DO NOT REPLY [Bug 50120] New: .class in a jsp results in an invalid idetifier
https://issues.apache.org/bugzilla/show_bug.cgi?id=50120
Summary: .class in a jsp results in an invalid idetifier
Product: Tomcat 7
Version: 7.0.2
Platform: PC
Status: NEW
Severity: normal
Priority: P2
Component: Jasper
AssignedTo: dev@tomcat.apache.org
ReportedBy: joker8achtu...@googlemail.com
when trying to access a getClass() method within a jsp, the following exception
occurs:
org.apache.jasper.JasperException: /jsp/example.jsp(68,6) "${memBean.class.name
== text}"
contains invalid expression(s): javax.el.ELException: [class] is not a valid
Java identifier
is this a bug or a desired feature of 7.0.2?
as far as i've noticed, the validation is done in org.pache.el.util.Validation
whereby invalidIdentifiers contains the class keyword
by the way, validation is done currently case-insensitive, so *.Class.Name
would be a work-around
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "PoweredBy" by Ultimate Fighter
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "PoweredBy" page has been changed by Ultimate Fighter.
http://wiki.apache.org/tomcat/PoweredBy?action=diff&rev1=271&rev2=272
--
=== HandyBundle-Finden ===
[[http://www.handybundle-finden.de/|HandyBundle-Finden]] - German site for
mobile phone bundles. Based on a custom developed lucene based nosql database
and running on tomcat.
+ === Handytarife-Finden ===
+ {{http://www.handytarife-finden.de/images/Logo.png}}
[[http://www.handytarife-finden.de/|Handytarife-Finden]] - This ist a very fast
search site for mobile phones and bundles. It works with an lucene based nosql
database and running on an System consisting of nginx and tomcat.
+
=== Maxager ===
[http://www.maxager.com/home.htm ] Maxager's patented enterprise profit
optimization (EPO) solutions help leading companies increase cash and profit
worth 3-5% of revenue.
@@ -280, +283 @@
=== service-repository.com ===
[[http://www.service-repository.com/|Service-Repository]] - Registry of
public SOAP Web Services and dynamic client UI
+
+ === Shoppingkaiser.de ===
+ {{http://static.shoppingkaiser.de/images/Logo.jpg}}
[[http://www.shoppingkaiser.de/|Shoppingkaiser]] - Global Searchsite for
currently expiring eBay Auctions. Based on a nosql lucene database.
=== Sparus Software ===
[[http://www.sparus-software.com|{{http://www.sparus-software.com/style/images/a_logosparusint.gif|http://www.sparus-software.com}}]]
[[http://www.sparus-software.com/Device-Management/Products/EveryWAN-Mobility-Manager,42/The-Next-Generation-Solution-for.html|EveryWAN
Mobility Manager, Windows Mobile device management and security solution]],
includes Tomcat.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50120] .class in a jsp results in an invalid idetifier
https://issues.apache.org/bugzilla/show_bug.cgi?id=50120 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID OS/Version||All --- Comment #1 from Mark Thomas 2010-10-20 06:39:52 EDT --- This is spec required behaviour. Further questions should be addressed to the users mailing list. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.4
On 19/10/2010 08:56, Mark Thomas wrote: > Ping. Just a gentle reminder that there are ~2 days left for this vote. > So far we have 1 vote for beta and no other votes. Sorry - it should have said ~1 day above. I've been traveling and got my dates mixed up. I'll leave the vote open for another 24 hours or so. Currently there are 4 votes for beta (2*PMC, 1*committer, 1*contributor) so we need at least 1 more PMC vote in order to proceed with this release. Cheers, Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50120] .class in a jsp results in an invalid idetifier
https://issues.apache.org/bugzilla/show_bug.cgi?id=50120
--- Comment #2 from Konstantin Kolinko 2010-10-20
06:48:36 EDT ---
"class" is a reserved word in Java. Note, that you can write your expression as
"${memBean['class'].name == text}"
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.4
On 10/20/2010 5:45 AM, Mark Thomas wrote: On 19/10/2010 08:56, Mark Thomas wrote: Ping. Just a gentle reminder that there are ~2 days left for this vote. So far we have 1 vote for beta and no other votes. Sorry - it should have said ~1 day above. I've been traveling and got my dates mixed up. I'll leave the vote open for another 24 hours or so. Currently there are 4 votes for beta (2*PMC, 1*committer, 1*contributor) so we need at least 1 more PMC vote in order to proceed with this release. As someone trying to figure out when to take the plunge into Tomcat 7, but needing something that is definitely "stable", is there any sort of list as to what hurdles remain to be cleared before considering Tomcat 7 is considered "stable"? I'm not trying to rush anyone (most especially a premature labeling of Tomcat 7 as stable), but some insight into the remaining gap between Tomcat 7 and stability would be helpful to me -- and others as well, I suspect. If there's just a collective gut feeling that more experience with Tomcat 7 is needed prior to feeling comfortable with a "stable" label that's fine, of course, but right now I have no sense as to what makes Tomcat 7 still a "beta" at this point. -- Jess Holle - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.4
On 20/10/2010 06:39, Jess Holle wrote: > On 10/20/2010 5:45 AM, Mark Thomas wrote: >> On 19/10/2010 08:56, Mark Thomas wrote: >>> Ping. Just a gentle reminder that there are ~2 days left for this vote. >>> So far we have 1 vote for beta and no other votes. >> Sorry - it should have said ~1 day above. I've been traveling and got my >> dates mixed up. I'll leave the vote open for another 24 hours or so. >> >> Currently there are 4 votes for beta (2*PMC, 1*committer, 1*contributor) >> so we need at least 1 more PMC vote in order to proceed with this >> release. > As someone trying to figure out when to take the plunge into Tomcat 7, > but needing something that is definitely "stable", is there any sort of > list as to what hurdles remain to be cleared before considering Tomcat 7 > is considered "stable"? My own view is that to be considered stable, Tomcat 7 needs to meet the following criteria: 1. Implement all aspects of Servlet 3.0, JSP 2.2, EL 2.2 2. Pass all unit tests with all three HTTP connectors 4. Pass all relevant TCKs with the security manager enabled - Servlet TCK with all three HTTP connectors and both AJP connectors - JSP TCK with any connector - EL TCK (doesn't use web requests) 4. Have no 'significant' open bugs 5. Have reasonable adoption 6. Have a couple of releases with no 'serious' bugs emerging In term of progress: 1. Done (to the best of my knowledge). 2. It does. 3. It does (as have all 7.0.x releases). 4. There is currently 1 (yes one!) open bug without a patch across 5.5.x, 6.0.x and 7.0.x so I think we can call this one done. 5. Based on some analysis of download requests and the number and quality of bug reports I am happy that there is reasonable adoption at this stage. 6. I see this as the only thing between 7.0.x and stability. Serious is subjective but the sort of things I would include are: - anything that requires a major refactoring to fix - anything that breaks typical use cases As an example, I would consider another bug 49884 serious due to both the async issues it caused and the scale of the refactoring required to fix. I wouldn't consider another 50072 serious mainly because that issue has been present in the 6.0.x code base and hasn't been a problem (at least not one folks have reported). So in summary, if 7.0.4 and 7.0.5 go well, things are looking good for 7.0.6. HTH, Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.4
Thanks for the detailed reply! On 10/20/2010 7:03 AM, Mark Thomas wrote: On 20/10/2010 06:39, Jess Holle wrote: On 10/20/2010 5:45 AM, Mark Thomas wrote: On 19/10/2010 08:56, Mark Thomas wrote: Ping. Just a gentle reminder that there are ~2 days left for this vote. So far we have 1 vote for beta and no other votes. Sorry - it should have said ~1 day above. I've been traveling and got my dates mixed up. I'll leave the vote open for another 24 hours or so. Currently there are 4 votes for beta (2*PMC, 1*committer, 1*contributor) so we need at least 1 more PMC vote in order to proceed with this release. As someone trying to figure out when to take the plunge into Tomcat 7, but needing something that is definitely "stable", is there any sort of list as to what hurdles remain to be cleared before considering Tomcat 7 is considered "stable"? My own view is that to be considered stable, Tomcat 7 needs to meet the following criteria: 1. Implement all aspects of Servlet 3.0, JSP 2.2, EL 2.2 2. Pass all unit tests with all three HTTP connectors 4. Pass all relevant TCKs with the security manager enabled - Servlet TCK with all three HTTP connectors and both AJP connectors - JSP TCK with any connector - EL TCK (doesn't use web requests) 4. Have no 'significant' open bugs 5. Have reasonable adoption 6. Have a couple of releases with no 'serious' bugs emerging In term of progress: 1. Done (to the best of my knowledge). 2. It does. 3. It does (as have all 7.0.x releases). 4. There is currently 1 (yes one!) open bug without a patch across 5.5.x, 6.0.x and 7.0.x so I think we can call this one done. 5. Based on some analysis of download requests and the number and quality of bug reports I am happy that there is reasonable adoption at this stage. 6. I see this as the only thing between 7.0.x and stability. Serious is subjective but the sort of things I would include are: - anything that requires a major refactoring to fix - anything that breaks typical use cases As an example, I would consider another bug 49884 serious due to both the async issues it caused and the scale of the refactoring required to fix. I wouldn't consider another 50072 serious mainly because that issue has been present in the 6.0.x code base and hasn't been a problem (at least not one folks have reported). So in summary, if 7.0.4 and 7.0.5 go well, things are looking good for 7.0.6. HTH, Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.4
On 20.10.2010 14:03, Mark Thomas wrote: On 20/10/2010 06:39, Jess Holle wrote: On 10/20/2010 5:45 AM, Mark Thomas wrote: On 19/10/2010 08:56, Mark Thomas wrote: Ping. Just a gentle reminder that there are ~2 days left for this vote. So far we have 1 vote for beta and no other votes. Sorry - it should have said ~1 day above. I've been traveling and got my dates mixed up. I'll leave the vote open for another 24 hours or so. Currently there are 4 votes for beta (2*PMC, 1*committer, 1*contributor) so we need at least 1 more PMC vote in order to proceed with this release. As someone trying to figure out when to take the plunge into Tomcat 7, but needing something that is definitely "stable", is there any sort of list as to what hurdles remain to be cleared before considering Tomcat 7 is considered "stable"? My own view is that to be considered stable, Tomcat 7 needs to meet the following criteria: 1. Implement all aspects of Servlet 3.0, JSP 2.2, EL 2.2 2. Pass all unit tests with all three HTTP connectors 4. Pass all relevant TCKs with the security manager enabled - Servlet TCK with all three HTTP connectors and both AJP connectors - JSP TCK with any connector - EL TCK (doesn't use web requests) 4. Have no 'significant' open bugs 5. Have reasonable adoption 6. Have a couple of releases with no 'serious' bugs emerging In term of progress: 1. Done (to the best of my knowledge). 2. It does. 3. It does (as have all 7.0.x releases). 4. There is currently 1 (yes one!) open bug without a patch across 5.5.x, 6.0.x and 7.0.x so I think we can call this one done. 5. Based on some analysis of download requests and the number and quality of bug reports I am happy that there is reasonable adoption at this stage. 6. I see this as the only thing between 7.0.x and stability. Serious is subjective but the sort of things I would include are: - anything that requires a major refactoring to fix - anything that breaks typical use cases As an example, I would consider another bug 49884 serious due to both the async issues it caused and the scale of the refactoring required to fix. I wouldn't consider another 50072 serious mainly because that issue has been present in the 6.0.x code base and hasn't been a problem (at least not one folks have reported). So in summary, if 7.0.4 and 7.0.5 go well, things are looking good for 7.0.6. For what its worth: I fully agree. The biggest reason why 7.0.4 shouldn't already be stable is the major refactoring that was necessary lately. If 7.0.4 survives the real adoption without serious bugs in the definition of Mark, I guess we could have a stable in about a month. Don't know whether we actually need many more betas (in the sense of "a couple"), but we might need to wait a bit to gather feedback. If fixing minor problems and adding minor features stays at middle to high rate we might want to release often to catch anything important early. And yes: I'll add my vote until tomorrow, expecting beta. Regards, Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 45183] Starting from mysql JDBC connector 5.1.6 a wrong behavior
https://issues.apache.org/bugzilla/show_bug.cgi?id=45183 Alessandro Polverini changed: What|Removed |Added Status|RESOLVED|REOPENED CC||a...@nibbles.it Resolution|WONTFIX | --- Comment #2 from Alessandro Polverini 2010-10-20 10:14:25 EDT --- Mysql developers tells me that they follow the JDBC specs. Tomcat developers tells me that this is a "driver artifact". I, as a user, only know that things do not work, application breaks, and an incongruous behavior happens. Since I provided a complete test case to verify and reproduce the problem I can only link the two bug reports together so you can speak one to another and better understand who has to fix his code. https://issues.apache.org/bugzilla/show_bug.cgi?id=45183 http://bugs.mysql.com/bug.php?id=57591 Thanks for your work, Alex -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 43497] Add ability to escape rendered output of JSP expressions
https://issues.apache.org/bugzilla/show_bug.cgi?id=43497 --- Comment #3 from Nacho Coloma 2010-10-20 10:48:11 EDT --- Any chance this bug receives some attention? Any application on Tomcat is susceptible of XSS attacks, and it should be easy to fix. Keeping the current behavior as default is reasonable, but please provide some flag to switch. Right now I have to keep my own separate patch jar, and merge into Tomcat. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 43497] Add ability to escape rendered output of JSP expressions
https://issues.apache.org/bugzilla/show_bug.cgi?id=43497 Nacho Coloma changed: What|Removed |Added CC||icol...@gmail.com -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1025684 - in /tomcat/trunk/java/org/apache/catalina/authenticator: AuthenticatorBase.java SingleSignOn.java SingleSignOnEntry.java
Author: markt
Date: Wed Oct 20 19:26:05 2010
New Revision: 1025684
URL: http://svn.apache.org/viewvc?rev=1025684&view=rev
Log:
Clean-up
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java
tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOnEntry.java
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1025684&r1=1025683&r2=1025684&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
Wed Oct 20 19:26:05 2010
@@ -596,6 +596,7 @@ public abstract class AuthenticatorBase
*
* @exception IOException if an input/output error occurs
*/
+@Override
public abstract boolean authenticate(Request request,
HttpServletResponse response,
LoginConfig config)
@@ -829,6 +830,7 @@ public abstract class AuthenticatorBase
}
+@Override
public void login(String username, String password, Request request)
throws ServletException {
Principal principal = doLogin(request, username, password);
@@ -847,6 +849,7 @@ public abstract class AuthenticatorBase
return p;
}
+@Override
public void logout(Request request) throws ServletException {
register(request, request.getResponse(), null,
null, null, null);
Modified: tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java?rev=1025684&r1=1025683&r2=1025684&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java Wed
Oct 20 19:26:05 2010
@@ -210,6 +210,7 @@ public class SingleSignOn extends ValveB
*
* @param event SessionEvent that has occurred
*/
+@Override
public void sessionEvent(SessionEvent event) {
// We only care about session destroyed events
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOnEntry.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOnEntry.java?rev=1025684&r1=1025683&r2=1025684&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOnEntry.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOnEntry.java
Wed Oct 20 19:26:05 2010
@@ -62,11 +62,8 @@ public class SingleSignOnEntry
*/
public SingleSignOnEntry(Principal principal, String authType,
String username, String password) {
-super();
-updateCredentials(principal, authType, username, password);
-}
-public SingleSignOnEntry() {
+updateCredentials(principal, authType, username, password);
}
// --- Package Methods
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.4
On Oct 20, 2010, at 5:03 AM, Mark Thomas wrote: > On 20/10/2010 06:39, Jess Holle wrote: >> On 10/20/2010 5:45 AM, Mark Thomas wrote: >>> On 19/10/2010 08:56, Mark Thomas wrote: Ping. Just a gentle reminder that there are ~2 days left for this vote. So far we have 1 vote for beta and no other votes. >>> Sorry - it should have said ~1 day above. I've been traveling and got my >>> dates mixed up. I'll leave the vote open for another 24 hours or so. >>> >>> Currently there are 4 votes for beta (2*PMC, 1*committer, 1*contributor) >>> so we need at least 1 more PMC vote in order to proceed with this >>> release. >> As someone trying to figure out when to take the plunge into Tomcat 7, >> but needing something that is definitely "stable", is there any sort of >> list as to what hurdles remain to be cleared before considering Tomcat 7 >> is considered "stable"? > > My own view is that to be considered stable, Tomcat 7 needs to meet the > following criteria: > 1. Implement all aspects of Servlet 3.0, JSP 2.2, EL 2.2 > 2. Pass all unit tests with all three HTTP connectors > 4. Pass all relevant TCKs with the security manager enabled > - Servlet TCK with all three HTTP connectors and both AJP connectors > - JSP TCK with any connector > - EL TCK (doesn't use web requests) > 4. Have no 'significant' open bugs > 5. Have reasonable adoption > 6. Have a couple of releases with no 'serious' bugs emerging > > In term of progress: > 1. Done (to the best of my knowledge). I don't think tomcat is processing security constraints added through ServletRegistration. I added some hooks in one of my patches so the info got to an appropriate class but only implemented the actual processing in geronimo. see https://issues.apache.org/bugzilla/show_bug.cgi?id=50015 thanks david jencks > 2. It does. > 3. It does (as have all 7.0.x releases). > 4. There is currently 1 (yes one!) open bug without a patch across > 5.5.x, 6.0.x and 7.0.x so I think we can call this one done. > 5. Based on some analysis of download requests and the number and > quality of bug reports I am happy that there is reasonable adoption at > this stage. > 6. I see this as the only thing between 7.0.x and stability. > > Serious is subjective but the sort of things I would include are: > - anything that requires a major refactoring to fix > - anything that breaks typical use cases > > As an example, I would consider another bug 49884 serious due to both > the async issues it caused and the scale of the refactoring required to > fix. I wouldn't consider another 50072 serious mainly because that issue > has been present in the 6.0.x code base and hasn't been a problem (at > least not one folks have reported). > > So in summary, if 7.0.4 and 7.0.5 go well, things are looking good for > 7.0.6. > > HTH, > > Mark > > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.4
On 15.10.2010 10:47, Mark Thomas wrote: The proposed 7.0.4 release is: [X] Beta - go ahead and release as 7.0.4 Beta - Checksums and Signatures OK - Identity between Unix and Windows files and subversion fine Minor observations: - extras build couldn't download the servlet api jar from the maven repos. Folder "http://repo1.maven.org/maven/servletapi/jars/"; is empty at the moment. Alternatively it seems http://repo1.maven.org/maven2/javax/servlet/servlet-api/2.3/ could be used? - one test failed because my rusty Solaris 8 Sparc system testing on top of NFS is to slow: Testsuite: org.apache.tomcat.util.http.mapper.TestMapper Tests run: 3, Failures: 1, Errors: 0, Time elapsed: 7.298 sec Testcase: testAddHost took 0.074 sec Testcase: testMap took 0.04 sec Testcase: testPerformance took 7.111 sec »···FAILED null junit.framework.AssertionFailedError »···at org.apache.tomcat.util.http.mapper.TestMapper.testPerformance(TestMapper.java:145) It took 7.1 seconds, allowed are only 3 seconds. There wont be an optimal solution here. Thanks for pushing TC 7! Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1025713 - /tomcat/trunk/java/org/apache/catalina/filters/FilterBase.java
Author: markt
Date: Wed Oct 20 20:45:50 2010
New Revision: 1025713
URL: http://svn.apache.org/viewvc?rev=1025713&view=rev
Log:
Clean-up
Modified:
tomcat/trunk/java/org/apache/catalina/filters/FilterBase.java
Modified: tomcat/trunk/java/org/apache/catalina/filters/FilterBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/FilterBase.java?rev=1025713&r1=1025712&r2=1025713&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/filters/FilterBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/filters/FilterBase.java Wed Oct 20
20:45:50 2010
@@ -41,6 +41,7 @@ public abstract class FilterBase impleme
protected abstract Log getLogger();
+@Override
public void init(FilterConfig filterConfig) throws ServletException {
Enumeration paramNames = filterConfig.getInitParameterNames();
while (paramNames.hasMoreElements()) {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1025775 - in /tomcat/trunk: java/org/apache/catalina/authenticator/FormAuthenticator.java webapps/docs/changelog.xml webapps/docs/config/valve.xml
Author: markt
Date: Wed Oct 20 21:55:30 2010
New Revision: 1025775
URL: http://svn.apache.org/viewvc?rev=1025775&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=3839
Provide a mechanism to gracefully handle the case where users book-mark the
form login page or otherwise abuse the FORM authentication process.
Based on a suggestion by Mark Morris.
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/valve.xml
Modified:
tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?rev=1025775&r1=1025774&r2=1025775&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
Wed Oct 20 21:55:30 2010
@@ -75,6 +75,12 @@ public class FormAuthenticator
*/
protected String characterEncoding = null;
+/**
+ * Landing page to use if a user tries to access the login page directly or
+ * if the session times out during login. If not set, error responses will
+ * be sent instead.
+ */
+protected String landingPage = null;
// - Properties
@@ -106,6 +112,22 @@ public class FormAuthenticator
}
+/**
+ * Return the landing page to use when FORM auth is mis-used.
+ */
+public String getLandingPage() {
+return landingPage;
+}
+
+
+/**
+ * Set the landing page to use when the FORM auth is mis-used.
+ */
+public void setLandingPage(String landingPage) {
+this.landingPage = landingPage;
+}
+
+
// - Public Methods
@@ -273,8 +295,19 @@ public class FormAuthenticator
if (containerLog.isDebugEnabled())
containerLog.debug
("User took so long to log on the session expired");
-response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
- sm.getString("authenticator.sessionExpired"));
+if (landingPage == null) {
+response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
+sm.getString("authenticator.sessionExpired"));
+} else {
+// Make the authenticator think the user originally requested
+// the landing page
+String uri = request.getContextPath() + landingPage;
+SavedRequest saved = new SavedRequest();
+saved.setRequestURI(uri);
+request.getSessionInternal(true).setNote(
+Constants.FORM_REQUEST_NOTE, saved);
+response.sendRedirect(response.encodeRedirectURL(uri));
+}
return (false);
}
@@ -291,8 +324,18 @@ public class FormAuthenticator
if (log.isDebugEnabled())
log.debug("Redirecting to original '" + requestURI + "'");
if (requestURI == null)
-response.sendError(HttpServletResponse.SC_BAD_REQUEST,
- sm.getString("authenticator.formlogin"));
+if (landingPage == null) {
+response.sendError(HttpServletResponse.SC_BAD_REQUEST,
+sm.getString("authenticator.formlogin"));
+} else {
+// Make the authenticator think the user originally requested
+// the landing page
+String uri = request.getContextPath() + landingPage;
+SavedRequest saved = new SavedRequest();
+saved.setRequestURI(uri);
+session.setNote(Constants.FORM_REQUEST_NOTE, saved);
+response.sendRedirect(response.encodeRedirectURL(uri));
+}
else
response.sendRedirect(response.encodeRedirectURL(requestURI));
return (false);
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1025775&r1=1025774&r2=1025775&view=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Oct 20 21:55:30 2010
@@ -40,6 +40,11 @@
+3839: Provide a mechanism to gracefully handle the case
where
+users book-mark the form login page or otherwise misuse the FORM
+authentication process. Based on a suggestion by Mark Morris. (markt)
+
+
49991: Ensure servlet request listeners are fired for
the login and error pages during FORM authentication. (markt)
DO NOT REPLY [Bug 50126] New: EL for JSF 1.2 doesn't work on JSP-Tag-Files (*.tag)
https://issues.apache.org/bugzilla/show_bug.cgi?id=50126
Summary: EL for JSF 1.2 doesn't work on JSP-Tag-Files (*.tag)
Product: Tomcat 6
Version: 6.0.26
Platform: Macintosh
Status: NEW
Severity: normal
Priority: P2
Component: Servlet & JSP API
AssignedTo: dev@tomcat.apache.org
ReportedBy: lof...@apache.org
Created an attachment (id=26189)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26189)
Maven 2 example project.
When have a Tag File like WEB-INF/tags/layout/page.tag with an EL expression
inside like
The expression will not be evaluated.
In JSP files it works.
Bug exists in version 6.0.26, 6.0.28, 6.0.29:
output: 1 + 1 = #{ 1 + 1 }
In version 6.0.24 there is no problem:
output: 1 + 1 = 2
I've attached a zipped Maven 2 project. A call of "mvn package" will build a
war file.
The problem also exists with MyFaces and Mojarra (use -P mojarra for maven)
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 3839] Problem bookmarking login page
https://issues.apache.org/bugzilla/show_bug.cgi?id=3839 Mark Thomas changed: What|Removed |Added Status|REOPENED|RESOLVED Component|Catalina|Catalina Version|Nightly Build |trunk Resolution||FIXED Product|Tomcat 4|Tomcat 7 --- Comment #15 from Mark Thomas 2010-10-20 17:57:59 EDT --- I have implemented a work-around for this issue for Tomcat7 and it will be in 7.0.5 onwards. It is unlikely to be back-ported to earlier versions. The solution is based on Mark Morris's suggestion. It adds a landingPage attribute to the FormAuthenticatorValve that can be used to define where to send the user if they request the login page directly or take so long to log in the session expires. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1025785 - /tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java
Author: markt Date: Wed Oct 20 22:30:48 2010 New Revision: 1025785 URL: http://svn.apache.org/viewvc?rev=1025785&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=4227 Update comments to indicate this is no longer an issue Modified: tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java Modified: tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java?rev=1025785&r1=1025784&r2=1025785&view=diff == --- tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java (original) +++ tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java Wed Oct 20 22:30:48 2010 @@ -226,8 +226,6 @@ import org.apache.catalina.util.IOTools; * Better documentation * Confirm use of ServletInputStream.available() in CGIRunner.run() is * not needed - * Make checking for "." and ".." in servlet & cgi PATH_INFO less - * draconian * [add more to this TODO list] * * @@ -1522,7 +1520,10 @@ public final class CGIServlet extends Ht * segments: * This implementation does not allow "." and * ".." in the the path, and such characters - * will result in an IOException being thrown; + * will result in an IOException being thrown (this should + * never happen since Tomcat normalises the requestURI + * before determining the contextPath, servletPath and + * pathInfo); * Implementation limitations: This implementation * does not impose any limitations except as documented * above. This implementation may be limited by the - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 4227] Invalid CGI path
https://issues.apache.org/bugzilla/show_bug.cgi?id=4227 Mark Thomas changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||FIXED --- Comment #6 from Mark Thomas 2010-10-20 18:33:00 EDT --- This is fixed in 7.0.x, 6.0.x (and I think 5.5.x) since Tomcat normalises the request URI before calculating the contextPath, servletPath and pathInfo. I have therefore removed the todo (in 7.0.x) re making the checks less draconian. I have left the checks for "." and ".." in place just to be on the safe side but they should never be triggered. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50126] EL for JSF 1.2 doesn't work on JSP-Tag-Files (*.tag)
https://issues.apache.org/bugzilla/show_bug.cgi?id=50126 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID OS/Version||All --- Comment #1 from Mark Thomas 2010-10-20 19:00:08 EDT --- You are using an implicit tag library with no TLD so the JSP version defaults 2.0 (as per the JSP 2.1 spec). Deferred EL is treated as literal text in JSP 2.0 and earlier. The change between 6.0.24 and 6.0.26 was the fix for bug 48668 that tightened up the handling of deferred syntax. If you need further assistance with this, please ask on the users mailing list. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50127] New: Possible NPEs in SimpleTCPCluster
https://issues.apache.org/bugzilla/show_bug.cgi?id=50127
Summary: Possible NPEs in SimpleTCPCluster
Product: Tomcat 7
Version: trunk
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: dev@tomcat.apache.org
ReportedBy: s...@apache.org
Created an attachment (id=26190)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26190)
Patch to eliminate potential NPE
The code does this in several places:
if (object != null) {
...
}
object.method()
If the object can be null, then the method call should be in the conditional
block. If not, eliminate the check.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50128] New: Potential NPI in PersistentMananagerBase
https://issues.apache.org/bugzilla/show_bug.cgi?id=50128 Summary: Potential NPI in PersistentMananagerBase Product: Tomcat 7 Version: trunk Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: dev@tomcat.apache.org ReportedBy: s...@apache.org Created an attachment (id=26191) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=26191) Patch to fix problem String [] ids = null; ... code to set ids. However if the PrivilegedActionException is caught, ids is not set. ... int n = ids.length; Fixed by initialising to an empty array. However perhaps the bug is that the code should not continue after PAE. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50129] New: ContextConfig - unnecessary null checks
https://issues.apache.org/bugzilla/show_bug.cgi?id=50129
Summary: ContextConfig - unnecessary null checks
Product: Tomcat 7
Version: trunk
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: dev@tomcat.apache.org
ReportedBy: s...@apache.org
Created an attachment (id=26192)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26192)
Patch to remove null checks
Sample code:
urlPatterns = processAnnotationsStringArray(evp.getValue());
urlPatternsSet = urlPatterns != null && urlPatterns.length > 0;
for (String urlPattern : urlPatterns) {
The check "urlPatterns != null" is unnecessary as the method call never returns
null.
If it could return null, then the for loop would cause an NPE.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50130] New: Start Tomcat if $CATALINA_PID present and process not found.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50130 Summary: Start Tomcat if $CATALINA_PID present and process not found. Product: Tomcat 6 Version: 6.0.26 Platform: PC OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Catalina AssignedTo: dev@tomcat.apache.org ReportedBy: mike...@gulik.co.nz Created an attachment (id=26193) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=26193) Diff containing changes to catalina.sh. Diff does not contain directory info. Currently, Tomcat will refuse to start if the $CATALINA_PID file is found. If the Tomcat process dies and the $CATALINA_PID is not cleaned up, then the user ends up in the annoying circumstance of not being able to start or stop tomcat using the provided scripts. This patch will test whether the process the the PID file stores actually exists, and if not then it will start tomcat anyway. Starting tomcat will also replace the PID file with a new version. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50131] New: PersistentValve.invoke - possible NPE at line 186
https://issues.apache.org/bugzilla/show_bug.cgi?id=50131
Summary: PersistentValve.invoke - possible NPE at line 186
Product: Tomcat 7
Version: trunk
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: dev@tomcat.apache.org
ReportedBy: s...@apache.org
Created an attachment (id=26194)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26194)
Don't dereference null when generating the log message
PersistentValve.invoke() has the code:
if (session != null && ...){
} else {
session.isValid() // line 186
It's quite possible that session is null in the log message.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
--- You are receiving this mail because: ---
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 50132] New: Unused imports
https://issues.apache.org/bugzilla/show_bug.cgi?id=50132 Summary: Unused imports Product: Tomcat 7 Version: trunk Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: dev@tomcat.apache.org ReportedBy: s...@apache.org Created an attachment (id=26195) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=26195) Remove unused imports -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Request logging with async examples
When I run the async1 example in trunk, the request gets logged twice in the
access log:
0:0:0:0:0:0:0:1%0 - - [20/Oct/2010:21:32:39 -0700] "GET /examples/async/async1
HTTP/1.1" 200 -
0:0:0:0:0:0:0:1%0 - - [20/Oct/2010:21:32:42 -0700] "GET /examples/async/async1
HTTP/1.1" 200 863
Is this the expected behaviour or should the post-invoke part of AccessLogValve
be returning early for the first dispatch (when async has been started)?
However, with async2 which calls complete() from a background thread to finish
the request, only the first dispatch is logged:
0:0:0:0:0:0:0:1%0 - - [20/Oct/2010:22:25:02 -0700] "GET /examples/async/async2
HTTP/1.1" 200 -
It doesn't look like the Valve is being invoked at all when the request is
completed.
It also logs the 200 response if I change Async2 to send an error response:
-actx.getResponse().getWriter().write("Output from
background thread. Time:"+System.currentTimeMillis()+"\n");
+((HttpServletResponse)actx.getResponse()).sendError(404);
which seems problematic as it looks form the log that the request was OK. This
does not send any data back to the client:
$ curl -v http://localhost:8080/examples/async/async2
* About to connect() to localhost port 8080 (#0)
* Trying ::1... connected
* Connected to localhost (::1) port 8080 (#0)
> GET /examples/async/async2 HTTP/1.1
> User-Agent: curl/7.19.7 (universal-apple-darwin10.0) libcurl/7.19.7
> OpenSSL/0.9.8l zlib/1.2.3
> Host: localhost:8080
> Accept: */*
>
[[ delays for a few seconds ... ]]
* Empty reply from server
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server
* Closing connection #0
Thanks
Jeremy
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build of tomcat-trunk on ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/656 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-vm_ubuntu Build Reason: Build Source Stamp: [branch tomcat/trunk] 1025785 Blamelist: markt Build succeeded! sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
