[tomcat] branch main updated: Use final to clarify intent

2023-09-25 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new afe824100b Use final to clarify intent
afe824100b is described below

commit afe824100b8d0e012104b35f15f99633e7df1a50
Author: Mark Thomas 
AuthorDate: Mon Sep 25 08:05:50 2023 +0100

Use final to clarify intent
---
 java/org/apache/catalina/ha/session/DeltaRequest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/ha/session/DeltaRequest.java 
b/java/org/apache/catalina/ha/session/DeltaRequest.java
index db26be78ef..6f21d7f8b2 100644
--- a/java/org/apache/catalina/ha/session/DeltaRequest.java
+++ b/java/org/apache/catalina/ha/session/DeltaRequest.java
@@ -63,7 +63,7 @@ public class DeltaRequest implements Externalizable {
 public static final String NAME_LISTENER = "__SET__LISTENER__";
 
 private String sessionId;
-private Deque actions = new ArrayDeque<>();
+private final Deque actions = new ArrayDeque<>();
 private final Deque actionPool = new ArrayDeque<>();
 
 private boolean recordAllActions = false;


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch 10.1.x updated: Use final to clarify intent

2023-09-25 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new c0ba8ce1aa Use final to clarify intent
c0ba8ce1aa is described below

commit c0ba8ce1aa6836eca1b24873c16bbe1d9cb1320a
Author: Mark Thomas 
AuthorDate: Mon Sep 25 08:05:50 2023 +0100

Use final to clarify intent
---
 java/org/apache/catalina/ha/session/DeltaRequest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/ha/session/DeltaRequest.java 
b/java/org/apache/catalina/ha/session/DeltaRequest.java
index db26be78ef..6f21d7f8b2 100644
--- a/java/org/apache/catalina/ha/session/DeltaRequest.java
+++ b/java/org/apache/catalina/ha/session/DeltaRequest.java
@@ -63,7 +63,7 @@ public class DeltaRequest implements Externalizable {
 public static final String NAME_LISTENER = "__SET__LISTENER__";
 
 private String sessionId;
-private Deque actions = new ArrayDeque<>();
+private final Deque actions = new ArrayDeque<>();
 private final Deque actionPool = new ArrayDeque<>();
 
 private boolean recordAllActions = false;


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch 9.0.x updated: Use final to clarify intent

2023-09-25 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 7695dda6ae Use final to clarify intent
7695dda6ae is described below

commit 7695dda6ae514445bae168b1d827de16ea1818a3
Author: Mark Thomas 
AuthorDate: Mon Sep 25 08:05:50 2023 +0100

Use final to clarify intent
---
 java/org/apache/catalina/ha/session/DeltaRequest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/ha/session/DeltaRequest.java 
b/java/org/apache/catalina/ha/session/DeltaRequest.java
index db26be78ef..6f21d7f8b2 100644
--- a/java/org/apache/catalina/ha/session/DeltaRequest.java
+++ b/java/org/apache/catalina/ha/session/DeltaRequest.java
@@ -63,7 +63,7 @@ public class DeltaRequest implements Externalizable {
 public static final String NAME_LISTENER = "__SET__LISTENER__";
 
 private String sessionId;
-private Deque actions = new ArrayDeque<>();
+private final Deque actions = new ArrayDeque<>();
 private final Deque actionPool = new ArrayDeque<>();
 
 private boolean recordAllActions = false;


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch 8.5.x updated: Use final to clarify intent

2023-09-25 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 176fc9096f Use final to clarify intent
176fc9096f is described below

commit 176fc9096f42b4651235f3e7cc74abb60dbc2556
Author: Mark Thomas 
AuthorDate: Mon Sep 25 08:05:50 2023 +0100

Use final to clarify intent
---
 java/org/apache/catalina/ha/session/DeltaRequest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/ha/session/DeltaRequest.java 
b/java/org/apache/catalina/ha/session/DeltaRequest.java
index db26be78ef..6f21d7f8b2 100644
--- a/java/org/apache/catalina/ha/session/DeltaRequest.java
+++ b/java/org/apache/catalina/ha/session/DeltaRequest.java
@@ -63,7 +63,7 @@ public class DeltaRequest implements Externalizable {
 public static final String NAME_LISTENER = "__SET__LISTENER__";
 
 private String sessionId;
-private Deque actions = new ArrayDeque<>();
+private final Deque actions = new ArrayDeque<>();
 private final Deque actionPool = new ArrayDeque<>();
 
 private boolean recordAllActions = false;


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



Buildbot success in on tomcat-9.0.x

2023-09-25 Thread buildbot
Build status: Build succeeded!
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/37/builds/702
Blamelist: Christopher Schultz , Mark Thomas 

Build Text: build successful
Status Detected: restored build
Build Source Stamp: [branch 9.0.x] 7695dda6ae514445bae168b1d827de16ea1818a3


Steps:

  worker_preparation: 0

  git: 0

  shell: 0

  shell_1: 0

  shell_2: 0

  shell_3: 0

  shell_4: 0

  shell_5: 0

  compile: 1

  shell_6: 0

  shell_7: 0

  shell_8: 0

  shell_9: 0

  Rsync docs to nightlies.apache.org: 0

  shell_10: 0

  Rsync RAT to nightlies.apache.org: 0

  compile_1: 1

  shell_11: 0

  Rsync Logs to nightlies.apache.org: 0


-- ASF Buildbot


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch main updated: Fix bad use of some remove while iterating

2023-09-25 Thread remm
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new d54915ea20 Fix bad use of some remove while iterating
d54915ea20 is described below

commit d54915ea205659f76108d4cd11808a9f31892ca3
Author: remm 
AuthorDate: Mon Sep 25 14:19:00 2023 +0200

Fix bad use of some remove while iterating

FairBlockingQueue was always handling it properly though.
Also add a few missing syncs.
Fix a couple of possible rare NPEs.
Found by coverity.
---
 .../org/apache/tomcat/jdbc/pool/ConnectionPool.java  | 20 +---
 .../apache/tomcat/jdbc/pool/FairBlockingQueue.java   |  8 +++-
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
index 9ea1757952..6cc23a7e7b 100644
--- 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
+++ 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
@@ -1090,7 +1090,7 @@ public class ConnectionPool {
 long time = con.getTimestamp();
 long now = System.currentTimeMillis();
 if (shouldAbandon() && (now - time) > 
con.getAbandonTimeout()) {
-busy.remove(con);
+locked.remove();
 abandon(con);
 setToNull = true;
 } else if (sto > 0 && (now - time) > (sto * 1000L)) {
@@ -1141,7 +1141,7 @@ public class ConnectionPool {
 if (shouldReleaseIdle(now, con, time)) {
 releasedIdleCount.incrementAndGet();
 release(con);
-idle.remove(con);
+unlocked.remove();
 setToNull = true;
 } else {
 //do nothing
@@ -1205,7 +1205,7 @@ public class ConnectionPool {
 }
 if (release) {
 releasedIdleCount.incrementAndGet();
-idle.remove(con);
+unlocked.remove();
 release(con);
 }
 } finally {
@@ -1460,7 +1460,9 @@ public class ConnectionPool {
 if (configured.compareAndSet(false, true)) {
 try {
 pc = borrowConnection(System.currentTimeMillis(),pc, 
null, null);
-result = ConnectionPool.this.setupConnection(pc);
+if (pc != null) {
+result = ConnectionPool.this.setupConnection(pc);
+}
 } catch (SQLException x) {
 cause = x;
 } finally {
@@ -1502,7 +1504,9 @@ public class ConnectionPool {
 public void run() {
 try {
 Connection con = get(); //complete this future
-con.close(); //return to the pool
+if (con != null) {
+con.close(); //return to the pool
+}
 }catch (ExecutionException ex) {
 //we can ignore this
 }catch (Exception x) {
@@ -1551,7 +1555,8 @@ public class ConnectionPool {
 }
 }
 
-public static Set getPoolCleaners() {
+// Testing use only
+public static synchronized Set getPoolCleaners() {
 return Collections.unmodifiableSet(cleaners);
 }
 
@@ -1559,7 +1564,8 @@ public class ConnectionPool {
 return poolVersion.get();
 }
 
-public static Timer getPoolTimer() {
+// Testing use only
+public static synchronized Timer getPoolTimer() {
 return poolCleanTimer;
 }
 
diff --git 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
index 80d90c2b69..6b23c1abe3 100644
--- 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
+++ 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
@@ -232,7 +232,13 @@ public class FairBlockingQueue implements 
BlockingQueue {
 
 @Override
 public int size() {
-return items.size();
+final ReentrantLock lock = this.lock;
+lock.lock();
+try {
+return items.size();
+} finally {
+lock.unlock();
+}
 }
 
 @Override


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch 10.1.x updated: Fix bad use of some remove while iterating

2023-09-25 Thread remm
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new cf2c5f9762 Fix bad use of some remove while iterating
cf2c5f9762 is described below

commit cf2c5f9762883eccbfc926c5d858a99cecc77c03
Author: remm 
AuthorDate: Mon Sep 25 14:19:00 2023 +0200

Fix bad use of some remove while iterating

FairBlockingQueue was always handling it properly though.
Also add a few missing syncs.
Fix a couple of possible rare NPEs.
Found by coverity.
---
 .../org/apache/tomcat/jdbc/pool/ConnectionPool.java  | 20 +---
 .../apache/tomcat/jdbc/pool/FairBlockingQueue.java   |  8 +++-
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
index 5e8adbbd03..30492c3971 100644
--- 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
+++ 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
@@ -1092,7 +1092,7 @@ public class ConnectionPool {
 long time = con.getTimestamp();
 long now = System.currentTimeMillis();
 if (shouldAbandon() && (now - time) > 
con.getAbandonTimeout()) {
-busy.remove(con);
+locked.remove();
 abandon(con);
 setToNull = true;
 } else if (sto > 0 && (now - time) > (sto * 1000L)) {
@@ -1143,7 +1143,7 @@ public class ConnectionPool {
 if (shouldReleaseIdle(now, con, time)) {
 releasedIdleCount.incrementAndGet();
 release(con);
-idle.remove(con);
+unlocked.remove();
 setToNull = true;
 } else {
 //do nothing
@@ -1207,7 +1207,7 @@ public class ConnectionPool {
 }
 if (release) {
 releasedIdleCount.incrementAndGet();
-idle.remove(con);
+unlocked.remove();
 release(con);
 }
 } finally {
@@ -1462,7 +1462,9 @@ public class ConnectionPool {
 if (configured.compareAndSet(false, true)) {
 try {
 pc = borrowConnection(System.currentTimeMillis(),pc, 
null, null);
-result = ConnectionPool.this.setupConnection(pc);
+if (pc != null) {
+result = ConnectionPool.this.setupConnection(pc);
+}
 } catch (SQLException x) {
 cause = x;
 } finally {
@@ -1504,7 +1506,9 @@ public class ConnectionPool {
 public void run() {
 try {
 Connection con = get(); //complete this future
-con.close(); //return to the pool
+if (con != null) {
+con.close(); //return to the pool
+}
 }catch (ExecutionException ex) {
 //we can ignore this
 }catch (Exception x) {
@@ -1560,7 +1564,8 @@ public class ConnectionPool {
 }
 }
 
-public static Set getPoolCleaners() {
+// Testing use only
+public static synchronized Set getPoolCleaners() {
 return Collections.unmodifiableSet(cleaners);
 }
 
@@ -1568,7 +1573,8 @@ public class ConnectionPool {
 return poolVersion.get();
 }
 
-public static Timer getPoolTimer() {
+// Testing use only
+public static synchronized Timer getPoolTimer() {
 return poolCleanTimer;
 }
 
diff --git 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
index 80d90c2b69..6b23c1abe3 100644
--- 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
+++ 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
@@ -232,7 +232,13 @@ public class FairBlockingQueue implements 
BlockingQueue {
 
 @Override
 public int size() {
-return items.size();
+final ReentrantLock lock = this.lock;
+lock.lock();
+try {
+return items.size();
+} finally {
+lock.unlock();
+}
 }
 
 @Override


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch 9.0.x updated: Fix bad use of some remove while iterating

2023-09-25 Thread remm
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 90d2b082f7 Fix bad use of some remove while iterating
90d2b082f7 is described below

commit 90d2b082f74c664137844a13a1bea8892d2ab4e7
Author: remm 
AuthorDate: Mon Sep 25 14:19:00 2023 +0200

Fix bad use of some remove while iterating

FairBlockingQueue was always handling it properly though.
Also add a few missing syncs.
Fix a couple of possible rare NPEs.
Found by coverity.
---
 .../org/apache/tomcat/jdbc/pool/ConnectionPool.java  | 20 +---
 .../apache/tomcat/jdbc/pool/FairBlockingQueue.java   |  8 +++-
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
index bb263c115c..479650c89c 100644
--- 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
+++ 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
@@ -1085,7 +1085,7 @@ public class ConnectionPool {
 long time = con.getTimestamp();
 long now = System.currentTimeMillis();
 if (shouldAbandon() && (now - time) > 
con.getAbandonTimeout()) {
-busy.remove(con);
+locked.remove();
 abandon(con);
 setToNull = true;
 } else if (sto > 0 && (now - time) > (sto * 1000L)) {
@@ -1136,7 +1136,7 @@ public class ConnectionPool {
 if (shouldReleaseIdle(now, con, time)) {
 releasedIdleCount.incrementAndGet();
 release(con);
-idle.remove(con);
+unlocked.remove();
 setToNull = true;
 } else {
 //do nothing
@@ -1200,7 +1200,7 @@ public class ConnectionPool {
 }
 if (release) {
 releasedIdleCount.incrementAndGet();
-idle.remove(con);
+unlocked.remove();
 release(con);
 }
 } finally {
@@ -1455,7 +1455,9 @@ public class ConnectionPool {
 if (configured.compareAndSet(false, true)) {
 try {
 pc = borrowConnection(System.currentTimeMillis(),pc, 
null, null);
-result = ConnectionPool.this.setupConnection(pc);
+if (pc != null) {
+result = ConnectionPool.this.setupConnection(pc);
+}
 } catch (SQLException x) {
 cause = x;
 } finally {
@@ -1497,7 +1499,9 @@ public class ConnectionPool {
 public void run() {
 try {
 Connection con = get(); //complete this future
-con.close(); //return to the pool
+if (con != null) {
+con.close(); //return to the pool
+}
 }catch (ExecutionException ex) {
 //we can ignore this
 }catch (Exception x) {
@@ -1553,7 +1557,8 @@ public class ConnectionPool {
 }
 }
 
-public static Set getPoolCleaners() {
+// Testing use only
+public static synchronized Set getPoolCleaners() {
 return Collections.unmodifiableSet(cleaners);
 }
 
@@ -1561,7 +1566,8 @@ public class ConnectionPool {
 return poolVersion.get();
 }
 
-public static Timer getPoolTimer() {
+// Testing use only
+public static synchronized Timer getPoolTimer() {
 return poolCleanTimer;
 }
 
diff --git 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
index 80d90c2b69..6b23c1abe3 100644
--- 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
+++ 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
@@ -232,7 +232,13 @@ public class FairBlockingQueue implements 
BlockingQueue {
 
 @Override
 public int size() {
-return items.size();
+final ReentrantLock lock = this.lock;
+lock.lock();
+try {
+return items.size();
+} finally {
+lock.unlock();
+}
 }
 
 @Override


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch 8.5.x updated: Fix bad use of some remove while iterating

2023-09-25 Thread remm
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new b887891f77 Fix bad use of some remove while iterating
b887891f77 is described below

commit b887891f77c616b0dcd1f43f9cf886381b45013f
Author: remm 
AuthorDate: Mon Sep 25 14:19:00 2023 +0200

Fix bad use of some remove while iterating

FairBlockingQueue was always handling it properly though.
Also add a few missing syncs.
Fix a couple of possible rare NPEs.
Found by coverity.
---
 .../org/apache/tomcat/jdbc/pool/ConnectionPool.java  | 20 +---
 .../apache/tomcat/jdbc/pool/FairBlockingQueue.java   |  8 +++-
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
index acfa1f191e..8b59d84d1a 100644
--- 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
+++ 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java
@@ -1046,7 +1046,7 @@ public class ConnectionPool {
 long time = con.getTimestamp();
 long now = System.currentTimeMillis();
 if (shouldAbandon() && (now - time) > 
con.getAbandonTimeout()) {
-busy.remove(con);
+locked.remove();
 abandon(con);
 setToNull = true;
 } else if (sto > 0 && (now - time) > (sto * 1000L)) {
@@ -1097,7 +1097,7 @@ public class ConnectionPool {
 if (shouldReleaseIdle(now, con, time)) {
 releasedIdleCount.incrementAndGet();
 release(con);
-idle.remove(con);
+unlocked.remove();
 setToNull = true;
 } else {
 //do nothing
@@ -1145,7 +1145,7 @@ public class ConnectionPool {
 }
 if (!con.validate(PooledConnection.VALIDATE_IDLE)) {
 releasedIdleCount.incrementAndGet();
-idle.remove(con);
+unlocked.remove();
 release(con);
 }
 } finally {
@@ -1400,7 +1400,9 @@ public class ConnectionPool {
 if (configured.compareAndSet(false, true)) {
 try {
 pc = borrowConnection(System.currentTimeMillis(),pc, 
null, null);
-result = ConnectionPool.this.setupConnection(pc);
+if (pc != null) {
+result = ConnectionPool.this.setupConnection(pc);
+}
 } catch (SQLException x) {
 cause = x;
 } finally {
@@ -1442,7 +1444,9 @@ public class ConnectionPool {
 public void run() {
 try {
 Connection con = get(); //complete this future
-con.close(); //return to the pool
+if (con != null) {
+con.close(); //return to the pool
+}
 }catch (ExecutionException ex) {
 //we can ignore this
 }catch (Exception x) {
@@ -1498,7 +1502,8 @@ public class ConnectionPool {
 }
 }
 
-public static Set getPoolCleaners() {
+// Testing use only
+public static synchronized Set getPoolCleaners() {
 return Collections.unmodifiableSet(cleaners);
 }
 
@@ -1506,7 +1511,8 @@ public class ConnectionPool {
 return poolVersion.get();
 }
 
-public static Timer getPoolTimer() {
+// Testing use only
+public static synchronized Timer getPoolTimer() {
 return poolCleanTimer;
 }
 
diff --git 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
index 80d90c2b69..6b23c1abe3 100644
--- 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
+++ 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java
@@ -232,7 +232,13 @@ public class FairBlockingQueue implements 
BlockingQueue {
 
 @Override
 public int size() {
-return items.size();
+final ReentrantLock lock = this.lock;
+lock.lock();
+try {
+return items.size();
+} finally {
+lock.unlock();
+}
 }
 
 @Override


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h..

[Bug 66875] Handling async error after spring already handled error

2023-09-25 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=66875

Nils Kohrs  changed:

   What|Removed |Added

 Status|RESOLVED|REOPENED
 Resolution|DUPLICATE   |---

--- Comment #2 from Nils Kohrs  ---
With the exact same code I do still run into the same issue as before. You
might have not included org.jetbrains.kotlinx:kotlinx-coroutines-reactor as
dependency. If that dependency is not added then tomcat calls are not executed
in async mode.

Here is the log output for Spring Boot v3.1.3 and Tomcat 10.1.12 for the
aforementioned code.

  .     ___ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  || .__|_| |_|_| |_\__, | / / / /
 =|_|==|___/=/_/_/_/
 :: Spring Boot ::(v3.1.3)

2023-09-25T14:28:52.231+02:00  INFO 41884 --- [   main]
com.example.demo.DemoApplicationKt   : Starting DemoApplicationKt using
Java 18.0.2.1 with PID 41884 (...)
2023-09-25T14:28:52.233+02:00  INFO 41884 --- [   main]
com.example.demo.DemoApplicationKt   : No active profile set, falling back
to 1 default profile: "default"
2023-09-25T14:28:52.848+02:00  INFO 41884 --- [   main]
o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s):
8080 (http)
2023-09-25T14:28:52.854+02:00  INFO 41884 --- [   main]
o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2023-09-25T14:28:52.855+02:00  INFO 41884 --- [   main]
o.apache.catalina.core.StandardEngine: Starting Servlet engine: [Apache
Tomcat/10.1.12]
2023-09-25T14:28:52.917+02:00  INFO 41884 --- [   main]
o.a.c.c.C.[Tomcat].[localhost].[/]   : Initializing Spring embedded
WebApplicationContext
2023-09-25T14:28:52.918+02:00  INFO 41884 --- [   main]
w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext:
initialization completed in 649 ms
2023-09-25T14:28:53.190+02:00  INFO 41884 --- [   main]
o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8080
(http) with context path ''
2023-09-25T14:28:53.194+02:00  INFO 41884 --- [   main]
com.example.demo.DemoApplicationKt   : Started DemoApplicationKt in 1.251
seconds (process running for 1.71)
2023-09-25T14:28:54.564+02:00  INFO 41884 --- [nio-8080-exec-1]
o.a.c.c.C.[Tomcat].[localhost].[/]   : Initializing Spring
DispatcherServlet 'dispatcherServlet'
2023-09-25T14:28:54.564+02:00  INFO 41884 --- [nio-8080-exec-1]
o.s.web.servlet.DispatcherServlet: Initializing Servlet
'dispatcherServlet'
2023-09-25T14:28:54.564+02:00  INFO 41884 --- [nio-8080-exec-1]
o.s.web.servlet.DispatcherServlet: Completed initialization in 0 ms
2023-09-25T14:28:54.821+02:00 ERROR 41884 --- [nio-8080-exec-1]
s.e.ErrorMvcAutoConfiguration$StaticView : Cannot render error page for request
[/suspend] as the response has already been committed. As a result, the
response may have the wrong status code.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch main updated: Avoid possible NPEs

2023-09-25 Thread remm
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new bee52614f3 Avoid possible NPEs
bee52614f3 is described below

commit bee52614f3d694b169c2682b539d98ced93eb1a8
Author: remm 
AuthorDate: Mon Sep 25 14:42:36 2023 +0200

Avoid possible NPEs
---
 .../src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java  | 2 +-
 .../org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java | 6 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
index d91cc0861f..04fc32fc35 100644
--- 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
+++ 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
@@ -106,7 +106,7 @@ public class ProxyConnection extends JdbcInterceptor {
 return this.toString();
 } else if (compare(GETCONNECTION_VAL,method) && connection!=null) {
 return connection.getConnection();
-} else if 
(method.getDeclaringClass().isAssignableFrom(XAConnection.class)) {
+} else if 
(method.getDeclaringClass().isAssignableFrom(XAConnection.class) && connection 
!= null) {
 try {
 return method.invoke(connection.getXAConnection(),args);
 }catch (Throwable t) {
diff --git 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
index 9ce39c089f..8b74b64bcc 100644
--- 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
+++ 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
@@ -218,7 +218,11 @@ public class StatementCache extends 
StatementDecoratorInterceptor implements Sta
 if (cache == null) {
   return null;
 }
-return cache.get(createCacheKey(method, args));
+CacheKey key = createCacheKey(method, args);
+if (key == null) {
+throw new IllegalArgumentException("Null key");
+}
+return cache.get(key);
 }
 
 public boolean cacheStatement(CachedStatement proxy) {


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch 10.1.x updated: Avoid possible NPEs

2023-09-25 Thread remm
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new 203b1bc93c Avoid possible NPEs
203b1bc93c is described below

commit 203b1bc93ce816fec6debae36ea8d907dab32ce8
Author: remm 
AuthorDate: Mon Sep 25 14:42:36 2023 +0200

Avoid possible NPEs
---
 .../src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java  | 2 +-
 .../org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java | 6 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
index d91cc0861f..04fc32fc35 100644
--- 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
+++ 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
@@ -106,7 +106,7 @@ public class ProxyConnection extends JdbcInterceptor {
 return this.toString();
 } else if (compare(GETCONNECTION_VAL,method) && connection!=null) {
 return connection.getConnection();
-} else if 
(method.getDeclaringClass().isAssignableFrom(XAConnection.class)) {
+} else if 
(method.getDeclaringClass().isAssignableFrom(XAConnection.class) && connection 
!= null) {
 try {
 return method.invoke(connection.getXAConnection(),args);
 }catch (Throwable t) {
diff --git 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
index 9ce39c089f..8b74b64bcc 100644
--- 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
+++ 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
@@ -218,7 +218,11 @@ public class StatementCache extends 
StatementDecoratorInterceptor implements Sta
 if (cache == null) {
   return null;
 }
-return cache.get(createCacheKey(method, args));
+CacheKey key = createCacheKey(method, args);
+if (key == null) {
+throw new IllegalArgumentException("Null key");
+}
+return cache.get(key);
 }
 
 public boolean cacheStatement(CachedStatement proxy) {


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch 9.0.x updated: Avoid possible NPEs

2023-09-25 Thread remm
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new ec48807ac4 Avoid possible NPEs
ec48807ac4 is described below

commit ec48807ac455d0da1aac4d53b74fd9cff0c2bc76
Author: remm 
AuthorDate: Mon Sep 25 14:42:36 2023 +0200

Avoid possible NPEs
---
 .../src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java  | 2 +-
 .../org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java | 6 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
index d91cc0861f..04fc32fc35 100644
--- 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
+++ 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
@@ -106,7 +106,7 @@ public class ProxyConnection extends JdbcInterceptor {
 return this.toString();
 } else if (compare(GETCONNECTION_VAL,method) && connection!=null) {
 return connection.getConnection();
-} else if 
(method.getDeclaringClass().isAssignableFrom(XAConnection.class)) {
+} else if 
(method.getDeclaringClass().isAssignableFrom(XAConnection.class) && connection 
!= null) {
 try {
 return method.invoke(connection.getXAConnection(),args);
 }catch (Throwable t) {
diff --git 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
index 9ce39c089f..8b74b64bcc 100644
--- 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
+++ 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
@@ -218,7 +218,11 @@ public class StatementCache extends 
StatementDecoratorInterceptor implements Sta
 if (cache == null) {
   return null;
 }
-return cache.get(createCacheKey(method, args));
+CacheKey key = createCacheKey(method, args);
+if (key == null) {
+throw new IllegalArgumentException("Null key");
+}
+return cache.get(key);
 }
 
 public boolean cacheStatement(CachedStatement proxy) {


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch 8.5.x updated: Avoid possible NPEs

2023-09-25 Thread remm
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 1a08b3eaae Avoid possible NPEs
1a08b3eaae is described below

commit 1a08b3eaae353431e3021497323b828a6000591f
Author: remm 
AuthorDate: Mon Sep 25 14:42:36 2023 +0200

Avoid possible NPEs
---
 .../src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java  | 2 +-
 .../org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java | 6 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
index 5db8525593..193a08f5c6 100644
--- 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
+++ 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java
@@ -106,7 +106,7 @@ public class ProxyConnection extends JdbcInterceptor {
 return this.toString();
 } else if (compare(GETCONNECTION_VAL,method) && connection!=null) {
 return connection.getConnection();
-} else if 
(method.getDeclaringClass().isAssignableFrom(XAConnection.class)) {
+} else if 
(method.getDeclaringClass().isAssignableFrom(XAConnection.class) && connection 
!= null) {
 try {
 return method.invoke(connection.getXAConnection(),args);
 }catch (Throwable t) {
diff --git 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
index 505f0e4142..9cf08123a1 100644
--- 
a/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
+++ 
b/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/StatementCache.java
@@ -230,7 +230,11 @@ public class StatementCache extends 
StatementDecoratorInterceptor implements Sta
 if (cache == null) {
   return null;
 }
-return cache.get(createCacheKey(method, args));
+CacheKey key = createCacheKey(method, args);
+if (key == null) {
+throw new IllegalArgumentException("Null key");
+}
+return cache.get(key);
 }
 
 public boolean cacheStatement(CachedStatement proxy) {


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[tomcat] branch main updated: Fix BZ 65770 - add a listener to reload TLS certificates

2023-09-25 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new bf444e4f1b Fix BZ 65770 - add a listener to reload TLS certificates
bf444e4f1b is described below

commit bf444e4f1b9cc19d444f22ca157a015a6bc686f1
Author: Mark Thomas 
AuthorDate: Mon Sep 25 15:46:27 2023 +0100

Fix BZ 65770 - add a listener to reload TLS certificates

The listener is intended to be used in environments where a 3rd party
component (e.g. certbot) is responsible for regularly renewing the
certificate.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
---
 .../catalina/security/LocalStrings.properties  |   4 +
 .../security/TLSCertificateReloadListener.java | 176 +
 java/org/apache/coyote/ProtocolHandler.java|  13 ++
 .../org/apache/coyote/ajp/AbstractAjpProtocol.java |   6 +
 .../coyote/http11/AbstractHttp11Protocol.java  |   6 +
 java/org/apache/tomcat/util/net/SSLHostConfig.java |  26 +++
 webapps/docs/changelog.xml |   6 +
 webapps/docs/config/listeners.xml  |  37 +
 8 files changed, 274 insertions(+)

diff --git a/java/org/apache/catalina/security/LocalStrings.properties 
b/java/org/apache/catalina/security/LocalStrings.properties
index a058198cfb..49dace925f 100644
--- a/java/org/apache/catalina/security/LocalStrings.properties
+++ b/java/org/apache/catalina/security/LocalStrings.properties
@@ -20,3 +20,7 @@ SecurityListener.checkUmaskSkip=Unable to determine umask. It 
appears Tomcat is
 SecurityListener.checkUserWarning=Start attempted while running as user [{0}]. 
Running Tomcat as this user has been blocked by the Lifecycle listener 
org.apache.catalina.security.SecurityListener (usually configured in 
CATALINA_BASE/conf/server.xml)
 
 listener.notServer=This listener must only be nested within Server elements, 
but is in [{0}].
+
+tlsCertRenewalListener.notRenewed=[{0}], TLS virtual host [{1}] with name 
[{2}] that expires on [{3}] is overdue for renewal
+tlsCertRenewalListener.reloadFailed=[{0}], TLS virtual host [{1}] reload of 
TLS configuration failed
+tlsCertRenewalListener.reloadSuccess=[{0}], TLS virtual host [{1}] reloaded 
TLS configuration
\ No newline at end of file
diff --git 
a/java/org/apache/catalina/security/TLSCertificateReloadListener.java 
b/java/org/apache/catalina/security/TLSCertificateReloadListener.java
new file mode 100644
index 00..d9fe20f462
--- /dev/null
+++ b/java/org/apache/catalina/security/TLSCertificateReloadListener.java
@@ -0,0 +1,176 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.security;
+
+import java.security.cert.X509Certificate;
+import java.util.Calendar;
+import java.util.Set;
+
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.catalina.Server;
+import org.apache.catalina.Service;
+import org.apache.catalina.connector.Connector;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.net.SSLHostConfig;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * A {@link LifecycleListener} that may be used to monitor the expiration 
dates of TLS certificates and trigger
+ * automatic reloading of the TLS configuration a set number of days before 
the TLS certificate expires.
+ * 
+ * This listener assumes there is some other process (certbot, cloud 
infrastructure, etc) that renews the certificate on
+ * a regular basis and replaces the current certificate with the new one.
+ * 
+ * This listener does NOT re-read the Tomcat configuration from 
server.xml. If you make changes to server.xml you
+ * must restart the Tomcat process to pick up those changes.
+ * 
+ */
+public class TLSCertificateReloadListener implements LifecycleListener {
+
+private static final Log log = 
LogFactory.getLog(TLSCertificateReloadListener.class);
+private static final StringManager sm = 
StringManager.getManager(TLSCertificateReloadListener.class);
+

[tomcat] branch 10.1.x updated: Fix BZ 65770 - add a listener to reload TLS certificates

2023-09-25 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new fa17aed463 Fix BZ 65770 - add a listener to reload TLS certificates
fa17aed463 is described below

commit fa17aed4638e99c3a0f736b0aa7e61b50300988c
Author: Mark Thomas 
AuthorDate: Mon Sep 25 15:46:27 2023 +0100

Fix BZ 65770 - add a listener to reload TLS certificates

The listener is intended to be used in environments where a 3rd party
component (e.g. certbot) is responsible for regularly renewing the
certificate.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
---
 .../catalina/security/LocalStrings.properties  |   4 +
 .../security/TLSCertificateReloadListener.java | 176 +
 java/org/apache/coyote/ProtocolHandler.java|  13 ++
 .../org/apache/coyote/ajp/AbstractAjpProtocol.java |   6 +
 .../coyote/http11/AbstractHttp11Protocol.java  |   6 +
 java/org/apache/tomcat/util/net/SSLHostConfig.java |  26 +++
 webapps/docs/changelog.xml |   6 +
 webapps/docs/config/listeners.xml  |  37 +
 8 files changed, 274 insertions(+)

diff --git a/java/org/apache/catalina/security/LocalStrings.properties 
b/java/org/apache/catalina/security/LocalStrings.properties
index f1e1aa689c..b2f6cdf023 100644
--- a/java/org/apache/catalina/security/LocalStrings.properties
+++ b/java/org/apache/catalina/security/LocalStrings.properties
@@ -22,3 +22,7 @@ SecurityListener.checkUserWarning=Start attempted while 
running as user [{0}]. R
 SecurityUtil.doAsPrivilege=An exception occurs when running the 
PrivilegedExceptionAction block.
 
 listener.notServer=This listener must only be nested within Server elements, 
but is in [{0}].
+
+tlsCertRenewalListener.notRenewed=[{0}], TLS virtual host [{1}] with name 
[{2}] that expires on [{3}] is overdue for renewal
+tlsCertRenewalListener.reloadFailed=[{0}], TLS virtual host [{1}] reload of 
TLS configuration failed
+tlsCertRenewalListener.reloadSuccess=[{0}], TLS virtual host [{1}] reloaded 
TLS configuration
\ No newline at end of file
diff --git 
a/java/org/apache/catalina/security/TLSCertificateReloadListener.java 
b/java/org/apache/catalina/security/TLSCertificateReloadListener.java
new file mode 100644
index 00..d9fe20f462
--- /dev/null
+++ b/java/org/apache/catalina/security/TLSCertificateReloadListener.java
@@ -0,0 +1,176 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.security;
+
+import java.security.cert.X509Certificate;
+import java.util.Calendar;
+import java.util.Set;
+
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.catalina.Server;
+import org.apache.catalina.Service;
+import org.apache.catalina.connector.Connector;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.net.SSLHostConfig;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * A {@link LifecycleListener} that may be used to monitor the expiration 
dates of TLS certificates and trigger
+ * automatic reloading of the TLS configuration a set number of days before 
the TLS certificate expires.
+ * 
+ * This listener assumes there is some other process (certbot, cloud 
infrastructure, etc) that renews the certificate on
+ * a regular basis and replaces the current certificate with the new one.
+ * 
+ * This listener does NOT re-read the Tomcat configuration from 
server.xml. If you make changes to server.xml you
+ * must restart the Tomcat process to pick up those changes.
+ * 
+ */
+public class TLSCertificateReloadListener implements LifecycleListener {
+
+private static final Log log = 
LogFactory.getLog(TLSCertificateReloadListener.class);
+private static final StringManager sm = 
StringManager.getManager(TLSCertificateReloadListener.class);
+
+// Configuration
+private int checkPeriod = 24 * 60 * 60;
+private int daysBefore = 14;
+
+// State
+private Calendar nextCheck 

[tomcat] branch 9.0.x updated: Fix BZ 65770 - add a listener to reload TLS certificates

2023-09-25 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 7d388dbd3e Fix BZ 65770 - add a listener to reload TLS certificates
7d388dbd3e is described below

commit 7d388dbd3e43fd9c1406a464505449c0b770b12f
Author: Mark Thomas 
AuthorDate: Mon Sep 25 15:46:27 2023 +0100

Fix BZ 65770 - add a listener to reload TLS certificates

The listener is intended to be used in environments where a 3rd party
component (e.g. certbot) is responsible for regularly renewing the
certificate.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
---
 .../catalina/security/LocalStrings.properties  |   4 +
 .../security/TLSCertificateReloadListener.java | 176 +
 java/org/apache/coyote/ProtocolHandler.java|  13 ++
 .../org/apache/coyote/ajp/AbstractAjpProtocol.java |   6 +
 .../coyote/http11/AbstractHttp11Protocol.java  |   6 +
 java/org/apache/tomcat/util/net/SSLHostConfig.java |  26 +++
 webapps/docs/changelog.xml |   6 +
 webapps/docs/config/listeners.xml  |  37 +
 8 files changed, 274 insertions(+)

diff --git a/java/org/apache/catalina/security/LocalStrings.properties 
b/java/org/apache/catalina/security/LocalStrings.properties
index f1e1aa689c..b2f6cdf023 100644
--- a/java/org/apache/catalina/security/LocalStrings.properties
+++ b/java/org/apache/catalina/security/LocalStrings.properties
@@ -22,3 +22,7 @@ SecurityListener.checkUserWarning=Start attempted while 
running as user [{0}]. R
 SecurityUtil.doAsPrivilege=An exception occurs when running the 
PrivilegedExceptionAction block.
 
 listener.notServer=This listener must only be nested within Server elements, 
but is in [{0}].
+
+tlsCertRenewalListener.notRenewed=[{0}], TLS virtual host [{1}] with name 
[{2}] that expires on [{3}] is overdue for renewal
+tlsCertRenewalListener.reloadFailed=[{0}], TLS virtual host [{1}] reload of 
TLS configuration failed
+tlsCertRenewalListener.reloadSuccess=[{0}], TLS virtual host [{1}] reloaded 
TLS configuration
\ No newline at end of file
diff --git 
a/java/org/apache/catalina/security/TLSCertificateReloadListener.java 
b/java/org/apache/catalina/security/TLSCertificateReloadListener.java
new file mode 100644
index 00..d9fe20f462
--- /dev/null
+++ b/java/org/apache/catalina/security/TLSCertificateReloadListener.java
@@ -0,0 +1,176 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.security;
+
+import java.security.cert.X509Certificate;
+import java.util.Calendar;
+import java.util.Set;
+
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.catalina.Server;
+import org.apache.catalina.Service;
+import org.apache.catalina.connector.Connector;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.net.SSLHostConfig;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * A {@link LifecycleListener} that may be used to monitor the expiration 
dates of TLS certificates and trigger
+ * automatic reloading of the TLS configuration a set number of days before 
the TLS certificate expires.
+ * 
+ * This listener assumes there is some other process (certbot, cloud 
infrastructure, etc) that renews the certificate on
+ * a regular basis and replaces the current certificate with the new one.
+ * 
+ * This listener does NOT re-read the Tomcat configuration from 
server.xml. If you make changes to server.xml you
+ * must restart the Tomcat process to pick up those changes.
+ * 
+ */
+public class TLSCertificateReloadListener implements LifecycleListener {
+
+private static final Log log = 
LogFactory.getLog(TLSCertificateReloadListener.class);
+private static final StringManager sm = 
StringManager.getManager(TLSCertificateReloadListener.class);
+
+// Configuration
+private int checkPeriod = 24 * 60 * 60;
+private int daysBefore = 14;
+
+// State
+private Calendar nextCheck = 

[tomcat] branch 8.5.x updated: Fix BZ 65770 - add a listener to reload TLS certificates

2023-09-25 Thread markt
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new b8342720e8 Fix BZ 65770 - add a listener to reload TLS certificates
b8342720e8 is described below

commit b8342720e8c0e6c7622323dffb989a0bd6bc0719
Author: Mark Thomas 
AuthorDate: Mon Sep 25 15:46:27 2023 +0100

Fix BZ 65770 - add a listener to reload TLS certificates

The listener is intended to be used in environments where a 3rd party
component (e.g. certbot) is responsible for regularly renewing the
certificate.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
---
 .../catalina/security/LocalStrings.properties  |   4 +
 .../security/TLSCertificateReloadListener.java | 176 +
 java/org/apache/coyote/ProtocolHandler.java|  13 ++
 .../org/apache/coyote/ajp/AbstractAjpProtocol.java |   6 +
 .../coyote/http11/AbstractHttp11Protocol.java  |   6 +
 java/org/apache/tomcat/util/net/SSLHostConfig.java |  26 +++
 webapps/docs/changelog.xml |   6 +
 webapps/docs/config/listeners.xml  |  37 +
 8 files changed, 274 insertions(+)

diff --git a/java/org/apache/catalina/security/LocalStrings.properties 
b/java/org/apache/catalina/security/LocalStrings.properties
index f1e1aa689c..b2f6cdf023 100644
--- a/java/org/apache/catalina/security/LocalStrings.properties
+++ b/java/org/apache/catalina/security/LocalStrings.properties
@@ -22,3 +22,7 @@ SecurityListener.checkUserWarning=Start attempted while 
running as user [{0}]. R
 SecurityUtil.doAsPrivilege=An exception occurs when running the 
PrivilegedExceptionAction block.
 
 listener.notServer=This listener must only be nested within Server elements, 
but is in [{0}].
+
+tlsCertRenewalListener.notRenewed=[{0}], TLS virtual host [{1}] with name 
[{2}] that expires on [{3}] is overdue for renewal
+tlsCertRenewalListener.reloadFailed=[{0}], TLS virtual host [{1}] reload of 
TLS configuration failed
+tlsCertRenewalListener.reloadSuccess=[{0}], TLS virtual host [{1}] reloaded 
TLS configuration
\ No newline at end of file
diff --git 
a/java/org/apache/catalina/security/TLSCertificateReloadListener.java 
b/java/org/apache/catalina/security/TLSCertificateReloadListener.java
new file mode 100644
index 00..d9fe20f462
--- /dev/null
+++ b/java/org/apache/catalina/security/TLSCertificateReloadListener.java
@@ -0,0 +1,176 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.security;
+
+import java.security.cert.X509Certificate;
+import java.util.Calendar;
+import java.util.Set;
+
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.catalina.Server;
+import org.apache.catalina.Service;
+import org.apache.catalina.connector.Connector;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.net.SSLHostConfig;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * A {@link LifecycleListener} that may be used to monitor the expiration 
dates of TLS certificates and trigger
+ * automatic reloading of the TLS configuration a set number of days before 
the TLS certificate expires.
+ * 
+ * This listener assumes there is some other process (certbot, cloud 
infrastructure, etc) that renews the certificate on
+ * a regular basis and replaces the current certificate with the new one.
+ * 
+ * This listener does NOT re-read the Tomcat configuration from 
server.xml. If you make changes to server.xml you
+ * must restart the Tomcat process to pick up those changes.
+ * 
+ */
+public class TLSCertificateReloadListener implements LifecycleListener {
+
+private static final Log log = 
LogFactory.getLog(TLSCertificateReloadListener.class);
+private static final StringManager sm = 
StringManager.getManager(TLSCertificateReloadListener.class);
+
+// Configuration
+private int checkPeriod = 24 * 60 * 60;
+private int daysBefore = 14;
+
+// State
+private Calendar nextCheck = 

[Bug 65770] Make keys reload automatically

2023-09-25 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #14 from Mark Thomas  ---
Fixed in:
- 11.0.x for 11.0.0-M12 onwards
- 10.1.x for 10.1.14 onwards
-  9.0.x for  9.0.81 onwards
-  8.5.x for  8.5.94 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org