DO NOT REPLY [Bug 25063] New: - JK2 Connector build.xml fails

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25063

JK2 Connector build.xml fails

   Summary: JK2 Connector build.xml fails
   Product: Tomcat 4
   Version: 4.1.29
  Platform: Other
OS/Version: Linux
Status: NEW
  Severity: Critical
  Priority: Other
 Component: Connector:Coyote JK 2
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


Downloaded the jakarta-tomcat-connectors-jk2-src-current.tar.gz package,
untarred the archive, and after cd'ing to the resulting directory, ran "ant".

The ANT build fails due to missing directories as follows:

19:52:03 $> ant
Buildfile: build.xml
 
coyote:
 
BUILD FAILED
file:/data3/downloads/apache/jakarta-tomcat-connectors-jk2-2.0.2-src/build.xml:11:
Basedir /data3/downloads/apache/jakarta-tomcat-connectors-jk2-2.0.2-src/util
does not exist
 
Total time: 2 seconds
d

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Authentication with JAAS / Form Autenthication/ "j_security_check"

[Dan Johnsson]

i need to add an extra parameter
Well, you cannot do this kind of things without extending the code (as 
you do not stay within the standard servlet security model), so I guess 
it is a question for the development list after all.

Without going into the details of what code to change in what way, I 
want to warn you. You would be modifying your tomcat to support your 
specific application in a very non-standard way. Furthermore, I foresee 
no chance that this modification would make it back into the Tomcat 
trunk. This means that you will forever be burdened with the work of 
adapting this feature to future updates of the Tomcat code.

Taking this into account you might want to stay with the standard model 
even if it does not perfectly match your needs.

Only my humble opinion and advice; freely given, and well meant.

	Dan Johnsson

torsdagen den 27 november 2003 kl 15.19 skrev Andy Armstrong:

Jose Antonio Chirinos wrote:

Hi, i have a web application that use web authentication through 
"j_security_check" servlet; i need to add an extra parameter diferent 
of "j_password" and "j_username"; i guess that i have to put the 
extra parameter in the login form and in the definition of the realm; 
but where i have to include the code for the comparation of the new 
parameter.
Thanks in Advanced.
This is really one for the Tomcat user's list Jose.

--
Andy Armstrong, Tagish
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
_
Dan Johnsson | Säkerhetsarkitekt
[EMAIL PROTECTED] | www.omegapoint.se
tel 0709 - 15 88 43 | fax 08 - 517 008 29
Omegapoint AB - din säkra punkt i tillvaron
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 25060] New: - Reloading context orphans currently open jndi datasource connections

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25060

Reloading context orphans currently open jndi datasource connections

   Summary: Reloading context orphans currently open jndi datasource
connections
   Product: Tomcat 4
   Version: 4.1.27
  Platform: Other
OS/Version: Other
Status: NEW
  Severity: Normal
  Priority: Other
 Component: Unknown
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


I fiddled around with this a while and have determined to the best of my ability
that this is a real bug.  I have a jndi datasource connected to a postgresql
server.  I have two jndi resources (a reader and writer) so that later I can
implement a system with replication etc and deal with writes and reads to
different connections.  To summarize, after using the system, there are two
connections to postgres that get reused -- one reader and writer.  Under load,
this number increases and will slowly go back down.  I usually end up with two
idle connections (one reader and one writer) left under no load.  If you reload
the context where the datasource is at (it's a context specific datasource), the
number of connections will jump by two when used.  Each reload produces 2 more
connections min until I restart the server.  It appears that after a reload, the
'persisted connections' get abandoned / orphaned.  Eventually, I hit my max
connections and cannot aquire any more and the system fails.  I have tried the
abandond collection parameters and have added debug logging to my code to ensure
that I am indeed calling close on the connections I checkout, even on exceptions
and error cases.  Under normal useage without reloads, no connection leakage
happens.

This is on a solaris 8 machine with the 4.1.27-hotfix-22096.tar.gz applied.  Let
me know if more information is required.  I have this in a development
environment and can let somone attach in jdb and hammer on the thing since it's
not a production system -- if that will help in getting a repro.

Wayne

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 5998] - Exception hiding when a JspExceptioin is thrown by a tag

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=5998

Exception hiding when a JspExceptioin is thrown by a tag

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|RESOLVED|REOPENED
 Resolution|FIXED   |



--- Additional Comments From [EMAIL PROTECTED]  2003-11-27 17:20 ---
In Tomcat 4.0.6 this bug seems to persist. The JspException is wrapped in a 
ServletException but this means you can't use an easy mechanism to trap errors -
 eg a page to catch SQLExceptions from Servlets, Jsp and taglibs defined via 
 in web.xml. You can work round this by assigning a servlet to 
catch javax.servlet.jsp.JspException and then unwrapping the root cause but 
this is painfull

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 25055] New: - getRemoteUser() returns null (again)

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25055

getRemoteUser() returns null (again)

   Summary: getRemoteUser() returns null (again)
   Product: Tomcat 4
   Version: 4.1.29
  Platform: Other
OS/Version: Linux
Status: NEW
  Severity: Normal
  Priority: Other
 Component: Connector:Coyote JK 2
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


this bug may be related to BUG 12196
I have
Fedora Linux 
apache 2.0.47
tomcat 4.1.29
mod_jk 1.2.5 downloaded from
http://us.dl.sf.net/jpackage/direct_download/1.5/fedora-1/free/RPMS/mod_jk-ap20-1.2.5-2jpp.i386.rpm
apache + tomcat virtual host where some pages are protected with apache basic auth

I have some pages protected by apache basic authentication with an .htaccess
file and inside the protected JSPSs the request.getRemoteUser() returns null.
I have tried putting request.tomcatAuthentication=false into jk2.properties and
in the connector declaration with no effect.
At the beginning I used the sample server.xml with the addition of my virtual
hosts. Now I came up with this simple server.xml







 
   









my worker.properties is
workers.tomcat_home=/opt/tomcat/
workers.java_home=/opt/java/
ps=/
worker.list=ajp13
worker.ajp13.type=ajp13
worker.ajp13.host=139.91.200.22
worker.ajp13.port=8009
worker.ajp13.lbfactor=1
worker.ajp13.cachesize=10
worker.ajp13.cache_timeout=600
worker.ajp13.socket_keepalive=1
worker.ajp13.socket_timeout=300


Judging from bug 12196 there have been made some changes recently to this issue,
so I would appreciate if anyone could either confirm this bug or provide "the
state of the art" on how to make this work.

Thanks 
Stefanos Karasavvidis

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Question on Tomcat 4

[Eduardo Campoy]

Great News, and thanks a lot. 
But How do i implement this feature ?




Eduardo Campoy
Technology Account Manager
Novell, THE leading provider of net business solutions
Tel - 55 11 3345-3938
Cel - 55 11 9232-7456
AIM - ecampoy sao
MSN - [EMAIL PROTECTED]

>>> [EMAIL PROTECTED] 11/26/03 5:55 PM >>>
The "secureCookie" attribute was added to 3.3.2 only to allow backwards
compatibility with 3.3.1.  Like Tomcat 4 and higher, the default is
'true'.
It's a pretty small patch:
http://cvs.apache.org/viewcvs/jakarta-tomcat/src/share/org/apache/tomcat/mod
ules/session/SessionId.java.diff?r1=1.20&r2=1.21

if you just want to add the feature to 3.3.1.  Like Yoav said, TC 4 and
higher always uses secure cookies.

- Original Message -
From: "Shapira, Yoav" <[EMAIL PROTECTED]>
To: "Tomcat Developers List" <[EMAIL PROTECTED]>
Sent: Wednesday, November 26, 2003 8:37 AM
Subject: RE: Question on Tomcat 4



Howdy,
Tomcat 4 and later are so different from 3.x.  I suggest you do the
migration, if only for the speed and feature increases.  I don't think
there's an "attribute" called "secureCookie" in tomcat4, as there is no
"un-secure" mode.  Perhaps a tomcat 3 guru like Senor Barker can fill in
more information...

Yoav Shapira
Millennium ChemInformatics


>-Original Message-
>From: Eduardo Campoy [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, November 26, 2003 11:33 AM
>To: [EMAIL PROTECTED]
>Cc: Jason Rivard
>Subject: Question on Tomcat 4
>
>Hello,
>
>I am using Tomcat 3.3.1 with Internet Web Application and after doing a
>ETHICAL HACKING TEST, they discovered a problem in Tomcat session
cookie
>(JSESSIONID).
>After reading Tomcat 3.3.2 manual , there is a atribute called
>"secureCookie" that resolve my issue. BUT tomcat 3.3.2 is not released
>yet.
>My question is "Does this atribute called "secureCookie" exist in
>TOMCAT 4 ?"
>
>Thanks in advanced
>
>
>
>Eduardo Campoy
>Technology Account Manager
>Novell, THE leading provider of net business solutions
>Tel - 55 11 3345-3938
>Cel - 55 11 9232-7456
>AIM - ecampoy sao
>MSN - [EMAIL PROTECTED]




This e-mail, including any attachments, is a confidential business
communication, and may contain information that is confidential,
proprietary
and/or privileged.  This e-mail is intended only for the individual(s)
to
whom it is addressed, and may not be saved, copied, printed, disclosed
or
used by anyone else.  If you are not the(an) intended recipient, please
immediately delete this e-mail from your computer system and notify the
sender.  Thank you.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Authentication with JAAS / Form Autenthication/ "j_security_check"

[Andy Armstrong]

Jose Antonio Chirinos wrote:

Hi, i have a web application that use web authentication through "j_security_check" servlet; i need to add 
an extra parameter diferent of "j_password" and "j_username"; i guess that i have to put the 
extra parameter in the login form and in the definition of the realm; but where i have to include the code for the 
comparation of the new parameter.
Thanks in Advanced.
This is really one for the Tomcat user's list Jose.

--
Andy Armstrong, Tagish
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 25049] New: - Recognition of Declaration Tags

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25049

Recognition of Declaration Tags

   Summary: Recognition of Declaration Tags
   Product: Tomcat 5
   Version: 5.0.2
  Platform: Other
OS/Version: Windows NT/2K
Status: NEW
  Severity: Normal
  Priority: Other
 Component: Unknown
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]


in Jsp pages
  The declarations <%! //code.. %> are not working fine.
  
   IN the declaration code i declared some variables and used the same 
variables in scriplets,server could not able to compile the code .The exception 
i got (SERVER could not find the declaration). here is one snap shot
 
   declaration
   <%!
boolean mDebug;
JspWriter   mOut = null;
Locale  mLocale = null;
String  mScreenName = "";
MessageResourcesmMessages = null;
   %>
scriplet

  <%
   mDebug=true;
   similarly all other variables
   %> 

while compiling the server could not detect my variables declared. 
  
  The same piece of code is working fine in Tomcat 4.1 very well.
  
can anyone help me how it has to be handled in tomcat 5.0

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: RequestDispatcher

[Remy Maucherat]

Tuan Nguyen wrote:
Hello ,

I encounter  a very strange problem  with 
RequestDispatcher.include() . Here is my situation.
In servlet1  of webapp 1 , I get the servlet context of webapp 2 ,  
create a RequestDispatcher for the servlet 2
and call  RequestDispatcher.include(request, response). According to the 
spec ,  I should have new session for the
servlet 2 of  webapp2. But look like that I  have the same  session in 
both servlet. Does any one know what I miss here
Use Tomcat 5 for cross context fixes (cross context is rather hard to 
implement, overall). You'll have to wait for a few more days if you want 
a stable release, though.

Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RequestDispatcher

[Tuan Nguyen]

Hello ,

I encounter  a very strange problem  with 
RequestDispatcher.include() . Here is my situation.
In servlet1  of webapp 1 , I get the servlet context of webapp 2 ,  
create a RequestDispatcher for the servlet 2
and call  RequestDispatcher.include(request, response). According to the 
spec ,  I should have new session for the
servlet 2 of  webapp2. But look like that I  have the same  session in 
both servlet. Does any one know what I miss here

Thank!

Tuan Nguyen

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[PATCH] for bug 17859: need cygwin friendly JAVA_ENDORSED_DIRS property

[Trevor Baker]

Attached is a patch against the current HEAD revision for catalina.sh that
makes it properly convert JAVA_ENDORSED_DIRS var to Windows format while
using Cygwin.

thanks,
Trev
Index: catalina.sh
===
RCS file: /home/cvspublic/jakarta-tomcat-4.0/catalina/src/bin/catalina.sh,v
retrieving revision 1.35
diff -u -r1.35 catalina.sh
--- catalina.sh 8 May 2003 08:19:58 -   1.35
+++ catalina.sh 27 Nov 2003 01:08:46 -
@@ -120,6 +120,7 @@
   CATALINA_TMPDIR=`cygpath --path --windows "$CATALINA_TMPDIR"`
   CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
   JSSE_HOME=`cygpath --path --windows "$JSSE_HOME"`
+  JAVA_ENDORSED_DIRS=`cygpath --path --windows "$JAVA_ENDORSED_DIRS"`
 fi
 
 # - Execute The Requested Command -

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 24545] - DataSourceRealm cannot see JNDI DataSource defined within a Context

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24545

DataSourceRealm cannot see JNDI DataSource defined within a Context





--- Additional Comments From [EMAIL PROTECTED]  2003-11-27 08:22 ---
What if I can't control the gloabl-resources?? Third party hosting allows me 
to modify only the application Context. If the JDBCRealm, MemoryRealm work 
from within the context, why shouldn't the DataSourceRealm?

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]