[Bug 69132] SPAM SPAM SPAM SPAM

2024-06-11 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=69132

Chuck Caldarale  changed:

   What|Removed |Added

 Resolution|--- |INVALID
 Status|NEW |RESOLVED
 OS||All
Summary|Improvements in security|SPAM SPAM SPAM SPAM
   |features and configurations |

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 69132] New: Improvements in security features and configurations

2024-06-11 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=69132

Bug ID: 69132
   Summary: Improvements in security features and configurations
   Product: Tomcat 11
   Version: unspecified
  Hardware: PC
Status: NEW
  Severity: normal
  Priority: P2
 Component: Authentication
  Assignee: dev@tomcat.apache.org
  Reporter: thomaskda...@gonetor.com
  Target Milestone: ---

Tomcat 11 includes improvements in security features and configurations,
ensuring that student data and information remain protected against potential
vulnerabilities and threats. This heightened security is crucial for education
consultants handling sensitive student information and ensuring compliance with
data protection regulations.
--> https://bjeducation.com.au/about

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Buildbot failure in on tomcat-11.0.x

2024-06-11 Thread Igal Sapir 
On Tue, Jun 11, 2024 at 5:32 PM  wrote:

> Build status: BUILD FAILED: failed Snapshot deployed to ASF Maven snapshot
> repository (failure)
> Worker used: bb_worker2_ubuntu
> URL: https://ci2.apache.org/#builders/112/builds/1130
> Blamelist: Igal Sapir 
> Build Text: failed Snapshot deployed to ASF Maven snapshot repository
> (failure)
> Status Detected: new failure
> Build Source Stamp: [branch main] 7118991902b3ae27e3ef128e86f94ef8b5dbb509
>

I updated build.xml and .idea/tomcat.iml but I tested it locally and there
are no errors building Tomcat nor running the ide-intellij ant target.  The
error message indicates an issue on the remote server from what I can see:

/home/buildslave/slave/tomcat-11.0.x/build/res/maven/mvn-pub.xml:115:
Could not deploy artifacts: Failed to deploy artifacts: Could not transfer
artifact
org.apache.tomcat:tomcat-annotations-api:pom:11.0.0-M21-20240612.002956-46
from/to apache.snapshots.https (
https://repository.apache.org/content/repositories/snapshots): status code:
502, reason phrase: Proxy Error (502)

I am not sure how to rerun the pipeline other than pushing another commit.

Igal




>
>
> Steps:
>
>   worker_preparation: 0
>
>   git: 0
>
>   shell: 0
>
>   shell_1: 0
>
>   shell_2: 0
>
>   shell_3: 0
>
>   shell_4: 0
>
>   shell_5: 0
>
>   shell_6: 0
>
>   compile: 1
>
>   shell_7: 0
>
>   shell_8: 0
>
>   shell_9: 2
>
>
> -- ASF Buildbot
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Buildbot failure in on tomcat-11.0.x

2024-06-11 Thread buildbot 
Build status: BUILD FAILED: failed Snapshot deployed to ASF Maven snapshot 
repository (failure)
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/112/builds/1130
Blamelist: Igal Sapir 
Build Text: failed Snapshot deployed to ASF Maven snapshot repository (failure)
Status Detected: new failure
Build Source Stamp: [branch main] 7118991902b3ae27e3ef128e86f94ef8b5dbb509


Steps:

  worker_preparation: 0

  git: 0

  shell: 0

  shell_1: 0

  shell_2: 0

  shell_3: 0

  shell_4: 0

  shell_5: 0

  shell_6: 0

  compile: 1

  shell_7: 0

  shell_8: 0

  shell_9: 2


-- ASF Buildbot


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated: Added instructions on how to remove the exclusion of FFM directories in IDEA

2024-06-11 Thread isapir 
This is an automated email from the ASF dual-hosted git repository.

isapir pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 7118991902 Added instructions on how to remove the exclusion of FFM 
directories in IDEA
7118991902 is described below

commit 7118991902b3ae27e3ef128e86f94ef8b5dbb509
Author: Igal Sapir 
AuthorDate: Tue Jun 11 17:00:35 2024 -0700

Added instructions on how to remove the exclusion of FFM directories in IDEA
---
 build.xml   | 8 +++-
 res/ide-support/idea/tomcat.iml | 5 +
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/build.xml b/build.xml
index eee0507ba1..39af943513 100644
--- a/build.xml
+++ b/build.xml
@@ -3827,8 +3827,14 @@ Read the Building page on the Apache Tomcat 
documentation site for details on ho
 
 
 IntelliJ IDEA project directory created.
+
 The SDK was set to "${build.java.version}" so make sure that your 
IDE has an SDK with that name,
-or update the Project Settings accordingly.
+or update the Project Settings accordingly. Choose [File > Project 
Structure] to open the settings dialog
+and set the SDK level, language level, etc. as needed.
+
+Some folders have been excluded by default as they require the latest SDK 
version and enabling of preview
+features. You can remove or comment out the exclusions to enable the 
directories in the .idea/tomcat.iml
+file, or via the IDEA UI by right-clicking folders, and choosing [Mark 
Directory as > Cancel Exclusion]
   
 
   
diff --git a/res/ide-support/idea/tomcat.iml b/res/ide-support/idea/tomcat.iml
index d7fbb8f0fb..95b36c35b1 100644
--- a/res/ide-support/idea/tomcat.iml
+++ b/res/ide-support/idea/tomcat.iml
@@ -22,6 +22,11 @@
   
   
   
+
+  
   
   
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated: Add anchor target ids for configuration attributes.

2024-06-11 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 9a9099844d Add anchor target ids for configuration attributes.
9a9099844d is described below

commit 9a9099844d1a0f0eff265a6ecfeebc00b05c0659
Author: Christopher Schultz 
AuthorDate: Tue Jun 11 18:21:32 2024 -0400

Add anchor target ids for configuration attributes.
---
 webapps/docs/tomcat-docs.xsl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/tomcat-docs.xsl b/webapps/docs/tomcat-docs.xsl
index 54abf79897..69e27742db 100644
--- a/webapps/docs/tomcat-docs.xsl
+++ b/webapps/docs/tomcat-docs.xsl
@@ -298,7 +298,7 @@
 
   
   
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 9.0.x updated: Add anchor target ids for configuration attributes.

2024-06-11 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 3a8f0d1eb6 Add anchor target ids for configuration attributes.
3a8f0d1eb6 is described below

commit 3a8f0d1eb6464fa8d626cc72fdec749b6424505f
Author: Christopher Schultz 
AuthorDate: Tue Jun 11 18:21:32 2024 -0400

Add anchor target ids for configuration attributes.
---
 webapps/docs/tomcat-docs.xsl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/tomcat-docs.xsl b/webapps/docs/tomcat-docs.xsl
index 722f21c9eb..8654faf304 100644
--- a/webapps/docs/tomcat-docs.xsl
+++ b/webapps/docs/tomcat-docs.xsl
@@ -298,7 +298,7 @@
 
   
   
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated: Add anchor target ids for configuration attributes.

2024-06-11 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new 275732343a Add anchor target ids for configuration attributes.
275732343a is described below

commit 275732343aab48a0192eedd0f5d7e2b1a069d9ca
Author: Christopher Schultz 
AuthorDate: Tue Jun 11 18:21:32 2024 -0400

Add anchor target ids for configuration attributes.
---
 webapps/docs/tomcat-docs.xsl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/tomcat-docs.xsl b/webapps/docs/tomcat-docs.xsl
index 83d2393730..8010876ba4 100644
--- a/webapps/docs/tomcat-docs.xsl
+++ b/webapps/docs/tomcat-docs.xsl
@@ -298,7 +298,7 @@
 
   
   
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PR] Fix ide-support for idea [tomcat]

2024-06-11 Thread via GitHub 


isapir commented on PR #731:
URL: https://github.com/apache/tomcat/pull/731#issuecomment-2161659043

   I merged the PR and tried to comment out the exclusion lines as agreed 
above, but that breaks with a different error and does not allow to build.
   
   I think that it's best to leave things as they are for now for the following 
reasons:
   
   1. As @markt-asf pointed out this script is used rather rarely
   2. As @ChristopherSchultz and @dsoumis pointed out most users might not have 
preview features enabled
   3. In 3 months Java 23 will become GA and could make these issues obsolete, 
so we can update the SDK level then
   4. We are spending a lot of time on something that is not used that much
   
   A more efficient process might be to add some instructions or pointers in 
the comments or target output


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 9.0.x updated: Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC pool libraries (#733)

2024-06-11 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new e560e83766 Fix property ant.tstamp.now.iso ignored when building 
Tomcat JDBC pool libraries (#733)
e560e83766 is described below

commit e560e8376652ce5a32f73e0ac1f1dec54e20cbe7
Author: Dimitrios Soumis 
AuthorDate: Wed Jun 12 00:12:35 2024 +0300

Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC pool 
libraries (#733)
---
 build.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.xml b/build.xml
index 96b7301002..f14d52bf93 100644
--- a/build.xml
+++ b/build.xml
@@ -1547,7 +1547,7 @@
 
 
-  
+  
   
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated: Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC pool libraries (#733)

2024-06-11 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new fd6804041c Fix property ant.tstamp.now.iso ignored when building 
Tomcat JDBC pool libraries (#733)
fd6804041c is described below

commit fd6804041ca4621b67f5a1d9decc3148e985ea39
Author: Dimitrios Soumis 
AuthorDate: Wed Jun 12 00:12:35 2024 +0300

Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC pool 
libraries (#733)
---
 build.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.xml b/build.xml
index 7c4cbfaadf..8a833daaa4 100644
--- a/build.xml
+++ b/build.xml
@@ -1603,7 +1603,7 @@
 
 
-  
+  
   
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated: Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC pool libraries (#733)

2024-06-11 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new bd2b0f50c2 Fix property ant.tstamp.now.iso ignored when building 
Tomcat JDBC pool libraries (#733)
bd2b0f50c2 is described below

commit bd2b0f50c2584e01b189ca196a422b8e63b934d9
Author: Dimitrios Soumis 
AuthorDate: Wed Jun 12 00:12:35 2024 +0300

Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC pool 
libraries (#733)
---
 build.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.xml b/build.xml
index 052d6e9afb..eee0507ba1 100644
--- a/build.xml
+++ b/build.xml
@@ -1598,7 +1598,7 @@
 
 
-  
+  
   
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PR] Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC poo… [tomcat]

2024-06-11 Thread via GitHub 


ChristopherSchultz merged PR #733:
URL: https://github.com/apache/tomcat/pull/733


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PR] Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC poo… [tomcat]

2024-06-11 Thread via GitHub 


ChristopherSchultz commented on PR #733:
URL: https://github.com/apache/tomcat/pull/733#issuecomment-2161606328

   > When running `ant deploy` to reproduce the build, `pre-release` target 
will not have been executed
   
   If you are trying to reproduce the build, they you will have 
`build.properties.release` as generated by the release manager. That file 
contains (e.g.):
   
   ant.tstamp.now.iso=2024-06-11T20:57:36Z
   
   When running "deploy", I see this:
   
   ```
   Setting project property: ant.tstamp.now.iso -> 2024-06-11T20:57:36Z
   Setting project property: ant.tstamp.now.iso -> 2024-06-11T20:57:36Z
   Override ignored for property "ant.tstamp.now.iso"
   Setting project property: ant.tstamp.now.iso -> 2024-06-11T20:57:36Z
   Override ignored for property "ant.tstamp.now.iso"
   ... [many times repeated]
   ```
   
   However, when *not* using a source-release package:
   ```
   $ ant -d deploy | grep ant.tstamp.now.iso
   Property "ant.tstamp.now.iso" has not been set
   Setting ro project property: ant.tstamp.now.iso -> ${ant.tstamp.now.iso}
  [tstamp] magic property ant.tstamp.now.iso ignored as 
'${ant.tstamp.now.iso}' is not in valid ISO pattern
  [tstamp] magic property ant.tstamp.now.iso ignored as 
'${ant.tstamp.now.iso}' is not in valid ISO pattern
   ```
   
   > May not be an actual issue, but it disrupts the flawlessness of the 
process.
   
   +1
   
   The irony of the situation is that `ant.tstamp.now.iso` can be used to "set" 
the build timestamp for ant but ant does not set that property itself if it's 
not specified e.g. on the command-line. So it's basically never a good idea to 
use `${ant.tstamp.now.iso}` in your own build file.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PR] Fix ide-support for idea [tomcat]

2024-06-11 Thread via GitHub 


ChristopherSchultz commented on PR #731:
URL: https://github.com/apache/tomcat/pull/731#issuecomment-2161585676

   My preference is for the ide-idea ant target to work for *most people*. 
_Most people_ are not Tomcat developers, but people who have downloaded our 
sources and are building them locally for whatever reason. I would want this to 
break in a way that is more easily-solved by most of these users.
   
   Tomcat devs can ask their colleagues how to get around a problem that is 
specific to them.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Tagging June releases

2024-06-11 Thread Christopher Schultz 

Mark,

On 6/10/24 04:06, Mark Thomas wrote:
A bunch of minor issues built up in my TODO list while I was at 
Community over Code and the Tomcat security day. I'd like to clear these 
before I tag the June releases.


+1

In related news, the release ballots for Servlet and Pages have 
completed successfully. There is some admin that needs to be completed 
there as well but the key impact for us is that the next Tomcat 11 vote 
will be for a BETA release rather than an ALPHA release.


:party:

My current guess is that I'll be in a position to tag 11.0.x towards the 
end of the week. I'll provide an update if that changes after I have 
triaged my inbox.


Sounds good to me.

-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PROPOSAL] Tomcat 10: Remove Server-Side Includes (SSI)

2024-06-11 Thread Christopher Schultz 

Michael,

On 6/7/24 10:18, Michael Osipov wrote:


On 2024/06/07 12:54:44 Christopher Schultz wrote:

Michael,

On 6/7/24 08:01, Michael Osipov wrote:

On 2024/06/07 08:05:34 Mark Thomas wrote:

On 06/06/2024 16:30, Christopher Schultz wrote:

All,

Resurrecting this thread from 2019.

I'd like to remove the SSI configuration from conf/web.xml and put it
into webapps/docs/ssi-howto.html.

Are there any objections?


None here.

Do we want to go further and consider removing it entirely for Tomcat 12
onwards. Maybe a question for the users list?


I need to admit that there are situations where SSI might be prefered over JSP.
Example: I needed limited flexibility for some Asciidoctor generated documents 
dependening whether it is QA or prod. I didn't want to generate multiple sets 
of documents (reduce complexity). Now some lines of SSI display a proper QA 
banner. Good enough for the job. Getting JSP or PHP output with Asciidoctor is 
almost impossible.


It's entirely possible to separate SSI into a different project. I
didn't do it because it uses helper-classes in Tomcat for certain things.

But if SSI is desirable, it can be packaged separately at the cost of
some additional support classes/methods being copied outside of Tomcat.

I don't want to support it anymore, but it should be easy *for someone
else* to extract and bundle separately :)


What is the pain having it off by default, but have the necessary classes still 
provided in the JARs? They do not require any maintenance. They just work, 
don't they?


They do "just work" but it's basically RCE as a feature which is just 
bad. The idea that Tomcat should be a Java-based replacement for httpd 
with all its features is never something I liked. CGI, SSI, 
RewriteValve, etc. are all vestiges of that idea. If you want CGI and 
SSI and rewrite, then use the right tool for that job which is a 
reverse-proxying web server. Let Tomcat deal with all the Java-related 
stuff and shed all that extra cruft.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch main updated: Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)

2024-06-11 Thread Michael Osipov 
On 2024/06/11 16:47:37 Mark Thomas wrote:
> On 11/06/2024 12:45, Michael Osipov wrote:
> > On 2024/06/11 10:48:29 Mark Thomas wrote:
> >> On 11/06/2024 11:14, micha...@apache.org wrote:
> >>> This is an automated email from the ASF dual-hosted git repository.
> >>>
> >>> michaelo pushed a commit to branch main
> >>> in repository https://gitbox.apache.org/repos/asf/tomcat.git
> >>>
> >>>
> >>> The following commit(s) were added to refs/heads/main by this push:
> >>>new 956c4577ca Add RealmBase.getPrincipal(GSSName, GSSCredential, 
> >>> GSSContext)
> >>> 956c4577ca is described below
> >>>
> >>> commit 956c4577caedca7d77c5eb996a83ebafdf80b889
> >>> Author: Michael Osipov 
> >>> AuthorDate: Tue Jun 11 11:11:29 2024 +0200
> >>>
> >>>   Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)
> >>>   
> >>>   A realm might want to access extended/additional information from an
> >>>   established GSS context to properly build an authenticated princpal.
> >>>   One prominent example is 
> >>> com.sun.security.jgss.ExtendedGSSContext.inquireSecContext(InquireType).
> >>
> >> Do we want to deprecate the old method?
> > 
> > A very good question. If removed in 11 then a custom component forn 10 will 
> > not work in 11. Though, those are just two lines to satisfy ABI. From a 
> > consistency perspective I'd deprecate remove. The problem is that if we 
> > deprecate the other method that would imply that GSSContext could be null 
> > and that would not be acceptable for that method because no inquiry would 
> > be possible.
> > 
> > We have two use cases:
> > * RealmBase.authenticate(GSSContext, boolean):
> > Truly expects to come from a SPNEGO authenticator and will provide the GSS 
> > context, then passed to new method.
> > * RealmBase.authenticate(GSSName, GSSCredential):
> > Does not need to come from a SPNEGO authenticator, e.g. local testing (use 
> > current user) or from X.509 authentication the both obtained with protocol 
> > transition (S4U2proxy), then passed to getPrincipal(GSSName, GSSCredential)
> > 
> > I need to think about wether it'd be whise to remove. What should never 
> > happen is:
> > protected Principal getPrincipal(GSSName gssName, GSSCredential 
> > gssCredential) {
> >return getPrincipal(gssName, gssCredential, null);
> > }
> > protected Principal getPrincipal(GSSName gssName, GSSCredential 
> > gssCredential, GSSContext gssContext) {
> > ...do magic
> > }
> > from my point of view. For the time being I'd keep it.
> > 
> > Thoughts?
> 
> If there are use cases for both, I'm happy to keep both.

Let's keep both for at least one release. I need some time to assess the 
possible impact of a removal.

M

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated (25845e375f -> b3e2a71456)

2024-06-11 Thread isapir 
This is an automated email from the ASF dual-hosted git repository.

isapir pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from 25845e375f Regression for BZ 68721 - report correct exception
 add 1e4dfd3b5e Fix ide-support for idea
 add 352d0ad587 Revert "Fix ide-support for idea"
 add e83aa97865 Merge branch 'apache:main' into patch-4
 add fbd9c74429 Merge remote-tracking branch 'origin/patch-4' into patch-4
 add c82308dea0 Exclude openssl and panama directories from idea support
 add f408255a12 Remove possible exclusions from compiler.xml
 new b3e2a71456 Merge pull request #731 from dsoumis/patch-4

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 res/ide-support/idea/compiler.xml | 8 +---
 res/ide-support/idea/tomcat.iml   | 2 ++
 2 files changed, 3 insertions(+), 7 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) 01/01: Merge pull request #731 from dsoumis/patch-4

2024-06-11 Thread isapir 
This is an automated email from the ASF dual-hosted git repository.

isapir pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit b3e2a7145620a211e1adf0f10fa6cdafb8f5d172
Merge: 25845e375f f408255a12
Author: Igal Sapir 
AuthorDate: Tue Jun 11 10:59:41 2024 -0700

Merge pull request #731 from dsoumis/patch-4

Move exclusions from Compiler settings to Module settings in IDEA

 res/ide-support/idea/compiler.xml | 8 +---
 res/ide-support/idea/tomcat.iml   | 2 ++
 2 files changed, 3 insertions(+), 7 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PR] Fix ide-support for idea [tomcat]

2024-06-11 Thread via GitHub 


isapir merged PR #731:
URL: https://github.com/apache/tomcat/pull/731


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch main updated: Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)

2024-06-11 Thread Mark Thomas 

On 11/06/2024 12:45, Michael Osipov wrote:

On 2024/06/11 10:48:29 Mark Thomas wrote:

On 11/06/2024 11:14, micha...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
   new 956c4577ca Add RealmBase.getPrincipal(GSSName, GSSCredential, 
GSSContext)
956c4577ca is described below

commit 956c4577caedca7d77c5eb996a83ebafdf80b889
Author: Michael Osipov 
AuthorDate: Tue Jun 11 11:11:29 2024 +0200

  Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)
  
  A realm might want to access extended/additional information from an

  established GSS context to properly build an authenticated princpal.
  One prominent example is 
com.sun.security.jgss.ExtendedGSSContext.inquireSecContext(InquireType).


Do we want to deprecate the old method?


A very good question. If removed in 11 then a custom component forn 10 will not 
work in 11. Though, those are just two lines to satisfy ABI. From a consistency 
perspective I'd deprecate remove. The problem is that if we deprecate the other 
method that would imply that GSSContext could be null and that would not be 
acceptable for that method because no inquiry would be possible.

We have two use cases:
* RealmBase.authenticate(GSSContext, boolean):
Truly expects to come from a SPNEGO authenticator and will provide the GSS 
context, then passed to new method.
* RealmBase.authenticate(GSSName, GSSCredential):
Does not need to come from a SPNEGO authenticator, e.g. local testing (use 
current user) or from X.509 authentication the both obtained with protocol 
transition (S4U2proxy), then passed to getPrincipal(GSSName, GSSCredential)

I need to think about wether it'd be whise to remove. What should never happen 
is:
protected Principal getPrincipal(GSSName gssName, GSSCredential gssCredential) {
   return getPrincipal(gssName, gssCredential, null);
}
protected Principal getPrincipal(GSSName gssName, GSSCredential gssCredential, 
GSSContext gssContext) {
...do magic
}
from my point of view. For the time being I'd keep it.

Thoughts?


If there are use cases for both, I'm happy to keep both.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 9.0.x updated: Regression for BZ 68721 - report correct exception

2024-06-11 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new b761e225f5 Regression for BZ 68721 - report correct exception
b761e225f5 is described below

commit b761e225f51733ed06a8b087f5798e91f0d47714
Author: Mark Thomas 
AuthorDate: Tue Jun 11 17:26:54 2024 +0100

Regression for BZ 68721 - report correct exception

Some instances of LinkageError were incorrectly reported as
ClassNotFoundException
---
 java/org/apache/catalina/loader/WebappClassLoaderBase.java | 4 
 webapps/docs/changelog.xml | 5 +
 2 files changed, 9 insertions(+)

diff --git a/java/org/apache/catalina/loader/WebappClassLoaderBase.java 
b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
index 2cc22958bf..553cd7a64e 100644
--- a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
+++ b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
@@ -2300,6 +2300,10 @@ public abstract class WebappClassLoaderBase extends 
URLClassLoader
 // Re-throw the original exception
 throw e;
 }
+if (clazz == null) {
+// Not BZ 68721
+throw e;
+}
 }
 entry.loadedClass = clazz;
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 611c596507..bb20f254ea 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -135,6 +135,11 @@
 for retrieving extended/additional information from an established
 GSS context. (michaelo)
   
+  
+Correct a regression in the fix for 68721 that caused some
+instances of LinkageError to be reported as
+ClassNotFoundException. (markt)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated: Regression for BZ 68721 - report correct exception

2024-06-11 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new 43b452ebeb Regression for BZ 68721 - report correct exception
43b452ebeb is described below

commit 43b452ebeb7274a749938b7461e5843c3ca2bc23
Author: Mark Thomas 
AuthorDate: Tue Jun 11 17:26:54 2024 +0100

Regression for BZ 68721 - report correct exception

Some instances of LinkageError were incorrectly reported as
ClassNotFoundException
---
 java/org/apache/catalina/loader/WebappClassLoaderBase.java | 4 
 webapps/docs/changelog.xml | 5 +
 2 files changed, 9 insertions(+)

diff --git a/java/org/apache/catalina/loader/WebappClassLoaderBase.java 
b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
index 4022bcf42a..51f6e21353 100644
--- a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
+++ b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
@@ -2315,6 +2315,10 @@ public abstract class WebappClassLoaderBase extends 
URLClassLoader
 // Re-throw the original exception
 throw e;
 }
+if (clazz == null) {
+// Not BZ 68721
+throw e;
+}
 }
 entry.loadedClass = clazz;
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3e238ff8b4..8071722be4 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -123,6 +123,11 @@
 for retrieving extended/additional information from an established
 GSS context. (michaelo)
   
+  
+Correct a regression in the fix for 68721 that caused some
+instances of LinkageError to be reported as
+ClassNotFoundException. (markt)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated: Regression for BZ 68721 - report correct exception

2024-06-11 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 25845e375f Regression for BZ 68721 - report correct exception
25845e375f is described below

commit 25845e375f1dcb81d5c18ee4a67aba6257b78860
Author: Mark Thomas 
AuthorDate: Tue Jun 11 17:26:54 2024 +0100

Regression for BZ 68721 - report correct exception

Some instances of LinkageError were incorrectly reported as
ClassNotFoundException
---
 java/org/apache/catalina/loader/WebappClassLoaderBase.java | 4 
 webapps/docs/changelog.xml | 5 +
 2 files changed, 9 insertions(+)

diff --git a/java/org/apache/catalina/loader/WebappClassLoaderBase.java 
b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
index 0a3edb4e18..f6cfa08e4c 100644
--- a/java/org/apache/catalina/loader/WebappClassLoaderBase.java
+++ b/java/org/apache/catalina/loader/WebappClassLoaderBase.java
@@ -2124,6 +2124,10 @@ public abstract class WebappClassLoaderBase extends 
URLClassLoader
 // Re-throw the original exception
 throw e;
 }
+if (clazz == null) {
+// Not BZ 68721
+throw e;
+}
 }
 entry.loadedClass = clazz;
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1273c41722..5cc937d544 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -123,6 +123,11 @@
 for retrieving extended/additional information from an established
 GSS context. (michaelo)
   
+  
+Correct a regression in the fix for 68721 that caused some
+instances of LinkageError to be reported as
+ClassNotFoundException. (markt)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: BND 7 and multi release JARs

2024-06-11 Thread Michael Osipov 
On 2024/06/11 14:15:48 Rémy Maucherat wrote:
> Hi,
> 
> To fix the issue with having Java 22 classes in tomcat-coyote (and
> embedded), I was looking at multi release JARs. I think it would work
> fine *if* we were building the JARs ourselves (jarIt task), but then
> the jars are actually rebuilt with bnd.
> 
> Supposedly bnd 7.0.0 (which we just upgraded to) supports multi
> release jars. After looking at their testsuite, it seems adding
> "Multi-release: true" to the bnd and having the classes in the right
> spot (META-INF/versions/22) would be enough [see:
> https://github.com/bndtools/bnd/pull/5581/files ]. Unfortunately, this
> keeps doing nothing for me. If anyone can get it to work, let me know.

I looked at this more closely. That example above I have applied some time with 
Robert Scholte to my project with Maven [1]. It does work flawlessly. The BND 
tool for Ant is rather limited.
What will work for you is the following:
* Add the flag:
> $ git diff -U0
> diff --git a/res/META-INF/default.manifest b/res/META-INF/default.manifest
> index 8937c41931..87919e7dee 100644
> --- a/res/META-INF/default.manifest
> +++ b/res/META-INF/default.manifest
> @@ -9,0 +10 @@ X-Compile-Target-JDK: @target.jdk@
> +Multi-Release: true
* Add a separate compilation step for the FFM stuff with a different --release 
option to a separate dir. Update the packaging of the JAR with 
META-INF/versions/22 and fill with those classes. That will work.

But beware, BND generates a module-info.class for the root code. What if the 
versioned one needs another module-info.class? What if the OSGi metadata need 
to be different for the FFM code? There is no versioned MANIFEST.MF.
If this is not a problem it will do for you. For me it does:
$ curl -sL 
https://search.maven.org/remotecontent?filepath=net/sf/michael-o/activedirectory-dns-locator/0.4.0/activedirectory-dns-locator-0.4.0.jar
 | tar tzf -
META-INF/
META-INF/MANIFEST.MF
META-INF/LICENSE.txt
META-INF/services/
META-INF/services/com.sun.jndi.ldap.spi.LdapDnsProvider
META-INF/services/javax.naming.ldap.spi.LdapDnsProvider
META-INF/versions/
META-INF/versions/12/
META-INF/versions/12/net/
META-INF/versions/12/net/sf/
META-INF/versions/12/net/sf/michaelo/
META-INF/versions/12/net/sf/michaelo/activedirectory/
META-INF/versions/12/net/sf/michaelo/activedirectory/ActiveDirectoryLdapDnsProvider.class
net/
net/sf/
net/sf/michaelo/
net/sf/michaelo/activedirectory/
net/sf/michaelo/activedirectory/ActiveDirectoryDnsLocator$1.class
net/sf/michaelo/activedirectory/ActiveDirectoryDnsLocator$Builder.class
net/sf/michaelo/activedirectory/ActiveDirectoryDnsLocator$HostPort.class
net/sf/michaelo/activedirectory/ActiveDirectoryDnsLocator$SrvRecord.class
net/sf/michaelo/activedirectory/ActiveDirectoryDnsLocator.class
net/sf/michaelo/activedirectory/ActiveDirectoryLdapDnsProvider.class
...

Michael

[1] https://github.com/michael-o/activedirectory-dns-locator/blob/main/pom.xml

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: BND 7 and multi release JARs

2024-06-11 Thread Michael Osipov 
On 2024/06/11 14:15:48 Rémy Maucherat wrote:
> Hi,
> 
> To fix the issue with having Java 22 classes in tomcat-coyote (and
> embedded), I was looking at multi release JARs. I think it would work
> fine *if* we were building the JARs ourselves (jarIt task), but then
> the jars are actually rebuilt with bnd.
> 
> Supposedly bnd 7.0.0 (which we just upgraded to) supports multi
> release jars. After looking at their testsuite, it seems adding
> "Multi-release: true" to the bnd and having the classes in the right
> spot (META-INF/versions/22) would be enough [see:
> https://github.com/bndtools/bnd/pull/5581/files ]. Unfortunately, this
> keeps doing nothing for me. If anyone can get it to work, let me know.
> 
> Anyway, instead of doing something too complex, I would instead be
> back to producing a small tomcat-coyote-ffm jar. Then embedded users
> can still use that small jar, even though it's a bit annoying to not
> have it included in the big embed jar ... The naming of the jar will
> be "stable" since even if adding quic/h3 to it somehow, the jar name
> remains appropriate.
> 
> Obviously all the mess comes from the combination of these two items:
> - FFM missing the Java 21 cruise ship
> - EE 11 downgrading to Java 17
> 
> :(
> 
> So is it ok if I add a new tomcat-coyote-ffm.jar in lib ?

I'd prefer to do both. MRJAR with module-info to solve issues like 
https://bz.apache.org/bugzilla/show_bug.cgi?id=66631
and a separate JAR.

Michael

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: BND 7 and multi release JARs

2024-06-11 Thread Romain Manni-Bucau 
My 2 cts would be to split anyway even if bnd can handle it:

* mjar can imply some classloading overhead
(java.util.jar.JarFile#getEntry) and keep the issue to have in a j17 jar >
17 bytecode (scanner not multirelease friendly will likely fail even if
tomcat shouldnt be scanned it stays scanned quite often)
* preview features are not that welcomed in default bundle IMHO - mainly
embed case

Romain Manni-Bucau
@rmannibucau  |  Blog
 | Old Blog
 | Github  |
LinkedIn  | Book



Le mar. 11 juin 2024 à 16:16, Rémy Maucherat  a écrit :

> Hi,
>
> To fix the issue with having Java 22 classes in tomcat-coyote (and
> embedded), I was looking at multi release JARs. I think it would work
> fine *if* we were building the JARs ourselves (jarIt task), but then
> the jars are actually rebuilt with bnd.
>
> Supposedly bnd 7.0.0 (which we just upgraded to) supports multi
> release jars. After looking at their testsuite, it seems adding
> "Multi-release: true" to the bnd and having the classes in the right
> spot (META-INF/versions/22) would be enough [see:
> https://github.com/bndtools/bnd/pull/5581/files ]. Unfortunately, this
> keeps doing nothing for me. If anyone can get it to work, let me know.
>
> Anyway, instead of doing something too complex, I would instead be
> back to producing a small tomcat-coyote-ffm jar. Then embedded users
> can still use that small jar, even though it's a bit annoying to not
> have it included in the big embed jar ... The naming of the jar will
> be "stable" since even if adding quic/h3 to it somehow, the jar name
> remains appropriate.
>
> Obviously all the mess comes from the combination of these two items:
> - FFM missing the Java 21 cruise ship
> - EE 11 downgrading to Java 17
>
> :(
>
> So is it ok if I add a new tomcat-coyote-ffm.jar in lib ?
>
> Rémy
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

BND 7 and multi release JARs

2024-06-11 Thread Rémy Maucherat 
Hi,

To fix the issue with having Java 22 classes in tomcat-coyote (and
embedded), I was looking at multi release JARs. I think it would work
fine *if* we were building the JARs ourselves (jarIt task), but then
the jars are actually rebuilt with bnd.

Supposedly bnd 7.0.0 (which we just upgraded to) supports multi
release jars. After looking at their testsuite, it seems adding
"Multi-release: true" to the bnd and having the classes in the right
spot (META-INF/versions/22) would be enough [see:
https://github.com/bndtools/bnd/pull/5581/files ]. Unfortunately, this
keeps doing nothing for me. If anyone can get it to work, let me know.

Anyway, instead of doing something too complex, I would instead be
back to producing a small tomcat-coyote-ffm jar. Then embedded users
can still use that small jar, even though it's a bit annoying to not
have it included in the big embed jar ... The naming of the jar will
be "stable" since even if adding quic/h3 to it somehow, the jar name
remains appropriate.

Obviously all the mess comes from the combination of these two items:
- FFM missing the Java 21 cruise ship
- EE 11 downgrading to Java 17

:(

So is it ok if I add a new tomcat-coyote-ffm.jar in lib ?

Rémy

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 69131] allowCorsPreflight="filter" does not work with filter mappings other than "/*" for the CorsFilter

2024-06-11 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=69131

Michael Osipov  changed:

   What|Removed |Added

 CC||micha...@apache.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 69131] allowCorsPreflight="filter" does not work with filter mappings other than "/*" for the CorsFilter

2024-06-11 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=69131

--- Comment #1 from Michael Osipov  ---
I mentioned this as well when I reported this issue years ago and Mark provided
the implementation for "/*" only.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch main updated: Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)

2024-06-11 Thread Michael Osipov 
On 2024/06/11 10:48:29 Mark Thomas wrote:
> On 11/06/2024 11:14, micha...@apache.org wrote:
> > This is an automated email from the ASF dual-hosted git repository.
> > 
> > michaelo pushed a commit to branch main
> > in repository https://gitbox.apache.org/repos/asf/tomcat.git
> > 
> > 
> > The following commit(s) were added to refs/heads/main by this push:
> >   new 956c4577ca Add RealmBase.getPrincipal(GSSName, GSSCredential, 
> > GSSContext)
> > 956c4577ca is described below
> > 
> > commit 956c4577caedca7d77c5eb996a83ebafdf80b889
> > Author: Michael Osipov 
> > AuthorDate: Tue Jun 11 11:11:29 2024 +0200
> > 
> >  Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)
> >  
> >  A realm might want to access extended/additional information from an
> >  established GSS context to properly build an authenticated princpal.
> >  One prominent example is 
> > com.sun.security.jgss.ExtendedGSSContext.inquireSecContext(InquireType).
> 
> Do we want to deprecate the old method?

A very good question. If removed in 11 then a custom component forn 10 will not 
work in 11. Though, those are just two lines to satisfy ABI. From a consistency 
perspective I'd deprecate remove. The problem is that if we deprecate the other 
method that would imply that GSSContext could be null and that would not be 
acceptable for that method because no inquiry would be possible.

We have two use cases:
* RealmBase.authenticate(GSSContext, boolean):
Truly expects to come from a SPNEGO authenticator and will provide the GSS 
context, then passed to new method.
* RealmBase.authenticate(GSSName, GSSCredential):
Does not need to come from a SPNEGO authenticator, e.g. local testing (use 
current user) or from X.509 authentication the both obtained with protocol 
transition (S4U2proxy), then passed to getPrincipal(GSSName, GSSCredential)

I need to think about wether it'd be whise to remove. What should never happen 
is:
protected Principal getPrincipal(GSSName gssName, GSSCredential gssCredential) {
  return getPrincipal(gssName, gssCredential, null);
}
protected Principal getPrincipal(GSSName gssName, GSSCredential gssCredential, 
GSSContext gssContext) {
...do magic
}
from my point of view. For the time being I'd keep it.

Thoughts?

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 69131] New: allowCorsPreflight="filter" does not work with filter mappings other than "/*" for the CorsFilter

2024-06-11 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=69131

Bug ID: 69131
   Summary: allowCorsPreflight="filter" does not work with filter
mappings other than "/*" for the CorsFilter
   Product: Tomcat 9
   Version: 9.0.89
  Hardware: PC
OS: Linux
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: robert.rodew...@kopsis.com
  Target Milestone: -

As I understand the AuthenticatorBase attribute allowCorsPreflight it should
either always allow CORS preflight requests ("always"), never allow them
("never", default) or only if there is a CorsFilter filter mapping for the
current requested URI ("filter").

Looking at the code of the method allowCorsPreflightBypass(Request request) one
can see that ONLY the filter mapping "/*" allows the preflight request to
happen correctly. No other filter mappings does lead to the variable
allowBypass to be set to true. In my opinion this is wrong.

What if you configure your CorsFilter with the filter mapping "/api/*"? In this
case the preflight requests will never be allowed if you configure
allowCorsPreflight to "filter".

I think in the innermost loop there should be a check against the current
request URI to check if the CorsFilter is applied to the request. I can supply
a pull request, if there is agreement on this.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PR] Fix ide-support for idea [tomcat]

2024-06-11 Thread via GitHub 


dsoumis commented on PR #731:
URL: https://github.com/apache/tomcat/pull/731#issuecomment-2160442520

   The change we could make so that all opinions are generally satisfied are:
   
   1. Move the exclusions from `res/ide-support/idea/compiler.xml` to 
`res/ide-support/idea/tomcat.iml` commented out.
   2. Provide guidance through target's comment
   
   Something like:
   ```
   IntelliJ IDEA project directory created.
   The SDK was set to "${build.java.version}" so make sure that your 
IDE has an SDK with that name,
   or update the Project Settings accordingly. Consider uncommenting the 
exclusion lines in ./idea/tomcat.iml or use an SDK >= 22 with "Experimental" / 
"Preview" features enabled.
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch main updated: Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)

2024-06-11 Thread Mark Thomas 

On 11/06/2024 11:14, micha...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
  new 956c4577ca Add RealmBase.getPrincipal(GSSName, GSSCredential, 
GSSContext)
956c4577ca is described below

commit 956c4577caedca7d77c5eb996a83ebafdf80b889
Author: Michael Osipov 
AuthorDate: Tue Jun 11 11:11:29 2024 +0200

 Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)
 
 A realm might want to access extended/additional information from an

 established GSS context to properly build an authenticated princpal.
 One prominent example is 
com.sun.security.jgss.ExtendedGSSContext.inquireSecContext(InquireType).


Do we want to deprecate the old method?

Mark



---
  java/org/apache/catalina/realm/RealmBase.java | 16 +++-
  webapps/docs/changelog.xml|  5 +
  2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index c0aaa49068..c441d51ecf 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -484,7 +484,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
  }
  }
  
-return getPrincipal(gssName, gssCredential);

+return getPrincipal(gssName, gssCredential, gssContext);
  }
  } else {
  log.error(sm.getString("realmBase.gssContextNotEstablished"));
@@ -1201,6 +1201,20 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements Realm {
  protected abstract Principal getPrincipal(String username);
  
  
+/**

+ * Get the principal associated with the specified {@link GSSName}.
+ *
+ * @param gssName   The GSS name
+ * @param gssCredential the GSS credential of the principal
+ * @param gssContext the established GSS context
+ *
+ * @return the principal associated with the given user name.
+ */
+protected Principal getPrincipal(GSSName gssName, GSSCredential 
gssCredential, GSSContext gssContext) {
+return getPrincipal(gssName, gssCredential);
+}
+
+
  /**
   * Get the principal associated with the specified {@link GSSName}.
   *
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index cd704f988c..1273c41722 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -118,6 +118,11 @@
  69066: Fix regression in SPNEGO authenticator when
  processing Base64. Submitted by Daniel Lyko. (remm)

+  
+Add RealmBase.getPrincipal(GSSName, GSSCredential, 
GSSContext)
+for retrieving extended/additional information from an established
+GSS context. (michaelo)
+  
  




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PR] Fix property ant.tstamp.now.iso ignored when building Tomcat JDBC poo… [tomcat]

2024-06-11 Thread via GitHub 


dsoumis commented on PR #733:
URL: https://github.com/apache/tomcat/pull/733#issuecomment-2160410399

   > Is tstamp.iso.release defined at that spot @dsoumis ?
   Yes.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PR] Fix ide-support for idea [tomcat]

2024-06-11 Thread via GitHub 


markt-asf commented on PR #731:
URL: https://github.com/apache/tomcat/pull/731#issuecomment-2160396222

   > Since IDE support is 
[configured](https://github.com/apache/tomcat/blob/main/build.xml#L3830) with 
build.java.version, which currently is 
[17](https://github.com/apache/tomcat/blob/main/build.xml#L111), then should be 
aligned with build.xml.
   
   Fair point. I think that should probably be release.java.version and was 
missed when we split build version and release version but that probably needs 
to be a separate discussion.
   
   > (It's noteworthy that I haven't managed to make this work in Intellij even 
when using Java22 with preview features enabled, which might be a bug in IDEA 
and could affect other users as well. From my point of view, it's better to 
have something that works flawlessly out of the box than trying to figure out 
what is going wrong, which led to the existence of this PR :) )
   
   Personally, I'd always rather fix the root cause than the symptom. Since I'm 
not an Idea user I don't think my views should hold much weight. That said, 
what I'd suggest is:
   - do nothing for now - folks can always tweak their own configuration if 
they want/need to
   - figure out the root cause of why this isn't working for you
   - discuss the next steps once we know what the root cause is
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PR] Fix typo in Czech translation [tomcat]

2024-06-11 Thread via GitHub 


jajik closed pull request #732: Fix typo in Czech translation
URL: https://github.com/apache/tomcat/pull/732


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [PR] Fix typo in Czech translation [tomcat]

2024-06-11 Thread via GitHub 


jajik commented on PR #732:
URL: https://github.com/apache/tomcat/pull/732#issuecomment-2160391202

   Closing after a discussion with @rmaucher , POEditor changes should be 
sufficient.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 64826] libtcnative prompts for private key password in some situations

2024-06-11 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=64826

Michael Osipov  changed:

   What|Removed |Added

 CC||micha...@apache.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 67683] C source code is not compatible with OpenSSL 1.0.2

2024-06-11 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=67683

--- Comment #1 from Michael Osipov  ---
Since 1.3.0 has been delivered which supersedes 1.2.x should be close this as
wontfix?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 9.0.x updated: Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)

2024-06-11 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 9cace36b99 Add RealmBase.getPrincipal(GSSName, GSSCredential, 
GSSContext)
9cace36b99 is described below

commit 9cace36b9917d978cc6760ed41d81bb1bb95d17f
Author: Michael Osipov 
AuthorDate: Tue Jun 11 11:11:29 2024 +0200

Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)

A realm might want to access extended/additional information from an
established GSS context to properly build an authenticated princpal.
One prominent example is 
com.sun.security.jgss.ExtendedGSSContext.inquireSecContext(InquireType).
---
 java/org/apache/catalina/realm/RealmBase.java | 16 +++-
 webapps/docs/changelog.xml|  5 +
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index 45082831ab..471bc6e896 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -492,7 +492,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
 }
 }
 
-return getPrincipal(gssName, gssCredential);
+return getPrincipal(gssName, gssCredential, gssContext);
 }
 } else {
 log.error(sm.getString("realmBase.gssContextNotEstablished"));
@@ -1247,6 +1247,20 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements Realm {
 }
 
 
+/**
+ * Get the principal associated with the specified {@link GSSName}.
+ *
+ * @param gssName   The GSS name
+ * @param gssCredential the GSS credential of the principal
+ * @param gssContext the established GSS context
+ *
+ * @return the principal associated with the given user name.
+ */
+protected Principal getPrincipal(GSSName gssName, GSSCredential 
gssCredential, GSSContext gssContext) {
+return getPrincipal(gssName, gssCredential);
+}
+
+
 /**
  * Get the principal associated with the specified {@link GSSName}.
  *
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 27569bd081..611c596507 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -130,6 +130,11 @@
 attribute, thus causing facade objects to be discarded by default.
 (remm)
   
+  
+Add RealmBase.getPrincipal(GSSName, GSSCredential, 
GSSContext)
+for retrieving extended/additional information from an established
+GSS context. (michaelo)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch 10.1.x updated: Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)

2024-06-11 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new 2f0187e02b Add RealmBase.getPrincipal(GSSName, GSSCredential, 
GSSContext)
2f0187e02b is described below

commit 2f0187e02b571c67e7d124bd21fb28e02721c98c
Author: Michael Osipov 
AuthorDate: Tue Jun 11 11:11:29 2024 +0200

Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)

A realm might want to access extended/additional information from an
established GSS context to properly build an authenticated princpal.
One prominent example is 
com.sun.security.jgss.ExtendedGSSContext.inquireSecContext(InquireType).
---
 java/org/apache/catalina/realm/RealmBase.java | 16 +++-
 webapps/docs/changelog.xml|  5 +
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index 438b7296df..0021696b50 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -492,7 +492,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
 }
 }
 
-return getPrincipal(gssName, gssCredential);
+return getPrincipal(gssName, gssCredential, gssContext);
 }
 } else {
 log.error(sm.getString("realmBase.gssContextNotEstablished"));
@@ -1225,6 +1225,20 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements Realm {
 protected abstract Principal getPrincipal(String username);
 
 
+/**
+ * Get the principal associated with the specified {@link GSSName}.
+ *
+ * @param gssName   The GSS name
+ * @param gssCredential the GSS credential of the principal
+ * @param gssContext the established GSS context
+ *
+ * @return the principal associated with the given user name.
+ */
+protected Principal getPrincipal(GSSName gssName, GSSCredential 
gssCredential, GSSContext gssContext) {
+return getPrincipal(gssName, gssCredential);
+}
+
+
 /**
  * Get the principal associated with the specified {@link GSSName}.
  *
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 390870161c..3e238ff8b4 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -118,6 +118,11 @@
 69066: Fix regression in SPNEGO authenticator when
 processing Base64. Submitted by Daniel Lyko. (remm)
   
+  
+Add RealmBase.getPrincipal(GSSName, GSSCredential, 
GSSContext)
+for retrieving extended/additional information from an established
+GSS context. (michaelo)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated: Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)

2024-06-11 Thread michaelo 
This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 956c4577ca Add RealmBase.getPrincipal(GSSName, GSSCredential, 
GSSContext)
956c4577ca is described below

commit 956c4577caedca7d77c5eb996a83ebafdf80b889
Author: Michael Osipov 
AuthorDate: Tue Jun 11 11:11:29 2024 +0200

Add RealmBase.getPrincipal(GSSName, GSSCredential, GSSContext)

A realm might want to access extended/additional information from an
established GSS context to properly build an authenticated princpal.
One prominent example is 
com.sun.security.jgss.ExtendedGSSContext.inquireSecContext(InquireType).
---
 java/org/apache/catalina/realm/RealmBase.java | 16 +++-
 webapps/docs/changelog.xml|  5 +
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/realm/RealmBase.java 
b/java/org/apache/catalina/realm/RealmBase.java
index c0aaa49068..c441d51ecf 100644
--- a/java/org/apache/catalina/realm/RealmBase.java
+++ b/java/org/apache/catalina/realm/RealmBase.java
@@ -484,7 +484,7 @@ public abstract class RealmBase extends LifecycleMBeanBase 
implements Realm {
 }
 }
 
-return getPrincipal(gssName, gssCredential);
+return getPrincipal(gssName, gssCredential, gssContext);
 }
 } else {
 log.error(sm.getString("realmBase.gssContextNotEstablished"));
@@ -1201,6 +1201,20 @@ public abstract class RealmBase extends 
LifecycleMBeanBase implements Realm {
 protected abstract Principal getPrincipal(String username);
 
 
+/**
+ * Get the principal associated with the specified {@link GSSName}.
+ *
+ * @param gssName   The GSS name
+ * @param gssCredential the GSS credential of the principal
+ * @param gssContext the established GSS context
+ *
+ * @return the principal associated with the given user name.
+ */
+protected Principal getPrincipal(GSSName gssName, GSSCredential 
gssCredential, GSSContext gssContext) {
+return getPrincipal(gssName, gssCredential);
+}
+
+
 /**
  * Get the principal associated with the specified {@link GSSName}.
  *
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index cd704f988c..1273c41722 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -118,6 +118,11 @@
 69066: Fix regression in SPNEGO authenticator when
 processing Base64. Submitted by Daniel Lyko. (remm)
   
+  
+Add RealmBase.getPrincipal(GSSName, GSSCredential, 
GSSContext)
+for retrieving extended/additional information from an established
+GSS context. (michaelo)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [Bug 69130] New: nenetv

2024-06-11 Thread Felix Schumacher 


Am 11.06.24 um 10:07 schrieb bugzi...@apache.org:

https://bz.apache.org/bugzilla/show_bug.cgi?id=69130

 Bug ID: 69130


Spam deleted, Spammer blocked

Felix



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: [PR] Fix ide-support for idea [tomcat]

2024-06-11 Thread via GitHub 


dsoumis commented on PR #731:
URL: https://github.com/apache/tomcat/pull/731#issuecomment-2160286872

   > IMO it is reasonable to expect a user that is developing on the latest 
version of Tomcat, i.e. the main branch, to be using the latest Java SDK, which 
will work with the Experimental features flag.
   
   > @dsoumis That is not correct. The build.xml only excludes the FFM 
directories for Java versions < 22. See lines 1018 - 1033 which make use of the 
use-ffm flag at https://github.com/apache/tomcat/blob/main/build.xml#L1018
   
   Since IDE support is 
[configured](https://github.com/apache/tomcat/blob/main/build.xml#L3830) with 
build.java.version, which currently is 
[17](https://github.com/apache/tomcat/blob/main/build.xml#L111), then should be 
aligned with build.xml.
   
   > The reason that it is not working "out of the box" is that we also need to 
enable "Experimental" or "Preview" features as the FFM is not enabled in Java 
22 by default, and should be enabled with a switch.
   
   We can guide the developer by adding instructions to the target's comment in 
build.xml.
   
   ---
   > Keeping the exclusions in res/ide-support/idea/compiler.xml (or 
res/ide-support/idea/tomcat.iml, though I haven't tested that) commented out, 
allows the user to test the project with all of its features (e.g. FFM), and 
still make it easy to uncomment the lines and test without FFM on older SDKs.
   
   In its current state this will not work with @markt-asf proposal:
   > Keeping the project error free and the configuration of the auto-format 
tools is far more important to me than whether the FFM code is included in the 
IDE by default or not.
   
   Therefore, I propose that the exclusions be uncommented by default, and we 
provide guidance in the target's comment on how to include the FFM code. This 
would specify what needs to be commented out and the minimum SDK to use with  
"Experimental" or "Preview" features enabled. 
   
   (It's noteworthy that I haven't managed to make this work in Intellij even 
when using Java22 with preview features enabled, which might be a bug in IDEA 
and could affect other users as well. From my point of view, it's better to 
have something that works flawlessly out of the box than trying to figure out 
what is going wrong, which led to the existence of this PR :) )


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 69130] New: nenetv

2024-06-11 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=69130

Bug ID: 69130
   Summary: nenetv
   Product: Tomcat Native
   Version: unspecified
  Hardware: PC
Status: NEW
  Severity: normal
  Priority: P2
 Component: Library
  Assignee: dev@tomcat.apache.org
  Reporter: vaveli8...@noefa.com
  Target Milestone: ---

네네티비는 실시간 라이브 스트리밍의 경우 저작권에 위배되는 영상에 송출을 제한합니다. https://nenetv.net/

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org