[Tomcat Wiki] Update of "FAQ/Troubleshooting_and_Diagnostics" by KonstantinKolinko

[Apache Wiki]

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change 
notification.

The "FAQ/Troubleshooting_and_Diagnostics" page has been changed by 
KonstantinKolinko:
https://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics?action=diff&rev1=20&rev2=21

Comment:
Rearrange text about Response state troubleshooting

  
  E.g. [[https://bz.apache.org/bugzilla/show_bug.cgi?id=61289|61289]], 
[[https://bz.apache.org/bugzilla/show_bug.cgi?id=58457|58457]]
  
- The main suspect is your own web application keeping a reference to Request / 
Response objects outside of their life cycle. (*)
+ The main suspect is '''your own web application''' keeping a reference to 
Request / Response objects outside of their life cycle.
+ 
+ {{{#!wiki note
+ 
+ The lifetime of the Response object is documented in the 
[[Specifications|Servlet specification]]. Quoting from section "5.8 Lifetime of 
the Response Object" of Servlet 4.0 specification:
+ 
+ "Each response object is valid only within the scope of a servlet’s service 
method, or within the scope of a filter’s doFilter method, unless the 
associated request object has asynchronous processing enabled for the 
component. If asynchronous processing on the associated request is started, 
then the response object remains valid until complete method on !AsyncContext 
is called."
+ 
+ In case of asynchronous processing, when an error occurs Tomcat notifies all 
registered `AsyncListener`s and then calls `complete()` automatically if none 
of the listeners have called it yet. (Reference: 
[[https://bz.apache.org/bugzilla/show_bug.cgi?id=61768#c3|61768]])
+ 
+ Also see sections "2.3.3.4 Thread Safety" and "3.13 Lifetime of the Request 
Object" of the same specification.
+ }}}
+ 
+ To troubleshoot the issue:
  
   1. Set the following 
[[http://tomcat.apache.org/tomcat-8.5-doc/config/systemprops.html#Security|system
 property]] in Tomcat configuration:
  
  {{{org.apache.catalina.connector.RECYCLE_FACADES=true}}}
  
-  When flag is set, Tomcat recycles facades to its internal objects when 
request processing completes. This makes it easier to spot illegal access when 
it happens, instead of waiting until side effects of such access become 
visible.<><>
+  When the above flag is set, Tomcat recycles facades to its internal objects 
when request processing completes. This makes it easier to spot illegal access 
when it happens, instead of waiting until side effects of such access become 
visible.<><>
-  This flag is also mentioned on the 
[[http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html#System_Properties|Security
 Considerations]] page. The flag is `true` when Tomcat runs with enabled 
[[http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html|Java 
Security Manager]].
+  This flag is also mentioned on the 
[[http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html#System_Properties|Security
 Considerations]] page.<><>
+  The flag is `true` when Tomcat runs with enabled 
[[http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html|Java 
Security Manager]].
  
   2. Read about [[FAQ/KnownIssues#ImageIOIssues|Java ImageIO]] issue.
  
- (*) '''Note'''
- 
- The lifetime of the Response object is documented in the 
[[Specifications|Servlet specification]]. Quoting from section "5.8 Lifetime of 
the Response Object" of Servlet 4.0 specification:
- 
- || Each response object is valid only within the scope of a servlet’s service 
method, or within the scope of a filter’s doFilter method, unless the 
associated request object has asynchronous processing enabled for the 
component. If asynchronous processing on the associated request is started, 
then the response object remains valid until complete method on AsyncContext is 
called. ||
- 
- In case of asynchronous processing, when an error occurs Tomcat notifies all 
registered `AsyncListener`s and then calls `complete()` automatically if none 
of the listeners have called it yet. (Reference: 
[[https://bz.apache.org/bugzilla/show_bug.cgi?id=61768#c3|61768]])
- 
- Also see sections "2.3.3.4 Thread Safety" and "3.13 Lifetime of the Request 
Object" of the same specification.
  
  
  [[CategoryFAQ]]

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Tomcat Wiki] Update of "FAQ/Troubleshooting_and_Diagnostics" by KonstantinKolinko

[Apache Wiki]

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change 
notification.

The "FAQ/Troubleshooting_and_Diagnostics" page has been changed by 
KonstantinKolinko:
https://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics?action=diff&rev1=21&rev2=22

Comment:
Add link to Security page.

  
   When the above flag is set, Tomcat recycles facades to its internal objects 
when request processing completes. This makes it easier to spot illegal access 
when it happens, instead of waiting until side effects of such access become 
visible.<><>
   This flag is also mentioned on the 
[[http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html#System_Properties|Security
 Considerations]] page.<><>
-  The flag is `true` when Tomcat runs with enabled 
[[http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html|Java 
Security Manager]].
+  The flag is `true` when Tomcat runs with enabled 
[[http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html|Java 
Security Manager]].<><>
+  You can also search the archives of the Tomcat users' 
[[http://tomcat.apache.org/lists.html|mailing lists]] for previous discussions 
mentioning the `RECYCLE_FACADES` flag.
  
   2. Read about [[FAQ/KnownIssues#ImageIOIssues|Java ImageIO]] issue.
  
+ Accessing response objects after their lifetime can lead to security issues 
in your application, such as sending responses to wrong clients, mixing up 
responses. If you can reproduce the issue and the above diagnostic does not 
show your own bug, but a bug in Apache Tomcat,
+  * if the problem manifests as a security issue, see 
[[http://tomcat.apache.org/security.html|how to report it]].
  
  
  [[CategoryFAQ]]

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 62278] User session are mixed up after internal exceptions

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=62278

Remy Maucherat  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |INVALID

--- Comment #2 from Remy Maucherat  ---
The two NPEs seem to be related to use of recycled objects or concurrent use of
some sort (the buffer overflow). One of the NPEs has been "fixed" as it
affected a legitimate use. There are no indications of a Tomcat problem overall
nor a way to reproduce it, so nothing to do.

However, as there are security implications, this sort of BZ should never be
filed as it is right here. When/if you find a specific problem with a way to
reproduce, you should file a BZ if there are no security implications, or post
to the security mailing list if there is.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 62287] New: ValueExpressionImpl#equals is wrong

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=62287

Bug ID: 62287
   Summary: ValueExpressionImpl#equals is wrong
   Product: Tomcat 9
   Version: 9.0.6
  Hardware: PC
OS: Mac OS X 10.1
Status: NEW
  Severity: normal
  Priority: P2
 Component: EL
  Assignee: dev@tomcat.apache.org
  Reporter: strub...@apache.org
  Target Milestone: -

Created attachment 35859
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=35859&action=edit
patch for ValueExpressionImpl

ValueExpressionImpl#equals is likely not enough.

The current code just compares the hashCode():

>return (obj instanceof ValueExpressionImpl && obj.hashCode() == 
>this.hashCode());

It's possible that there is the same hashCode for different objects. For some
Java Classes we alwasy get 0 even.


For better tracking: this came up during a bug report against Apache
OpenWebBeans as reported by Holger Sunke.
https://issues.apache.org/jira/browse/OWB-1233

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 62273] Add support for alternate URL specification

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=62273

--- Comment #8 from Mark Thomas  ---
>From memory, the previous parser was lenient to the extent that it only checked
for characters that were not permitted anywhere in the request target rather
than checking each part individually.

My initial thoughts were something pluggable on the connector that delegated
most of the work to the HttpParser which would almost certainly need some new
methods. My thinking hasn't got much beyond that though.

I'm planning on putting together something to map request target part,
characters allowed and specification as I want to get a clearer understanding
of what is and isn't allowed where.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

JDK 11 Early Access build 8 available

[Rory O'Donnell]

Hi Mark,

**JDK 11 EA build 8, *under both the GPL and Oracle EA licenses, is 
now available at **http://jdk.java.net/11**. **

*

 * Newly approved Schedule, status & features
 o http://openjdk.java.net/projects/jdk/11/
 * Release Notes:
 o http://jdk.java.net/11/release-notes
 * Summary of changes
 o https://download.java.net/java/early_access/jdk11/8/jdk-11+8.html

*Notable changes in JDK 11 EA builds since last email:*

 * Build 8:
 o If you have a library that uses the Selector API heavily then
   now would be a good time to test it out. [1]
 * Build 7
 o The VM option "-XX:+AggressiveOpts" is deprecated in JDK 11 and
   will be removed in a future release.
 * Build 6:
 o JDK-8193033 : remove terminally deprecated
   sun.misc.Unsafe.defineClass. Users should use the public
   replacement `java.lang.invoke.MethodHandles.Lookup.defineClass`
   which was added in Java SE 9. [2]

**


*SURVEY: The HotSpot Serviceability Agent (SA) *[3]

 * If you have used, or have (support) processes that utilize the
   Serviceability Agent or related APIs, then we would definitely
   appreciate if you would complete this survey:
   https://www.surveymonkey.com/r/CF3MYDL


Regards,
Rory

[1] http://mail.openjdk.java.net/pipermail/nio-dev/2018-April/004964.html
[2] 
https://docs.oracle.com/javase/9/docs/api/java/lang/invoke/MethodHandles.Lookup.html#defineClass-byte:A- 


[3] http://mail.openjdk.java.net/pipermail/jdk-dev/2018-April/001052.html

--
Rgds,Rory O'Donnell
Quality Engineering Manager
Oracle EMEA , Dublin, Ireland

[Bug 62278] User session are mixed up after internal exceptions

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=62278

--- Comment #3 from Dmitry Treskunov  ---
Hi, 

It doesn't reproduce easily, right. 

But this NPEs are thrown from the objects which are not supposed to be used in
the current state, i.e. were recycled.

Why were the objects recycled while the request was not complete?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 62273] Add support for alternate URL specification

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=62273

Remy Maucherat  changed:

   What|Removed |Added

  Attachment #35856|0   |1
is obsolete||

--- Comment #9 from Remy Maucherat  ---
Created attachment 35860
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=35860&action=edit
URL patch

No problem if you have bigger plans, here's the last version of my patch.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.0.51

[Rémy Maucherat]

On Tue, Apr 10, 2018 at 12:05 AM, Violeta Georgieva 
wrote:

> The proposed Apache Tomcat 8.0.51 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.51/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1179/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_51/
>
> The proposed 8.0.51 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 8.0.51
>
> Rémy

Re: [VOTE] Release Apache Tomcat 7.0.86

[Rémy Maucherat]

On Mon, Apr 9, 2018 at 11:07 PM, Violeta Georgieva 
wrote:

> The proposed Apache Tomcat 7.0.86 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.86/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1178/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_86/
>
> The proposed 7.0.86 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 7.0.86 Stable
>
> Rémy

[Bug 62273] Add support for alternate URL specification

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=62273

--- Comment #10 from Mark Thomas  ---
I've been spending some time looking at whatwg.org URL spec. It appears, from
https://bugzilla.mozilla.org/show_bug.cgi?id=1451347 that the browsers consider
any string that passes the URL parser as valid and that the result of that
parsing is passed to the server.

The rules for writing URLs are different but they don;t appear to apply in this
case since if they did, everything we expect to be encoded in a query string
would be encoded.

I've been through the path parsing defined by the whatwg.org URL spec and I
believe it is the same as RFC7230 / RFC3986.

I've also been over the query part of the whatwg.org URL spec and I now believe
there are 8 characters we expect to be encoded that the whatwg.org URL spec
does not. They are:
"[", "]", "\", "^", "`", "{", "|", "}"

I still need to check the authority part.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 62273] Add support for alternate URL specification

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=62273

--- Comment #11 from Remy Maucherat  ---
Given the spec test, I thought the request target was a bit different, allowing
unencoded '\\', '|' and '^'.
Same conclusion for the query part.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Requesting get write access to flesh out design Idea on Tomcat cwiki (AJP client library and command line tools)

[Milan Karunarathne]

Hi all,

As the first step of the developing AJP client library and command line
tools for Apache Tomcat, I would like flesh out my design idea on tomcat
cwiki page. It would help to review my design and idea. So could you please
give me write access to the new page for this implementation.

Could you please create a new Design Issue "Building AJP client library and
Command Line tool" on https://cwiki.apache.org/confluence/display/TOMCAT/
Design+and+Development+Issues
What would be the process to give me the write access on that page?

Regards,
Milan
-- 
Milan Karunarathne
*Undergraduate at University of Moratuwa*
*mobile : +94718724615*
Milan Karunarathne 
@hasithamilan 
Milan Karunarathne 

[GUMP@vmgump-vm3]: Project tomcat-trunk-test-apr (in module tomcat-trunk) failed

[Bill Barker]

To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-trunk-test-apr has an issue affecting its community integration.
This issue affects 1 projects.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-trunk-test-apr :  Tomcat 9.x, a web server implementing the Java 
Servlet 4.0,
...


Full details are available at:
http://vmgump-vm3.apache.org/tomcat-trunk/tomcat-trunk-test-apr/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -INFO- Failed with reason build failed
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-trunk/output/logs-APR
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-trunk/output/test-tmp-APR/logs
 -WARNING- No directory 
[/srv/gump/public/workspace/tomcat-trunk/output/test-tmp-APR/logs]



The following work was performed:
http://vmgump-vm3.apache.org/tomcat-trunk/tomcat-trunk-test-apr/gump_work/build_tomcat-trunk_tomcat-trunk-test-apr.html
Work Name: build_tomcat-trunk_tomcat-trunk-test-apr (Type: Build)
Work ended in a state of : Failed
Elapsed: 26 mins 41 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Djava.net.preferIPv4Stack=/srv/gump/public/workspace/tomcat-trunk/true 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.7-SNAPSHOT.jar
 -Dtest.reports=output/logs-APR -Dexecute.test.nio2=false 
-Dexamples.sources.skip=true 
-Dbase.path=/srv/gump/public/workspace/tomcat-trunk/tomcat-build-libs 
-Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.apr.loc=/srv/gump/public/workspace/tomcat-native-trunk/dest-20180412/lib 
-Dtest.relaxTiming=true 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/target/commons-daemon-1.1.1-SNAPSHOT.jar
 -Dtest.temp=output/test-tmp-APR -Dtest.accesslog=true -Dexecute.test.nio=false 
-Dtest.openssl.path=/srv/gump/public/workspace/openssl-
 master/dest-20180412/bin/openssl -Dexecute.test.apr=true 
-Dtest.excludePerformance=true 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.7-SNAPSHOT.jar
 -Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-trunk]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-trunk/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/servlet-api.ja
 
r:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jaspic-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ha.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/bu
 
ild/lib/tomcat-jni.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-util.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-util-scan.

Re: [VOTE] Release Apache Tomcat 7.0.86

[Felix Schumacher]

Am 09.04.2018 um 23:07 schrieb Violeta Georgieva:

The proposed Apache Tomcat 7.0.86 release is now available for voting.

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.86/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1178/
The svn tag is:
http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_86/

The proposed 7.0.86 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 7.0.86 Stable


Regards,
 Felix



Regards,
Violeta




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.0.51

[Felix Schumacher]

Am 10.04.2018 um 00:05 schrieb Violeta Georgieva:

The proposed Apache Tomcat 8.0.51 release is now available for voting.

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.51/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1179/
The svn tag is:
http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_51/

The proposed 8.0.51 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 8.0.51


Regards,
 Felix



Regards,
Violeta




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 62273] Add support for alternate URL specification

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=62273

--- Comment #12 from Mark Thomas  ---
That wasn't my reading but it isn't the easiest spec to read. It is much closer
to an implementation description than a spec.

I decided to do some testing to see what the current behaviour is. Results
here:
https://cwiki.apache.org/confluence/display/TOMCAT/Encoding+and+URIs

It looks like tightening up the path parsing to limit '[' and ']' would cause
problems. I don't see where the whatwg.org spec allows this though.

I didn't see the automatic conversion of '\' to '/' when I read the spec
either.

The query string behaviour is close to what I expected although IE is worse.

The authority part of the whatwg.org spec is very relaxed for the userinfo
compared to RFC 7230 / RFC 3986 but since Tomcat just ignores the userinfo I'm
not too concerned about that.

Sigh.

I'm still thinking about the best way to approach this. If we have configurable
parser instances they are going to have to be per connector as the URI is
parsed before it can be mapped. I'm wondering if it is worth it. Different
settings per connector is likely to be unusual but on the other hand it isn't
that hard to implement.

One advantage of validating each part separately is that the query string may
have to allow some characters we really don't want in the path like '\'.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Requesting get write access to flesh out design Idea on Tomcat cwiki (AJP client library and command line tools)

[Mark Thomas]

On 12/04/18 16:34, Milan Karunarathne wrote:
> Hi all,
> 
> As the first step of the developing AJP client library and command line
> tools for Apache Tomcat, I would like flesh out my design idea on tomcat
> cwiki page. It would help to review my design and idea. So could you please
> give me write access to the new page for this implementation.

You need to sign up for an account first. Have you done this? If so,
what is your user name?

> Could you please create a new Design Issue "Building AJP client library and
> Command Line tool" on https://cwiki.apache.org/confluence/display/TOMCAT/
> Design+and+Development+Issues

You can create that page once you have edit access.

> What would be the process to give me the write access on that page?

You create an account on the wiki and then tell us your user name. Then
one of the admins can grant you edit privs.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 62297] New: Add support for multiple hosts/contexts in CrawlerSessionManagerValve

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=62297

Bug ID: 62297
   Summary: Add support for multiple hosts/contexts in
CrawlerSessionManagerValve
   Product: Tomcat 9
   Version: unspecified
  Hardware: All
OS: All
Status: NEW
  Severity: minor
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: felix.schumac...@internetallee.de
  Target Milestone: -

Created attachment 35867
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=35867&action=edit
Support multiple hosts in one CrawlerSessionManagerValve

When the Crawler valve is set up for multiple hosts like in

 
  
  
  
 

it is only managing the sessions for "localhost" as it is using the client ip
as the only key.

See
https://lists.apache.org/thread.html/3eb73d69855586717fa29ec5527ca4efdf64b4465425bc8c38c8ff83@%3Cusers.tomcat.apache.org%3E
for more information

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Requesting get write access to flesh out design Idea on Tomcat cwiki (AJP client library and command line tools)

[Milan Karunarathne]

Hi,

I have already created an account. Sorry, I forgot to tell my username.
My username is

*Milan Karunarathne.*
Regards,
Milan

On Fri, Apr 13, 2018 at 1:25 AM, Mark Thomas  wrote:

> On 12/04/18 16:34, Milan Karunarathne wrote:
> > Hi all,
> >
> > As the first step of the developing AJP client library and command line
> > tools for Apache Tomcat, I would like flesh out my design idea on tomcat
> > cwiki page. It would help to review my design and idea. So could you
> please
> > give me write access to the new page for this implementation.
>
> You need to sign up for an account first. Have you done this? If so,
> what is your user name?
>
> > Could you please create a new Design Issue "Building AJP client library
> and
> > Command Line tool" on https://cwiki.apache.org/
> confluence/display/TOMCAT/
> > Design+and+Development+Issues
>
> You can create that page once you have edit access.
>
> > What would be the process to give me the write access on that page?
>
> You create an account on the wiki and then tell us your user name. Then
> one of the admins can grant you edit privs.
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>


-- 
Milan Karunarathne
*Undergraduate at University of Moratuwa*
*mobile : +94718724615*
Milan Karunarathne 
@hasithamilan 
Milan Karunarathne 

[GUMP@vmgump-vm3]: Project tomcat-trunk-test-apr (in module tomcat-trunk) failed

[Bill Barker]

To whom it may engage...

This is an automated request, but not an unsolicited one. For 
more information please visit http://gump.apache.org/nagged.html, 
and/or contact the folk at gene...@gump.apache.org.

Project tomcat-trunk-test-apr has an issue affecting its community integration.
This issue affects 1 projects.
The current state of this project is 'Failed', with reason 'Build Failed'.
For reference only, the following projects are affected by this:
- tomcat-trunk-test-apr :  Tomcat 9.x, a web server implementing the Java 
Servlet 4.0,
...


Full details are available at:
http://vmgump-vm3.apache.org/tomcat-trunk/tomcat-trunk-test-apr/index.html

That said, some information snippets are provided here.

The following annotations (debug/informational/warning/error messages) were 
provided:
 -INFO- Failed with reason build failed
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-trunk/output/logs-APR
 -INFO- Project Reports in: 
/srv/gump/public/workspace/tomcat-trunk/output/test-tmp-APR/logs
 -WARNING- No directory 
[/srv/gump/public/workspace/tomcat-trunk/output/test-tmp-APR/logs]



The following work was performed:
http://vmgump-vm3.apache.org/tomcat-trunk/tomcat-trunk-test-apr/gump_work/build_tomcat-trunk_tomcat-trunk-test-apr.html
Work Name: build_tomcat-trunk_tomcat-trunk-test-apr (Type: Build)
Work ended in a state of : Failed
Elapsed: 26 mins 52 secs
Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true 
-Dbuild.sysclasspath=only org.apache.tools.ant.Main 
-Dgump.merge=/srv/gump/public/gump/work/merge.xml 
-Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.13-SNAPSHOT.jar 
-Djava.net.preferIPv4Stack=/srv/gump/public/workspace/tomcat-trunk/true 
-Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-2.7-SNAPSHOT.jar
 -Dtest.reports=output/logs-APR -Dexecute.test.nio2=false 
-Dexamples.sources.skip=true 
-Dbase.path=/srv/gump/public/workspace/tomcat-trunk/tomcat-build-libs 
-Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.5-201506032000/ecj-4.5.jar 
-Dtest.apr.loc=/srv/gump/public/workspace/tomcat-native-trunk/dest-20180413/lib 
-Dtest.relaxTiming=true 
-Dcommons-daemon.jar=/srv/gump/public/workspace/apache-commons/daemon/target/commons-daemon-1.1.1-SNAPSHOT.jar
 -Dtest.temp=output/test-tmp-APR -Dtest.accesslog=true -Dexecute.test.nio=false 
-Dtest.openssl.path=/srv/gump/public/workspace/openssl-
 master/dest-20180413/bin/openssl -Dexecute.test.apr=true 
-Dtest.excludePerformance=true 
-Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-3.7-SNAPSHOT.jar
 -Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core-1.3.jar 
-Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test 
[Working Directory: /srv/gump/public/workspace/tomcat-trunk]
CLASSPATH: 
/usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-trunk/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/servlet-api.ja
 
r:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jaspic-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/catalina-ha.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-api.jar:/srv/gump/public/workspace/tomcat-trunk/output/bu
 
ild/lib/tomcat-jni.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-util.jar:/srv/gump/public/workspace/tomcat-trunk/output/build/lib/tomcat-util-scan.jar:/srv/gump/public/workspac