[Bug 59001] Unable to load jar files when they have exclamation in the path

2016-03-01 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59001

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #12 from Mark Thomas  ---
The fix has been back-ported to 8.0.x for 8.0.33 onwards and to 7.0.x for
7.0.69 onwards.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 59001] Unable to load jar files when they have exclamation in the path

2016-03-01 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59001

--- Comment #11 from Mark Thomas  ---
Having looked at where we construct Jar URLs (and URLs that may be used to
later build Jar URLs) there were a handful of places where we needed to add
appropriate escaping. I've implemented the escaping for 9.0.x (it will be in
9.0.0.M4 onwards) and I'm looking at back-porting it. Given the various
refactorings I'm not sure how far back this fix will be back-ported.

Regarding the use of '+' in file names (comment #7) that looks like a separate
issue. Please open a separate BZ issue for that and provide s set of steps to
reproduce the issue.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 59001] Unable to load jar files when they have exclamation in the path

2016-02-29 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59001

--- Comment #10 from Jayashankar Karnam  ---
Either it get's fixed in the next releases or not, I strongly feel there has to
be some exception handling which doesn't trick developers to invest more energy
on debugging possible root cause within their application.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 59001] Unable to load jar files when they have exclamation in the path

2016-02-24 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59001

--- Comment #9 from Mark Thomas  ---
(In reply to Christopher Schultz from comment #8)
> (In reply to Mark Thomas from comment #6)

> > I'm not concerned about startup. That is a one-off cost. What concerns me is
> > the performance impact of adding this to FileResource.getURL(). That gets
> > called a lot. I'm concerned that the impact of adding this escaping is going
> > to be measurable for end users.
> 
> What about mutating the "classpath" used by a ClassLoader when it's
> constructed? That way, we could take the hit of URL -> String -> URL maybe
> one time for a context. I don't understand the implications of the way the
> ClassLoader works, so I may be making an insane proposal ;)

That is exactly what I am proposing for start-up. It is a one-off cost so no
big deal.

> > The other option is to take the position that anytime code constructs a jar
> > URL, that code is responsible for ensuring that any !/ sequences in the path
> > it uses to construct that URL are escaped. While we could do this in Tomcat
> > (there are ~20 places we'd need to fix this), I suspect a whole bunch of
> > third-party code won't handle this correctly. And this is before we get into
> > the mess that is JARs in WARs.
> > 
> > Given that most users don't need this (I don't recall seeing this issue
> > reported previously and that's going back to Tomcat 4.1.x) I'm leaning
> > heavily towards WONTFIX. There is going to need to be a really good reason
> > to fix this to change my mind.
> 
> If we expect external code to do its own URL-escaping, it doesn't really
> change the current behavior. I don't think that would be a horrible change,
> since it would make common cases work (where only Tomcat is involved), and
> it wouldn't break any of the other cases because they would already be
> broken (right?).

I'm still on the fence about this (and that is without looking at the JAR in
WAR issue).

I've thought of a few ways we could make FileResource.getURL() handle this
without being horribly slow unless you have a path that includes a !/ sequence
(in which case being slow is the price you pay for it working) but I'm becoming
less convinced that this is the way to go.

The more I think about it, the more I am leaning towards the view that if you
take a string and use it to construct a JAR URL then you are responsible for
making sure any "!/" sequences are escaped. Before heading down that route I'd
want to check how often the ~20 places we'd need to do this are called.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 59001] Unable to load jar files when they have exclamation in the path

2016-02-24 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59001

--- Comment #8 from Christopher Schultz  ---
(In reply to Mark Thomas from comment #6)
> I really wanted to fix this but I'm not sure that supporting this use case
> is worth the cost.
> 
> There are two places I have found (so far) where changes would be required.
> The first is during start-up to ensure that the paths used to construct the
> URLs for the class loaders escape "!/" to "%21/".
> 
> The second is in the web resources implementation where
> FileResource.getURL() needs to escape "!/" to "%21/".
> 
> The problem stems from the fact that the only way to do this escaping (that
> I have been able to find) is URL -> toString() -> replaceAll() -> new URL().
> And that is relatively expensive.
> 
> I'm not concerned about startup. That is a one-off cost. What concerns me is
> the performance impact of adding this to FileResource.getURL(). That gets
> called a lot. I'm concerned that the impact of adding this escaping is going
> to be measurable for end users.

What about mutating the "classpath" used by a ClassLoader when it's
constructed? That way, we could take the hit of URL -> String -> URL maybe one
time for a context. I don't understand the implications of the way the
ClassLoader works, so I may be making an insane proposal ;)

> The other option is to take the position that anytime code constructs a jar
> URL, that code is responsible for ensuring that any !/ sequences in the path
> it uses to construct that URL are escaped. While we could do this in Tomcat
> (there are ~20 places we'd need to fix this), I suspect a whole bunch of
> third-party code won't handle this correctly. And this is before we get into
> the mess that is JARs in WARs.
> 
> Given that most users don't need this (I don't recall seeing this issue
> reported previously and that's going back to Tomcat 4.1.x) I'm leaning
> heavily towards WONTFIX. There is going to need to be a really good reason
> to fix this to change my mind.

If we expect external code to do its own URL-escaping, it doesn't really change
the current behavior. I don't think that would be a horrible change, since it
would make common cases work (where only Tomcat is involved), and it wouldn't
break any of the other cases because they would already be broken (right?).

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 59001] Unable to load jar files when they have exclamation in the path

2016-02-23 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59001

--- Comment #7 from Martti  ---
I'm having similar problem but with + sign. Our build system (gradle) creates
executable war with Mercurial revision hash. Sometimes this hash can contain
"+" as a last character ala "kalkulaator-f83780e3571e+.war"


now when we try to run this war (embedded tomcat 8.0.30) jps will not work. If
I rename war to "kalkulaator-f83780e3571e.war" everything is ok.

"java -jar build\libs\kalkulaator-f83780e3571e+.war"

...

"
...
2016-02-23 18:00:00,466 WARN  UUID [o.a.t.u.s.StandardJarScanner] - Failed to
scan JAR
[jar:file:/C:/Users/desin/code/kalk/build/libs/kalkulaator-f83780e3571e+.war!/WEB-INF/lib/jstl-1.2.jar]
from /WEB-INF/lib
java.io.FileNotFoundException: JAR entry
WEB-INF/lib-provided/tomcat-embed-core-8.0.30.jar!/javax/servlet/resources/web-jsptaglibrary_1_2.dtd
not found in C:\Users\desin\code\kalk\build\libs\kalkulaator-f83780e3571e+.war
at
sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:142)
~[na:1.8.0_73]
at
sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:150)
~[na:1.8.0_73]
at
com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(XMLEntityManager.java:623)
~[na:1.8.0_73]
at
com.sun.org.apache.xerces.internal.impl.XMLEntityManager.startEntity(XMLEntityManager.java:1305)
~[na:1.8.0_73]
at
com.sun.org.apache.xerces.internal.impl.XMLEntityManager.startDTDEntity(XMLEntityManager.java:1271)
~[na:1.8.0_73]
at
com.sun.org.apache.xerces.internal.impl.XMLDTDScannerImpl.setInputSource(XMLDTDScannerImpl.java:263)
~[na:1.8.0_73]
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$DTDDriver.dispatch(XMLDocumentScannerImpl.java:1167)
~[na:1.8.0_73]
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$DTDDriver.next(XMLDocumentScannerImpl.java:1050)
~[na:1.8.0_73]
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:964)
~[na:1.8.0_73]
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:606)
~[na:1.8.0_73]
at
com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:118)
~[na:1.8.0_73]
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510)
~[na:1.8.0_73]
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:848)
~[na:1.8.0_73]
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:777)
~[na:1.8.0_73]
at
com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
~[na:1.8.0_73]
at
com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)
~[na:1.8.0_73]
at
com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)
~[na:1.8.0_73]
at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1451)
~[tomcat-embed-core-8.0.30.jar!/:8.0.30]
at
org.apache.tomcat.util.descriptor.tld.TldParser.parse(TldParser.java:76)
~[tomcat-embed-core-8.0.30.jar!/:8.0.30]
at org.apache.jasper.servlet.TldScanner.parseTld(TldScanner.java:279)
[tomcat-embed-jasper-8.0.30.jar!/:8.0.30]
at
org.apache.jasper.servlet.TldScanner$TldScannerCallback.scan(TldScanner.java:315)
~[tomcat-embed-jasper-8.0.30.jar!/:8.0.30]
at
org.apache.tomcat.util.scan.StandardJarScanner.process(StandardJarScanner.java:306)
~[tomcat-embed-core-8.0.30.jar!/:8.0.30]
at
org.apache.tomcat.util.scan.StandardJarScanner.scan(StandardJarScanner.java:162)
~[tomcat-embed-core-8.0.30.jar!/:8.0.30]
at org.apache.jasper.servlet.TldScanner.scanJars(TldScanner.java:262)
[tomcat-embed-jasper-8.0.30.jar!/:8.0.30]
at org.apache.jasper.servlet.TldScanner.scan(TldScanner.java:106)
[tomcat-embed-jasper-8.0.30.jar!/:8.0.30]
at
org.apache.jasper.servlet.JasperInitializer.onStartup(JasperInitializer.java:103)
[tomcat-embed-jasper-8.0.30.jar!/:8.0.30]
at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5244)
[tomcat-embed-core-8.0.30.jar!/:8.0.30]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
[tomcat-embed-core-8.0.30.jar!/:8.0.30]
at
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408)
[tomcat-embed-core-8.0.30.jar!/:8.0.30]
at
org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398)
[tomcat-embed-core-8.0.30.jar!/:8.0.30]
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[na:1.8.0_73]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[na:1.8.0_73]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPo

[Bug 59001] Unable to load jar files when they have exclamation in the path

2016-02-22 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59001

--- Comment #6 from Mark Thomas  ---
I really wanted to fix this but I'm not sure that supporting this use case is
worth the cost.

There are two places I have found (so far) where changes would be required. The
first is during start-up to ensure that the paths used to construct the URLs
for the class loaders escape "!/" to "%21/".

The second is in the web resources implementation where FileResource.getURL()
needs to escape "!/" to "%21/".

The problem stems from the fact that the only way to do this escaping (that I
have been able to find) is URL -> toString() -> replaceAll() -> new URL(). And
that is relatively expensive.

I'm not concerned about startup. That is a one-off cost. What concerns me is
the performance impact of adding this to FileResource.getURL(). That gets
called a lot. I'm concerned that the impact of adding this escaping is going to
be measurable for end users.

The other option is to take the position that anytime code constructs a jar
URL, that code is responsible for ensuring that any !/ sequences in the path it
uses to construct that URL are escaped. While we could do this in Tomcat (there
are ~20 places we'd need to fix this), I suspect a whole bunch of third-party
code won't handle this correctly. And this is before we get into the mess that
is JARs in WARs.

Given that most users don't need this (I don't recall seeing this issue
reported previously and that's going back to Tomcat 4.1.x) I'm leaning heavily
towards WONTFIX. There is going to need to be a really good reason to fix this
to change my mind.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 59001] Unable to load jar files when they have exclamation in the path

2016-02-17 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59001

--- Comment #5 from Christopher Schultz  ---
No problem. The only question is whether or not Tomcat knows at the time that
the URL it's building is a physical on-disk resource. If Tomcat does know this,
it can escape special characters like "!".

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 59001] Unable to load jar files when they have exclamation in the path

2016-02-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59001

--- Comment #4 from Jayashankar Karnam  ---
JarURLConnection is responsible for the mishap. As per java doc "!/" is a
terminator for the jar file. That's the reason why it is failing at
G:/TEST!Maven not G:/TEST

And whatever comes after the "!/" becomes the context within the jar.

Java doc link -
https://docs.oracle.com/javase/7/docs/api/java/net/JarURLConnection.html

Sorry for the confusion.

-Jay

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 59001] Unable to load jar files when they have exclamation in the path

2016-02-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59001

--- Comment #3 from Christopher Schultz  ---
Honestly, I'm surprised that it's failing where it is: I would have expected it
to fail saying that "G:\TEST" didn't exist.

This isn't Tomcat doing this; it's the combination of a large number of
components all of which are using URLs for certain purposes. There are many
many corner cases where the JRE itself will fall-over even if Tomcat wasn't
involved.

I don't believe Tomcat massages any of the URLs it's processing, so there may
be an opportunity for Tomcat to escape the ! characters in an on-disk filename
(i.e. "!" -> "%21"). But like I said, there's always more and more edge-cases
and encoding once means possibly encoding multiple times (and sometimes having
to decode a few times, too). It's just a giant mess.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 59001] Unable to load jar files when they have exclamation in the path

2016-02-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59001

--- Comment #2 from Jayashankar Karnam  ---
My disk path is "G:\TEST!Maven!\..."

Indeed, it is a corner use case. 
Is there any reason why tomcat is solely relying on "!" to identify end of the
string? When we know that is the path to find specified resource, why "!" in
the end?

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



[Bug 59001] Unable to load jar files when they have exclamation in the path

2016-02-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=59001

Christopher Schultz  changed:

   What|Removed |Added

 OS||All

--- Comment #1 from Christopher Schultz  ---
Typically, the ! character means that the sought resource is actually inside of
a JAR file. The URL you have has a ! after an on-disk path, but not one that
(looks like it) is a JAR file (G:\TEST).

That looks like an invalid JAR URL to me.

Or has Tomcat built a bad URL out of some other path?

Or, are you saying that your on-disk path is actually "G:\TEST!Maven!"?

This may be a pathological use case, but neither NTFS nor any of the *NIX
filesystems I checked have any prohibition against ! characters, which are
special for JAR URLs. (None of those filesystems prohibit # marks, either,
which could potentially be a problem.)

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org