Possibly found a bug in Tomcat

2008-07-25 Thread Hendrik Helwich 
Hello tomcat developers,

i tried to integrate OpenSSO (https://opensso.dev.java.net/) with
liferay (http://www.liferay.com), which is a web-application which is
recommended to run in Tomcat 5.5.
It does not work and i found out, that it is a cookie problem.

In the request a cookie is send:
[EMAIL PROTECTED];

But in the corresponding instance of javax.servlet.http.Cookie the value is:
AQIC5wM2LY4SfcyGIL7gS99bMIQ5i2cP7jYw2bFMCztKUw0

The end of the value is missing and it seems there is a bug in
Cookie-Parser.

I tried to figure it out by myself and followed the instructions on
http://tomcat.apache.org/tomcat-6.0-doc/building.html
to build tomcat, but i got an error while executing "ant download"  (log
is appended).
My Java version is 1.6.0_01-b06.

Can you help or give me a hint?

Thanks
Hendrik

Buildfile: build.xml

download:

proxyflags:

setproxy:

testexist:
 [echo] Testing  for 
/home/hendrik/trash/usr/share/java/tomcat-native-1.1.14/tomcat-native.tar.gz

downloadfile:

proxyflags:

setproxy:

testexist:
 [echo] Testing  for 
/home/hendrik/trash/usr/share/java/tomcat-native-1.1.14/tcnative-1.dll.x86

downloadfile:

proxyflags:

setproxy:

testexist:
 [echo] Testing  for 
/home/hendrik/trash/usr/share/java/tomcat-native-1.1.14/tcnative-1.dll.x64

downloadfile:

proxyflags:

setproxy:

testexist:
 [echo] Testing  for 
/home/hendrik/trash/usr/share/java/commons-daemon-1.0.1/commons-daemon.jar

downloadgz:

proxyflags:

setproxy:

testexist:
 [echo] Testing  for 
/home/hendrik/trash/usr/share/java/tomcat6-deps/dbcp/tomcat-dbcp.jar

downloadgz:
  [get] Getting: 
http://archive.apache.org/dist/commons/collections/source/commons-collections-3.2-src.tar.gz
  [get] To: /home/hendrik/trash/usr/share/java/file.tar.gz
   [gunzip] Expanding /home/hendrik/trash/usr/share/java/file.tar.gz to 
/home/hendrik/trash/usr/share/java/file.tar
[untar] Expanding: /home/hendrik/trash/usr/share/java/file.tar into 
/home/hendrik/trash/usr/share/java
   [delete] Deleting: /home/hendrik/trash/usr/share/java/file.tar
   [delete] Deleting: /home/hendrik/trash/usr/share/java/file.tar.gz

proxyflags:

setproxy:

testexist:
 [echo] Testing  for 
/home/hendrik/trash/usr/share/java/tomcat6-deps/dbcp/tomcat-dbcp.jar

downloadgz:
  [get] Getting: 
http://archive.apache.org/dist/commons/pool/source/commons-pool-1.4-src.tar.gz
  [get] To: /home/hendrik/trash/usr/share/java/file.tar.gz
   [gunzip] Expanding /home/hendrik/trash/usr/share/java/file.tar.gz to 
/home/hendrik/trash/usr/share/java/file.tar
[untar] Expanding: /home/hendrik/trash/usr/share/java/file.tar into 
/home/hendrik/trash/usr/share/java
   [delete] Deleting: /home/hendrik/trash/usr/share/java/file.tar
   [delete] Deleting: /home/hendrik/trash/usr/share/java/file.tar.gz

proxyflags:

setproxy:

testexist:
 [echo] Testing  for 
/home/hendrik/trash/usr/share/java/tomcat6-deps/dbcp/tomcat-dbcp.jar

downloadgz:
  [get] Getting: 
http://archive.apache.org/dist/commons/dbcp/source/commons-dbcp-1.2.2-src.tar.gz
  [get] To: /home/hendrik/trash/usr/share/java/file.tar.gz
   [gunzip] Expanding /home/hendrik/trash/usr/share/java/file.tar.gz to 
/home/hendrik/trash/usr/share/java/file.tar
[untar] Expanding: /home/hendrik/trash/usr/share/java/file.tar into 
/home/hendrik/trash/usr/share/java
   [delete] Deleting: /home/hendrik/trash/usr/share/java/file.tar
   [delete] Deleting: /home/hendrik/trash/usr/share/java/file.tar.gz

build-tomcat-dbcp:
 [copy] Copying 63 files to 
/home/hendrik/trash/usr/share/java/tomcat6-deps/dbcp
 [move] Moving 63 files to 
/home/hendrik/trash/usr/share/java/tomcat6-deps/dbcp/src/java/org/apache/tomcat/dbcp
[javac] Compiling 63 source files to 
/home/hendrik/trash/usr/share/java/tomcat6-deps/dbcp/classes
[javac] 
/home/hendrik/trash/usr/share/java/tomcat6-deps/dbcp/src/java/org/apache/tomcat/dbcp/dbcp/BasicDataSource.java:44:
 org.apache.tomcat.dbcp.dbcp.BasicDataSource is not abstract and does not 
override abstract method isWrapperFor(java.lang.Class) in java.sql.Wrapper
[javac] public class BasicDataSource implements DataSource {
[javac]^
[javac] 
/home/hendrik/trash/usr/share/java/tomcat6-deps/dbcp/src/java/org/apache/tomcat/dbcp/dbcp/DelegatingStatement.java:46:
 org.apache.tomcat.dbcp.dbcp.DelegatingStatement is not abstract and does not 
override abstract method isPoolable() in java.sql.Statement
[javac] public class DelegatingStatement extends AbandonedTrace implements 
Statement {
[javac]^
[javac] 
/home/hendrik/trash/usr/share/java/tomcat6-deps/dbcp/src/java/org/apache/tomcat/dbcp/dbcp/DelegatingStatement.java:131:
 isClosed() in org.apache.tomcat.dbcp.dbcp.DelegatingStatement cannot implement 
isClosed() in java.sql.Statement; attempting to assign weaker access 
privileges; was public
[javac] protected boolean isClosed() {
[javac]   ^
[javac] 
/home/hendrik/trash/usr/share/java/tomcat6-deps/dbcp

Re: Possibly found a bug in Tomcat

2008-07-26 Thread Hendrik Helwich 
Hello Filip,

i think you are right, OpenSSO does create an invalid cookie.
I first read the following:

"This string is a sequence of characters excluding semi-colon, comma and
white space. If there is a need to place such data in the name or value,
some encoding method such as URL style %XX encoding is recommended,
though no encoding is defined or required."

on
http://209.85.135.104/search?q=cache:W6VJIqv-__MJ:wp.netscape.com/newsref/std/cookie_spec.html

but now i found the actual specification
http://www.w3.org/Protocols/rfc2109/rfc2109
and
http://www.w3.org/Protocols/rfc2068/rfc2068
which does not allow the following characters in the cookies value:

  tspecials  = "(" | ")" | "<" | ">" | "@"
 | "," | ";" | ":" | "\" | <">
 | "/" | "[" | "]" | "?" | "="
 | "{" | "}" | SP | HT


Thanks,

Hendrik



Filip Hanik - Dev Lists schrieb:
> that looks like an invalid cookie to me, = is a delimiter, so a proper
> parser would end when it hits the 2nd =
>
> Filip
>
> Hendrik Helwich wrote:
>> Hello tomcat developers,
>>
>> i tried to integrate OpenSSO (https://opensso.dev.java.net/) with
>> liferay (http://www.liferay.com), which is a web-application which is
>> recommended to run in Tomcat 5.5.
>> It does not work and i found out, that it is a cookie problem.
>>
>> In the request a cookie is send:
>> [EMAIL PROTECTED];
>>
>>
>> But in the corresponding instance of javax.servlet.http.Cookie the
>> value is:
>> AQIC5wM2LY4SfcyGIL7gS99bMIQ5i2cP7jYw2bFMCztKUw0
>>
>> The end of the value is missing and it seems there is a bug in
>> Cookie-Parser.
>>
>> I tried to figure it out by myself and followed the instructions on
>> http://tomcat.apache.org/tomcat-6.0-doc/building.html
>> to build tomcat, but i got an error while executing "ant download"  (log
>> is appended).
>> My Java version is 1.6.0_01-b06.
>>
>> Can you help or give me a hint?
>>
>> Thanks
>> Hendrik
>>
>>  
>> 
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]