Final Reminder: Community Over Code call for presentations closing soon
[Note: You're receiving this email because you are subscribed to one or more project dev@ mailing lists at the Apache Software Foundation.] This is your final reminder that the Call for Presentations for Community Over Code (formerly known as ApacheCon) is closing soon - on Thursday, 13 July 2023 at 23:59:59 GMT. https://communityovercode.org/call-for-presentations/ We are looking for talk proposals on all topics related to ASF projects and open source software. The event will be held in Halifax, Nova Scotia, Octiber 7th through 10th. More details about the event may be found on the event website at https://communityovercode.org/ Rich, for the event planners - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] rmaucher commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
rmaucher commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1245704486
##
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the
context's role mapping from a properties file.
+ *
+ * This listener must only be nested within {@link Context} elements.
+ *
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.)
while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the
properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ *
+ * Note: The default value for the {@code roleMappingFile} is {@code
webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+
Review Comment:
Of course, this is a minor detail.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] michael-o commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
michael-o commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1245695672
##
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the
context's role mapping from a properties file.
+ *
+ * This listener must only be nested within {@link Context} elements.
+ *
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.)
while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the
properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ *
+ * Note: The default value for the {@code roleMappingFile} is {@code
webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+
Review Comment:
I see what you are after:
`public Resource org.apache.catalina.Context#getResource(String)` which will
probe for `webapp:` and the delegate to `ConfigFileLoader`?
I will happily add this, but it should be a separate PR after this one. Then
when the new PR is done, I can modify this listener and it will be its first
use case. Is that OK for you?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot success in on tomcat-11.0.x
Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/112/builds/457 Blamelist: remm Build Text: build successful Status Detected: restored build Build Source Stamp: [branch main] c340b6a25856c7aaab19dc492ac710142a22c954 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Pull up as default method since it avoids API compatibility issues
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new d1f0c34b18 Pull up as default method since it avoids API compatibility
issues
d1f0c34b18 is described below
commit d1f0c34b1831a1a11c9c7a3fc9d0455ca79857e0
Author: remm
AuthorDate: Wed Jun 28 21:03:13 2023 +0200
Pull up as default method since it avoids API compatibility issues
---
java/org/apache/catalina/Context.java | 22 +-
java/org/apache/catalina/core/StandardContext.java | 22 --
.../org/apache/catalina/startup/FailedContext.java | 4
test/org/apache/tomcat/unittest/TesterContext.java | 4
4 files changed, 21 insertions(+), 31 deletions(-)
diff --git a/java/org/apache/catalina/Context.java
b/java/org/apache/catalina/Context.java
index ddb29516b6..30f9f3016d 100644
--- a/java/org/apache/catalina/Context.java
+++ b/java/org/apache/catalina/Context.java
@@ -17,6 +17,8 @@
package org.apache.catalina;
import java.io.IOException;
+import java.io.InputStream;
+import java.net.URISyntaxException;
import java.net.URL;
import java.util.Locale;
import java.util.Map;
@@ -39,6 +41,7 @@ import org.apache.tomcat.util.descriptor.web.FilterDef;
import org.apache.tomcat.util.descriptor.web.FilterMap;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+import org.apache.tomcat.util.file.ConfigFileLoader;
import org.apache.tomcat.util.file.ConfigurationSource.Resource;
import org.apache.tomcat.util.http.CookieProcessor;
@@ -1982,5 +1985,22 @@ public interface Context extends Container, ContextBind {
* @return the resource
* @throws IOException if an error occurs or if the resource does not exist
*/
-Resource findConfigFileResource(String name) throws IOException;
+default Resource findConfigFileResource(String name) throws IOException {
+if (name.startsWith(WEBAPP_PROTOCOL)) {
+String path = name.substring(WEBAPP_PROTOCOL.length());
+WebResource resource = getResources().getResource(path);
+if (resource.canRead()) {
+InputStream stream = resource.getInputStream();
+try {
+return new Resource(stream, resource.getURL().toURI());
+} catch (URISyntaxException e) {
+stream.close();
+}
+}
+return null;
+} else {
+return ConfigFileLoader.getSource().getResource(name);
+}
+}
+
}
diff --git a/java/org/apache/catalina/core/StandardContext.java
b/java/org/apache/catalina/core/StandardContext.java
index b8c911a9c3..6476bf08c5 100644
--- a/java/org/apache/catalina/core/StandardContext.java
+++ b/java/org/apache/catalina/core/StandardContext.java
@@ -20,7 +20,6 @@ import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
-import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.ArrayDeque;
@@ -128,8 +127,6 @@ import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.MessageDestination;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
-import org.apache.tomcat.util.file.ConfigFileLoader;
-import org.apache.tomcat.util.file.ConfigurationSource.Resource;
import org.apache.tomcat.util.http.CookieProcessor;
import org.apache.tomcat.util.http.Rfc6265CookieProcessor;
import org.apache.tomcat.util.scan.StandardJarScanner;
@@ -3500,25 +3497,6 @@ public class StandardContext extends ContainerBase
implements Context, Notificat
}
-@Override
-public Resource findConfigFileResource(String name) throws IOException {
-if (name.startsWith(WEBAPP_PROTOCOL)) {
-String path = name.substring(WEBAPP_PROTOCOL.length());
-WebResource resource = getResources().getResource(path);
-if (resource.canRead()) {
-InputStream stream = resource.getInputStream();
-try {
-return new Resource(stream, resource.getURL().toURI());
-} catch (URISyntaxException e) {
-stream.close();
-}
-}
-return null;
-} else {
-return ConfigFileLoader.getSource().getResource(name);
-}
-}
-
/**
* Reload this web application, if reloading is supported.
*
diff --git a/java/org/apache/catalina/startup/FailedContext.java
b/java/org/apache/catalina/startup/FailedContext.java
index 62ae2f35a8..71e9e76c27 100644
--- a/java/org/apache/catalina/startup/FailedContext.java
+++ b/java/org
[GitHub] [tomcat] rmaucher commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
rmaucher commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1245631182
##
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the
context's role mapping from a properties file.
+ *
+ * This listener must only be nested within {@link Context} elements.
+ *
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.)
while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the
properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ *
+ * Note: The default value for the {@code roleMappingFile} is {@code
webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+
Review Comment:
After thinking about it for a bit, adding a helper method to the Context
interface seemed like the way to go to me. This is helpful to allow more
flexibility on location of configs that can be bundled in the webapp, and also
it makes the ConfigurationSource API a bit more visible.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Add new method in helper classes
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new c340b6a258 Add new method in helper classes
c340b6a258 is described below
commit c340b6a25856c7aaab19dc492ac710142a22c954
Author: remm
AuthorDate: Wed Jun 28 20:55:10 2023 +0200
Add new method in helper classes
---
java/org/apache/catalina/startup/FailedContext.java | 5 +
test/org/apache/tomcat/unittest/TesterContext.java | 4
2 files changed, 9 insertions(+)
diff --git a/java/org/apache/catalina/startup/FailedContext.java
b/java/org/apache/catalina/startup/FailedContext.java
index f892b61298..62ae2f35a8 100644
--- a/java/org/apache/catalina/startup/FailedContext.java
+++ b/java/org/apache/catalina/startup/FailedContext.java
@@ -18,6 +18,7 @@ package org.apache.catalina.startup;
import java.beans.PropertyChangeListener;
import java.io.File;
+import java.io.IOException;
import java.net.URL;
import java.util.Locale;
import java.util.Map;
@@ -61,6 +62,7 @@ import org.apache.tomcat.util.descriptor.web.FilterDef;
import org.apache.tomcat.util.descriptor.web.FilterMap;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+import org.apache.tomcat.util.file.ConfigurationSource.Resource;
import org.apache.tomcat.util.http.CookieProcessor;
import org.apache.tomcat.util.res.StringManager;
@@ -850,4 +852,7 @@ public class FailedContext extends LifecycleMBeanBase
implements Context {
public boolean getParallelAnnotationScanning() { return false; }
@Override
public void setParallelAnnotationScanning(boolean
parallelAnnotationScanning) {}
+
+@Override
+public Resource findConfigFileResource(String name) throws IOException {
return null; }
}
\ No newline at end of file
diff --git a/test/org/apache/tomcat/unittest/TesterContext.java
b/test/org/apache/tomcat/unittest/TesterContext.java
index 9c2e10754c..d906b60010 100644
--- a/test/org/apache/tomcat/unittest/TesterContext.java
+++ b/test/org/apache/tomcat/unittest/TesterContext.java
@@ -18,6 +18,7 @@ package org.apache.tomcat.unittest;
import java.beans.PropertyChangeListener;
import java.io.File;
+import java.io.IOException;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
@@ -64,6 +65,7 @@ import org.apache.tomcat.util.descriptor.web.FilterDef;
import org.apache.tomcat.util.descriptor.web.FilterMap;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+import org.apache.tomcat.util.file.ConfigurationSource.Resource;
import org.apache.tomcat.util.http.CookieProcessor;
/**
@@ -1321,4 +1323,6 @@ public class TesterContext implements Context {
@Override
public void setMetadataComplete(boolean metadataComplete) { /* NO-OP */ }
+@Override
+public Resource findConfigFileResource(String name) throws IOException {
return null; }
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot failure in on tomcat-11.0.x
Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/112/builds/456 Blamelist: remm Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch main] 3d41f33af2aaa8af97ea45c2e2d0776f870ab073 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 2 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Add utlity config file resource lookup
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 3d41f33af2 Add utlity config file resource lookup
3d41f33af2 is described below
commit 3d41f33af2aaa8af97ea45c2e2d0776f870ab073
Author: remm
AuthorDate: Wed Jun 28 20:49:21 2023 +0200
Add utlity config file resource lookup
Located on Context to allow looking up resources from the webapp
(prefixed with "webapp:") and make the resource lookup API more visible.
---
java/org/apache/catalina/Context.java | 20
java/org/apache/catalina/core/StandardContext.java | 22 ++
webapps/docs/changelog.xml | 6 ++
3 files changed, 48 insertions(+)
diff --git a/java/org/apache/catalina/Context.java
b/java/org/apache/catalina/Context.java
index 928c1bfcd0..ddb29516b6 100644
--- a/java/org/apache/catalina/Context.java
+++ b/java/org/apache/catalina/Context.java
@@ -16,6 +16,7 @@
*/
package org.apache.catalina;
+import java.io.IOException;
import java.net.URL;
import java.util.Locale;
import java.util.Map;
@@ -38,6 +39,7 @@ import org.apache.tomcat.util.descriptor.web.FilterDef;
import org.apache.tomcat.util.descriptor.web.FilterMap;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+import org.apache.tomcat.util.file.ConfigurationSource.Resource;
import org.apache.tomcat.util.http.CookieProcessor;
/**
@@ -84,6 +86,11 @@ public interface Context extends Container, ContextBind {
String CHANGE_SESSION_ID_EVENT = "changeSessionId";
+/**
+ * Prefix for resource lookup.
+ */
+String WEBAPP_PROTOCOL = "webapp:";
+
// - Properties
/**
@@ -1963,4 +1970,17 @@ public interface Context extends Container, ContextBind {
* @param dispatcherWrapsSameObject the new flag value
*/
void setDispatcherWrapsSameObject(boolean dispatcherWrapsSameObject);
+
+
+/**
+ * Find configuration file with the specified path, first looking into the
+ * webapp resources, then delegating to
+ * ConfigFileLoader.getSource().getResource. The
+ * WEBAPP_PROTOCOL constant prefix is used to denote webapp
+ * resources.
+ * @param name The resource name
+ * @return the resource
+ * @throws IOException if an error occurs or if the resource does not exist
+ */
+Resource findConfigFileResource(String name) throws IOException;
}
diff --git a/java/org/apache/catalina/core/StandardContext.java
b/java/org/apache/catalina/core/StandardContext.java
index 6476bf08c5..b8c911a9c3 100644
--- a/java/org/apache/catalina/core/StandardContext.java
+++ b/java/org/apache/catalina/core/StandardContext.java
@@ -20,6 +20,7 @@ import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
+import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.ArrayDeque;
@@ -127,6 +128,8 @@ import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.MessageDestination;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+import org.apache.tomcat.util.file.ConfigFileLoader;
+import org.apache.tomcat.util.file.ConfigurationSource.Resource;
import org.apache.tomcat.util.http.CookieProcessor;
import org.apache.tomcat.util.http.Rfc6265CookieProcessor;
import org.apache.tomcat.util.scan.StandardJarScanner;
@@ -3497,6 +3500,25 @@ public class StandardContext extends ContainerBase
implements Context, Notificat
}
+@Override
+public Resource findConfigFileResource(String name) throws IOException {
+if (name.startsWith(WEBAPP_PROTOCOL)) {
+String path = name.substring(WEBAPP_PROTOCOL.length());
+WebResource resource = getResources().getResource(path);
+if (resource.canRead()) {
+InputStream stream = resource.getInputStream();
+try {
+return new Resource(stream, resource.getURL().toURI());
+} catch (URISyntaxException e) {
+stream.close();
+}
+}
+return null;
+} else {
+return ConfigFileLoader.getSource().getResource(name);
+}
+}
+
/**
* Reload this web application, if reloading is supported.
*
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6d58f1ceb2..537749e57a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -117,6 +117,12 @@
if the web applications were deliberately crafted to allow it
[Bug 66659] Tomcat does not send FIN message upon request by client to close TCP connection
https://bz.apache.org/bugzilla/show_bug.cgi?id=66659 Mark Thomas changed: What|Removed |Added OS||All --- Comment #1 from Mark Thomas --- The issue is that Tomcat won't see the effects of the FIN until it tries to read from the socket. That won't happen until Tomcat tries to read the next request. And that will never happen as with SSE the current response (effectively) never ends so Tomcat never gets as far as trying to read the next request. If Tomcat tried to read earlier then it should see the FIN and be able to act on it but handling the results of that early read when there is pipe-lined HTTP data is going to be "interesting". Architecturally I'm not even sure that it is possible to fix this for HTTP/1.1. I have a few ideas but they involve extensive low-level changes and I haven't fully thought through the concurrency issues involved. A simpler solution (and quicker for you to implement) should be switching to HTTP/2. The multiplexing nature of HTTP/2 means that Tomcat is, effectively, always trying to read the input and will see the close of either the stream or the connection. Switching to WebSocket is another option but one that is almost certainly rather more work for you. I'm leaning towards closing this as WONTFIX but I'll leave it open for now to allow others to comment. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66669] JVM crash in APR mode
https://bz.apache.org/bugzilla/show_bug.cgi?id=9 --- Comment #6 from Christopher Schultz --- Also, the native backtrace would be helpful (it should be found in the hs_pid_.txt file generated on crash). If you were able to inspect with gdb, anything you found in there would be helpful as well. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66669] JVM crash in APR mode
https://bz.apache.org/bugzilla/show_bug.cgi?id=9 Mark Thomas changed: What|Removed |Added Severity|critical|normal --- Comment #5 from Mark Thomas --- Reduce severity to normal. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66669] JVM crash in APR mode
https://bz.apache.org/bugzilla/show_bug.cgi?id=9 Mark Thomas changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #4 from Mark Thomas --- To investigate this further we need a test case that reproduces the crash reliably enough for us to be able to debug it. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66669] JVM crash in APR mode
https://bz.apache.org/bugzilla/show_bug.cgi?id=9 --- Comment #3 from Michael Osipov --- Can you reliably reproduce the issue? What OS are you using? I haven't seen so many crashes with APR for the past 10 years in such a short time frame. Especially #setSocketOptions() is weird. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] michael-o commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
michael-o commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1245197279
##
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the
context's role mapping from a properties file.
+ *
+ * This listener must only be nested within {@link Context} elements.
+ *
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.)
while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the
properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ *
+ * Note: The default value for the {@code roleMappingFile} is {@code
webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+
Review Comment:
> Ok. I tried to find a spot to add a new call in the configuration source
for a "public Resource getResource(Context context, String name)" but IMO this
doesn't add anything and also there's no ideal spot for that.
Correct, I would consider improving the `ConfigurationSource` a separate
discussion which should not be solved here. If the class is being improved, I'd
be happy to skim this class after that.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] rmaucher commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
rmaucher commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1245185858
##
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the
context's role mapping from a properties file.
+ *
+ * This listener must only be nested within {@link Context} elements.
+ *
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.)
while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the
properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ *
+ * Note: The default value for the {@code roleMappingFile} is {@code
webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+
Review Comment:
Ok. I tried to find a spot to add a new call in the configuration source for
a "public Resource getResource(Context context, String name)" but IMO this
doesn't add anything and also there's no ideal spot for that.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66669] JVM crash in APR mode
https://bz.apache.org/bugzilla/show_bug.cgi?id=9 --- Comment #2 from Mark Thomas --- Note: The APR/Tomcat Native HTTP and AJP connectors are deprecated in Tomcat 9 and have been removed in Tomcat 10.1.x onwards. You have plenty of time before 9.0.x reaches End-Of-Life but you might want to switch to one of the alternatives sooner rather than later. The NIO connector with OpenSSLImplementation is probably a good option. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Fix formatting and copy/paste error
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 91d3d59727 Fix formatting and copy/paste error
91d3d59727 is described below
commit 91d3d5972737cee7ece90fc0672bc4842130ea72
Author: Mark Thomas
AuthorDate: Wed Jun 28 12:33:59 2023 +0100
Fix formatting and copy/paste error
---
java/jakarta/el/OptionalELResolver.java | 22 +-
1 file changed, 9 insertions(+), 13 deletions(-)
diff --git a/java/jakarta/el/OptionalELResolver.java
b/java/jakarta/el/OptionalELResolver.java
index 6f9c3da73f..95eb1c5323 100644
--- a/java/jakarta/el/OptionalELResolver.java
+++ b/java/jakarta/el/OptionalELResolver.java
@@ -21,32 +21,27 @@ import java.util.Optional;
/**
* Defines property resolution behaviour on {@link Optional}s.
- *
*
* This resolver handles base objects that are instances of {@link Optional}.
- *
*
* If the {@link Optional#isEmpty()} is {@code true} for the base object and
the property is {@code null} then the
* resulting value is {@code null}.
- *
*
* If the {@link Optional#isEmpty()} is {@code true} for the base object and
the property is not {@code null} then the
* resulting value is the base object (an empty {@link Optional}).
- *
*
* If the {@link Optional#isPresent()} is {@code true} for the base object and
the property is {@code null} then the
* resulting value is the result of calling {@link Optional#get()} on the base
object.
- *
*
* If the {@link Optional#isPresent()} is {@code true} for the base object and
the property is not {@code null} then the
* resulting value is the result of calling {@link
ELResolver#getValue(ELContext, Object, Object)} using the
* {@link ELResolver} obtained from {@link ELContext#getELResolver()} with the
following parameters:
*
* The {@link ELContext} is the current context
- * The base object is the result of calling {@link Optional#get()} on the
current base object
+ * The base object is the result of calling {@link Optional#get()} on the
current base object
+ *
* The property object is the current property object
*
- *
*
* This resolver is always a read-only resolver.
*/
@@ -77,9 +72,9 @@ public class OptionalELResolver extends ELResolver {
return null;
}
+
/**
* {@inheritDoc}
- *
*
* If the base object is an {@link Optional} this method always returns
{@code null} since instances of this
* resolver are always read-only.
@@ -95,9 +90,9 @@ public class OptionalELResolver extends ELResolver {
return null;
}
+
/**
* {@inheritDoc}
- *
*
* If the base object is an {@link Optional} this method always throws a
{@link PropertyNotWritableException} since
* instances of this resolver are always read-only.
@@ -112,9 +107,9 @@ public class OptionalELResolver extends ELResolver {
}
}
+
/**
* {@inheritDoc}
- *
*
* If the base object is an {@link Optional} this method always returns
{@code true} since instances of this
* resolver are always read-only.
@@ -131,9 +126,9 @@ public class OptionalELResolver extends ELResolver {
return false;
}
+
/**
* {@inheritDoc}
- *
*
* If the base object is an {@link Optional} this method always returns
{@code Object.class}.
*/
@@ -146,6 +141,7 @@ public class OptionalELResolver extends ELResolver {
return null;
}
+
@Override
public T convertToType(ELContext context, Object obj, Class type) {
Objects.requireNonNull(context);
@@ -168,8 +164,8 @@ public class OptionalELResolver extends ELResolver {
return result;
} catch (ELException e) {
/*
- * TODO: This isn't pretty but it works. Significant
refactoring would be required to avoid the
- * exception. See also OptionalELResolver.convertToType().
+ * TODO: This isn't pretty but it works. Significant
refactoring would be required to avoid the
+ * exception. See also Util.isCoercibleFrom().
*/
}
} else {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Implement java.util.Optional support for the EL 6.0 API
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 6c8b2d1e0a Implement java.util.Optional support for the EL 6.0 API
6c8b2d1e0a is described below
commit 6c8b2d1e0aeeae2e2a5dda946360ff626bd79ad6
Author: Mark Thomas
AuthorDate: Wed Jun 28 12:18:53 2023 +0100
Implement java.util.Optional support for the EL 6.0 API
See also:
https://github.com/jakartaee/expression-language/issues/176
---
java/jakarta/el/OptionalELResolver.java | 182
java/jakarta/el/Util.java| 6 +-
test/jakarta/el/TestOptionalELResolver.java | 210 +++
test/jakarta/el/TestOptionalELResolverInJsp.java | 87 ++
test/jakarta/el/TesterBeanA.java | 33
test/jakarta/el/TesterBeanB.java | 35
test/webapp/el-optional.jsp | 48 ++
webapps/docs/changelog.xml | 10 ++
8 files changed, 609 insertions(+), 2 deletions(-)
diff --git a/java/jakarta/el/OptionalELResolver.java
b/java/jakarta/el/OptionalELResolver.java
new file mode 100644
index 00..6f9c3da73f
--- /dev/null
+++ b/java/jakarta/el/OptionalELResolver.java
@@ -0,0 +1,182 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package jakarta.el;
+
+import java.util.Objects;
+import java.util.Optional;
+
+/**
+ * Defines property resolution behaviour on {@link Optional}s.
+ *
+ *
+ * This resolver handles base objects that are instances of {@link Optional}.
+ *
+ *
+ * If the {@link Optional#isEmpty()} is {@code true} for the base object and
the property is {@code null} then the
+ * resulting value is {@code null}.
+ *
+ *
+ * If the {@link Optional#isEmpty()} is {@code true} for the base object and
the property is not {@code null} then the
+ * resulting value is the base object (an empty {@link Optional}).
+ *
+ *
+ * If the {@link Optional#isPresent()} is {@code true} for the base object and
the property is {@code null} then the
+ * resulting value is the result of calling {@link Optional#get()} on the base
object.
+ *
+ *
+ * If the {@link Optional#isPresent()} is {@code true} for the base object and
the property is not {@code null} then the
+ * resulting value is the result of calling {@link
ELResolver#getValue(ELContext, Object, Object)} using the
+ * {@link ELResolver} obtained from {@link ELContext#getELResolver()} with the
following parameters:
+ *
+ * The {@link ELContext} is the current context
+ * The base object is the result of calling {@link Optional#get()} on the
current base object
+ * The property object is the current property object
+ *
+ *
+ *
+ * This resolver is always a read-only resolver.
+ */
+public class OptionalELResolver extends ELResolver {
+
+@Override
+public Object getValue(ELContext context, Object base, Object property) {
+Objects.requireNonNull(context);
+
+if (base instanceof Optional) {
+context.setPropertyResolved(base, property);
+if (((Optional) base).isEmpty()) {
+if (property == null) {
+return null;
+} else {
+return base;
+}
+} else {
+if (property == null) {
+return ((Optional) base).get();
+} else {
+Object resolvedBase = ((Optional) base).get();
+return context.getELResolver().getValue(context,
resolvedBase, property);
+}
+}
+}
+
+return null;
+}
+
+/**
+ * {@inheritDoc}
+ *
+ *
+ * If the base object is an {@link Optional} this method always returns
{@code null} since instances of this
+ * resolver are always read-only.
+ */
+@Override
+public Class getType(ELContext context, Object base, Object property) {
+Objects.requireNonNull(context);
+
+if (base instanceof Optional) {
+context.setPropertyResolved(base, property);
+}
+
[GitHub] [tomcat] michael-o commented on pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
michael-o commented on PR #631: URL: https://github.com/apache/tomcat/pull/631#issuecomment-1611149722 @rmaucher @markt-asf Incorporated your comments. Please have a look again. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] michael-o commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
michael-o commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244995761
##
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the
context's role mapping from a properties file.
+ *
+ * This listener must only be nested within {@link Context} elements.
+ *
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.)
while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the
properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ *
+ * Note: The default value for the {@code roleMappingFile} is {@code
webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+
Review Comment:
> > > This creates a new scheme for naming configuration files. It should
instead use the `ConfigFileLoader` and `ConfigurationSource`. They would need
extending to include web application relative resources as they currently only
support absolute file, files relative to $CATALINA_BASE, classpath and URI.
> >
> >
> > @markt-asf While looking into this, I understand how the system works
how `classpath:` is registered with the JVM, hoping that it will use the
webapp's classpath, but I fail to see how to provide the `Context` to
`org.apache.tomcat.util.file.ConfigFileLoader.getSource()` without modifing it.
Any pointers I could evaluate? I could of course first look into servlet
context and then if not found pass to the `ConfigFileLoader`... (chaining
basically)
>
> Ok, so since the multiple location options are useful, then you can use
the configuration source instead of the last fallback after checking for the
webapp: prefix (I would argue "ok keep this one, but the other classpath prefix
is then overkill"). The configuration source is a server level setting and so
would have trouble accessing the Context object itself.
Right, this is exactly what I do not. Let me also update the docs and push
the branch.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] rmaucher commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
rmaucher commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244989146
##
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the
context's role mapping from a properties file.
+ *
+ * This listener must only be nested within {@link Context} elements.
+ *
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.)
while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the
properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ *
+ * Note: The default value for the {@code roleMappingFile} is {@code
webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+
Review Comment:
> > This creates a new scheme for naming configuration files. It should
instead use the `ConfigFileLoader` and `ConfigurationSource`. They would need
extending to include web application relative resources as they currently only
support absolute file, files relative to $CATALINA_BASE, classpath and URI.
>
> @markt-asf While looking into this, I understand how the system works how
`classpath:` is registered with the JVM, hoping that it will use the webapp's
classpath, but I fail to see how to provide the `Context` to
`org.apache.tomcat.util.file.ConfigFileLoader.getSource()` without modifing it.
Any pointers I could evaluate? I could of course first look into servlet
context and then if not found pass to the `ConfigFileLoader`... (chaining
basically)
Ok, so since the multiple location options are useful, then you can use the
configuration source instead of the last fallback after checking for the
webapp: prefix (I would argue "ok keep this one, but the other classpath prefix
is then overkill"). The configuration source is a server level setting and so
would have trouble accessing the Context object itself.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] michael-o commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
michael-o commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244917856
##
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the
context's role mapping from a properties file.
+ *
+ * This listener must only be nested within {@link Context} elements.
+ *
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.)
while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the
properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ *
+ * Note: The default value for the {@code roleMappingFile} is {@code
webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+
Review Comment:
> This creates a new scheme for naming configuration files. It should
instead use the `ConfigFileLoader` and `ConfigurationSource`. They would need
extending to include web application relative resources as they currently only
support absolute file, files relative to $CATALINA_BASE, classpath and URI.
@markt-asf While looking into this, I understand how the system works how
`classpath:` is registered with the JVM, hoping that it will use the webapp's
classpath, but I fail to see how to provide the `Context` to
`org.apache.tomcat.util.file.ConfigFileLoader.getSource()` without modifing it.
Any pointers I could evaluate? I could of course first look into servlet
context and then if not found pass to the `ConfigFileLoader`... (chaining
basically)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] michael-o commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
michael-o commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244917856
##
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the
context's role mapping from a properties file.
+ *
+ * This listener must only be nested within {@link Context} elements.
+ *
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.)
while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the
properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ *
+ * Note: The default value for the {@code roleMappingFile} is {@code
webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+
Review Comment:
> This creates a new scheme for naming configuration files. It should
instead use the `ConfigFileLoader` and `ConfigurationSource`. They would need
extending to include web application relative resources as they currently only
support absolute file, files relative to $CATALINA_BASE, classpath and URI.
@markt-asf While looking into this, I understand how the system works how
`classpath:` is registered with the JVM, hoping that it will use the webapp's
classpath, but I fail to see how to provide the `Context` to
`org.apache.tomcat.util.file.ConfigFileLoader.getSource()` without modifing it.
Any pointers I could evaluate? I could of course first look into servlet
context and then if not found pass to the `ConfigFileLoader`...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] michael-o commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
michael-o commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244891581
##
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the
context's role mapping from a properties file.
+ *
+ * This listener must only be nested within {@link Context} elements.
+ *
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.)
while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the
properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ *
+ * Note: The default value for the {@code roleMappingFile} is {@code
webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+
Review Comment:
> This creates a new scheme for naming configuration files. It should
instead use the `ConfigFileLoader` and `ConfigurationSource`. They would need
extending to include web application relative resources as they currently only
support absolute file, files relative to $CATALINA_BASE, classpath and URI.
Correct, that is a problem. I didn't know what features are available to
make this happen. Let me look into the mention files.
##
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the
context's role mapping from a properties file.
+ *
+ * This listener must only be nested within {@link Context} elements.
+ *
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.)
while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the
properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ *
+ * Note: The default value for the {@code roleMappingFile} is {@code
webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+private static final String WEBAPP_RESOURCE_PREFIX = "webapp
[GitHub] [tomcat] michael-o commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
michael-o commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244891581
##
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the
context's role mapping from a properties file.
+ *
+ * This listener must only be nested within {@link Context} elements.
+ *
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.)
while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the
properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ *
+ * Note: The default value for the {@code roleMappingFile} is {@code
webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+
Review Comment:
> This creates a new scheme for naming configuration files. It should
instead use the `ConfigFileLoader` and `ConfigurationSource`. They would need
extending to include web application relative resources as they currently only
support absolute file, files relative to $CATALINA_BASE, classpath and URI.
Correct, that is a problem. I didn't now what features are available to make
this happen. Let me look into the mention files.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] michael-o commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
michael-o commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244890559
##
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the
context's role mapping from a properties file.
+ *
+ * This listener must only be nested within {@link Context} elements.
+ *
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.)
while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the
properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ *
+ * Note: The default value for the {@code roleMappingFile} is {@code
webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+
Review Comment:
> In the specific case of this feature, it seems the only "real" location
that makes sense would be the default one anyway. So I would simply remove the
option to have it in random places and be done with it.
I disagree, see my explanation below.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] michael-o commented on pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
michael-o commented on PR #631: URL: https://github.com/apache/tomcat/pull/631#issuecomment-1611007682 > I like the idea of exposing this feature. I'm somewhat surprised that it isn't part of the specification but, unless I am reading the XSDs incorrectly, the spec only defines role-mapping on a per Servlet basis which seems odd to me. Correct and I consider the per-Servlet one as unusable if you have tens of them. > I'm not convinced an extra file configuration is necessary. This looks like something that could be a nested element in the context.xml file and implemented with an extra digester rule. Both should be possible because the file could be in the classpath which contains more than just the mapping. Just being int he context.xml it not available to the actual application, but just some Tomcat. In a future revision the source could be done flexible. At least in my usecase, having it in context.xml would force me to duplicate the mapping and that is unacceptable. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] rmaucher commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
rmaucher commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244881448
##
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the
context's role mapping from a properties file.
+ *
+ * This listener must only be nested within {@link Context} elements.
+ *
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.)
while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the
properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ *
+ * Note: The default value for the {@code roleMappingFile} is {@code
webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+
Review Comment:
In the specific case of this feature, it seems the only "real" location that
makes sense would be the default one anyway. So I would simply remove the
option to have it in random places and be done with it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] markt-asf commented on a diff in pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
markt-asf commented on code in PR #631:
URL: https://github.com/apache/tomcat/pull/631#discussion_r1244833991
##
java/org/apache/catalina/core/PropertiesRoleMappingListener.java:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.core;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.Properties;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleEvent;
+import org.apache.catalina.LifecycleListener;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
+
+/**
+ * Implementation of {@code LifecycleListener} that will populate the
context's role mapping from a properties file.
+ *
+ * This listener must only be nested within {@link Context} elements.
+ *
+ * The keys represent application roles (e.g., admin, user, uservisor, etc.)
while the values represent technical roles
+ * (e.g., DNs, SIDs, UUIDs, etc.). A key can also be prefixed if, e.g., the
properties file contains generic
+ * application configuration as well: {@code app-roles.}.
+ *
+ * Note: The default value for the {@code roleMappingFile} is {@code
webapp:/WEB-INF/role-mapping.properties}.
+ */
+public class PropertiesRoleMappingListener implements LifecycleListener {
+
+private static final String WEBAPP_RESOURCE_PREFIX = "webapp:";
+private static final String CLASSPATH_RESOURCE_PREFIX = "classpath:";
+
Review Comment:
This creates a new scheme for naming configuration files. It should instead
use the `ConfigFileLoader` and `ConfigurationSource`. They would need extending
to include web application relative resources as they currently only support
absolute file, files relative to $CATALINA_BASE, classpath and URI.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] michael-o commented on pull request #631: Bug 66665: Provide option to supply role mapping from a properties file
michael-o commented on PR #631: URL: https://github.com/apache/tomcat/pull/631#issuecomment-1610892466 If there are no objections, I will merge this week. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66670] Add SSLHostConfig#certificateKeyPasswordFile
https://bz.apache.org/bugzilla/show_bug.cgi?id=66670 --- Comment #7 from Michael Osipov --- So, you guys don't see a need for such a feature? Yeah, we all know that are workarounds/solutions, but they (completely) lack documentation and ease of access. Chris, of course in my I can read the file myself, but this can basically apply to everything which is text-based, no? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat-native] branch 1.2.x updated: Align default pass phrase prompt with HTTPd
On 2023/06/27 18:53:05 Christopher Schultz wrote: > Michael, > > On 6/27/23 12:55, Michael Osipov wrote: > > On 2023/06/27 14:44:46 Christopher Schultz wrote: > >> Michael, > >> > >> On 6/27/23 10:37, Michael Osipov wrote: > >>> On 2023/06/27 14:13:37 Christopher Schultz wrote: > Michael, > > On 6/27/23 04:06, Michael Osipov wrote: > > Chris, > > > > On 2023/06/26 19:50:39 Christopher Schultz wrote: > >> Michael, > >> On 6/26/23 13:11, micha...@apache.org wrote: > >>> This is an automated email from the ASF dual-hosted git repository. > >>> > >>> michaelo pushed a commit to branch 1.2.x > >>> in repository https://gitbox.apache.org/repos/asf/tomcat-native.git > >>> > >>> > >>> The following commit(s) were added to refs/heads/1.2.x by this push: > >>> new 8049561c8 Align default pass phrase prompt with HTTPd > >>> 8049561c8 is described below > >>> > >>> commit 8049561c86c3270b86dfd484fd07f1e8627d6b41 > >>> Author: Michael Osipov > >>> AuthorDate: Mon Jun 26 18:05:40 2023 +0200 > >>> > >>> Align default pass phrase prompt with HTTPd > >> > >> I'm close to a -1 on this, ant it entirely comes down to something > >> stupid that people should definitely NOT do, but they probably actually > >> do: script the injection of a password into the startup process because > >> #securityReasons and their startup process looks specifically for the > >> text "Enter password". > >> > >> Think expect(1) or similar being used to enter a password automatically > >> when, really, the password should not be required for an automated > >> process. > >> > >> I think I'm okay with changing this for 2.x but 1.x is just too set in > >> its ways at this point. > > > > I think you are misunderstanding something here. There is no functional > > change. The pass phrase popup has always been there. All I did is to > > align the message prompt, nothing else. If you want a decent solution > > one needs to port the SSLPassPhraseDialog from mod_ssl. I took a look, > > a lot of work, mostly not work the pain. The pass phrase prompt is only > > relevant when you start interactively from the terminal, if your > > process starts detached, it won't work anyway. I have tried here on > > HP-UX and FreeBSD, both failed because stdin is not connected to a tty. > > > > Can you re-explain your position based on these, new facts? > > No new facts, here, and I totally understand what you have done: change > the text "only". > > But, expect(1) literally expects specific text. If I have a script that > says: > > === > expect "Enter password :" > > send $password > === > > Then my script stops working because "Enter password :" has changed to > "Enter pass phrase:". > > So after umpteen years, the text is changing and that could break 20 > years of scripts written for that specific text. > > I have not actually tried using expect(1) with this prompt. Does it > actually fail? The whole point of expect(1) is to simulate a console and > provide input to the process, so I suspect that it will work for the > same reasons it's worked for the past 30 years. > > Did you actually try using expect(1), if did you just "nohup catalina.sh > run" or something similar? > >>> > >>> I think you have the point here. As written, I tried no-tty option, yes > >>> one of was nohup. > >>> Let me try that with py-expect and get back to you tomorrow. I still > >>> wonder who would actually use that. > >> > >> Yes, doing this kind of thing is definitely stupid because if you are > >> going to put your password into a script, you may as well just put it in > >> the #&$*% configuration file, but there are still dumb reasons for > >> things like Tomcat Vault[1] to exist. I just don't want to suddenly > >> break a bunch of installations for something trivial like the spelling > >> of an output message. > > > > I did now play around with expect(1), the original one. I can confirm your > > fears. expect(1) does block when the expected line changes. > > > > Question is how big the change is that someone uses which broken setup. > > Would you accept the compromise that if someone complain we'd roll back in > > 1.2.x? > > I'd prefer to just not change it. I know that sounds maybe insanely > hesitant and smacks of "nothing can ever change" but this /could/ > represent a very important very breaking change to some users. If you don't break it you don't know who uses it ;-) > We don't have a policy of "never change anything, never break anything" > but because of the specific interactions in this case, I view the text > of this message almost like a public software interface (i.e. API). > Changing that requires some serious consideration w
