[Bug 56148] support (multiple) ocsp stapling

2019-08-12 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=56148

--- Comment #8 from Azat  ---
(In reply to Mark Thomas from comment #6)
> This will need code changes in Tomcat Native. A rough outline of what is
> required is provided by:
> https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_tlsext_status_arg.html

Hi Мark! What's the current status of this?Any (approximate) timeline on when
someone could expect these changes to be implemented  to Tomcat native?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 56966] AccessLogValve's elapsed time has 15ms precision on Windows

2019-08-12 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=56966

--- Comment #10 from Michael Osipov  ---
(In reply to Mark Thomas from comment #9)
> The API changes to implement this mean it needs to wait for a new major
> version. I have added it to the 10.0.x TODO list.

Can you please share the todo list?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch BZ-63636/tomcat-7.0.x deleted (was 34dbc57)

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63636/tomcat-7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


 was 34dbc57  BZ 63636: Context#findRoleMapping() never called in 
StandardWrapper#findSecurityReference()

The revisions that were on this branch are still contained in
other references; therefore, this change does not discard any commits
from the repository.


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 63636] Context#findRoleMapping() never called in StandardWrapper#findSecurityReference()

2019-08-12 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=63636

Michael Osipov  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #2 from Michael Osipov  ---
Fixed in:
- master for 9.0.23 onwards
- 8.5.x for 8.5.44 onwards
- 7.0.x for 7.0.97 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 7.0.x updated (928a34a -> 34dbc57)

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 928a34a  Fix failing unit test with Java 11+ and APR/native
 add 34dbc57  BZ 63636: Context#findRoleMapping() never called in 
StandardWrapper#findSecurityReference()

No new revisions were added by this update.

Summary of changes:
 java/org/apache/catalina/core/StandardWrapper.java | 14 -
 java/org/apache/catalina/realm/RealmBase.java  |  2 +-
 .../apache/catalina/core/TestStandardWrapper.java  | 63 ++
 webapps/docs/changelog.xml |  6 ++-
 4 files changed, 82 insertions(+), 3 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 55477] Add a solution to map an realm name to a security role

2019-08-12 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=55477
Bug 55477 depends on bug 63636, which changed state.

Bug 63636 Summary: Context#findRoleMapping() never called in 
StandardWrapper#findSecurityReference()
https://bz.apache.org/bugzilla/show_bug.cgi?id=63636

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch BZ-63636/tomcat-9.0.x deleted (was 63cc1eb)

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63636/tomcat-9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


 was 63cc1eb  BZ 63636: Context#findRoleMapping() never called in 
StandardWrapper#findSecurityReference()

The revisions that were on this branch are still contained in
other references; therefore, this change does not discard any commits
from the repository.


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch BZ-63636/tomcat-8.5.x deleted (was bbd8787)

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63636/tomcat-8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


 was bbd8787  BZ 63636: Context#findRoleMapping() never called in 
StandardWrapper#findSecurityReference()

This change permanently discards the following revisions:

 discard bbd8787  BZ 63636: Context#findRoleMapping() never called in 
StandardWrapper#findSecurityReference()


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/01: BZ 63636: Context#findRoleMapping() never called in StandardWrapper#findSecurityReference()

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch BZ-63636/tomcat-7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 34dbc57b3e665e32ad1f891a7bfbd7240f38896e
Author: Michael Osipov 
AuthorDate: Mon Aug 5 21:32:58 2019 +0200

BZ 63636: Context#findRoleMapping() never called in 
StandardWrapper#findSecurityReference()
---
 java/org/apache/catalina/core/StandardWrapper.java | 14 -
 java/org/apache/catalina/realm/RealmBase.java  |  2 +-
 .../apache/catalina/core/TestStandardWrapper.java  | 63 ++
 webapps/docs/changelog.xml |  6 ++-
 4 files changed, 82 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/catalina/core/StandardWrapper.java 
b/java/org/apache/catalina/core/StandardWrapper.java
index 774d393..ff83ead 100644
--- a/java/org/apache/catalina/core/StandardWrapper.java
+++ b/java/org/apache/catalina/core/StandardWrapper.java
@@ -1006,14 +1006,26 @@ public class StandardWrapper extends ContainerBase
  */
 @Override
 public String findSecurityReference(String name) {
+String reference = null;
 
 try {
 referencesLock.readLock().lock();
-return references.get(name);
+reference = references.get(name);
 } finally {
 referencesLock.readLock().unlock();
 }
 
+// If not specified on the Wrapper, check the Context
+if (getParent() instanceof Context) {
+Context context = (Context) getParent();
+if (reference != null) {
+reference = context.findRoleMapping(reference);
+} else {
+reference = context.findRoleMapping(name);
+}
+}
+
+return reference;
 }
 
 
diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index 9c753af..8796ed8 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -1060,7 +1060,7 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements Realm {
  */
 @Override
 public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
-// Check for a role alias defined in a  element
+// Check for a role alias
 if (wrapper != null) {
 String realRole = wrapper.findSecurityReference(role);
 if (realRole != null)
diff --git a/test/org/apache/catalina/core/TestStandardWrapper.java 
b/test/org/apache/catalina/core/TestStandardWrapper.java
index 3233929..b719efe 100644
--- a/test/org/apache/catalina/core/TestStandardWrapper.java
+++ b/test/org/apache/catalina/core/TestStandardWrapper.java
@@ -19,6 +19,7 @@ package org.apache.catalina.core;
 
 import java.io.File;
 import java.io.IOException;
+import java.security.Principal;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -190,6 +191,68 @@ public class TestStandardWrapper extends TomcatBaseTest {
 Assert.assertTrue(bc.toString().contains("00-OK"));
 }
 
+@Test
+public void testRoleMappingInEngine() throws Exception {
+doTestRoleMapping("engine");
+}
+
+@Test
+public void testRoleMappingInHost() throws Exception {
+doTestRoleMapping("host");
+}
+
+@Test
+public void testRoleMappingInContext() throws Exception {
+doTestRoleMapping("context");
+}
+
+private void doTestRoleMapping(String realmContainer)
+throws Exception {
+// Setup Tomcat instance
+Tomcat tomcat = getTomcatInstance();
+
+// No file system docBase required
+Context ctx = tomcat.addContext("", null);
+ctx.addRoleMapping("testRole2", "very-complex-role-name");
+/* We won't map "testRole3" to "another-very-complex-role-name" to make
+ * it fail intentionally.
+ */
+
+Wrapper wrapper = Tomcat.addServlet(ctx, "servlet", 
TestServlet.class.getName());
+ctx.addServletMapping("/", "servlet");
+
+MapRealm realm = new MapRealm();
+
+/* Attach the realm to the appropriate container, but role mapping must
+ * always succeed because it is evaluated at context level.
+ */
+if (realmContainer.equals("engine")) {
+tomcat.getEngine().setRealm(realm);
+} else if (realmContainer.equals("host")) {
+tomcat.getHost().setRealm(realm);
+} else if (realmContainer.equals("context")) {
+ctx.setRealm(realm);
+} else {
+throw new IllegalArgumentException("realmContainer is invalid");
+}
+
+realm.addUser("testUser", "testPwd");
+realm.addUserRole("testUser", "testRole1");
+realm.addUserRole("testUser", "very-complex-role-name");
+realm.addUserRole("testUser", "another-very-complex-role-name");
+
+tomcat.start();
+
+

[tomcat] branch BZ-63636/tomcat-7.0.x created (now 34dbc57)

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63636/tomcat-7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at 34dbc57  BZ 63636: Context#findRoleMapping() never called in 
StandardWrapper#findSecurityReference()

This branch includes the following new commits:

 new 34dbc57  BZ 63636: Context#findRoleMapping() never called in 
StandardWrapper#findSecurityReference()

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: BZ 63636: Context#findRoleMapping() never called in StandardWrapper#findSecurityReference()

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new d003ac1  BZ 63636: Context#findRoleMapping() never called in 
StandardWrapper#findSecurityReference()
d003ac1 is described below

commit d003ac14caae9269f128e1722a9d826538597af6
Author: Michael Osipov 
AuthorDate: Mon Aug 5 21:32:58 2019 +0200

BZ 63636: Context#findRoleMapping() never called in 
StandardWrapper#findSecurityReference()
---
 java/org/apache/catalina/core/StandardWrapper.java | 14 -
 java/org/apache/catalina/realm/RealmBase.java  |  2 +-
 .../apache/catalina/core/TestStandardWrapper.java  | 67 ++
 webapps/docs/changelog.xml |  4 ++
 4 files changed, 85 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/core/StandardWrapper.java 
b/java/org/apache/catalina/core/StandardWrapper.java
index a12ea42..d0dd4b2 100644
--- a/java/org/apache/catalina/core/StandardWrapper.java
+++ b/java/org/apache/catalina/core/StandardWrapper.java
@@ -922,14 +922,26 @@ public class StandardWrapper extends ContainerBase
  */
 @Override
 public String findSecurityReference(String name) {
+String reference = null;
 
 referencesLock.readLock().lock();
 try {
-return references.get(name);
+reference = references.get(name);
 } finally {
 referencesLock.readLock().unlock();
 }
 
+// If not specified on the Wrapper, check the Context
+if (getParent() instanceof Context) {
+Context context = (Context) getParent();
+if (reference != null) {
+reference = context.findRoleMapping(reference);
+} else {
+reference = context.findRoleMapping(name);
+}
+}
+
+return reference;
 }
 
 
diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index eaa49aa..dd1761c 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -922,7 +922,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
  */
 @Override
 public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
-// Check for a role alias defined in a  element
+// Check for a role alias
 if (wrapper != null) {
 String realRole = wrapper.findSecurityReference(role);
 if (realRole != null) {
diff --git a/test/org/apache/catalina/core/TestStandardWrapper.java 
b/test/org/apache/catalina/core/TestStandardWrapper.java
index 30f24c1..9358345 100644
--- a/test/org/apache/catalina/core/TestStandardWrapper.java
+++ b/test/org/apache/catalina/core/TestStandardWrapper.java
@@ -18,6 +18,7 @@ package org.apache.catalina.core;
 
 import java.io.File;
 import java.io.IOException;
+import java.security.Principal;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -48,6 +49,7 @@ import org.junit.Test;
 import org.apache.catalina.Context;
 import org.apache.catalina.Wrapper;
 import org.apache.catalina.authenticator.BasicAuthenticator;
+import org.apache.catalina.realm.MessageDigestCredentialHandler;
 import org.apache.catalina.startup.TesterMapRealm;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.catalina.startup.TomcatBaseTest;
@@ -235,6 +237,71 @@ public class TestStandardWrapper extends TomcatBaseTest {
 Assert.assertTrue(bc.toString().contains("00-OK"));
 }
 
+@Test
+public void testRoleMappingInEngine() throws Exception {
+doTestRoleMapping("engine");
+}
+
+@Test
+public void testRoleMappingInHost() throws Exception {
+doTestRoleMapping("host");
+}
+
+@Test
+public void testRoleMappingInContext() throws Exception {
+doTestRoleMapping("context");
+}
+
+private void doTestRoleMapping(String realmContainer)
+throws Exception {
+// Setup Tomcat instance
+Tomcat tomcat = getTomcatInstance();
+
+// No file system docBase required
+Context ctx = tomcat.addContext("", null);
+ctx.addRoleMapping("testRole2", "very-complex-role-name");
+/* We won't map "testRole3" to "another-very-complex-role-name" to make
+ * it fail intentionally.
+ */
+
+Wrapper wrapper = Tomcat.addServlet(ctx, "servlet", 
TestServlet.class.getName());
+ctx.addServletMappingDecoded("/", "servlet");
+
+TesterMapRealm realm = new TesterMapRealm();
+MessageDigestCredentialHandler ch = new 
MessageDigestCredentialHandler();
+ch.setAlgorithm("SHA");
+realm.setCredentialHandler(ch);
+
+/* Attach the realm to the appropriate container, but role mapping must
+

[tomcat] branch master updated: Remove unused imports

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 9cf31e6  Remove unused imports
9cf31e6 is described below

commit 9cf31e6770431466ad25531c4f962dc051d34e3a
Author: Michael Osipov 
AuthorDate: Mon Aug 12 23:57:12 2019 +0200

Remove unused imports
---
 test/org/apache/catalina/realm/TestRealmBase.java | 2 --
 1 file changed, 2 deletions(-)

diff --git a/test/org/apache/catalina/realm/TestRealmBase.java 
b/test/org/apache/catalina/realm/TestRealmBase.java
index a2c013d..7ef9191 100644
--- a/test/org/apache/catalina/realm/TestRealmBase.java
+++ b/test/org/apache/catalina/realm/TestRealmBase.java
@@ -19,9 +19,7 @@ package org.apache.catalina.realm;
 import java.io.IOException;
 import java.security.Principal;
 import java.util.ArrayList;
-import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
 
 import javax.servlet.ServletSecurityElement;
 import javax.servlet.annotation.ServletSecurity;


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated (959b83e -> 63cc1eb)

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from 959b83e  Fix failing unit test with Java 11+ and APR/native
 add 63cc1eb  BZ 63636: Context#findRoleMapping() never called in 
StandardWrapper#findSecurityReference()

No new revisions were added by this update.

Summary of changes:
 java/org/apache/catalina/core/StandardWrapper.java | 14 -
 java/org/apache/catalina/realm/RealmBase.java  |  2 +-
 .../apache/catalina/core/TestStandardWrapper.java  | 67 ++
 test/org/apache/catalina/realm/TestRealmBase.java  |  2 +
 webapps/docs/changelog.xml |  4 ++
 5 files changed, 87 insertions(+), 2 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] asfgit merged pull request #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-12 Thread GitBox 
asfgit merged pull request #186: BZ 63636: Context#findRoleMapping() never 
called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186
 
 
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch BZ-63636/tomcat-8.5.x updated: BZ 63636: Context#findRoleMapping() never called in StandardWrapper#findSecurityReference()

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch BZ-63636/tomcat-8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/BZ-63636/tomcat-8.5.x by this 
push:
 new bbd8787  BZ 63636: Context#findRoleMapping() never called in 
StandardWrapper#findSecurityReference()
bbd8787 is described below

commit bbd8787c42270dc03cf6af853d745f69ba77d7f7
Author: Michael Osipov 
AuthorDate: Mon Aug 5 21:32:58 2019 +0200

BZ 63636: Context#findRoleMapping() never called in 
StandardWrapper#findSecurityReference()
---
 java/org/apache/catalina/core/StandardWrapper.java | 14 -
 java/org/apache/catalina/realm/RealmBase.java  |  2 +-
 .../apache/catalina/core/TestStandardWrapper.java  | 67 ++
 test/org/apache/catalina/realm/TestRealmBase.java  |  2 +
 webapps/docs/changelog.xml |  4 ++
 5 files changed, 87 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/core/StandardWrapper.java 
b/java/org/apache/catalina/core/StandardWrapper.java
index a12ea42..d0dd4b2 100644
--- a/java/org/apache/catalina/core/StandardWrapper.java
+++ b/java/org/apache/catalina/core/StandardWrapper.java
@@ -922,14 +922,26 @@ public class StandardWrapper extends ContainerBase
  */
 @Override
 public String findSecurityReference(String name) {
+String reference = null;
 
 referencesLock.readLock().lock();
 try {
-return references.get(name);
+reference = references.get(name);
 } finally {
 referencesLock.readLock().unlock();
 }
 
+// If not specified on the Wrapper, check the Context
+if (getParent() instanceof Context) {
+Context context = (Context) getParent();
+if (reference != null) {
+reference = context.findRoleMapping(reference);
+} else {
+reference = context.findRoleMapping(name);
+}
+}
+
+return reference;
 }
 
 
diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index eaa49aa..dd1761c 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -922,7 +922,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
  */
 @Override
 public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
-// Check for a role alias defined in a  element
+// Check for a role alias
 if (wrapper != null) {
 String realRole = wrapper.findSecurityReference(role);
 if (realRole != null) {
diff --git a/test/org/apache/catalina/core/TestStandardWrapper.java 
b/test/org/apache/catalina/core/TestStandardWrapper.java
index 30f24c1..9358345 100644
--- a/test/org/apache/catalina/core/TestStandardWrapper.java
+++ b/test/org/apache/catalina/core/TestStandardWrapper.java
@@ -18,6 +18,7 @@ package org.apache.catalina.core;
 
 import java.io.File;
 import java.io.IOException;
+import java.security.Principal;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -48,6 +49,7 @@ import org.junit.Test;
 import org.apache.catalina.Context;
 import org.apache.catalina.Wrapper;
 import org.apache.catalina.authenticator.BasicAuthenticator;
+import org.apache.catalina.realm.MessageDigestCredentialHandler;
 import org.apache.catalina.startup.TesterMapRealm;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.catalina.startup.TomcatBaseTest;
@@ -235,6 +237,71 @@ public class TestStandardWrapper extends TomcatBaseTest {
 Assert.assertTrue(bc.toString().contains("00-OK"));
 }
 
+@Test
+public void testRoleMappingInEngine() throws Exception {
+doTestRoleMapping("engine");
+}
+
+@Test
+public void testRoleMappingInHost() throws Exception {
+doTestRoleMapping("host");
+}
+
+@Test
+public void testRoleMappingInContext() throws Exception {
+doTestRoleMapping("context");
+}
+
+private void doTestRoleMapping(String realmContainer)
+throws Exception {
+// Setup Tomcat instance
+Tomcat tomcat = getTomcatInstance();
+
+// No file system docBase required
+Context ctx = tomcat.addContext("", null);
+ctx.addRoleMapping("testRole2", "very-complex-role-name");
+/* We won't map "testRole3" to "another-very-complex-role-name" to make
+ * it fail intentionally.
+ */
+
+Wrapper wrapper = Tomcat.addServlet(ctx, "servlet", 
TestServlet.class.getName());
+ctx.addServletMappingDecoded("/", "servlet");
+
+TesterMapRealm realm = new TesterMapRealm();
+MessageDigestCredentialHandler ch = new 
MessageDigestCredentialHandler();
+ch.setAlgorithm("SHA");
+

[tomcat] branch BZ-63636/tomcat-9.0.x updated (01e3233 -> 63cc1eb)

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63636/tomcat-9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


omit 01e3233  Add proper tests in TestStandardWrapper
omit d53f76b  Move Context#findRoleMapping() to 
Wrapper#findSecurityReference()
omit 6406825  Change position in changelog.xml
omit c9d3859  BZ 63636: Context#findRoleMapping() never called in 
RealmBase#hasRole()
 add 959b83e  Fix failing unit test with Java 11+ and APR/native
 new 63cc1eb  BZ 63636: Context#findRoleMapping() never called in 
StandardWrapper#findSecurityReference()

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (01e3233)
\
 N -- N -- N   refs/heads/BZ-63636/tomcat-9.0.x (63cc1eb)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../org/apache/catalina/core/TestStandardWrapper.java |   9 +
 test/org/apache/tomcat/util/net/user1.jks | Bin 2717 -> 2666 bytes
 webapps/docs/changelog.xml|   2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/01: BZ 63636: Context#findRoleMapping() never called in StandardWrapper#findSecurityReference()

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch BZ-63636/tomcat-9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 63cc1eb4607846e055047d582b8f022755f164cc
Author: Michael Osipov 
AuthorDate: Mon Aug 5 21:32:58 2019 +0200

BZ 63636: Context#findRoleMapping() never called in 
StandardWrapper#findSecurityReference()
---
 java/org/apache/catalina/core/StandardWrapper.java | 14 -
 java/org/apache/catalina/realm/RealmBase.java  |  2 +-
 .../apache/catalina/core/TestStandardWrapper.java  | 67 ++
 test/org/apache/catalina/realm/TestRealmBase.java  |  2 +
 webapps/docs/changelog.xml |  4 ++
 5 files changed, 87 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/core/StandardWrapper.java 
b/java/org/apache/catalina/core/StandardWrapper.java
index a28dd73..7bfb512 100644
--- a/java/org/apache/catalina/core/StandardWrapper.java
+++ b/java/org/apache/catalina/core/StandardWrapper.java
@@ -920,14 +920,26 @@ public class StandardWrapper extends ContainerBase
  */
 @Override
 public String findSecurityReference(String name) {
+String reference = null;
 
 referencesLock.readLock().lock();
 try {
-return references.get(name);
+reference = references.get(name);
 } finally {
 referencesLock.readLock().unlock();
 }
 
+// If not specified on the Wrapper, check the Context
+if (getParent() instanceof Context) {
+Context context = (Context) getParent();
+if (reference != null) {
+reference = context.findRoleMapping(reference);
+} else {
+reference = context.findRoleMapping(name);
+}
+}
+
+return reference;
 }
 
 
diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index c779c34..833973a 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -920,7 +920,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
  */
 @Override
 public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
-// Check for a role alias defined in a  element
+// Check for a role alias
 if (wrapper != null) {
 String realRole = wrapper.findSecurityReference(role);
 if (realRole != null) {
diff --git a/test/org/apache/catalina/core/TestStandardWrapper.java 
b/test/org/apache/catalina/core/TestStandardWrapper.java
index 30f24c1..9358345 100644
--- a/test/org/apache/catalina/core/TestStandardWrapper.java
+++ b/test/org/apache/catalina/core/TestStandardWrapper.java
@@ -18,6 +18,7 @@ package org.apache.catalina.core;
 
 import java.io.File;
 import java.io.IOException;
+import java.security.Principal;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -48,6 +49,7 @@ import org.junit.Test;
 import org.apache.catalina.Context;
 import org.apache.catalina.Wrapper;
 import org.apache.catalina.authenticator.BasicAuthenticator;
+import org.apache.catalina.realm.MessageDigestCredentialHandler;
 import org.apache.catalina.startup.TesterMapRealm;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.catalina.startup.TomcatBaseTest;
@@ -235,6 +237,71 @@ public class TestStandardWrapper extends TomcatBaseTest {
 Assert.assertTrue(bc.toString().contains("00-OK"));
 }
 
+@Test
+public void testRoleMappingInEngine() throws Exception {
+doTestRoleMapping("engine");
+}
+
+@Test
+public void testRoleMappingInHost() throws Exception {
+doTestRoleMapping("host");
+}
+
+@Test
+public void testRoleMappingInContext() throws Exception {
+doTestRoleMapping("context");
+}
+
+private void doTestRoleMapping(String realmContainer)
+throws Exception {
+// Setup Tomcat instance
+Tomcat tomcat = getTomcatInstance();
+
+// No file system docBase required
+Context ctx = tomcat.addContext("", null);
+ctx.addRoleMapping("testRole2", "very-complex-role-name");
+/* We won't map "testRole3" to "another-very-complex-role-name" to make
+ * it fail intentionally.
+ */
+
+Wrapper wrapper = Tomcat.addServlet(ctx, "servlet", 
TestServlet.class.getName());
+ctx.addServletMappingDecoded("/", "servlet");
+
+TesterMapRealm realm = new TesterMapRealm();
+MessageDigestCredentialHandler ch = new 
MessageDigestCredentialHandler();
+ch.setAlgorithm("SHA");
+realm.setCredentialHandler(ch);
+
+/* Attach the realm to the appropriate container, but role mapping must
+ * always succeed because it is evaluated at context level.
+ */
+if (realmContainer.equals("engine")) {
+

Re: JDK 13 is now in the Release Candidate Phase

2019-08-12 Thread Mark Thomas 
Latest Tomcat 9.0.x builds and completes unit tests with both without
any issues.

Mark


On 10/08/2019 11:23, Rory O'Donnell wrote:
> Hi Mark,
> 
> *JDK 13 is now in the Release Candidate Phase - if you are aware of any
> issues, please let us know.
> *
> 
> Per the JDK 13 schedule [1], we are now in the Release Candidate phase.
> The stabilization repository, jdk/jdk13, is open for P1 bug fixes per
> the JDK Release Process (JEP 3) [2].
> All changes require approval via the Fix-Request Process [3].
> 
> For more details, see Mark Reinhold's email to jdk-dev mailing list [4] 
> 
>   * Milestone Schedule:
>   o Initial RC Build 33 - Aug 9, 2019
>   o GAC - Aug 22, 2019
>   o GAR - Sept 5, 2019
>   o GA - Sept 17, 2019
> 
> *OpenJDK 13 build 33 is available at http://jdk.java.net/13/*
> 
>   * These early access, open source builds are provided under the GNU
> General Public License, version 2, with the Classpath Exception
> .
>   * Schedule, status & features
>   o http://openjdk.java.net/projects/jdk/13/
>   * Release Notes
>   o http://jdk.java.net/13/release-notes
>   * Bug fixes reported by Open Source Projects  :
>   o JDK-8228764 - fixed in b32 -reported by Apache Tomcat
> 
> **OpenJDK 14 *EA build 9 is now available at **http://jdk.java.net/14**
> *
> 
>   * These early access, open source builds are provided under the GNU
> General Public License, version 2, with the Classpath Exception
> .
>   * Release Notes
>   o http://jdk.java.net/14/release-notes
>   * JEPs targeted to JDK 14
>   o JEP 352  - Non-Volatile Mapped
> Byte Buffers
>   * Changes in this build
> 
> 
>   * Bug fixes reported by Open Source Projects  :
>   o JDK-8227170 - fixed in b8 -reported by Apache Ant
>   o JDK-8228485 - fixed in b8 -reported by JaCoCo
>   o JDK-8222791 - fixed in b7 -reported by Apache Lucene
> 
> *Project Panama Early-Access Builds*
> 
>   * Build jdk-14-panama+1-15 (2019/8/8) is available at
> http://jdk.java.net/panama/
>   * These early-access, open-source builds are provided under the GNU
> General Public License, version 2, with the Classpath Exception
> .
> 
> Regards,
> Rory
> 
> [1] https://openjdk.java.net/projects/jdk/13/#Schedule
> [2] https://openjdk.java.net/jeps/3
> [3] https://openjdk.java.net/jeps/3#Fix-Request-Process
> [4] https://mail.openjdk.java.net/pipermail/jdk-dev/2019-August/003250.html
> 
> -- 
> Rgds,Rory O'Donnell
> Quality Engineering Manager
> Oracle EMEA , Dublin, Ireland 
> 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59716] Allow JNDI configuration of CorsFilter

2019-08-12 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59716

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |WONTFIX
 Status|NEW |RESOLVED

--- Comment #3 from Mark Thomas  ---
Closing this ticket as per the OP's comment. It is also worth noting that Java
EE allows the injection of values from JNDI into Servlets, Filters etc. See
section 5 of the Java EE 8 spec.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on issue #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-12 Thread GitBox 
markt-asf commented on issue #186: BZ 63636: Context#findRoleMapping() never 
called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#issuecomment-520490637
 
 
   Test LGTM.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 7.0.x updated: Fix failing unit test with Java 11+ and APR/native

2019-08-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
 new 928a34a  Fix failing unit test with Java 11+ and APR/native
928a34a is described below

commit 928a34a7d01cc6752722993e3cfb3847e4364faa
Author: Mark Thomas 
AuthorDate: Mon Aug 12 16:57:41 2019 +0100

Fix failing unit test with Java 11+ and APR/native

The recent regeneration of test keys/certs including the OCSP extension
in the certificates. This triggered a failure with the APR/native
connector as it is OCSP enabled and the test did not start an OCSP
responder.
---
 test/org/apache/tomcat/util/net/user1.jks | Bin 2717 -> 2666 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/test/org/apache/tomcat/util/net/user1.jks 
b/test/org/apache/tomcat/util/net/user1.jks
index cc6b564..da6699a 100644
Binary files a/test/org/apache/tomcat/util/net/user1.jks and 
b/test/org/apache/tomcat/util/net/user1.jks differ


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Fix failing unit test with Java 11+ and APR/native

2019-08-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new e49905e  Fix failing unit test with Java 11+ and APR/native
e49905e is described below

commit e49905ebd2ec2696384cc5474b178b5396633f68
Author: Mark Thomas 
AuthorDate: Mon Aug 12 16:57:41 2019 +0100

Fix failing unit test with Java 11+ and APR/native

The recent regeneration of test keys/certs including the OCSP extension
in the certificates. This triggered a failure with the APR/native
connector as it is OCSP enabled and the test did not start an OCSP
responder.
---
 test/org/apache/tomcat/util/net/user1.jks | Bin 2717 -> 2666 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/test/org/apache/tomcat/util/net/user1.jks 
b/test/org/apache/tomcat/util/net/user1.jks
index cc6b564..da6699a 100644
Binary files a/test/org/apache/tomcat/util/net/user1.jks and 
b/test/org/apache/tomcat/util/net/user1.jks differ


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: Fix failing unit test with Java 11+ and APR/native

2019-08-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 959b83e  Fix failing unit test with Java 11+ and APR/native
959b83e is described below

commit 959b83e85ca3b374539171e5f2574e29193bab9d
Author: Mark Thomas 
AuthorDate: Mon Aug 12 16:57:41 2019 +0100

Fix failing unit test with Java 11+ and APR/native

The recent regeneration of test keys/certs including the OCSP extension
in the certificates. This triggered a failure with the APR/native
connector as it is OCSP enabled and the test did not start an OCSP
responder.
---
 test/org/apache/tomcat/util/net/user1.jks | Bin 2717 -> 2666 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/test/org/apache/tomcat/util/net/user1.jks 
b/test/org/apache/tomcat/util/net/user1.jks
index cc6b564..da6699a 100644
Binary files a/test/org/apache/tomcat/util/net/user1.jks and 
b/test/org/apache/tomcat/util/net/user1.jks differ


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on issue #188: Introduce Tomcat Source-to-Image (S2I)

2019-08-12 Thread GitBox 
michael-o commented on issue #188: Introduce Tomcat Source-to-Image (S2I)
URL: https://github.com/apache/tomcat/pull/188#issuecomment-520475521
 
 
   I am against pulling this one for several reasons:
   
   * This is CentOS-specific and OpenShift
   * Someone has to maintain it, likely none of us won't
   * It duplicates several configuration files
   
   This is best handled by the community or by Red Hat ($$$)


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on issue #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-12 Thread GitBox 
michael-o commented on issue #186: BZ 63636: Context#findRoleMapping() never 
called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#issuecomment-520472525
 
 
   All tests pass on Tomcat 9.0.x.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] maxime-beck opened a new pull request #188: Introduce Tomcat Source-to-Image (S2I)

2019-08-12 Thread GitBox 
maxime-beck opened a new pull request #188: Introduce Tomcat Source-to-Image 
(S2I)
URL: https://github.com/apache/tomcat/pull/188
 
 
   # Tomcat - Source-to-Image (S2I)
   This resource provides a CentOS-based Docker image that enables 
[Source-to-Image](https://github.com/openshift/source-to-image) building for 
Tomcat. It builds the sources of a webapp and deploys it to a fully functional 
containerized Tomcat Server. The generated image can then easily be run locally 
or deployed to a Kubernetes-based Server.
   
   ## Usage
   1. Build an image:
   ```bash
   $ s2i build [SOURCE_URL] tomcat-s2i my-webapp-image
   ```
   Where `[SOURCE_URL]` is either the URL to a Git repository or a path to 
local sources.
   
   2. Run it:
   ```bash
   $ docker run -p 8080:8080 my-webapp-image
   ```


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch BZ-63636/tomcat-8.5.x updated (08e169e -> 694bc81)

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63636/tomcat-8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


 discard 08e169e  BZ 63636: Context#findRoleMapping() never called in 
RealmBase#hasRole()
 add c6f5d73  Refactor Servlet 3 async timeouts to become a more generic 
timeout
 add 07aa80d  Extend the timeout functionality to internal upgrade 
processors
 add 7943b50  Improve HTTP/2 connection timeout handling
 add 310a791  Update expiring test certs
 add 69880c6  Align the comments with the usage message
 add 838eefc  Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63285
 add 9071b38  Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63285
 add b52978a  Fix https://github.com/apache/tomcat/pull/187 Avoid NPE
 add c3761d2  Merge additional fix for DBCP-555
 add 694bc81  Refactor fix for BZ 63285 so .exe rename is on request not by 
default

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (08e169e)
\
 N -- N -- N   refs/heads/BZ-63636/tomcat-8.5.x (694bc81)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

No new revisions were added by this update.

Summary of changes:
 MERGE.txt  |   2 +-
 bin/service.bat| 122 ++--
 java/org/apache/catalina/realm/RealmBase.java  |   9 --
 .../valves/CrawlerSessionManagerValve.java |   2 +-
 java/org/apache/coyote/AbstractProcessor.java  |   9 +-
 java/org/apache/coyote/AbstractProtocol.java   |  13 +-
 java/org/apache/coyote/Processor.java  |  14 +-
 .../http11/upgrade/InternalHttpUpgradeHandler.java |   2 +
 .../http11/upgrade/UpgradeProcessorBase.java   |  10 +-
 .../http11/upgrade/UpgradeProcessorInternal.java   |   6 +
 .../apache/coyote/http2/Http2UpgradeHandler.java   |  99 ++---
 .../tomcat/dbcp/dbcp2/DelegatingConnection.java|  10 +-
 .../tomcat/dbcp/dbcp2/DelegatingStatement.java |  10 +-
 .../dbcp/dbcp2/PoolableCallableStatement.java  |   8 +-
 .../dbcp/dbcp2/PoolablePreparedStatement.java  |   8 +-
 .../apache/tomcat/dbcp/dbcp2/SQLExceptionList.java |   8 +-
 .../websocket/server/WsHttpUpgradeHandler.java |   6 +
 test/org/apache/catalina/realm/TestRealmBase.java  |  43 --
 .../valves/TestCrawlerSessionManagerValve.java |  41 +-
 .../http11/upgrade/TestUpgradeInternalHandler.java |   5 +
 .../apache/tomcat/util/net/localhost-rsa-cert.pem  | 154 +++--
 .../apache/tomcat/util/net/localhost-rsa-copy1.jks | Bin 4404 -> 2737 bytes
 .../apache/tomcat/util/net/localhost-rsa-key.pem   |  52 +++
 test/org/apache/tomcat/util/net/localhost-rsa.jks  | Bin 4404 -> 4455 bytes
 test/org/apache/tomcat/util/net/user1.jks  | Bin 2666 -> 2717 bytes
 webapps/docs/changelog.xml |  39 +-
 webapps/docs/windows-service-howto.xml |  14 +-
 27 files changed, 421 insertions(+), 265 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 63636] Context#findRoleMapping() never called in StandardWrapper#findSecurityReference()

2019-08-12 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=63636

Michael Osipov  changed:

   What|Removed |Added

 Blocks||55477


Referenced Bugs:

https://bz.apache.org/bugzilla/show_bug.cgi?id=55477
[Bug 55477] Add a solution to map an realm name to a security role
-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 55477] Add a solution to map an realm name to a security role

2019-08-12 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=55477

Michael Osipov  changed:

   What|Removed |Added

 CC||micha...@apache.org
 Depends on||63636


Referenced Bugs:

https://bz.apache.org/bugzilla/show_bug.cgi?id=63636
[Bug 63636] Context#findRoleMapping() never called in
StandardWrapper#findSecurityReference()
-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 55104] Allow passing arguments with spaces to Commons Daemon

2019-08-12 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=55104

--- Comment #2 from Michael Osipov  ---
..and it won't because Bourne shell does not support this. Same issue persists
for the Maven start script. One would need to switch to Bash.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 63636] Context#findRoleMapping() never called in StandardWrapper#findSecurityReference()

2019-08-12 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=63636

Michael Osipov  changed:

   What|Removed |Added

Summary|Context#findRoleMapping()   |Context#findRoleMapping()
   |never called in |never called in
   |RealmBase#hasRole() |StandardWrapper#findSecurit
   ||yReference()

--- Comment #1 from Michael Osipov  ---
The change has been moved to StandardWrapper#findSecurityReference() as agreed
in the PR discussion in GitHub.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 04/04: Add proper tests in TestStandardWrapper

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch BZ-63636/tomcat-9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 01e323350c17e850b9d6e297e7fdd480c65e02cf
Author: Michael Osipov 
AuthorDate: Mon Aug 12 15:58:47 2019 +0200

Add proper tests in TestStandardWrapper
---
 .../apache/catalina/core/TestStandardWrapper.java  | 66 ++
 test/org/apache/catalina/realm/TestRealmBase.java  | 41 --
 2 files changed, 66 insertions(+), 41 deletions(-)

diff --git a/test/org/apache/catalina/core/TestStandardWrapper.java 
b/test/org/apache/catalina/core/TestStandardWrapper.java
index 30f24c1..179cc98 100644
--- a/test/org/apache/catalina/core/TestStandardWrapper.java
+++ b/test/org/apache/catalina/core/TestStandardWrapper.java
@@ -18,6 +18,7 @@ package org.apache.catalina.core;
 
 import java.io.File;
 import java.io.IOException;
+import java.security.Principal;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -48,6 +49,7 @@ import org.junit.Test;
 import org.apache.catalina.Context;
 import org.apache.catalina.Wrapper;
 import org.apache.catalina.authenticator.BasicAuthenticator;
+import org.apache.catalina.realm.MessageDigestCredentialHandler;
 import org.apache.catalina.startup.TesterMapRealm;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.catalina.startup.TomcatBaseTest;
@@ -235,6 +237,70 @@ public class TestStandardWrapper extends TomcatBaseTest {
 Assert.assertTrue(bc.toString().contains("00-OK"));
 }
 
+@Test
+public void testRoleMappingInEngine() throws Exception {
+doTestRoleMapping("engine");
+}
+
+@Test
+public void testRoleMappingInHost() throws Exception {
+doTestRoleMapping("host");
+}
+
+@Test
+public void testRoleMappingInContext() throws Exception {
+doTestRoleMapping("context");
+}
+
+private void doTestRoleMapping(String realmContainer)
+throws Exception {
+// Setup Tomcat instance
+Tomcat tomcat = getTomcatInstance();
+
+// No file system docBase required
+Context ctx = tomcat.addContext("", null);
+ctx.addRoleMapping("testRole2", "very-complex-role-name");
+// We won't map testRole3 to "another-very-complex-role-name" to make 
it fail
+// intentionally
+
+Wrapper wrapper = Tomcat.addServlet(ctx, "servlet", 
TestServlet.class.getName());
+ctx.addServletMappingDecoded("/", "servlet");
+
+TesterMapRealm realm = new TesterMapRealm();
+MessageDigestCredentialHandler ch = new 
MessageDigestCredentialHandler();
+ch.setAlgorithm("SHA");
+realm.setCredentialHandler(ch);
+
+/* Attach the realm to the appropriate container, but role mapping 
must succeed always
+ * because it is evaluated at context level later.
+ */
+if (realmContainer.equals("engine")) {
+tomcat.getEngine().setRealm(realm);
+} else if (realmContainer.equals("host")) {
+tomcat.getHost().setRealm(realm);
+} else if (realmContainer.equals("context")) {
+ctx.setRealm(realm);
+} else {
+throw new IllegalArgumentException("realmContainer is invalid");
+}
+
+realm.addUser("testUser", ch.mutate("testPwd"));
+realm.addUserRole("testUser", "testRole1");
+realm.addUserRole("testUser", "very-complex-role-name");
+realm.addUserRole("testUser", "another-very-complex-role-name");
+
+tomcat.start();
+
+Principal p = realm.authenticate("testUser", "testPwd");
+
+Assert.assertNotNull(p);
+Assert.assertEquals("testUser", p.getName());
+Assert.assertTrue(realm.hasRole(wrapper, p, "testRole1"));
+Assert.assertTrue(realm.hasRole(wrapper, p, "testRole2"));
+Assert.assertTrue(realm.hasRole(wrapper, p, "very-complex-role-name"));
+Assert.assertFalse(realm.hasRole(wrapper, p, "testRole3"));
+}
+
 private void doTestSecurityAnnotationsAddServlet(boolean useCreateServlet)
 throws Exception {
 
diff --git a/test/org/apache/catalina/realm/TestRealmBase.java 
b/test/org/apache/catalina/realm/TestRealmBase.java
index b4d35fb..a2c013d 100644
--- a/test/org/apache/catalina/realm/TestRealmBase.java
+++ b/test/org/apache/catalina/realm/TestRealmBase.java
@@ -791,45 +791,4 @@ public class TestRealmBase {
 Assert.assertFalse(mapRealm.hasResourcePermission(
 request, response, constraintsDelete, null));
 }
-
-@Test
-public void testRoleMapping() throws Exception {
-Context context = new TesterContext() {
-private Map roleMapping = new HashMap<>();
-
-public void addRoleMapping(String role, String link) {
-roleMapping.put(role, link);
-}
-
-@Override
-public String findRoleMapping(String

[tomcat] branch BZ-63636/tomcat-9.0.x updated (a17d338 -> 01e3233)

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a change to branch BZ-63636/tomcat-9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


 discard a17d338  Add proper tests in TestStandardWrapper
omit 64f5402  Move Context#findRoleMapping() to 
Wrapper#findSecurityReference()
omit 7b9ff2c  Change position in changelog.xml
omit 738380b  BZ 63636: Context#findRoleMapping() never called in 
RealmBase#hasRole()
 add d3a5b1c  Refactor Servlet 3 async timeouts to become a more generic 
timeout
 add 863b18e  Extend the timeout functionality to internal upgrade 
processors
 add 5d7f2ea  Improve HTTP/2 connection timeout handling
 add e3a59c3  Update expiring test certs
 add 62da9b7  Align the comments with the usage message
 add 7ac5fc8  Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63285
 add 4aac8d4  Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63650
 add 6d6e1c4  Fix https://github.com/apache/tomcat/pull/187 Avoid NPE
 add 9feda96  Merge additional fix for DBCP-555
 add 2933e68  Refactor fix for BZ 63285 so .exe rename is on request not by 
default
 new c9d3859  BZ 63636: Context#findRoleMapping() never called in 
RealmBase#hasRole()
 new 6406825  Change position in changelog.xml
 new d53f76b  Move Context#findRoleMapping() to 
Wrapper#findSecurityReference()
 new 01e3233  Add proper tests in TestStandardWrapper

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (a17d338)
\
 N -- N -- N   refs/heads/BZ-63636/tomcat-9.0.x (01e3233)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 MERGE.txt  |   2 +-
 bin/service.bat| 122 ++--
 .../valves/CrawlerSessionManagerValve.java |   2 +-
 java/org/apache/coyote/AbstractProcessor.java  |   9 +-
 java/org/apache/coyote/AbstractProtocol.java   |  34 +++--
 java/org/apache/coyote/Processor.java  |  14 +-
 .../http11/upgrade/InternalHttpUpgradeHandler.java |   2 +
 .../http11/upgrade/UpgradeProcessorBase.java   |  10 +-
 .../http11/upgrade/UpgradeProcessorInternal.java   |   6 +
 .../coyote/http2/Http2AsyncUpgradeHandler.java |   6 +-
 .../apache/coyote/http2/Http2UpgradeHandler.java   |  97 ++---
 .../tomcat/dbcp/dbcp2/DelegatingConnection.java|  10 +-
 .../tomcat/dbcp/dbcp2/DelegatingStatement.java |  10 +-
 .../dbcp/dbcp2/PoolableCallableStatement.java  |   8 +-
 .../dbcp/dbcp2/PoolablePreparedStatement.java  |   8 +-
 .../apache/tomcat/dbcp/dbcp2/SQLExceptionList.java |   8 +-
 java/org/apache/tomcat/util/net/jsse/JSSEUtil.java | 121 
 .../websocket/server/WsHttpUpgradeHandler.java |   6 +
 .../valves/TestCrawlerSessionManagerValve.java |  41 +-
 .../http11/upgrade/TestUpgradeInternalHandler.java |   5 +
 .../apache/tomcat/util/net/localhost-rsa-cert.pem  | 154 +++--
 .../apache/tomcat/util/net/localhost-rsa-copy1.jks | Bin 4404 -> 2737 bytes
 .../apache/tomcat/util/net/localhost-rsa-key.pem   |  52 +++
 test/org/apache/tomcat/util/net/localhost-rsa.jks  | Bin 4404 -> 4455 bytes
 test/org/apache/tomcat/util/net/user1.jks  | Bin 2666 -> 2717 bytes
 webapps/docs/changelog.xml |  31 -
 webapps/docs/windows-service-howto.xml |  14 +-
 27 files changed, 498 insertions(+), 274 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 03/04: Move Context#findRoleMapping() to Wrapper#findSecurityReference()

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch BZ-63636/tomcat-9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit d53f76b1d6fd8e8f636f98a66b74aa8242a8d23b
Author: Michael Osipov 
AuthorDate: Thu Aug 8 12:48:47 2019 +0200

Move Context#findRoleMapping() to Wrapper#findSecurityReference()
---
 java/org/apache/catalina/core/StandardWrapper.java | 14 +-
 java/org/apache/catalina/realm/RealmBase.java  | 11 +--
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/java/org/apache/catalina/core/StandardWrapper.java 
b/java/org/apache/catalina/core/StandardWrapper.java
index a28dd73..7bfb512 100644
--- a/java/org/apache/catalina/core/StandardWrapper.java
+++ b/java/org/apache/catalina/core/StandardWrapper.java
@@ -920,14 +920,26 @@ public class StandardWrapper extends ContainerBase
  */
 @Override
 public String findSecurityReference(String name) {
+String reference = null;
 
 referencesLock.readLock().lock();
 try {
-return references.get(name);
+reference = references.get(name);
 } finally {
 referencesLock.readLock().unlock();
 }
 
+// If not specified on the Wrapper, check the Context
+if (getParent() instanceof Context) {
+Context context = (Context) getParent();
+if (reference != null) {
+reference = context.findRoleMapping(reference);
+} else {
+reference = context.findRoleMapping(name);
+}
+}
+
+return reference;
 }
 
 
diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index dbeeaa3..833973a 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -920,7 +920,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
  */
 @Override
 public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
-// Check for a role alias defined in a  element
+// Check for a role alias
 if (wrapper != null) {
 String realRole = wrapper.findSecurityReference(role);
 if (realRole != null) {
@@ -928,15 +928,6 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
 }
 }
 
-// Check for a role alias/mapping defined on context level
-if (getContainer() instanceof Context) {
-Context context = (Context) getContainer();
-String realRole = context.findRoleMapping(role);
-if (realRole != null) {
-role = realRole;
-}
-}
-
 // Should be overridden in JAASRealm - to avoid pretty inefficient 
conversions
 if (principal == null || role == null) {
 return false;


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/04: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch BZ-63636/tomcat-9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit c9d38596d29db2af3cc1fee16a5b86d453a46b49
Author: Michael Osipov 
AuthorDate: Mon Aug 5 21:32:58 2019 +0200

BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()
---
 java/org/apache/catalina/realm/RealmBase.java |  9 +
 test/org/apache/catalina/realm/TestRealmBase.java | 43 +++
 webapps/docs/changelog.xml|  4 +++
 3 files changed, 56 insertions(+)

diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index c779c34..dbeeaa3 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -928,6 +928,15 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
 }
 }
 
+// Check for a role alias/mapping defined on context level
+if (getContainer() instanceof Context) {
+Context context = (Context) getContainer();
+String realRole = context.findRoleMapping(role);
+if (realRole != null) {
+role = realRole;
+}
+}
+
 // Should be overridden in JAASRealm - to avoid pretty inefficient 
conversions
 if (principal == null || role == null) {
 return false;
diff --git a/test/org/apache/catalina/realm/TestRealmBase.java 
b/test/org/apache/catalina/realm/TestRealmBase.java
index 7ef9191..b4d35fb 100644
--- a/test/org/apache/catalina/realm/TestRealmBase.java
+++ b/test/org/apache/catalina/realm/TestRealmBase.java
@@ -19,7 +19,9 @@ package org.apache.catalina.realm;
 import java.io.IOException;
 import java.security.Principal;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import javax.servlet.ServletSecurityElement;
 import javax.servlet.annotation.ServletSecurity;
@@ -789,4 +791,45 @@ public class TestRealmBase {
 Assert.assertFalse(mapRealm.hasResourcePermission(
 request, response, constraintsDelete, null));
 }
+
+@Test
+public void testRoleMapping() throws Exception {
+Context context = new TesterContext() {
+private Map roleMapping = new HashMap<>();
+
+public void addRoleMapping(String role, String link) {
+roleMapping.put(role, link);
+}
+
+@Override
+public String findRoleMapping(String role) {
+return roleMapping.get(role);
+}
+};
+
+context.addRoleMapping(ROLE2, "very-complex-role-name");
+// We won't map ROLE3 to "another-very-complex-role-name" to make it 
fail
+// intentionally
+
+TesterMapRealm realm = new TesterMapRealm();
+MessageDigestCredentialHandler ch = new 
MessageDigestCredentialHandler();
+ch.setAlgorithm("SHA");
+realm.setCredentialHandler(ch);
+realm.setContainer(context);
+realm.start();
+
+realm.addUser(USER1, PWD_SHA);
+realm.addUserRole(USER1, ROLE1);
+realm.addUserRole(USER1, "very-complex-role-name");
+realm.addUserRole(USER1, "another-very-complex-role-name");
+
+Principal p = realm.authenticate(USER1, PWD);
+
+Assert.assertNotNull(p);
+Assert.assertEquals(USER1, p.getName());
+Assert.assertTrue(realm.hasRole(null, p, ROLE1));
+Assert.assertTrue(realm.hasRole(null, p, ROLE2));
+Assert.assertTrue(realm.hasRole(null, p, "very-complex-role-name"));
+Assert.assertFalse(realm.hasRole(null, p, ROLE3));
+}
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 214ec60..8d2855e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -47,6 +47,10 @@
 
   
 
+  
+63636: Context.findRoleMapping() never called
+in RealmBase#hasRole(). (michaelo)
+  
   
 63627: Implement more fine-grained handling in
 RealmBase.authenticate(GSSContext, boolean). (michaelo)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/04: Change position in changelog.xml

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch BZ-63636/tomcat-9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 64068254188d33a5b9f7b7805a35a7be001d8c5c
Author: Michael Osipov 
AuthorDate: Thu Aug 8 12:37:01 2019 +0200

Change position in changelog.xml
---
 webapps/docs/changelog.xml | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8d2855e..bc3ad14 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -47,10 +47,6 @@
 
   
 
-  
-63636: Context.findRoleMapping() never called
-in RealmBase#hasRole(). (michaelo)
-  
   
 63627: Implement more fine-grained handling in
 RealmBase.authenticate(GSSContext, boolean). (michaelo)
@@ -97,6 +93,10 @@
 and a request does not map to any of the other deployed Contexts. Patch
 provided by Jop Zinkweg. (markt)
   
+  
+63636: Context.findRoleMapping() never called
+in RealmBase#hasRole(). (michaelo)
+  
  
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on issue #186: BZ 63636: Context#findRoleMapping() never called in RealmBase#hasRole()

2019-08-12 Thread GitBox 
michael-o commented on issue #186: BZ 63636: Context#findRoleMapping() never 
called in RealmBase#hasRole()
URL: https://github.com/apache/tomcat/pull/186#issuecomment-520436938
 
 
   @markt-asf I have now added proper tests. Please have a look. If they are as 
expected, I'll rebase, squash, merge and backport.


This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch BZ-63636/tomcat-9.0.x updated: Add proper tests in TestStandardWrapper

2019-08-12 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch BZ-63636/tomcat-9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/BZ-63636/tomcat-9.0.x by this 
push:
 new a17d338  Add proper tests in TestStandardWrapper
a17d338 is described below

commit a17d338c13667a286dfd4357e051ef4479da0829
Author: Michael Osipov 
AuthorDate: Mon Aug 12 15:58:47 2019 +0200

Add proper tests in TestStandardWrapper
---
 .../apache/catalina/core/TestStandardWrapper.java  | 66 ++
 test/org/apache/catalina/realm/TestRealmBase.java  | 41 --
 2 files changed, 66 insertions(+), 41 deletions(-)

diff --git a/test/org/apache/catalina/core/TestStandardWrapper.java 
b/test/org/apache/catalina/core/TestStandardWrapper.java
index 30f24c1..179cc98 100644
--- a/test/org/apache/catalina/core/TestStandardWrapper.java
+++ b/test/org/apache/catalina/core/TestStandardWrapper.java
@@ -18,6 +18,7 @@ package org.apache.catalina.core;
 
 import java.io.File;
 import java.io.IOException;
+import java.security.Principal;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -48,6 +49,7 @@ import org.junit.Test;
 import org.apache.catalina.Context;
 import org.apache.catalina.Wrapper;
 import org.apache.catalina.authenticator.BasicAuthenticator;
+import org.apache.catalina.realm.MessageDigestCredentialHandler;
 import org.apache.catalina.startup.TesterMapRealm;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.catalina.startup.TomcatBaseTest;
@@ -235,6 +237,70 @@ public class TestStandardWrapper extends TomcatBaseTest {
 Assert.assertTrue(bc.toString().contains("00-OK"));
 }
 
+@Test
+public void testRoleMappingInEngine() throws Exception {
+doTestRoleMapping("engine");
+}
+
+@Test
+public void testRoleMappingInHost() throws Exception {
+doTestRoleMapping("host");
+}
+
+@Test
+public void testRoleMappingInContext() throws Exception {
+doTestRoleMapping("context");
+}
+
+private void doTestRoleMapping(String realmContainer)
+throws Exception {
+// Setup Tomcat instance
+Tomcat tomcat = getTomcatInstance();
+
+// No file system docBase required
+Context ctx = tomcat.addContext("", null);
+ctx.addRoleMapping("testRole2", "very-complex-role-name");
+// We won't map testRole3 to "another-very-complex-role-name" to make 
it fail
+// intentionally
+
+Wrapper wrapper = Tomcat.addServlet(ctx, "servlet", 
TestServlet.class.getName());
+ctx.addServletMappingDecoded("/", "servlet");
+
+TesterMapRealm realm = new TesterMapRealm();
+MessageDigestCredentialHandler ch = new 
MessageDigestCredentialHandler();
+ch.setAlgorithm("SHA");
+realm.setCredentialHandler(ch);
+
+/* Attach the realm to the appropriate container, but role mapping 
must succeed always
+ * because it is evaluated at context level later.
+ */
+if (realmContainer.equals("engine")) {
+tomcat.getEngine().setRealm(realm);
+} else if (realmContainer.equals("host")) {
+tomcat.getHost().setRealm(realm);
+} else if (realmContainer.equals("context")) {
+ctx.setRealm(realm);
+} else {
+throw new IllegalArgumentException("realmContainer is invalid");
+}
+
+realm.addUser("testUser", ch.mutate("testPwd"));
+realm.addUserRole("testUser", "testRole1");
+realm.addUserRole("testUser", "very-complex-role-name");
+realm.addUserRole("testUser", "another-very-complex-role-name");
+
+tomcat.start();
+
+Principal p = realm.authenticate("testUser", "testPwd");
+
+Assert.assertNotNull(p);
+Assert.assertEquals("testUser", p.getName());
+Assert.assertTrue(realm.hasRole(wrapper, p, "testRole1"));
+Assert.assertTrue(realm.hasRole(wrapper, p, "testRole2"));
+Assert.assertTrue(realm.hasRole(wrapper, p, "very-complex-role-name"));
+Assert.assertFalse(realm.hasRole(wrapper, p, "testRole3"));
+}
+
 private void doTestSecurityAnnotationsAddServlet(boolean useCreateServlet)
 throws Exception {
 
diff --git a/test/org/apache/catalina/realm/TestRealmBase.java 
b/test/org/apache/catalina/realm/TestRealmBase.java
index b4d35fb..a2c013d 100644
--- a/test/org/apache/catalina/realm/TestRealmBase.java
+++ b/test/org/apache/catalina/realm/TestRealmBase.java
@@ -791,45 +791,4 @@ public class TestRealmBase {
 Assert.assertFalse(mapRealm.hasResourcePermission(
 request, response, constraintsDelete, null));
 }
-
-@Test
-public void testRoleMapping() throws Exception {
-Context context = new TesterContext() {
-private Map roleMapping = new HashMap<>();
-
-public void

Re: [tomcat] 02/02: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63285

2019-08-12 Thread Mark Thomas 


>> How about this as a modified approach:
> 
>> - Keep renaming back to Tomcat9[w].exe on remove. That won't
>> impact existing service.bat users but will help users that install
>> via the installer (e.g. they'll be able to change the service
>> name).
> 
> Aha. I'm sure that has something to do with the answer to "who is
> broken" question.
> 
>> - Change the option to --rename and only rename on install when 
>> explicitly requested. Current service.bat users would be
>> unaffected and installer users would need to use this option if
>> they used service.bat to uninstall and reinstall the service (e.g.
>> to rename it)
> 
> I think I like the --no-rename -> --rename option is the best because
> it makes the smallest change. Only currently-affected users will need
> to modify their behavior, instead of most users having to modify their
> behavior.
> 
>> That should fix the reported issue while removing the impact on
>> the existing service.bat users.
> 
>> Thoughts?
> 
>> Mark
> 
> 
>> P.S. I know the 9.0.x and 8.5.x tags are overdue but I'd rather
>> wait a few more days to make sure we are happy with this change
>> before tagging and committing us to an approach.
> 
> +1
> 
> I wouldn't want to put out a release where the rules are different
> from every other release if we are going to change --no-rename ->
> --rename.
> 
> In case it's not clear, I'm fully in favor of changing --no-rename ->
> --rename instead of the current patch.

Done.

I have a few bits and pieces I want to look at before the tag so I
probably won't tag until tomorrow / Wednesday.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 7.0.x updated: Refactor fix for BZ 63285 so .exe rename is on request not by default

2019-08-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/7.0.x by this push:
 new 853e1af  Refactor fix for BZ 63285 so .exe rename is on request not by 
default
853e1af is described below

commit 853e1afa1ead77b3b2aab332a5b71c484e4ab55d
Author: Mark Thomas 
AuthorDate: Mon Aug 12 11:51:16 2019 +0100

Refactor fix for BZ 63285 so .exe rename is on request not by default
---
 bin/service.bat| 12 ++--
 webapps/docs/changelog.xml | 18 +-
 webapps/docs/windows-service-howto.xml |  8 
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/bin/service.bat b/bin/service.bat
index 6105b15..0aee372 100755
--- a/bin/service.bat
+++ b/bin/service.bat
@@ -17,7 +17,7 @@ rem limitations under the License.
 rem ---
 rem NT Service Install/Uninstall script
 rem
-rem Usage: service.bat install/remove [service_name [--no-rename]] [--user 
username]
+rem Usage: service.bat install/remove [service_name [--rename]] [--user 
username]
 rem
 rem Options
 rem install Install the service using default settings.
@@ -26,7 +26,7 @@ rem
 rem service_name (optional) The name to use for the service. If not specified,
 rem Tomcat@VERSION_MAJOR@ is used as the service name.
 rem
-rem --no-rename  (optional) Don't rename tomcat@VERSION_MAJOR@.exe and 
tomcat@version_ma...@w.exe to match
+rem --rename (optional) Rename tomcat@VERSION_MAJOR@.exe and 
tomcat@version_ma...@w.exe to match
 rem the non-default service name.
 rem
 rem username (optional) The name of the OS user to use to install/remove
@@ -55,8 +55,8 @@ if "x%1x" == "x--userx" goto runAsUser
 set SERVICE_NAME=%1
 shift
 if "x%1x" == "xx" goto checkEnv
-if "x%1x" == "x--no-renamex" (
-set NO_RENAME=%1
+if "x%1x" == "x--renamex" (
+set RENAME=%1
 shift
 )
 if "x%1x" == "xx" goto checkEnv
@@ -153,7 +153,7 @@ if /i %SERVICE_CMD% == uninstall goto doRemove
 echo Unknown parameter "%SERVICE_CMD%"
 :displayUsage
 echo.
-echo Usage: service.bat install/remove [service_name [--no-rename]] [--user 
username]
+echo Usage: service.bat install/remove [service_name [--rename]] [--user 
username]
 goto end
 
 :doRemove
@@ -201,7 +201,7 @@ if "%JvmMs%" == "" set JvmMs=128
 if "%JvmMx%" == "" set JvmMx=256
 
 if exist "%CATALINA_HOME%\bin\%DEFAULT_SERVICE_NAME%.exe" (
-if "x%NO_RENAME%x" == "xx" (
+if "x%RENAME%x" == "x--renamex" (
 rename "%DEFAULT_SERVICE_NAME%.exe" "%SERVICE_NAME%.exe"
 rename "%DEFAULT_SERVICE_NAME%w.exe" "%SERVICE_NAME%w.exe"
 set "EXECUTABLE=%CATALINA_HOME%\bin\%SERVICE_NAME%.exe"
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3e260f7..8c130da 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -101,15 +101,15 @@
   
   
 
-  
-63285: Modify service.bat so that when
-installing a Windows service, by default, it changes the name of the
-executables used by the Windows service to match the service name. This
-makes the installation behaviour consistent with the Windows installer.
-The original executable names will be restored when the Windows service
-is removed. The renaming can be disabled by using the new
---no-rename option after the service name. (markt)
-  
+  
+63285: Add an option to service.bat so that 
when
+installing a Windows service, the name of the executables used by the
+Windows service may be changed to match the service name. This makes 
the
+installation behaviour consistent with the Windows installer. The
+original executable names will be restored when the Windows service is
+removed. The renaming can be enabled by using the new
+--rename option after the service name. (markt)
+  
   
 63634: Align setproxy target in build.xml with
 8.5/9.0. (michaelo)
diff --git a/webapps/docs/windows-service-howto.xml 
b/webapps/docs/windows-service-howto.xml
index 27ed780..692596c 100644
--- a/webapps/docs/windows-service-howto.xml
+++ b/webapps/docs/windows-service-howto.xml
@@ -368,12 +368,12 @@ service, as displayed in Windows services.
 C:\> service.bat install MyService
 
 When installing the service with a non-default name,
-tomcat.exe and tomcatw.exe will be renamed to
-match the chosen service name. To prevent this, use the 
--no-rename
+tomcat.exe and tomcatw.exe may be renamed to
+match the chosen service name. To do this, use the --rename
 option.
 
-Install the service named 'MyService' without renaming
-C:\> service.bat install MyService --no-rename
+Install the service named 'MyService' with renaming
+C:\> service.bat

[tomcat] branch 8.5.x updated: Refactor fix for BZ 63285 so .exe rename is on request not by default

2019-08-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 694bc81  Refactor fix for BZ 63285 so .exe rename is on request not by 
default
694bc81 is described below

commit 694bc81161bf2964846aaf2ce68a1b05208da1cb
Author: Mark Thomas 
AuthorDate: Mon Aug 12 11:51:16 2019 +0100

Refactor fix for BZ 63285 so .exe rename is on request not by default
---
 bin/service.bat| 12 ++--
 webapps/docs/changelog.xml | 18 +-
 webapps/docs/windows-service-howto.xml |  8 
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/bin/service.bat b/bin/service.bat
index 6105b15..0aee372 100755
--- a/bin/service.bat
+++ b/bin/service.bat
@@ -17,7 +17,7 @@ rem limitations under the License.
 rem ---
 rem NT Service Install/Uninstall script
 rem
-rem Usage: service.bat install/remove [service_name [--no-rename]] [--user 
username]
+rem Usage: service.bat install/remove [service_name [--rename]] [--user 
username]
 rem
 rem Options
 rem install Install the service using default settings.
@@ -26,7 +26,7 @@ rem
 rem service_name (optional) The name to use for the service. If not specified,
 rem Tomcat@VERSION_MAJOR@ is used as the service name.
 rem
-rem --no-rename  (optional) Don't rename tomcat@VERSION_MAJOR@.exe and 
tomcat@version_ma...@w.exe to match
+rem --rename (optional) Rename tomcat@VERSION_MAJOR@.exe and 
tomcat@version_ma...@w.exe to match
 rem the non-default service name.
 rem
 rem username (optional) The name of the OS user to use to install/remove
@@ -55,8 +55,8 @@ if "x%1x" == "x--userx" goto runAsUser
 set SERVICE_NAME=%1
 shift
 if "x%1x" == "xx" goto checkEnv
-if "x%1x" == "x--no-renamex" (
-set NO_RENAME=%1
+if "x%1x" == "x--renamex" (
+set RENAME=%1
 shift
 )
 if "x%1x" == "xx" goto checkEnv
@@ -153,7 +153,7 @@ if /i %SERVICE_CMD% == uninstall goto doRemove
 echo Unknown parameter "%SERVICE_CMD%"
 :displayUsage
 echo.
-echo Usage: service.bat install/remove [service_name [--no-rename]] [--user 
username]
+echo Usage: service.bat install/remove [service_name [--rename]] [--user 
username]
 goto end
 
 :doRemove
@@ -201,7 +201,7 @@ if "%JvmMs%" == "" set JvmMs=128
 if "%JvmMx%" == "" set JvmMx=256
 
 if exist "%CATALINA_HOME%\bin\%DEFAULT_SERVICE_NAME%.exe" (
-if "x%NO_RENAME%x" == "xx" (
+if "x%RENAME%x" == "x--renamex" (
 rename "%DEFAULT_SERVICE_NAME%.exe" "%SERVICE_NAME%.exe"
 rename "%DEFAULT_SERVICE_NAME%w.exe" "%SERVICE_NAME%w.exe"
 set "EXECUTABLE=%CATALINA_HOME%\bin\%SERVICE_NAME%.exe"
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b70e9fe..ac43803 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -183,15 +183,15 @@
 directory to local administrators, Local System and Local Service.
 (markt)
   
-  
-63285: Modify service.bat so that when
-installing a Windows service, by default, it changes the name of the
-executables used by the Windows service to match the service name. This
-makes the installation behaviour consistent with the Windows installer.
-The original executable names will be restored when the Windows service
-is removed. The renaming can be disabled by using the new
---no-rename option after the service name. (markt)
-  
+  
+63285: Add an option to service.bat so that 
when
+installing a Windows service, the name of the executables used by the
+Windows service may be changed to match the service name. This makes 
the
+installation behaviour consistent with the Windows installer. The
+original executable names will be restored when the Windows service is
+removed. The renaming can be enabled by using the new
+--rename option after the service name. (markt)
+  
   
 63567: Restore the passing of $LOGGING_MANAGER
 to the jvm in catalina.sh when calling stop.
diff --git a/webapps/docs/windows-service-howto.xml 
b/webapps/docs/windows-service-howto.xml
index b9215f7..c03ef92 100644
--- a/webapps/docs/windows-service-howto.xml
+++ b/webapps/docs/windows-service-howto.xml
@@ -368,12 +368,12 @@ service, as displayed in Windows services.
 C:\> service.bat install MyService
 
 When installing the service with a non-default name,
-tomcat.exe and tomcatw.exe will be renamed to
-match the chosen service name. To prevent this, use the 
--no-rename
+tomcat.exe and tomcatw.exe may be renamed to
+match the chosen service name. To do this, use the --rename
 option.
 
-Install the service named 'MyService' without renaming
-C:\>

[tomcat] branch master updated: Refactor fix for BZ 63285 so .exe rename is on request not by default

2019-08-12 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 2933e68  Refactor fix for BZ 63285 so .exe rename is on request not by 
default
2933e68 is described below

commit 2933e6860023f02214d49fd8234b2ff0e54f2b6d
Author: Mark Thomas 
AuthorDate: Mon Aug 12 11:51:16 2019 +0100

Refactor fix for BZ 63285 so .exe rename is on request not by default
---
 bin/service.bat| 12 ++--
 webapps/docs/changelog.xml | 14 +++---
 webapps/docs/windows-service-howto.xml |  8 
 3 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/bin/service.bat b/bin/service.bat
index 6105b15..0aee372 100755
--- a/bin/service.bat
+++ b/bin/service.bat
@@ -17,7 +17,7 @@ rem limitations under the License.
 rem ---
 rem NT Service Install/Uninstall script
 rem
-rem Usage: service.bat install/remove [service_name [--no-rename]] [--user 
username]
+rem Usage: service.bat install/remove [service_name [--rename]] [--user 
username]
 rem
 rem Options
 rem install Install the service using default settings.
@@ -26,7 +26,7 @@ rem
 rem service_name (optional) The name to use for the service. If not specified,
 rem Tomcat@VERSION_MAJOR@ is used as the service name.
 rem
-rem --no-rename  (optional) Don't rename tomcat@VERSION_MAJOR@.exe and 
tomcat@version_ma...@w.exe to match
+rem --rename (optional) Rename tomcat@VERSION_MAJOR@.exe and 
tomcat@version_ma...@w.exe to match
 rem the non-default service name.
 rem
 rem username (optional) The name of the OS user to use to install/remove
@@ -55,8 +55,8 @@ if "x%1x" == "x--userx" goto runAsUser
 set SERVICE_NAME=%1
 shift
 if "x%1x" == "xx" goto checkEnv
-if "x%1x" == "x--no-renamex" (
-set NO_RENAME=%1
+if "x%1x" == "x--renamex" (
+set RENAME=%1
 shift
 )
 if "x%1x" == "xx" goto checkEnv
@@ -153,7 +153,7 @@ if /i %SERVICE_CMD% == uninstall goto doRemove
 echo Unknown parameter "%SERVICE_CMD%"
 :displayUsage
 echo.
-echo Usage: service.bat install/remove [service_name [--no-rename]] [--user 
username]
+echo Usage: service.bat install/remove [service_name [--rename]] [--user 
username]
 goto end
 
 :doRemove
@@ -201,7 +201,7 @@ if "%JvmMs%" == "" set JvmMs=128
 if "%JvmMx%" == "" set JvmMx=256
 
 if exist "%CATALINA_HOME%\bin\%DEFAULT_SERVICE_NAME%.exe" (
-if "x%NO_RENAME%x" == "xx" (
+if "x%RENAME%x" == "x--renamex" (
 rename "%DEFAULT_SERVICE_NAME%.exe" "%SERVICE_NAME%.exe"
 rename "%DEFAULT_SERVICE_NAME%w.exe" "%SERVICE_NAME%w.exe"
 set "EXECUTABLE=%CATALINA_HOME%\bin\%SERVICE_NAME%.exe"
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index b65efa2..214ec60 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -213,15 +213,15 @@
 Expand the coverage and quality of the French translations provided
 with Apache Tomcat. (remm)
   
-  
-63285: Modify service.bat so that when
-installing a Windows service, by default, it changes the name of the
-executables used by the Windows service to match the service name. This
+  
+63285: Add an option to service.bat so that 
when
+installing a Windows service, the name of the executables used by the
+Windows service may be changed to match the service name. This
 makes the installation behaviour consistent with the Windows installer.
 The original executable names will be restored when the Windows service
-is removed. The renaming can be disabled by using the new
---no-rename option after the service name. (markt)
-  
+is removed. The renaming can be enabled by using the new
+--rename option after the service name. (markt)
+  
   
 63567: Restore the passing of $LOGGING_MANAGER
 to the jvm in catalina.sh when calling stop.
diff --git a/webapps/docs/windows-service-howto.xml 
b/webapps/docs/windows-service-howto.xml
index b9215f7..c03ef92 100644
--- a/webapps/docs/windows-service-howto.xml
+++ b/webapps/docs/windows-service-howto.xml
@@ -368,12 +368,12 @@ service, as displayed in Windows services.
 C:\> service.bat install MyService
 
 When installing the service with a non-default name,
-tomcat.exe and tomcatw.exe will be renamed to
-match the chosen service name. To prevent this, use the 
--no-rename
+tomcat.exe and tomcatw.exe may be renamed to
+match the chosen service name. To do this, use the --rename
 option.
 
-Install the service named 'MyService' without renaming
-C:\> service.bat install MyService --no-rename
+Install the service named 'MyService' with renaming
+C:\> service.bat install MyService --rename
 
 
 If