[Bug 65714] HTTPS connection error using NIO2 with security manager enabled
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714 --- Comment #6 from Remy Maucherat --- (In reply to Mark Thomas from comment #5) > This looks to be related to the NIO2 completion handlers. Secure connections > do a handshake first so the main request processing is on a completion > handler thread. These don't appear to have any security context associated > with them although I need to dig into this some more. > > The non-secure threads start processing on a standard executor thread - > hence why they don't see this issue. > > My concern at this point is that we could end up in a position of having to > pre-load a much larger set of classes. > > It is worth noting that the SecurityManager is deprecated in newer versions > of Java and that support for running Tomcat under a SecurityManager is > likely to be removed in the (distant) future. I couldn't immediately get it working as well. Instead, we could document that the security manager is not supported with NIO2, for now at least. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65714] HTTPS connection error using NIO2 with security manager enabled
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714 --- Comment #7 from Mark Thomas --- I've found a workaround. The short version is when running under a security manager, have the handshake completion handlers for NIO2 always dispatch to a container thread. Slower, but it works. Commit will follow shortly (I just want to run the tests first). -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix Bz 65714 - security manager + TLS + NIO2
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new dff6530 Fix Bz 65714 - security manager + TLS + NIO2
dff6530 is described below
commit dff6530b11c9318c0602d65d9053d6098db179eb
Author: Mark Thomas
AuthorDate: Wed Dec 1 09:27:36 2021 +
Fix Bz 65714 - security manager + TLS + NIO2
---
java/org/apache/tomcat/util/net/Constants.java | 2 ++
java/org/apache/tomcat/util/net/SecureNio2Channel.java | 18 ++
webapps/docs/changelog.xml | 6 ++
3 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/Constants.java
b/java/org/apache/tomcat/util/net/Constants.java
index ca5c0e4..9cda5e1 100644
--- a/java/org/apache/tomcat/util/net/Constants.java
+++ b/java/org/apache/tomcat/util/net/Constants.java
@@ -38,4 +38,6 @@ public class Constants {
public static final String SSL_PROTO_SSLv3 = "SSLv3";
public static final String SSL_PROTO_SSLv2 = "SSLv2";
public static final String SSL_PROTO_SSLv2Hello = "SSLv2Hello";
+
+public static final boolean IS_SECURITY_ENABLED =
(System.getSecurityManager() != null);
}
diff --git a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
index 1f537e4..21a4ba1 100644
--- a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
+++ b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
@@ -101,12 +101,17 @@ public class SecureNio2Channel extends Nio2Channel {
if (result.intValue() < 0) {
failed(new EOFException(), attachment);
} else {
-endpoint.processSocket(attachment, SocketEvent.OPEN_READ,
false);
+// When running under a security manager always dispatch so the
+// processing occurs on a thread with the correct security
+// context.
+endpoint.processSocket(attachment, SocketEvent.OPEN_READ,
Constants.IS_SECURITY_ENABLED);
}
}
@Override
public void failed(Throwable exc, SocketWrapperBase
attachment) {
-endpoint.processSocket(attachment, SocketEvent.ERROR, false);
+// When running under a security manager always dispatch so the
+// processing occurs on a thread with the correct security context.
+endpoint.processSocket(attachment, SocketEvent.ERROR,
Constants.IS_SECURITY_ENABLED);
}
}
@@ -118,12 +123,17 @@ public class SecureNio2Channel extends Nio2Channel {
if (result.intValue() < 0) {
failed(new EOFException(), attachment);
} else {
-endpoint.processSocket(attachment, SocketEvent.OPEN_WRITE,
false);
+// When running under a security manager always dispatch so the
+// processing occurs on a thread with the correct security
+// context.
+endpoint.processSocket(attachment, SocketEvent.OPEN_WRITE,
Constants.IS_SECURITY_ENABLED);
}
}
@Override
public void failed(Throwable exc, SocketWrapperBase
attachment) {
-endpoint.processSocket(attachment, SocketEvent.ERROR, false);
+// When running under a security manager always dispatch so the
+// processing occurs on a thread with the correct security context.
+endpoint.processSocket(attachment, SocketEvent.ERROR,
Constants.IS_SECURITY_ENABLED);
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 49f30a4..db132e7 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -160,6 +160,11 @@
RST frame sent to the client is the one associated with
the
error that triggered the reset. (markt)
+
+65714: Fix exceptions when the security manager is enabled
+and the first request received after starting is an HTTP request to a
+TLS enabled NIO2 connector. (markt)
+
@@ -10274,3 +10279,4 @@
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Fix Bz 65714 - security manager + TLS + NIO2
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 68bc8ad Fix Bz 65714 - security manager + TLS + NIO2
68bc8ad is described below
commit 68bc8adbac45e8d28c11c47f6b742788b549a572
Author: Mark Thomas
AuthorDate: Wed Dec 1 09:27:36 2021 +
Fix Bz 65714 - security manager + TLS + NIO2
---
java/org/apache/tomcat/util/net/Constants.java | 2 ++
java/org/apache/tomcat/util/net/SecureNio2Channel.java | 18 ++
webapps/docs/changelog.xml | 6 ++
3 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/Constants.java
b/java/org/apache/tomcat/util/net/Constants.java
index ca5c0e4..9cda5e1 100644
--- a/java/org/apache/tomcat/util/net/Constants.java
+++ b/java/org/apache/tomcat/util/net/Constants.java
@@ -38,4 +38,6 @@ public class Constants {
public static final String SSL_PROTO_SSLv3 = "SSLv3";
public static final String SSL_PROTO_SSLv2 = "SSLv2";
public static final String SSL_PROTO_SSLv2Hello = "SSLv2Hello";
+
+public static final boolean IS_SECURITY_ENABLED =
(System.getSecurityManager() != null);
}
diff --git a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
index f0e4bb7..66daeb4 100644
--- a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
+++ b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
@@ -101,12 +101,17 @@ public class SecureNio2Channel extends Nio2Channel {
if (result.intValue() < 0) {
failed(new EOFException(), attachment);
} else {
-endpoint.processSocket(attachment, SocketEvent.OPEN_READ,
false);
+// When running under a security manager always dispatch so the
+// processing occurs on a thread with the correct security
+// context.
+endpoint.processSocket(attachment, SocketEvent.OPEN_READ,
Constants.IS_SECURITY_ENABLED);
}
}
@Override
public void failed(Throwable exc, SocketWrapperBase
attachment) {
-endpoint.processSocket(attachment, SocketEvent.ERROR, false);
+// When running under a security manager always dispatch so the
+// processing occurs on a thread with the correct security context.
+endpoint.processSocket(attachment, SocketEvent.ERROR,
Constants.IS_SECURITY_ENABLED);
}
}
@@ -118,12 +123,17 @@ public class SecureNio2Channel extends Nio2Channel {
if (result.intValue() < 0) {
failed(new EOFException(), attachment);
} else {
-endpoint.processSocket(attachment, SocketEvent.OPEN_WRITE,
false);
+// When running under a security manager always dispatch so the
+// processing occurs on a thread with the correct security
+// context.
+endpoint.processSocket(attachment, SocketEvent.OPEN_WRITE,
Constants.IS_SECURITY_ENABLED);
}
}
@Override
public void failed(Throwable exc, SocketWrapperBase
attachment) {
-endpoint.processSocket(attachment, SocketEvent.ERROR, false);
+// When running under a security manager always dispatch so the
+// processing occurs on a thread with the correct security context.
+endpoint.processSocket(attachment, SocketEvent.ERROR,
Constants.IS_SECURITY_ENABLED);
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0e88b55..8bd4b5c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -167,6 +167,11 @@
RST frame sent to the client is the one associated with
the
error that triggered the reset. (markt)
+
+65714: Fix exceptions when the security manager is enabled
+and the first request received after starting is an HTTP request to a
+TLS enabled NIO2 connector. (markt)
+
@@ -12105,3 +12110,4 @@
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Fix Bz 65714 - security manager + TLS + NIO2
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new 4fd0de2 Fix Bz 65714 - security manager + TLS + NIO2
4fd0de2 is described below
commit 4fd0de246766ea3f1e778c2b3e448d5e49fc0f72
Author: Mark Thomas
AuthorDate: Wed Dec 1 09:27:36 2021 +
Fix Bz 65714 - security manager + TLS + NIO2
---
java/org/apache/tomcat/util/net/Constants.java | 2 ++
java/org/apache/tomcat/util/net/SecureNio2Channel.java | 18 ++
webapps/docs/changelog.xml | 6 ++
3 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/Constants.java
b/java/org/apache/tomcat/util/net/Constants.java
index ca5c0e4..9cda5e1 100644
--- a/java/org/apache/tomcat/util/net/Constants.java
+++ b/java/org/apache/tomcat/util/net/Constants.java
@@ -38,4 +38,6 @@ public class Constants {
public static final String SSL_PROTO_SSLv3 = "SSLv3";
public static final String SSL_PROTO_SSLv2 = "SSLv2";
public static final String SSL_PROTO_SSLv2Hello = "SSLv2Hello";
+
+public static final boolean IS_SECURITY_ENABLED =
(System.getSecurityManager() != null);
}
diff --git a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
index f0e4bb7..66daeb4 100644
--- a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
+++ b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
@@ -101,12 +101,17 @@ public class SecureNio2Channel extends Nio2Channel {
if (result.intValue() < 0) {
failed(new EOFException(), attachment);
} else {
-endpoint.processSocket(attachment, SocketEvent.OPEN_READ,
false);
+// When running under a security manager always dispatch so the
+// processing occurs on a thread with the correct security
+// context.
+endpoint.processSocket(attachment, SocketEvent.OPEN_READ,
Constants.IS_SECURITY_ENABLED);
}
}
@Override
public void failed(Throwable exc, SocketWrapperBase
attachment) {
-endpoint.processSocket(attachment, SocketEvent.ERROR, false);
+// When running under a security manager always dispatch so the
+// processing occurs on a thread with the correct security context.
+endpoint.processSocket(attachment, SocketEvent.ERROR,
Constants.IS_SECURITY_ENABLED);
}
}
@@ -118,12 +123,17 @@ public class SecureNio2Channel extends Nio2Channel {
if (result.intValue() < 0) {
failed(new EOFException(), attachment);
} else {
-endpoint.processSocket(attachment, SocketEvent.OPEN_WRITE,
false);
+// When running under a security manager always dispatch so the
+// processing occurs on a thread with the correct security
+// context.
+endpoint.processSocket(attachment, SocketEvent.OPEN_WRITE,
Constants.IS_SECURITY_ENABLED);
}
}
@Override
public void failed(Throwable exc, SocketWrapperBase
attachment) {
-endpoint.processSocket(attachment, SocketEvent.ERROR, false);
+// When running under a security manager always dispatch so the
+// processing occurs on a thread with the correct security context.
+endpoint.processSocket(attachment, SocketEvent.ERROR,
Constants.IS_SECURITY_ENABLED);
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8ec7987..a366fb1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -167,6 +167,11 @@
RST frame sent to the client is the one associated with
the
error that triggered the reset. (markt)
+
+65714: Fix exceptions when the security manager is enabled
+and the first request received after starting is an HTTP request to a
+TLS enabled NIO2 connector. (markt)
+
@@ -3306,3 +3311,4 @@
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Fix Bz 65714 - security manager + TLS + NIO2
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 9764aa4 Fix Bz 65714 - security manager + TLS + NIO2
9764aa4 is described below
commit 9764aa418a7c827b6686f9bc0e5a942f73bddb4c
Author: Mark Thomas
AuthorDate: Wed Dec 1 09:27:36 2021 +
Fix Bz 65714 - security manager + TLS + NIO2
---
java/org/apache/tomcat/util/net/Constants.java | 2 ++
java/org/apache/tomcat/util/net/SecureNio2Channel.java | 18 ++
webapps/docs/changelog.xml | 6 ++
3 files changed, 22 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/Constants.java
b/java/org/apache/tomcat/util/net/Constants.java
index ca5c0e4..9cda5e1 100644
--- a/java/org/apache/tomcat/util/net/Constants.java
+++ b/java/org/apache/tomcat/util/net/Constants.java
@@ -38,4 +38,6 @@ public class Constants {
public static final String SSL_PROTO_SSLv3 = "SSLv3";
public static final String SSL_PROTO_SSLv2 = "SSLv2";
public static final String SSL_PROTO_SSLv2Hello = "SSLv2Hello";
+
+public static final boolean IS_SECURITY_ENABLED =
(System.getSecurityManager() != null);
}
diff --git a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
index 56a9ebf..5f1037f 100644
--- a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
+++ b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
@@ -100,12 +100,17 @@ public class SecureNio2Channel extends Nio2Channel {
if (result.intValue() < 0) {
failed(new EOFException(), attachment);
} else {
-endpoint.processSocket(attachment, SocketEvent.OPEN_READ,
false);
+// When running under a security manager always dispatch so the
+// processing occurs on a thread with the correct security
+// context.
+endpoint.processSocket(attachment, SocketEvent.OPEN_READ,
Constants.IS_SECURITY_ENABLED);
}
}
@Override
public void failed(Throwable exc, SocketWrapperBase
attachment) {
-endpoint.processSocket(attachment, SocketEvent.ERROR, false);
+// When running under a security manager always dispatch so the
+// processing occurs on a thread with the correct security context.
+endpoint.processSocket(attachment, SocketEvent.ERROR,
Constants.IS_SECURITY_ENABLED);
}
}
@@ -117,12 +122,17 @@ public class SecureNio2Channel extends Nio2Channel {
if (result.intValue() < 0) {
failed(new EOFException(), attachment);
} else {
-endpoint.processSocket(attachment, SocketEvent.OPEN_WRITE,
false);
+// When running under a security manager always dispatch so the
+// processing occurs on a thread with the correct security
+// context.
+endpoint.processSocket(attachment, SocketEvent.OPEN_WRITE,
Constants.IS_SECURITY_ENABLED);
}
}
@Override
public void failed(Throwable exc, SocketWrapperBase
attachment) {
-endpoint.processSocket(attachment, SocketEvent.ERROR, false);
+// When running under a security manager always dispatch so the
+// processing occurs on a thread with the correct security context.
+endpoint.processSocket(attachment, SocketEvent.ERROR,
Constants.IS_SECURITY_ENABLED);
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index edeef04..aec3b90 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -175,6 +175,11 @@
RST frame sent to the client is the one associated with
the
error that triggered the reset. (markt)
+
+65714: Fix exceptions when the security manager is enabled
+and the first request received after starting is an HTTP request to a
+TLS enabled NIO2 connector. (markt)
+
@@ -1211,3 +1216,4 @@
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Tagging 10.1.x & 10.0.x
Hi all, It is the start of a new month so I am intending to tag 10.1.x and 10.0.x shortly. I do have a slight concern that the DigiCert code signing renewal either isn't complete or hasn't been processed fully as there is one location where an expiry data of yesterday is shown. I'll report back on this when I get that far with the releases. I'm about to start my usual round of testing. Tags to follow once that is complete. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65714] HTTPS connection error using NIO2 with security manager enabled
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714 Mark Thomas changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |FIXED --- Comment #8 from Mark Thomas --- Fixed in: - 10.1.x for 10.1.0-M8 onwards - 10.0.x for 10.0.14 onwards - 9.0.x for 9.0.56 onwards - 8.5.x for 8.5.74 onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Tagging 10.1.x & 10.0.x
On Wed, Dec 1, 2021 at 10:42 AM Mark Thomas wrote: > > Hi all, > > It is the start of a new month so I am intending to tag 10.1.x and > 10.0.x shortly. > > I do have a slight concern that the DigiCert code signing renewal either > isn't complete or hasn't been processed fully as there is one location > where an expiry data of yesterday is shown. I'll report back on this > when I get that far with the releases. > > I'm about to start my usual round of testing. Tags to follow once that > is complete. Ok, I'm ready to tag 9.0.x as well. I hope the signing works obviously ... For the next round of releases in 2022, I'd like to try releasing a build of the OpenSSL module, it's so small and light it's worth a test run. Rémy > Mark > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65714] HTTPS connection error using NIO2 with security manager enabled
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714 --- Comment #9 from Allan --- Sounds great. Appreciate the quick turn around. Don't mind a slower option for now. Looking forward to test this in the next release -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Try to improve test reliability
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 86cd4eb Try to improve test reliability
86cd4eb is described below
commit 86cd4eb9b47066c72f832a049c4b17a3ba996c83
Author: Mark Thomas
AuthorDate: Wed Dec 1 10:57:00 2021 +
Try to improve test reliability
---
.../group/interceptors/TestTcpFailureDetector.java | 16 ++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git
a/test/org/apache/catalina/tribes/group/interceptors/TestTcpFailureDetector.java
b/test/org/apache/catalina/tribes/group/interceptors/TestTcpFailureDetector.java
index fb08670..ea68988 100644
---
a/test/org/apache/catalina/tribes/group/interceptors/TestTcpFailureDetector.java
+++
b/test/org/apache/catalina/tribes/group/interceptors/TestTcpFailureDetector.java
@@ -105,8 +105,20 @@ public class TestTcpFailureDetector {
channel2.start(Channel.MBR_RX_SEQ);
channel2.stop(Channel.SND_RX_SEQ);
channel2.start(Channel.MBR_TX_SEQ);
-//Thread.sleep(1000);
-Assert.assertEquals("Expecting member count to not be
equal",mbrlist1.members.size()+1,mbrlist2.members.size());
+// Intermittent CI failure
+// Allow up to 5 seconds for membership to reach expected state
+int count = 0;
+while (mbrlist1.members.size()+1 != mbrlist2.members.size() && count <
100) {
+Thread.sleep(50);
+count++;
+}
+// Ensure membership remains in expected state for the same period plus
+// 1 second
+count += 20;
+while (count > 0) {
+Assert.assertEquals("Expecting member count to not be
equal",mbrlist1.members.size()+1,mbrlist2.members.size());
+count--;
+}
channel1.stop(Channel.DEFAULT);
channel2.stop(Channel.DEFAULT);
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Try to improve test reliability
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 8747144 Try to improve test reliability
8747144 is described below
commit 8747144606718ee9b57e89076a57ee0906dd6e47
Author: Mark Thomas
AuthorDate: Wed Dec 1 10:57:00 2021 +
Try to improve test reliability
---
.../group/interceptors/TestTcpFailureDetector.java | 16 ++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git
a/test/org/apache/catalina/tribes/group/interceptors/TestTcpFailureDetector.java
b/test/org/apache/catalina/tribes/group/interceptors/TestTcpFailureDetector.java
index fb08670..ea68988 100644
---
a/test/org/apache/catalina/tribes/group/interceptors/TestTcpFailureDetector.java
+++
b/test/org/apache/catalina/tribes/group/interceptors/TestTcpFailureDetector.java
@@ -105,8 +105,20 @@ public class TestTcpFailureDetector {
channel2.start(Channel.MBR_RX_SEQ);
channel2.stop(Channel.SND_RX_SEQ);
channel2.start(Channel.MBR_TX_SEQ);
-//Thread.sleep(1000);
-Assert.assertEquals("Expecting member count to not be
equal",mbrlist1.members.size()+1,mbrlist2.members.size());
+// Intermittent CI failure
+// Allow up to 5 seconds for membership to reach expected state
+int count = 0;
+while (mbrlist1.members.size()+1 != mbrlist2.members.size() && count <
100) {
+Thread.sleep(50);
+count++;
+}
+// Ensure membership remains in expected state for the same period plus
+// 1 second
+count += 20;
+while (count > 0) {
+Assert.assertEquals("Expecting member count to not be
equal",mbrlist1.members.size()+1,mbrlist2.members.size());
+count--;
+}
channel1.stop(Channel.DEFAULT);
channel2.stop(Channel.DEFAULT);
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Try to improve test reliability
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new b6a8953 Try to improve test reliability
b6a8953 is described below
commit b6a8953c428f19e0666c5f9aee91171cc287d69b
Author: Mark Thomas
AuthorDate: Wed Dec 1 10:57:00 2021 +
Try to improve test reliability
---
.../group/interceptors/TestTcpFailureDetector.java | 16 ++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git
a/test/org/apache/catalina/tribes/group/interceptors/TestTcpFailureDetector.java
b/test/org/apache/catalina/tribes/group/interceptors/TestTcpFailureDetector.java
index fb08670..ea68988 100644
---
a/test/org/apache/catalina/tribes/group/interceptors/TestTcpFailureDetector.java
+++
b/test/org/apache/catalina/tribes/group/interceptors/TestTcpFailureDetector.java
@@ -105,8 +105,20 @@ public class TestTcpFailureDetector {
channel2.start(Channel.MBR_RX_SEQ);
channel2.stop(Channel.SND_RX_SEQ);
channel2.start(Channel.MBR_TX_SEQ);
-//Thread.sleep(1000);
-Assert.assertEquals("Expecting member count to not be
equal",mbrlist1.members.size()+1,mbrlist2.members.size());
+// Intermittent CI failure
+// Allow up to 5 seconds for membership to reach expected state
+int count = 0;
+while (mbrlist1.members.size()+1 != mbrlist2.members.size() && count <
100) {
+Thread.sleep(50);
+count++;
+}
+// Ensure membership remains in expected state for the same period plus
+// 1 second
+count += 20;
+while (count > 0) {
+Assert.assertEquals("Expecting member count to not be
equal",mbrlist1.members.size()+1,mbrlist2.members.size());
+count--;
+}
channel1.stop(Channel.DEFAULT);
channel2.stop(Channel.DEFAULT);
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Try to improve test reliability
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new b42d2ed Try to improve test reliability
b42d2ed is described below
commit b42d2ed4b1bfc1d70b12351943dc63a46c6b7172
Author: Mark Thomas
AuthorDate: Wed Dec 1 10:57:00 2021 +
Try to improve test reliability
---
.../group/interceptors/TestTcpFailureDetector.java | 16 ++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git
a/test/org/apache/catalina/tribes/group/interceptors/TestTcpFailureDetector.java
b/test/org/apache/catalina/tribes/group/interceptors/TestTcpFailureDetector.java
index fb08670..ea68988 100644
---
a/test/org/apache/catalina/tribes/group/interceptors/TestTcpFailureDetector.java
+++
b/test/org/apache/catalina/tribes/group/interceptors/TestTcpFailureDetector.java
@@ -105,8 +105,20 @@ public class TestTcpFailureDetector {
channel2.start(Channel.MBR_RX_SEQ);
channel2.stop(Channel.SND_RX_SEQ);
channel2.start(Channel.MBR_TX_SEQ);
-//Thread.sleep(1000);
-Assert.assertEquals("Expecting member count to not be
equal",mbrlist1.members.size()+1,mbrlist2.members.size());
+// Intermittent CI failure
+// Allow up to 5 seconds for membership to reach expected state
+int count = 0;
+while (mbrlist1.members.size()+1 != mbrlist2.members.size() && count <
100) {
+Thread.sleep(50);
+count++;
+}
+// Ensure membership remains in expected state for the same period plus
+// 1 second
+count += 20;
+while (count > 0) {
+Assert.assertEquals("Expecting member count to not be
equal",mbrlist1.members.size()+1,mbrlist2.members.size());
+count--;
+}
channel1.stop(Channel.DEFAULT);
channel2.stop(Channel.DEFAULT);
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65710] multipartfile stream close doesn't release the handle
https://bz.apache.org/bugzilla/show_bug.cgi?id=65710
--- Comment #5 from promena...@163.com ---
test code:
@RestController
@RequestMapping(value = "/demo")
public class DemoController {
@RequestMapping(value = "/upload",method = RequestMethod.POST)
public String upload(@RequestParam("file") MultipartFile file){
try{
InputStream inputStream = file.getInputStream();
}catch (IOException e){
e.printStackTrace();
}
return "ok";
}
}
curl request:
#!/bin/bash
while ((1))
do
curl -X POST \
http://192.168.157.128:8080/demo/upload \
-H 'cache-control: no-cache' \
-H 'content-type: multipart/form-data;
boundary=WebKitFormBoundary7MA4YWxkTrZu0gW' \
-H 'postman-token: 2928b4db-034f-9c57-209e-d3f31474596b' \
-F 'file=@test.pdf'
done
in Tomcat 9.0.52, the linux handle will autorelease
ll /proc/*/fd | grep delete | wc -l
it will not increase to the limit .
in Tomcat 9.0.54, will not.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Align behaviour on MacOs with Linux/Windows
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 41ec23a Align behaviour on MacOs with Linux/Windows
41ec23a is described below
commit 41ec23a78bc0522db9cc5e4e1a71face73461109
Author: Mark Thomas
AuthorDate: Wed Dec 1 16:39:31 2021 +
Align behaviour on MacOs with Linux/Windows
---
.../apache/tomcat/util/net/openssl/OpenSSLContext.java | 18 ++
webapps/docs/changelog.xml | 5 +
2 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
index eb5056e..d05275a 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
@@ -381,10 +381,20 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
}
} else {
-// Client certificate verification based on trusted CA files
and dirs
-SSLContext.setCACertificate(state.ctx,
-
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()),
-
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath()));
+if (sslHostConfig.getCaCertificateFile() == null &&
sslHostConfig.getCaCertificatePath() == null) {
+// No CA certificates configured. Reject all client
certificates.
+SSLContext.setCertVerifyCallback(state.ctx, new
CertificateVerifier() {
+@Override
+public boolean verify(long ssl, byte[][] chain, String
auth) {
+return false;
+}
+});
+} else {
+// Client certificate verification based on trusted CA
files and dirs
+SSLContext.setCACertificate(state.ctx,
+
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()),
+
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath()));
+}
}
if (negotiableProtocols != null && negotiableProtocols.size() > 0)
{
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index aec3b90..2312bcf 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -180,6 +180,11 @@
and the first request received after starting is an HTTP request to a
TLS enabled NIO2 connector. (markt)
+
+Ensure that using NIO or NIO2 with OpenSSL for TLS behaves the same way
+on MacOS as it does on Linux and Windows when no trusted certificate
+authorities are configured and reject all client certificates. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Align behaviour on MacOs with Linux/Windows
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new 263b6e0 Align behaviour on MacOs with Linux/Windows
263b6e0 is described below
commit 263b6e0eef1a69a544c2a45db3b1bab37e09008e
Author: Mark Thomas
AuthorDate: Wed Dec 1 16:39:31 2021 +
Align behaviour on MacOs with Linux/Windows
---
.../apache/tomcat/util/net/openssl/OpenSSLContext.java | 18 ++
webapps/docs/changelog.xml | 5 +
2 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
index ed0b5af..d942d4c 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
@@ -379,10 +379,20 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
}
} else {
-// Client certificate verification based on trusted CA files
and dirs
-SSLContext.setCACertificate(ctx,
-
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()),
-
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath()));
+if (sslHostConfig.getCaCertificateFile() == null &&
sslHostConfig.getCaCertificatePath() == null) {
+// No CA certificates configured. Reject all client
certificates.
+SSLContext.setCertVerifyCallback(ctx, new
CertificateVerifier() {
+@Override
+public boolean verify(long ssl, byte[][] chain, String
auth) {
+return false;
+}
+});
+} else {
+// Client certificate verification based on trusted CA
files and dirs
+SSLContext.setCACertificate(ctx,
+
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()),
+
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath()));
+}
}
if (negotiableProtocols != null && negotiableProtocols.size() > 0)
{
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a366fb1..9c047e3 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -172,6 +172,11 @@
and the first request received after starting is an HTTP request to a
TLS enabled NIO2 connector. (markt)
+
+Ensure that using NIO or NIO2 with OpenSSL for TLS behaves the same way
+on MacOS as it does on Linux and Windows when no trusted certificate
+authorities are configured and reject all client certificates. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Align behaviour on MacOs with Linux/Windows
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 4cd533b Align behaviour on MacOs with Linux/Windows
4cd533b is described below
commit 4cd533b7b298a83bc96a74ebc37f8b92b898fd39
Author: Mark Thomas
AuthorDate: Wed Dec 1 16:39:31 2021 +
Align behaviour on MacOs with Linux/Windows
---
.../apache/tomcat/util/net/openssl/OpenSSLContext.java | 18 ++
webapps/docs/changelog.xml | 5 +
2 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
index ed0b5af..d942d4c 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
@@ -379,10 +379,20 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
}
} else {
-// Client certificate verification based on trusted CA files
and dirs
-SSLContext.setCACertificate(ctx,
-
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()),
-
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath()));
+if (sslHostConfig.getCaCertificateFile() == null &&
sslHostConfig.getCaCertificatePath() == null) {
+// No CA certificates configured. Reject all client
certificates.
+SSLContext.setCertVerifyCallback(ctx, new
CertificateVerifier() {
+@Override
+public boolean verify(long ssl, byte[][] chain, String
auth) {
+return false;
+}
+});
+} else {
+// Client certificate verification based on trusted CA
files and dirs
+SSLContext.setCACertificate(ctx,
+
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()),
+
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath()));
+}
}
if (negotiableProtocols != null && negotiableProtocols.size() > 0)
{
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8bd4b5c..bbc985a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -172,6 +172,11 @@
and the first request received after starting is an HTTP request to a
TLS enabled NIO2 connector. (markt)
+
+Ensure that using NIO or NIO2 with OpenSSL for TLS behaves the same way
+on MacOS as it does on Linux and Windows when no trusted certificate
+authorities are configured and reject all client certificates. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Align behaviour on MacOs with Linux/Windows
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 3a4c7bf Align behaviour on MacOs with Linux/Windows
3a4c7bf is described below
commit 3a4c7bf2513a6f3e52d9608f3855d5f8148fef48
Author: Mark Thomas
AuthorDate: Wed Dec 1 16:39:31 2021 +
Align behaviour on MacOs with Linux/Windows
---
.../apache/tomcat/util/net/openssl/OpenSSLContext.java | 18 ++
webapps/docs/changelog.xml | 5 +
2 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
index 6d98744..72fc840 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
@@ -384,10 +384,20 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
}
} else {
-// Client certificate verification based on trusted CA files
and dirs
-SSLContext.setCACertificate(ctx,
-
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()),
-
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath()));
+if (sslHostConfig.getCaCertificateFile() == null &&
sslHostConfig.getCaCertificatePath() == null) {
+// No CA certificates configured. Reject all client
certificates.
+SSLContext.setCertVerifyCallback(ctx, new
CertificateVerifier() {
+@Override
+public boolean verify(long ssl, byte[][] chain, String
auth) {
+return false;
+}
+});
+} else {
+// Client certificate verification based on trusted CA
files and dirs
+SSLContext.setCACertificate(ctx,
+
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()),
+
SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath()));
+}
}
if (negotiableProtocols != null && negotiableProtocols.size() > 0)
{
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index db132e7..6168046 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -165,6 +165,11 @@
and the first request received after starting is an HTTP request to a
TLS enabled NIO2 connector. (markt)
+
+Ensure that using NIO or NIO2 with OpenSSL for TLS behaves the same way
+on MacOS as it does on Linux and Windows when no trusted certificate
+authorities are configured and reject all client certificates. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65710] multipartfile stream close doesn't release the handle
https://bz.apache.org/bugzilla/show_bug.cgi?id=65710 --- Comment #6 from Mark Thomas --- Java version? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65710] multipartfile stream close doesn't release the handle
https://bz.apache.org/bugzilla/show_bug.cgi?id=65710 --- Comment #7 from Mark Thomas --- My testing so far indicates that this is a Java 8 bug. With Java 11 the file descriptors are cleaned up. In Java 8, they are not. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Align behaviour on MacOs with Linux/Windows
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 1320a0a Align behaviour on MacOs with Linux/Windows
1320a0a is described below
commit 1320a0aa934bdc3a721201eea405c16592c61dac
Author: remm
AuthorDate: Wed Dec 1 19:21:59 2021 +0100
Align behaviour on MacOs with Linux/Windows
Port of 41ec23a78bc0522db9cc5e4e1a71face73461109
---
.../org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 4a56e39..e3c6f49 100644
---
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -650,6 +650,12 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
log.warn(sm.getString("openssl.noCACerts"));
}
}
+} else {
+// No CA certificates configured. Reject all client
certificates.
+MemoryAddress openSSLCallbackCertVerify =
+
CLinker.getInstance().upcallStub(openSSLCallbackCertVerifyHandle,
+openSSLCallbackCertVerifyFunctionDescriptor,
contextScope);
+SSL_CTX_set_cert_verify_callback(state.sslCtx,
openSSLCallbackCertVerify, MemoryAddress.NULL);
}
if (state.negotiableProtocols != null &&
state.negotiableProtocols.size() > 0) {
@@ -813,7 +819,6 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
ContextState state = getState(param);
if (state == null) {
-log.warn(sm.getString("context.noSSL",
Long.valueOf(param.toRawLongValue(;
return 0;
}
MemoryAddress ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
SSL_get_ex_data_X509_STORE_CTX_idx());
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Tagging 10.1.x & 10.0.x
On 01/12/2021 10:03, Rémy Maucherat wrote: On Wed, Dec 1, 2021 at 10:42 AM Mark Thomas wrote: Hi all, It is the start of a new month so I am intending to tag 10.1.x and 10.0.x shortly. I do have a slight concern that the DigiCert code signing renewal either isn't complete or hasn't been processed fully as there is one location where an expiry data of yesterday is shown. I'll report back on this when I get that far with the releases. I'm about to start my usual round of testing. Tags to follow once that is complete. Ok, I'm ready to tag 9.0.x as well. I hope the signing works obviously ... For the next round of releases in 2022, I'd like to try releasing a build of the OpenSSL module, it's so small and light it's worth a test run. Sounds good. Testing taking a little bit longer as I am working on some intermittent failures. Looking like tags will happen tomorrow at the moment. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65710] multipartfile stream close doesn't release the handle
https://bz.apache.org/bugzilla/show_bug.cgi?id=65710
--- Comment #8 from Christopher Schultz ---
(In reply to promenader from comment #5)
> public String upload(@RequestParam("file") MultipartFile file){
> try{
> InputStream inputStream = file.getInputStream();
> }catch (IOException e){
> e.printStackTrace();
> }
No "finally" block?
I mean... you are leaking the fd right there in your code. Sure, the JVM should
eventually GC this reference, but you aren't even trying.
What happens if you do it properly:
InputStream inputStream = null;
try {
inputStream = file.getInputStream();
} catch (IOException e) {
e.printStackTrace();
} finally {
if(null != inputStream) try { inputStream.close(); }
catch (IOException ioe) { ioe.printStackTrace(); }
}
Or, if you are using a modern Java version:
try(InputStream inputStream = file.getInputStream()) {
// do whatever
} catch (IOException ioe) {
ioe.printStackTrace();
}
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65710] multipartfile stream close doesn't release the handle
https://bz.apache.org/bugzilla/show_bug.cgi?id=65710 --- Comment #9 from promena...@163.com --- (In reply to Mark Thomas from comment #7) > My testing so far indicates that this is a Java 8 bug. With Java 11 the file > descriptors are cleaned up. In Java 8, they are not. Yes. This is in Java 8. But in Tomcat version 9.0.52 the file descriptors are cleaned up. In Tomcat version 9.0.54 they are not. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65710] multipartfile stream close doesn't release the handle
https://bz.apache.org/bugzilla/show_bug.cgi?id=65710
--- Comment #10 from promena...@163.com ---
(In reply to Christopher Schultz from comment #8)
> (In reply to promenader from comment #5)
> > public String upload(@RequestParam("file") MultipartFile file){
> > try{
> > InputStream inputStream = file.getInputStream();
> > }catch (IOException e){
> > e.printStackTrace();
> > }
>
> No "finally" block?
>
> I mean... you are leaking the fd right there in your code. Sure, the JVM
> should eventually GC this reference, but you aren't even trying.
>
> What happens if you do it properly:
>
> InputStream inputStream = null;
> try {
> inputStream = file.getInputStream();
> } catch (IOException e) {
> e.printStackTrace();
> } finally {
> if(null != inputStream) try { inputStream.close(); }
> catch (IOException ioe) { ioe.printStackTrace(); }
> }
>
> Or, if you are using a modern Java version:
>
> try(InputStream inputStream = file.getInputStream()) {
> // do whatever
> } catch (IOException ioe) {
> ioe.printStackTrace();
> }
Yes. leaking the fd right here is on purpose. Just want to show when IOStream
closed failed. which Tomcat version will autorelease the linux handle.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65710] multipartfile stream close doesn't release the handle
https://bz.apache.org/bugzilla/show_bug.cgi?id=65710 --- Comment #11 from promena...@163.com --- I am confused why Java 8 in Tomcat 9.0.52 can autoRelease the handle. while Java 8 Tomcat 9.0.54 cann't. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
