[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13462013#comment-13462013
]
Robert Muir commented on SOLR-3879:
---
I don't see a servlet-api.jar in the 3.6.0 war, but i do see it in 4.0.0 war.
I don't know anything about servlets, and would prefer if someone who knew
looked at this, I
just want to add my comment to please not commit any fix without a test (peek
inside the war
in smokeTestRelease.py and ensure no servlet-api jars or java.*/javax.* classes
inside jars in the war)
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
> Fix For: 4.0
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13462021#comment-13462021
]
Uwe Schindler commented on SOLR-3879:
-
It is definitely a bug to include that jar file. I said it so many times,
servlet-api.jar is only a compile time dependecy and may not be in the war.
We should fix the packaging tasks, the binary release may also only contain
servlet.jar in the example folder next to jetty.
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
> Fix For: 4.0
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13462022#comment-13462022
]
Yonik Seeley commented on SOLR-3879:
bq. I don't see a servlet-api.jar in the 3.6.0 war, but i do see it in 4.0.0
war.
Sounds like a mistake that it's in 4.0
AFAIK, it's only for compiling against... the actual servlet container should
supply the API/implementation (but I'm not a servlet expert either).
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
> Fix For: 4.0
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13462132#comment-13462132
]
Robert Muir commented on SOLR-3879:
---
Roman your patch looks good.
smokeTestRelease.py (in the dev-tools/scripts directory) is a way to verify
release artifacts.
Its like a test for the release packaging itself, so it takes as input a URL
containing a release candidate (such as http://s.apache.org/lusolr40rc0),
and runs a bunch of tests on the files there and fails if something is wrong.
It can also be run against the current code checkout by running 'ant
nightly-smoke' from the top-level.
The key here is, if we don't test that the war doesn't contain stuff it
shouldn't, then the bug could come back for a future release.
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
>Priority: Critical
> Fix For: 4.0
>
> Attachments: SOLR-3879.patch.txt
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13462149#comment-13462149
]
Roman Shaposhnik commented on SOLR-3879:
Thanks! I'll update the patch shortly to include a test for this.
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
>Priority: Critical
> Fix For: 4.0
>
> Attachments: SOLR-3879.patch.txt
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13462161#comment-13462161
]
Mark Miller commented on SOLR-3879:
---
bq. peek inside the war in smokeTestRelease.py and ensure no servlet-api jars
or java./javax. classes inside jars in the war
Yeah, I think this would be a general useful addition - a list of regex or
specific names for forbidden jars and class names.
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
>Priority: Critical
> Fix For: 4.0
>
> Attachments: SOLR-3879.patch.txt
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13462177#comment-13462177
]
Uwe Schindler commented on SOLR-3879:
-
+1 to fix this issue!
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
>Priority: Critical
> Fix For: 4.0
>
> Attachments: SOLR-3879.patch.txt
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13463146#comment-13463146
]
Michael McCandless commented on SOLR-3879:
--
I'll fix smokeTestRelease to check for this ...
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
>Priority: Critical
> Fix For: 4.0
>
> Attachments: SOLR-3879.patch.txt
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13463155#comment-13463155
]
Mark Miller commented on SOLR-3879:
---
Very nice.
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
>Priority: Critical
> Fix For: 4.0
>
> Attachments: SOLR-3879.patch, SOLR-3879.patch.txt
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13463161#comment-13463161
]
Uwe Schindler commented on SOLR-3879:
-
We should maybe also do the same check on all Lucene-generated jar files?
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
>Priority: Critical
> Fix For: 4.0
>
> Attachments: SOLR-3879.patch, SOLR-3879.patch.txt
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13463163#comment-13463163
]
Michael McCandless commented on SOLR-3879:
--
Uwe, good idea: I'll do that.
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
>Priority: Critical
> Fix For: 4.0
>
> Attachments: SOLR-3879.patch, SOLR-3879.patch.txt
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13463188#comment-13463188
]
Robert Muir commented on SOLR-3879:
---
+1 to commit mike's latest patch (the test) and Roman's patch (the fix). this
should be done in 4.0 branch as well.
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
>Priority: Critical
> Fix For: 4.0
>
> Attachments: SOLR-3879.patch, SOLR-3879.patch, SOLR-3879.patch.txt
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13463199#comment-13463199
]
Uwe Schindler commented on SOLR-3879:
-
Looks good! My intention was to only check all Lucene product artifacts (not
dependencies and compile time depends), but its a good idea to also find
invalid artifacts from other projects. In Solr, of course the example folder
must be excluded, too as it contains jetty, too.
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
>Assignee: Michael McCandless
>Priority: Critical
> Fix For: 4.0
>
> Attachments: SOLR-3879.patch, SOLR-3879.patch, SOLR-3879.patch.txt
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13463202#comment-13463202
]
Uwe Schindler commented on SOLR-3879:
-
Oh, we should not add the servlet API lib to the binary release. It is a
compile time dependent and is provided by the webapp container where you depoly
the demo.
We should not ship binary with compile time dependencies.
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
>Assignee: Michael McCandless
>Priority: Critical
> Fix For: 4.0
>
> Attachments: SOLR-3879.patch, SOLR-3879.patch, SOLR-3879.patch.txt
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13463205#comment-13463205
]
Robert Muir commented on SOLR-3879:
---
I thought about this too, it seems useless to me to ship this.
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
>Assignee: Michael McCandless
>Priority: Critical
> Fix For: 4.0
>
> Attachments: SOLR-3879.patch, SOLR-3879.patch, SOLR-3879.patch.txt
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13463217#comment-13463217
]
Uwe Schindler commented on SOLR-3879:
-
It is not only useless, its as stupid as shipping with rt.jar... It is as wrong
as shipping inside war.
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
>Assignee: Michael McCandless
>Priority: Critical
> Fix For: 4.0
>
> Attachments: SOLR-3879.patch, SOLR-3879.patch, SOLR-3879.patch.txt
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13463235#comment-13463235
]
Uwe Schindler commented on SOLR-3879:
-
Mike: should we open another issue in LUCENE? Lucene Demo has the same
packaging problem like this solr one. It's unrelated to the discussion, if the
demo webapp should be removed.
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
>Assignee: Michael McCandless
>Priority: Critical
> Fix For: 4.0, 5.0
>
> Attachments: SOLR-3879.patch, SOLR-3879.patch, SOLR-3879.patch.txt
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13463237#comment-13463237
]
Robert Muir commented on SOLR-3879:
---
just open another issue to not put this jar file in the binary release. lets
fix that for 4.0
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
>Assignee: Michael McCandless
>Priority: Critical
> Fix For: 4.0, 5.0
>
> Attachments: SOLR-3879.patch, SOLR-3879.patch, SOLR-3879.patch.txt
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-3879) war file has javax.servlet-api jar bundled
[
https://issues.apache.org/jira/browse/SOLR-3879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13610760#comment-13610760
]
Commit Tag Bot commented on SOLR-3879:
--
[branch_4x commit] Michael McCandless
http://svn.apache.org/viewvc?view=revision&revision=1390137
SOLR-3879: don't ship servlet-api*.jar
> war file has javax.servlet-api jar bundled
> --
>
> Key: SOLR-3879
> URL: https://issues.apache.org/jira/browse/SOLR-3879
> Project: Solr
> Issue Type: Bug
> Components: Build
>Affects Versions: 4.0
>Reporter: Roman Shaposhnik
>Assignee: Michael McCandless
>Priority: Critical
> Fix For: 4.0, 5.0
>
> Attachments: SOLR-3879.patch, SOLR-3879.patch, SOLR-3879.patch.txt
>
>
> This is incorrect and can lead to deployment issues:
> {noformat}
> Servlet Spec 2.5
> SRV.9.7.2 Web Application Class Loader
> The class loader that a container uses to load a servlet in a WAR must
> allow the developer to load any resources contained in library JARs
> within the WAR following normal J2SE semantics using getResource. As
> described in the J2EE license agreement, servlet containers that are
> not part of a J2EE product should not allow the application to
> override J2SE platform classes, such as those in the java.* and
> javax.* namespaces, that J2SE does not allow to be modified. Also,
> servlet containers that are part of a J2EE product should not allow
> the application to override J2SE or J2EE platform classes, such as
> those in java.* and javax.* namespaces, that either J2SE or J2EE do
> not allow to be modified. The container should not allow applications
> to override or access the container’s implementation
> {noformat}
> The fix is pretty easy and it would be nice to include it in the upcoming
> release of Solr 4.0
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
