[Bug 63943] New: Add possibility to overwrite remote port with information from header value
https://bz.apache.org/bugzilla/show_bug.cgi?id=63943 Bug ID: 63943 Summary: Add possibility to overwrite remote port with information from header value Product: Tomcat 9 Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: peter.gi...@gmail.com Target Milestone: - In times of IPv6 networks being mapped into IPv4 networks it is often necessary to have the remote port information to identify the source of a request. Please enhance the org.apache.catalina.valves.RemoteIpValve to allow using port information from a request header set by a load-balancer or proxy. Alternatively provide a separate valve for this functionality. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63943] Add possibility to overwrite remote port with information from header value
https://bz.apache.org/bugzilla/show_bug.cgi?id=63943 Mark Thomas changed: What|Removed |Added Resolution|--- |INVALID Status|NEW |RESOLVED --- Comment #1 from Mark Thomas --- This feature has been present since May 2011. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/04: Fix SpotBugs warnings in JDBC pool module
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
View the commit online:
https://github.com/apache/tomcat/commit/52c6412892def19fdd9a0f341f8c3f772839610d
commit 52c6412892def19fdd9a0f341f8c3f772839610d
Author: Mark Thomas
AuthorDate: Wed Nov 20 12:23:21 2019 +
Fix SpotBugs warnings in JDBC pool module
---
.../org/apache/tomcat/jdbc/pool/ConnectionPool.java | 5 -
.../org/apache/tomcat/jdbc/pool/PoolProperties.java | 2 +-
.../org/apache/tomcat/jdbc/pool/PooledConnection.java | 4 ++--
.../tomcat/jdbc/pool/interceptor/StatementCache.java | 3 ++-
.../interceptor/StatementDecoratorInterceptor.java| 2 +-
res/findbugs/filter-false-positives.xml | 19 +++
6 files changed, 29 insertions(+), 6 deletions(-)
diff --git
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
index 7763a98..cbb1615 100644
---
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
+++
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
@@ -622,7 +622,10 @@ public class ConnectionPool {
// we could have threads stuck in idle.poll(timeout) that will never be
// notified
if (waitcount.get() > 0) {
-idle.offer(create(true));
+if (!idle.offer(create(true))) {
+log.warn("Failed to add a new connection to the pool after
releasing a connection " +
+"when at least one thread was waiting for a
connection.");
+}
}
}
diff --git
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PoolProperties.java
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PoolProperties.java
index 3b09eb0..2d995d9 100644
---
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PoolProperties.java
+++
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PoolProperties.java
@@ -54,7 +54,7 @@ public class PoolProperties implements PoolConfiguration,
Cloneable, Serializabl
private volatile String validationQuery;
private volatile int validationQueryTimeout = -1;
private volatile String validatorClassName;
-private volatile Validator validator;
+private transient volatile Validator validator;
private volatile boolean testOnBorrow = false;
private volatile boolean testOnReturn = false;
private volatile boolean testWhileIdle = false;
diff --git
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java
index 69cf1f0..8978810 100644
---
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java
+++
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java
@@ -202,9 +202,9 @@ public class PooledConnection implements
PooledConnectionMBean {
log.debug("Unable to disconnect previous connection.", x);
} //catch
} //end if
-if (poolProperties.getDataSource()==null &&
poolProperties.getDataSourceJNDI()!=null) {
+//if (poolProperties.getDataSource()==null &&
poolProperties.getDataSourceJNDI()!=null) {
//TODO lookup JNDI name
-}
+//}
if (poolProperties.getDataSource()!=null) {
connectUsingDataSource();
diff --git
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
index 03b7f84..a5b4d36 100644
---
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
+++
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
@@ -20,6 +20,7 @@ import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
+import java.sql.SQLException;
import java.util.Arrays;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
@@ -305,7 +306,7 @@ public class StatementCache extends
StatementDecoratorInterceptor implements Sta
proxy.cached = true;
shouldClose = false;
}
-} catch (Exception x) {
+} catch (RuntimeException | ReflectiveOperationException |
SQLException x) {
removeStatement(proxy);
}
}
diff --git
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementDecoratorInterceptor.java
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementDecoratorInterceptor.java
index
[tomcat] 03/04: Fix SpotBugs issues in JDBC pool tests
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
View the commit online:
https://github.com/apache/tomcat/commit/c4c14207035ac95c99f7c2da1dc326e3e989efa6
commit c4c14207035ac95c99f7c2da1dc326e3e989efa6
Author: Mark Thomas
AuthorDate: Wed Nov 20 13:21:51 2019 +
Fix SpotBugs issues in JDBC pool tests
---
.../java/org/apache/tomcat/jdbc/bugs/Bug53367.java | 6 +--
.../apache/tomcat/jdbc/test/ConnectCountTest.java | 4 +-
.../org/apache/tomcat/jdbc/test/FairnessTest.java | 4 +-
.../apache/tomcat/jdbc/test/JmxPasswordTest.java | 2 +-
.../apache/tomcat/jdbc/test/MultipleCloseTest.java | 4 +-
.../apache/tomcat/jdbc/test/StarvationTest.java| 2 +
.../org/apache/tomcat/jdbc/test/TestException.java | 12 ++---
.../tomcat/jdbc/test/TestStatementCache.java | 2 +
.../org/apache/tomcat/jdbc/test/TestTimeout.java | 26 +++
.../jdbc/test/TestValidationQueryTimeout.java | 16 +++
res/findbugs/filter-false-positives.xml| 51 ++
11 files changed, 99 insertions(+), 30 deletions(-)
diff --git
a/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/bugs/Bug53367.java
b/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/bugs/Bug53367.java
index 1e534e0..6c0984e 100644
--- a/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/bugs/Bug53367.java
+++ b/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/bugs/Bug53367.java
@@ -107,8 +107,8 @@ public class Bug53367 {
Thread thread = new Thread(new Runnable() {
@Override
public void run() {
-try {
-ds.getConnection();
+// Expected to fail
+try (Connection c = ds.getConnection()) {
} catch (Exception e) {
System.err.println("Step 2:"+e.getMessage());
}
@@ -174,4 +174,4 @@ public class Bug53367 {
Assert.assertEquals(0, pool.getActive());
Assert.assertEquals(threadsCount, pool.getSize());
}
-}
\ No newline at end of file
+}
diff --git
a/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/test/ConnectCountTest.java
b/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/test/ConnectCountTest.java
index 5a0a71f..8e240f9 100644
---
a/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/test/ConnectCountTest.java
+++
b/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/test/ConnectCountTest.java
@@ -17,7 +17,9 @@
package org.apache.tomcat.jdbc.test;
import java.sql.Connection;
+import java.sql.SQLException;
import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
@@ -259,7 +261,7 @@ public class ConnectCountTest extends DefaultTestCase {
totalruntime+=(System.nanoTime()-start);
}
-} catch (Exception x) {
+} catch (RuntimeException | SQLException | ExecutionException |
InterruptedException x) {
x.printStackTrace();
} finally {
ConnectCountTest.this.latch.countDown();
diff --git
a/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/test/FairnessTest.java
b/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/test/FairnessTest.java
index 1c282df..bb2cc8b 100644
---
a/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/test/FairnessTest.java
+++
b/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/test/FairnessTest.java
@@ -17,7 +17,9 @@
package org.apache.tomcat.jdbc.test;
import java.sql.Connection;
+import java.sql.SQLException;
import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
@@ -241,7 +243,7 @@ public class FairnessTest extends DefaultTestCase {
totalruntime+=(System.nanoTime()-start);
}
-} catch (Exception x) {
+} catch (RuntimeException | SQLException | ExecutionException |
InterruptedException x) {
x.printStackTrace();
} finally {
FairnessTest.this.latch.countDown();
diff --git
a/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/test/JmxPasswordTest.java
b/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/test/JmxPasswordTest.java
index 2074447..6c05c00 100644
---
a/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/test/JmxPasswordTest.java
+++
b/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/test/JmxPasswordTest.java
@@ -36,7 +36,7 @@ import org.apache.tomcat.jdbc.test.driver.Driver;
public class JmxPasswordTest extends DefaultTestCase{
public static final String password = "password";
public static final String username =
[tomcat] 01/02: Remove unused code
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
View the commit online:
https://github.com/apache/tomcat/commit/13c87becb4bf1c57cc5125604ab7ce7b66948a20
commit 13c87becb4bf1c57cc5125604ab7ce7b66948a20
Author: Mark Thomas
AuthorDate: Wed Nov 20 13:24:02 2019 +
Remove unused code
---
test/org/apache/catalina/tribes/test/transport/SocketNioReceive.java | 1 +
1 file changed, 1 insertion(+)
diff --git
a/test/org/apache/catalina/tribes/test/transport/SocketNioReceive.java
b/test/org/apache/catalina/tribes/test/transport/SocketNioReceive.java
index 9ec2afa..763d7b2 100644
--- a/test/org/apache/catalina/tribes/test/transport/SocketNioReceive.java
+++ b/test/org/apache/catalina/tribes/test/transport/SocketNioReceive.java
@@ -35,6 +35,7 @@ public class SocketNioReceive {
static DecimalFormat df = new DecimalFormat("##.00");
static double seconds = 0;
+protected static final Object mutex = new Object();
public static void main(String[] args) throws Exception {
Member mbr = new MemberImpl("localhost", , 0);
ChannelData data = new ChannelData();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 04/04: One missed false positive
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git View the commit online: https://github.com/apache/tomcat/commit/85ba8b6836e07727def00c4845081eacc7f0f9c8 commit 85ba8b6836e07727def00c4845081eacc7f0f9c8 Author: Mark Thomas AuthorDate: Wed Nov 20 13:22:58 2019 + One missed false positive --- res/findbugs/filter-false-positives.xml | 6 ++ 1 file changed, 6 insertions(+) diff --git a/res/findbugs/filter-false-positives.xml b/res/findbugs/filter-false-positives.xml index 06f104e..b45c160 100644 --- a/res/findbugs/filter-false-positives.xml +++ b/res/findbugs/filter-false-positives.xml @@ -1708,6 +1708,12 @@ + + + + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated (e92da8e -> 85ba8b6)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from e92da8e Additional debug logging to investigate bug 63859 new 52c6412 Fix SpotBugs warnings in JDBC pool module new 065c5d1 Fix SpotBugs warnings for unit tests new c4c1420 Fix SpotBugs issues in JDBC pool tests new 85ba8b6 One missed false positive The 4 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../apache/tomcat/jdbc/pool/ConnectionPool.java| 5 +- .../apache/tomcat/jdbc/pool/PoolProperties.java| 2 +- .../apache/tomcat/jdbc/pool/PooledConnection.java | 4 +- .../jdbc/pool/interceptor/StatementCache.java | 3 +- .../interceptor/StatementDecoratorInterceptor.java | 2 +- .../java/org/apache/tomcat/jdbc/bugs/Bug53367.java | 6 +- .../apache/tomcat/jdbc/test/ConnectCountTest.java | 4 +- .../org/apache/tomcat/jdbc/test/FairnessTest.java | 4 +- .../apache/tomcat/jdbc/test/JmxPasswordTest.java | 2 +- .../apache/tomcat/jdbc/test/MultipleCloseTest.java | 4 +- .../apache/tomcat/jdbc/test/StarvationTest.java| 2 + .../org/apache/tomcat/jdbc/test/TestException.java | 12 +- .../tomcat/jdbc/test/TestStatementCache.java | 2 + .../org/apache/tomcat/jdbc/test/TestTimeout.java | 26 +- .../jdbc/test/TestValidationQueryTimeout.java | 16 +- res/findbugs/filter-false-positives.xml| 315 - .../TesterDigestAuthenticatorPerformance.java | 2 +- .../apache/catalina/connector/TestSendFile.java| 2 +- .../apache/catalina/core/TestAsyncContextImpl.java | 18 +- ...TestWebappClassLoaderThreadLocalMemoryLeak.java | 5 +- .../catalina/nonblocking/TestNonBlockingAPI.java | 37 ++- .../tribes/test/transport/SocketNioReceive.java| 8 +- .../valves/TestLoadBalancerDrainingValve.java | 6 +- .../apache/coyote/http11/upgrade/TestUpgrade.java | 9 +- .../http11/upgrade/TestUpgradeInternalHandler.java | 7 +- test/org/apache/coyote/http2/Http2TestBase.java| 2 +- test/org/apache/coyote/http2/TestAsync.java| 7 +- test/org/apache/jasper/TestJspC.java | 2 +- .../apache/jasper/TestJspCompilationContext.java | 3 +- test/org/apache/juli/TestFileHandler.java | 13 +- 30 files changed, 442 insertions(+), 88 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Alphabetical order
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git View the commit online: https://github.com/apache/tomcat/commit/5274de17b81c7e1a9e8e3ccb2bc89f71416d26ce commit 5274de17b81c7e1a9e8e3ccb2bc89f71416d26ce Author: Mark Thomas AuthorDate: Wed Nov 20 13:24:15 2019 + Alphabetical order --- res/findbugs/filter-false-positives.xml | 46 - 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/res/findbugs/filter-false-positives.xml b/res/findbugs/filter-false-positives.xml index 2c8d18b..cefc6fe 100644 --- a/res/findbugs/filter-false-positives.xml +++ b/res/findbugs/filter-false-positives.xml @@ -1695,23 +1695,6 @@ - - - - - - - - - - - - - - - - - @@ -1730,6 +1713,23 @@ + + + + + + + + + + + + + + + + + @@ -1843,18 +1843,18 @@ - - - - - - + + + + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated (9d7cb54 -> 5274de1)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 9d7cb54 Fix test new 13c87be Remove unused code new 5274de1 Alphabetical order The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: res/findbugs/filter-false-positives.xml| 46 +++--- .../tribes/test/transport/SocketNioReceive.java| 1 + 2 files changed, 24 insertions(+), 23 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/04: Fix SpotBugs warnings for unit tests
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
View the commit online:
https://github.com/apache/tomcat/commit/065c5d1ca88f00075ffc9d9b15e295ea69733f13
commit 065c5d1ca88f00075ffc9d9b15e295ea69733f13
Author: Mark Thomas
AuthorDate: Wed Nov 20 13:09:55 2019 +
Fix SpotBugs warnings for unit tests
---
res/findbugs/filter-false-positives.xml| 239 -
.../TesterDigestAuthenticatorPerformance.java | 2 +-
.../apache/catalina/connector/TestSendFile.java| 2 +-
.../apache/catalina/core/TestAsyncContextImpl.java | 18 +-
...TestWebappClassLoaderThreadLocalMemoryLeak.java | 5 +-
.../catalina/nonblocking/TestNonBlockingAPI.java | 37 ++--
.../tribes/test/transport/SocketNioReceive.java| 8 +-
.../valves/TestLoadBalancerDrainingValve.java | 6 +-
.../apache/coyote/http11/upgrade/TestUpgrade.java | 9 +-
.../http11/upgrade/TestUpgradeInternalHandler.java | 7 +-
test/org/apache/coyote/http2/Http2TestBase.java| 2 +-
test/org/apache/coyote/http2/TestAsync.java| 7 +-
test/org/apache/jasper/TestJspC.java | 2 +-
.../apache/jasper/TestJspCompilationContext.java | 3 +-
test/org/apache/juli/TestFileHandler.java | 13 +-
15 files changed, 308 insertions(+), 52 deletions(-)
diff --git a/res/findbugs/filter-false-positives.xml
b/res/findbugs/filter-false-positives.xml
index 5d63303..73443d6 100644
--- a/res/findbugs/filter-false-positives.xml
+++ b/res/findbugs/filter-false-positives.xml
@@ -1551,6 +1551,12 @@
+
+
+
+
+
+
@@ -1558,12 +1564,26 @@
+
+
+
+
+
-
+
+
+
+
+
+
+
+
+
+
@@ -1575,12 +1595,101 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -1593,6 +1702,12 @@
+
+
+
+
+
+
@@ -1705,6 +1820,60 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -1714,6 +1883,15 @@
+
+
+
+
+
+
+
+
+
@@ -1760,6 +1938,12 @@
+
+
+
+
+
+
@@ -1768,6 +1952,29 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -1799,13 +2006,41 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git
a/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
b/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
index 991dda5..4ff8335 100644
---
a/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
+++
b/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
@@ -98,7 +98,7 @@ public class TesterDigestAuthenticatorPerformance {
System.out.println("Average time per request (wall): " +
wallTime/(threadCount * requestCount));
-Assert.assertEquals(requestCount * threadCount, totalSuccess);
+Assert.assertEquals(((long)requestCount) * threadCount, totalSuccess);
}
@Before
diff --git a/test/org/apache/catalina/connector/TestSendFile.java
b/test/org/apache/catalina/connector/TestSendFile.java
index a8aafbc..3fca72f 100644
--- a/test/org/apache/catalina/connector/TestSendFile.java
+++ b/test/org/apache/catalina/connector/TestSendFile.java
@@ -80,7 +80,7 @@ public class TestSendFile extends TomcatBaseTest {
Assert.assertEquals(HttpServletResponse.SC_OK, rc);
System.out.println("Client received " + bc.getLength() + "
bytes in "
+ (System.currentTimeMillis() - start) + " ms.");
-Assert.assertEquals(EXPECTED_CONTENT_LENGTH * (i
[tomcat] 03/05: Handle case were Poller may return an entry per event
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
View the commit online:
https://github.com/apache/tomcat/commit/4a8d1ff4f002ddf57883364fa7153e42f40393e6
commit 4a8d1ff4f002ddf57883364fa7153e42f40393e6
Author: Mark Thomas
AuthorDate: Tue Nov 19 17:30:31 2019 +
Handle case were Poller may return an entry per event
---
java/org/apache/tomcat/util/net/AprEndpoint.java | 45 +++-
1 file changed, 44 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index dfca17b..a27ee22 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -1486,7 +1486,16 @@ public class AprEndpoint extends AbstractEndpoint {
// It might not be worth bothering though.
aprPoller = allocatePoller(pollerSize, pool, -1);
-desc = new long[pollerSize * 2];
+/*
+ * x2 - One descriptor for the socket, one for the event(s).
+ * x2 - Some APR implementations return multiple events for the
+ * same socket as different entries. Each socket is registered
+ * for a maximum of two events (read and write) at any one
+ * time.
+ *
+ * Therefore size is poller size *4.
+ */
+desc = new long[pollerSize * 4];
connectionCount.set(0);
addList = new SocketList(pollerSize);
closeList = new SocketList(pollerSize);
@@ -1838,6 +1847,7 @@ public class AprEndpoint extends AbstractEndpoint {
int rv = Poll.poll(aprPoller, pollTime, desc, true);
if (rv > 0) {
+rv = mergeDescriptors(desc, rv);
connectionCount.addAndGet(-rv);
for (int n = 0; n < rv; n++) {
if (getLog().isDebugEnabled()) {
@@ -2033,6 +2043,39 @@ public class AprEndpoint extends AbstractEndpoint {
this.notifyAll();
}
}
+
+
+private int mergeDescriptors(long[] desc, int startCount) {
+/*
+ * https://bz.apache.org/bugzilla/show_bug.cgi?id=57653#c6 suggests
+ * this merging is only necessary on OSX and BSD.
+ *
+ * https://bz.apache.org/bugzilla/show_bug.cgi?id=56313 suggests
the
+ * same, or a similar, issue is happening on Windows.
+ * Notes: Only the first startCount * 2 elements of the array
+ *are populated.
+ *The array is event, socket, event, socket etc.
+ */
+HashMap merged = new HashMap(startCount);
+for (int n = 0; n < startCount; n++) {
+Long old = merged.put(Long.valueOf(desc[2*n+1]),
Long.valueOf(desc[2*n]));
+if (old != null) {
+// This was a replacement. Merge the old and new value
+merged.put(Long.valueOf(desc[2*n+1]),
+Long.valueOf(desc[2*n] | old.longValue()));
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("endpoint.apr.pollMergeEvents",
+Long.valueOf(desc[2*n+1]),
Long.valueOf(desc[2*n]), old));
+}
+}
+}
+int i = 0;
+for (Map.Entry entry : merged.entrySet()) {
+desc[i++] = entry.getValue().longValue();
+desc[i++] = entry.getKey().longValue();
+}
+return merged.size();
+}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 04/05: Back-port some SpotBugs fixes and Javadoc alignment.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
View the commit online:
https://github.com/apache/tomcat/commit/e4b3e7865e43913a32009b4de0c38179d73a74c9
commit e4b3e7865e43913a32009b4de0c38179d73a74c9
Author: Mark Thomas
AuthorDate: Wed Nov 20 12:24:31 2019 +
Back-port some SpotBugs fixes and Javadoc alignment.
---
.../apache/tomcat/jdbc/pool/ConnectionPool.java| 45 ++
.../apache/tomcat/jdbc/pool/PoolProperties.java| 10 +
.../apache/tomcat/jdbc/pool/PooledConnection.java | 4 +-
3 files changed, 32 insertions(+), 27 deletions(-)
diff --git
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
index ccb941f..e699a42 100644
---
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
+++
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
@@ -51,10 +51,8 @@ import org.apache.juli.logging.LogFactory;
* The ConnectionPool uses a {@link PoolProperties} object for storing all the
meta information about the connection pool.
* As the underlying implementation, the connection pool uses {@link
java.util.concurrent.BlockingQueue} to store active and idle connections.
* A custom implementation of a fair {@link FairBlockingQueue} blocking queue
is provided with the connection pool itself.
- * @author Filip Hanik
* @version 1.0
*/
-
public class ConnectionPool {
/**
@@ -149,7 +147,7 @@ public class ConnectionPool {
* Instantiate a connection pool. This will create connections if
initialSize is larger than 0.
* The {@link PoolProperties} should not be reused for another connection
pool.
* @param prop PoolProperties - all the properties for this connection pool
- * @throws SQLException
+ * @throws SQLException Pool initialization error
*/
public ConnectionPool(PoolConfiguration prop) throws SQLException {
//setup quick access variables and pools
@@ -163,7 +161,7 @@ public class ConnectionPool {
* If a connection is not retrieved, the Future must be cancelled in order
for the connection to be returned
* to the pool.
* @return a Future containing a reference to the connection or the future
connection
- * @throws SQLException
+ * @throws SQLException Cannot use asynchronous connect
*/
public Future getConnectionAsync() throws SQLException {
try {
@@ -208,7 +206,8 @@ public class ConnectionPool {
* maxActive} connections a connection is returned immediately. If no
* connection is available, the pool will attempt to fetch a connection for
* {@link PoolProperties#maxWait maxWait} milliseconds.
- *
+ * @param username The user name to use for the connection
+ * @param password The password for the connection
* @return Connection - a java.sql.Connection/javax.sql.PooledConnection
* reflection proxy, wrapping the underlying object.
* @throws SQLException
@@ -355,8 +354,9 @@ public class ConnectionPool {
/**
* Creates and caches a {@link java.lang.reflect.Constructor} used to
instantiate the proxy object.
* We cache this, since the creation of a constructor is fairly slow.
+ * @param xa Use a XA connection
* @return constructor used to instantiate the wrapper object
- * @throws NoSuchMethodException
+ * @throws NoSuchMethodException Failed to get a constructor
*/
public Constructor getProxyConstructor(boolean xa) throws
NoSuchMethodException {
//cache the constructor
@@ -540,6 +540,7 @@ public class ConnectionPool {
}
}
+
//===
// CONNECTION POOLING IMPL LOGIC
//===
@@ -620,7 +621,10 @@ public class ConnectionPool {
// we could have threads stuck in idle.poll(timeout) that will never be
// notified
if (waitcount.get() > 0) {
-idle.offer(create(true));
+if (!idle.offer(create(true))) {
+log.warn("Failed to add a new connection to the pool after
releasing a connection " +
+"when at least one thread was waiting for a
connection.");
+}
}
}
@@ -628,8 +632,10 @@ public class ConnectionPool {
* Thread safe way to retrieve a connection from the pool
* @param wait - time to wait, overrides the maxWait from the properties,
* set to -1 if you wish to use maxWait, 0 if you wish no wait time.
- * @return PooledConnection
- * @throws SQLException
+ * @param username The user name to use for the connection
+ * @param password The password for the connection
[tomcat] 01/05: Polish. Align with 8.5.x/9.0.x
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
View the commit online:
https://github.com/apache/tomcat/commit/34a0f1156ad88668bbbce83fadc42a69367dfb4f
commit 34a0f1156ad88668bbbce83fadc42a69367dfb4f
Author: Mark Thomas
AuthorDate: Tue Nov 19 16:18:08 2019 +
Polish. Align with 8.5.x/9.0.x
---
java/org/apache/tomcat/util/net/AprEndpoint.java | 34
1 file changed, 23 insertions(+), 11 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index 24014d4..a31430d 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -14,7 +14,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package org.apache.tomcat.util.net;
import java.security.AccessController;
@@ -69,10 +68,8 @@ import org.apache.tomcat.util.security.PrivilegedSetTccl;
*/
public class AprEndpoint extends AbstractEndpoint {
-
// -- Constants
-
private static final Log log = LogFactory.getLog(AprEndpoint.class);
// Lazy init as we need the AprLifecycleListener to have loaded the
@@ -102,6 +99,7 @@ public class AprEndpoint extends AbstractEndpoint {
// - Fields
+
/**
* Root APR memory pool.
*/
@@ -424,7 +422,9 @@ public class AprEndpoint extends AbstractEndpoint {
// - Public Methods
/**
- * Number of keepalive sockets.
+ * Obtain the number of kept alive sockets.
+ *
+ * @return The number of open sockets currently managed by the Poller
*/
public int getKeepAliveCount() {
if (poller == null) {
@@ -436,7 +436,9 @@ public class AprEndpoint extends AbstractEndpoint {
/**
- * Number of sendfile sockets.
+ * Obtain the number of sendfile sockets.
+ *
+ * @return The number of sockets currently managed by the Sendfile poller.
*/
public int getSendfileCount() {
if (sendfile == null) {
@@ -473,8 +475,9 @@ public class AprEndpoint extends AbstractEndpoint {
int family = Socket.APR_INET;
if (Library.APR_HAVE_IPV6) {
if (addressStr == null) {
-if (!OS.IS_BSD && !OS.IS_WIN32 && !OS.IS_WIN64)
+if (!OS.IS_BSD && !OS.IS_WIN32 && !OS.IS_WIN64) {
family = Socket.APR_UNSPEC;
+}
} else if (addressStr.indexOf(':') >= 0) {
family = Socket.APR_UNSPEC;
}
@@ -891,6 +894,10 @@ public class AprEndpoint extends AbstractEndpoint {
/**
* Allocate a new poller of the specified size.
+ * @param size The size
+ * @param pool The pool from which the poller will be allocated
+ * @param timeout The timeout
+ * @return the poller pointer
*/
protected long allocatePoller(int size, long pool, int timeout) {
try {
@@ -909,6 +916,10 @@ public class AprEndpoint extends AbstractEndpoint {
/**
* Process given socket. This is called when the socket has been
* accepted.
+ * @param socket The socket
+ * @return true if the socket was correctly configured
+ * and processing may continue, false if the socket needs to
be
+ * close immediately
*/
protected boolean processSocketWithOptions(long socket) {
try {
@@ -1065,7 +1076,6 @@ public class AprEndpoint extends AbstractEndpoint {
}
}
-
@Override
protected Log getLog() {
return log;
@@ -1278,6 +1288,8 @@ public class AprEndpoint extends AbstractEndpoint {
/**
* Removes the specified socket from the poller.
*
+ * @param socket The socket to remove
+ *
* @return The configured timeout for the socket or zero if the socket
* was not in the list of socket timeouts
*/
@@ -1715,6 +1727,7 @@ public class AprEndpoint extends AbstractEndpoint {
return (rv == Status.APR_SUCCESS);
}
+
/**
* Timeout checks.
*/
@@ -1765,8 +1778,9 @@ public class AprEndpoint extends AbstractEndpoint {
}
/**
- * The background thread that listens for incoming TCP/IP connections
- * and hands them off to an appropriate processor.
+ * The background thread that adds sockets to the Poller, checks the
+ * poller for triggered events and hands the associated socket off to
an
+ * appropriate processor as events occur.
*/
@Override
public void run() {
@@ -2125,7 +2139,6 @@ public class AprEndpoint extends Abstract
[tomcat] 05/05: Fix a few SpotBugs issues / align with 8.5.x
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
View the commit online:
https://github.com/apache/tomcat/commit/0e3019a82e8ec0a05ce2613f6f3beb9ebda8f78c
commit 0e3019a82e8ec0a05ce2613f6f3beb9ebda8f78c
Author: Mark Thomas
AuthorDate: Wed Nov 20 13:25:25 2019 +
Fix a few SpotBugs issues / align with 8.5.x
---
.../catalina/authenticator/TesterDigestAuthenticatorPerformance.java| 2 +-
test/org/apache/catalina/connector/TestSendFile.java| 2 +-
test/org/apache/catalina/core/TestAsyncContextImpl.java | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git
a/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
b/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
index 8ed98dd..7874a6b 100644
---
a/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
+++
b/test/org/apache/catalina/authenticator/TesterDigestAuthenticatorPerformance.java
@@ -98,7 +98,7 @@ public class TesterDigestAuthenticatorPerformance {
System.out.println("Average time per request (wall): " +
wallTime/(threadCount * requestCount));
-Assert.assertEquals(requestCount * threadCount, totalSuccess);
+Assert.assertEquals(((long)requestCount) * threadCount, totalSuccess);
}
@Before
diff --git a/test/org/apache/catalina/connector/TestSendFile.java
b/test/org/apache/catalina/connector/TestSendFile.java
index 8607f6f..f525b39 100644
--- a/test/org/apache/catalina/connector/TestSendFile.java
+++ b/test/org/apache/catalina/connector/TestSendFile.java
@@ -80,7 +80,7 @@ public class TestSendFile extends TomcatBaseTest {
Assert.assertEquals(HttpServletResponse.SC_OK, rc);
System.out.println("Client received " + bc.getLength() + "
bytes in "
+ (System.currentTimeMillis() - start) + " ms.");
-Assert.assertEquals(EXPECTED_CONTENT_LENGTH * (i + 1),
bc.getLength());
+Assert.assertEquals(EXPECTED_CONTENT_LENGTH * (i + 1L),
bc.getLength());
bc.recycle();
}
diff --git a/test/org/apache/catalina/core/TestAsyncContextImpl.java
b/test/org/apache/catalina/core/TestAsyncContextImpl.java
index 161373f..8afe26f 100644
--- a/test/org/apache/catalina/core/TestAsyncContextImpl.java
+++ b/test/org/apache/catalina/core/TestAsyncContextImpl.java
@@ -1715,7 +1715,7 @@ public class TestAsyncContextImpl extends TomcatBaseTest {
REQUEST_TIME);
}
-private static enum ErrorPageAsyncMode {
+private enum ErrorPageAsyncMode {
NO_COMPLETE,
COMPLETE,
DISPATCH
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated (e67c01b -> 0e3019a)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from e67c01b Improve CSRF prevention filter by exposing the request's current nonce to the request. new 34a0f11 Polish. Align with 8.5.x/9.0.x new 7e85319 Refactor APR Poller to remove use of multiple pollsets new 4a8d1ff Handle case were Poller may return an entry per event new e4b3e78 Back-port some SpotBugs fixes and Javadoc alignment. new 0e3019a Fix a few SpotBugs issues / align with 8.5.x The 5 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/tomcat/util/net/AprEndpoint.java | 544 ++--- .../apache/tomcat/jdbc/pool/ConnectionPool.java| 45 +- .../apache/tomcat/jdbc/pool/PoolProperties.java| 10 +- .../apache/tomcat/jdbc/pool/PooledConnection.java | 4 +- .../TesterDigestAuthenticatorPerformance.java | 2 +- .../apache/catalina/connector/TestSendFile.java| 2 +- .../apache/catalina/core/TestAsyncContextImpl.java | 2 +- webapps/docs/changelog.xml | 5 + 8 files changed, 289 insertions(+), 325 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/05: Refactor APR Poller to remove use of multiple pollsets
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
View the commit online:
https://github.com/apache/tomcat/commit/7e853199d4ce0db4cc173f80b39a616890b64dee
commit 7e853199d4ce0db4cc173f80b39a616890b64dee
Author: Mark Thomas
AuthorDate: Tue Nov 19 17:03:28 2019 +
Refactor APR Poller to remove use of multiple pollsets
---
java/org/apache/tomcat/util/net/AprEndpoint.java | 465 +--
webapps/docs/changelog.xml | 5 +
2 files changed, 187 insertions(+), 283 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index a31430d..dfca17b 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -1409,39 +1409,17 @@ public class AprEndpoint extends AbstractEndpoint
{
// -- Poller Inner
Class
- public class Poller implements Runnable {
+public class Poller implements Runnable {
/**
- * Pointers to the pollers.
+ * Pointer to the poller.
*/
-protected long[] pollers = null;
+private long aprPoller;
/**
* Actual poller size.
*/
-protected int actualPollerSize = 0;
-
-/**
- * Amount of spots left in the poller.
- */
-protected int[] pollerSpace = null;
-
-/**
- * Amount of low level pollers in use by this poller.
- */
-protected int pollerCount;
-
-/**
- * Timeout value for the poll call.
- */
-protected int pollerTime;
-
-/**
- * Variable poller timeout that adjusts depending on how many poll sets
- * are in use so that the total poll time across all poll sets remains
- * equal to pollTime.
- */
-private int nextPollerTime;
+private int pollerSize = 0;
/**
* Root pool.
@@ -1495,60 +1473,23 @@ public class AprEndpoint extends AbstractEndpoint
{
private volatile boolean pollerRunning = true;
/**
- * Create the poller. With some versions of APR, the maximum poller
size
- * will be 62 (recompiling APR is necessary to remove this limitation).
+ * Create the poller.
*/
protected void init() {
pool = Pool.create(serverSockPool);
-
-// Single poller by default
-int defaultPollerSize = getMaxConnections();
-
-if ((OS.IS_WIN32 || OS.IS_WIN64) && (defaultPollerSize > 1024)) {
-// The maximum per poller to get reasonable performance is 1024
-// Adjust poller size so that it won't reach the limit. This is
-// a limitation of XP / Server 2003 that has been fixed in
-// Vista / Server 2008 onwards.
-actualPollerSize = 1024;
-} else {
-actualPollerSize = defaultPollerSize;
-}
-
-timeouts = new SocketTimeouts(defaultPollerSize);
+pollerSize = getMaxConnections();
+timeouts = new SocketTimeouts(pollerSize);
// At the moment, setting the timeout is useless, but it could get
// used again as the normal poller could be faster using maintain.
// It might not be worth bothering though.
-long pollset = allocatePoller(actualPollerSize, pool, -1);
-if (pollset == 0 && actualPollerSize > 1024) {
-actualPollerSize = 1024;
-pollset = allocatePoller(actualPollerSize, pool, -1);
-}
-if (pollset == 0) {
-actualPollerSize = 62;
-pollset = allocatePoller(actualPollerSize, pool, -1);
-}
-
-pollerCount = defaultPollerSize / actualPollerSize;
-pollerTime = pollTime / pollerCount;
-nextPollerTime = pollerTime;
-
-pollers = new long[pollerCount];
-pollers[0] = pollset;
-for (int i = 1; i < pollerCount; i++) {
-pollers[i] = allocatePoller(actualPollerSize, pool, -1);
-}
-
-pollerSpace = new int[pollerCount];
-for (int i = 0; i < pollerCount; i++) {
-pollerSpace[i] = actualPollerSize;
-}
+aprPoller = allocatePoller(pollerSize, pool, -1);
-desc = new long[actualPollerSize * 2];
+desc = new long[pollerSize * 2];
connectionCount.set(0);
-addList = new SocketList(defaultPollerSize);
-closeList = new SocketList(defaultPollerSize);
+addList = new SocketList(pollerSize);
+closeList = new SocketList(pollerSize);
}
@@ -1590,15 +1531,13 @@ public class
[tomcat] branch 8.5.x updated: Fix MBean description of keepAliveTimeout
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git View the commit online: https://github.com/apache/tomcat/commit/cc2e3882e5ba40850537b619aed894ec0ab4da0e The following commit(s) were added to refs/heads/8.5.x by this push: new cc2e388 Fix MBean description of keepAliveTimeout cc2e388 is described below commit cc2e3882e5ba40850537b619aed894ec0ab4da0e Author: Michael Osipov AuthorDate: Wed Nov 20 14:50:40 2019 +0100 Fix MBean description of keepAliveTimeout --- java/org/apache/catalina/connector/mbeans-descriptors.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/org/apache/catalina/connector/mbeans-descriptors.xml b/java/org/apache/catalina/connector/mbeans-descriptors.xml index 9c02405..efc26c7 100644 --- a/java/org/apache/catalina/connector/mbeans-descriptors.xml +++ b/java/org/apache/catalina/connector/mbeans-descriptors.xml @@ -83,7 +83,7 @@
[tomcat] branch master updated: Fix MBean description of keepAliveTimeout
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git View the commit online: https://github.com/apache/tomcat/commit/d0a9dcf521d35c6a0210bea90d902235446ba680 The following commit(s) were added to refs/heads/master by this push: new d0a9dcf Fix MBean description of keepAliveTimeout d0a9dcf is described below commit d0a9dcf521d35c6a0210bea90d902235446ba680 Author: Michael Osipov AuthorDate: Wed Nov 20 14:50:40 2019 +0100 Fix MBean description of keepAliveTimeout --- java/org/apache/catalina/connector/mbeans-descriptors.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/org/apache/catalina/connector/mbeans-descriptors.xml b/java/org/apache/catalina/connector/mbeans-descriptors.xml index 02d5081..8464034 100644 --- a/java/org/apache/catalina/connector/mbeans-descriptors.xml +++ b/java/org/apache/catalina/connector/mbeans-descriptors.xml @@ -83,7 +83,7 @@
[tomcat] branch 7.0.x updated: Fix MBean description of keepAliveTimeout
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git View the commit online: https://github.com/apache/tomcat/commit/24c3b9e3ac564006754f9f6f9fe278497d2d0db4 The following commit(s) were added to refs/heads/7.0.x by this push: new 24c3b9e Fix MBean description of keepAliveTimeout 24c3b9e is described below commit 24c3b9e3ac564006754f9f6f9fe278497d2d0db4 Author: Michael Osipov AuthorDate: Wed Nov 20 14:50:40 2019 +0100 Fix MBean description of keepAliveTimeout --- java/org/apache/catalina/connector/mbeans-descriptors.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/org/apache/catalina/connector/mbeans-descriptors.xml b/java/org/apache/catalina/connector/mbeans-descriptors.xml index 335aea6..f280f6c 100644 --- a/java/org/apache/catalina/connector/mbeans-descriptors.xml +++ b/java/org/apache/catalina/connector/mbeans-descriptors.xml @@ -74,7 +74,7 @@
Re: [VOTE] Release Apache Tomcat 8.5.49
вт, 19 нояб. 2019 г. в 19:58, Mark Thomas : > > On 19/11/2019 00:44, Konstantin Kolinko wrote: > > вт, 19 нояб. 2019 г. в 01:42, Mark Thomas : > > > > I think the single pollset change should not be backported to Tomcat 7. > > I am OK with it being backported to Tomcat 8.5. > > In favour of back-porting: > [...] > - Windows XP / Server 2003 are out of support. I think it would be > unusual for a user to be keeping Tomcat up to date but not the OS. > - sendfile is already using a larger pollset size and we have had no > complaints (that I recall) Updating an OS costs money (if it is Windows) and may be not possible due to hardware limitations. That said, reviewing the changes and comments once again, I see that this is not a showstopper for Windows XP users, if there are any. The comments say about reduced performance, not an inability to run Tomcat. The pollset size can be adjusted by configuring maxConnections="1024" or less. I think that is a reasonable value for some legacy server. Thus OK to backport to Tomcat 7. Looking into documentation, http://tomcat.apache.org/tomcat-7.0-doc/config/http.html Regarding maxConnections it says "Note that for APR/native on Windows, the configured value will be reduced to the highest multiple of 1024 that is less than or equal to maxConnections." I think that is no longer true. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.49
On 20/11/2019 14:03, Konstantin Kolinko wrote: > вт, 19 нояб. 2019 г. в 19:58, Mark Thomas : >> >> On 19/11/2019 00:44, Konstantin Kolinko wrote: >>> вт, 19 нояб. 2019 г. в 01:42, Mark Thomas : >>> >>> I think the single pollset change should not be backported to Tomcat 7. >>> I am OK with it being backported to Tomcat 8.5. >> >> In favour of back-porting: >> [...] >> - Windows XP / Server 2003 are out of support. I think it would be >> unusual for a user to be keeping Tomcat up to date but not the OS. >> - sendfile is already using a larger pollset size and we have had no >> complaints (that I recall) > > Updating an OS costs money (if it is Windows) and may be not possible > due to hardware limitations. > > That said, reviewing the changes and comments once again, > I see that this is not a showstopper for Windows XP users, if there are any. > > The comments say about reduced performance, not an inability to run Tomcat. > The pollset size can be adjusted by configuring maxConnections="1024" > or less. I think that is a reasonable value for some legacy server. > > Thus OK to backport to Tomcat 7. > > Looking into documentation, > http://tomcat.apache.org/tomcat-7.0-doc/config/http.html > Regarding maxConnections it says > "Note that for APR/native on Windows, the configured value will be > reduced to the highest multiple of 1024 that is less than or equal to > maxConnections." > > I think that is no longer true. Good catch. I'll check the default as well. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63943] Add possibility to overwrite remote port with information from header value
https://bz.apache.org/bugzilla/show_bug.cgi?id=63943 --- Comment #2 from Peter Gierl --- It's not implemented in RemoteIpValve, only the server port information may be transported, not the remote port. So where is it present? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63943] Add possibility to overwrite remote port with information from header value
https://bz.apache.org/bugzilla/show_bug.cgi?id=63943 Mark Thomas changed: What|Removed |Added Resolution|INVALID |--- Status|RESOLVED|REOPENED --- Comment #3 from Mark Thomas --- Sorry, now I understand. You want to be able to set the value returned from ServletRequest.getRemotePort() based on a header. Is there a standard, OK typical, name for this header (we can make it configurable anyway). Note there is also bug 63080. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Correct the docs for maxConnections
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git View the commit online: https://github.com/apache/tomcat/commit/33e01c97e24e2ccbe1392a2294e77619d8983fdd The following commit(s) were added to refs/heads/master by this push: new 33e01c9 Correct the docs for maxConnections 33e01c9 is described below commit 33e01c97e24e2ccbe1392a2294e77619d8983fdd Author: Mark Thomas AuthorDate: Wed Nov 20 16:33:54 2019 + Correct the docs for maxConnections --- webapps/docs/changelog.xml | 5 + webapps/docs/config/ajp.xml | 7 ++- webapps/docs/config/http.xml | 7 ++- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 0dab42e..08ec5a0 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -64,6 +64,11 @@ CSRF nonce request parameter name to be customized. (schultz) + +Correct the documentation for the maxConnections attribute +of the Connector in the documentation web application. +(markt) + diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml index 45f4d03..137c6e7 100644 --- a/webapps/docs/config/ajp.xml +++ b/webapps/docs/config/ajp.xml @@ -379,11 +379,8 @@ based on the acceptCount setting. The default value varies by connector type. For NIO and NIO2 the default is 1. For APR/native, the default is 8192. - Note that for APR/native on Windows, the configured value will be - reduced to the highest multiple of 1024 that is less than or equal to - maxConnections. This is done for performance reasons. - If set to a value of -1, the maxConnections feature is disabled - and connections are not counted. + For NIO/NIO2 only, setting the value to -1, will disable the + maxConnections feature and connections will not be counted. diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml index 6419370..0747de7 100644 --- a/webapps/docs/config/http.xml +++ b/webapps/docs/config/http.xml @@ -451,11 +451,8 @@ based on the acceptCount setting. The default value varies by connector type. For NIO and NIO2 the default is 1. For APR/native, the default is 8192. - Note that for APR/native on Windows, the configured value will be - reduced to the highest multiple of 1024 that is less than or equal to - maxConnections. This is done for performance reasons. - If set to a value of -1, the maxConnections feature is disabled - and connections are not counted. + For NIO/NIO2 only, setting the value to -1, will disable the + maxConnections feature and connections will not be counted. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Correct the docs for maxConnections
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git View the commit online: https://github.com/apache/tomcat/commit/402acdb5c3099f78cca2d035ff80d69cdd5d5ab9 The following commit(s) were added to refs/heads/8.5.x by this push: new 402acdb Correct the docs for maxConnections 402acdb is described below commit 402acdb5c3099f78cca2d035ff80d69cdd5d5ab9 Author: Mark Thomas AuthorDate: Wed Nov 20 16:33:54 2019 + Correct the docs for maxConnections --- webapps/docs/changelog.xml | 5 + webapps/docs/config/ajp.xml | 7 ++- webapps/docs/config/http.xml | 7 ++- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index f00d418..0a1daa6 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -60,6 +60,11 @@ Fix the broken re-try link on the error page for the FORM authentication example in the JSP section of the examples web application. (markt) + +Correct the documentation for the maxConnections attribute +of the Connector in the documentation web application. +(markt) + diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml index bc63c89..f16c443 100644 --- a/webapps/docs/config/ajp.xml +++ b/webapps/docs/config/ajp.xml @@ -387,11 +387,8 @@ based on the acceptCount setting. The default value varies by connector type. For NIO and NIO2 the default is 1. For APR/native, the default is 8192. - Note that for APR/native on Windows, the configured value will be - reduced to the highest multiple of 1024 that is less than or equal to - maxConnections. This is done for performance reasons. - If set to a value of -1, the maxConnections feature is disabled - and connections are not counted. + For NIO/NIO2 only, setting the value to -1, will disable the + maxConnections feature and connections will not be counted. diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml index 5766d26..a89f3fe 100644 --- a/webapps/docs/config/http.xml +++ b/webapps/docs/config/http.xml @@ -467,11 +467,8 @@ based on the acceptCount setting. The default value varies by connector type. For NIO and NIO2 the default is 1. For APR/native, the default is 8192. - Note that for APR/native on Windows, the configured value will be - reduced to the highest multiple of 1024 that is less than or equal to - maxConnections. This is done for performance reasons. - If set to a value of -1, the maxConnections feature is disabled - and connections are not counted. + For NIO/NIO2 only, setting the value to -1, will disable the + maxConnections feature and connections will not be counted. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Correct the docs for maxConnections
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git View the commit online: https://github.com/apache/tomcat/commit/39ddf279a104bcd012d997ffa041318fe4fa9959 The following commit(s) were added to refs/heads/7.0.x by this push: new 39ddf27 Correct the docs for maxConnections 39ddf27 is described below commit 39ddf279a104bcd012d997ffa041318fe4fa9959 Author: Mark Thomas AuthorDate: Wed Nov 20 16:33:54 2019 + Correct the docs for maxConnections --- webapps/docs/changelog.xml | 5 + webapps/docs/config/ajp.xml | 7 ++- webapps/docs/config/http.xml | 7 ++- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 75ef806..695e3ae 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -155,6 +155,11 @@ Correct the description of the default value for the server attribute in the security How-To. (markt) + +Correct the documentation for the maxConnections attribute +of the Connector in the documentation web application. +(markt) + diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml index 8d6a01b..af7413b 100644 --- a/webapps/docs/config/ajp.xml +++ b/webapps/docs/config/ajp.xml @@ -381,11 +381,8 @@ is used in which case the default will be the value of maxThreads from the executor. For NIO the default is 1. For APR/native, the default is 8192. - Note that for APR/native on Windows, the configured value will be - reduced to the highest multiple of 1024 that is less than or equal to - maxConnections. This is done for performance reasons. - If set to a value of -1, the maxConnections feature is disabled - and connections are not counted. + For NIO only, setting the value to -1, will disable the + maxConnections feature and connections will not be counted. diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml index 880a255..4327bd3 100644 --- a/webapps/docs/config/http.xml +++ b/webapps/docs/config/http.xml @@ -432,11 +432,8 @@ is used in which case the default will be the value of maxThreads from the executor. For NIO the default is 1. For APR/native, the default is 8192. - Note that for APR/native on Windows, the configured value will be - reduced to the highest multiple of 1024 that is less than or equal to - maxConnections. This is done for performance reasons. - If set to a value of -1, the maxConnections feature is disabled - and connections are not counted. + For NIO only, setting the value to -1, will disable the + maxConnections feature and connections will not be counted. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch master updated: Correct the docs for maxConnections
On Wed, Nov 20, 2019 at 5:38 PM wrote: > This is an automated email from the ASF dual-hosted git repository. > > markt pushed a commit to branch master > in repository https://gitbox.apache.org/repos/asf/tomcat.git > > > View the commit online: > > https://github.com/apache/tomcat/commit/33e01c97e24e2ccbe1392a2294e77619d8983fdd > > The following commit(s) were added to refs/heads/master by this push: > new 33e01c9 Correct the docs for maxConnections > 33e01c9 is described below > > commit 33e01c97e24e2ccbe1392a2294e77619d8983fdd > Author: Mark Thomas > AuthorDate: Wed Nov 20 16:33:54 2019 + > > Correct the docs for maxConnections > Although the feature now actually works for NIO2 (it took a while ...), its default used to be -1 and it didn't cause problems. The default is now 10k for NIOx and 8*1024 for APR. I think it would be nice to change this to either: - Default to 8*1024 for all connectors, as it would remove one line of code and a convoluted comment in APR - Default NIOx to -1 Rémy
Re: Bundling of localized messages
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 11/19/19 07:08, Mark Thomas wrote: > > >> Is there a particular reason (a) the translations are in a >> separate JAR file - i.e. not in catalina.jar and (b) they are >> separated by language? Perhaps the thought was that, knowing that >> you don't need e.g. Korean means you can remove the JAR file from >> some kind of bare-ones distribution. > > Essentially, yes. The intention was to make it easy to use the > default English text if users didn't need / didn't want the > translations. > >> For SSI, at least, I think it makes sense to bundle all the i18n >> files together in the same JAR file. I'm using the macro >> to build my JAR file which explicitly >> LocalStrings_*.properties from whatever JAR file is being built. >> I'd need to change the way that the SSI JAR file is built in >> order to achieve this. But before doing so, I wanted to get >> consensus on what to do with these files. > > Have you removed all the other dependencies? FastHttpDateFormat, > StringManager, JULI, IOTools etc? No, I haven't. I figured this would turn into a bit of a rat hole so I wanted to discuss before doing anything. This is just a first step towards being able to separate SSI. If SSI isn't required, the JAR file can be removed from the distribution and the only sloppiness will be that the locallized strings will remain in other JAR files. But for the future, if SSI were indeed able to be separated-out into a standalone product (with obvious dependencies), this would need to be resolved. It's fine to kick the can down the road a bit on this decision and/or action, but I wanted to bring it up before I committed anything. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3VkE0ACgkQHPApP6U8 pFh4QA//Q8jV7CMRUYaLmrscGxYwkN3MvbPrQhqr1FXcCgwEVNLOmcJzv5oGTlV+ WwXUOEWA8vTY8tmcg48zvOPjrieTM7bMe6iYE3/ml4ILy1fL1TnxrCq/YZumndvP 5lGauWJr+eYHd76eghVrZvM+9on9ZLziAemZZPREPJYNe4oYOH00heeAuBWXY8UX Mp9T4/C7KsU00x4wIV73XmPeQFO1J2VQwRNSJY46thGSc4RbIdH+5eCtjxt07T4b OPkG9k0yUXc8pNJVGK1nshHJ31ENo0fUudy05Cg7PCvud67h039XQPIcfplz1ii6 HVLh6NaCPxirHK8l/8ick7vIQf+u1wkBIvOmsBxmIEcTm4ROljro83b8FdE26BQv EZ6uKLl/tFeFZzZfbW2glWdwGg+x8KWvryFk4bOomR6dhQnXthg3w8DRT6Z0K9EZ YjFA9yfFWq86CHnLbIA8LasZTseJnepLFmQLOm9nDwq7yni19Z4E8Kykt7wEHtOE HJzyIpC7mYrLjG8E6itVeNOvaIy+fbiVnt578dKD671VaedIJxHhuwtbZzpJGiiE McIoh12RFAJS6RmOuzLbtubyynr76v7D052UfkjGwI2Cjb4XtQ1CyPnB7YoK5pIV s4R0pt799MIK2xMoI51BRijtn9VJEN6hLpVe+ygl0HC/ouW9hQU= =7Q7A -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/06: Add logging to CSRF prevention listener.
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
View the commit online:
https://github.com/apache/tomcat/commit/6c9bb6914cb51be13c4ae32847db579217f0cb8d
commit 6c9bb6914cb51be13c4ae32847db579217f0cb8d
Author: Christopher Schultz
AuthorDate: Sat Nov 16 11:40:47 2019 -0500
Add logging to CSRF prevention listener.
---
.../catalina/filters/CsrfPreventionFilter.java | 50 +-
1 file changed, 48 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
index e09bdea..49cf530 100644
--- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
+++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
@@ -32,6 +32,9 @@ import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import javax.servlet.http.HttpSession;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+
/**
* Provides basic CSRF protection for a web application. The filter assumes
* that:
@@ -43,6 +46,7 @@ import javax.servlet.http.HttpSession;
*
*/
public class CsrfPreventionFilter extends CsrfPreventionFilterBase {
+private final Log log = LogFactory.getLog(CsrfPreventionFilter.class);
private final Set entryPoints = new HashSet<>();
@@ -94,6 +98,10 @@ public class CsrfPreventionFilter extends
CsrfPreventionFilterBase {
if (Constants.METHOD_GET.equals(req.getMethod())
&& entryPoints.contains(getRequestedPath(req))) {
+if(log.isTraceEnabled()) {
+log.trace("Skipping CSRF nonce-check for GET request to
entry point " + getRequestedPath(req));
+}
+
skipNonceCheck = true;
}
@@ -108,16 +116,54 @@ public class CsrfPreventionFilter extends
CsrfPreventionFilterBase {
String previousNonce =
req.getParameter(Constants.CSRF_NONCE_REQUEST_PARAM);
-if (nonceCache == null || previousNonce == null ||
-!nonceCache.contains(previousNonce)) {
+if(previousNonce == null) {
+if(log.isDebugEnabled()) {
+log.debug("Rejecting request for " +
getRequestedPath(req)
+ + ", session "
+ + (null == session ? "(none)" :
session.getId())
+ + " with no CSRF nonce found in request");
+}
+
+res.sendError(getDenyStatus());
+return;
+} else if(nonceCache == null) {
+if(log.isDebugEnabled()) {
+log.debug("Rejecting request for " +
getRequestedPath(req)
+ + ", session "
+ + (null == session ? "(none)" :
session.getId())
+ + " due to empty / missing nonce cache");
+}
+
res.sendError(getDenyStatus());
return;
+} else if(!nonceCache.contains(previousNonce)) {
+if(log.isDebugEnabled()) {
+log.debug("Rejecting request for " +
getRequestedPath(req)
+ + ", session "
+ + (null == session ? "(none)" :
session.getId())
+ + " due to invalid nonce " + previousNonce);
+}
+
+res.sendError(getDenyStatus());
+return;
+}
+if(log.isTraceEnabled()) {
+log.trace("Allowing request to " + getRequestedPath(req)
+ + " with valid CSRF nonce " + previousNonce);
}
}
if (nonceCache == null) {
+if(log.isDebugEnabled()) {
+log.debug("Creating new CSRF nonce cache with size=" +
nonceCacheSize + " for session " + (null == session ? "(will create)" :
session.getId()));
+}
+
nonceCache = new LruCache<>(nonceCacheSize);
if (session == null) {
+if(log.isDebugEnabled()) {
+ log.debug("Creating new session to store CSRF nonce
cache");
+}
+
session = req.getSession(true);
}
session.setAttribute(
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated (402acdb -> 7c9a50c)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 402acdb Correct the docs for maxConnections new 6c9bb69 Add logging to CSRF prevention listener. new 24edf31 Post-review from kkolonko: fix typo in constant name, push initialization down into subclass. new 7b55938 Add missing changelog for CSRF prevention filter changes. new 856a2e2 Allow customization of the CSRF prevention filter's request parameter name. new 11ad208 Move initialization of CSRF REST nonce header name context attribute into the RestCsrfPreventionFilter where it belongs. new 7c9a50c Adjust changelog to reflect which releases actually contain which improvements to the CSRF prevention filter. The 6 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: java/org/apache/catalina/filters/Constants.java| 2 +- .../catalina/filters/CsrfPreventionFilter.java | 84 -- .../catalina/filters/CsrfPreventionFilterBase.java | 10 --- .../catalina/filters/RestCsrfPreventionFilter.java | 12 webapps/docs/changelog.xml | 15 5 files changed, 106 insertions(+), 17 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/06: Post-review from kkolonko: fix typo in constant name, push initialization down into subclass.
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
View the commit online:
https://github.com/apache/tomcat/commit/24edf311ce6ffb5d185e96ad4b135bdff5e4af81
commit 24edf311ce6ffb5d185e96ad4b135bdff5e4af81
Author: Christopher Schultz
AuthorDate: Tue Nov 19 12:25:32 2019 -0500
Post-review from kkolonko: fix typo in constant name, push initialization
down into subclass.
---
java/org/apache/catalina/filters/Constants.java | 2 +-
.../apache/catalina/filters/CsrfPreventionFilter.java | 17 +
.../catalina/filters/CsrfPreventionFilterBase.java | 10 --
3 files changed, 18 insertions(+), 11 deletions(-)
diff --git a/java/org/apache/catalina/filters/Constants.java
b/java/org/apache/catalina/filters/Constants.java
index 87dd6c4..ab550b1 100644
--- a/java/org/apache/catalina/filters/Constants.java
+++ b/java/org/apache/catalina/filters/Constants.java
@@ -72,6 +72,6 @@ public final class Constants {
* The servlet context attribute key under which the
* CSRF REST header name can be found.
*/
-public static final String CSRF_REST_NONCE_HEDAER_NAME_KEY =
+public static final String CSRF_REST_NONCE_HEADER_NAME_KEY =
"org.apache.catalina.filters.CSRF_REST_NONCE_HEADER_NAME";
}
diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
index 49cf530..cd1b576 100644
--- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
+++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
@@ -24,6 +24,7 @@ import java.util.Map;
import java.util.Set;
import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
@@ -83,6 +84,22 @@ public class CsrfPreventionFilter extends
CsrfPreventionFilterBase {
}
@Override
+public void init(FilterConfig filterConfig) throws ServletException {
+// Set the parameters
+super.init(filterConfig);
+
+// Put the expected request parameter name into the application scope
+filterConfig.getServletContext().setAttribute(
+Constants.CSRF_NONCE_REQUEST_PARAM_NAME_KEY,
+Constants.CSRF_NONCE_REQUEST_PARAM);
+
+// Put the expected request header name into the application scope
+filterConfig.getServletContext().setAttribute(
+Constants.CSRF_REST_NONCE_HEADER_NAME_KEY,
+Constants.CSRF_REST_NONCE_HEADER_NAME);
+}
+
+@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilterBase.java
b/java/org/apache/catalina/filters/CsrfPreventionFilterBase.java
index 8d401af..c0083f0 100644
--- a/java/org/apache/catalina/filters/CsrfPreventionFilterBase.java
+++ b/java/org/apache/catalina/filters/CsrfPreventionFilterBase.java
@@ -78,16 +78,6 @@ public abstract class CsrfPreventionFilterBase extends
FilterBase {
// Set the parameters
super.init(filterConfig);
-// Put the expected request parameter name into the application scope
-filterConfig.getServletContext().setAttribute(
-Constants.CSRF_NONCE_REQUEST_PARAM_NAME_KEY,
-Constants.CSRF_NONCE_REQUEST_PARAM);
-
-// Put the expected request header name into the application scope
-filterConfig.getServletContext().setAttribute(
-Constants.CSRF_REST_NONCE_HEDAER_NAME_KEY,
-Constants.CSRF_REST_NONCE_HEADER_NAME);
-
try {
Class clazz = Class.forName(randomClass);
randomSource = (Random) clazz.getConstructor().newInstance();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 04/06: Allow customization of the CSRF prevention filter's request parameter name.
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
View the commit online:
https://github.com/apache/tomcat/commit/856a2e2482fde9e8c8d0535942a70c2ddfc8d676
commit 856a2e2482fde9e8c8d0535942a70c2ddfc8d676
Author: Christopher Schultz
AuthorDate: Tue Nov 19 12:54:45 2019 -0500
Allow customization of the CSRF prevention filter's request parameter name.
---
.../catalina/filters/CsrfPreventionFilter.java | 24 +-
webapps/docs/changelog.xml | 5 +++--
2 files changed, 22 insertions(+), 7 deletions(-)
diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
index cd1b576..fe4399f 100644
--- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
+++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
@@ -53,6 +53,8 @@ public class CsrfPreventionFilter extends
CsrfPreventionFilterBase {
private int nonceCacheSize = 5;
+private String nonceRequestParameterName =
Constants.CSRF_NONCE_REQUEST_PARAM;
+
/**
* Entry points are URLs that will not be tested for the presence of a
valid
* nonce. They are used to provide a way to navigate back to a protected
@@ -83,6 +85,16 @@ public class CsrfPreventionFilter extends
CsrfPreventionFilterBase {
this.nonceCacheSize = nonceCacheSize;
}
+/**
+ * Sets the request parameter name to use for CSRF nonces.
+ *
+ * @param parameterName The request parameter name to use
+ *for CSRF nonces.
+ */
+public void setNonceRequestParameterName(String parameterName) {
+this.nonceRequestParameterName = parameterName;
+}
+
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// Set the parameters
@@ -91,7 +103,7 @@ public class CsrfPreventionFilter extends
CsrfPreventionFilterBase {
// Put the expected request parameter name into the application scope
filterConfig.getServletContext().setAttribute(
Constants.CSRF_NONCE_REQUEST_PARAM_NAME_KEY,
-Constants.CSRF_NONCE_REQUEST_PARAM);
+nonceRequestParameterName);
// Put the expected request header name into the application scope
filterConfig.getServletContext().setAttribute(
@@ -131,7 +143,7 @@ public class CsrfPreventionFilter extends
CsrfPreventionFilterBase {
if (!skipNonceCheck) {
String previousNonce =
-req.getParameter(Constants.CSRF_NONCE_REQUEST_PARAM);
+req.getParameter(nonceRequestParameterName);
if(previousNonce == null) {
if(log.isDebugEnabled()) {
@@ -196,7 +208,7 @@ public class CsrfPreventionFilter extends
CsrfPreventionFilterBase {
// requiring the use of response.encodeURL.
request.setAttribute(Constants.CSRF_NONCE_REQUEST_ATTR_NAME,
newNonce);
-wResponse = new CsrfResponseWrapper(res, newNonce);
+wResponse = new CsrfResponseWrapper(res,
nonceRequestParameterName, newNonce);
} else {
wResponse = response;
}
@@ -208,10 +220,12 @@ public class CsrfPreventionFilter extends
CsrfPreventionFilterBase {
protected static class CsrfResponseWrapper
extends HttpServletResponseWrapper {
+private final String nonceRequestParameterName;
private final String nonce;
-public CsrfResponseWrapper(HttpServletResponse response, String nonce)
{
+public CsrfResponseWrapper(HttpServletResponse response, String
nonceRequestParameterName, String nonce) {
super(response);
+this.nonceRequestParameterName = nonceRequestParameterName;
this.nonce = nonce;
}
@@ -268,7 +282,7 @@ public class CsrfPreventionFilter extends
CsrfPreventionFilterBase {
} else {
sb.append('?');
}
-sb.append(Constants.CSRF_NONCE_REQUEST_PARAM);
+sb.append(nonceRequestParameterName);
sb.append('=');
sb.append(nonce);
sb.append(anchor);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index eac584a..bc0da19 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -49,8 +49,9 @@
Improvements to CsrfPreventionFilter including additional
-logging and making the latest nonce available in the request
-attributes. (schultz)
+logging, making the latest nonce available in the request attributes,
+and allowing the CSRF nonce request parameter name to be customized.
+(schultz)
-
To unsubscribe, e-mail: dev-unsubscr...@tomc
[tomcat] 03/06: Add missing changelog for CSRF prevention filter changes.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git View the commit online: https://github.com/apache/tomcat/commit/7b55938b7562fa8c6639b3abc45c88d98c09c735 commit 7b55938b7562fa8c6639b3abc45c88d98c09c735 Author: Christopher Schultz AuthorDate: Tue Nov 19 12:31:56 2019 -0500 Add missing changelog for CSRF prevention filter changes. --- webapps/docs/changelog.xml | 9 + 1 file changed, 9 insertions(+) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 0a1daa6..eac584a 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -45,6 +45,15 @@ issues do not "pop up" wrt. others). --> + + + +Improvements to CsrfPreventionFilter including additional +logging and making the latest nonce available in the request +attributes. (schultz) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 05/06: Move initialization of CSRF REST nonce header name context attribute into the RestCsrfPreventionFilter where it belongs.
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
View the commit online:
https://github.com/apache/tomcat/commit/11ad208a44e31c83656e021f7ecb3c4b06962e64
commit 11ad208a44e31c83656e021f7ecb3c4b06962e64
Author: Christopher Schultz
AuthorDate: Tue Nov 19 12:57:23 2019 -0500
Move initialization of CSRF REST nonce header name context attribute into
the RestCsrfPreventionFilter where it belongs.
---
java/org/apache/catalina/filters/CsrfPreventionFilter.java | 5 -
.../apache/catalina/filters/RestCsrfPreventionFilter.java| 12
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
index fe4399f..7be6ac0 100644
--- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
+++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
@@ -104,11 +104,6 @@ public class CsrfPreventionFilter extends
CsrfPreventionFilterBase {
filterConfig.getServletContext().setAttribute(
Constants.CSRF_NONCE_REQUEST_PARAM_NAME_KEY,
nonceRequestParameterName);
-
-// Put the expected request header name into the application scope
-filterConfig.getServletContext().setAttribute(
-Constants.CSRF_REST_NONCE_HEADER_NAME_KEY,
-Constants.CSRF_REST_NONCE_HEADER_NAME);
}
@Override
diff --git a/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
b/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
index b4fb4bb..8587cf5 100644
--- a/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
+++ b/java/org/apache/catalina/filters/RestCsrfPreventionFilter.java
@@ -23,6 +23,7 @@ import java.util.Set;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
@@ -86,6 +87,17 @@ public class RestCsrfPreventionFilter extends
CsrfPreventionFilterBase {
private String pathsDelimiter = ",";
@Override
+public void init(FilterConfig filterConfig) throws ServletException {
+// Set the parameters
+super.init(filterConfig);
+
+// Put the expected request header name into the application scope
+filterConfig.getServletContext().setAttribute(
+Constants.CSRF_REST_NONCE_HEADER_NAME_KEY,
+Constants.CSRF_REST_NONCE_HEADER_NAME);
+}
+
+@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 06/06: Adjust changelog to reflect which releases actually contain which improvements to the CSRF prevention filter.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git View the commit online: https://github.com/apache/tomcat/commit/7c9a50c211cc8ccff1c7eac5592affa3fe84eadc commit 7c9a50c211cc8ccff1c7eac5592affa3fe84eadc Author: Christopher Schultz AuthorDate: Tue Nov 19 13:03:14 2019 -0500 Adjust changelog to reflect which releases actually contain which improvements to the CSRF prevention filter. --- webapps/docs/changelog.xml | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index bc0da19..c28e432 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -48,9 +48,8 @@ -Improvements to CsrfPreventionFilter including additional -logging, making the latest nonce available in the request attributes, -and allowing the CSRF nonce request parameter name to be customized. +Improvements to CsrfPreventionFilter: additional logging, allow the +CSRF nonce request parameter name to be customized. (schultz) @@ -86,6 +85,12 @@ NullPointerException when using a RequestDispatcher. (markt) + +Improvement to CsrfPreventionFilter: expose the latest available nonce +as a request attribute; expose the expected nonce request parameter +name as a context attribute. +(schultz) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in on tomcat-85-trunk
The Buildbot has detected a new failure on builder tomcat-85-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-85-trunk/builds/2049 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-85-commit' triggered this build Build Source Stamp: [branch 8.5.x] 7c9a50c211cc8ccff1c7eac5592affa3fe84eadc Blamelist: Christopher Schultz BUILD FAILED: failed compile Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] 04/06: Allow customization of the CSRF prevention filter's request parameter name.
ср, 20 нояб. 2019 г. в 22:20, :
>
> This is an automated email from the ASF dual-hosted git repository.
>
> schultz pushed a commit to branch 8.5.x
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
> View the commit online:
> https://github.com/apache/tomcat/commit/856a2e2482fde9e8c8d0535942a70c2ddfc8d676
>
> commit 856a2e2482fde9e8c8d0535942a70c2ddfc8d676
> Author: Christopher Schultz
> AuthorDate: Tue Nov 19 12:54:45 2019 -0500
>
> Allow customization of the CSRF prevention filter's request parameter
> name.
> ---
> .../catalina/filters/CsrfPreventionFilter.java | 24
> +-
> webapps/docs/changelog.xml | 5 +++--
> 2 files changed, 22 insertions(+), 7 deletions(-)
>
> diff --git a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
> b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
> index cd1b576..fe4399f 100644
> --- a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
> +++ b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
[...]
> -public CsrfResponseWrapper(HttpServletResponse response, String
> nonce) {
> +public CsrfResponseWrapper(HttpServletResponse response, String
> nonceRequestParameterName, String nonce) {
> super(response);
> +this.nonceRequestParameterName = nonceRequestParameterName;
> this.nonce = nonce;
> }
Tests need to be adjusted, as they use the constructor above.
See remm's commit on master for a fix,
https://github.com/apache/tomcat/commit/9d7cb5468fbf2df4709c222b472bd86a26c9d4b6
Best regards,
Konstantin Kolinko
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] 72er-de commented on issue #222: EmbeddedServletOptions constructor has been refactored
72er-de commented on issue #222: EmbeddedServletOptions constructor has been
refactored
URL: https://github.com/apache/tomcat/pull/222#issuecomment-556292570
I think the constructor has a lot of lines of code and the idea to extract
setter could be help to read the code. So I have ordered back the extracted
methods so that we can compare with apache/master and perhaps I found a
theoretical issue here:
```
// TODO: Check this behaviour, if scratchDir == null
// then EmbeddedServletOptions is not correctly initiated!
// Could only happen if System.getProperty("java.io.tmpdir")
// is not set. -> unusual exception?
if (scratchDir == null) {
log.fatal(Localizer.getMessage("jsp.error.no.scratch.dir"));
return;
}
```
[EmbeddedServletOptions.zip](https://github.com/apache/tomcat/files/3871042/EmbeddedServletOptions.zip)
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] dedovich-s commented on issue #222: EmbeddedServletOptions constructor has been refactored
dedovich-s commented on issue #222: EmbeddedServletOptions constructor has been refactored URL: https://github.com/apache/tomcat/pull/222#issuecomment-556295975 yes, my original intention was to reduce the number of lines in constructor and move appropriate code to init methods This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] 04/06: Allow customization of the CSRF prevention filter's request parameter name.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Konstantin,
On 11/20/19 14:33, Konstantin Kolinko wrote:
> ср, 20 нояб. 2019 г. в 22:20, :
>>
>> This is an automated email from the ASF dual-hosted git
>> repository.
>>
>> schultz pushed a commit to branch 8.5.x in repository
>> https://gitbox.apache.org/repos/asf/tomcat.git
>>
>> View the commit online:
>> https://github.com/apache/tomcat/commit/856a2e2482fde9e8c8d0535942a70
c2ddfc8d676
>>
>>
>>
commit 856a2e2482fde9e8c8d0535942a70c2ddfc8d676
>> Author: Christopher Schultz
>> AuthorDate: Tue Nov 19 12:54:45 2019 -0500
>>
>> Allow customization of the CSRF prevention filter's request
>> parameter name. ---
>> .../catalina/filters/CsrfPreventionFilter.java | 24
>> +- webapps/docs/changelog.xml
>> | 5 +++-- 2 files changed, 22 insertions(+), 7 deletions(-)
>>
>> diff --git
>> a/java/org/apache/catalina/filters/CsrfPreventionFilter.java
>> b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
>> index cd1b576..fe4399f 100644 ---
>> a/java/org/apache/catalina/filters/CsrfPreventionFilter.java +++
>> b/java/org/apache/catalina/filters/CsrfPreventionFilter.java
>
> [...]
>
>> -public CsrfResponseWrapper(HttpServletResponse response,
>> String nonce) { +public
>> CsrfResponseWrapper(HttpServletResponse response, String
>> nonceRequestParameterName, String nonce) { super(response); +
>> this.nonceRequestParameterName = nonceRequestParameterName;
>> this.nonce = nonce; }
>
> Tests need to be adjusted, as they use the constructor above. See
> remm's commit on master for a fix,
> https://github.com/apache/tomcat/commit/9d7cb5468fbf2df4709c222b472bd8
6a26c9d4b6
ACK
Thanks
>
for the review, again.
- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3VoFMACgkQHPApP6U8
pFgEPQ/9HleVKzMeN9X5kMwm23iCxdij4DGk+nKyNLNMKgdej5fdvnAL+i8ZqqdL
Zez4C7JL2Aq2qgT3qkI3sMZUNpMNvPerZ/Xo1brUCzrEuW1u6uorvGuTbi5zOXQp
GglEIOwZPMtfjx8+JKZCZAkoyjxb6UzK1nr+WNn7TLkjmsKZ+q9vxEIx21QSWdry
hrBPbxiLAUM8GpBoeHSMKJE3kVhsEOCGDCBwjtpCdTPM5rIhXRIqHs03ATYgp3xj
DhVy7vS0YrrqadKbuPyyWEdEatCVdE+ZDr183QFmbL8ICcDnm0pBhAoOuaj7vA1W
4AAPzH+NraFn+zujMyw8BeA9MAy2XibsMx6CvggejdU8S5pHHKaK773/+cr3rZK3
okIChgwEAC4LeMBYQzXs9NhtsJ0JZ4rlV5asg9RamvMm21JjM1CRky+ljPo27Dzm
aALwJerEwuJSHoBsj8KDtvO+bQeG9D3mLyv+6QboxjX+sipop/JjQwo90meCsE+S
5CwBmwetfhmwq4glj5w1A4eM1PBXgnOdQ/94kLzPnnb5bzdRBlS4zvEBQ2LfheMC
zRq22VavTTeaQ19sbHlbo4dpx8xO6+z9vXe5SIb+LyXZZJRUYUUzuZ/eCpBE/9/y
fdrOZ/sJoQvJWT4cobZhfuItgPgMdebDCk9RYvndssacJ4cGvj4=
=m93x
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Fix typpo
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git View the commit online: https://github.com/apache/tomcat/commit/2c5664d5a4c8790bc6895a951083d40dffb6518e commit 2c5664d5a4c8790bc6895a951083d40dffb6518e Author: Christopher Schultz AuthorDate: Wed Nov 20 15:27:59 2019 -0500 Fix typpo --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index c28e432..8d9a8e1 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -52,7 +52,7 @@ CSRF nonce request parameter name to be customized. (schultz) - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: Fix test
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
View the commit online:
https://github.com/apache/tomcat/commit/b97eadb4e3126952f35de8a4b396c4ca46939d12
commit b97eadb4e3126952f35de8a4b396c4ca46939d12
Author: remm
AuthorDate: Tue Nov 19 23:25:09 2019 +0100
Fix test
---
test/org/apache/catalina/filters/TestCsrfPreventionFilter.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/org/apache/catalina/filters/TestCsrfPreventionFilter.java
b/test/org/apache/catalina/filters/TestCsrfPreventionFilter.java
index 6d0c81d..1e74313 100644
--- a/test/org/apache/catalina/filters/TestCsrfPreventionFilter.java
+++ b/test/org/apache/catalina/filters/TestCsrfPreventionFilter.java
@@ -37,7 +37,7 @@ public class TestCsrfPreventionFilter extends TomcatBaseTest {
private final HttpServletResponse wrapper =
new CsrfPreventionFilter.CsrfResponseWrapper(
-new NonEncodingResponse(), "TESTNONCE");
+new NonEncodingResponse(),
Constants.CSRF_NONCE_SESSION_ATTR_NAME, "TESTNONCE");
@Test
public void testAddNonceNoQueryNoAnchor() throws Exception {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated (7c9a50c -> 2c5664d)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 7c9a50c Adjust changelog to reflect which releases actually contain which improvements to the CSRF prevention filter. new b97eadb Fix test new 2c5664d Fix typpo The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: test/org/apache/catalina/filters/TestCsrfPreventionFilter.java | 2 +- webapps/docs/changelog.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Using CSRF prevention filter with session-timeout workflow resumption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, The servlet spec defines the workflow for form-based authentication: if the client requests a protected resource, an authorization check is performed. If the user is unauthenticated, the login form is shown. Successful login allows the user to be sent to the originally-requested resource. This works great to allow users to pick-up workflows where they left-off in the case of session timeout: once authenticated, the user is sent back to the page they were trying to get to originally, including a potential re-POST of form data, for example. With the CSRF prevention filter in-place, this then causes an error (well, CSRF policy violation == forbidden response) because the nonce originally added to the request's query string no longer matches a valid nonce on the server. This can be considered both good and bad behavior. Good: if handed a forged nonce from an attacker, the nonce will not be valid if the user is asked to login. Session-fixation attacks could get an attacker around this. Bad: it completely and totally breaks workflow-resumption. I'm looking for a way around this because I *really* like the fact that you can resume a workflow after re-authenticating. (I happen to be using a 3rd-party authentication and authorization library implemented as a Filter and I'm having some issues with getting that working as well, but the problem exists with the stock Tomcat authenticators.) Is there a safe way to implement workflow-resumption in the presence of the CSRF prevention filter? Or even under *any* CSRF scheme? - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3Vo88ACgkQHPApP6U8 pFjuWxAAirnEimlquVNLUA+yfTT+rsCA+6TFxv0soDDg/ln5F7GX7AsVdnAL3SDZ jPWxBYKsiW+jaPS56DYIawW5foTqy+dHfgawmR8zH4g4IK1tvlBq+yMOJ1zDDPLC 5lcWm2vGXHuFO+/PHo97Yom0r+I7cVOm9V7S5oa8vJtq/YXHGchqKfDzF/10NBAp xNQaQ1FJhEQBjcup9ZWFy51+f5g9F3GmtvAgqdirhCAgr5N+muWbyaUMXkXPqagx HdZhpZNJ1jtiidhE9lAK10wOHz9AtlacLNQker8etg6Bct2QDxbooxHKppdZwQP9 WrtXreE8BNtmDCYKyKIMHKQq4VozO834FMFCMLfDBKE8j4u07ctDnj5GzahEKGTp pr/81Q9bLnH5YeHFFkNeh1uZNpcy7M/NBALvF1cJF0QztRQw6V7I7m7AAsC/AjW6 wKfQh+qhmQzSHQcho8E3kdF5HbU38lNS8hVFFoowwzKKUJXjXWOZ77z2di4tW6ll MQRIpw0oFfDZoVQHDLEp51OyVtrPfhia12NFWrY26H9hBHYXZIDrzbUgNgDsfEJh i9tytiPpl/A0Tmh1yhuKRlZsb29tSDKKEki39G7rz/Usgi64U+vslkA5TWp1YJ2I CSq2mXGhERguTguSC8eg3tXQUsTz/gWFIccC/LALP4caqJYTqfI= =NJaQ -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in on tomcat-85-trunk
The Buildbot has detected a restored build on builder tomcat-85-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-85-trunk/builds/2050 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-85-commit' triggered this build Build Source Stamp: [branch 8.5.x] 2c5664d5a4c8790bc6895a951083d40dffb6518e Blamelist: Christopher Schultz ,remm Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.29
[X] Stable - go ahead and release as 9.0.29 Thanks Jon On Sat, Nov 16, 2019 at 6:56 PM Mark Thomas wrote: > The proposed Apache Tomcat 9.0.29 release is now available for voting. > > The major changes compared to the 9.0.27 release are: > > - Improvements to Async error handling > > - Stricter processing of HTTP headers when looking for specific token > values > > - Fix various issues that could lead to modification to a JSP not being > reflected in the served page > > Along with lots of other bug fixes and improvements. > > For full details, see the changelog: > https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.29/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1236/ > The tag is: > https://github.com/apache/tomcat/tree/9.0.29 > > > The proposed 9.0.29 release is: > [ ] Broken - do not release > [ ] Stable - go ahead and release as 9.0.29 > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Re: [VOTE] Release Apache Tomcat 9.0.29
Am 2019-11-16 um 19:56 schrieb Mark Thomas: The proposed Apache Tomcat 9.0.29 release is now available for voting. The major changes compared to the 9.0.27 release are: - Improvements to Async error handling - Stricter processing of HTTP headers when looking for specific token values - Fix various issues that could lead to modification to a JSP not being reflected in the served page Along with lots of other bug fixes and improvements. For full details, see the changelog: https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.29/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1236/ The tag is: https://github.com/apache/tomcat/tree/9.0.29 The proposed 9.0.29 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 9.0.29 LGTM, +1 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63943] Add possibility to overwrite remote port with information from header value
https://bz.apache.org/bugzilla/show_bug.cgi?id=63943 --- Comment #4 from George Stanchev --- According to [1] it is "x-forwarded-port" https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html#x-forwarded-port -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
