svn commit: r1677802 - in /tomcat/trunk: java/javax/el/ELResolver.java test/javax/el/TestELResolver.java
Author: markt Date: Tue May 5 12:39:31 2015 New Revision: 1677802 URL: http://svn.apache.org/r1677802 Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57802 Correct the default implementation of ELResolver.convertToType() Modified: tomcat/trunk/java/javax/el/ELResolver.java tomcat/trunk/test/javax/el/TestELResolver.java Modified: tomcat/trunk/java/javax/el/ELResolver.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/javax/el/ELResolver.java?rev=1677802r1=1677801r2=1677802view=diff == --- tomcat/trunk/java/javax/el/ELResolver.java (original) +++ tomcat/trunk/java/javax/el/ELResolver.java Tue May 5 12:39:31 2015 @@ -136,6 +136,7 @@ public abstract class ELResolver { * @since EL 3.0 */ public Object convertToType(ELContext context, Object obj, Class? type) { +context.setPropertyResolved(false); return null; } } Modified: tomcat/trunk/test/javax/el/TestELResolver.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/javax/el/TestELResolver.java?rev=1677802r1=1677801r2=1677802view=diff == --- tomcat/trunk/test/javax/el/TestELResolver.java (original) +++ tomcat/trunk/test/javax/el/TestELResolver.java Tue May 5 12:39:31 2015 @@ -127,4 +127,17 @@ public class TestELResolver { Assert.assertEquals(3, result); } + +// https://bz.apache.org/bugzilla/show_bug.cgi?id=57802 +@Test +public void testDefaultConvertToType() { +ELContext context = new TesterELContext(new StaticFieldELResolver()); + +ValueExpression ve = ELManager.getExpressionFactory().createValueExpression( +context, ${!Boolean.FALSE}, Boolean.class); + +Boolean result = (Boolean) ve.getValue(context); + +Assert.assertEquals(Boolean.TRUE, result); +} } - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677820 - /tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
Author: markt Date: Tue May 5 13:14:53 2015 New Revision: 1677820 URL: http://svn.apache.org/r1677820 Log: Release vote passed today Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1677820r1=1677819r2=1677820view=diff == --- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Tue May 5 13:14:53 2015 @@ -93,7 +93,7 @@ /changelog /subsection /section -section name=Tomcat 8.0.22 (markt) rtext=release in progress +section name=Tomcat 8.0.22 (markt) rtext=2015-05-05 subsection name=Catalina changelog fix - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677810 - in /tomcat/tc8.0.x/trunk: ./ java/javax/el/ELResolver.java test/javax/el/TestELResolver.java webapps/docs/changelog.xml
Author: markt Date: Tue May 5 12:51:02 2015 New Revision: 1677810 URL: http://svn.apache.org/r1677810 Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57802 Correct the default implementation of ELResolver.convertToType() Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/javax/el/ELResolver.java tomcat/tc8.0.x/trunk/test/javax/el/TestELResolver.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Tue May 5 12:51:02 2015 @@ -1 +1 @@ -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886,1644890,1644892 ,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657592,1657607,1657609,1657682,1657 907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1666387,1666494,1666496,1666552,1666569,1666579,137,149,1 666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140
Re: Tomcat 9 connector refactoring: NIO vs NIO2
2015-05-04 21:54 GMT+02:00 Mark Thomas ma...@apache.org: Looking some time further ahead where NIO2 is as stable as NIO and there is an OpenSSL option for SSL/TLS with NIO2 I don't see any advantages of NIO or APR/native over NIO2 which raises the possibility - at that point - of just having NIO2. At this point I'm not proposing anything - just putting the idea out there for discussion. I think we are a long way off being in a position to drop any of the connectors at this point. Looking further ahead at the SSL configuration, SSLHostConfig is a good help for OpenSSL with NIO, since it contains both the JSSE config and the OpenSSL config. Rémy
[Bug 57887] IllegalStateException: zip file closed
https://bz.apache.org/bugzilla/show_bug.cgi?id=57887 Mark Thomas ma...@apache.org changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |WORKSFORME --- Comment #1 from Mark Thomas ma...@apache.org --- This works for me with a simple test case (JSP and tag file in JAR, JSP depends on tag file). If you still see this with the latest stable 8.0.x release (8.0.22 is being released as I type this) please re-open and provide the simplest possible test case to demonstrate the issue. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot exception in ASF Buildbot on tomcat-8-trunk
The Buildbot has detected a build exception on builder tomcat-8-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-8-trunk/builds/238 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' triggered this build Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1677810 Blamelist: markt BUILD FAILED: exception svn upload_2 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57802] Compatibility with ICEfaces 1.8 over JSF 1.1 apps
https://bz.apache.org/bugzilla/show_bug.cgi?id=57802 Mark Thomas ma...@apache.org changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #18 from Mark Thomas ma...@apache.org --- Thanks for the test case. Your analysis was heading in the right direction but missed the real root cause. The problem was the incorrect default implementation of ELResolver.convertToType(). It failed to call context.setPropertyResolved(false). This meant older ELResolver implementations that inherited this method would return null and if ELContext.getPropertyResolved() was true, that null was treated as a valid conversion triggering the NPE. This has been fixed in trunk and 8.0.x for 8.0.23 onwards. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677912 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: kkolinko Date: Tue May 5 23:48:25 2015 New Revision: 1677912 URL: http://svn.apache.org/r1677912 Log: votes Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1677912r1=1677911r2=1677912view=diff == --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Tue May 5 23:48:25 2015 @@ -35,9 +35,29 @@ PATCHES PROPOSED TO BACKPORT: LibraryNotFoundError Thread http://people.apache.org/~markt/patches/2015-04-08-jni-align-tc6-v1.patch - +1: markt + +1: markt, kkolinko (comment below) -1: + kkolinko: +I do not see much benefit in adding classes Buffer and Thread that +Tomcat 6 code does not use. But I see no technical issue to really +object adding them. If someone sees a benefit, feel free to go on. + +Historical context: + 1) Initial Tomcat 6 commit (r389146) does not have those classes + https://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/?pathrev=389146 + + 2) They were added to trunk in r1442914 (2013-02-06) + https://svn.apache.org/r1442914 + +A thread of that time mentions that those classes originate from +Apache Mina. Again: Java classes in tcnative (2013-02-05) + http://markmail.org/message/pohmyvfznjrpmtr2 + + 3) Re: r1672047 thread (2015-04-08) + http://markmail.org/message/ey2agr4eg5ws5stc + + * Improve catalina.sh error message, the PID read from the PID file during startup is already taken by an existing process. trunk: http://svn.apache.org/r1672272 @@ -46,7 +66,7 @@ PATCHES PROPOSED TO BACKPORT: http://svn.apache.org/r1672285 tc7 : http://svn.apache.org/r1672274 http://svn.apache.org/r1672286 - +1: rjung + +1: rjung, kkolinko -1: PATCHES/ISSUES THAT ARE STALLED: - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57892] Log a warning if web.xml is a symbolic link that is ignored
https://bz.apache.org/bugzilla/show_bug.cgi?id=57892 Konstantin Kolinko knst.koli...@gmail.com changed: What|Removed |Added Summary|warn to stderr if web.xml |Log a warning if web.xml is |is a symbolic link that is |a symbolic link that is |ignore |ignored -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677910 - in /tomcat/site/trunk: docs/security-6.html docs/security-7.html docs/security-8.html xdocs/security-6.xml xdocs/security-7.xml xdocs/security-8.xml
Author: markt Date: Tue May 5 23:08:44 2015 New Revision: 1677910 URL: http://svn.apache.org/r1677910 Log: Announce CVE-2014-0230 Modified: tomcat/site/trunk/docs/security-6.html tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/xdocs/security-6.xml tomcat/site/trunk/xdocs/security-7.xml tomcat/site/trunk/xdocs/security-8.xml Modified: tomcat/site/trunk/docs/security-6.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1677910r1=1677909r2=1677910view=diff == --- tomcat/site/trunk/docs/security-6.html (original) +++ tomcat/site/trunk/docs/security-6.html Tue May 5 23:08:44 2015 @@ -203,6 +203,9 @@ a href=#Apache_Tomcat_6.x_vulnerabilitiesApache Tomcat 6.x vulnerabilities/a /li li +a href=#Fixed_in_Apache_Tomcat_6.0.44Fixed in Apache Tomcat 6.0.44/a +/li +li a href=#Fixed_in_Apache_Tomcat_6.0.43Fixed in Apache Tomcat 6.0.43/a /li li @@ -309,6 +312,38 @@ /div +h3 id=Fixed_in_Apache_Tomcat_6.0.44 +span style=float: right;Release in progress/span Fixed in Apache Tomcat 6.0.44/h3 +div class=text + + +p +strongLow: Denial of Service/strong + a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230; rel=nofollowCVE-2014-0230/a +/p + + +pWhen a response for a request with a request body is returned to the user +agent before the request body is fully read, by default Tomcat swallows the +remaining request body so that the next request on the connection may be +processed. There was no limit to the size of request body that Tomcat would +swallow. This permitted a limited Denial of Service as Tomcat would never +close the connection and a processing thread would remain allocated to the +connection./p + + +pThis was fixed in revision a href=http://svn.apache.org/viewvc?view=revamp;rev=1659537;1659537/a./p + + +pThis issue was disclosed to the Tomcat security team by AntBean@secdig +from the Baidu Security Team on 4 June 2014 and made public on 9 April +2015./p + + +pAffects: 6.0.0 to 6.0.43/p + + +/div h3 id=Fixed_in_Apache_Tomcat_6.0.43 span style=float: right;22 November 2014/span Fixed in Apache Tomcat 6.0.43/h3 div class=text Modified: tomcat/site/trunk/docs/security-7.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1677910r1=1677909r2=1677910view=diff == --- tomcat/site/trunk/docs/security-7.html (original) +++ tomcat/site/trunk/docs/security-7.html Tue May 5 23:08:44 2015 @@ -350,6 +350,32 @@ pAffects: 7.0.0 to 7.0.54/p + +p +strongLow: Denial of Service/strong + a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230; rel=nofollowCVE-2014-0230/a +/p + + +pWhen a response for a request with a request body is returned to the user +agent before the request body is fully read, by default Tomcat swallows the +remaining request body so that the next request on the connection may be +processed. There was no limit to the size of request body that Tomcat would +swallow. This permitted a limited Denial of Service as Tomcat would never +close the connection and a processing thread would remain allocated to the +connection./p + + +pThis was fixed in revision a href=http://svn.apache.org/viewvc?view=revamp;rev=1603781;1603781/a./p + + +pThis issue was disclosed to the Tomcat security team by AntBean@secdig +from the Baidu Security Team on 4 June 2014 and made public on 9 April +2015./p + + +pAffects: 7.0.0 to 7.0.54/p + /div h3 id=Fixed_in_Apache_Tomcat_7.0.54 Modified: tomcat/site/trunk/docs/security-8.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1677910r1=1677909r2=1677910view=diff == --- tomcat/site/trunk/docs/security-8.html (original) +++ tomcat/site/trunk/docs/security-8.html Tue May 5 23:08:44 2015 @@ -299,6 +299,32 @@ pAffects: 8.0.0-RC1 to 8.0.8/p + +p +strongLow: Denial of Service/strong + a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230; rel=nofollowCVE-2014-0230/a +/p + + +pWhen a response for a request with a request body is returned to the user +agent before the request body is fully read, by default Tomcat swallows the +remaining request body so that the next request on the connection may be +processed. There was no limit to the size of request body that Tomcat would +swallow. This permitted a limited Denial of Service as Tomcat would never +close the connection and a processing thread would remain allocated to the +connection./p + + +pThis was fixed in revision a href=http://svn.apache.org/viewvc?view=revamp;rev=1603770;1603770/a./p + + +pThis issue was
Re: svn commit: r1677840 - in /tomcat/trunk: java/org/apache/tomcat/util/net/SocketProperties.java webapps/docs/config/http.xml
2015-05-05 18:36 GMT+03:00 ma...@apache.org: Author: markt Date: Tue May 5 15:36:31 2015 New Revision: 1677840 URL: http://svn.apache.org/r1677840 Log: Remove unused property (SocketWrappers are no longer reused) Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SocketProperties.java tomcat/trunk/webapps/docs/config/http.xml Searching for socketWrapperCache, it is also mentioned in config/ajp.xml Best regards, Konstantin Kolinko Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SocketProperties.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SocketProperties.java?rev=1677840r1=1677839r2=1677840view=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/SocketProperties.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/SocketProperties.java Tue May 5 15:36:31 2015 @@ -30,14 +30,6 @@ import java.nio.channels.AsynchronousSoc * and are currently only working for the Nio connector */ public class SocketProperties { -/** - * Enable/disable socket wrapper cache, this bounded cache stores - * SocketWrapper objects to reduce GC - * Default is 500 - * -1 is unlimited - * 0 is disabled - */ -protected int socketWrapperCache = 500; /** * Enable/disable socket processor cache, this bounded cache stores @@ -312,14 +304,6 @@ public class SocketProperties { return eventCache; } -public int getKeyCache() { -return socketWrapperCache; -} - -public int getSocketWrapperCache() { -return socketWrapperCache; -} - public int getAppReadBufSize() { return appReadBufSize; } @@ -409,14 +393,6 @@ public class SocketProperties { this.eventCache = eventCache; } -public void setSocketWrapperCache(int socketWrapperCache) { -this.socketWrapperCache = socketWrapperCache; -} - -public void setKeyCache(int keyCache) { -this.socketWrapperCache = keyCache; -} - public void setAppReadBufSize(int appReadBufSize) { this.appReadBufSize = appReadBufSize; } Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1677840r1=1677839r2=1677840view=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Tue May 5 15:36:31 2015 @@ -857,13 +857,6 @@ code-1/code for unlimited cache and code0/code for no cache./p /attribute - attribute name=socket.socketWrapperCache required=false -p(int)Tomcat will cache SocketWrapper objects to reduce garbage -collection. The integer value specifies how many objects to keep in the -cache at most. The default is code500/code. Other values are -code-1/code for unlimited cache and code0/code for no cache./p - /attribute - /attributes /subsection - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677914 - /tomcat/trunk/webapps/docs/config/http.xml
Author: kkolinko Date: Wed May 6 00:59:40 2015 New Revision: 1677914 URL: http://svn.apache.org/r1677914 Log: Correct a pair of typos noted when reviewing SSLHostConfig documentation. Modified: tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1677914r1=1677913r2=1677914view=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Wed May 6 00:59:40 2015 @@ -1007,7 +1007,7 @@ pEach secure connector must define at least one strongSSLHostConfig/strong. The names of the - strongSSLHostConfig/strong elements must be unique and one of the must + strongSSLHostConfig/strong elements must be unique and one of them must match the codesslDefaultHost/code attribute of the strongConnector/strong./p @@ -1018,7 +1018,7 @@ strongSSLHostConfig/strong element also exists for the codesslDefaultHost/code then that will be treated as a configuration error. It is expected that Tomcat 10 will drop support for the SSL - configuration attributes in the strongConnector/strong/p. + configuration attributes in the strongConnector/strong./p pFor more information, see the a href=../ssl-howto.htmlSSL Configuration HOW-TO/a./p - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677915 - /tomcat/trunk/webapps/docs/config/http.xml
Author: kkolinko Date: Wed May 6 01:12:54 2015 New Revision: 1677915 URL: http://svn.apache.org/r1677915 Log: Rename sections to make it more clear that these configuration attributes belong to Connector element, as opposed to SSLHostConfig. Modified: tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1677915r1=1677914r2=1677915view=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Wed May 6 01:12:54 2015 @@ -1188,7 +1188,7 @@ /subsection - subsection name=SSL Support - NIO and NIO2 (deprecated) + subsection name=SSL Support - Connector - NIO and NIO2 (deprecated) pThe NIO and NIO2 connectors use the following attributes to configure SSL: /p @@ -1356,7 +1356,7 @@ /subsection - subsection name=SSL Support - APR/Native (deprecated) + subsection name=SSL Support - Connector - APR/Native (deprecated) pWhen APR/native is enabled, the HTTPS connector will use a socket poller for keep-alive, increasing scalability of the server. It also uses OpenSSL, - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57892] warn to stderr if web.xml is a symbolic link that is ignore
https://bz.apache.org/bugzilla/show_bug.cgi?id=57892 --- Comment #2 from Ralf Hauser hau...@acm.org --- Agreed such warnings need not be restricted to web.xml Also agreed that not every attempted access needs to be warned. But I would warn once per attempted distinct path as there is sometimes quite some log output and users who grep for their filename wouldn't necessarily find it if it wasn't the first one. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1675198 - in /tomcat/trunk: java/org/apache/tomcat/util/net/AprEndpoint.java java/org/apache/tomcat/util/net/SSLHostConfig.java webapps/docs/config/http.xml
2015-04-21 23:56 GMT+03:00 ma...@apache.org: Author: markt Date: Tue Apr 21 20:56:14 2015 New Revision: 1675198 URL: http://svn.apache.org/r1675198 Log: Document the protocols attribute for SSLHostConfig and align the implementation with it. Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java tomcat/trunk/webapps/docs/config/http.xml (...) Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1675198r1=1675197r2=1675198view=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Tue Apr 21 20:56:14 2015 @@ -1050,7 +1050,7 @@ attributes -attribute name=hostName required=true +attribute name=hostName required=false pThe name of the SSL Host. This should either be the fully qualified domain name (e.g. codetomcat.apache.org/code) or a wild card domain name (e.g. code*.apache.org/code). If not specified, the default value @@ -1058,7 +1058,20 @@ /attribute attribute name=protocols required=false - p/p + pThe names of the protocols to support when communicating with clients. + This should be a comma separated list of any combination of the following: + /p + ulliSSLv2Hello/liliSSLv2/liliSSLv3/liliTLSv1/li + liTLSv1.1/liliTLSv1.2/liliall/li/ul + pNote that OpenSSL based secure connectors will always support + codeSSLv2Hello/code regardless of whether or not it is included in the + value for this attribute./p + pNote that codeall/code is an alias for + codeTLSv1,TLSv1.1,TLSv1.2/code./p + pNote that codeSSLv2/code and codeSSLv3/code are inherently + unsafe./p + pIf not specified, the default value of codeall/code will be + used./p /attribute As far as I remember from reading the source code, the above phrase Note that OpenSSL based secure connectors will always support SSLv2Hello regardless of whether or not it is included in the value for this attribute. about protocols attribute is not true. I think that it works as following: 1) If protocols includes several protocols (like in TLSv1,TLSv1.1,TLSv1.2) then OpenSSL configures a generic handshake method that supports SSLv2Hello. 2) If protocols includes only one protocol (e.g. TLSv1 or TLSv1.2), it configures a handshake method for that specific protocol, and SSLv2Hello is not enabled. In our sslcontext.c of Tomcat-Native 1.1.x: The case of 1) uses ctx = SSL_CTX_new(SSLv23_server_method()); The case of 2) uses ctx = SSL_CTX_new(TLSv1_2_server_method()); ctx = SSL_CTX_new(TLSv1_1_server_method()); ctx = SSL_CTX_new(TLSv1_server_method()); etc. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1677884 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ webapps/docs/config/
2015-05-05 22:48 GMT+03:00 ma...@apache.org: Author: markt Date: Tue May 5 19:48:53 2015 New Revision: 1677884 URL: http://svn.apache.org/r1677884 Log: Move alias, keystoreType and keystoreProvider to SSlHostConfig Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=1677884r1=1677883r2=1677884view=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java Tue May 5 19:48:53 2015 @@ -337,13 +337,14 @@ public class JSSESocketFactory implement @Override public KeyManager[] getKeyManagers() throws Exception { -String keystoreType = endpoint.getKeystoreType(); +String keystoreType = sslHostConfig.getCertificateKeystoreType(); if (keystoreType == null) { keystoreType = defaultKeystoreType; } -return getKeyManagers(keystoreType, endpoint.getKeystoreProvider(), -sslHostConfig.getKeyManagerAlgorithm(), endpoint.getKeyAlias()); +return getKeyManagers(keystoreType, sslHostConfig.getCertificateKeystoreProvider(), +sslHostConfig.getKeyManagerAlgorithm(), +sslHostConfig.getCertificateKeyAlias()); } @Override @@ -353,7 +354,7 @@ public class JSSESocketFactory implement truststoreType = System.getProperty(javax.net.ssl.trustStoreType); } if (truststoreType == null) { -truststoreType = endpoint.getKeystoreType(); +truststoreType = sslHostConfig.getCertificateKeystoreType(); } if (truststoreType == null) { truststoreType = defaultKeystoreType; @@ -364,7 +365,7 @@ public class JSSESocketFactory implement algorithm = TrustManagerFactory.getDefaultAlgorithm(); } -return getTrustManagers(truststoreType, endpoint.getKeystoreProvider(), +return getTrustManagers(truststoreType, sslHostConfig.getCertificateKeystoreProvider(), algorithm); } Noted when reviewing the above change. It was not introduced by this commit, but existed before it. About the above return getTrustManagers(truststoreType, line: Reading documentation (config/http.html), there exists configuration attribute truststoreProvider. It is odd that the call uses keystore Provider option instead of truststoreProvider as the second argument to getTrustManagers(). Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677837 - /tomcat/trunk/webapps/docs/config/http.xml
Author: markt Date: Tue May 5 15:20:02 2015 New Revision: 1677837 URL: http://svn.apache.org/r1677837 Log: Fix typos. Modified: tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1677837r1=1677836r2=1677837view=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Tue May 5 15:20:02 2015 @@ -1096,7 +1096,7 @@ pThe password used to access the private key associated with the server certificate from the specified file./p pIf not specified, the default behaviour for JSSE is to use the - strongcertificateKeystorePassword/strong for OpenSSL the default + strongcertificateKeystorePassword/strong. For OpenSSL the default behaviour is not to use a password./p /attribute @@ -1114,7 +1114,7 @@ security constraint that uses codeCLIENT-CERT/code authentication./p /attribute -attribute name=certificateVerificationDepth +attribute name=certificateVerificationDepth required=false pThe maximum number of intermediate certificates that will be allowed when validating client certificates. If not specified, the default value of 10 will be used./p @@ -1133,7 +1133,7 @@ pIf not specified, a default (using the OpenSSL notation) of codeHIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5/code will be used./p pNote that, by default, the order in which ciphers are defined is not - trreated as an order of preference. See codehonorCipherOrder/code./p + treated as an order of preference. See codehonorCipherOrder/code./p /attribute attribute name=honorCipherOrder required=false - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677840 - in /tomcat/trunk: java/org/apache/tomcat/util/net/SocketProperties.java webapps/docs/config/http.xml
Author: markt Date: Tue May 5 15:36:31 2015 New Revision: 1677840 URL: http://svn.apache.org/r1677840 Log: Remove unused property (SocketWrappers are no longer reused) Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SocketProperties.java tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SocketProperties.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SocketProperties.java?rev=1677840r1=1677839r2=1677840view=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/SocketProperties.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/SocketProperties.java Tue May 5 15:36:31 2015 @@ -30,14 +30,6 @@ import java.nio.channels.AsynchronousSoc * and are currently only working for the Nio connector */ public class SocketProperties { -/** - * Enable/disable socket wrapper cache, this bounded cache stores - * SocketWrapper objects to reduce GC - * Default is 500 - * -1 is unlimited - * 0 is disabled - */ -protected int socketWrapperCache = 500; /** * Enable/disable socket processor cache, this bounded cache stores @@ -312,14 +304,6 @@ public class SocketProperties { return eventCache; } -public int getKeyCache() { -return socketWrapperCache; -} - -public int getSocketWrapperCache() { -return socketWrapperCache; -} - public int getAppReadBufSize() { return appReadBufSize; } @@ -409,14 +393,6 @@ public class SocketProperties { this.eventCache = eventCache; } -public void setSocketWrapperCache(int socketWrapperCache) { -this.socketWrapperCache = socketWrapperCache; -} - -public void setKeyCache(int keyCache) { -this.socketWrapperCache = keyCache; -} - public void setAppReadBufSize(int appReadBufSize) { this.appReadBufSize = appReadBufSize; } Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1677840r1=1677839r2=1677840view=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Tue May 5 15:36:31 2015 @@ -857,13 +857,6 @@ code-1/code for unlimited cache and code0/code for no cache./p /attribute - attribute name=socket.socketWrapperCache required=false -p(int)Tomcat will cache SocketWrapper objects to reduce garbage -collection. The integer value specifies how many objects to keep in the -cache at most. The default is code500/code. Other values are -code-1/code for unlimited cache and code0/code for no cache./p - /attribute - /attributes /subsection - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57892] New: warn to stderr if web.xml is a symbolic link that is ignore
https://bz.apache.org/bugzilla/show_bug.cgi?id=57892 Bug ID: 57892 Summary: warn to stderr if web.xml is a symbolic link that is ignore Product: Tomcat 7 Version: 7.0.56 Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: hau...@acm.org In private WebXml ContextConfig.getDefaultWebXmlFragment() or also getWebXmlSource() nothing is found if the web.xml is a symlink. Please add a message to stderr/catalina.out if the system ignores an existing web.xml Background: In an eclipse installation, I use several configurations in server.xml like Context path= docBase=/home/me/workspace/project1/ reloadable=true workDir=/home/me/workspace/project1/work ... If the web.xml is symlink it fails. Such an error message would have saved me quite some time. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677839 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ webapps/docs/config/
Author: markt Date: Tue May 5 15:29:49 2015 New Revision: 1677839 URL: http://svn.apache.org/r1677839 Log: Remove the oomParachute as discissed on the dev list Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java tomcat/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java?rev=1677839r1=1677838r2=1677839view=diff == --- tomcat/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java Tue May 5 15:29:49 2015 @@ -57,13 +57,6 @@ public class Http11Nio2Protocol extends } -// Tcp setup - -public void setOomParachute(int oomParachute) { -((Nio2Endpoint)getEndpoint()).setOomParachute(oomParachute); -} - - // - JMX related methods @Override Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java?rev=1677839r1=1677838r2=1677839view=diff == --- tomcat/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java Tue May 5 15:29:49 2015 @@ -88,11 +88,6 @@ public class Http11NioProtocol extends A } -// Tcp setup -public void setOomParachute(int oomParachute) { -((NioEndpoint)getEndpoint()).setOomParachute(oomParachute); -} - // - JMX related methods @Override Modified: tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java?rev=1677839r1=1677838r2=1677839view=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java Tue May 5 15:29:49 2015 @@ -74,11 +74,6 @@ public class Nio2Endpoint extends Abstra private AsynchronousServerSocketChannel serverSock = null; /** - * The size of the OOM parachute. - */ -private int oomParachute = 1024*1024; - -/** * Allows detecting if a completion handler completes inline. */ private static ThreadLocalBoolean inlineCompletion = new ThreadLocal(); @@ -91,24 +86,6 @@ public class Nio2Endpoint extends Abstra private volatile boolean allClosed; /** - * The oom parachute, when an OOM error happens, - * will release the data, giving the JVM instantly - * a chunk of data to be able to recover with. - */ -private byte[] oomParachuteData = null; - -/** - * Make sure this string has already been allocated - */ -private static final String oomParachuteMsg = -SEVERE:Memory usage is low, parachute is non existent, your system may start failing.; - -/** - * Keep track of OOM warning messages. - */ -private long lastParachuteCheck = System.currentTimeMillis(); - -/** * Cache for SocketProcessor objects */ private SynchronizedStackSocketProcessor processorCache; @@ -151,14 +128,6 @@ public class Nio2Endpoint extends Abstra return false; } -public void setOomParachute(int oomParachute) { -this.oomParachute = oomParachute; -} - -public void setOomParachuteData(byte[] oomParachuteData) { -this.oomParachuteData = oomParachuteData; -} - /** * Port in use. @@ -183,35 +152,12 @@ public class Nio2Endpoint extends Abstra } -// - OOM Parachute Methods - -protected void checkParachute() { -boolean para = reclaimParachute(false); -if (!para (System.currentTimeMillis()-lastParachuteCheck)1) { -try { -log.fatal(oomParachuteMsg); -}catch (Throwable t) { -ExceptionUtils.handleThrowable(t); -System.err.println(oomParachuteMsg); -} -lastParachuteCheck = System.currentTimeMillis(); -} -} - -protected boolean reclaimParachute(boolean force) { -if ( oomParachuteData != null ) return true; -if ( oomParachute 0 ( force ||
[Bug 57892] warn to stderr if web.xml is a symbolic link that is ignore
https://bz.apache.org/bugzilla/show_bug.cgi?id=57892 Mark Thomas ma...@apache.org changed: What|Removed |Added Severity|normal |enhancement --- Comment #1 from Mark Thomas ma...@apache.org --- The behaviour w.r.t. symlinks is documented under the allowLinking attribute of the context (note it moves to Resources in 8.0.x). Any linked resource is ignored by default. I'm not convinced that only web.xml deserves special treatment. We probably don't want a message on every attempted access. One message per application the first time any symlink is skipped is probably sufficient. In terms of log level, WARN seems most appropriate. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in ASF Buildbot on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/1184 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1677802 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Time for a 6.0.x release
It has been about 6 months since the last release, the changelog is reasonably long so I think it is time for 6.0.44. To top the above, RedHat recently published information on an undisclosed security vulnerability that is fixed in 6.0.x but isn't yet in a release[1]. It would be good to get 6.0.44 out with a fix for this even though the issue is far less severe than Red Hat's assessment.[2] So, there are a couple of patches in the 6.0.x status file that need votes (although neither looks like they are essential for 6.0.44). Votes and any additional patches welcome. I am aiming to tag 6.0.x in the next day or so. Mark [1] http://www.openwall.com/lists/oss-security/2015/04/10/1 [2] RedHat incorrectly described the issue as an unrestricted file upload flaw where you can very easily eat up all server ram. The reality is all you can do with this flaw is keep a connection open and a thread allocated at the expense of having to stream data to the server. It only just qualified as a security issue because Tomcat never closes the connection. There are easier ways of triggering a DoS than this issue. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[SECURITY] CVE-2014-0230: Apache Tomcat DoS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 CVE-2014-0230 Denial of Service Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.8 - - Apache Tomcat 7.0.0 to 7.0.54 - - Apache Tomcat 6.0.0 to 6.0.43 Description: When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be processed. There was no limit to the size of request body that Tomcat would swallow. This permitted a limited Denial of Service as Tomcat would never close the connection and a processing thread would remain allocated to the connection. Note that this issue was accidentally disclosed by Red Hat Product Security on 9 April 2015 [4]. The Tomcat security team was made aware of this disclosure today (5 May 2015). The information released on 9 April 2015 contained a number of errors. For the sake of clarity: - - This issue is not limited to file upload. Any request with a body may be affected. - - This issue cannot be used to trigger excessive memory usage on the server. The additional data read from the response body is not retained - it is simply ignored. The intention was to embargo this issue until after the 6.0.44 release. Unfortunately that is no longer possible. The Tomcat team is working on a 6.0.44 release now and we hope to have one available by early next week. Mitigation: Users of affected versions should apply one of the following mitigations - - Upgrade to Apache Tomcat 8.0.9 or later - - Upgrade to Apache Tomcat 7.0.55 or later - - Upgrade to Apache Tomcat 6.0.44 or later once released Credit: This issue was discovered by AntBean@secdig from the Baidu Security Team and was reported responsibly to the Apache Tomcat security team. References: [1] http://tomcat.apache.org/security-8.html [2] http://tomcat.apache.org/security-7.html [3] http://tomcat.apache.org/security-6.html [4] http://www.openwall.com/lists/oss-security/2015/04/10/1 -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJVSUnRAAoJEBDAHFovYFnnxFgP/38LAZosd36MzvWvBNQSeJmi QRIm432bbUwVevjVXKKO27oxrL+DUBkesCc0XslGVu0N3gTqzhce2DJXIetpnl04 wV2S88F29jAfRatz65WEbj17gdlP6IobTWzFIyQlfjRxmY97AQQOwRdd/j6P2LMR vD+thwLccbs9kxTn+MVyQu6W9a1R1Hy3fARdMlfZVchj32jCn3kD37IXF/JLPFso btBZBt/jEqIb8uq0ZiVUDx5ErvVH5O/AAfxCEh9pfZdl4vIG7SU1KB2iTnyzdat9 Hz0jXc8WFIu3BKY9t2VI/1wUJzGHy8Xzxt4IGjTzy0EQKTI96pXAi6XsQ9AiaHVP IAtgnEtpjk89qi8YWYoeyLsmpdeUSkCqOTYImn8/2gnrJAtS96SzvE1nBdxpI4O4 f7s2cU4PAnvf9rRvO1SBIb67VYdwB3coAMMtuOodXmjES2xK2xniGVXpIB0RjAyf /ds/syVsbVZ2LK+LGOsxGR3Rz1dBIanlJ5Tm3fudp9XlfkLhr7Lo04iSRXKDjeIo ERXDu0zblaMs8KOfP4vg+kAz4Ih86R+vG7xVwQ9Zjoae/t/lAWqwqQeOewC2+esL qeyZc4J+TO6rcANQ099Iu1iBUN2T3Vd5t7ZPIFDtLSrDVSjnLz6hkltBHBD1lVOl 7nKmBsFyuQyGSHHZ4dN9 =AfA+ -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57887] IllegalStateException: zip file closed
https://bz.apache.org/bugzilla/show_bug.cgi?id=57887 --- Comment #2 from Rafael Mattos hm1raf...@gmail.com --- Created attachment 32717 -- https://bz.apache.org/bugzilla/attachment.cgi?id=32717action=edit test case The problem happens when you have a recursive call inside a tag, created this test case just to point the problem, will try with the new version -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57894] New: IllegalStateException - BINARY_FULL_WRITING
https://bz.apache.org/bugzilla/show_bug.cgi?id=57894 Bug ID: 57894 Summary: IllegalStateException - BINARY_FULL_WRITING Product: Tomcat 8 Version: 8.0.21 Hardware: All OS: All Status: NEW Severity: critical Priority: P2 Component: WebSocket Assignee: dev@tomcat.apache.org Reporter: yaowei...@gmail.com WsRemoteEndpointImplBase.sendBinary is not synchronized. And there's no way to detect the state outside. client - server - client - server The second time client call sendBinary may fail due to the race condition of stateMachine.binaryStart and stateMachine.complete java.lang.IllegalStateException: The remote endpoint was in state [BINARY_FULL_WRITING] which is an invalid state for called method at org.apache.tomcat.websocket.WsRemoteEndpointImplBase$StateMachine.checkState(WsRemoteEndpointImplBase.java:1148) at org.apache.tomcat.websocket.WsRemoteEndpointImplBase$StateMachine.binaryStart(WsRemoteEndpointImplBase.java:1101) at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendBytes(WsRemoteEndpointImplBase.java:131) at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendBinary(WsRemoteEndpointBasic.java:43) -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Tomcat Grid
Hi, for a few months I was wondering about an extension for Tomcat but I'm not sure if there would be interest from the part of the Tomcat team. It's about managing multiple Tomcat servers across multiple machines, from one (or more) centralized location, something like a Grid Admin. Anyway, the thing is that when you have many Tomcat servers, it could be useful to perform basic operations from a web or command-line interface, so to start, stop, restart, and (sometimes) kill Tomcat servers. My work includes developing web applications and also managing production deployments for clusters of small clusters of 2 servers to clusters of 70 servers, and when you have that many, it's a pain in the neck to manage them one by one. I think I can write a basic proof of concept, but I would like to find out if it's worth it or not. Thank you, Vlad - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677881 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ webapps/docs/config/
Author: markt Date: Tue May 5 19:23:55 2015 New Revision: 1677881 URL: http://svn.apache.org/r1677881 Log: Move crlFile/SSLCARevocationFile SSLCARevocationPath to SSLHostConfig Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java?rev=1677881r1=1677880r2=1677881view=diff == --- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java Tue May 5 19:23:55 2015 @@ -64,9 +64,6 @@ public abstract class AbstractHttp11Jsse return getEndpoint().getTruststoreAlgorithm(); } -public void setCrlFile(String s){getEndpoint().setCrlFile(s);} -public String getCrlFile(){ return getEndpoint().getCrlFile();} - public void setSessionCacheSize(String s){getEndpoint().setSessionCacheSize(s);} public String getSessionCacheSize(){ return getEndpoint().getSessionCacheSize();} Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1677881r1=1677880r2=1677881view=diff == --- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Tue May 5 19:23:55 2015 @@ -445,6 +445,19 @@ public abstract class AbstractHttp11Prot } +public void setCrlFile(String certificateRevocationListFile){ +registerDefaultSSLHostConfig(); + defaultSSLHostConfig.setCertificateRevocationListFile(certificateRevocationListFile); +} +public void setSSLCARevocationFile(String certificateRevocationListFile) { +registerDefaultSSLHostConfig(); + defaultSSLHostConfig.setCertificateRevocationListFile(certificateRevocationListFile); +} +public void setSSLCARevocationPath(String certificateRevocationListPath) { +registerDefaultSSLHostConfig(); + defaultSSLHostConfig.setCertificateRevocationListPath(certificateRevocationListPath); +} + // - Common code Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java?rev=1677881r1=1677880r2=1677881view=diff == --- tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java Tue May 5 19:23:55 2015 @@ -94,20 +94,6 @@ public class Http11AprProtocol extends A /** - * SSL CA revocation path. - */ -public String getSSLCARevocationPath() { return ((AprEndpoint)getEndpoint()).getSSLCARevocationPath(); } -public void setSSLCARevocationPath(String SSLCARevocationPath) { ((AprEndpoint)getEndpoint()).setSSLCARevocationPath(SSLCARevocationPath); } - - -/** - * SSL CA revocation file. - */ -public String getSSLCARevocationFile() { return ((AprEndpoint)getEndpoint()).getSSLCARevocationFile(); } -public void setSSLCARevocationFile(String SSLCARevocationFile) { ((AprEndpoint)getEndpoint()).setSSLCARevocationFile(SSLCARevocationFile); } - - -/** * Disable SSL compression. */ public boolean getSSLDisableCompression() { return ((AprEndpoint)getEndpoint()).getSSLDisableCompression(); } Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1677881r1=1677880r2=1677881view=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Tue May 5 19:23:55 2015 @@ -1037,12 +1037,6 @@ public abstract class AbstractEndpointS this.trustManagerClassName = trustManagerClassName; } -private String crlFile = null; -
[Bug 57894] IllegalStateException - BINARY_FULL_WRITING
https://bz.apache.org/bugzilla/show_bug.cgi?id=57894 --- Comment #3 from Chuck Caldarale chuck.caldar...@unisys.com --- (In reply to Chuck Caldarale from comment #2) (In reply to Mark Thomas from comment #1) Note the Javadoc for RemoteEndpoint.Basic: file:///D:/specs/tc8/ws/ws-jsr-356-1.1-final-javadoc/javax/websocket/ RemoteEndpoint.Basic.html This link might work a little better: http://download.oracle.com/otndocs/jcp/websocket-1_1-mrel-spec/index.html The above is for the entire JSR 356; for the online specific reference: http://docs.oracle.com/javaee/7/api/javax/websocket/RemoteEndpoint.Basic.html -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57887] IllegalStateException: zip file closed
https://bz.apache.org/bugzilla/show_bug.cgi?id=57887 Rafael Mattos hm1raf...@gmail.com changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|WORKSFORME |--- --- Comment #3 from Rafael Mattos hm1raf...@gmail.com --- 8.0.22 has the same problem, last version that works is 8.0.15, submit a test case to help analyze the problem -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1677884 - in /tomcat/trunk: java/org/apache/coyote/http11/ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ webapps/docs/config/
Author: markt Date: Tue May 5 19:48:53 2015 New Revision: 1677884 URL: http://svn.apache.org/r1677884 Log: Move alias, keystoreType and keystoreProvider to SSlHostConfig Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java?rev=1677884r1=1677883r2=1677884view=diff == --- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11JsseProtocol.java Tue May 5 19:48:53 2015 @@ -25,22 +25,9 @@ public abstract class AbstractHttp11Jsse super(endpoint); } -public String getKeystoreType() { return getEndpoint().getKeystoreType();} -public void setKeystoreType(String s ) { getEndpoint().setKeystoreType(s);} - -public String getKeystoreProvider() { -return getEndpoint().getKeystoreProvider(); -} -public void setKeystoreProvider(String s ) { -getEndpoint().setKeystoreProvider(s); -} - public String getSslProtocol() { return getEndpoint().getSslProtocol();} public void setSslProtocol(String s) { getEndpoint().setSslProtocol(s);} -public String getKeyAlias() { return getEndpoint().getKeyAlias();} -public void setKeyAlias(String s ) { getEndpoint().setKeyAlias(s);} - public void setTruststoreFile(String f){ getEndpoint().setTruststoreFile(f);} public String getTruststoreFile(){ return getEndpoint().getTruststoreFile();} Modified: tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java?rev=1677884r1=1677883r2=1677884view=diff == --- tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java (original) +++ tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java Tue May 5 19:48:53 2015 @@ -459,6 +459,24 @@ public abstract class AbstractHttp11Prot } +public void setKeystoreType(String certificateKeystoreType) { +registerDefaultSSLHostConfig(); + defaultSSLHostConfig.setCertificateKeystoreType(certificateKeystoreType); +} + + +public void setKeystoreProvider(String certificateKeystoreProvider) { +registerDefaultSSLHostConfig(); + defaultSSLHostConfig.setCertificateKeystoreProvider(certificateKeystoreProvider); +} + + +public void setKeyAlias(String certificateKeyAlias) { +registerDefaultSSLHostConfig(); +defaultSSLHostConfig.setCertificateKeyAlias(certificateKeyAlias); +} + + // - Common code // Common configuration required for all new HTTP11 processors Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java?rev=1677884r1=1677883r2=1677884view=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/AbstractEndpoint.java Tue May 5 19:48:53 2015 @@ -982,22 +982,10 @@ public abstract class AbstractEndpointS this.sslImplementationName = s; } -private String keystoreType = JKS; -public String getKeystoreType() { return keystoreType;} -public void setKeystoreType(String s ) { this.keystoreType = s;} - -private String keystoreProvider = null; -public String getKeystoreProvider() { return keystoreProvider;} -public void setKeystoreProvider(String s ) { this.keystoreProvider = s;} - private String sslProtocol = TLS; public String getSslProtocol() { return sslProtocol;} public void setSslProtocol(String s) { sslProtocol = s;} -private String keyAlias = null; -public String getKeyAlias() { return keyAlias;} -public void setKeyAlias(String s ) { keyAlias = s;} - private String truststoreFile = System.getProperty(javax.net.ssl.trustStore); public String getTruststoreFile() {return truststoreFile;} public void setTruststoreFile(String s) { Modified:
Re: Tomcat Grid
On 05/05/2015 18:55, Alarcón Vladimir wrote: Hi, for a few months I was wondering about an extension for Tomcat but I'm not sure if there would be interest from the part of the Tomcat team. It's about managing multiple Tomcat servers across multiple machines, from one (or more) centralized location, something like a Grid Admin. Anyway, the thing is that when you have many Tomcat servers, it could be useful to perform basic operations from a web or command-line interface, so to start, stop, restart, and (sometimes) kill Tomcat servers. My work includes developing web applications and also managing production deployments for clusters of small clusters of 2 servers to clusters of 70 servers, and when you have that many, it's a pain in the neck to manage them one by one. I think I can write a basic proof of concept, but I would like to find out if it's worth it or not. Definitely interested. Well worth discussing the high-level architecture on this list before you go too far with development. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57894] IllegalStateException - BINARY_FULL_WRITING
https://bz.apache.org/bugzilla/show_bug.cgi?id=57894 Mark Thomas ma...@apache.org changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #1 from Mark Thomas ma...@apache.org --- The client knows that it called sendBinary() and that that call has not returned. The client therefore *does* know that it should not make another call to sendBinary(). Keeping track of all of this is a client responsibility. (If you want to change that, lobby the WebSocket EG). Note the Javadoc for RemoteEndpoint.Basic: file:///D:/specs/tc8/ws/ws-jsr-356-1.1-final-javadoc/javax/websocket/RemoteEndpoint.Basic.html -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.0.22
2015-05-05 2:32 GMT+02:00 Christopher Schultz ch...@christopherschultz.net : Hmm... I thought that NIO2 was listed as experimental in Tomcat 8.0.x, but the configuration guide doesn't say anything to that effect. How much *more* broken in 8.0.22 is it than 8.0.21? I would say that failing spectacularly is better than failing in difficult-to-detect ways, so in that sense... is 8.0.22 an improvement over 8.0.21? Is it no longer experimental since 8.0.9, since there weren't enough bugs reported. The major fix since then has been on sendfile [the initial algorithm was wrong]. SSL is less used so issues are found later. Rémy
Re: [VOTE] Release Apache Tomcat 8.0.22
The following votes were cast: +1 (binding) : remm, markt, schultz, violetagg -1 (non-binding) : Ognjen Blagojevic The -1 vote was due to the regression of the NIO2 connector with TLS. Given the votes above, we have enough votes for the release. I intend to go ahead with the release and include a none about NIO2 and TLS in the announcements. Mark On 29/04/2015 17:41, Mark Thomas wrote: The proposed Apache Tomcat 8.0.22 release is now available for voting. The main changes since 8.0.21 are: - Change the format of the Tomcat specific URLs for resources inside JARs that are in turn packed in a WAR. The ^/ sequence has been replaced by */ so that the resulting URLs are compliant with RFC 2396 and do not trigger exceptions when converted to URIs. The old format will continue to be accepted. - When checking last modified times as part of the automatic deployment process, account for the fact that File.lastModified() has a resolution of one second to ensure that if a file has been modified within the last second, the latest version of the file is always used. Note that a side-effect of this change is that files with modification times in the future are treated as if they are unmodified. - Fix a concurrency issue in session replication when a backup message that has all session data and a backup message that has diff data are processing at the same time. There is also the usual collection of bug fixes, new features and performance improvements. For full details, see the changelog: http://svn.us.apache.org/repos/asf/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.22/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1042/ The svn tag is: http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_22/ The proposed 8.0.22 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 8.0.22 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.0.22
2015-05-04 21:58 GMT+02:00 Mark Thomas ma...@apache.org: They are both broken, it is just more obvious with 8.0.22. I'll make my mind up finally tomorrow but I am leaning towards releasing 8.0.22 making it clear that there is a known issue with NIO2 + TLS and then looking at 8.0.23 almost immediately (I want to look at BZ 57802 first). Before a new tag, I would need to get test results for SSL of course. Rémy
svn commit: r8819 - /release/tomcat/tomcat-8/v8.0.20/
Author: markt Date: Tue May 5 07:51:45 2015 New Revision: 8819 Log: Remove the old release Removed: release/tomcat/tomcat-8/v8.0.20/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r8820 - /dev/tomcat/tomcat-8/v8.0.22/ /release/tomcat/tomcat-8/v8.0.22/
Author: markt Date: Tue May 5 07:52:27 2015 New Revision: 8820 Log: Release Apache Tomcat 8.0.22 Added: release/tomcat/tomcat-8/v8.0.22/ - copied from r8746, dev/tomcat/tomcat-8/v8.0.22/ Removed: dev/tomcat/tomcat-8/v8.0.22/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57865] session.invalidate does not work when during startup war file is deployed
https://bz.apache.org/bugzilla/show_bug.cgi?id=57865 Violeta Georgieva violet...@apache.org changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |WORKSFORME --- Comment #11 from Violeta Georgieva violet...@apache.org --- Hi, I can confirm that the scenario is working with the current Tomcat 7 trunk. Regards, Violeta -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 57865] session.invalidate does not work when during startup war file is deployed
https://bz.apache.org/bugzilla/show_bug.cgi?id=57865 Alessandro Trolli alessandro.tro...@gmail.com changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|INVALID |--- --- Comment #10 from Alessandro Trolli alessandro.tro...@gmail.com --- given provided web app and configuration files steps to reproduce in 7.0.61 are: * deploy the webapp twice in different contexts (e.g. /sso1 and /sso2) * open http://localhost:8080/sso1/: it redirects to login form * log in as tomcat user * open http://localhost:8080/sso2/: user gets automatically authenticated through sso feature * click on logout on any of the two sessions * user gets immediately reauthenticated because ssoid hasn't been deregistered same steps in 7.0.59 allow the user to logout from both contexts I've seen that code has changed again to accomodate https://issues.apache.org/bugzilla/show_bug.cgi?id=57338 I haven't tested on trunk -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Tomcat Grid
I actually use Windows Powershell to execute commands on remote machines, including stopping/starting Tomcat (and other Windows Services). This works well for me - but in this case, I have complete control of all the VMs - and they are not Production Servers. I used the following articles as reference for creating the Powershell scripts: http://www.howtogeek.com/117192/how-to-run-powershell-commands-on-remote-computers/ http://stackoverflow.com/questions/6239647/using-powershell-credentials-without-being-prompted-for-a-password Regards, Christopher Aguirre On Tue, May 5, 2015 at 4:28 PM, Christopher Schultz ch...@christopherschultz.net wrote: Alarcón, On 5/5/15 1:55 PM, Alarcón Vladimir wrote: Hi, for a few months I was wondering about an extension for Tomcat but I'm not sure if there would be interest from the part of the Tomcat team. It's about managing multiple Tomcat servers across multiple machines, from one (or more) centralized location, something like a Grid Admin. Anyway, the thing is that when you have many Tomcat servers, it could be useful to perform basic operations from a web or command-line interface, so to start, stop, restart, and (sometimes) kill Tomcat servers. My work includes developing web applications and also managing production deployments for clusters of small clusters of 2 servers to clusters of 70 servers, and when you have that many, it's a pain in the neck to manage them one by one. I think I can write a basic proof of concept, but I would like to find out if it's worth it or not. I'd definitely be interested in such a tool. It sounds like it would make for a great presentation for ApacheCon Europe 2015: http://events.linuxfoundation.org/events/apachecon-europe/ Even if it ends up just being a nice wrapper around the existing ant tasks for remote-controlling the manager web application, it would be nice. The ant tasks can't bounce a Tomcat instance, though, so additional features would certainly be more interesting. -chris
Re: Tomcat Grid
Alarcón, On 5/5/15 1:55 PM, Alarcón Vladimir wrote: Hi, for a few months I was wondering about an extension for Tomcat but I'm not sure if there would be interest from the part of the Tomcat team. It's about managing multiple Tomcat servers across multiple machines, from one (or more) centralized location, something like a Grid Admin. Anyway, the thing is that when you have many Tomcat servers, it could be useful to perform basic operations from a web or command-line interface, so to start, stop, restart, and (sometimes) kill Tomcat servers. My work includes developing web applications and also managing production deployments for clusters of small clusters of 2 servers to clusters of 70 servers, and when you have that many, it's a pain in the neck to manage them one by one. I think I can write a basic proof of concept, but I would like to find out if it's worth it or not. I'd definitely be interested in such a tool. It sounds like it would make for a great presentation for ApacheCon Europe 2015: http://events.linuxfoundation.org/events/apachecon-europe/ Even if it ends up just being a nice wrapper around the existing ant tasks for remote-controlling the manager web application, it would be nice. The ant tasks can't bounce a Tomcat instance, though, so additional features would certainly be more interesting. -chris signature.asc Description: OpenPGP digital signature
Re: Tomcat Grid
Chris, On 5/5/15 4:39 PM, Chris Aguirre wrote: I actually use Windows Powershell to execute commands on remote machines, including stopping/starting Tomcat (and other Windows Services). This works well for me - but in this case, I have complete control of all the VMs - and they are not Production Servers. I used the following articles as reference for creating the Powershell scripts: http://www.howtogeek.com/117192/how-to-run-powershell-commands-on-remote-computers/ http://stackoverflow.com/questions/6239647/using-powershell-credentials-without-being-prompted-for-a-password That's great. *NIX also has ssh which can be used to execute remote commands, but that's not the hard part. The hard part is planning a regular configuration that can be deployed to possibly hundreds of separate machines (virtual or physical) and then controlled in a sane way. For instance, let's say that I have 12 machines in two separate clusters. If I want to shutdown 3 machines in each cluster, I have to execute a flurry of commands like these: $ ssh -c user@server1 /path/to/tomcat/shutdown.sh $ ssh -c user@server2 /path/to/tomcat/shutdown.sh $ ssh -c user@server3 /path/to/tomcat/shutdown.sh $ ssh -c user@server7 /path/to/tomcat/shutdown.sh $ ssh -c user@server8 /path/to/tomcat/shutdown.sh $ ssh -c user@server9 /path/to/tomcat/shutdown.sh If I had a tool that understood my deployment configuration, I could do something like this: $ cluster shutdown 1 2 3 7 8 9 If the tool was *really* nice, it might inform my load-balancer that the nodes would be coming down as well. If it was super-nice, a tool would allow me to schedule a shutdown of nodes in the near future. For example, say I want to take those same nodes offline, but I want to disable them at the lb, then wait for their sticky sessions to drain folly before stopping each Tomcat instance. And since I don't want to watch the tool while it waits, I want to get an email or SMS confirmation when each node goes down. Maybe I can get integration into monitoring tools as well, so when I intentionally take a node offline, I don't get a bunch of text messages telling me that a server has gone down. These are the kinds of things that a grid tool could do to help. Being able to execute remote commands is just one of the primitive operations of this kind of thing. -chris signature.asc Description: OpenPGP digital signature
Time for 7.0.62
Hi, I plan to start preparing Tomcat 7.0.62. If you want to add something in addition to this release, reply here. Regards, Violeta