[tomcat] branch 10.1.x updated: Allow Valves to access cookies when no Context has been mapped
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new d9155d28a1 Allow Valves to access cookies when no Context has been
mapped
d9155d28a1 is described below
commit d9155d28a1e08c323d1b11a3789cdd59c818803b
Author: Mark Thomas
AuthorDate: Tue Jan 17 12:41:00 2023 +
Allow Valves to access cookies when no Context has been mapped
---
java/org/apache/catalina/connector/Request.java| 23 +++---
.../catalina/valves/rewrite/TestRewriteValve.java | 82 ++
webapps/docs/changelog.xml | 8 +++
3 files changed, 105 insertions(+), 8 deletions(-)
diff --git a/java/org/apache/catalina/connector/Request.java
b/java/org/apache/catalina/connector/Request.java
index 340d775b15..6aa07d54e1 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -103,6 +103,7 @@ import org.apache.tomcat.util.http.CookieProcessor;
import org.apache.tomcat.util.http.FastHttpDateFormat;
import org.apache.tomcat.util.http.Parameters;
import org.apache.tomcat.util.http.Parameters.FailReason;
+import org.apache.tomcat.util.http.Rfc6265CookieProcessor;
import org.apache.tomcat.util.http.ServerCookie;
import org.apache.tomcat.util.http.ServerCookies;
import org.apache.tomcat.util.http.fileupload.FileItem;
@@ -3094,6 +3095,18 @@ public class Request implements HttpServletRequest {
return buf.toString();
}
+private CookieProcessor getCookieProcessor() {
+Context context = getContext();
+if (context == null) {
+// No context. Possible call from Valve before a Host level
+// context rewrite when no ROOT content is configured. Use the
+// default CookiePreocessor.
+return new Rfc6265CookieProcessor();
+} else {
+return context.getCookieProcessor();
+}
+}
+
/**
* Parse cookies. This only parses the cookies into the memory efficient
* ServerCookies structure. It does not populate the Cookie objects.
@@ -3107,8 +3120,7 @@ public class Request implements HttpServletRequest {
ServerCookies serverCookies = coyoteRequest.getCookies();
serverCookies.setLimit(connector.getMaxCookieCount());
-CookieProcessor cookieProcessor = getContext().getCookieProcessor();
-cookieProcessor.parseCookieHeader(coyoteRequest.getMimeHeaders(),
serverCookies);
+getCookieProcessor().parseCookieHeader(coyoteRequest.getMimeHeaders(),
serverCookies);
}
/**
@@ -3122,14 +3134,9 @@ public class Request implements HttpServletRequest {
cookiesConverted = true;
-if (getContext() == null) {
-return;
-}
-
parseCookies();
ServerCookies serverCookies = coyoteRequest.getCookies();
-CookieProcessor cookieProcessor = getContext().getCookieProcessor();
int count = serverCookies.getCookieCount();
if (count <= 0) {
@@ -3144,7 +3151,7 @@ public class Request implements HttpServletRequest {
try {
// We must unescape the '\\' escape character
Cookie cookie = new Cookie(scookie.getName().toString(),null);
-
scookie.getValue().getByteChunk().setCharset(cookieProcessor.getCharset());
+
scookie.getValue().getByteChunk().setCharset(getCookieProcessor().getCharset());
cookie.setValue(unescape(scookie.getValue().toString()));
cookies[idx++] = cookie;
} catch(IllegalArgumentException e) {
diff --git a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
index c6e8c26449..957e9bbda0 100644
--- a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
+++ b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
@@ -16,20 +16,31 @@
*/
package org.apache.catalina.valves.rewrite;
+import java.io.IOException;
+import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
import org.junit.Assert;
import org.junit.Test;
import org.apache.catalina.Context;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
import org.apache.catalina.servlets.DefaultServlet;
import org.apache.catalina.startup.TesterServlet;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.startup.TomcatBaseTest;
+import org.apache.catalina
[tomcat] branch main updated: Allow Valves to access cookies when no Context has been mapped
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 3119cab615 Allow Valves to access cookies when no Context has been
mapped
3119cab615 is described below
commit 3119cab61553718d466e378af35c0edd5302a680
Author: Mark Thomas
AuthorDate: Tue Jan 17 12:41:00 2023 +
Allow Valves to access cookies when no Context has been mapped
---
java/org/apache/catalina/connector/Request.java| 23 +++---
.../catalina/valves/rewrite/TestRewriteValve.java | 82 ++
webapps/docs/changelog.xml | 8 +++
3 files changed, 105 insertions(+), 8 deletions(-)
diff --git a/java/org/apache/catalina/connector/Request.java
b/java/org/apache/catalina/connector/Request.java
index e35dbcd085..ba7611d5c3 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -103,6 +103,7 @@ import org.apache.tomcat.util.http.CookieProcessor;
import org.apache.tomcat.util.http.FastHttpDateFormat;
import org.apache.tomcat.util.http.Parameters;
import org.apache.tomcat.util.http.Parameters.FailReason;
+import org.apache.tomcat.util.http.Rfc6265CookieProcessor;
import org.apache.tomcat.util.http.ServerCookie;
import org.apache.tomcat.util.http.ServerCookies;
import org.apache.tomcat.util.http.fileupload.FileItem;
@@ -3047,6 +3048,18 @@ public class Request implements HttpServletRequest {
return buf.toString();
}
+private CookieProcessor getCookieProcessor() {
+Context context = getContext();
+if (context == null) {
+// No context. Possible call from Valve before a Host level
+// context rewrite when no ROOT content is configured. Use the
+// default CookiePreocessor.
+return new Rfc6265CookieProcessor();
+} else {
+return context.getCookieProcessor();
+}
+}
+
/**
* Parse cookies. This only parses the cookies into the memory efficient
* ServerCookies structure. It does not populate the Cookie objects.
@@ -3060,8 +3073,7 @@ public class Request implements HttpServletRequest {
ServerCookies serverCookies = coyoteRequest.getCookies();
serverCookies.setLimit(connector.getMaxCookieCount());
-CookieProcessor cookieProcessor = getContext().getCookieProcessor();
-cookieProcessor.parseCookieHeader(coyoteRequest.getMimeHeaders(),
serverCookies);
+getCookieProcessor().parseCookieHeader(coyoteRequest.getMimeHeaders(),
serverCookies);
}
/**
@@ -3075,14 +3087,9 @@ public class Request implements HttpServletRequest {
cookiesConverted = true;
-if (getContext() == null) {
-return;
-}
-
parseCookies();
ServerCookies serverCookies = coyoteRequest.getCookies();
-CookieProcessor cookieProcessor = getContext().getCookieProcessor();
int count = serverCookies.getCookieCount();
if (count <= 0) {
@@ -3097,7 +3104,7 @@ public class Request implements HttpServletRequest {
try {
// We must unescape the '\\' escape character
Cookie cookie = new Cookie(scookie.getName().toString(),null);
-
scookie.getValue().getByteChunk().setCharset(cookieProcessor.getCharset());
+
scookie.getValue().getByteChunk().setCharset(getCookieProcessor().getCharset());
cookie.setValue(unescape(scookie.getValue().toString()));
cookies[idx++] = cookie;
} catch(IllegalArgumentException e) {
diff --git a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
index c6e8c26449..957e9bbda0 100644
--- a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
+++ b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
@@ -16,20 +16,31 @@
*/
package org.apache.catalina.valves.rewrite;
+import java.io.IOException;
+import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
import org.junit.Assert;
import org.junit.Test;
import org.apache.catalina.Context;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
import org.apache.catalina.servlets.DefaultServlet;
import org.apache.catalina.startup.TesterServlet;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.startup.TomcatBaseTest;
+import org.apache.catalina.val
[tomcat] branch 9.0.x updated: Align with 10.1.x
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 6eace6d86d Align with 10.1.x
6eace6d86d is described below
commit 6eace6d86d5d7233708f0099835f9571b82c009b
Author: Mark Thomas
AuthorDate: Tue Jan 17 12:56:54 2023 +
Align with 10.1.x
---
java/org/apache/tomcat/util/compat/JreCompat.java | 23 ---
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/java/org/apache/tomcat/util/compat/JreCompat.java
b/java/org/apache/tomcat/util/compat/JreCompat.java
index 7c9c8ccffa..d468589002 100644
--- a/java/org/apache/tomcat/util/compat/JreCompat.java
+++ b/java/org/apache/tomcat/util/compat/JreCompat.java
@@ -46,10 +46,10 @@ public class JreCompat {
private static final JreCompat instance;
private static final boolean graalAvailable;
-private static final boolean jre19Available;
-private static final boolean jre16Available;
-private static final boolean jre11Available;
private static final boolean jre9Available;
+private static final boolean jre11Available;
+private static final boolean jre16Available;
+private static final boolean jre19Available;
private static final StringManager sm =
StringManager.getManager(JreCompat.class);
protected static final Method setApplicationProtocolsMethod;
@@ -71,24 +71,24 @@ public class JreCompat {
// Look for the highest supported JVM first
if (Jre19Compat.isSupported()) {
instance = new Jre19Compat();
-jre9Available = true;
-jre16Available = true;
jre19Available = true;
+jre16Available = true;
+jre9Available = true;
} else if (Jre16Compat.isSupported()) {
instance = new Jre16Compat();
-jre9Available = true;
-jre16Available = true;
jre19Available = false;
+jre16Available = true;
+jre9Available = true;
} else if (Jre9Compat.isSupported()) {
instance = new Jre9Compat();
-jre9Available = true;
-jre16Available = false;
jre19Available = false;
+jre16Available = false;
+jre9Available = true;
} else {
instance = new JreCompat();
-jre9Available = false;
-jre16Available = false;
jre19Available = false;
+jre16Available = false;
+jre9Available = false;
}
jre11Available = instance.jarFileRuntimeMajorVersion() >= 11;
@@ -139,6 +139,7 @@ public class JreCompat {
return jre19Available;
}
+
// Java 8 implementation of Java 9 methods
/**
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Align with 9.0.x
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 272519d38d Align with 9.0.x
272519d38d is described below
commit 272519d38d409a017855399f1506cc30fa067b30
Author: Mark Thomas
AuthorDate: Tue Jan 17 12:57:04 2023 +
Align with 9.0.x
---
java/org/apache/tomcat/util/compat/JreCompat.java | 35 +++
1 file changed, 16 insertions(+), 19 deletions(-)
diff --git a/java/org/apache/tomcat/util/compat/JreCompat.java
b/java/org/apache/tomcat/util/compat/JreCompat.java
index 87fd07f5e1..13b30b23ea 100644
--- a/java/org/apache/tomcat/util/compat/JreCompat.java
+++ b/java/org/apache/tomcat/util/compat/JreCompat.java
@@ -39,21 +39,20 @@ import org.apache.tomcat.util.res.StringManager;
*/
public class JreCompat {
-private static final StringManager sm =
StringManager.getManager(JreCompat.class);
-
private static final int RUNTIME_MAJOR_VERSION = 7;
private static final JreCompat instance;
-private static final boolean jre19Available;
-private static final boolean jre16Available;
-private static final boolean jre11Available;
-private static final boolean jre9Available;
private static final boolean jre8Available;
+private static final boolean jre9Available;
+private static final boolean jre11Available;
+private static final boolean jre16Available;
+private static final boolean jre19Available;
+private static final StringManager sm =
StringManager.getManager(JreCompat.class);
+
static {
// This is Tomcat 8 with a minimum Java version of Java 7.
-// Compatibility code exists for Java 8, 9, 11 & 19
// Look for the highest supported JVM first
if (Jre19Compat.isSupported()) {
instance = new Jre19Compat();
@@ -110,11 +109,21 @@ public class JreCompat {
}
+public static boolean isJre11Available() {
+return jre11Available;
+}
+
+
public static boolean isJre16Available() {
return jre16Available;
}
+public static boolean isJre19Available() {
+return jre19Available;
+}
+
+
// Java 7 implementation of Java 8 methods
@SuppressWarnings("unused")
@@ -291,20 +300,8 @@ public class JreCompat {
}
-// Java 7 implementations of Java 11 methods
-
-public static boolean isJre11Available() {
-return jre11Available;
-}
-
-
// Java 7 implementations of Java 19 methods
-public static boolean isJre19Available() {
-return jre19Available;
-}
-
-
/**
* Obtains the executor, if any, used to create the provided thread.
*
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Align with 9.0.x
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 0b65e7d3c9 Align with 9.0.x
0b65e7d3c9 is described below
commit 0b65e7d3c9cbde9d1f1566721301782074e723f2
Author: Mark Thomas
AuthorDate: Tue Jan 17 12:59:59 2023 +
Align with 9.0.x
---
java/org/apache/tomcat/util/compat/JreCompat.java | 1 -
1 file changed, 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/compat/JreCompat.java
b/java/org/apache/tomcat/util/compat/JreCompat.java
index 3e90bed588..e1f442995a 100644
--- a/java/org/apache/tomcat/util/compat/JreCompat.java
+++ b/java/org/apache/tomcat/util/compat/JreCompat.java
@@ -118,7 +118,6 @@ public class JreCompat {
// Java 11 implementations of Java 19 methods
-
/**
* Obtains the executor, if any, used to create the provided thread.
*
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Align with 10.1.x
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 76dea102d2 Align with 10.1.x
76dea102d2 is described below
commit 76dea102d2939c53f866e313fb2b23bbbd96c9a0
Author: Mark Thomas
AuthorDate: Tue Jan 17 13:00:10 2023 +
Align with 10.1.x
---
java/org/apache/tomcat/util/compat/JreCompat.java | 1 -
1 file changed, 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/compat/JreCompat.java
b/java/org/apache/tomcat/util/compat/JreCompat.java
index 993096617a..93c31993da 100644
--- a/java/org/apache/tomcat/util/compat/JreCompat.java
+++ b/java/org/apache/tomcat/util/compat/JreCompat.java
@@ -118,7 +118,6 @@ public class JreCompat {
// Java 11 implementations of Java 19 methods
-
/**
* Obtains the executor, if any, used to create the provided thread.
*
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Allow Valves to access cookies when no Context has been mapped
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new e7a0e50d54 Allow Valves to access cookies when no Context has been
mapped
e7a0e50d54 is described below
commit e7a0e50d544a372c71116b1f8f4583f55d0b8adb
Author: Mark Thomas
AuthorDate: Tue Jan 17 12:41:00 2023 +
Allow Valves to access cookies when no Context has been mapped
---
java/org/apache/catalina/connector/Request.java| 23 +++---
.../catalina/valves/rewrite/TestRewriteValve.java | 83 ++
webapps/docs/changelog.xml | 8 +++
3 files changed, 106 insertions(+), 8 deletions(-)
diff --git a/java/org/apache/catalina/connector/Request.java
b/java/org/apache/catalina/connector/Request.java
index 3a38bf8cca..949f4353e1 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -104,6 +104,7 @@ import org.apache.tomcat.util.http.CookieProcessor;
import org.apache.tomcat.util.http.FastHttpDateFormat;
import org.apache.tomcat.util.http.Parameters;
import org.apache.tomcat.util.http.Parameters.FailReason;
+import org.apache.tomcat.util.http.Rfc6265CookieProcessor;
import org.apache.tomcat.util.http.ServerCookie;
import org.apache.tomcat.util.http.ServerCookies;
import org.apache.tomcat.util.http.fileupload.FileItem;
@@ -3150,6 +3151,18 @@ public class Request implements HttpServletRequest {
return buf.toString();
}
+private CookieProcessor getCookieProcessor() {
+Context context = getContext();
+if (context == null) {
+// No context. Possible call from Valve before a Host level
+// context rewrite when no ROOT content is configured. Use the
+// default CookiePreocessor.
+return new Rfc6265CookieProcessor();
+} else {
+return context.getCookieProcessor();
+}
+}
+
/**
* Parse cookies. This only parses the cookies into the memory efficient
* ServerCookies structure. It does not populate the Cookie objects.
@@ -3163,8 +3176,7 @@ public class Request implements HttpServletRequest {
ServerCookies serverCookies = coyoteRequest.getCookies();
serverCookies.setLimit(connector.getMaxCookieCount());
-CookieProcessor cookieProcessor = getContext().getCookieProcessor();
-cookieProcessor.parseCookieHeader(coyoteRequest.getMimeHeaders(),
serverCookies);
+getCookieProcessor().parseCookieHeader(coyoteRequest.getMimeHeaders(),
serverCookies);
}
/**
@@ -3178,14 +3190,9 @@ public class Request implements HttpServletRequest {
cookiesConverted = true;
-if (getContext() == null) {
-return;
-}
-
parseCookies();
ServerCookies serverCookies = coyoteRequest.getCookies();
-CookieProcessor cookieProcessor = getContext().getCookieProcessor();
int count = serverCookies.getCookieCount();
if (count <= 0) {
@@ -3202,7 +3209,7 @@ public class Request implements HttpServletRequest {
Cookie cookie = new Cookie(scookie.getName().toString(),null);
int version = scookie.getVersion();
cookie.setVersion(version);
-
scookie.getValue().getByteChunk().setCharset(cookieProcessor.getCharset());
+
scookie.getValue().getByteChunk().setCharset(getCookieProcessor().getCharset());
cookie.setValue(unescape(scookie.getValue().toString()));
cookie.setPath(unescape(scookie.getPath().toString()));
String domain = scookie.getDomain().toString();
diff --git a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
index c6e8c26449..0c7c7c10ff 100644
--- a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
+++ b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
@@ -16,20 +16,32 @@
*/
package org.apache.catalina.valves.rewrite;
+import java.io.IOException;
+import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
import org.junit.Assert;
import org.junit.Test;
import org.apache.catalina.Context;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
import org.apache.catalina.servlets.DefaultServlet;
import org.apache.catalina.startup.TesterServlet;
import org.apache.catalina.startup.Tomcat;
imp
[tomcat] branch 8.5.x updated: Increment version for next development cycle
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 83e14f290d Increment version for next development cycle 83e14f290d is described below commit 83e14f290dc4c536b5768551bd978d163ad6fc8c Author: Mark Thomas AuthorDate: Tue Jan 17 13:03:28 2023 + Increment version for next development cycle --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- webapps/docs/changelog.xml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/build.properties.default b/build.properties.default index 6127398fd4..8aea996315 100644 --- a/build.properties.default +++ b/build.properties.default @@ -31,7 +31,7 @@ # - Version Control Flags - version.major=8 version.minor=5 -version.build=85 +version.build=86 version.patch=0 version.suffix= version.dev=-dev diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index aa09085888..cc0fad434a 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=8.5.85 +maven.asf.release.deploy.version=8.5.86 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 578b3cd006..afe875ea10 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,9 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Allow Valves to access cookies when no Context has been mapped
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new d8c394d592 Allow Valves to access cookies when no Context has been
mapped
d8c394d592 is described below
commit d8c394d5920f0a4728bea23ebcd8630e3a9e
Author: Mark Thomas
AuthorDate: Tue Jan 17 12:41:00 2023 +
Allow Valves to access cookies when no Context has been mapped
---
java/org/apache/catalina/connector/Request.java| 23 +++---
.../catalina/valves/rewrite/TestRewriteValve.java | 83 ++
webapps/docs/changelog.xml | 8 +++
3 files changed, 106 insertions(+), 8 deletions(-)
diff --git a/java/org/apache/catalina/connector/Request.java
b/java/org/apache/catalina/connector/Request.java
index ca9df14714..1a1644c053 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -104,6 +104,7 @@ import org.apache.tomcat.util.http.CookieProcessor;
import org.apache.tomcat.util.http.FastHttpDateFormat;
import org.apache.tomcat.util.http.Parameters;
import org.apache.tomcat.util.http.Parameters.FailReason;
+import org.apache.tomcat.util.http.Rfc6265CookieProcessor;
import org.apache.tomcat.util.http.ServerCookie;
import org.apache.tomcat.util.http.ServerCookies;
import org.apache.tomcat.util.http.fileupload.FileItem;
@@ -3189,6 +3190,18 @@ public class Request implements HttpServletRequest {
return buf.toString();
}
+private CookieProcessor getCookieProcessor() {
+Context context = getContext();
+if (context == null) {
+// No context. Possible call from Valve before a Host level
+// context rewrite when no ROOT content is configured. Use the
+// default CookiePreocessor.
+return new Rfc6265CookieProcessor();
+} else {
+return context.getCookieProcessor();
+}
+}
+
/**
* Parse cookies. This only parses the cookies into the memory efficient
* ServerCookies structure. It does not populate the Cookie objects.
@@ -3202,8 +3215,7 @@ public class Request implements HttpServletRequest {
ServerCookies serverCookies = coyoteRequest.getCookies();
serverCookies.setLimit(connector.getMaxCookieCount());
-CookieProcessor cookieProcessor = getContext().getCookieProcessor();
-cookieProcessor.parseCookieHeader(coyoteRequest.getMimeHeaders(),
serverCookies);
+getCookieProcessor().parseCookieHeader(coyoteRequest.getMimeHeaders(),
serverCookies);
}
/**
@@ -3217,14 +3229,9 @@ public class Request implements HttpServletRequest {
cookiesConverted = true;
-if (getContext() == null) {
-return;
-}
-
parseCookies();
ServerCookies serverCookies = coyoteRequest.getCookies();
-CookieProcessor cookieProcessor = getContext().getCookieProcessor();
int count = serverCookies.getCookieCount();
if (count <= 0) {
@@ -3241,7 +3248,7 @@ public class Request implements HttpServletRequest {
Cookie cookie = new Cookie(scookie.getName().toString(),null);
int version = scookie.getVersion();
cookie.setVersion(version);
-
scookie.getValue().getByteChunk().setCharset(cookieProcessor.getCharset());
+
scookie.getValue().getByteChunk().setCharset(getCookieProcessor().getCharset());
cookie.setValue(unescape(scookie.getValue().toString()));
cookie.setPath(unescape(scookie.getPath().toString()));
String domain = scookie.getDomain().toString();
diff --git a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
index 783dae17f7..55dcb87395 100644
--- a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
+++ b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
@@ -16,20 +16,32 @@
*/
package org.apache.catalina.valves.rewrite;
+import java.io.IOException;
+import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
import org.junit.Assert;
import org.junit.Test;
import org.apache.catalina.Context;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
import org.apache.catalina.servlets.DefaultServlet;
import org.apache.catalina.startup.TesterServlet;
import org.apache.catalina.startup.Tomcat;
imp
Categorizing javadoc errors
Hi, In the past, javadoc problems were fixed. I'm glad Mark switched validation to checkstyle since I no longer trust the javadoc developers for doing the right thing after the Java 18 changes. Also it allows easy configuration of what is important and what should not be fixed. Looking at the list, I would propose: - Remove javadoc validation for tests. This would mean doing validation twice (once as usual, another one for the javadoc). Although it is better to document everything, realistically we won't be able to do everything. - checkFirstSentence: After testing, this means that the javadoc first (and quite often only) sentence should end with a period. This seems pointless to me, so I plan to add a comment that this should be set to "false". - checkEmptyJavadoc: Actually this means the description is empty. It happens often for certain obvious methods where @return is documented instead. I'm slightly wavering on that one, in the generated HTML it does indeed look better if both are set (to the same thing as the content of @return - but with a period at the end, see the first property). - MissingJavadocMethod: This one is justified. - MissingJavadocType: Totally justified. - RequireEmptyLineBeforeBlockTagGroup: Should be ignored, another pedantic arbitrary syntax rule. Note: The error counts given include tests, so they're lower than that actually. So: can I proceed with the separation between tests and non tests, and then document why some settings will remain disabled ? This gives a reasonable baseline where it can be assumed the rest is a useful improvement. Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Categorizing javadoc errors
On 17/01/2023 14:48, Rémy Maucherat wrote: Hi, In the past, javadoc problems were fixed. I'm glad Mark switched validation to checkstyle since I no longer trust the javadoc developers for doing the right thing after the Java 18 changes. Also it allows easy configuration of what is important and what should not be fixed. Looking at the list, I would propose: - Remove javadoc validation for tests. This would mean doing validation twice (once as usual, another one for the javadoc). Although it is better to document everything, realistically we won't be able to do everything. Given we are going to have to split the validation, we might as well keep the existing Javadoc validation configuration for the test code so we maintain the standard we currently have. - checkFirstSentence: After testing, this means that the javadoc first (and quite often only) sentence should end with a period. This seems pointless to me, so I plan to add a comment that this should be set to "false". I view that as a "nice to have" / cosmetic change. I might chip away at it slowly over time. If it ever got to the point where the test could pass then we could enable it at that point. - checkEmptyJavadoc: Actually this means the description is empty. It happens often for certain obvious methods where @return is documented instead. I'm slightly wavering on that one, in the generated HTML it does indeed look better if both are set (to the same thing as the content of @return - but with a period at the end, see the first property). Another nice to have although given the improvement in the HTML output probably nicer to have than checkFirstSentence. - MissingJavadocMethod: This one is justified. - MissingJavadocType: Totally justified. Agreed, but a lot of work to add. I expect it will take a long time to clear all those errors. - RequireEmptyLineBeforeBlockTagGroup: Should be ignored, another pedantic arbitrary syntax rule. Is that what all of the Checkstyle rules are ;) Another in the nice to have category for me but mainly because I like consistently formatted code as I find it easier to read. Note: The error counts given include tests, so they're lower than that actually. So: can I proceed with the separation between tests and non tests, and then document why some settings will remain disabled ? This gives a reasonable baseline where it can be assumed the rest is a useful improvement. +1 Can I suggest the disabled settings are described with something like: "Disabled. Large number of errors with minimal benefit to be gained by fixing at this time." Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.85 (round 2)
All, I could use some more votes for this release. Thanks, -chris On 1/12/23 15:17, Christopher Schultz wrote: The proposed Apache Tomcat 8.5.85 release is now available for voting. [[[ Note that the previous tag has been replaced with a new one which contains the signature files produced during the release-build. The commit-id of the tag has therefore changed as noted later in this message. The files uploaded to the Tomcat release directory and to Maven are unchanged. There are no other changes to the tag from the previous 8.5.85 tag. The files added are: res/install-win/tomcat-installer.exe.sig res/install-win/Uninstall.exe.sig ]]] The notable changes compared to 8.5.84 are: - The default value of AccessLogValue's file encoding is now UTF-8. - Correct a regression in the refactoring that replaced the use of the URL constructors. The regression broke lookups for resources that contained one or more characters in their name that required escaping when used in a URI path. - When an HTTP/2 stream was reset, the current active stream count was not reduced. If enough resets occurred on a connection, the current active stream count limit was reached and no new streams could be created on that connection. - Change the default of the org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED system property to true unless the EL library is running on Tomcat in which case the default remains false as the EL library is already called from within a privileged block and skipping the unnecessary privileged block improves performance. Along with lots of other bug fixes and improvements. For full details, see the changelog: https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.85/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1416 The tag is: https://github.com/apache/tomcat/tree/8.5.85/ 7b1f4ce0b82641bf76a3d763bd97d5522513b57b The proposed 8.5.85 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 8.5.85 (stable) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.85 (round 2)
On Thu, Jan 12, 2023 at 9:17 PM Christopher Schultz wrote: > > The proposed Apache Tomcat 8.5.85 release is now available for voting. > > [[[ > Note that the previous tag has been replaced with a new one which > contains the signature files produced during the release-build. The > commit-id of the tag has therefore changed as noted later in this > message. The files uploaded to the Tomcat release directory and to Maven > are unchanged. There are no other changes to the tag from the previous > 8.5.85 tag. The files added are: > > res/install-win/tomcat-installer.exe.sig > res/install-win/Uninstall.exe.sig > ]]] > > The notable changes compared to 8.5.84 are: > > - The default value of AccessLogValue's file encoding is >now UTF-8. > > - Correct a regression in the refactoring that replaced the use of the >URL constructors. The regression broke lookups for resources that >contained one or more characters in their name that required escaping >when used in a URI path. > > - When an HTTP/2 stream was reset, the current active stream count was >not reduced. If enough resets occurred on a connection, the current >active stream count limit was reached and no new streams could be >created on that connection. > > - Change the default of the org.apache.el.GET_CLASSLOADER_USE_PRIVILEGED >system property to true unless the EL library is running on Tomcat in >which case the default remains false as the EL library is already >called from within a privileged block and skipping the unnecessary >privileged block improves performance. > > Along with lots of other bug fixes and improvements. > > For full details, see the changelog: > https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.85/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1416 > > The tag is: > https://github.com/apache/tomcat/tree/8.5.85/ > 7b1f4ce0b82641bf76a3d763bd97d5522513b57b > > The proposed 8.5.85 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 8.5.85 (stable) Rémy > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66429] New: Limit access to Examples and Documentation by localhost only
https://bz.apache.org/bugzilla/show_bug.cgi?id=66429 Bug ID: 66429 Summary: Limit access to Examples and Documentation by localhost only Product: Tomcat 11 Version: unspecified Hardware: PC Status: NEW Severity: enhancement Priority: P2 Component: Examples Assignee: dev@tomcat.apache.org Reporter: knst.koli...@gmail.com Target Milestone: --- I propose to limit access to Examples and Documentation that are bundled with Tomcat, so that they are accessible only from the loopback ip address. I mean, to configure an RemoteAddrValve, in the same way as has already been done for the Manager and Host-Manager web applications. Justification: 1. According to the Apache Tomcat security considerations [1], it is recommended to remove these web applications, so that they are not exposed to the public. 2. Duplicate copies of documentation are indexed by search engines. Alternatively, this could be fought either with "" [2], or by blocking indexing either with a robots.txt file (but ROOT is a separate web application, which makes such solution fragile), or with "" (but the same HTML pages are published to tomcat.apache.org). [1] https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Default_web_applications [2] https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/rel#attr-canonical -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.85 (round 2)
чт, 12 янв. 2023 г. в 23:17, Christopher Schultz : > > The proposed Apache Tomcat 8.5.85 release is now available for voting. > > [...] > > The notable changes compared to 8.5.84 are: > > - The default value of AccessLogValue's file encoding is >now UTF-8. Chris, 1) a typo above, Value -> Valve 2) Note the EOL announcement https://tomcat.apache.org/tomcat-85-eol.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.85/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1416 > > The tag is: > https://github.com/apache/tomcat/tree/8.5.85/ > 7b1f4ce0b82641bf76a3d763bd97d5522513b57b > > The proposed 8.5.85 release is: > [ ] Broken - do not release > [x] Stable - go ahead and release as 8.5.85 (stable) Smoke tests OK. (Installer, Java 7, Examples). Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
