[Bug 64149] NullPointerException in AbstractAccessLogValve
https://bz.apache.org/bugzilla/show_bug.cgi?id=64149 --- Comment #7 from Roland Wachinger --- Aweseome :) Thank you very much -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Avoid calling WebResource.getContentLength all the time
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 400d544 Avoid calling WebResource.getContentLength all the time
400d544 is described below
commit 400d5443867a38a07786dd80682d822e6fab0722
Author: remm
AuthorDate: Wed Mar 25 10:58:24 2020 +0100
Avoid calling WebResource.getContentLength all the time
---
.../apache/catalina/servlets/DefaultServlet.java | 27 +++---
1 file changed, 13 insertions(+), 14 deletions(-)
diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java
b/java/org/apache/catalina/servlets/DefaultServlet.java
index 406b120..396b91b 100644
--- a/java/org/apache/catalina/servlets/DefaultServlet.java
+++ b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -1157,11 +1157,10 @@ public class DefaultServlet extends HttpServlet {
if (ranges.getEntries().size() == 1) {
Ranges.Entry range = ranges.getEntries().get(0);
-long resourceLength = resource.getContentLength();
-long start = getStart(range, resourceLength);
-long end = getEnd(range, resourceLength);
+long start = getStart(range, contentLength);
+long end = getEnd(range, contentLength);
response.addHeader("Content-Range",
-"bytes " + start + "-" + end + "/" + resourceLength);
+"bytes " + start + "-" + end + "/" + contentLength);
long length = end - start + 1;
response.setContentLengthLong(length);
@@ -1180,8 +1179,8 @@ public class DefaultServlet extends HttpServlet {
}
if (ostream != null) {
if (!checkSendfile(request, response, resource,
-end - start + 1, range))
-copy(resource, ostream, range);
+contentLength, range))
+copy(resource, contentLength, ostream, range);
} else {
// we should not get here
throw new IllegalStateException();
@@ -1197,7 +1196,7 @@ public class DefaultServlet extends HttpServlet {
// Silent catch
}
if (ostream != null) {
-copy(resource, ostream, ranges, contentType);
+copy(resource, contentLength, ostream, ranges,
contentType);
} else {
// we should not get here
throw new IllegalStateException();
@@ -2137,8 +2136,8 @@ public class DefaultServlet extends HttpServlet {
request.setAttribute(Globals.SENDFILE_FILE_START_ATTR,
Long.valueOf(0L));
request.setAttribute(Globals.SENDFILE_FILE_END_ATTR,
Long.valueOf(length));
} else {
-request.setAttribute(Globals.SENDFILE_FILE_START_ATTR,
Long.valueOf(getStart(range, resource.getContentLength(;
-request.setAttribute(Globals.SENDFILE_FILE_END_ATTR,
Long.valueOf(getEnd(range, resource.getContentLength()) + 1));
+request.setAttribute(Globals.SENDFILE_FILE_START_ATTR,
Long.valueOf(getStart(range, length)));
+request.setAttribute(Globals.SENDFILE_FILE_END_ATTR,
Long.valueOf(getEnd(range, length) + 1));
}
return true;
}
@@ -2381,11 +2380,12 @@ public class DefaultServlet extends HttpServlet {
* (even in the face of an exception).
*
* @param resource The source resource
+ * @param length the resource length
* @param ostream The output stream to write to
* @param range Range the client wanted to retrieve
* @exception IOException if an input/output error occurs
*/
-protected void copy(WebResource resource, ServletOutputStream ostream,
+protected void copy(WebResource resource, long length, ServletOutputStream
ostream,
Ranges.Entry range)
throws IOException {
@@ -2394,8 +2394,7 @@ public class DefaultServlet extends HttpServlet {
InputStream resourceInputStream = resource.getInputStream();
InputStream istream =
new BufferedInputStream(resourceInputStream, input);
-exception = copyRange(istream, ostream, getStart(range,
resource.getContentLength()),
-getEnd(range, resource.getContentLength()));
+exception = copyRange(istream, ostream, getStart(range, length),
getEnd(range, length));
// Clean up the input stream
istream.close();
@@ -2413,18 +2412,18 @@ public class DefaultServlet extends HttpServlet {
* (even in the face of an exception).
*
* @param resourc
Tomcat Wiki Source Code Download
With reference to my (OP) Users mailing list thread with exactly the same title as this... I have attached an svn diff for a minor change to the README.txt in the root directory of the site svn repository:- https://svn.apache.org/repos/asf/tomcat/site/trunk Please feel free to change it if you think my wording could be improved. Once committed, I intend to make a corresponding change to the more important web page which points to the site repository, i.e. http://tomcat.apache.org/source.html I hope this represents a small improvement, Brian Index: README.txt === --- README.txt (revision 1875534) +++ README.txt (working copy) @@ -4,13 +4,24 @@ --- ***NOTE*** -DO NOT EDIT THE .html files in the docs directory. -Please follow the directions below for updating the website. +You might be puzzled when you find this checkout does not contain the xml or html +file or files you were hoping to update. This is because the external apache Tomcat +web site appears to be a single entity, but it is constructed from several distinct +segments. + +Each major version of Tomcat ships with, and is capable of hosting its own +documentation on its own local web site. Therefore, the source files for those web +pages can be found in the xdocs subdirectory of the specific version of Tomcat. ***NOTE*** The Tomcat web site is based on .xml files which are transformed into .html files using XSLT and Ant. +***NOTE*** +DO NOT EDIT THE .html files in the docs directory! +Please follow the directions below for updating the website. +***NOTE*** + In order to make modifications to the Tomcat web site, you need to first check out the Tomcat site from SVN. To check out the Tomcat site into a sub-directory called tomcat-site in the current directory: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64260] Clean up install target
https://bz.apache.org/bugzilla/show_bug.cgi?id=64260 Michael Osipov changed: What|Removed |Added Summary|Clean install target|Clean up install target -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch BZ-64260 created (now 24bd38e)
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a change to branch BZ-64260 in repository https://gitbox.apache.org/repos/asf/tomcat-native.git. at 24bd38e BZ 64260: Clean up install target This branch includes the following new commits: new 24bd38e BZ 64260: Clean up install target The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] 01/01: BZ 64260: Clean up install target
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch BZ-64260
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
commit 24bd38e5b295a64cd01a4eccaa959bb686818e5c
Author: Michael Osipov
AuthorDate: Wed Mar 25 11:45:05 2020 +0100
BZ 64260: Clean up install target
Remove bin/, include/, lib/pkgconfig/ from install target since they serve
no
purpose for the outside world and rather might confuse people. libtcnative
is
solely intended to be loaded dynamically from within the JVM and not be used
as a library for other C clients.
The archive cannot be easily removed w/o restructuring configure.ac and
Makefile.in. The conceptual flaw is to rely on libtool generated for APR,
rather than generating a libtool in-place with
*_DISABLE_STATIC/*_PROG_LIBTOOL
through autoreconf. A proper approach is taken by Subversion's
build/ac-macros/apr.mk.
---
native/Makefile.in| 15 +++
native/configure.in | 1 -
native/tcnative.pc.in | 30 --
3 files changed, 3 insertions(+), 43 deletions(-)
diff --git a/native/Makefile.in b/native/Makefile.in
index 6e6c68a..e6e0f11 100644
--- a/native/Makefile.in
+++ b/native/Makefile.in
@@ -39,7 +39,6 @@ TCNATIVE_LIBS = @TCNATIVE_LIBS@
TARGET_LIB = lib@TCNATIVE_LIBNAME@.la
EXTRA_OS_LINK=@EXTRA_OS_LINK@
-TCNATIVE_PCFILE = tcnative-$(TCNATIVE_MAJOR_VERSION).pc
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
@@ -61,29 +60,21 @@ LINK = $(LIBTOOL) $(LTFLAGS) --mode=link --tag=CC
$(LT_LDFLAGS) $(COMPI
CLEAN_SUBDIRS = test
CLEAN_TARGETS = .make.dirs
-DISTCLEAN_TARGETS = config.cache config.log config.status libtool \
- build/rules.mk tcnative.pc
+DISTCLEAN_TARGETS = config.cache config.log config.status \
+ build/rules.mk
EXTRACLEAN_TARGETS = configure aclocal.m4 build-outputs.mk \
build/apr_common.m4 build/find_apr.m4 build/install.sh \
build/config.guess build/config.sub tcnative.spec
prefix=@prefix@
exec_prefix=@exec_prefix@
-bindir=@bindir@
libdir=@libdir@
-includedir=@includedir@
top_srcdir=@abs_srcdir@
top_blddir=@abs_builddir@
install: $(TARGET_LIB)
- $(APR_MKDIR) $(DESTDIR)$(includedir) $(DESTDIR)$(libdir)/pkgconfig \
-$(DESTDIR)$(libdir) $(DESTDIR)$(bindir)
- $(INSTALL_DATA) tcnative.pc
$(DESTDIR)$(libdir)/pkgconfig/$(TCNATIVE_PCFILE)
- $(INSTALL_DATA) $(srcdir)/include/*.h $(DESTDIR)$(includedir)
- list='$(INSTALL_SUBDIRS)'; for i in $$list; do \
- ( cd $$i ; $(MAKE) DESTDIR=$(DESTDIR) install ); \
- done
+ $(APR_MKDIR) $(DESTDIR)$(libdir)
$(LIBTOOL) --mode=install $(INSTALL) -m 755 $(TARGET_LIB)
$(DESTDIR)$(libdir)
$(TARGET_LIB): $(OBJECTS)
diff --git a/native/configure.in b/native/configure.in
index 9cc395f..ae3f366 100644
--- a/native/configure.in
+++ b/native/configure.in
@@ -282,7 +282,6 @@ dnl
dnl everything is done.
MAKEFILES="Makefile"
AC_OUTPUT([
-tcnative.pc
$MAKEFILES
],[
TCNATIVE_MAJOR_VERSION=$TCNATIVE_MAJOR_VERSION
diff --git a/native/tcnative.pc.in b/native/tcnative.pc.in
deleted file mode 100644
index 1fd7cb8..000
--- a/native/tcnative.pc.in
+++ /dev/null
@@ -1,30 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@
-TCNATIVE_MAJOR_VERSION=@TCNATIVE_MAJOR_VERSION@
-includedir=@includedir@
-
-Name: Tomcat native Java
-Description: Companion Native Java library
-Version: @TCNATIVE_DOTTED_VERSION@
-# assume that tcnative requires libapr of same major version
-Requires: apr-1
-Libs: -L${libdir} -l@TCNATIVE_LIBNAME@ @TCNATIVE_EXPORT_LIBS@
-Cflags: -I${includedir}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1875625 - /tomcat/site/trunk/README.txt
Author: markt Date: Wed Mar 25 10:55:36 2020 New Revision: 1875625 URL: http://svn.apache.org/viewvc?rev=1875625&view=rev Log: Add explanation that version specific docs are in different repos Patch provided by Brian Burch. Modified: tomcat/site/trunk/README.txt Modified: tomcat/site/trunk/README.txt URL: http://svn.apache.org/viewvc/tomcat/site/trunk/README.txt?rev=1875625&r1=1875624&r2=1875625&view=diff == --- tomcat/site/trunk/README.txt (original) +++ tomcat/site/trunk/README.txt Wed Mar 25 10:55:36 2020 @@ -4,13 +4,25 @@ The Apache Tomcat Website Instructions --- ***NOTE*** -DO NOT EDIT THE .html files in the docs directory. -Please follow the directions below for updating the website. -***NOTE*** +You might be puzzled when you find this repository does not contain the xml or +html file or files you were hoping to update. This is because the external +Apache Tomcat web site appears to be a single entity, but it is constructed from +several distinct segments. +Each major version of Tomcat ships with, and is capable of hosting, its own +documentation on its own local web site. Therefore, the source files for those +web pages can be found in the webapps/docs subdirectory of the specific version +of Tomcat. + +***NOTE*** The Tomcat web site is based on .xml files which are transformed into .html files using XSLT and Ant. +***NOTE*** +DO NOT EDIT THE .html files in the docs directory! +Please follow the directions below for updating the website. + + In order to make modifications to the Tomcat web site, you need to first check out the Tomcat site from SVN. To check out the Tomcat site into a sub-directory called tomcat-site in the current directory: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat-native] michael-o opened a new pull request #7: BZ 64260: Clean up install target
michael-o opened a new pull request #7: BZ 64260: Clean up install target URL: https://github.com/apache/tomcat-native/pull/7 Remove bin/, include/, lib/pkgconfig/ from install target since they serve no purpose for the outside world and rather might confuse people. libtcnative is solely intended to be loaded dynamically from within the JVM and not be used as a library for other C clients. The archive cannot be easily removed w/o restructuring configure.ac and Makefile.in. The conceptual flaw is to rely on libtool generated for APR, rather than generating a libtool in-place with *_DISABLE_STATIC/*_PROG_LIBTOOL through autoreconf. A proper approach is taken by Subversion's build/ac-macros/apr.mk. Works flawlessly in-tree and out-of-tree build on FreeBSD, will test on HP-UX and RHEL 7. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Tomcat Wiki Source Code Download
Many thanks Brian. Patch applied with a couple of minor changes. Mark On 25/03/2020 09:59, Brian Burch wrote: > With reference to my (OP) Users mailing list thread with exactly the > same title as this... > > I have attached an svn diff for a minor change to the README.txt in the > root directory of the site svn repository:- > > https://svn.apache.org/repos/asf/tomcat/site/trunk > > Please feel free to change it if you think my wording could be improved. > > Once committed, I intend to make a corresponding change to the more > important web page which points to the site repository, i.e. > > http://tomcat.apache.org/source.html > > I hope this represents a small improvement, > > Brian > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat-native] michael-o commented on issue #7: BZ 64260: Clean up install target
michael-o commented on issue #7: BZ 64260: Clean up install target URL: https://github.com/apache/tomcat-native/pull/7#issuecomment-603783395 Works flawlessly on RHEL 7 and HP-UX 11.31. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch master updated: Drop obsolete build time workarounds for HP-UX
This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/master by this push: new f92dfdd Drop obsolete build time workarounds for HP-UX f92dfdd is described below commit f92dfddd1396ed1a8c0fb07ec01383bde58363a9 Author: Michael Osipov AuthorDate: Wed Mar 25 13:21:13 2020 +0100 Drop obsolete build time workarounds for HP-UX This basically reverts BZ 60301 and BZ 60290. They were introduced due to lack of understanding how the rules.mk was built previously. It was obtained from the HP-UX Porting and Archive Centre which used GCC, but the default compiler is aCC on HP-UX. Both have different set of flags and options. GCC on HP-UX is basically dead. When both APR and Tomcat Native are built under same conditions no hacky workarounds are necessary. --- native/Makefile.in| 10 -- native/configure.in | 6 -- xdocs/miscellaneous/changelog.xml | 3 +++ 3 files changed, 3 insertions(+), 16 deletions(-) diff --git a/native/Makefile.in b/native/Makefile.in index 6e6c68a..2c4a5c8 100644 --- a/native/Makefile.in +++ b/native/Makefile.in @@ -21,8 +21,6 @@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ -CC_OLD = @CC@ -LIBTOOL_OLD = @LIBTOOL@ # gets substituted into some targets TCNATIVE_MAJOR_VERSION=@TCNATIVE_MAJOR_VERSION@ @@ -49,14 +47,6 @@ TARGETS = $(TARGET_LIB) @INCLUDE_RULES@ @INCLUDE_OUTPUTS@ -ifneq ($(CC_OLD),$(CC)) -CC=$(CC_OLD) -endif - -ifneq ($(LIBTOOL_OLD),$(LIBTOOL)) -LIBTOOL=$(LIBTOOL_OLD) -endif - LINK = $(LIBTOOL) $(LTFLAGS) --mode=link --tag=CC $(LT_LDFLAGS) $(COMPILE) -version-info $(TCNATIVE_LIBTOOL_VERSION) $(ALL_LDFLAGS) -o $@ CLEAN_SUBDIRS = test diff --git a/native/configure.in b/native/configure.in index 9cc395f..3d2d9e1 100644 --- a/native/configure.in +++ b/native/configure.in @@ -101,11 +101,6 @@ dnl APR_SETIFNULL(CC, `$apr_config --cc`) APR_SETIFNULL(CPP, `$apr_config --cpp`) -dnl -dnl Default to the APR provided libtool but allow the user to override it -dnl -APR_SETIFNULL(LIBTOOL, `$apr_config --apr-libtool`) - AC_PROG_INSTALL dnl @@ -242,7 +237,6 @@ AC_SUBST(TCNATIVE_LDFLAGS) AC_SUBST(TCNATIVE_LIBS) AC_SUBST(CFLAGS) AC_SUBST(CPPFLAGS) -AC_SUBST(LIBTOOL) dnl copy apr's rules.mk into our build directory. if test ! -d ./build; then diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index d88bc79..b0d3ed0 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -36,6 +36,9 @@ + + Drop obsolete build time workarounds for HP-UX. (michaelo) + Add support for FreeBSD's pthread_getthreadid_np() in our ssl_thread_id(void). (michaelo) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Remaining Tomcat 10 items
On Mon, Mar 23, 2020 at 11:11 AM Mark Thomas wrote:
> > - Reduce instances of setters and getters for the same property existing
> > on an object and its parent. This may require new objects to be exposed
> > via JMX.
> > Fixed enough ?
>
> From memory, this was primarily on the Connectors. That is certainly a
> lot better. I'd like to review things before closing this one out.
>
There's indeed a problem on Connector, but I don't see how to fix it.
Ex:
public void setMaxPostSize(int maxPostSize) {
this.maxPostSize = maxPostSize;
setProperty("maxPostSize", String.valueOf(maxPostSize));
}
Both Catalina and Coyote need to access the value. The alternative would be
to have the Catalina code use getProperty, which would be both uglier and
slower.
Rémy
[Bug 64265] New: ETag comparison does not properly implement RFC 7232, section 2.3.2
https://bz.apache.org/bugzilla/show_bug.cgi?id=64265
Bug ID: 64265
Summary: ETag comparison does not properly implement RFC 7232,
section 2.3.2
Product: Tomcat 8
Version: 8.5.x-trunk
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: micha...@apache.org
Target Milestone:
The mentioned section provides two types of comparisons, strong and weak.
Here are the issues:
* It is not properly documented which comparison functions is applied by the
DefaultServlet
* I believe that Tomcat implements either wrong.
Here is the code in question:
> while (!conditionSatisfied && commaTokenizer.hasMoreTokens()) {
> String currentToken = commaTokenizer.nextToken();
> if (currentToken.trim().equals(eTag))
> conditionSatisfied = true;
> }
This means that Tomcat performs char-by-char comparison. This already
contradicts both functions (likely). A simple example:
$ curl "https://.../test/test.txt"; -I
> HTTP/1.1 200
> Accept-Ranges: bytes
> ETag: W/"6-1585143822000"
> Last-Modified: Wed, 25 Mar 2020 13:43:42 GMT
> Content-Type: text/plain
> Content-Length: 6
> Date: Wed, 25 Mar 2020 13:55:50 GMT
Tomcat returns a weak etag, so try the weak function:
> $ curl "https://.../test/test.txt"; -H 'If-None-Match: W/"6-1585143822000"' -I
> HTTP/1.1 304
> ETag: W/"6-1585143822000"
> Date: Wed, 25 Mar 2020 13:58:01 GMT
This one should match with weak:
> $ curl "https://.../test/test.txt"; -H 'If-None-Match: "6-1585143822000"' -I
> HTTP/1.1 200
> Accept-Ranges: bytes
> ETag: W/"6-1585143822000"
> Last-Modified: Wed, 25 Mar 2020 13:43:42 GMT
> Content-Type: text/plain
> Content-Length: 6
> Date: Wed, 25 Mar 2020 13:58:28 GMT
but it doesn't. It still returns 200.
If I try strong logically, the following should give me a 200:
> $ curl "https://.../test/test.txt"; -H 'If-None-Match: W/"6-1585143822000"' -I
> HTTP/1.1 304
> ETag: W/"6-1585143822000"
> Date: Wed, 25 Mar 2020 13:59:24 GMT
but it doesn't. It still returns 304.
Am I wrong here?
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Adding Content-Security-Policy support to HttpHeaderSecurityFilter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 3/24/20 17:51, Mark Thomas wrote: > On 24/03/2020 21:28, Christopher Schultz wrote: >> All, >> >> While replying to James's recent message about this filter's >> anti click-jacking features[1], I was surprised to see that this >> filter does not have any support for the Content-Security-Policy >> header. >> >> Adding such support would be fairly simple: simply add a >> "contentSecurityPolicy" attribute which gets dumped-out to every >> response as a Content-Security-Policy header. >> >> Any votes for/against? > > See: https://bz.apache.org/bugzilla/show_bug.cgi?id=58837 > > No objections to your proposal. I do wonder about the more general > solution but I don't see that as a reason not to do this. My 2018 self was a little more skeptical. 2020 me thinks that it's useful to bundle this into HttpHeaderSecurityFilter. CSP is a single header, not a quite of things like the anti-clickjacking ended up being. Using url-rewrite for a single header is unnecessarily complex. Using Tomcat's rewrite for a single header might be reasonable, except that we already have a Filter essentially built for this kind of thing. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl57dfMACgkQHPApP6U8 pFgG9A/+IuZbYcvNvi63rwVWWXk9G83mPlKTXbL0mkk5IKPm3mzXjMEdGPS8h79r 2F3iaEcl8lcrjmD+RFf3isAp0vrowhdlMbzSRXUtnWWdCPG3lQK2khZ0DmglNoyc IA0mwd/B6ojVDYGEiZ8xEcqj6Tfez5xHEv1XW2E6ZF1VQRZtZbzLSeXHgOpK5Y/k 5cSEX+Pw/M+oyfU45xl0WKYHy3hq+pzfv07RMxUk9dGwXcIq5BYCIXV2cMrFj0qs smjJ0Gn5nYU3yqzid2e/fVRTUv6SFDOxnTfya2Az0vzRvLnBoLiXtM3dlouD4Afl 5RYBTZdpX9ewV+Ra7Gz4SwuUvyHA2l4TAwAIPI84Bx5Iyz1hQYtEWUqi7G2Ae/pR JeSreD/nOWdyXrWfcQZw7hdOgOJQyVm1Rqm9587hEUJZIMnR0HrGH/2o+T3ZP18n Wv63XtYjZrpLzWmr+VrUuJcsz6PcLK76oBLxJ7PyqUMK23ilIV6KHP4fCxLW56hS RFJa9jF937nuB7iP3CU2tx3A1hneqYdpXBNmBCnDcQ2glynoVnzBfJNBXLeO0C8U 7IGrHno1UrzednmDFy7XJxNHbJeYprmnM7X06Cbcy+Thiv4PYTUAKW/JD7hjJX+5 wVrNUuV8hiGUHe/0+sIRwlEftOUkMNiary/soodCLjdNvYyjuXY= =ppvG -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Remove two system properties used for configuration
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new d0877a6 Remove two system properties used for configuration
d0877a6 is described below
commit d0877a698fe23f633747f429e43ce40d5f8d3ed7
Author: remm
AuthorDate: Wed Mar 25 17:58:08 2020 +0100
Remove two system properties used for configuration
Two rarely used properties, both in the connector package:
- org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH is
replaced by the allowBackslash attribute
- org.apache.catalina.connector.Response.ENFORCE_ENCODING_IN_GET_WRITER
is replaced by the enforceEncodingInGetWriter attribute
---
java/org/apache/catalina/connector/Connector.java | 57 ++
.../apache/catalina/connector/CoyoteAdapter.java | 11 ++---
java/org/apache/catalina/connector/Response.java | 17 +--
.../catalina/connector/TestCoyoteAdapter.java | 2 +-
webapps/docs/changelog.xml | 13 +
webapps/docs/config/systemprops.xml| 18 ---
6 files changed, 76 insertions(+), 42 deletions(-)
diff --git a/java/org/apache/catalina/connector/Connector.java
b/java/org/apache/catalina/connector/Connector.java
index 43b9431..ec65163 100644
--- a/java/org/apache/catalina/connector/Connector.java
+++ b/java/org/apache/catalina/connector/Connector.java
@@ -118,6 +118,14 @@ public class Connector extends LifecycleMBeanBase {
/**
+ * If this is true the '\' character will be permitted as a
+ * path delimiter. If not specified, the default value of
+ * false will be used.
+ */
+protected boolean allowBackslash = false;
+
+
+/**
* Do we allow TRACE ?
*/
protected boolean allowTrace = false;
@@ -135,6 +143,19 @@ public class Connector extends LifecycleMBeanBase {
protected boolean enableLookups = false;
+/**
+ * If this is true then a call to
+ * Response.getWriter() if no character encoding
+ * has been specified will result in subsequent calls to
+ * Response.getCharacterEncoding() returning
+ * ISO-8859-1 and the Content-Type response
header
+ * will include a charset=ISO-8859-1 component.
+ * (SRV.15.2.22.1)
+ * If not specified, the default specification compliant value of
+ * true will be used.
+ */
+protected boolean enforceEncodingInGetWriter = true;
+
/*
* Is generation of X-Powered-By response header enabled/disabled?
*/
@@ -339,6 +360,24 @@ public class Connector extends LifecycleMBeanBase {
/**
+ * @return true if backslash characters are allowed in URLs.
+ * Default value is false.
+ */
+public boolean getAllowBackslash() {
+return allowBackslash;
+}
+
+
+/**
+ * Set the allowBackslash flag.
+ * @param allowBackslash the new flag value
+ */
+public void setAllowBackslash(boolean allowBackslash) {
+this.allowBackslash = allowBackslash;
+}
+
+
+/**
* @return true if the TRACE method is allowed. Default value
* is false.
*/
@@ -415,6 +454,24 @@ public class Connector extends LifecycleMBeanBase {
}
+/**
+ * @return true if a default character encoding will be set
+ * when calling Response.getWriter()
+ */
+public boolean getEnforceEncodingInGetWriter() {
+return enforceEncodingInGetWriter;
+}
+
+
+/**
+ * Set the enforceEncodingInGetWriter flag.
+ * @param enforceEncodingInGetWriter the new flag value
+ */
+public void setEnforceEncodingInGetWriter(boolean
enforceEncodingInGetWriter) {
+this.enforceEncodingInGetWriter = enforceEncodingInGetWriter;
+}
+
+
public int getMaxCookieCount() {
return maxCookieCount;
}
diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java
b/java/org/apache/catalina/connector/CoyoteAdapter.java
index 3b6f7e9..9bfe301 100644
--- a/java/org/apache/catalina/connector/CoyoteAdapter.java
+++ b/java/org/apache/catalina/connector/CoyoteAdapter.java
@@ -78,10 +78,6 @@ public class CoyoteAdapter implements Adapter {
public static final int ADAPTER_NOTES = 1;
-protected static final boolean ALLOW_BACKSLASH =
-
Boolean.parseBoolean(System.getProperty("org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH",
"false"));
-
-
private static final ThreadLocal THREAD_NAME =
new ThreadLocal() {
@@ -635,7 +631,7 @@ public class CoyoteAdapter implements Adapter {
response.sendError(400, "Invalid URI: " + ioe.getMessage());
}
// Normalization
-if (normalize(req.decodedURI())) {
+if (normalize(req.decodedURI(), connector.getAllowBackslash())) {
// Character decoding
conv
Re: [tomcat] branch master updated: Remove two system properties used for configuration
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Rémy,
Should there be a note about this in the migration guide?
- -chris
On 3/25/20 12:58, r...@apache.org wrote:
> This is an automated email from the ASF dual-hosted git
> repository.
>
> remm pushed a commit to branch master in repository
> https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/master by this
> push: new d0877a6 Remove two system properties used for
> configuration d0877a6 is described below
>
> commit d0877a698fe23f633747f429e43ce40d5f8d3ed7 Author: remm
> AuthorDate: Wed Mar 25 17:58:08 2020 +0100
>
> Remove two system properties used for configuration
>
> Two rarely used properties, both in the connector package: -
> org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH is
> replaced by the allowBackslash attribute -
> org.apache.catalina.connector.Response.ENFORCE_ENCODING_IN_GET_WRITER
>
>
is replaced by the enforceEncodingInGetWriter attribute
> --- java/org/apache/catalina/connector/Connector.java | 57
> ++
> .../apache/catalina/connector/CoyoteAdapter.java | 11 ++---
> java/org/apache/catalina/connector/Response.java | 17 +--
> .../catalina/connector/TestCoyoteAdapter.java | 2 +-
> webapps/docs/changelog.xml | 13 +
> webapps/docs/config/systemprops.xml| 18 --- 6
> files changed, 76 insertions(+), 42 deletions(-)
>
> diff --git a/java/org/apache/catalina/connector/Connector.java
> b/java/org/apache/catalina/connector/Connector.java index
> 43b9431..ec65163 100644 ---
> a/java/org/apache/catalina/connector/Connector.java +++
> b/java/org/apache/catalina/connector/Connector.java @@ -118,6
> +118,14 @@ public class Connector extends LifecycleMBeanBase {
>
>
> /** + * If this is true the '\' character will be
> permitted as a + * path delimiter. If not specified, the
> default value of + * false will be used. + */
> +protected boolean allowBackslash = false; + + +/** * Do we
> allow TRACE ? */ protected boolean allowTrace = false; @@ -135,6
> +143,19 @@ public class Connector extends LifecycleMBeanBase {
> protected boolean enableLookups = false;
>
>
> +/** + * If this is true then a call to +
> * Response.getWriter() if no character encoding +
> * has been specified will result in subsequent calls to + *
> Response.getCharacterEncoding() returning + *
> ISO-8859-1 and the Content-Type response
> header + * will include a charset=ISO-8859-1
> component. + * (SRV.15.2.22.1) + * If not specified, the
> default specification compliant value of + * true
> will be used. + */ +protected boolean
> enforceEncodingInGetWriter = true; + /* * Is generation of
> X-Powered-By response header enabled/disabled? */ @@ -339,6 +360,24
> @@ public class Connector extends LifecycleMBeanBase {
>
>
> /** + * @return true if backslash characters are
> allowed in URLs. + * Default value is false. +
> */ +public boolean getAllowBackslash() { +return
> allowBackslash; +} + + +/** + * Set the allowBackslash
> flag. + * @param allowBackslash the new flag value + */ +
> public void setAllowBackslash(boolean allowBackslash) { +
> this.allowBackslash = allowBackslash; +} + + +/** * @return
> true if the TRACE method is allowed. Default value *
> is false. */ @@ -415,6 +454,24 @@ public class
> Connector extends LifecycleMBeanBase { }
>
>
> +/** + * @return true if a default character
> encoding will be set + * when calling Response.getWriter() +
> */ +public boolean getEnforceEncodingInGetWriter() { +
> return enforceEncodingInGetWriter; +} + + +/** + * Set
> the enforceEncodingInGetWriter flag. + * @param
> enforceEncodingInGetWriter the new flag value + */ +public
> void setEnforceEncodingInGetWriter(boolean
> enforceEncodingInGetWriter) { +
> this.enforceEncodingInGetWriter = enforceEncodingInGetWriter; +
> } + + public int getMaxCookieCount() { return maxCookieCount; }
> diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java
> b/java/org/apache/catalina/connector/CoyoteAdapter.java index
> 3b6f7e9..9bfe301 100644 ---
> a/java/org/apache/catalina/connector/CoyoteAdapter.java +++
> b/java/org/apache/catalina/connector/CoyoteAdapter.java @@ -78,10
> +78,6 @@ public class CoyoteAdapter implements Adapter { public
> static final int ADAPTER_NOTES = 1;
>
>
> -protected static final boolean ALLOW_BACKSLASH = -
> Boolean.parseBoolean(System.getProperty("org.apache.catalina.connector
.CoyoteAdapter.ALLOW_BACKSLASH",
> "false")); - - private static final ThreadLocal THREAD_NAME
> = new ThreadLocal() {
>
> @@ -635,7 +631,7 @@ public class CoyoteAdapter implements Adapter
> { response.sendError(400, "Invalid URI: " + ioe.getMessage()); } //
> Normalization -if (normalize(req.decodedURI())) { +
> if (normalize(req.decodedURI(), connector.getAllowBacksl
Re: [tomcat] branch master updated: Remove two system properties used for configuration
On 25/03/2020 16:58, r...@apache.org wrote: > This is an automated email from the ASF dual-hosted git repository. > > remm pushed a commit to branch master > in repository https://gitbox.apache.org/repos/asf/tomcat.git > > > The following commit(s) were added to refs/heads/master by this push: > new d0877a6 Remove two system properties used for configuration > d0877a6 is described below > > commit d0877a698fe23f633747f429e43ce40d5f8d3ed7 > Author: remm > AuthorDate: Wed Mar 25 17:58:08 2020 +0100 > > Remove two system properties used for configuration > > Two rarely used properties, both in the connector package: > - org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH is > replaced by the allowBackslash attribute FYI I plan to replace this with a new attribute that controls how backslash is handled. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch master updated: Remove two system properties used for configuration
On Wed, Mar 25, 2020 at 8:20 PM Mark Thomas wrote: > On 25/03/2020 16:58, r...@apache.org wrote: > > This is an automated email from the ASF dual-hosted git repository. > > > > remm pushed a commit to branch master > > in repository https://gitbox.apache.org/repos/asf/tomcat.git > > > > > > The following commit(s) were added to refs/heads/master by this push: > > new d0877a6 Remove two system properties used for configuration > > d0877a6 is described below > > > > commit d0877a698fe23f633747f429e43ce40d5f8d3ed7 > > Author: remm > > AuthorDate: Wed Mar 25 17:58:08 2020 +0100 > > > > Remove two system properties used for configuration > > > > Two rarely used properties, both in the connector package: > > - org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH is > > replaced by the allowBackslash attribute > > FYI I plan to replace this with a new attribute that controls how > backslash is handled. > Oops, sorry. +1 Rémy > > Mark > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
