  */
 public int getRemotePort();
 
@@ -419,7 +420,7 @@ public interface ServletRequest {
  *
  * @return a String containing the host name of the IP on 
which
  * the request was received.
- * @since 2.4
+ * @since Servlet 2.4
  */
 public String getLocalName();
 
@@ -429,7 +430,7 @@ public interface ServletRequest {
  *
  * @return a String containing the IP address on which the
  * request was received.
- * @since 2.4
+ * @since Servlet 2.4
  */
 public String getLocalAddr();
 
@@ -438,7 +439,7 @@ public interface ServletRequest {
  * the request was received.
  *
  * @return an integer specifying the port number
- * @since 2.4
+ * @since Servlet 2.4
  */
 public int getLocalPort();
 

Modified: tomcat/trunk/java/javax/servlet/ServletRequestWrapper.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/ServletRequestWrapper.java?rev=1711022&r1=1711021&r2=1711022&view=diff
==
--- tomcat/trunk/java/javax/servlet/ServletRequestWrapper.java (original)
+++ tomcat/trunk/java/javax/servlet/ServletRequestWrapper.java Wed Oct 28 
14:38:59 2015
@@ -28,7 +28,7 @@ import java.util.Map;
  * class implements the Wrapper or Decorator pattern. Methods default to 
calling
  * through to the wrapped request object.
  *
- * @since v 2.3
+ * @since Servlet 2.3
  * @see javax.servlet.ServletRequest
  */
 public class ServletRequestWrapper implements ServletRequest {
@@ -115,6 +115,12 @@ public class ServletRequestWrapper imple
 return this.request.getContentLength();
 }
 
+/**
+ * The default behavior of this method is to return getContentLengthLong()
+ * on the wrapped request object.
+ *
+ * @since Servlet 3.1
+ */
 @Override
 public long getContentLengthLong() {
 return this.request.getContentLengthLong();
@@ -307,7 +313,7 @@ public class ServletRequestWrapper imple
  * The default behavior of this method is to return getRemotePort() on the
  * wrapped request object.
  *
- * @since 2.4
+ * @since Servlet 2.4
  */
 @Override
 public int getRemotePort() {
@@ -318,7 +324,7 @@ public class ServletRequestWrapper imple
  * The default behavior of this method is to return getLocalName() on the
  * wrapped request object.
  *
- * @since 2.4
+ * @since Servlet 2.4
  */
 @Override
 public String getLocalName() {
@@ -329,7 +335,7 @@ public class ServletRequestWrapper imple
  * The default behavior of this method is to return getLocalAddr() on the
  * wrapped request object.
  *
- * @since 2.4
+ * @since Servlet 2.4
  */
 @Override
 public String getLocalAddr() {
@@ -340,7 +346,7 @@ public class ServletRequestWrapper imple
  * The default behavior of this method is to return getLocalPort() on the
  * wrapped request object.
  *
- * @since 2.4
+ * @since Servlet 2.4
  */
 @Override
 public int getLocalPort() {



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1711023 - in /tomcat/tc8.0.x/trunk: ./ java/javax/servlet/ServletRequest.java java/javax/servlet/ServletRequestWrapper.java

2015-10-28 Thread kkolinko 
Author: kkolinko
Date: Wed Oct 28 14:40:41 2015
New Revision: 1711023

URL: http://svn.apache.org/viewvc?rev=1711023&view=rev
Log:
Add @since annotation to request.getContentLengthLong() method and update some 
javadocs. This method is since Tomcat 8 / Servlet 3.1.
Merged r1711022 from tomcat/trunk.

Modified:
tomcat/tc8.0.x/trunk/   (props changed)
tomcat/tc8.0.x/trunk/java/javax/servlet/ServletRequest.java
tomcat/tc8.0.x/trunk/java/javax/servlet/ServletRequestWrapper.java

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Oct 28 14:40:41 2015
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
 
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657
 
609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,1
 
37,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-1684527,1684549-1684550,1685556,1685591,1685739,1685744,168577
 
2,1685816,1685826,1685891,1687242,1687261,1687268,1687340,1688563,1688841,1688878,165,1688896,1688901,1689345-1689346,1689357,1689656,1689675-1689677,1689679,1689687,1689825,1689856,1689918,1690011,1690021,1690054,1690080,1690209,1691134,1691487,1691813,1692744-1692747,1692849,1693088,1693105,1693429,169

buildbot exception in ASF Buildbot on tomcat-trunk

2015-10-28 Thread buildbot 
The Buildbot has detected a build exception on builder tomcat-trunk while 
building ASF Buildbot. Full details are available at:
http://ci.apache.org/builders/tomcat-trunk/builds/539

Buildbot URL: http://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' 
triggered this build
Build Source Stamp: [branch tomcat/trunk] 1711022
Blamelist: kkolinko

BUILD FAILED: exception upload_2

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1711026 - in /tomcat/trunk: java/org/apache/catalina/servlets/ java/org/apache/catalina/ssi/ java/org/apache/catalina/valves/ test/org/apache/catalina/startup/

2015-10-28 Thread violetagg 
Author: violetagg
Date: Wed Oct 28 15:02:03 2015
New Revision: 1711026

URL: http://svn.apache.org/viewvc?rev=1711026&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58544
Switch from 
request.getContentLength to request.getContentLengthLong
urlConnection.getContentLength to urlConnection.getContentLengthLong

Modified:
tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java
tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java
tomcat/trunk/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
tomcat/trunk/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java

Modified: tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java?rev=1711026&r1=1711025&r2=1711026&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java Wed Oct 28 
15:02:03 2015
@@ -371,7 +371,7 @@ public final class CGIServlet extends Ht
 out.println("characterEncoding = " +
req.getCharacterEncoding());
 out.println("contentLength = " +
-   req.getContentLength());
+   req.getContentLengthLong());
 out.println("contentType = " +
req.getContentType());
 Enumeration locales = req.getLocales();
@@ -1078,9 +1078,9 @@ public final class CGIServlet extends Ht
  * if there is no content, so we cannot put 0 or -1 in as per the
  * Servlet API spec.
  */
-int contentLength = req.getContentLength();
+long contentLength = req.getContentLengthLong();
 String sContentLength = (contentLength <= 0 ? "" :
-Integer.toString(contentLength));
+Long.toString(contentLength));
 envp.put("CONTENT_LENGTH", sContentLength);
 
 

Modified: tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java?rev=1711026&r1=1711025&r2=1711026&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java Wed Oct 
28 15:02:03 2015
@@ -472,7 +472,7 @@ public class WebdavServlet
 
 Node propNode = null;
 
-if (req.getContentLength() > 0) {
+if (req.getContentLengthLong() > 0) {
 DocumentBuilder documentBuilder = getDocumentBuilder();
 
 try {
@@ -716,7 +716,7 @@ public class WebdavServlet
 return;
 }
 
-if (req.getContentLength() > 0) {
+if (req.getContentLengthLong() > 0) {
 DocumentBuilder documentBuilder = getDocumentBuilder();
 try {
 // Document document =

Modified: 
tomcat/trunk/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/ssi/SSIServletExternalResolver.java?rev=1711026&r1=1711025&r2=1711026&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/ssi/SSIServletExternalResolver.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/ssi/SSIServletExternalResolver.java 
Wed Oct 28 15:02:03 2015
@@ -170,9 +170,9 @@ public class SSIServletExternalResolver
 }
 } else if(nameParts[0].equals("CONTENT")) {
 if (nameParts[1].equals("LENGTH")) {
-int contentLength = req.getContentLength();
+long contentLength = req.getContentLengthLong();
 if (contentLength >= 0) {
-retVal = Integer.toString(contentLength);
+retVal = Long.toString(contentLength);
 }
 } else if (nameParts[1].equals("TYPE")) {
 retVal = req.getContentType();
@@ -504,7 +504,7 @@ public class SSIServletExternalResolver
 long fileSize = -1;
 try {
 URLConnection urlConnection = getURLConnection(path, virtual);
-fileSize = urlConnection.getContentLength();
+fileSize = urlConnection.getContentLengthLong();
 } catch (IOException e) {
 // Ignore this. It will always fail for non-file based includes
 }

Modified: 
tomcat/trunk/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/ExtendedAccessLogValve.java?rev=1711026&r1=1711025&r2=1711026&view=diff

svn commit: r1711027 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/servlets/ java/org/apache/catalina/ssi/ java/org/apache/catalina/valves/ test/org/apache/catalina/startup/ webapps/docs/

2015-10-28 Thread violetagg 
Author: violetagg
Date: Wed Oct 28 15:11:55 2015
New Revision: 1711027

URL: http://svn.apache.org/viewvc?rev=1711027&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58544
Merged revision 1711026 from tomcat/trunk:
Switch from 
request.getContentLength to request.getContentLengthLong
urlConnection.getContentLength to urlConnection.getContentLengthLong

Modified:
tomcat/tc8.0.x/trunk/   (props changed)
tomcat/tc8.0.x/trunk/java/org/apache/catalina/servlets/CGIServlet.java
tomcat/tc8.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java

tomcat/tc8.0.x/trunk/java/org/apache/catalina/ssi/SSIServletExternalResolver.java

tomcat/tc8.0.x/trunk/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
tomcat/tc8.0.x/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Oct 28 15:11:55 2015
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
 
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657
 
609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,1
 
37,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366

buildbot success in ASF Buildbot on tomcat-trunk

2015-10-28 Thread buildbot 
The Buildbot has detected a restored build on builder tomcat-trunk while 
building ASF Buildbot. Full details are available at:
http://ci.apache.org/builders/tomcat-trunk/builds/540

Buildbot URL: http://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' 
triggered this build
Build Source Stamp: [branch tomcat/trunk] 1711026
Blamelist: violetagg

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58551] Support plain and ssl on the same port

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58551

--- Comment #11 from Mark Thomas  ---
I remain unconvinced that this feature is a) necessary or b) a good idea.

(In reply to romain.manni-bucau from comment #10)
> Why Tomcat couldn't get this? The code itself is very limited.

Implementing this feature is not as simple as porting the Cassandra patch you
referenced. It would require changes all the way through the I/O layers from
SocketWrapper all the way up to the Request since whether or not a request is
secure and the protocol in use would become a property of the socket rather
than the connector.

Implementing this feature would also break the current orthogonality between
the secure, protocol and SSLEnabled properties of a connector. The more I think
about it, the more this aspect of this proposal concerns me. The current
implementation of these features is well understood and offers a great deal of
flexibility for a wide range of applications. Adding automatic plaintext/TLS
switching would muddy the waters considerably.

It is also worth noting that there is a standard for this: RFC2817 and that
that standard is largely unimplemented by web servers and clients due to
numerous issues such as those articulated here:
https://bugzilla.mozilla.org/show_bug.cgi?id=276813#c7

I don't see why adding an additional HTTP connector (given that an HTTPS is
going to have to exist to handle the TLS traffoc) is so hard.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58560] Load time weaving not working in struts2 action classes

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58560

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |DUPLICATE

--- Comment #3 from Mark Thomas  ---


*** This bug has been marked as a duplicate of bug 58143 ***

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58143] The WebppClassLoader doesn't call transformers on cached classes

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58143

Mark Thomas  changed:

   What|Removed |Added

 CC||marek.stanulew...@gmail.com

--- Comment #7 from Mark Thomas  ---
*** Bug 58560 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Session management

2015-10-28 Thread Mark Thomas 
On 28/10/2015 13:01, Roel Storms wrote:
> Hello,
> 
> 
> I was looking into session management  on Tomcat 8.0.29 and found this
> comment:
> 
> In apache.catalina.connector.Request method doGetSession(bool) line 2886:
> 
>* // Attempt to reuse session id if one was submitted in a cookie*
> *// Do not reuse the session id if it is from a URL, to prevent
> possible*
> *// phishing attacks*
> // Use the SSL session ID if one is present.
> 
> Why do you put more trust in a session id from a *cookie* then from a *URL*?
> Is there an (invalid) assumption that cookies are hard to manipulate?

It is based on the fact that cookies require more effort from an
attacker to control.

Creating the session with the client provided ID is required for some
features to operate correctly.


> Additionally I was hoping to find some* design documentation on the session
> mechanism*. Has anyone constructed any diagram or created some other form
> of documentation useful for figuring out how sessions are created and
> maintained?

Not that I am aware of. The relevant source code isn't that long.
Reading it is probably the quickest way.

Mark


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58551] Support plain and ssl on the same port

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58551

--- Comment #12 from romain.manni-bucau  ---
@Mark: there is a discussion - think it is on the list - to make connectors
easier to impl/extend. For me it should be as easy as wrapping HTTP and HTTPs
connectors - = implementing it as a wrapper of both - and just delegating to
the desired one once the selection has been done. It looks different from the
protocol you mention cause in this cause we would know which protocol to use -
we would simply reuse http and https.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58551] Support plain and ssl on the same port

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58551

--- Comment #13 from Remy Maucherat  ---
An extend capability is useless as well. There is no guarantee the connectors
design or API will remain stable, so it is just as simple to make whetever
necessary changes to Tomcat as part of the build process.

As for this enhancement, -1 for it as well, besides problems nothing good will
come out of it.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58551] Support plain and ssl on the same port

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58551

--- Comment #14 from romain.manni-bucau  ---
Ok, then close the issue.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1711104 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/filters/CsrfPreventionFilter.java java/org/apache/catalina/filters/CsrfPreventionFilterBase.java

2015-10-28 Thread violetagg 
Author: violetagg
Date: Wed Oct 28 19:09:46 2015
New Revision: 1711104

URL: http://svn.apache.org/viewvc?rev=1711104&view=rev
Log:
Merged revision 1708957 from tomcat/trunk:
Extract common functionality from CsrfPreventionFilter to 
CsrfPreventionFilterBase

Added:

tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilterBase.java
  - copied unchanged from r1708957, 
tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilterBase.java
Modified:
tomcat/tc8.0.x/trunk/   (props changed)

tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Oct 28 19:09:46 2015
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
 
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657
 
609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,1
 
37,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-1684527,1684549-1684550,1685556,1685591,1685739,1685744,168577
 
2,1685816,1685826,1685891,1687242,1687261,1687268,1687340,1688563,1688841,1688878,165,1688896,1688901,1689345-1689346,1689357,1689656,1689675-1689677,1689679,1689687,1689825,1689856,16

svn commit: r1711108 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/filters/CsrfPreventionFilter.java java/org/apache/catalina/filters/CsrfPreventionFilterBase.java

2015-10-28 Thread violetagg 
Author: violetagg
Date: Wed Oct 28 19:14:42 2015
New Revision: 1711108

URL: http://svn.apache.org/viewvc?rev=1711108&view=rev
Log:
Merged revision 1708957 from tomcat/trunk:
Extract common functionality from CsrfPreventionFilter to 
CsrfPreventionFilterBase

Added:

tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilterBase.java
  - copied, changed from r1708957, 
tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilterBase.java
Modified:
tomcat/tc7.0.x/trunk/   (props changed)

tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java

Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Oct 28 19:14:42 2015
@@ -1,2 +1,2 @@
 
/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988,1667553
 
-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702739,1702742,1702744,1702
 
748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578
-/tomcat/trunk:1156115-1157160,1157162-1157859,1157862-1157942,1157945-1160347,1160349-1163716,1163718-1166689,1166691-1174340,1174342-1175596,1175598-1175611,1175613-1175932,1175934-1177783,1177785-1177980,1178006-1180720,1180722-1183094,1183096-1187753,1187755,1187775,1187801,1187806,1187809,1187826-1188312,1188314-1188401,1188646-1188840,1188842-1190176,1190178-1195223,1195225-1195953,1195955,1195957-1201238,1201240-1203345,1203347-1206623,1206625-1208046,1208073,1208096,1208114,1208145,1208772,1209194-1212125,1212127-1220291,1220293,1220295-1221321,1221323-1222329,1222332-1222401,1222405-1222795,1222850-1222950,1222969-1225326,1225328-1225463,1225465,1225627,1225629-1226534,1226536-1228908,1228911-1228923,1228927-1229532,1229534-1230766,1230768-1231625,1231627-1233414,1233419-1235207,1235209-1237425,1237427,1237429-1237977,1237981,1237985,1237995,1238070,1238073,1239024-1239048,1239050-1239062,1239135,1239256,1239258-1239485,1239785-1240046,1240101,1240106,1240109,1240112,1240114
 
,1240116,1240118,1240121,1240329,1240474-1240850,1240857,1241087,1241160,1241408-1241822,1241908-1241909,1241912-1242110,1242371-1292130,1292134-1292458,1292464-1292670,1292672-1292776,1292780-1293392,1293397-1297017,1297019-1297963,1297965-1299820,1300108,1300111-1300460,1300520-1300948,1300997,1301006,1301280,1302332,1302348,1302608-1302610,1302649,1302837,1303138,1303163,1303338,1303521,1303587,1303698,1303803,1303852,1304011,1304035,1304037,1304135,1304249,1304253,1304260,1304271,1304275,1304468,1304895,1304930-1304932,1305194,1305943,1305965,1306556,1306579-1306580,1307084,1307310,1307511-1307512,1307579,1307591,1307597,1310636,1310639-1310640,1310642,1310701,1311212,1311995,1327617,1327670,1331766,1333161,1333173,1333827,1334787,1335026,1335257,1335547,1335692,1335711,1335731,1336515,1336813,1336864,1336868,1336884,1337419,1337426,1337546,1337572,1337591-1337595,1337643,1337707,1337719,1337734,1337741,1337745,1338151-1338154,1338178,1342027,1342029,1342315,1342320,1342476,1342
 
498,1342503,1342717,1342795,1342805,1343044

Re: Adding request/session valve to Tomcat

2015-10-28 Thread Christopher Schultz 
Milo,

On 10/28/15 4:12 AM, Milo van der Zee wrote:
> With request I mean the 'org.apache.catalina.connector.Request' but this
> implements 'javax.servlet.http.HttpServletRequest'. So, one and the same
> thing for my situation.
> And I don't only want access to that information during authentication
> but it can also be used to pass information from the authentication to
> the rest of the application. Like storing the password in the
> subject.privateCredentials... This is needed in some rare cases where
> the server has to do some kind of proxy login to another service based
> on the client credentials.
> Or using the usersession for misc info.
> 
> I'll have a look into the JASPIC discussion. Thanks. A valve looks
> simpler though... (but Tomcat specific)

If you are okay with writing your own Valve, you could just use a
ThreadLocal and stuff whatever you want in there. Be very careful that
you ALWAYS remove the ThreadLocal after the request completes, otherwise
you risk security problems AND potential request/response staleness,
crashes down the line, etc.

-chris

> On 10/27/2015 08:17 PM, Christopher Schultz wrote:
>>
>> On 10/25/15 9:40 AM, Milo van der Zee wrote:
>>> Hello,
>>>
>>> There are some default valves available with Tomcat. None of these
>>> expose the request to later phases in the request cycle. Is it an idea
>>> to add a valve that does this? And make this available through a
>>> callback in the jaas loginModule. Just like WebLogic and Websphere do
>>> it. Or just use a static threadlocal variable in the valve with a static
>>> getter.
>>>
>>> Why?
>>> If the jaas login module needs to communicate anything to the filter or
>>> other request phases this is needed. When the request is available this
>>> info can (for example) be added to the session.
>>> Or when someone wants to use request info for jaas authentication this
>>> could also be used.
>>>
>>> Thanks for any ideas or comments.
>> Are you asking about access to the internal Tomcat "Request" object, or
>> are you asking about the HttpServletRequest?
>>
>> I know it's inconvenient in Tomcat authenticators not to be able to get
>> things like the remote user's IP address -- for example, to log a failed
>> login attempt.
>>
>> There is some discussion going on right now about using JASPIC as an
>> authentication API; perhaps you could join that discussion and advocate
>> for access to some of this information.
>>
>> I would certainly be interested in having access to information from the
>> user's request during authentication.
>>
>> -chris
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>>
> 
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
> 

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Session management

2015-10-28 Thread Christopher Schultz 
Mark,

On 10/28/15 12:34 PM, Mark Thomas wrote:
> On 28/10/2015 13:01, Roel Storms wrote:
>> Hello,
>>
>>
>> I was looking into session management  on Tomcat 8.0.29 and found this
>> comment:
>>
>> In apache.catalina.connector.Request method doGetSession(bool) line 2886:
>>
>>* // Attempt to reuse session id if one was submitted in a cookie*
>> *// Do not reuse the session id if it is from a URL, to prevent
>> possible*
>> *// phishing attacks*
>> // Use the SSL session ID if one is present.
>>
>> Why do you put more trust in a session id from a *cookie* then from a *URL*?
>> Is there an (invalid) assumption that cookies are hard to manipulate?
> 
> It is based on the fact that cookies require more effort from an
> attacker to control.

Just to clarify, the "attacker" in this case isn't the user of the web
application. Yes, any client can send any header (cookie) they want. But
an attacker trying to trick someone else into sending a cookie is going
to have a harder time than trying to get them to click on a link that
has an embedded session identifier.

> Creating the session with the client provided ID is required for some
> features to operate correctly.
> 
>> Additionally I was hoping to find some* design documentation on the session
>> mechanism*. Has anyone constructed any diagram or created some other form
>> of documentation useful for figuring out how sessions are created and
>> maintained?
> 
> Not that I am aware of. The relevant source code isn't that long.
> Reading it is probably the quickest way.

Roel, what are you looking for specifically? The servlet spec lays-out
when sessions are created/destroyed, etc. Do you think Tomcat needs
documentation in addition to that?

-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Adding request/session valve to Tomcat

2015-10-28 Thread Milo van der Zee 

Hello Chris,

That is what I did but I expect a lot of people to have this problem. 
Seeing a lot of default valves included I would like to also have this 
valve as default.


public class RequestValve extends ValveBase {
/**
 * Session for current thread.
 */
static InheritableThreadLocal requestHolder = new 
InheritableThreadLocal<>();

@Override
public void invoke(Request request, Response response) throws IOException, 
ServletException {
requestHolder.set(request);
try {
getNext().invoke(request, response);
} finally {
requestHolder.remove();
}
}

public static Request getRequest() {
return requestHolder.get();
}
}


MAG,
Milo

On 10/28/2015 08:57 PM, Christopher Schultz wrote:

Milo,

On 10/28/15 4:12 AM, Milo van der Zee wrote:

With request I mean the 'org.apache.catalina.connector.Request' but this
implements 'javax.servlet.http.HttpServletRequest'. So, one and the same
thing for my situation.
And I don't only want access to that information during authentication
but it can also be used to pass information from the authentication to
the rest of the application. Like storing the password in the
subject.privateCredentials... This is needed in some rare cases where
the server has to do some kind of proxy login to another service based
on the client credentials.
Or using the usersession for misc info.

I'll have a look into the JASPIC discussion. Thanks. A valve looks
simpler though... (but Tomcat specific)

If you are okay with writing your own Valve, you could just use a
ThreadLocal and stuff whatever you want in there. Be very careful that
you ALWAYS remove the ThreadLocal after the request completes, otherwise
you risk security problems AND potential request/response staleness,
crashes down the line, etc.

-chris


On 10/27/2015 08:17 PM, Christopher Schultz wrote:

On 10/25/15 9:40 AM, Milo van der Zee wrote:

Hello,

There are some default valves available with Tomcat. None of these
expose the request to later phases in the request cycle. Is it an idea
to add a valve that does this? And make this available through a
callback in the jaas loginModule. Just like WebLogic and Websphere do
it. Or just use a static threadlocal variable in the valve with a static
getter.

Why?
If the jaas login module needs to communicate anything to the filter or
other request phases this is needed. When the request is available this
info can (for example) be added to the session.
Or when someone wants to use request info for jaas authentication this
could also be used.

Thanks for any ideas or comments.

Are you asking about access to the internal Tomcat "Request" object, or
are you asking about the HttpServletRequest?

I know it's inconvenient in Tomcat authenticators not to be able to get
things like the remote user's IP address -- for example, to log a failed
login attempt.

There is some discussion going on right now about using JASPIC as an
authentication API; perhaps you could join that discussion and advocate
for access to some of this information.

I would certainly be interested in having access to information from the
user's request during authentication.

-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1711114 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/filters/ test/org/apache/catalina/filters/

2015-10-28 Thread violetagg 
Author: violetagg
Date: Wed Oct 28 20:03:42 2015
New Revision: 174

URL: http://svn.apache.org/viewvc?rev=174&view=rev
Log:
Merged revision 1709120 from tomcat/trunk:
Basic implementation for CSRF protection for REST.
Documentation will follow.

Added:

tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
  - copied, changed from r1709120, 
tomcat/trunk/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java

tomcat/tc8.0.x/trunk/test/org/apache/catalina/filters/TestRestCsrfPreventionFilter.java
  - copied unchanged from r1709120, 
tomcat/trunk/test/org/apache/catalina/filters/TestRestCsrfPreventionFilter.java
Modified:
tomcat/tc8.0.x/trunk/   (props changed)
tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/Constants.java

tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/LocalStrings.properties

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Oct 28 20:03:42 2015
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892
 
,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657
 
609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,1
 
37,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172

Re: Adding request/session valve to Tomcat

2015-10-28 Thread Christopher Schultz 
Milo,

On 10/28/15 4:03 PM, Milo van der Zee wrote:
> That is what I did but I expect a lot of people to have this problem.
> Seeing a lot of default valves included I would like to also have this
> valve as default.

-1

Most applications don't need this. It's another layer of code that
doesn't need to execute for every request. It's another potential way
for request objects to be leaked. It's a potential security
vulnerability / encapsulation violation.

You have easily implemented this Valve and can feel free to distribute
it, but Tomcat is not likely to include this Valve and, if so, I would
strenuously object to it being enabled by default.

> public class RequestValve extends ValveBase {
> /**
>  * Session for current thread.
>  */
> static InheritableThreadLocal requestHolder = new
> InheritableThreadLocal<>();
> 
> @Override
> public void invoke(Request request, Response response) throws
> IOException, ServletException {
> requestHolder.set(request);
> try {
> getNext().invoke(request, response);
> } finally {
> requestHolder.remove();
> }
> }
> 
> public static Request getRequest() {
> return requestHolder.get();
> }
> }

Have you checked to make sure this Valve works as expected when the
request is FORWARDed or INCLUDed?

-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Adding request/session valve to Tomcat

2015-10-28 Thread Konstantin Kolinko 
2015-10-28 23:03 GMT+03:00 Milo van der Zee :
> Hello Chris,
>
> That is what I did but I expect a lot of people to have this problem. Seeing
> a lot of default valves included I would like to also have this valve as
> default.
>
> public class RequestValve extends ValveBase {
> /**
>  * Session for current thread.
>  */
> static InheritableThreadLocal requestHolder = new
> InheritableThreadLocal<>();

The "inheritable" above means that your "requestHolder.remove();" does
not remove all references.

Accessing request outside of request processing cycle would lead to
serious problems.

> @Override
> public void invoke(Request request, Response response) throws
> IOException, ServletException {
> requestHolder.set(request);
> try {
> getNext().invoke(request, response);
> } finally {
> requestHolder.remove();
> }
> }
>
> public static Request getRequest() {
> return requestHolder.get();
> }
> }

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1711130 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/filters/ test/org/apache/catalina/filters/

2015-10-28 Thread violetagg 
Author: violetagg
Date: Wed Oct 28 20:46:50 2015
New Revision: 1711130

URL: http://svn.apache.org/viewvc?rev=1711130&view=rev
Log:
Merged revision 1709120 from tomcat/trunk:
Basic implementation for CSRF protection for REST.
Documentation will follow.

Added:

tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
  - copied, changed from r1709120, 
tomcat/trunk/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java

tomcat/tc7.0.x/trunk/test/org/apache/catalina/filters/TestRestCsrfPreventionFilter.java
  - copied, changed from r1709120, 
tomcat/trunk/test/org/apache/catalina/filters/TestRestCsrfPreventionFilter.java
Modified:
tomcat/tc7.0.x/trunk/   (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/Constants.java

tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/LocalStrings.properties

Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Oct 28 20:46:50 2015
@@ -1,2 +1,2 @@
 
/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988,1667553
 
-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702739,1702742,1702744,1702
 
748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578
-/tomcat/trunk:1156115-1157160,1157162-1157859,1157862-1157942,1157945-1160347,1160349-1163716,1163718-1166689,1166691-1174340,1174342-1175596,1175598-1175611,1175613-1175932,1175934-1177783,1177785-1177980,1178006-1180720,1180722-1183094,1183096-1187753,1187755,1187775,1187801,1187806,1187809,1187826-1188312,1188314-1188401,1188646-1188840,1188842-1190176,1190178-1195223,1195225-1195953,1195955,1195957-1201238,1201240-1203345,1203347-1206623,1206625-1208046,1208073,1208096,1208114,1208145,1208772,1209194-1212125,1212127-1220291,1220293,1220295-1221321,1221323-1222329,1222332-1222401,1222405-1222795,1222850-1222950,1222969-1225326,1225328-1225463,1225465,1225627,1225629-1226534,1226536-1228908,1228911-1228923,1228927-1229532,1229534-1230766,1230768-1231625,1231627-1233414,1233419-1235207,1235209-1237425,1237427,1237429-1237977,1237981,1237985,1237995,1238070,1238073,1239024-1239048,1239050-1239062,1239135,1239256,1239258-1239485,1239785-1240046,1240101,1240106,1240109,1240112,1240114
 
,1240116,1240118,1240121,1240329,1240474-1240850,1240857,1241087,1241160,1241408-1241822,1241908-1241909,1241912-1242110,1242371-1292130,1292134-1292458,1292464-1292670,1292672-1292776,1292780-1293392,1293397-1297017,1297019-1297963,1297965-1299820,1300108,1300111-1300460,1300520-1300948,1300997,1301006,1301280,1302332,1302348,1302608-1302610,1302649,1302837,1303138,1303163,1303338,1303521,1303587,1303698,1303803,1303852,1304011,1304035,1304037,1304135,1304249,1304253,1304260,1304271,1304275,1304468,1304895,1304930-1304932,1305194,1305943,1305965,1306556,1306579-1306580,1307084,1307310,1307511-1307512,1307579,1307591,1307597,1310636,1310639-1310640,1310642,1310701,1311212,1311995,1327617,1327670,1331766,1333161,1333173,1333827,1334787,1335026,1335257,1335

buildbot failure in ASF Buildbot on tomcat-8-trunk

2015-10-28 Thread buildbot 
The Buildbot has detected a new failure on builder tomcat-8-trunk while 
building ASF Buildbot. Full details are available at:
http://ci.apache.org/builders/tomcat-8-trunk/builds/213

Buildbot URL: http://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' 
triggered this build
Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 174
Blamelist: violetagg

BUILD FAILED: failed compile_1

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 58551] Support plain and ssl on the same port

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58551

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |WONTFIX

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Switch 6.0.x from RTC to CTR

2015-10-28 Thread Mark Thomas 
All,

Many years ago, we switched all release branches to RTC primarily to
address a community problem where we could not agree on the best way
forward for some parts of the code.

RTC served us well. The disagreements ceased pretty much instantly.
However, RTC also slowed us down.

The development of 7.0.x started as CTR with a possibility of switching
to RTC if necessary. It never was. We chose not to switch 7.0.x to RTC
because the community issues that made RTC necessary had been solved and
RTC added unnecessary overhead and delay. 8.0.x and now 9.0.x progressed
the same way. Today, only 6.0.x is RTC.

I believe the use of RTC for 6.0.x is causing more harm than good. There
are fixes I don't propose for backport to 6.0.x because of the extra
hassle RTC introduces. I suspect others take a similar approach judging
on the number of fixes that don't make it back to 6.0.x.

I would therefore like to propose that we switch the 6.0.x release
branch from RTC to CTR and am therefore calling a VOTE to make this change.

[ ] Continue to use RTC for 6.0.x
[ ] Switch 6.0.x to CTR

Thanks,

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Switch 6.0.x from RTC to CTR

2015-10-28 Thread Mark Thomas 
> [ ] Continue to use RTC for 6.0.x
> [X] Switch 6.0.x to CTR

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Switch 6.0.x from RTC to CTR

2015-10-28 Thread Rémy Maucherat 
2015-10-28 23:42 GMT+01:00 Mark Thomas :

> I would therefore like to propose that we switch the 6.0.x release
> branch from RTC to CTR and am therefore calling a VOTE to make this change.
>
> [ ] Continue to use RTC for 6.0.x
> [X] Switch 6.0.x to CTR
>
> Comments:
- How close is 6.0 from getting only critical fixes and security issues ?
- On the upside for RTC for such a mature branch, it probably improves
stability. I suppose RTC could get it into the commit stream I see: trunk
-> 8 -> 7 -> and now 6.

Rémy

[Bug 58551] Support plain and ssl on the same port

2015-10-28 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=58551

--- Comment #15 from Konstantin Kolinko  ---
One of widely used technologies of using plaintext vs encrypted communication
over the same connection is STARTTLS.

https://en.wikipedia.org/wiki/STARTTLS

It has known weaknesses and I would not recommend it nowadays.
One of many articles on the subject:
https://www.agwa.name/blog/post/starttls_considered_harmful

Trying to implement HTTP and HTTPS on the same port would face similar issues.
As such, I do not see much worth for investing time in implementing and
supporting such a feature.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Switch 6.0.x from RTC to CTR

2015-10-28 Thread Konstantin Kolinko 
2015-10-29 1:42 GMT+03:00 Mark Thomas :
> All,
>
> Many years ago, we switched all release branches to RTC primarily to
> address a community problem where we could not agree on the best way
> forward for some parts of the code.
>
> RTC served us well. The disagreements ceased pretty much instantly.
> However, RTC also slowed us down.
>
> The development of 7.0.x started as CTR with a possibility of switching
> to RTC if necessary. It never was. We chose not to switch 7.0.x to RTC
> because the community issues that made RTC necessary had been solved and
> RTC added unnecessary overhead and delay. 8.0.x and now 9.0.x progressed
> the same way. Today, only 6.0.x is RTC.
>
> I believe the use of RTC for 6.0.x is causing more harm than good. There
> are fixes I don't propose for backport to 6.0.x because of the extra
> hassle RTC introduces. I suspect others take a similar approach judging
> on the number of fixes that don't make it back to 6.0.x.
>
> I would therefore like to propose that we switch the 6.0.x release
> branch from RTC to CTR and am therefore calling a VOTE to make this change.
>
> [ ] Continue to use RTC for 6.0.x
> [x] Switch 6.0.x to CTR

Agreed.

1. I think 6.0.x is very close to moving to archive, and archived
branches are CTR.

2. RTC seriously gets in a way, as review rate is slow. After waiting
for several months it is easy to loose track of the original problem.

Historically, I think Mark's work on introduction of automated tests
in Tomcat 7 became a key of success of CTR model for Tomcat 7 and
later.  We do not have automated test in Tomcat 6 yet, but I no longer
consider it a showstopper against CTR.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GUMP@vmgump]: Project tomcat-tc7.0.x-validate (in module tomcat-7.0.x) failed

2015-10-28 Thread Bill Barker 
To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-tc7.0.x-validate has an issue affecting its community 
integration.
This issue affects 1 projects,
 and has been outstanding for 32 runs.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-tc7.0.x-validate :  Tomcat 7.x, a web server implementing Java 
Servlet 3.0,
...


Full details are available at:

http://vmgump.apache.org/gump/public/tomcat-7.0.x/tomcat-tc7.0.x-validate/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on checkstyle exists, no need to add for property 
checkstyle.jar.
 -INFO- Failed with reason build failed



The following work was performed:
http://vmgump.apache.org/gump/public/tomcat-7.0.x/tomcat-tc7.0.x-validate/gump_work/build_tomcat-7.0.x_tomcat-tc7.0.x-validate.html
Work Name: build_tomcat-7.0.x_tomcat-tc7.0.x-validate (Type: Build)
Work ended in a state of : Failed
Elapsed: 1 min 9 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Dcheckstyle.jar=/srv/gump/public/workspace/checkstyle/target/checkstyle-6.12-SNAPSHOT.jar
 -Dexecute.validate=true validate 
[Working Directory: /srv/gump/public/workspace/tomcat-7.0.x]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/checkstyle/target/checkstyle-6.12-SNAPSHOT.jar:/srv/gump/packages/antlr/antlr-3.1.3.jar:/srv/gump/public/workspace/apache-commons/beanutils/dist/commons-beanutils-20151029.jar:/srv/gump/packages/commons-collections3/commons-collections-3.2.1.jar:/srv/gump/public/workspace/apache-commons/cli/target/commons-cli-1.4-SNAPSHOT.jar:/srv/gump/public/workspace/commons-lang-trunk/target/commons-lang3-3.5-SNAPSHOT.ja
 
r:/srv/gump/public/workspace/apache-commons/logging/target/commons-logging-20151029.jar:/srv/gump/public/workspace/apache-commons/logging/target/commons-logging-api-20151029.jar:/srv/gump/packages/guava/guava-18.0.jar
-
Buildfile: /srv/gump/public/workspace/tomcat-7.0.x/build.xml

build-prepare:
   [delete] Deleting directory 
/srv/gump/public/workspace/tomcat-7.0.x/output/build/temp
[mkdir] Created dir: 
/srv/gump/public/workspace/tomcat-7.0.x/output/build/temp

compile-prepare:

download-validate:

proxyflags:

setproxy:

testexist:
 [echo] Testing  for 
/srv/gump/public/workspace/checkstyle/target/checkstyle-6.12-SNAPSHOT.jar

downloadfile:

validate:
[mkdir] Created dir: 
/srv/gump/public/workspace/tomcat-7.0.x/output/res/checkstyle
[checkstyle] Running Checkstyle 6.12-SNAPSHOT on 2624 files
[checkstyle] 
/srv/gump/public/workspace/tomcat-7.0.x/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java:115:20:
 error: 'abstract' modifier out of order with the JLS suggestions.

BUILD FAILED
/srv/gump/public/workspace/tomcat-7.0.x/build.xml:529: Got 1 errors and 0 
warnings.

Total time: 1 minute 9 seconds
-

To subscribe to this information via syndicated feeds:
- RSS: 
http://vmgump.apache.org/gump/public/tomcat-7.0.x/tomcat-tc7.0.x-validate/rss.xml
- Atom: 
http://vmgump.apache.org/gump/public/tomcat-7.0.x/tomcat-tc7.0.x-validate/atom.xml

== Gump Tracking Only ===
Produced by Apache Gump(TM) version 2.3.
Gump Run 2015102906, vmgump.apache.org:vmgump:2015102906
Gump E-mail Identifier (unique within run) #2.

--
Apache Gump
http://gump.apache.org/ [Instance: vmgump]

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GUMP@vmgump]: Project tomcat-tc8.0.x-validate (in module tomcat-8.0.x) failed

2015-10-28 Thread Bill Barker 
To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-tc8.0.x-validate has an issue affecting its community 
integration.
This issue affects 1 projects,
 and has been outstanding for 32 runs.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-tc8.0.x-validate :  Tomcat 8.x, a web server implementing the Java 
Servlet 3.1,
...


Full details are available at:

http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-validate/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on checkstyle exists, no need to add for property 
checkstyle.jar.
 -INFO- Failed with reason build failed



The following work was performed:
http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-validate/gump_work/build_tomcat-8.0.x_tomcat-tc8.0.x-validate.html
Work Name: build_tomcat-8.0.x_tomcat-tc8.0.x-validate (Type: Build)
Work ended in a state of : Failed
Elapsed: 1 min 13 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Dcheckstyle.jar=/srv/gump/public/workspace/checkstyle/target/checkstyle-6.12-SNAPSHOT.jar
 -Dexecute.validate=true validate 
[Working Directory: /srv/gump/public/workspace/tomcat-8.0.x]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/checkstyle/target/checkstyle-6.12-SNAPSHOT.jar:/srv/gump/packages/antlr/antlr-3.1.3.jar:/srv/gump/public/workspace/apache-commons/beanutils/dist/commons-beanutils-20151029.jar:/srv/gump/packages/commons-collections3/commons-collections-3.2.1.jar:/srv/gump/public/workspace/apache-commons/cli/target/commons-cli-1.4-SNAPSHOT.jar:/srv/gump/public/workspace/commons-lang-trunk/target/commons-lang3-3.5-SNAPSHOT.ja
 
r:/srv/gump/public/workspace/apache-commons/logging/target/commons-logging-20151029.jar:/srv/gump/public/workspace/apache-commons/logging/target/commons-logging-api-20151029.jar:/srv/gump/packages/guava/guava-18.0.jar
-
Buildfile: /srv/gump/public/workspace/tomcat-8.0.x/build.xml

build-prepare:
   [delete] Deleting directory 
/srv/gump/public/workspace/tomcat-8.0.x/output/build/temp
[mkdir] Created dir: 
/srv/gump/public/workspace/tomcat-8.0.x/output/build/temp

compile-prepare:

download-validate:

testexist:
 [echo] Testing  for 
/srv/gump/public/workspace/checkstyle/target/checkstyle-6.12-SNAPSHOT.jar

setproxy:

downloadfile:

validate:
[mkdir] Created dir: 
/srv/gump/public/workspace/tomcat-8.0.x/output/res/checkstyle
[checkstyle] Running Checkstyle 6.12-SNAPSHOT on 2973 files
[checkstyle] 
/srv/gump/public/workspace/tomcat-8.0.x/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java:113:20:
 error: 'abstract' modifier out of order with the JLS suggestions.

BUILD FAILED
/srv/gump/public/workspace/tomcat-8.0.x/build.xml:541: Got 1 errors and 0 
warnings.

Total time: 1 minute 12 seconds
-

To subscribe to this information via syndicated feeds:
- RSS: 
http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-validate/rss.xml
- Atom: 
http://vmgump.apache.org/gump/public/tomcat-8.0.x/tomcat-tc8.0.x-validate/atom.xml

== Gump Tracking Only ===
Produced by Apache Gump(TM) version 2.3.
Gump Run 2015102906, vmgump.apache.org:vmgump:2015102906
Gump E-mail Identifier (unique within run) #3.

--
Apache Gump
http://gump.apache.org/ [Instance: vmgump]

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1711179 - /tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java

2015-10-28 Thread violetagg 
Author: violetagg
Date: Thu Oct 29 05:42:13 2015
New Revision: 1711179

URL: http://svn.apache.org/viewvc?rev=1711179&view=rev
Log:
Fixed checkstyle violation

Modified:

tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java

Modified: 
tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java?rev=1711179&r1=1711178&r2=1711179&view=diff
==
--- 
tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
 (original)
+++ 
tomcat/tc8.0.x/trunk/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
 Thu Oct 29 05:42:13 2015
@@ -110,7 +110,7 @@ public class RestCsrfPreventionFilter ex
 chain.doFilter(request, response);
 }
 
-private static abstract class RestCsrfPreventionStrategy {
+private abstract static class RestCsrfPreventionStrategy {
 
 abstract boolean apply(HttpServletRequest request, HttpServletResponse 
response)
 throws IOException;



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1711180 - /tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java

2015-10-28 Thread violetagg 
Author: violetagg
Date: Thu Oct 29 05:42:40 2015
New Revision: 1711180

URL: http://svn.apache.org/viewvc?rev=1711180&view=rev
Log:
Fixed checkstyle violation

Modified:

tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java?rev=1711180&r1=1711179&r2=1711180&view=diff
==
--- 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
 (original)
+++ 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
 Thu Oct 29 05:42:40 2015
@@ -112,7 +112,7 @@ public class RestCsrfPreventionFilter ex
 chain.doFilter(request, response);
 }
 
-private static abstract class RestCsrfPreventionStrategy {
+private abstract static class RestCsrfPreventionStrategy {
 
 abstract boolean apply(HttpServletRequest request,
 HttpServletResponse response) throws IOException;



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GUMP@vmgump]: Project tomcat-trunk-test-nio2 (in module tomcat-trunk) failed

2015-10-28 Thread Bill Barker 
To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-trunk-test-nio2 has an issue affecting its community integration.
This issue affects 1 projects,
 and has been outstanding for 4 runs.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-trunk-test-nio2 :  Tomcat 9.x, a web server implementing the Java 
Servlet 4.0,
...


Full details are available at:

http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-nio2/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
commons-daemon.native.src.tgz.
 -DEBUG- Dependency on commons-daemon exists, no need to add for property 
tomcat-native.tar.gz.
 -INFO- Failed with reason build failed
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-trunk/output/logs-NIO2
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-trunk/output/test-tmp-NIO2/logs
 -WARNING- No directory 
[/srv/gump/public/workspace/tomcat-trunk/output/test-tmp-NIO2/logs]



The following work was performed:
http://vmgump.apache.org/gump/public/tomcat-trunk/tomcat-trunk-test-nio2/gump_work/build_tomcat-trunk_tomcat-trunk-test-nio2.html
Work Name: build_tomcat-trunk_tomcat-trunk-test-nio2 (Type: Build)
Work ended in a state of : Failed
Elapsed: 50 mins 23 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.3-SNAPSHOT.jar
 -Dtest.reports=output/logs-NIO2 
-Dtomcat-native.tar.gz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20151029-native-src.tar.gz
 -Dexamples.sources.skip=true 
-Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.relaxTiming=true 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/dist/commons-daemon-20151029.jar
 
-Dcommons-daemon.native.src.tgz=/srv/gump/public/workspace/apache-commons/daemon/dist/bin/commons-daemon-20151029-native-src.tar.gz
 -Dtest.temp=output/test-tmp-NIO2 -Dtest.accesslog=true 
-Dexecute.test.nio=false -Dtest.openssl.path=/srv/gump/public/workspace/openssl
 -master/dest-20151029/bin/openssl -Dexecute.test.apr=false 
-Dtest.excludePerformance=true -Dexecute.test.nio2=true 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.5-SNAPSHOT.jar
 -Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-trunk]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-trunk/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/servlet-api.ja
 
r:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jaspic-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ha.jar:/srv/gump/public/workspace/to

buildbot success in ASF Buildbot on tomcat-8-trunk

2015-10-28 Thread buildbot 
The Buildbot has detected a restored build on builder tomcat-8-trunk while 
building ASF Buildbot. Full details are available at:
http://ci.apache.org/builders/tomcat-8-trunk/builds/214

Buildbot URL: http://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' 
triggered this build
Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1711179
Blamelist: violetagg

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Switch 6.0.x from RTC to CTR

2015-10-28 Thread Martin Grigorov 
On Thu, Oct 29, 2015 at 12:42 AM, Mark Thomas  wrote:

> [ ] Continue to use RTC for 6.0.x
> [ X ] Switch 6.0.x to CTR
>