date:20211215

[tomcat] branch main updated: Fix typo (spotted by rjung)

2021-12-15 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 302fcea  Fix typo (spotted by rjung)
302fcea is described below

commit 302fcea312947f5b076c2b61da62f52c0dd56588
Author: Mark Thomas 
AuthorDate: Wed Dec 15 10:10:04 2021 +

Fix typo (spotted by rjung)
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6924220..8a4de63 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -135,7 +135,7 @@
 
   
 65724: Fix missing messages for some
-PropertyNotWtriableExceptions caused by a typo in the name
+PropertyNotWritableExceptions caused by a typo in the name
 used for a resource string. (markt)
   
 

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 10.0.x updated: Fix typo (spotted by rjung)

2021-12-15 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.0.x by this push:
 new a4219bd  Fix typo (spotted by rjung)
a4219bd is described below

commit a4219bd880b71f5113199aa3dfdbfca2800cec85
Author: Mark Thomas 
AuthorDate: Wed Dec 15 10:10:04 2021 +

Fix typo (spotted by rjung)
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index bc5b28f..49920bf 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -126,7 +126,7 @@
 
   
 65724: Fix missing messages for some
-PropertyNotWtriableExceptions caused by a typo in the name
+PropertyNotWritableExceptions caused by a typo in the name
 used for a resource string. (markt)
   
 

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated: Fix typo (spotted by rjung)

2021-12-15 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 465f7fb  Fix typo (spotted by rjung)
465f7fb is described below

commit 465f7fb31ee7e4615833c9f4b2ea3afab556a358
Author: Mark Thomas 
AuthorDate: Wed Dec 15 10:10:04 2021 +

Fix typo (spotted by rjung)
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e0168ee..85b1587 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -126,7 +126,7 @@
 
   
 65724: Fix missing messages for some
-PropertyNotWtriableExceptions caused by a typo in the name
+PropertyNotWritableExceptions caused by a typo in the name
 used for a resource string. (markt)
   
 

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Fix typo (spotted by rjung)

2021-12-15 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 36037f7  Fix typo (spotted by rjung)
36037f7 is described below

commit 36037f77be9e436e8ded3580ea34dd21273a4ed5
Author: Mark Thomas 
AuthorDate: Wed Dec 15 10:10:04 2021 +

Fix typo (spotted by rjung)
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 4935c3d..84a80fd 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -191,7 +191,7 @@
 
   
 65724: Fix missing messages for some
-PropertyNotWtriableExceptions caused by a typo in the name
+PropertyNotWritableExceptions caused by a typo in the name
 used for a resource string. (markt)
   
 

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1895980 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml

2021-12-15 Thread markt

Author: markt
Date: Wed Dec 15 11:15:46 2021
New Revision: 1895980

URL: http://svn.apache.org/viewvc?rev=1895980&view=rev
Log:
Add CVE-2021-44228 to the 'Not a vulnerability in Tomcat' section

Modified:
tomcat/site/trunk/docs/security-10.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/docs/security-9.html
tomcat/site/trunk/xdocs/security-10.xml
tomcat/site/trunk/xdocs/security-8.xml
tomcat/site/trunk/xdocs/security-9.xml

Modified: tomcat/site/trunk/docs/security-10.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-10.html?rev=1895980&r1=1895979&r2=1895980&view=diff
==
--- tomcat/site/trunk/docs/security-10.html (original)
+++ tomcat/site/trunk/docs/security-10.html Wed Dec 15 11:15:46 2021
@@ -1,6 +1,6 @@
 
 Apache Tomcat® - Apache Tomcat 10 
vulnerabilitieshttp://tomcat.apache.org/";>Apache 
Tomcat®https://www.apache.org/foundation/contributing.html"; target="_blank" 
class="pull-left">https://www.apache.org/images/SupportApache-small.png"; class="support-asf" 
alt="Support Apache">http://www.apache.org/"; target="_blank" class="pull-left">https://www.google.com/search"; method="get">GOApache 
TomcatHomeTaglibsMaven 
PluginDownloadWhich version?https://tomcat.apache.org/download-10.cgi";>Tomcat 10https://tomcat.apache.org/download-90.cgi";>Tomcat 9https://tomcat.apache.org/downlo
 ad-80.cgi">Tomcat 8https://tomcat.apache.org/download-migration.cgi";>Tomcat Migration Tool 
for Jakarta EEhttps://tomcat.apache.org/download-connectors.cgi";>Tomcat 
Connectorshttps://tomcat.apache.org/download-native.cgi";>Tomcat 
Nativehttps://tomcat.apache.org/download-taglibs.cgi";>Taglibshttps://archive.apache.org/dist/tomcat/";>ArchivesDocumentationTomcat 10.1 (alpha)Tomcat 10.0Tomcat 9.0Tomcat 8.5Tomcat ConnectorsTomcat Nativehttps://cwiki.apache.org/confluence/display/TOMCAT";>WikiMigration GuidePresentationshttps://cwiki.apache.org/confluence/x/Bi8lBg";>SpecificationsProblems?Security ReportsFind helphttps://cwiki.apache.org/confluence/display/TOMCAT/FAQ";>FAQMailing ListsBug 
DatabaseIRCGet 
InvolvedOverviewSource codeBuildbothttps://cwiki.apache.org/confluence/x/vIPzBQ";>TranslationsToolsMediahttps://twitter.com/theapachetomcat";>Twitterhttps://www.youtube.com/c/ApacheTomcatOfficial";>YouTubeBlogMiscWho We Arehttps://www.redbubble.com/people/comdev/works/30885254-apache-tomcat";>SwagHeritagehttp://www.apache.org";>Apache HomeResourcesContactLegalhttps://www.apache.org/foundation/contributing.html";>Support 
Apachehttps://www.apache.org/foundation/sponsorship.html";>Sponsorshiphttp://www.apache.org/foundation/thanks.html";>Thankshttp://www.apache.org/licenses/";>LicenseContentTable of Contents
-Apache Tomcat 10.x 
vulnerabilitiesFixed in 
Apache Tomcat 10.0.12Fixed in Apache Tomcat 
10.1.0-M6Fixed in Apache 
Tomcat 10.0.7Fixed in 
Apache Tomcat 10.0.6Fixed 
in Apache Tomcat 10.0.5Fixed in Apache Tomcat 
10.0.4Fixed in Apache 
Tomcat 10.0.2Fixed in 
Apache Tomcat 10.0.0-M10Fixed in Apache Tomcat 
10.0.0-M8Fixed in 
Apache Tomcat 10.0.0-M7Fixed in Apache Tomcat 10.0.0-M6Fixed in Apache Tomcat 
10.0.0-M5
+Apache Tomcat 10.x 
vulnerabilitiesFixed in 
Apache Tomcat 10.0.12Fixed in Apache Tomcat 
10.1.0-M6Fixed in Apache 
Tomcat 10.0.7Fixed in 
Apache Tomcat 10.0.6Fixed 
in Apache Tomcat 10.0.5Fixed in Apache Tomcat 
10.0.4Fixed in Apache 
Tomcat 10.0.2Fixed in 
Apache Tomcat 10.0.0-M10Fixed in Apache Tomcat 
10.0.0-M8Fixed in 
Apache Tomcat 10.0.0-M7Fixed in Apache Tomcat 10.0.0-M6Fixed in Apache Tomcat 
10.0.0-M5Not a 
vulnerability in Tomcat
 Apache Tomcat 10.x 
vulnerabilities
 This page lists all security vulnerabilities fixed in released versions
of Apache Tomcat 10.x. Each vulnerability is given a
@@ -381,6 +381,29 @@
 
 Affects: 10.0.0-M1 to 10.0.0-M4
 
+  Not a vulnerability in 
Tomcat
+
+Critical: Remote Code Execution via log4j
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228"; 
rel="nofollow">CVE-2021-44228
+
+Apache Tomcat 10.x has no dependency on any version of log4j.
+
+Web applications deployed on Apache Tomcat may have a dependency on
+   log4j. You should seek support from the application vendor in this
+   instance.
+
+It is possible to configure Apache Tomcat 10.x to use log4j 2.x for
+   Tomcat's internal logging. This requires explicit configuration and the
+   addition of the log4j 2.x library. Anyone who has switched Tomcat's
+   internal logging to log4j 2.x is likely to need to address this
+   vulnerability.
+   
+In most cases, disabling the problematic feature will be the simplest
+   solution. Exactly how to do that depends on the exact version of log4j
+   2.x being used. Details are provided on the
+   https://logging.apache.org/log4j/2.x/security.html";>log4j 2.x
+   security page.
+
   
 Copyright © 1999-2021, The Apache Software Foundation

[Bug 65736] Improve org.apache.naming.factory.BeanFactory to mitigate JNDI injection

2021-12-15 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=65736

--- Comment #7 from Mark Thomas  ---
Looking at this in a bit more detail I have a couple of observations/questions:

1. Has anyone got a suggestion to make enabling forceString support
configurable that doesn't involve a system property?

2. Is removing this feature entirely in 10.1.x reasonable?

3. Why doesn't Introspector find the "setSSLIdentity(String)" method. It looks
like it should. Is improving the method matching in Introspector an approach
that could work long term?

The answer to the first part of 3 may need some research. That is on my TODO
list but I'm unlikely to get to it before January.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65736] Improve org.apache.naming.factory.BeanFactory to mitigate JNDI injection

2021-12-15 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=65736

--- Comment #8 from Remy Maucherat  ---
(In reply to Mark Thomas from comment #7)
> Looking at this in a bit more detail I have a couple of
> observations/questions:
> 
> 1. Has anyone got a suggestion to make enabling forceString support
> configurable that doesn't involve a system property?

Nope.

> 2. Is removing this feature entirely in 10.1.x reasonable?

I think it's fine. Overall JNDI should use real object factories.

> 3. Why doesn't Introspector find the "setSSLIdentity(String)" method. It
> looks like it should. Is improving the method matching in Introspector an
> approach that could work long term?

No idea. But the BeanFactory doesn't use our IntrospectionUtils, as you just
said, and we're totally used to its very user friendly behavior.

> The answer to the first part of 3 may need some research. That is on my TODO
> list but I'm unlikely to get to it before January.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65736] Improve org.apache.naming.factory.BeanFactory to mitigate JNDI injection

2021-12-15 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=65736

--- Comment #9 from Christopher Schultz  ---
(In reply to Mark Thomas from comment #7)
> 1. Has anyone got a suggestion to make enabling forceString support
> configurable that doesn't involve a system property?

JNDI environment variable? (lol just kidding). I think this is either a system
property (preferable to me, even though system properties kinda suck) or an
otherwise unnecessary global Listener.

> 2. Is removing this feature entirely in 10.1.x reasonable?

+1 to reasoning provided by remm and rjung (via email)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65736] Improve org.apache.naming.factory.BeanFactory to mitigate JNDI injection

2021-12-15 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=65736

--- Comment #10 from Mark Thomas  ---
(In reply to Remy Maucherat from comment #8)

> No idea. But the BeanFactory doesn't use our IntrospectionUtils, as you just
> said, and we're totally used to its very user friendly behavior.

Doh! Of course. As a Bean factory it is following the Bean spec.

I think we might be able to do something along the lines of if the setter
method doesn't use String and we can't coerce it, is there a method identical
to the setter part from it uses String? If so, use that. Is that worth
implementing?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated: Add POJO support to programmatic http -> ws upgrade

2021-12-15 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 28b6cec  Add POJO support to programmatic http -> ws upgrade
28b6cec is described below

commit 28b6cec455cb970260c7559790c944b4cb981158
Author: Mark Thomas 
AuthorDate: Wed Dec 15 20:21:43 2021 +

Add POJO support to programmatic http -> ws upgrade
---
 .../websocket/server/LocalStrings.properties   |  1 +
 .../tomcat/websocket/server/UpgradeUtil.java   | 30 +++---
 .../tomcat/websocket/server/WsServerContainer.java | 11 
 webapps/docs/changelog.xml |  5 
 4 files changed, 43 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/tomcat/websocket/server/LocalStrings.properties 
b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
index 16fdaf2..3698b90 100644
--- a/java/org/apache/tomcat/websocket/server/LocalStrings.properties
+++ b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
@@ -22,6 +22,7 @@ serverContainer.missingAnnotation=Cannot deploy POJO class 
[{0}] as it is not an
 serverContainer.servletContextMissing=No ServletContext was specified
 
 upgradeUtil.incompatibleRsv=Extensions were specified that have incompatible 
RSV bit usage
+upgradeUtil.pojoMpaFail=Unable to complete method mapping for POJO class [{0}]
 
 uriTemplate.duplicateParameter=The parameter [{0}] appears more than once in 
the path which is not permitted
 uriTemplate.emptySegment=The path [{0}] contains one or more empty segments 
which is not permitted
diff --git a/java/org/apache/tomcat/websocket/server/UpgradeUtil.java 
b/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
index 5a07c93..5201a43 100644
--- a/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
+++ b/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
@@ -31,6 +31,8 @@ import jakarta.servlet.ServletRequest;
 import jakarta.servlet.ServletResponse;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import jakarta.websocket.DeploymentException;
+import jakarta.websocket.Endpoint;
 import jakarta.websocket.Extension;
 import jakarta.websocket.HandshakeResponse;
 import jakarta.websocket.server.ServerEndpointConfig;
@@ -43,6 +45,7 @@ import org.apache.tomcat.websocket.Transformation;
 import org.apache.tomcat.websocket.TransformationFactory;
 import org.apache.tomcat.websocket.Util;
 import org.apache.tomcat.websocket.WsHandshakeResponse;
+import org.apache.tomcat.websocket.pojo.PojoMethodMapping;
 
 public class UpgradeUtil {
 
@@ -197,12 +200,31 @@ public class UpgradeUtil {
 resp.setHeader(Constants.WS_EXTENSIONS_HEADER_NAME, 
responseHeaderExtensions.toString());
 }
 
-WsHandshakeRequest wsRequest = new WsHandshakeRequest(req, pathParams);
-WsHandshakeResponse wsResponse = new WsHandshakeResponse();
+// Add method mapping to user properties
+if (!Endpoint.class.isAssignableFrom(sec.getEndpointClass()) &&
+
sec.getUserProperties().get(org.apache.tomcat.websocket.pojo.Constants.POJO_METHOD_MAPPING_KEY)
 == null) {
+// This is a POJO endpoint and the application has called upgrade
+// directly. Need to add the method mapping.
+try {
+PojoMethodMapping methodMapping = new 
PojoMethodMapping(sec.getEndpointClass(),
+sec.getDecoders(), sec.getPath(), 
sc.getInstanceManager(Thread.currentThread().getContextClassLoader()));
+if (methodMapping.getOnClose() != null || 
methodMapping.getOnOpen() != null
+|| methodMapping.getOnError() != null || 
methodMapping.hasMessageHandlers()) {
+sec.getUserProperties().put(
+
org.apache.tomcat.websocket.pojo.Constants.POJO_METHOD_MAPPING_KEY, 
methodMapping);
+}
+} catch (DeploymentException e) {
+throw new ServletException(
+sm.getString("upgradeUtil.pojoMpaFail", 
sec.getEndpointClass().getName()),  e);
+}
+}
+
 WsPerSessionServerEndpointConfig perSessionServerEndpointConfig =
 new WsPerSessionServerEndpointConfig(sec);
-sec.getConfigurator().modifyHandshake(perSessionServerEndpointConfig,
-wsRequest, wsResponse);
+
+WsHandshakeRequest wsRequest = new WsHandshakeRequest(req, pathParams);
+WsHandshakeResponse wsResponse = new WsHandshakeResponse();
+sec.getConfigurator().modifyHandshake(perSessionServerEndpointConfig, 
wsRequest, wsResponse);
 wsRequest.finished();
 
 // Add any additional headers
diff --git a/java/org/apache/tomcat/websocket/server/WsServerContainer.java 
b/java/org/apache/tomcat/websocket/server/WsServerContai

[tomcat] branch 10.0.x updated: Add POJO support to programmatic http -> ws upgrade

2021-12-15 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.0.x by this push:
 new 2338ef3  Add POJO support to programmatic http -> ws upgrade
2338ef3 is described below

commit 2338ef32ca4991049de33f578cf373e658ffd08c
Author: Mark Thomas 
AuthorDate: Wed Dec 15 20:21:43 2021 +

Add POJO support to programmatic http -> ws upgrade
---
 .../websocket/server/LocalStrings.properties   |  1 +
 .../tomcat/websocket/server/UpgradeUtil.java   | 30 +++---
 .../tomcat/websocket/server/WsServerContainer.java | 11 
 webapps/docs/changelog.xml |  9 +++
 4 files changed, 47 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/tomcat/websocket/server/LocalStrings.properties 
b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
index 16fdaf2..3698b90 100644
--- a/java/org/apache/tomcat/websocket/server/LocalStrings.properties
+++ b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
@@ -22,6 +22,7 @@ serverContainer.missingAnnotation=Cannot deploy POJO class 
[{0}] as it is not an
 serverContainer.servletContextMissing=No ServletContext was specified
 
 upgradeUtil.incompatibleRsv=Extensions were specified that have incompatible 
RSV bit usage
+upgradeUtil.pojoMpaFail=Unable to complete method mapping for POJO class [{0}]
 
 uriTemplate.duplicateParameter=The parameter [{0}] appears more than once in 
the path which is not permitted
 uriTemplate.emptySegment=The path [{0}] contains one or more empty segments 
which is not permitted
diff --git a/java/org/apache/tomcat/websocket/server/UpgradeUtil.java 
b/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
index 5a07c93..5201a43 100644
--- a/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
+++ b/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
@@ -31,6 +31,8 @@ import jakarta.servlet.ServletRequest;
 import jakarta.servlet.ServletResponse;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import jakarta.websocket.DeploymentException;
+import jakarta.websocket.Endpoint;
 import jakarta.websocket.Extension;
 import jakarta.websocket.HandshakeResponse;
 import jakarta.websocket.server.ServerEndpointConfig;
@@ -43,6 +45,7 @@ import org.apache.tomcat.websocket.Transformation;
 import org.apache.tomcat.websocket.TransformationFactory;
 import org.apache.tomcat.websocket.Util;
 import org.apache.tomcat.websocket.WsHandshakeResponse;
+import org.apache.tomcat.websocket.pojo.PojoMethodMapping;
 
 public class UpgradeUtil {
 
@@ -197,12 +200,31 @@ public class UpgradeUtil {
 resp.setHeader(Constants.WS_EXTENSIONS_HEADER_NAME, 
responseHeaderExtensions.toString());
 }
 
-WsHandshakeRequest wsRequest = new WsHandshakeRequest(req, pathParams);
-WsHandshakeResponse wsResponse = new WsHandshakeResponse();
+// Add method mapping to user properties
+if (!Endpoint.class.isAssignableFrom(sec.getEndpointClass()) &&
+
sec.getUserProperties().get(org.apache.tomcat.websocket.pojo.Constants.POJO_METHOD_MAPPING_KEY)
 == null) {
+// This is a POJO endpoint and the application has called upgrade
+// directly. Need to add the method mapping.
+try {
+PojoMethodMapping methodMapping = new 
PojoMethodMapping(sec.getEndpointClass(),
+sec.getDecoders(), sec.getPath(), 
sc.getInstanceManager(Thread.currentThread().getContextClassLoader()));
+if (methodMapping.getOnClose() != null || 
methodMapping.getOnOpen() != null
+|| methodMapping.getOnError() != null || 
methodMapping.hasMessageHandlers()) {
+sec.getUserProperties().put(
+
org.apache.tomcat.websocket.pojo.Constants.POJO_METHOD_MAPPING_KEY, 
methodMapping);
+}
+} catch (DeploymentException e) {
+throw new ServletException(
+sm.getString("upgradeUtil.pojoMpaFail", 
sec.getEndpointClass().getName()),  e);
+}
+}
+
 WsPerSessionServerEndpointConfig perSessionServerEndpointConfig =
 new WsPerSessionServerEndpointConfig(sec);
-sec.getConfigurator().modifyHandshake(perSessionServerEndpointConfig,
-wsRequest, wsResponse);
+
+WsHandshakeRequest wsRequest = new WsHandshakeRequest(req, pathParams);
+WsHandshakeResponse wsResponse = new WsHandshakeResponse();
+sec.getConfigurator().modifyHandshake(perSessionServerEndpointConfig, 
wsRequest, wsResponse);
 wsRequest.finished();
 
 // Add any additional headers
diff --git a/java/org/apache/tomcat/websocket/server/WsServerContainer.java 
b/java/org/apache/tomcat/websocket/server/WsServe

[tomcat] branch 9.0.x updated: Add POJO support to programmatic http -> ws upgrade

2021-12-15 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new c6c8c05  Add POJO support to programmatic http -> ws upgrade
c6c8c05 is described below

commit c6c8c05bb8e9df53e828c5c02df5b9473605ab48
Author: Mark Thomas 
AuthorDate: Wed Dec 15 20:21:43 2021 +

Add POJO support to programmatic http -> ws upgrade
---
 .../websocket/server/LocalStrings.properties   |  1 +
 .../tomcat/websocket/server/UpgradeUtil.java   | 30 +++---
 .../tomcat/websocket/server/WsServerContainer.java | 11 
 webapps/docs/changelog.xml |  9 +++
 4 files changed, 47 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/tomcat/websocket/server/LocalStrings.properties 
b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
index 16fdaf2..3698b90 100644
--- a/java/org/apache/tomcat/websocket/server/LocalStrings.properties
+++ b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
@@ -22,6 +22,7 @@ serverContainer.missingAnnotation=Cannot deploy POJO class 
[{0}] as it is not an
 serverContainer.servletContextMissing=No ServletContext was specified
 
 upgradeUtil.incompatibleRsv=Extensions were specified that have incompatible 
RSV bit usage
+upgradeUtil.pojoMpaFail=Unable to complete method mapping for POJO class [{0}]
 
 uriTemplate.duplicateParameter=The parameter [{0}] appears more than once in 
the path which is not permitted
 uriTemplate.emptySegment=The path [{0}] contains one or more empty segments 
which is not permitted
diff --git a/java/org/apache/tomcat/websocket/server/UpgradeUtil.java 
b/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
index 1f8cb32..8e52d66 100644
--- a/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
+++ b/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
@@ -31,6 +31,8 @@ import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.websocket.DeploymentException;
+import javax.websocket.Endpoint;
 import javax.websocket.Extension;
 import javax.websocket.HandshakeResponse;
 import javax.websocket.server.ServerEndpointConfig;
@@ -43,6 +45,7 @@ import org.apache.tomcat.websocket.Transformation;
 import org.apache.tomcat.websocket.TransformationFactory;
 import org.apache.tomcat.websocket.Util;
 import org.apache.tomcat.websocket.WsHandshakeResponse;
+import org.apache.tomcat.websocket.pojo.PojoMethodMapping;
 
 public class UpgradeUtil {
 
@@ -197,12 +200,31 @@ public class UpgradeUtil {
 resp.setHeader(Constants.WS_EXTENSIONS_HEADER_NAME, 
responseHeaderExtensions.toString());
 }
 
-WsHandshakeRequest wsRequest = new WsHandshakeRequest(req, pathParams);
-WsHandshakeResponse wsResponse = new WsHandshakeResponse();
+// Add method mapping to user properties
+if (!Endpoint.class.isAssignableFrom(sec.getEndpointClass()) &&
+
sec.getUserProperties().get(org.apache.tomcat.websocket.pojo.Constants.POJO_METHOD_MAPPING_KEY)
 == null) {
+// This is a POJO endpoint and the application has called upgrade
+// directly. Need to add the method mapping.
+try {
+PojoMethodMapping methodMapping = new 
PojoMethodMapping(sec.getEndpointClass(),
+sec.getDecoders(), sec.getPath(), 
sc.getInstanceManager(Thread.currentThread().getContextClassLoader()));
+if (methodMapping.getOnClose() != null || 
methodMapping.getOnOpen() != null
+|| methodMapping.getOnError() != null || 
methodMapping.hasMessageHandlers()) {
+sec.getUserProperties().put(
+
org.apache.tomcat.websocket.pojo.Constants.POJO_METHOD_MAPPING_KEY, 
methodMapping);
+}
+} catch (DeploymentException e) {
+throw new ServletException(
+sm.getString("upgradeUtil.pojoMpaFail", 
sec.getEndpointClass().getName()),  e);
+}
+}
+
 WsPerSessionServerEndpointConfig perSessionServerEndpointConfig =
 new WsPerSessionServerEndpointConfig(sec);
-sec.getConfigurator().modifyHandshake(perSessionServerEndpointConfig,
-wsRequest, wsResponse);
+
+WsHandshakeRequest wsRequest = new WsHandshakeRequest(req, pathParams);
+WsHandshakeResponse wsResponse = new WsHandshakeResponse();
+sec.getConfigurator().modifyHandshake(perSessionServerEndpointConfig, 
wsRequest, wsResponse);
 wsRequest.finished();
 
 // Add any additional headers
diff --git a/java/org/apache/tomcat/websocket/server/WsServerContainer.java 
b/java/org/apache/tomcat/websocket/server/WsServerContainer.java
inde

[tomcat] branch 8.5.x updated: Add POJO support to programmatic http -> ws upgrade

2021-12-15 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 537dbcc  Add POJO support to programmatic http -> ws upgrade
537dbcc is described below

commit 537dbcc6e735ff6abe8a4220af1580d03e9c84cd
Author: Mark Thomas 
AuthorDate: Wed Dec 15 20:21:43 2021 +

Add POJO support to programmatic http -> ws upgrade
---
 .../websocket/server/LocalStrings.properties   |  1 +
 .../tomcat/websocket/server/UpgradeUtil.java   | 30 +++---
 .../tomcat/websocket/server/WsServerContainer.java | 11 
 webapps/docs/changelog.xml |  9 +++
 4 files changed, 47 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/tomcat/websocket/server/LocalStrings.properties 
b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
index 16fdaf2..3698b90 100644
--- a/java/org/apache/tomcat/websocket/server/LocalStrings.properties
+++ b/java/org/apache/tomcat/websocket/server/LocalStrings.properties
@@ -22,6 +22,7 @@ serverContainer.missingAnnotation=Cannot deploy POJO class 
[{0}] as it is not an
 serverContainer.servletContextMissing=No ServletContext was specified
 
 upgradeUtil.incompatibleRsv=Extensions were specified that have incompatible 
RSV bit usage
+upgradeUtil.pojoMpaFail=Unable to complete method mapping for POJO class [{0}]
 
 uriTemplate.duplicateParameter=The parameter [{0}] appears more than once in 
the path which is not permitted
 uriTemplate.emptySegment=The path [{0}] contains one or more empty segments 
which is not permitted
diff --git a/java/org/apache/tomcat/websocket/server/UpgradeUtil.java 
b/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
index 1f8cb32..8e52d66 100644
--- a/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
+++ b/java/org/apache/tomcat/websocket/server/UpgradeUtil.java
@@ -31,6 +31,8 @@ import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.websocket.DeploymentException;
+import javax.websocket.Endpoint;
 import javax.websocket.Extension;
 import javax.websocket.HandshakeResponse;
 import javax.websocket.server.ServerEndpointConfig;
@@ -43,6 +45,7 @@ import org.apache.tomcat.websocket.Transformation;
 import org.apache.tomcat.websocket.TransformationFactory;
 import org.apache.tomcat.websocket.Util;
 import org.apache.tomcat.websocket.WsHandshakeResponse;
+import org.apache.tomcat.websocket.pojo.PojoMethodMapping;
 
 public class UpgradeUtil {
 
@@ -197,12 +200,31 @@ public class UpgradeUtil {
 resp.setHeader(Constants.WS_EXTENSIONS_HEADER_NAME, 
responseHeaderExtensions.toString());
 }
 
-WsHandshakeRequest wsRequest = new WsHandshakeRequest(req, pathParams);
-WsHandshakeResponse wsResponse = new WsHandshakeResponse();
+// Add method mapping to user properties
+if (!Endpoint.class.isAssignableFrom(sec.getEndpointClass()) &&
+
sec.getUserProperties().get(org.apache.tomcat.websocket.pojo.Constants.POJO_METHOD_MAPPING_KEY)
 == null) {
+// This is a POJO endpoint and the application has called upgrade
+// directly. Need to add the method mapping.
+try {
+PojoMethodMapping methodMapping = new 
PojoMethodMapping(sec.getEndpointClass(),
+sec.getDecoders(), sec.getPath(), 
sc.getInstanceManager(Thread.currentThread().getContextClassLoader()));
+if (methodMapping.getOnClose() != null || 
methodMapping.getOnOpen() != null
+|| methodMapping.getOnError() != null || 
methodMapping.hasMessageHandlers()) {
+sec.getUserProperties().put(
+
org.apache.tomcat.websocket.pojo.Constants.POJO_METHOD_MAPPING_KEY, 
methodMapping);
+}
+} catch (DeploymentException e) {
+throw new ServletException(
+sm.getString("upgradeUtil.pojoMpaFail", 
sec.getEndpointClass().getName()),  e);
+}
+}
+
 WsPerSessionServerEndpointConfig perSessionServerEndpointConfig =
 new WsPerSessionServerEndpointConfig(sec);
-sec.getConfigurator().modifyHandshake(perSessionServerEndpointConfig,
-wsRequest, wsResponse);
+
+WsHandshakeRequest wsRequest = new WsHandshakeRequest(req, pathParams);
+WsHandshakeResponse wsResponse = new WsHandshakeResponse();
+sec.getConfigurator().modifyHandshake(perSessionServerEndpointConfig, 
wsRequest, wsResponse);
 wsRequest.finished();
 
 // Add any additional headers
diff --git a/java/org/apache/tomcat/websocket/server/WsServerContainer.java 
b/java/org/apache/tomcat/websocket/server/WsServerContainer.java
inde

[tomcat] branch main updated: Fix typo (spotted by rjung)

[tomcat] branch 10.0.x updated: Fix typo (spotted by rjung)

[tomcat] branch 9.0.x updated: Fix typo (spotted by rjung)

[tomcat] branch 8.5.x updated: Fix typo (spotted by rjung)

svn commit: r1895980 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml

[Bug 65736] Improve org.apache.naming.factory.BeanFactory to mitigate JNDI injection

[Bug 65736] Improve org.apache.naming.factory.BeanFactory to mitigate JNDI injection

[Bug 65736] Improve org.apache.naming.factory.BeanFactory to mitigate JNDI injection

[Bug 65736] Improve org.apache.naming.factory.BeanFactory to mitigate JNDI injection

[tomcat] branch main updated: Add POJO support to programmatic http -> ws upgrade

[tomcat] branch 10.0.x updated: Add POJO support to programmatic http -> ws upgrade

[tomcat] branch 9.0.x updated: Add POJO support to programmatic http -> ws upgrade

[tomcat] branch 8.5.x updated: Add POJO support to programmatic http -> ws upgrade

13 matches

Site Navigation

Mail list logo

Footer information