cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/config JservConfig.java
larryi 01/08/15 22:24:14 Modified:src/share/org/apache/tomcat/modules/config JservConfig.java Log: Updated to have features similar to ApacheConfig. Revision ChangesPath 1.3 +467 -199 jakarta-tomcat/src/share/org/apache/tomcat/modules/config/JservConfig.java Index: JservConfig.java === RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/config/JservConfig.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- JservConfig.java 2001/07/19 20:23:34 1.2 +++ JservConfig.java 2001/08/16 05:24:14 1.3 @@ -61,53 +61,75 @@ import org.apache.tomcat.util.io.FileUtil; import org.apache.tomcat.util.log.*; import java.io.*; -import java.net.*; import java.util.*; // Used to find Ajp1? connector port import org.apache.tomcat.modules.server.Ajp12Interceptor; -import org.apache.tomcat.modules.server.Ajp13Interceptor; /** - -Generates automatic apache configurations based on +Generates automatic apache mod_jserv configurations based on the Tomcat server.xml settings and the war contexts initialized during startup. -This config interceptor is enabled by inserting an ApacheConfig +This config interceptor is enabled by inserting a JservConfig element in the \ tag body inside the server.xml file like so: * < ContextManager ... > * ... -*+* * ... * < /ContextManager > where options can include any of the following attributes: - confighome - default parent directory for the following paths. + configHome - default parent directory for the following paths. If not set, this defaults to TOMCAT_HOME. Ignored whenever any of the following paths is absolute. - jservconfig - path to write apache jserv conf file to. If - not set, defaults to - "conf/jserv/tomcat-apache.conf". - modjserv - path to Apache JServ plugin module file. If not - set, defaults to "modules/ApacheModuleJServ.dll" - on windows, "modules/Jserv.nlm" on netware, and - "libexec/mod_jserv.so" everywhere else. - jklog - path to log file to be used by mod_jk. + jservConfig - path to use for writing Apache mod_jserv conf file. If + not set, defaults to + "conf/auto/tomcat-apache.conf". + modJServ - path to Apache mod_jserv plugin file. If not set, + defaults to "modules/ApacheModuleJserv.dll" on windows, + and "libexec/mod_jserv.so" everywhere else. + jservLog - path to log file to be used by mod_jserv. + jservDebug - Jserv Loglevel setting. May be debug, info, notice, + warn, error, crit, alert, or emerg. + If not set, defaults to debug. + forwardAll - If true, forward all requests to Tomcat. This helps + insure that all the behavior configured in the web.xml + file functions correctly. If false, let Apache serve + static resources. The default is true. + Warning: When false, some configuration in + the web.xml may not be duplicated in Apache. + Review the tomcat-apache conf file to see what + configuration is actually being set in Apache. + noRoot - If true, the root context is not mapped to + Tomcat. If false and forwardAll is true, all requests + to the root context are mapped to Tomcat. If false and + forwardAll is false, only JSP and servlets requests to + the root context are mapped to Tomcat. When false, + to correctly serve Tomcat's root context you must also + modify the DocumentRoot setting in Apache's httpd.conf + file to point to Tomcat's root context directory. + Otherwise some content, such as Apache's index.html, + will be served by Apache before mod_jserv gets a chance + to claim the request and pass it to Tomcat. + The default is true. - + @author Costin Manolache +@author Larry Isaacs @author Mel Martinez - @version $Revision: 1.2
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/config ApacheConfig.java
larryi 01/08/15 22:22:41
Modified:src/share/org/apache/tomcat/modules/config ApacheConfig.java
Log:
Update to avoid writing duplicate NameVirtualHost directives. Also,
if the context's host name is an ip address, or a host ip address is specified,
then that address is used for the NameVirtualHost and
directives.
Added generation of NameVirtualHost to generateContextMappings().
Revision ChangesPath
1.25 +32 -8
jakarta-tomcat/src/share/org/apache/tomcat/modules/config/ApacheConfig.java
Index: ApacheConfig.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/config/ApacheConfig.java,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- ApacheConfig.java 2001/08/16 00:27:07 1.24
+++ ApacheConfig.java 2001/08/16 05:22:41 1.25
@@ -1,4 +1,4 @@
-/* $Id: ApacheConfig.java,v 1.24 2001/08/16 00:27:07 costin Exp $
+/* $Id: ApacheConfig.java,v 1.25 2001/08/16 05:22:41 larryi Exp $
*
*
* The Apache Software License, Version 1.1
@@ -146,7 +146,7 @@
@author Costin Manolache
@author Larry Isaacs
@author Mel Martinez
- @version $Revision: 1.24 $ $Date: 2001/08/16 00:27:07 $
+ @version $Revision: 1.25 $ $Date: 2001/08/16 05:22:41 $
*/
public class ApacheConfig extends BaseJkConfig {
@@ -182,6 +182,8 @@
private String sslSessionIndicator="SSL_SESSION_ID";
private String sslCipherIndicator="SSL_CIPHER";
private String sslCertsIndicator="SSL_CLIENT_CERT";
+
+Hashtable NamedVirtualHosts=null;
public ApacheConfig() {
}
@@ -254,7 +256,7 @@
*/
protected void initProperties(ContextManager cm) {
super.initProperties(cm);
-
+
jkConfig=FileUtil.getConfigFile( jkConfig, configHome, MOD_JK_CONFIG);
workersConfig=FileUtil.getConfigFile( workersConfig, configHome,
WORKERS_CONFIG);
@@ -280,6 +282,8 @@
initProperties(cm);
initProtocol(cm);
+NamedVirtualHosts = new Hashtable();
+
StringBuffer sb=new StringBuffer();
PrintWriter mod_jk = new PrintWriter(new FileWriter(jkConfig));
log("Generating apache mod_jk config = "+jkConfig );
@@ -402,8 +406,10 @@
return;
}
if( vhost != null ) {
- generateNameVirtualHost(mod_jk );
- mod_jk.println("");
+String vhostip = getVirtualHostAddress(vhost,
+context.getHostAddress());
+ generateNameVirtualHost(mod_jk, vhostip);
+ mod_jk.println("");
mod_jk.println("ServerName " + vhost );
Enumeration aliases=context.getHostAliases();
if( aliases.hasMoreElements() ) {
@@ -426,13 +432,17 @@
mod_jk.println(indent + "JkMount " + nPath + "/* " + jkProto );
if( vhost != null ) {
mod_jk.println("");
+mod_jk.println();
indent="";
}
}
-private void generateNameVirtualHost( PrintWriter mod_jk ) {
- mod_jk.println("NameVirtualHost *");
+private void generateNameVirtualHost( PrintWriter mod_jk, String ip ) {
+if( !NamedVirtualHosts.containsKey(ip) ) {
+mod_jk.println("NameVirtualHost " + ip + "");
+NamedVirtualHosts.put(ip,ip);
+}
}
// Apache serves static mode
@@ -454,7 +464,10 @@
" " );
mod_jk.println();
if( vhost != null ) {
- mod_jk.println("");
+String vhostip = getVirtualHostAddress(vhost,
+context.getHostAddress());
+ generateNameVirtualHost(mod_jk, vhostip);
+ mod_jk.println("");
mod_jk.println("ServerName " + vhost );
Enumeration aliases=context.getHostAliases();
if( aliases.hasMoreElements() ) {
@@ -614,4 +627,15 @@
}
return docBase;
}
+
+private String getVirtualHostAddress(String vhost, String vhostip) {
+if( vhostip == null ) {
+if ( vhost != null && vhost.length() > 0 &&
Character.isDigit(vhost.charAt(0)) )
+vhostip=vhost;
+else
+vhostip="*";
+}
+return vhostip;
+}
+
}
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/config ContextXmlReader.java
larryi 01/08/15 21:52:56
Modified:src/share/org/apache/tomcat/modules/config
ContextXmlReader.java
Log:
Add rule for "address" parameter on tag. It will set a Context's
hostAddress property.
Revision ChangesPath
1.9 +3 -0
jakarta-tomcat/src/share/org/apache/tomcat/modules/config/ContextXmlReader.java
Index: ContextXmlReader.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/config/ContextXmlReader.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- ContextXmlReader.java 2001/08/06 15:42:36 1.8
+++ ContextXmlReader.java 2001/08/16 04:52:56 1.9
@@ -153,6 +153,7 @@
// Virtual host support - if Context is inside a
xh.addRule( "Host", xh.setVar( "current_host", "name"));
+ xh.addRule( "Host", xh.setVar( "current_address", "address"));
xh.addRule( "Host", xh.setProperties());
xh.addRule( "Alias", new XmlAction() {
public void start( SaxContext xctx) throws Exception {
@@ -171,10 +172,12 @@
public void end( SaxContext xctx) throws Exception {
Context tcCtx=(Context)xctx.currentObject();
String host=(String)xctx.getVariable("current_host");
+ String address=(String)xctx.getVariable("current_address");
Vector aliases=(Vector)xctx.getVariable( "host_aliases" );
if( host!=null && ! "DEFAULT".equals( host )) {
tcCtx.setHost( host );
+ tcCtx.setHostAddress( address );
if( aliases!=null ) {
Enumeration alE=aliases.elements();
while( alE.hasMoreElements() ) {
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core Context.java
larryi 01/08/15 21:50:30
Modified:src/share/org/apache/tomcat/core Context.java
Log:
Still figurine out virtual hosts, but I think virtual host ip address will be
needed for writing config files should the host name not be an ip address.
Revision ChangesPath
1.147 +16 -0 jakarta-tomcat/src/share/org/apache/tomcat/core/Context.java
Index: Context.java
===
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Context.java,v
retrieving revision 1.146
retrieving revision 1.147
diff -u -r1.146 -r1.147
--- Context.java 2001/08/03 02:44:24 1.146
+++ Context.java 2001/08/16 04:50:30 1.147
@@ -221,6 +221,8 @@
// Virtual host name ( null if default )
private String vhost=null;
+// Virtual host ip address (if vhost isn't an address)
+private String vhostip=null;
// vhost aliases
private Vector vhostAliases=new Vector();
@@ -605,6 +607,20 @@
*/
public final String getHost() {
return vhost;
+}
+
+/**
+ * Set the virtual host ip address.
+ */
+public final void setHostAddress( String ip ) {
+vhostip=ip;
+}
+
+/**
+ * Return the virtual host ip address.
+ */
+public final String getHostAddress() {
+return vhostip;
}
/** DocBase points to the web application files.
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core StandardWrapper.java
craigmcc01/08/15 19:46:52
Modified:catalina/src/share/org/apache/catalina/core
StandardWrapper.java
Log:
Do not allow an unload() operation to begin if there are any current
requests executing within this servlet. This fixes a potential race
condition if an context reload occurs while active requests to one or more
servlets are still occurring.
Revision ChangesPath
1.28 +32 -8
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardWrapper.java
Index: StandardWrapper.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardWrapper.java,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- StandardWrapper.java 2001/07/25 04:05:50 1.27
+++ StandardWrapper.java 2001/08/16 02:46:52 1.28
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardWrapper.java,v
1.27 2001/07/25 04:05:50 remm Exp $
- * $Revision: 1.27 $
- * $Date: 2001/07/25 04:05:50 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardWrapper.java,v
1.28 2001/08/16 02:46:52 craigmcc Exp $
+ * $Revision: 1.28 $
+ * $Date: 2001/08/16 02:46:52 $
*
*
*
@@ -105,7 +105,7 @@
* make them efficient are counter-productive.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.27 $ $Date: 2001/07/25 04:05:50 $
+ * @version $Revision: 1.28 $ $Date: 2001/08/16 02:46:52 $
*/
public final class StandardWrapper
@@ -146,6 +146,13 @@
/**
+ * The count of allocations that are currently active (even if they
+ * are for the same instance, as will be true on a non-STM servlet).
+ */
+private int countAllocated = 0;
+
+
+/**
* The debugging detail level for this component.
*/
private int debug = 0;
@@ -273,6 +280,18 @@
/**
+ * Return the number of active allocations of this servlet, even if they
+ * are all for the same instance (as will be true for servlets that do
+ * not implement SingleThreadModel.
+ */
+public int getCountAllocated() {
+
+return (this.countAllocated);
+
+}
+
+
+/**
* Return the debugging detail level for this component.
*/
public int getDebug() {
@@ -612,6 +631,7 @@
if (!singleThreadModel) {
if (debug >= 2)
log(" Returning non-STM instance");
+countAllocated++;
return (instance);
}
@@ -629,6 +649,7 @@
if (debug >= 2)
log(" Returning allocated STM instance");
allocated = true;
+countAllocated++;
return (instance);
}
@@ -646,6 +667,8 @@
*/
public void deallocate(Servlet servlet) throws ServletException {
+countAllocated--;
+
// If not SingleThreadModel, no action is required
if (!singleThreadModel)
return;
@@ -963,12 +986,13 @@
unloading = true;
// Loaf a while if the current instance is allocated
-if (allocated) {
+// (possibly more than once if non-STM)
+if (countAllocated > 0) {
boolean first = true;
-while (allocated) {
+while (countAllocated > 0) {
if (first) {
-if (debug >= 1)
-log("Waiting for instance to be deallocated");
+log("Waiting for " + countAllocated +
+" instance(s) to be deallocated");
first = false;
}
try {
Re: FW: catalina SSL
Quoting "Craig R. McClanahan" <[EMAIL PROTECTED]>:
> On Thu, 16 Aug 2001, Pier P. Fumagalli wrote:
>
> > OH SSL GURU! :) :) Do you have any clue (Reply to all so it'll go
> in
> > tomcat-users too!)
Don't worry, baby. The SSL doctor is in session ;-)
> > Hi
> > I'm getting used to Tomcat but not enough to get it work.
> > Trying to install the SSL connector, but always getting a java IO
> exception,
> > "keystore tampered".
>
> That's one I've never seen before.
>
> Have you followed the instructions (inside server.xml) exactly?
"Keystore tampered ..." usually indictates that the keystore did not like the
password it was given. You should have gotten a "no suitable provider"
exception if you didn't have your java.security file set up right, so I'll
assume you do. The exaxt steps to get SSL working are listed a little further
down.
> > I'm a complete newbie either in tomcat or in ssl, so I
> > surely didn't do things right. Is there a good tutorial for this (I
> mean for
> > catalina and ssl) , because most of litterature is relevant only for
> Tomcat
> > previous versions, and Sun's documentation deals with java classes,
> not with
> > applications that needs to be configurated through server.xml.
I'm currently working on exactly such a document. :)
> > So, do I have to make changes to the catalina.bat, to include (in
> the
> > dostartsecure / dorunsecure) the lines:
> > -Djava.protocol.handler.pkgs=\com.sun.net.ssl.internal.www.protocol
> >
>
> Is there really supposed to be a backslash (\) before "com.sun" ?
>
> You can avoid the need to modify catalina.bat by setting an
> appropriate
> value for the CATALINA_OPTS environment variable to the set of
> properties
> you want to pass. But I've not had to do this.
There are no changes whatsoever necessary to run SSL aside from what is
documented in server.xml. Here are the exact steps:
1. Download JSSE and put the three jar files in {JAVA_HOME}\jre\lib\ext (it's
not necessary to put them in the CLASSPATH unless your own classes rely on them)
2. DO NOT put the three files anywhere in the internal Tomcat tree (lib,
server/lib, or common/lib). This will hose you.
3. Add the following line to your {JAVA_HOME}\jre\lib\security\java.security
file (in the first section of settings, you'll see it):
security.provider.9=com.sun.net.ssl.internal.ssl.Provider
The number is simply the order in which the JVM attempts to find suitable
security providers. Just pick one that is not already in use by any
existing "security.provider..." lines.
4. Execute the following in a terminal command-line:
keytool -genkey -alias tomcat -keyalg RSA
It will start asking you questions about your cert. The only really crucial
ones are when it asks you for a password (at two different times). You must use
the same password in both places. You can type in the Tomcat default, which
is "changeit" (all lowercase), or you can make up your own.
5. Uncomment the secure connector in {TC_HOME}\conf\server.xml
6. If you specified a password other than "changeit" when generating the
keystore, edit the tag nested within the relevant tag.
Add an attribute called "KeystorePass" with the value of your password. Your
tag should now look something like this:
If you just used "changeit", you can skip this step.
That's it. When you start Catalina up, it should now be running a secure socket
on the specified port (8443 by default). No modifications to catalina.bat or
any additional JVM parameters are necessary.
Note: Since I am addressing your specific problem, I left out the whole issue
of where Tomcat looks for the keystore file in the above step-by-step. Tomcat
obviously found the keystore file where it expected it in your case, but other
users referencing this thread should be aware that I glossed over the whole
keystore location issue. You can read all about it in my upcoming SSL guide =)
> > Do I have to make include a specific keystore in the catalina.policy
> using
> > policytool.exe?
Nope, that shouldn't be necessary.
> > How to modify the tomcat server.xml 's ssl connector to show the
> keystore
> > and keypass?
KeystoreFile and KeystorePass attributes on the tag are where you put
custom values, if either the location or password are anything other than the
defaults.
> > Thanks for any hint on this wild matter.
You are quite welcome :)
> > France, Bordeaux, xml and gay pride.
That sounds like the possible anwers to a multiple choice question ;-)
Let me know if you have any other problems. I would recommend undoing whatever
changes you made to Catalina.bat, including any JVM parameters you may have
added, and following the above steps from scratch.
Good luck!
- Christopher
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources WARDirContext.java
craigmcc01/08/15 18:20:05
Modified:catalina/src/share/org/apache/naming/resources
WARDirContext.java
Log:
Sort entries in directory lists for WAR-based webapps also.
PR: Bugzilla #3104
Submitted by: [EMAIL PROTECTED]
Revision ChangesPath
1.3 +13 -5
jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/WARDirContext.java
Index: WARDirContext.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/WARDirContext.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- WARDirContext.java2001/02/05 04:41:08 1.2
+++ WARDirContext.java2001/08/16 01:20:05 1.3
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/WARDirContext.java,v
1.2 2001/02/05 04:41:08 remm Exp $
- * $Revision: 1.2 $
- * $Date: 2001/02/05 04:41:08 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/WARDirContext.java,v
1.3 2001/08/16 01:20:05 craigmcc Exp $
+ * $Revision: 1.3 $
+ * $Date: 2001/08/16 01:20:05 $
*
*
*
@@ -64,6 +64,7 @@
package org.apache.naming.resources;
+import java.util.Arrays;
import java.util.Hashtable;
import java.util.Vector;
import java.util.Date;
@@ -99,7 +100,7 @@
* WAR Directory Context implementation.
*
* @author Remy Maucherat
- * @version $Revision: 1.2 $ $Date: 2001/02/05 04:41:08 $
+ * @version $Revision: 1.3 $ $Date: 2001/08/16 01:20:05 $
*/
public class WARDirContext extends BaseDirContext {
@@ -803,6 +804,7 @@
Vector entries = new Vector();
Entry[] children = entry.getChildren();
+Arrays.sort(children);
NamingEntry namingEntry = null;
for (int i = 0; i < children.length; i++) {
@@ -829,7 +831,7 @@
/**
* Entries structure.
*/
-protected class Entry {
+protected class Entry implements Comparable {
// Constructor
@@ -856,6 +858,12 @@
// - Public Methods
+public int compareTo(Object o) {
+if (!(o instanceof Entry))
+return (+1);
+return (name.compareTo(((Entry) o).getName()));
+}
+
public ZipEntry getEntry() {
return entry;
}
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources FileDirContext.java
craigmcc01/08/15 17:57:18
Modified:catalina/src/share/org/apache/naming/resources
FileDirContext.java
Log:
Sort the directory listing returned when there is no welcome page (and
directory listings are not suppressed) for webapps that are unpacked into
a real directory. Still have to look at how to do this for webapps that
are executed directly from a WAR.
Revision ChangesPath
1.7 +6 -4
jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/FileDirContext.java
Index: FileDirContext.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/FileDirContext.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- FileDirContext.java 2001/07/23 06:40:46 1.6
+++ FileDirContext.java 2001/08/16 00:57:18 1.7
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/FileDirContext.java,v
1.6 2001/07/23 06:40:46 remm Exp $
- * $Revision: 1.6 $
- * $Date: 2001/07/23 06:40:46 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/FileDirContext.java,v
1.7 2001/08/16 00:57:18 craigmcc Exp $
+ * $Revision: 1.7 $
+ * $Date: 2001/08/16 00:57:18 $
*
*
*
@@ -64,6 +64,7 @@
package org.apache.naming.resources;
+import java.util.Arrays;
import java.util.Hashtable;
import java.util.Vector;
import java.util.Date;
@@ -98,7 +99,7 @@
* Filesystem Directory Context implementation helper class.
*
* @author Remy Maucherat
- * @version $Revision: 1.6 $ $Date: 2001/07/23 06:40:46 $
+ * @version $Revision: 1.7 $ $Date: 2001/08/16 00:57:18 $
*/
public class FileDirContext extends BaseDirContext {
@@ -896,6 +897,7 @@
if (!file.isDirectory())
return entries;
String[] names = file.list();
+Arrays.sort(names); // Sort alphabetically
if (names == null)
return entries;
NamingEntry entry = null;
Re: FW: catalina SSL
On Thu, 16 Aug 2001, Pier P. Fumagalli wrote: > OH SSL GURU! :) :) Do you have any clue (Reply to all so it'll go in > tomcat-users too!) > > Pier > > -- Forwarded Message > From: "cib" <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Wed, 15 Aug 2001 20:17:58 +0200 > To: "Tomcat User Mail list" <[EMAIL PROTECTED]> > Subject: catalina SSL > > Hi > I'm getting used to Tomcat but not enough to get it work. > Trying to install the SSL connector, but always getting a java IO exception, > "keystore tampered". That's one I've never seen before. Have you followed the instructions (inside server.xml) exactly? > I'm a complete newbie either in tomcat or in ssl, so I > surely didn't do things right. Is there a good tutorial for this (I mean for > catalina and ssl) , because most of litterature is relevant only for Tomcat > previous versions, and Sun's documentation deals with java classes, not with > applications that needs to be configurated through server.xml. > > So, do I have to make changes to the catalina.bat, to include (in the > dostartsecure / dorunsecure) the lines: > -Djava.protocol.handler.pkgs=\com.sun.net.ssl.internal.www.protocol > Is there really supposed to be a backslash (\) before "com.sun" ? You can avoid the need to modify catalina.bat by setting an appropriate value for the CATALINA_OPTS environment variable to the set of properties you want to pass. But I've not had to do this. > Do I have to make include a specific keystore in the catalina.policy using > policytool.exe? > > How to modify the tomcat server.xml 's ssl connector to show the keystore > and keypass? > > Thanks for any hint on this wild matter. > > Cib > > France, Bordeaux, xml and gay pride. > > > -- End of Forwarded Message > > Craig
Re: catalina SSL
Pier P. Fumagalli at [EMAIL PROTECTED] wrote: > OH SSL GURU! :) :) Do you have any clue (Reply to all so it'll go in > tomcat-users too!) Darn, I placed tomcat-dev instead of tomcat user... :) Me big dope :) Pier
FW: catalina SSL
OH SSL GURU! :) :) Do you have any clue (Reply to all so it'll go in tomcat-users too!) Pier -- Forwarded Message From: "cib" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Wed, 15 Aug 2001 20:17:58 +0200 To: "Tomcat User Mail list" <[EMAIL PROTECTED]> Subject: catalina SSL Hi I'm getting used to Tomcat but not enough to get it work. Trying to install the SSL connector, but always getting a java IO exception, "keystore tampered". I'm a complete newbie either in tomcat or in ssl, so I surely didn't do things right. Is there a good tutorial for this (I mean for catalina and ssl) , because most of litterature is relevant only for Tomcat previous versions, and Sun's documentation deals with java classes, not with applications that needs to be configurated through server.xml. So, do I have to make changes to the catalina.bat, to include (in the dostartsecure / dorunsecure) the lines: -Djava.protocol.handler.pkgs=\com.sun.net.ssl.internal.www.protocol Do I have to make include a specific keystore in the catalina.policy using policytool.exe? How to modify the tomcat server.xml 's ssl connector to show the keystore and keypass? Thanks for any hint on this wild matter. Cib France, Bordeaux, xml and gay pride. -- End of Forwarded Message
cvs commit: jakarta-tomcat/src/etc server.xml
costin 01/08/15 17:38:06 Modified:src/etc server.xml Log: Uncomment JniConnector, it'll now sit inactive unless jni mode is detected. Use the short module name instead of class=, for consistency. Revision ChangesPath 1.86 +10 -19jakarta-tomcat/src/etc/server.xml Index: server.xml === RCS file: /home/cvs/jakarta-tomcat/src/etc/server.xml,v retrieving revision 1.85 retrieving revision 1.86 diff -u -r1.85 -r1.86 --- server.xml2001/08/03 02:34:22 1.85 +++ server.xml2001/08/16 00:38:06 1.86 @@ -169,7 +169,7 @@ secure - use SSL ( https ) keystore, keypass - certs for SSL port --> - - + - + - +
cvs commit: jakarta-tomcat/src/etc modules.xml
costin 01/08/15 17:35:40 Modified:src/etc modules.xml Log: Added module definitions for the connectors. Typing the class name requires too many keystrokes :-) Revision ChangesPath 1.11 +8 -0 jakarta-tomcat/src/etc/modules.xml Index: modules.xml === RCS file: /home/cvs/jakarta-tomcat/src/etc/modules.xml,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- modules.xml 2001/08/03 02:31:09 1.10 +++ modules.xml 2001/08/16 00:35:40 1.11 @@ -27,6 +27,14 @@ + + + + + + + +
cvs commit: jakarta-tomcat/src/etc jni_server.xml
costin 01/08/15 17:34:50 Removed: src/etc jni_server.xml Log: Removed jni_server.xml, it's no longer needed.
cvs commit: jakarta-tomcat/src/native/mod_jk/apache2.0 Makefile.linux
costin 01/08/15 17:33:52
Modified:src/native/mod_jk/apache2.0 Makefile.linux
Log:
Uncomment ifdef APXS, some people may use different locations.
( this is a local fix, j-t-c uses configure already )
Revision ChangesPath
1.6 +2 -2 jakarta-tomcat/src/native/mod_jk/apache2.0/Makefile.linux
Index: Makefile.linux
===
RCS file: /home/cvs/jakarta-tomcat/src/native/mod_jk/apache2.0/Makefile.linux,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- Makefile.linux2001/02/09 08:48:41 1.5
+++ Makefile.linux2001/08/16 00:33:52 1.6
@@ -12,9 +12,9 @@
# which postfix all apache2 stuff with 2, ie apxs = apxs2.
# It will allow to have both apache 1.3 and 2.0 the same time on the system
#
-#ifndef APXS
+ifndef APXS
APXS=/usr/sbin/apxs2
-#endif
+endif
JK=../common
SRCS=${JK}/jk_ajp12_worker.c ${JK}/jk_connect.c ${JK}/jk_msg_buff.c ${JK}/jk_util.c
${JK}/jk_ajp13.c \
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/config ApacheConfig.java
costin 01/08/15 17:27:07
Modified:src/share/org/apache/tomcat/modules/config ApacheConfig.java
Log:
Added 'inprocess' to the list of jkProtocols.
Revision ChangesPath
1.24 +3 -3
jakarta-tomcat/src/share/org/apache/tomcat/modules/config/ApacheConfig.java
Index: ApacheConfig.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/config/ApacheConfig.java,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- ApacheConfig.java 2001/08/11 03:37:28 1.23
+++ ApacheConfig.java 2001/08/16 00:27:07 1.24
@@ -1,4 +1,4 @@
-/* $Id: ApacheConfig.java,v 1.23 2001/08/11 03:37:28 larryi Exp $
+/* $Id: ApacheConfig.java,v 1.24 2001/08/16 00:27:07 costin Exp $
*
*
* The Apache Software License, Version 1.1
@@ -118,7 +118,7 @@
jkLog - path to log file to be used by mod_jk.
jkDebug - JK Loglevel setting. May be debug, info, error, or emerg.
If not set, defaults to emerg.
- jkProtocol The desired protocal, "ajp12" or "ajp13". If not
+ jkProtocol The desired protocal, "ajp12" or "ajp13" or "inprocess".
If not
specified, defaults to "ajp13" if an Ajp13Interceptor
is in use, otherwise it defaults to "ajp12".
forwardAll - If true, forward all requests to Tomcat. This helps
@@ -146,7 +146,7 @@
@author Costin Manolache
@author Larry Isaacs
@author Mel Martinez
- @version $Revision: 1.23 $ $Date: 2001/08/11 03:37:28 $
+ @version $Revision: 1.24 $ $Date: 2001/08/16 00:27:07 $
*/
public class ApacheConfig extends BaseJkConfig {
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/modules/server JNIConnectionHandler.java
costin 01/08/15 17:26:14
Modified:src/share/org/apache/tomcat/modules/server
JNIConnectionHandler.java
Log:
Few fixes and usability enhancements to JNIConnectionHandler.
The native library is loaded only if we're in "native" mode, the module
is inactive otherwise. This allows us to keep it in uncommented in server.xml.
( just like Jdk12Interceptor - which detects if jdk1.2 is used )
Also, the module needs no parameter if the default location for the library
is used ( i.e. TOMCAT_HOME/bin/native/jni_connector.[so,dll,nlm] ). The
extension is computed based on os.
A message is displayed if the file can't be found.
Revision ChangesPath
1.11 +81 -56
jakarta-tomcat/src/share/org/apache/tomcat/modules/server/JNIConnectionHandler.java
Index: JNIConnectionHandler.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/server/JNIConnectionHandler.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- JNIConnectionHandler.java 2001/08/15 02:30:29 1.10
+++ JNIConnectionHandler.java 2001/08/16 00:26:14 1.11
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/server/JNIConnectionHandler.java,v
1.10 2001/08/15 02:30:29 mmanders Exp $
- * $Revision: 1.10 $
- * $Date: 2001/08/15 02:30:29 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/server/JNIConnectionHandler.java,v
1.11 2001/08/16 00:26:14 costin Exp $
+ * $Revision: 1.11 $
+ * $Date: 2001/08/16 00:26:14 $
*
*
*
@@ -88,75 +88,35 @@
public JNIConnectionHandler() {
}
-// Config
-boolean nativeLibLoaded=false;
-
-/** Location of the jni library
- */
-public void setNativeLibrary(String lib) {
-// First try to load from the library path
-try {
-System.loadLibrary(lib);
- nativeLibLoaded=true;
-System.out.println("Library " + lib +
-" was loaded from the lib path");
-return;
-} catch(UnsatisfiedLinkError usl) {
-//usl.printStackTrace();
-System.err.println("Failed to loadLibrary() " + lib);
-}
-
-// Loading from the library path failed
-// Try to load assuming lib is a complete pathname.
-try {
- System.load(lib);
- nativeLibLoaded=true;
- System.out.println("Library " + lib + " loaded");
-return;
-} catch(UnsatisfiedLinkError usl) {
-System.err.println("Failed to load() " + lib);
-//usl.printStackTrace();
-}
-
-// OK, try to load from the default libexec
-// directory.
-// libexec directory = tomcat.home + / + libexec
-File f = new File(System.getProperties().getProperty("tomcat.home"),
- "libexec");
-
- String os=System.getProperty( "os.name" ).toLowerCase();
-if( os.indexOf("windows")>= 0) {
-f = new File(f, "jni_connect.dll");
-} else if ( os.indexOf("netware")>= 0) {
-f = new File(f, "jni_conn.nlm");
-} else {
-f = new File(f, "jni_connect.so");
-}
-System.load(f.toString());
- nativeLibLoaded=true;
-System.out.println("Library " + f.toString() + " loaded");
-}
-
-// hack for server startup
-
// JNIEndpoint was called to start tomcat
// Hack used to set the handler in JNIEndpoint.
// This works - if we have problems we may take the time
// and implement a better mechanism
static JNIEndpoint ep;
-boolean running = true;
public static void setEndpoint(JNIEndpoint jniep)
{
ep = jniep;
}
+// Config
+boolean nativeLibLoaded=false;
+String lib;
+
+/** Location of the jni library
+ */
+public void setNativeLibrary(String lib) {
+ this.lib=lib;
+}
+
/** Called when the ContextManger is started
*/
public void engineInit(ContextManager cm) throws TomcatException {
+ if( ep==null ) return;
super.engineInit( cm );
+
if(! nativeLibLoaded ) {
- throw new TomcatException("Missing connector native library name");
+ initLibrary();
}
try {
// notify the jni side that jni is set up corectly
@@ -167,6 +127,7 @@
}
public void engineShutdown(ContextManager cm) throws TomcatException {
+
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util/depend DependClassLoader.java
costin 01/08/15 17:22:17
Modified:src/share/org/apache/tomcat/util/depend
DependClassLoader.java
Log:
Fix for reloading bug reported by Ovidiu Predescu. Now DependClassLoader will
be used to define the classes instead of the wrapped classloader, and all
classes that are needed by a webapp class will be added to the dependency list.
Revision ChangesPath
1.5 +65 -7
jakarta-tomcat/src/share/org/apache/tomcat/util/depend/DependClassLoader.java
Index: DependClassLoader.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/depend/DependClassLoader.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- DependClassLoader.java2001/06/17 18:09:18 1.4
+++ DependClassLoader.java2001/08/16 00:22:17 1.5
@@ -63,6 +63,8 @@
import java.util.zip.*;
import java.security.*;
+import org.apache.tomcat.util.compat.*;
+
/**
* This is a wrapper class loader that will delegate all calls to
* the parent. It will also generate events for every loaded class,
@@ -83,12 +85,16 @@
*/
public class DependClassLoader extends ClassLoader {
protected ClassLoader parent;
+protected ClassLoader parent2;
+
final static int debug=0;
DependManager dependM;
-
+static Jdk11Compat jdkCompat=Jdk11Compat.getJdkCompat();
+
public DependClassLoader( DependManager depM, ClassLoader parent ) {
super(); // will check permissions
this.parent=parent;
+ this.parent2=jdkCompat.getParentLoader( parent );
dependM=depM;
}
@@ -123,25 +129,48 @@
if(resolve) resolveClass(c);
return c;
}
+
String classFileName = name.replace('.', '/' ) + ".class";
URL res=getResource( classFileName );
- if( res==null ) {
- if( debug >0 ) log( "Resource not found !!! " + name + " " +
classFileName);
- }
+ InputStream is=getResourceAsStream( classFileName );
+ if( res==null || is==null )
+ throw new ClassNotFoundException(name);
+ // If it's in parent2, load it ( we'll not track sub-dependencies ).
try {
- c = parent.loadClass(name);
+ c = parent2.loadClass(name);
if (c != null) {
if (resolve) resolveClass(c);
- dependency( c, res );
+ // No need, we can't reload anyway
+ // dependency( c, res );
return c;
}
} catch (Exception e) {
c = null;
}
+
+ // It's in our parent. Our task is to track all class loads, the parent
+ // should load anything ( otherwise the deps are lost ), but just resolve
+ // resources.
+ byte data[]=null;
+ try {
+ data=readFully( is );
+ if( data.length==0 ) data=null;
+ } catch(IOException ex ) {
+ if( debug > 0 ) ex.printStackTrace();
+ data=null;
+ throw new ClassNotFoundException( name + " error reading " +
ex.toString());
+ }
+ if( data==null )
+ throw new ClassNotFoundException( name + " lenght==0");
+
+ c=defineClass(data, 0, data.length);
+ dependency( c, res );
+
+ if (resolve) resolveClass(c);
-throw new ClassNotFoundException(name);
+ return c;
}
public URL getResource(String name) {
@@ -181,5 +210,34 @@
public ClassLoader getParentLoader() {
return parent;
+}
+
+private byte[] readFully( InputStream is )
+ throws IOException
+{
+ byte b[]=new byte[1024];
+ int count=0;
+
+ int available=1024;
+
+ while (true) {
+ int nRead = is.read(b,count,available);
+ if( nRead== -1 ) {
+ // we're done reading
+ byte result[]=new byte[count];
+ System.arraycopy( b, 0, result, 0, count );
+ return result;
+ }
+ // got a chunk
+ count += nRead;
+available -= nRead;
+ if( available == 0 ) {
+ // buffer full
+ byte b1[]=new byte[ b.length * 2 ];
+ available=b.length;
+ System.arraycopy( b, 0, b1, 0, b.length );
+ b=b1;
+ }
+}
}
}
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util/compat Jdk11Compat.java Jdk12Support.java
costin 01/08/15 17:20:47
Modified:src/share/org/apache/tomcat/util/compat Jdk11Compat.java
Jdk12Support.java
Log:
Added getParentLoader to the jdk compat package. It's used in few places,
better have a 1.1 compatible way.
Revision ChangesPath
1.8 +12 -2
jakarta-tomcat/src/share/org/apache/tomcat/util/compat/Jdk11Compat.java
Index: Jdk11Compat.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/compat/Jdk11Compat.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- Jdk11Compat.java 2001/08/03 02:52:08 1.7
+++ Jdk11Compat.java 2001/08/16 00:20:47 1.8
@@ -113,11 +113,21 @@
return null;
}
+public ClassLoader getParentLoader( ClassLoader cl ) {
+ if( cl instanceof DependClassLoader ) {
+ return ((DependClassLoader)cl).getParentLoader();
+ }
+ if( cl instanceof SimpleClassLoader ) {
+ return ((SimpleClassLoader)cl).getParentLoader();
+ }
+ return null;
+}
+
public URL[] getURLs(ClassLoader cl,int depth){
int c=0;
do{
-while(! (cl instanceof SimpleClassLoader))
-cl=((DependClassLoader)cl).getParentLoader();
+while( cl instanceof DependClassLoader && cl!=null)
+ cl=((DependClassLoader)cl).getParentLoader();
if (depth==c) return ((SimpleClassLoader)cl).getURLs();
c++;
cl=((SimpleClassLoader)cl).getParentLoader();
1.5 +14 -1
jakarta-tomcat/src/share/org/apache/tomcat/util/compat/Jdk12Support.java
Index: Jdk12Support.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/compat/Jdk12Support.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- Jdk12Support.java 2001/07/19 21:43:02 1.4
+++ Jdk12Support.java 2001/08/16 00:20:47 1.5
@@ -105,10 +105,23 @@
return Thread.currentThread().getContextClassLoader();
}
+public ClassLoader getParentLoader( ClassLoader cl ) {
+ if( cl instanceof DependClassLoader ) {
+ return ((DependClassLoader)cl).getParentLoader();
+ }
+ if( cl instanceof SimpleClassLoader ) {
+ return ((SimpleClassLoader)cl).getParentLoader();
+ }
+ if( cl instanceof URLClassLoader ) {
+ return ((URLClassLoader)cl).getParent();
+ }
+ return null;
+}
+
public URL[] getURLs(ClassLoader cl,int depth){
int c=0;
do{
-while(! (cl instanceof URLClassLoader) && cl != null )
+while(cl instanceof DependClassLoader && cl != null )
cl=((DependClassLoader)cl).getParentLoader();
if (cl==null) break;
if (depth==c) return ((URLClassLoader)cl).getURLs();
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util/io FileUtil.java
costin 01/08/15 17:19:20
Modified:src/share/org/apache/tomcat/util/io FileUtil.java
Log:
Fix for 2033.
Thanks to [EMAIL PROTECTED] (James Thomas) for the fix
Revision ChangesPath
1.6 +10 -4 jakarta-tomcat/src/share/org/apache/tomcat/util/io/FileUtil.java
Index: FileUtil.java
===
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/io/FileUtil.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- FileUtil.java 2001/08/11 02:52:45 1.5
+++ FileUtil.java 2001/08/16 00:19:20 1.6
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/io/FileUtil.java,v 1.5
2001/08/11 02:52:45 larryi Exp $
- * $Revision: 1.5 $
- * $Date: 2001/08/11 02:52:45 $
+ * $Header:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/io/FileUtil.java,v 1.6
2001/08/16 00:19:20 costin Exp $
+ * $Revision: 1.6 $
+ * $Date: 2001/08/16 00:19:20 $
*
*
*
@@ -380,7 +380,13 @@
while ((ze = zis.getNextEntry()) != null) {
try {
- File f = new File(dir, ze.getName());
+
+ // Bug 2033
+ File f;
+ if( File.separatorChar == '\\' ) // NT
+ f = new File( dir, ze.getName().replace('/','\\') );
+ else
+ f = new File( dir, ze.getName() );
// create intermediary directories - sometimes zip don't add them
File dirF=new File(f.getParent());
dirF.mkdirs();
cvs commit: jakarta-tomcat-4.0/tester/src/tester/org/apache/tester Jndi01.java Jndi02.java
craigmcc01/08/15 17:01:34
Modified:tester/src/tester/org/apache/tester Jndi01.java Jndi02.java
Log:
Add references to application level beans from init() and destroy()
methods. The beans are accessed from:
* /WEB-INF/classes via webapp class loader
* /WEB-INF/lib/*.jar via webapp class loader
* $CATALINA_HOME/classes via parent class loader
* $CATALINA_HOME/lib via parent class loader
Revision ChangesPath
1.5 +38 -1
jakarta-tomcat-4.0/tester/src/tester/org/apache/tester/Jndi01.java
Index: Jndi01.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/tester/src/tester/org/apache/tester/Jndi01.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- Jndi01.java 2001/04/09 21:42:53 1.4
+++ Jndi01.java 2001/08/16 00:01:34 1.5
@@ -66,6 +66,10 @@
import javax.naming.NamingException;
import javax.servlet.*;
import javax.servlet.http.*;
+import org.apache.tester.SessionBean;
+import org.apache.tester.shared.SharedSessionBean;
+import org.apache.tester.unpshared.UnpSharedSessionBean;
+import org.apache.tester.unshared.UnsharedSessionBean;
/**
@@ -74,12 +78,14 @@
* should succeed.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.4 $ $Date: 2001/04/09 21:42:53 $
+ * @version $Revision: 1.5 $ $Date: 2001/08/16 00:01:34 $
*/
public class Jndi01 extends HttpServlet {
public void init() throws ServletException {
+
+// Access the naming context from init()
Context ctx = null;
try {
ctx = new InitialContext();
@@ -90,6 +96,37 @@
log("Cannot create context in init()", e);
throw new ServletException(e);
}
+
+// Access some application beans from init()
+
+try {
+SessionBean sb = new SessionBean();
+log("OK Accessing SessionBean");
+} catch (Throwable t) {
+log("FAIL Accessing SessionBean", t);
+}
+
+try {
+SharedSessionBean sb = new SharedSessionBean();
+log("OK Accessing SharedSessionBean");
+} catch (Throwable t) {
+log("FAIL Accessing SharedSessionBean", t);
+}
+
+try {
+UnpSharedSessionBean sb = new UnpSharedSessionBean();
+log("OK Accessing UnpSharedSessionBean");
+} catch (Throwable t) {
+log("FAIL Accessing UnpSharedSessionBean", t);
+}
+
+try {
+UnsharedSessionBean sb = new UnsharedSessionBean();
+log("OK Accessing UnsharedSessionBean");
+} catch (Throwable t) {
+log("FAIL Accessing UnsharedSessionBean", t);
+}
+
}
public void destroy() {
1.2 +40 -1
jakarta-tomcat-4.0/tester/src/tester/org/apache/tester/Jndi02.java
Index: Jndi02.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/tester/src/tester/org/apache/tester/Jndi02.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- Jndi02.java 2001/02/22 01:07:26 1.1
+++ Jndi02.java 2001/08/16 00:01:34 1.2
@@ -66,6 +66,10 @@
import javax.naming.NamingException;
import javax.servlet.*;
import javax.servlet.http.*;
+import org.apache.tester.SessionBean;
+import org.apache.tester.shared.SharedSessionBean;
+import org.apache.tester.unpshared.UnpSharedSessionBean;
+import org.apache.tester.unshared.UnsharedSessionBean;
/**
@@ -75,7 +79,7 @@
* deployment descriptor.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.1 $ $Date: 2001/02/22 01:07:26 $
+ * @version $Revision: 1.2 $ $Date: 2001/08/16 00:01:34 $
*/
public class Jndi02 extends HttpServlet {
@@ -84,6 +88,41 @@
String names[] =
{ "booleanEntry", "byteEntry", "doubleEntry", "floatEntry",
"integerEntry", "longEntry", "stringEntry" };
+
+
+// Reference some application classes for the first time in destroy()
+// and log the results
+public void destroy() {
+
+try {
+SessionBean sb = new SessionBean();
+log("OK Accessing SessionBean");
+} catch (Throwable t) {
+log("FAIL Accessing SessionBean", t);
+}
+
+try {
+SharedSessionBean sb = new SharedSessionBean();
+log("OK Accessing SharedSessionBean");
+} catch (Throwable t) {
+log("FAIL Accessing SharedSessionBean", t);
+}
+
+try {
+UnpSharedSessionBean sb = new UnpSharedSessionBean();
+log("OK Accessing UnpSharedSessionBean");
+} catch (Throwable t) {
+log("FAI
cvs commit: jakarta-tomcat-4.0/tester/web/WEB-INF web.xml
craigmcc01/08/15 16:44:24
Modified:tester/src/bin tester.xml
tester/web/WEB-INF web.xml
Added: tester/src/tester/org/apache/tester Forward09.java
Include09.java
Log:
Add unit tests for ServletRequest.getRequestDispatcher(), with both
relative and absolute paths, doing both forwards and includes.
Revision ChangesPath
1.65 +98 -0 jakarta-tomcat-4.0/tester/src/bin/tester.xml
Index: tester.xml
===
RCS file: /home/cvs/jakarta-tomcat-4.0/tester/src/bin/tester.xml,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -r1.64 -r1.65
--- tester.xml2001/08/15 00:57:08 1.64
+++ tester.xml2001/08/15 23:44:23 1.65
@@ -823,6 +823,104 @@
request="${context.path}/servlet/Forward08"
outContent="Forward08b PASSED" debug="${debug}"/>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
http://www.apache.org/>." *
* *
*Alternately, this acknowlegement may appear in the software itself, if *
*and wherever such third-party acknowlegements normally appear. *
* *
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software *
*Foundation" must not be used to endorse or promote products derived *
*from this software without prior written permission. For written *
*permission, please contact <[EMAIL PROTECTED]>.*
* *
* 5. Products derived from this software may not be called "Apache" nor may *
*"Apache" appear in their names without prior written permission of the *
*Apache Software Foundation.*
* *
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES *
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY *
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL *
* THE APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY *
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, *
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN *
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE *
* POSSIBILITY OF SUCH DAMAGE. *
* *
* = *
* *
* This software consists of voluntary contributions made by many indivi- *
* duals on behalf of the Apache Software Foundation. For more information *
* on the Apache Software Foundation, please see
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/util RequestUtil.java
craigmcc01/08/15 16:19:55
Modified:catalina/src/share/org/apache/catalina/connector
HttpRequestBase.java
catalina/src/share/org/apache/catalina/util RequestUtil.java
Log:
Fix 2 bugs in the implementation of ServletRequest.getRequestDispatcher().
* When called with a relative path, calculates a path based on
servletPath + "/../" + relativePath, but does not normalize it.
This ends up generating a 404 error on a subsequent forward or
include call. (This was the bug reported on #3098).
* When called within a servlet that was itself called via
RequestDispatcher.include(), would incorrectly resolve the relative
path against the *original* request URI, isntead of the one that
mapped to the included servlet.
PR: Bugzilla #3098
Submitted by: Bryan Basham <[EMAIL PROTECTED]>
Revision ChangesPath
1.30 +9 -6
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java
Index: HttpRequestBase.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- HttpRequestBase.java 2001/08/01 03:04:04 1.29
+++ HttpRequestBase.java 2001/08/15 23:19:55 1.30
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
1.29 2001/08/01 03:04:04 craigmcc Exp $
- * $Revision: 1.29 $
- * $Date: 2001/08/01 03:04:04 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
1.30 2001/08/15 23:19:55 craigmcc Exp $
+ * $Revision: 1.30 $
+ * $Date: 2001/08/15 23:19:55 $
*
*
*
@@ -84,6 +84,7 @@
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
+import org.apache.catalina.Globals;
import org.apache.catalina.HttpRequest;
import org.apache.catalina.Manager;
import org.apache.catalina.Realm;
@@ -101,7 +102,7 @@
* be implemented.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.29 $ $Date: 2001/08/01 03:04:04 $
+ * @version $Revision: 1.30 $ $Date: 2001/08/15 23:19:55 $
*/
public class HttpRequestBase
@@ -744,8 +745,10 @@
return (context.getServletContext().getRequestDispatcher(path));
// Convert a request-relative path to a context-relative one
-String relative = getServletPath() + "/../" + path;
-// FIXME -- Canonicalize any ".." directory references!
+String servletPath = (String) getAttribute(Globals.SERVLET_PATH_ATTR);
+if (servletPath == null)
+servletPath = getServletPath();
+String relative = RequestUtil.normalize(servletPath + "/../" + path);
return (context.getServletContext().getRequestDispatcher(relative));
}
1.18 +63 -4
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/util/RequestUtil.java
Index: RequestUtil.java
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/util/RequestUtil.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- RequestUtil.java 2001/07/22 20:25:14 1.17
+++ RequestUtil.java 2001/08/15 23:19:55 1.18
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/util/RequestUtil.java,v
1.17 2001/07/22 20:25:14 pier Exp $
- * $Revision: 1.17 $
- * $Date: 2001/07/22 20:25:14 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/util/RequestUtil.java,v
1.18 2001/08/15 23:19:55 craigmcc Exp $
+ * $Revision: 1.18 $
+ * $Date: 2001/08/15 23:19:55 $
*
*
*
@@ -78,7 +78,7 @@
*
* @author Craig R. McClanahan
* @author Tim Tye
- * @version $Revision: 1.17 $ $Date: 2001/07/22 20:25:14 $
+ * @version $Revision: 1.18 $ $Date: 2001/08/15 23:19:55 $
*/
public final class RequestUtil {
@@ -181,6 +181,65 @@
}
}
return (result.toString());
+
+}
+
+
+/**
+ * Normalize a relative URI path that may have relative values ("/./",
+ * "/../", and so on ) it it. WARNING - This method is
+ * useful only for normalizing application-generated paths. It does not
+ * try to perform security checks for malicious input.
+ *
+ * @param path Relative path to be normalized
+ */
+public static String normalize(String path) {
[PATCH] Potential security problem with '?' in jsp file name TC3.3B1
Using: Apache 1.3.17 TC3.3 B1 Ajp13 Java 1.3.1 making the request http://myserver/%3f%41%3d%42.jsp was interpreted as a request for the file "/?A=B.jsp". JspInterceptor then happily creates a page containing the contents of the ROOT directory. The attached patch forbids such silliness. JspInterceptor.diff
Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix
1.3.17 (with negotiation_module removed to prevent that problem). - Original Message - From: <[EMAIL PROTECTED]> To: "Bill Barker" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, August 15, 2001 1:01 PM Subject: Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix > Apache2.0 + mod_jk + JNI + tc3.3 gives me the correct answer, > 404 ( with the correct URI - /?A=B.jsp ). Note that typing > the unencoded version is returning the correct answer too, i.e. > index.html. > > What version of apache are you using ? > > Costin > > > > On Wed, 15 Aug 2001, Bill Barker wrote: > > > It is actually worse than that. TC3.3B1 (with the mod_jk that it ships > > with, I haven't tried j-t-c yet) gives a directory listing in response to: > > http://myserver/%3f%41%3d%42.jsp > > - Original Message - > > From: <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]>; "Bill Barker" > > <[EMAIL PROTECTED]> > > Sent: Wednesday, August 15, 2001 11:44 AM > > Subject: Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix > > > > > > > On Wed, 15 Aug 2001, Bill Barker wrote: > > > > > > > Personally, I agree with Justin and Costin that mod_jk should be able to > > use > > > > the uri field. > > > > > > > > Having said that, I'd like to point out that the mod_jk.c in j-t-c is > > > > flat-out broken. It doesn't handle the case where the '?' itself is > > > > encoded. Since this case is part of a currently popular attack on IIS, > > it > > > > will show up. > > > > > > Interesting finding. However tomcat decoder should be able to do so - if > > > it doesn't we must fix it. Can you check against 3.3beta1 ? > > > > > > As a note, IMHO it is perfectly legal to have an encoded '?' in the URI, > > > and the behavior should be: the '?' will be decoded _after_ the URI is > > > separated from query string, and it's used as part of the file name. > > > > > > AFAIK there is no reason a file ( or pathInfo ) can't have the '?' char > > > inside, and the URI spec allow that. > > > > > > ( of course, paranoia may force us to remove this kind of behavior ). > > > > > > Costin > > > > > > > > > > > > > > > > >
Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix
Actually, I have an "index.jsp" file. According to the logs (I haven't turned up the logging level yet, so the information in mininal), I get: Ctx() : Compiling: /?A=B.jsp to _0003fA_0003dB_0 The corresponding .java file just prints static HTML with a /path/to/ROOT followed by lines like: index.jsp - Original Message - From: <[EMAIL PROTECTED]> To: "Bill Barker" <[EMAIL PROTECTED]> Sent: Wednesday, August 15, 2001 12:59 PM Subject: Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix > On Wed, 15 Aug 2001, Bill Barker wrote: > > > It is actually worse than that. TC3.3B1 (with the mod_jk that it ships > > with, I haven't tried j-t-c yet) gives a directory listing in response to: > > http://myserver/%3f%41%3d%42.jsp > > If I translate this corectly, your request is > http://myserver/?a=b.jsp > > This is treated as a request for "/", with parameters ( that are > ignored since it's a static page ). Hmm, it should return a redirect or > index.html if exists. > > Tomcat standalone is ok, it responds 404 ( and it does so because it > corectly does a single decoding _after_ separating the URI in components, > as required by URI spec ). > > For mod_jk, it's a bit tricky. I assume you configured apache to handle > the static requests ? > > Can you make sure you have a index.html page ? If you see a dir listing, > can you tell me who's generating it ( tomcat adds the version number at > bottom ) > > Thanks, > Costin > > > > > > - Original Message - > > From: <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]>; "Bill Barker" > > <[EMAIL PROTECTED]> > > Sent: Wednesday, August 15, 2001 11:44 AM > > Subject: Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix > > > > > > > On Wed, 15 Aug 2001, Bill Barker wrote: > > > > > > > Personally, I agree with Justin and Costin that mod_jk should be able to > > use > > > > the uri field. > > > > > > > > Having said that, I'd like to point out that the mod_jk.c in j-t-c is > > > > flat-out broken. It doesn't handle the case where the '?' itself is > > > > encoded. Since this case is part of a currently popular attack on IIS, > > it > > > > will show up. > > > > > > Interesting finding. However tomcat decoder should be able to do so - if > > > it doesn't we must fix it. Can you check against 3.3beta1 ? > > > > > > As a note, IMHO it is perfectly legal to have an encoded '?' in the URI, > > > and the behavior should be: the '?' will be decoded _after_ the URI is > > > separated from query string, and it's used as part of the file name. > > > > > > AFAIK there is no reason a file ( or pathInfo ) can't have the '?' char > > > inside, and the URI spec allow that. > > > > > > ( of course, paranoia may force us to remove this kind of behavior ). > > > > > > Costin > > > > > > > > > > > > > > > >
Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix
Apache2.0 + mod_jk + JNI + tc3.3 gives me the correct answer, 404 ( with the correct URI - /?A=B.jsp ). Note that typing the unencoded version is returning the correct answer too, i.e. index.html. What version of apache are you using ? Costin On Wed, 15 Aug 2001, Bill Barker wrote: > It is actually worse than that. TC3.3B1 (with the mod_jk that it ships > with, I haven't tried j-t-c yet) gives a directory listing in response to: > http://myserver/%3f%41%3d%42.jsp > - Original Message - > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; "Bill Barker" > <[EMAIL PROTECTED]> > Sent: Wednesday, August 15, 2001 11:44 AM > Subject: Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix > > > > On Wed, 15 Aug 2001, Bill Barker wrote: > > > > > Personally, I agree with Justin and Costin that mod_jk should be able to > use > > > the uri field. > > > > > > Having said that, I'd like to point out that the mod_jk.c in j-t-c is > > > flat-out broken. It doesn't handle the case where the '?' itself is > > > encoded. Since this case is part of a currently popular attack on IIS, > it > > > will show up. > > > > Interesting finding. However tomcat decoder should be able to do so - if > > it doesn't we must fix it. Can you check against 3.3beta1 ? > > > > As a note, IMHO it is perfectly legal to have an encoded '?' in the URI, > > and the behavior should be: the '?' will be decoded _after_ the URI is > > separated from query string, and it's used as part of the file name. > > > > AFAIK there is no reason a file ( or pathInfo ) can't have the '?' char > > inside, and the URI spec allow that. > > > > ( of course, paranoia may force us to remove this kind of behavior ). > > > > Costin > > > > > > > > >
Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix
On Wed, 15 Aug 2001, Bill Barker wrote: > It is actually worse than that. TC3.3B1 (with the mod_jk that it ships > with, I haven't tried j-t-c yet) gives a directory listing in response to: > http://myserver/%3f%41%3d%42.jsp If I translate this corectly, your request is http://myserver/?a=b.jsp This is treated as a request for "/", with parameters ( that are ignored since it's a static page ). Hmm, it should return a redirect or index.html if exists. Tomcat standalone is ok, it responds 404 ( and it does so because it corectly does a single decoding _after_ separating the URI in components, as required by URI spec ). For mod_jk, it's a bit tricky. I assume you configured apache to handle the static requests ? Can you make sure you have a index.html page ? If you see a dir listing, can you tell me who's generating it ( tomcat adds the version number at bottom ) Thanks, Costin > - Original Message - > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; "Bill Barker" > <[EMAIL PROTECTED]> > Sent: Wednesday, August 15, 2001 11:44 AM > Subject: Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix > > > > On Wed, 15 Aug 2001, Bill Barker wrote: > > > > > Personally, I agree with Justin and Costin that mod_jk should be able to > use > > > the uri field. > > > > > > Having said that, I'd like to point out that the mod_jk.c in j-t-c is > > > flat-out broken. It doesn't handle the case where the '?' itself is > > > encoded. Since this case is part of a currently popular attack on IIS, > it > > > will show up. > > > > Interesting finding. However tomcat decoder should be able to do so - if > > it doesn't we must fix it. Can you check against 3.3beta1 ? > > > > As a note, IMHO it is perfectly legal to have an encoded '?' in the URI, > > and the behavior should be: the '?' will be decoded _after_ the URI is > > separated from query string, and it's used as part of the file name. > > > > AFAIK there is no reason a file ( or pathInfo ) can't have the '?' char > > inside, and the URI spec allow that. > > > > ( of course, paranoia may force us to remove this kind of behavior ). > > > > Costin > > > > > > > > >
Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix
On Wed, Aug 15, 2001 at 08:58:00AM -0700, [EMAIL PROTECTED] wrote: > > > And, the whole question is what does Tomcat see the request as? I > > could make a case that it should never know about the unparsed_uri, > > but only the uri that httpd finally resolved to and that mod_jk > > picked up. -- justin > >> If we treat apache as a web server, that cooperates with tomcat but can > do at least what a proxy is allowed to do by the HTTP spec ( i.e. alter > the request, etc ) - then we are fine ( except the life is interesting > again, and a lot of work to do including this fix ). This is the way I expect it to behave, but as Keith pointed out, it may be useful to have this as a configuration option. -Dave
Fw: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix
- Original Message - From: "Bill Barker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 15, 2001 12:15 PM Subject: Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix > It is actually worse than that. TC3.3B1 (with the mod_jk that it ships > with, I haven't tried j-t-c yet) gives a directory listing in response to: > http://myserver/%3f%41%3d%42.jsp > - Original Message - > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; "Bill Barker" > <[EMAIL PROTECTED]> > Sent: Wednesday, August 15, 2001 11:44 AM > Subject: Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix > > > > On Wed, 15 Aug 2001, Bill Barker wrote: > > > > > Personally, I agree with Justin and Costin that mod_jk should be able to > use > > > the uri field. > > > > > > Having said that, I'd like to point out that the mod_jk.c in j-t-c is > > > flat-out broken. It doesn't handle the case where the '?' itself is > > > encoded. Since this case is part of a currently popular attack on IIS, > it > > > will show up. > > > > Interesting finding. However tomcat decoder should be able to do so - if > > it doesn't we must fix it. Can you check against 3.3beta1 ? > > > > As a note, IMHO it is perfectly legal to have an encoded '?' in the URI, > > and the behavior should be: the '?' will be decoded _after_ the URI is > > separated from query string, and it's used as part of the file name. > > > > AFAIK there is no reason a file ( or pathInfo ) can't have the '?' char > > inside, and the URI spec allow that. > > > > ( of course, paranoia may force us to remove this kind of behavior ). > > > > Costin > > > > > > > > >
cvs commit: jakarta-tomcat/src/doc tomcat-ug.html
larryi 01/08/15 12:53:20 Modified:src/doc tomcat-ug.html Log: Mostly updates on configuring Tomcat Revision ChangesPath 1.10 +100 -24 jakarta-tomcat/src/doc/tomcat-ug.html Index: tomcat-ug.html === RCS file: /home/cvs/jakarta-tomcat/src/doc/tomcat-ug.html,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- tomcat-ug.html2001/08/10 02:56:09 1.9 +++ tomcat-ug.html2001/08/15 19:53:19 1.10 @@ -1,7 +1,7 @@ - + @@ -60,7 +60,7 @@ -Table of Contents +Table of Contents [This section needs to be revised to match current outline. Wouldn't it be nice if we used XSL to generate this file from an XML source?] @@ -92,14 +92,12 @@ Tomcat scripts + Types of servlet + containers Configuring Tomcat - Types of servlet - containers - server.xml - Tomcat's main configuration - file - web.xml - Default - deployment descriptor +Configuring Classes +Configuring the Server Web application/context security and authorization tomcat-users.xml JDBC realms @@ -137,7 +135,7 @@ -About Tomcat: Q&A +About Tomcat: Q&A See also the official http://jakarta.apache.org/site/faqs.html";>Jakarta FAQ Page. @@ -266,7 +264,7 @@ -Installing Tomcat +Installing Tomcat File placement and environment setup @@ -284,10 +282,11 @@ should create a new subdirectory named "jakarta-tomcat-". - Change to the "jakarta-tomcat- " directory + In a shell or DOS window, change to the + "jakarta-tomcat- " directory and set a new environment variable (TOMCAT_HOME) to point to the root directory of your Tomcat hierarchy. The exact directory may - change from system to system; check your local filesystem to be sure where Tomcat + vary from system to system; check your local file system to be sure where Tomcat is installed. On Win32 systems you should type: @@ -302,26 +301,27 @@ Set the environment variable JAVA_HOME to point to the root - directory of your JDK hierarchy, then add the Java interpreter to your PATH - environment variable. The exact directory may change from system to system; - check your local filesystem to be sure where Java is installed. + directory of your JDK hierarchy. You may optionally add the Java + interpreter to your PATH environment variable. The exact directory + may vary from system to system. Check your local file system to be sure + where Java is installed. Win32: set JAVA_HOME=c:/jdk1.3.1 - set PATH=%PATH%;%JAVA_HOME%\bin + set PATH=%JAVA_HOME%\bin;%PATH% Unix (bash/sh): set JAVA_HOME=/user/local/java/jdk1.3.1; export JAVA_HOME - set PATH=$PATH:$JAVA_HOME/bin; export PATH + set PATH=$JAVA_HOME/bin:$PATH; export PATH Unix (tcsh): setenv JAVA_HOME=/user/local/java/jdk1.3.1 - setenv PATH=$PATH:$JAVA_HOME/bin + setenv PATH=$JAVA_HOME/bin:$PATH @@ -331,9 +331,9 @@ execute Tomcat and it will run as a stand-alone servlet container. -Once you're sure they work, these environment variables should probably be set in a - config file: C:/AUTOEXEC.BAT for Windows, ~/bash_profile - or ~/[what is it for tcsh?] +Once you're sure they work, you may wish to set these environment + variables in a config file: C:/AUTOEXEC.BAT for Windows, ~/.bash_profile + or ~/.cshrc, etc. @@ -665,7 +665,7 @@ -Configuring Tomcat +Configuring Tomcat There are two parts to Tomcat configuration: @@ -673,7 +673,7 @@ Configuring the server -Configuring Classes +Configuring Classes Configuring classes refers to configuring what classes are available and in what manner when Tomcat is running. You may wish to add additional classes and @@ -761,9 +761,85 @@ and Apps Classloader. Entries found in an org.apache.tomcat.common.classpath
Re: Native configuration changes.
[EMAIL PROTECTED] 08/15/01 11:19AM >>> >On Wed, 15 Aug 2001, Mike Anderson wrote: > >> The problem with this is that when you start tomcat outside of Apache, >> it isn't really doing anything but generating the auto-config files. They >> whole idea of the JNI connector is that the web server starts its own >> version of Tomcat by instantiating a JVM inprocess. Even if you have >> an external Tomcat process running, the webserver wouldn't be talking >> to that one via JNI. This also means that you basically have to kill the >> Tomcat process that you start up by hand, plus, when Apache starts up >> it's version of Tomcat, it would probably overwrite the auto-config file as >> it came up which might cause some additional headaches. > >The "auto-config" files are intended to avoid manual configuration - we >have web.xml, and we can generate the informations about the mappings. >That's how ajp12, ajp13 work. I agree, and it's a great way to get the configuration to include in a webserver configuration file. >Ajp14 can work without this ( AFAIK mod_webapp still requires to manually > add each web application ). But in this mode there are serious >reasons to believe we'll affect the performance ( except maybe Apache2.0 >where it seems to be possible to alter the server config at runtime ). > >This is a long-term discussion, not important for the current release, but >we should keep it in mind :-) Again, you are right on target. >IMHO generating config files is not going to go away, even in 1.4, as it >provides extremely important benefits - it gives the user a chance to >"fine tune" the process ( which is extremely difficult when the config is >sent over the wire ). And it's faster, as it doesn't duplicate the mapping >stage ( and uses the server mapper, probably better than jk's ). > >Now the question is how do we want to deal with this configuration mode. >For most users it will not matter after ajp14, since >automatic-over-the-wire will cover most common cases. For advanced users - >it will matter. Most definately. As convienent as the automatic-over-the-wire is, for true perfomance, a specific configuration for the server is the way to go. Plus, you can tweak it to behave exactly as you want, (i.e. certain URI's/servlets/contexts are only available to certain virtual hosts) to make sure that you aren't opening up you site to other problems. >My proposal ( quite simple to code ): > >- add a "-serverconf XXX" to tomcat.sh. ( trivial ). It'll set XXX as a >ContextManager note/attribute. > >- uncomment , , etc in server.xml, and alter the >modules to do nothing unless "serverconf" note matches. ( XXX==apache to >generate apache configs, etc ). That means - no server.xml changes for >common use. > >- starting tomcat will not generate any configs. > >- running "tomcat -serverconf apache" will generate the configs for >apache. Alternative: a new script "confgen.sh apache" that will just >generate the scripts. > >The new rules: >- install the DLLs. >- run "confgen" >- start apache. I LOVE this. One concern that some internal users have raised is that when they generate the auto-config file, and edit it for their desired configuration, they have to go back and re-edit server.xml to not regenerate it so that they don't lose it. If we could have Tomcat only generate the file when asked, it would be extremely valuable. >Long term, the confgen.sh can do few other things, like insert the >"Include" in httpd.conf, etc. >IMHO it's a decent solution. I think it's a GREAT solution! >The user must expect that in order to deploy/undeploy webapps ( or change >configs ), they must run something to let the server know about it. Or we >can detect that and run "confgen" from tomcat. There are many choices and >ways to improve if we go this path. >What do you think ? Again, I think this is a great idea! >Costin Mike
Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix
On Wed, 15 Aug 2001, Bill Barker wrote: > Personally, I agree with Justin and Costin that mod_jk should be able to use > the uri field. > > Having said that, I'd like to point out that the mod_jk.c in j-t-c is > flat-out broken. It doesn't handle the case where the '?' itself is > encoded. Since this case is part of a currently popular attack on IIS, it > will show up. Interesting finding. However tomcat decoder should be able to do so - if it doesn't we must fix it. Can you check against 3.3beta1 ? As a note, IMHO it is perfectly legal to have an encoded '?' in the URI, and the behavior should be: the '?' will be decoded _after_ the URI is separated from query string, and it's used as part of the file name. AFAIK there is no reason a file ( or pathInfo ) can't have the '?' char inside, and the URI spec allow that. ( of course, paranoia may force us to remove this kind of behavior ). Costin
Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix
Personally, I agree with Justin and Costin that mod_jk should be able to use the uri field. Having said that, I'd like to point out that the mod_jk.c in j-t-c is flat-out broken. It doesn't handle the case where the '?' itself is encoded. Since this case is part of a currently popular attack on IIS, it will show up. - Original Message - From: "Justin Erenkrantz" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 15, 2001 8:27 AM Subject: Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix > On Wed, Aug 15, 2001 at 08:56:45AM -0400, Keith Wannamaker wrote: > > I am concerned that the loss of original escaping > > will break somebody. For instance: > > As Costin pointed out, the escaping of a URI does not change its > semantics - they should be treated as identical by anyone who follows > the URI spec. Escaping where it wasn't escaped *shouldn't* break > anyone. > > And, the whole question is what does Tomcat see the request as? I > could make a case that it should never know about the unparsed_uri, > but only the uri that httpd finally resolved to and that mod_jk > picked up. -- justin > >
RE: Native configuration changes.
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, August 15, 2001 1:20 PM > To: [EMAIL PROTECTED] > Subject: Re: Native configuration changes. > > > On Wed, 15 Aug 2001, Mike Anderson wrote: > > > The problem with this is that when you start tomcat outside > of Apache, > > it isn't really doing anything but generating the > auto-config files. They > > whole idea of the JNI connector is that the web server > starts its own > > version of Tomcat by instantiating a JVM inprocess. Even > if you have > > an external Tomcat process running, the webserver wouldn't > be talking > > to that one via JNI. This also means that you basically > have to kill the > > Tomcat process that you start up by hand, plus, when Apache > starts up > > it's version of Tomcat, it would probably overwrite the > auto-config file as > > it came up which might cause some additional headaches. > > The "auto-config" files are intended to avoid manual > configuration - we > have web.xml, and we can generate the informations about the mappings. > That's how ajp12, ajp13 work. > > Ajp14 can work without this ( AFAIK mod_webapp still requires > to manually > add each web application ). But in this mode there are serious > reasons to believe we'll affect the performance ( except > maybe Apache2.0 > where it seems to be possible to alter the server config at runtime ). > > This is a long-term discussion, not important for the current > release, but > we should keep it in mind :-) > > IMHO generating config files is not going to go away, even in > 1.4, as it > provides extremely important benefits - it gives the user a chance to > "fine tune" the process ( which is extremely difficult when > the config is > sent over the wire ). And it's faster, as it doesn't > duplicate the mapping > stage ( and uses the server mapper, probably better than jk's ). > > Now the question is how do we want to deal with this > configuration mode. > For most users it will not matter after ajp14, since > automatic-over-the-wire will cover most common cases. For > advanced users - > it will matter. > > My proposal ( quite simple to code ): > > - add a "-serverconf XXX" to tomcat.sh. ( trivial ). It'll > set XXX as a > ContextManager note/attribute. > > - uncomment , , etc in server.xml, > and alter the > modules to do nothing unless "serverconf" note matches. ( > XXX==apache to > generate apache configs, etc ). That means - no server.xml changes for > common use. > > - starting tomcat will not generate any configs. > > - running "tomcat -serverconf apache" will generate the configs for > apache. Alternative: a new script "confgen.sh apache" that will just > generate the scripts. > > The new rules: > - install the DLLs. > - run "confgen" > - start apache. > > Long term, the confgen.sh can do few other things, like insert the > "Include" in httpd.conf, etc. > > IMHO it's a decent solution. > > The user must expect that in order to deploy/undeploy webapps > ( or change > configs ), they must run something to let the server know > about it. Or we > can detect that and run "confgen" from tomcat. There are many > choices and > ways to improve if we go this path. > > What do you think ? I'm fine with this as long as there is a simple way to have ApacheConfig, IISConfig, etc. always write the auto-generated files. If I'm running Tomcat out-of-process, I'd prefer to simply start Tomcat first and then Apache to pick up configuration changes. > > Costin > >
Re: Native configuration changes.
On Wed, 15 Aug 2001, Mike Anderson wrote: > The problem with this is that when you start tomcat outside of Apache, > it isn't really doing anything but generating the auto-config files. They > whole idea of the JNI connector is that the web server starts its own > version of Tomcat by instantiating a JVM inprocess. Even if you have > an external Tomcat process running, the webserver wouldn't be talking > to that one via JNI. This also means that you basically have to kill the > Tomcat process that you start up by hand, plus, when Apache starts up > it's version of Tomcat, it would probably overwrite the auto-config file as > it came up which might cause some additional headaches. The "auto-config" files are intended to avoid manual configuration - we have web.xml, and we can generate the informations about the mappings. That's how ajp12, ajp13 work. Ajp14 can work without this ( AFAIK mod_webapp still requires to manually add each web application ). But in this mode there are serious reasons to believe we'll affect the performance ( except maybe Apache2.0 where it seems to be possible to alter the server config at runtime ). This is a long-term discussion, not important for the current release, but we should keep it in mind :-) IMHO generating config files is not going to go away, even in 1.4, as it provides extremely important benefits - it gives the user a chance to "fine tune" the process ( which is extremely difficult when the config is sent over the wire ). And it's faster, as it doesn't duplicate the mapping stage ( and uses the server mapper, probably better than jk's ). Now the question is how do we want to deal with this configuration mode. For most users it will not matter after ajp14, since automatic-over-the-wire will cover most common cases. For advanced users - it will matter. My proposal ( quite simple to code ): - add a "-serverconf XXX" to tomcat.sh. ( trivial ). It'll set XXX as a ContextManager note/attribute. - uncomment , , etc in server.xml, and alter the modules to do nothing unless "serverconf" note matches. ( XXX==apache to generate apache configs, etc ). That means - no server.xml changes for common use. - starting tomcat will not generate any configs. - running "tomcat -serverconf apache" will generate the configs for apache. Alternative: a new script "confgen.sh apache" that will just generate the scripts. The new rules: - install the DLLs. - run "confgen" - start apache. Long term, the confgen.sh can do few other things, like insert the "Include" in httpd.conf, etc. IMHO it's a decent solution. The user must expect that in order to deploy/undeploy webapps ( or change configs ), they must run something to let the server know about it. Or we can detect that and run "confgen" from tomcat. There are many choices and ways to improve if we go this path. What do you think ? Costin
RE: Native configuration changes.
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, August 15, 2001 11:51 AM > To: [EMAIL PROTECTED] > Subject: Native configuration changes. > > > Hi, > > Playing with the JNI connector, I found few simple ways to > make it easier > to set it up. Larry, Mike - let me know if you're ok ( and if > you can take > care of the doc part ). > > 1. JniConnector will be included in server.xml ( un-commented > ). I added > code inside to detect if tomcat is started in jni mode, and will stay > silent if not. > > 2. If we place all DLLs/SOs in TOMCAT_HOME/bin/native, I've added code > that will set the library path automatically ( including so/dll/nlm > extensions ). Also cleaner messages if the file is not there. > > 3. Same can be used to simplify mod_jk config, it's easier for > ApacheConfig to generate this location instead of > ApacheHome/libexec ( or > modules/, depends on apache version ). > > 4. The user will configure: > - conf/jk/workers.properties: add 'inprocess' to the list of workers, > set workers.java_home, ps, etc. ( quite easy IMHO ) > - conf/server.xml: > - start tomcat ( so it can regenerate auto-config files in jni mode ) > - start apache +1 > > IMHO it's much simpler and cleaner - Larry, it's your call, > the changes > are easy on the java side - but docs need to be synchronized and we're > quite late. Is it worth it ? There is still a lot of documentation that isn't "synchronized", so I think there is time. I still plan on not releasing beta2 until the documentation is "reasonable". I'm currently working on tomcat_ug.html. I am in favor of adding minor feature improvements if it will simplify the documentation and make usage easier. Cheers, Larry
Re: Native configuration changes.
>>> [EMAIL PROTECTED] 08/15/01 09:51AM >>> > Hi, >Playing with the JNI connector, I found few simple ways to make it easier >to set it up. Larry, Mike - let me know if you're ok ( and if you can take >care of the doc part ). > >1. JniConnector will be included in server.xml ( un-commented ). I added >code inside to detect if tomcat is started in jni mode, and will stay >silent if not. I'm ok with this. It would make it easier for users to be able to confiure if they only had to go to one place. >2. If we place all DLLs/SOs in TOMCAT_HOME/bin/native, I've added code >that will set the library path automatically ( including so/dll/nlm >extensions ). Also cleaner messages if the file is not there. Another great idea. >3. Same can be used to simplify mod_jk config, it's easier for >ApacheConfig to generate this location instead of ApacheHome/libexec ( or >modules/, depends on apache version ). See comments below. >4. The user will configure: >- conf/jk/workers.properties: add 'inprocess' to the list of workers, >set workers.java_home, ps, etc. ( quite easy IMHO ) > - conf/server.xml: > - start tomcat ( so it can regenerate auto-config files in jni mode ) > - start apache The problem with this is that when you start tomcat outside of Apache, it isn't really doing anything but generating the auto-config files. They whole idea of the JNI connector is that the web server starts its own version of Tomcat by instantiating a JVM inprocess. Even if you have an external Tomcat process running, the webserver wouldn't be talking to that one via JNI. This also means that you basically have to kill the Tomcat process that you start up by hand, plus, when Apache starts up it's version of Tomcat, it would probably overwrite the auto-config file as it came up which might cause some additional headaches. >IMHO it's much simpler and cleaner - Larry, it's your call, the changes >are easy on the java side - but docs need to be synchronized and we're >quite late. Is it worth it ? Other than the auto-config stuff, I think changes you've proposed are valid, and I could try to sync the docs with these changes. Since we haven't heard any complaints about the JNI connector yet, and it hasn't worked until just now, I'm not sure if we want to mess with it at this point, or wait until we can look at some of the auto-configuration work being done with ajp14 and/or mod_webapp that would allow a lot more dynamic configuration with the plugin handling determining which url's it should be handling dynamically. >Costin Mike
Re: cvs commit: jakarta-tomcat-4.0/jasper/src/share/org/apache/jasper/runtimeJspRuntimeLibrary.java PageContextImpl.java
:-) "Craig R. McClanahan" wrote: > > On Wed, 15 Aug 2001, Pier P. Fumagalli wrote: > > > [EMAIL PROTECTED] at [EMAIL PROTECTED] wrote: > > > > > > Fix a spec-compliance bug in the implementation of PageContext.include(), > > > which was not flushing the output stream even though this is explicitly > > > required in the Javadocs. > > > > Congrats (I know it gave you some headaches!) > > > > Yah ... now I can look at SSL patches and the like without starting from a > broken workspace :-). > > > Pier > > > > > > Craig
Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix
On Wed, 15 Aug 2001, Justin Erenkrantz wrote: > On Wed, Aug 15, 2001 at 08:56:45AM -0400, Keith Wannamaker wrote: > > I am concerned that the loss of original escaping > > will break somebody. For instance: > > As Costin pointed out, the escaping of a URI does not change its > semantics - they should be treated as identical by anyone who follows > the URI spec. Escaping where it wasn't escaped *shouldn't* break > anyone. > > And, the whole question is what does Tomcat see the request as? I > could make a case that it should never know about the unparsed_uri, > but only the uri that httpd finally resolved to and that mod_jk > picked up. -- justin I guess the only choice we can make is if Apache is part of the servlet container ( and most follow its rules ) or not. If it is, then mod_rewrite ( and half of the modules ) just can't be used - they alter the request in a way that's not allowed by the spec. Apache can only forward requests to tomcat, and if it's lucky serve static files ( for apps not using filters or strange mappings ). It can't authenticate ( since the auth model doesn't follow the role based rules ), can't filter ( since Apache2.0 filters are very different from 2.3 filters ). But the bright side - our live is much simpler, we don't have to worry. If we treat apache as a web server, that cooperates with tomcat but can do at least what a proxy is allowed to do by the HTTP spec ( i.e. alter the request, etc ) - then we are fine ( except the life is interesting again, and a lot of work to do including this fix ). Costin
Native configuration changes.
Hi, Playing with the JNI connector, I found few simple ways to make it easier to set it up. Larry, Mike - let me know if you're ok ( and if you can take care of the doc part ). 1. JniConnector will be included in server.xml ( un-commented ). I added code inside to detect if tomcat is started in jni mode, and will stay silent if not. 2. If we place all DLLs/SOs in TOMCAT_HOME/bin/native, I've added code that will set the library path automatically ( including so/dll/nlm extensions ). Also cleaner messages if the file is not there. 3. Same can be used to simplify mod_jk config, it's easier for ApacheConfig to generate this location instead of ApacheHome/libexec ( or modules/, depends on apache version ). 4. The user will configure: - conf/jk/workers.properties: add 'inprocess' to the list of workers, set workers.java_home, ps, etc. ( quite easy IMHO ) - conf/server.xml: - start tomcat ( so it can regenerate auto-config files in jni mode ) - start apache IMHO it's much simpler and cleaner - Larry, it's your call, the changes are easy on the java side - but docs need to be synchronized and we're quite late. Is it worth it ? Costin
Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix
On Wed, Aug 15, 2001 at 08:56:45AM -0400, Keith Wannamaker wrote: > I am concerned that the loss of original escaping > will break somebody. For instance: As Costin pointed out, the escaping of a URI does not change its semantics - they should be treated as identical by anyone who follows the URI spec. Escaping where it wasn't escaped *shouldn't* break anyone. And, the whole question is what does Tomcat see the request as? I could make a case that it should never know about the unparsed_uri, but only the uri that httpd finally resolved to and that mod_jk picked up. -- justin
RE: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix
I am concerned that the loss of original escaping will break somebody. For instance: r->unparsed_uri = "fe%3afi%40fo%3ffum" r->uri= "fe:fi@fo?fum" ap_escape_uri(r->uri) = "fe:fi@fo%3ffum" Magically authentication information appears in my request to an oddly-named server. Maybe the solution is to choose one of the three at runtime by a mod_jk config option? Keith | -Original Message- | From: David Rees [mailto:[EMAIL PROTECTED]] | Sent: Wednesday, August 15, 2001 1:45 AM | To: [EMAIL PROTECTED] | Subject: Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix | | | On Tue, Aug 14, 2001 at 11:49:43PM -0400, Keith Wannamaker wrote: | > Try ap_escape_uri | | That does the trick. | | Here's the patch which gets things working again, thanks for all the help. | Hopefully this will get applied soon. Is there any 3.2.4 release planned to | fix the small number of bugs/problems in 3.2.3 (I also recall bumping into | some issues with error documents and getting into infinite loops which were | fixed) | | Thanks, | Dave
Re: [TC3.2.3][PATCH] mod_jk / mod_rewrite bug fix
On Tue, Aug 14, 2001 at 11:49:43PM -0400, Keith Wannamaker wrote:
> Try ap_escape_uri
That does the trick.
Here's the patch which gets things working again, thanks for all the help.
Hopefully this will get applied soon. Is there any 3.2.4 release planned to
fix the small number of bugs/problems in 3.2.3 (I also recall bumping into
some issues with error documents and getting into infinite loops which were
fixed)
Thanks,
Dave
--- mod_jk.c.orig Tue Jun 19 15:44:57 2001
+++ mod_jk.cTue Aug 14 22:42:32 2001
@@ -358,13 +358,12 @@
s->method = (char *)r->method;
s->content_length = get_content_length(r);
s->query_string = r->args;
-s->req_uri = r->unparsed_uri;
-if (s->req_uri != NULL) {
- char *query_str = strchr(s->req_uri, '?');
- if (query_str != NULL) {
- *query_str = 0;
- }
-}
+/*
+ * The 2.2 servlet spec errata says the uri from
+ * HttpServletRequest.getRequestURI() should remain encoded.
+ * [http://java.sun.com/products/servlet/errata_042700.html]
+ */
+s->req_uri = ap_escape_uri(r->pool, r->uri);
s->is_ssl = JK_FALSE;
s->ssl_cert = NULL;
