Re: About Book How Tomcat Works

[Budi Kurniawan]

Hi Chris,
I happen to be in this mailing list too:)
I'm still writing, having completed 15 chapters of a total of 18. The book will go to 
the printer early Feb 2004. If interested, you can pre-order this book now to enjoy a 
45% discount. That's right. I'm self-publishing this book.

Cheers,
budi
ps: pls try the link again. I've been disappointed with my service provider too. :(



   ---Original Message---
   > From: Chris Wahl <[EMAIL PROTECTED]>
   > Subject: About Book How Tomcat Works
   > Sent: 10 Jan 2004 19:15:11
   >
   >  I found the following message in tomcat  mail-archive , but we can't access the
   >  book's link for several months, anyone one know what happened  to
   >  the great book?  or are there any article or book similar to this one,
   >  I need some material to help me to start reading Tomcat's code.
   >  
   >  Any infomation is highly appreciated.
   >  TIA
   >  
   >  As you know , here is the book's link.
   >  www.brainysoftware.com
   >  
   >  
   >  -mail begin
   >  Remy Maucherat Tomcat Developers List" <[EMAIL PROTECTED]
   >  Wed Jun 11 12:52:00 2003
   >  
   >  budi wrote:
   >  > Dear Tomcat Developers,
   >  > I've been using Tomcat for years. It interested me so much that last year I 
spent three months reading the >source code. I learned a lot, not only about how the 
servlet container works but also how to design Java >applications in general. I 
particularly liked the idea of valves and pipelines, as well as the hierarchical 
containers. >Knowing how Tomcat works enables one to write better servlets too, IMO.
   >  >
   >  > I decided to share what I have learned in a book titled "How Tomcat Works".
   >  
   >  Sounds great :)
   >  
   >  I'll obviously add a link to your book on the resources page, and I'll
   >  look at it when I have some time.
   >  
   >  Remy
   >  -mail end
   ---Original Message---

Re: About Book How Tomcat Works

[Chris Wahl]

I am pleased by your message :)
But your site still can not be checked out even using proxy.
So I don't know how to donate (or pay) , since no publisher
to contact .

Is there an alternative way to get the book's status?
Anxiously waiting for the book . . .

- Original Message - 
From: "Budi Kurniawan" <[EMAIL PROTECTED]>
To: "Tomcat Developers List" <[EMAIL PROTECTED]>
Sent: Sunday, January 11, 2004 4:33 PM
Subject: Re: About Book How Tomcat Works


> Hi Chris,
> I happen to be in this mailing list too:)
> I'm still writing, having completed 15 chapters of a total of 18. The book will go 
> to the printer early Feb 2004. If interested, you can pre-order this book now to 
> enjoy a 45% discount. That's right. I'm self-publishing this book.
> 
> Cheers,
> budi
> ps: pls try the link again. I've been disappointed with my service provider too. :(
> 

RE: Jk2 object model

[Mladen Turk]

 

> From: Costin Manolache
> Sent: 11. siječanj 2004 2:36
> To: Tomcat Developers List
> Subject: Re: Jk2 object model
> 
> > 
> > But this time I'd like to spend a month or so doing 'real' design 
> > without the single line of code. If we manage to put and 
> describe our 
> > needs on the paper, the coding itself will took 
> insignificant amount 
> > of time. If this plan shows that 90% of the existing 
> codebase can be reused; even better.
> 
>  
> The first thing ( IMO ) is to decide on what improvements we 
> need on the lower layer so it can satisfy any additional 
> needs you may have - configuration, performance, integration 
> with a wider set of applications, etc.
> 

We can do that for sure.
Depends on how we approach to the 'evolution'. We can either try to find out
how to 'adapt' the existing codebase or 'use' from the existing codebase.
I would like to see a design or plan, or what ever you name it, that
wouldn't limit itself from the start with the choose of JK, JK2 or webapp as
a starting point, but rather use all of them as a knowledge-base foundation.

Again, the major question is are there any developer needs and willing for
that.
I'll try to make some diagrams and some docs that will show what I have on
my mind. This may even show that I've completely 'miss the subject' :-).

MT.




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm RealmBase.java

[Remy Maucherat]

Bill Barker wrote:
remm2004/01/10 09:23:39

 Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
 Log:
 - findMethod wasn't called on the right collection.
 - The algorithm ignored extension mapped constraints as long as a
widcard

   or exact mapped constraint was found. This doesn't seem right (I did
quickly

   read the relevant portions of the spec).


-1.  This is exactly what the spec says should happen.  Just because it is
silly doesn't change the fact it is what we have to implement.  Go read
section 12.8.3 again.
Ah ok. So the container provided authentication  is really useless after 
all.
I didn't understand it that way.

Are there situations where more than one constraint is returned ?

Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SECURITY BUG: No place to disable HTTP TRACE vulnerability

[Remy Maucherat]

Bill Barker wrote:
Ok, this isn't right.  Tomcat defaults to NonLoginAuthenticator if there is
no login-config.  This one just approves everybody for everything.
Ok. This isn't absolutely critical, but needs to be fixed.

Rémy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/webapps/docs/config ajp.xml http.xml

[remm]

remm2004/01/11 01:20:22

  Modified:webapps/docs/config ajp.xml http.xml
  Log:
  - Document allowTrace.
  - Improve docs for the encoding flag.
  
  Revision  ChangesPath
  1.4   +10 -3 jakarta-tomcat-catalina/webapps/docs/config/ajp.xml
  
  Index: ajp.xml
  ===
  RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/config/ajp.xml,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- ajp.xml   12 Dec 2003 02:52:26 -  1.3
  +++ ajp.xml   11 Jan 2004 09:20:22 -  1.4
  @@ -40,6 +40,11 @@
   
 
   
  +
  +  A boolean value which can be used to enable or disable the TRACE
  +  HTTP method. If not specified, this attribute is set to false.
  +
  +
   
 Set to true if you want calls to
 request.getRemoteHost() to perform DNS lookups in
  @@ -86,9 +91,11 @@
   
   
 This specifies if the encoding specified in contentType should be used
  -  for URI query parameters, instead of using the URIEncoding. This setting is 
  -  present for compatibility with Tomcat 4.1.x.
  -  The default value is false.
  +  for URI query parameters, instead of using the URIEncoding. This 
  +  setting is present for compatibility with Tomcat 4.1.x, where the 
  +  encoding specified in the contentType, or explicitely set using 
  +  Request.setCharacterEncoding method was also used for the parameters from
  +  the URL. The default value is false.
 
   
   
  
  
  
  1.4   +10 -3 jakarta-tomcat-catalina/webapps/docs/config/http.xml
  
  Index: http.xml
  ===
  RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/config/http.xml,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- http.xml  12 Dec 2003 02:52:26 -  1.3
  +++ http.xml  11 Jan 2004 09:20:22 -  1.4
  @@ -56,6 +56,11 @@
   
 
   
  +
  +  A boolean value which can be used to enable or disable the TRACE
  +  HTTP method. If not specified, this attribute is set to false.
  +
  +
   
 Set to true if you want calls to
 request.getRemoteHost() to perform DNS lookups in
  @@ -103,9 +108,11 @@
   
   
 This specifies if the encoding specified in contentType should be used
  -  for URI query parameters, instead of using the URIEncoding. This setting is
  -  present for compatibility with Tomcat 4.1.x.
  -  The default value is false.
  +  for URI query parameters, instead of using the URIEncoding. This 
  +  setting is present for compatibility with Tomcat 4.1.x, where the 
  +  encoding specified in the contentType, or explicitely set using 
  +  Request.setCharacterEncoding method was also used for the parameters from
  +  the URL. The default value is false.
 
   
   
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm RealmBase.java

[remm]

remm2004/01/11 01:23:42

  Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
  Log:
  - Ooops. Put back the if(found) blocks.
  
  Revision  ChangesPath
  1.25  +11 -11
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java
  
  Index: RealmBase.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java,v
  retrieving revision 1.24
  retrieving revision 1.25
  diff -u -r1.24 -r1.25
  --- RealmBase.java10 Jan 2004 17:23:39 -  1.24
  +++ RealmBase.java11 Jan 2004 09:23:42 -  1.25
  @@ -484,11 +484,11 @@
   }
   }
   }
  -/*
  +
   if(found) {
   return resultsToArray(results);
   }
  -*/
  +
   int longest = -1;
   
   for (i = 0; i < constraints.length; i++) {
  @@ -534,11 +534,11 @@
   }
   }
   }
  -/*
  +
   if(found) {
   return  resultsToArray(results);
   }
  -*/
  +
   for (i = 0; i < constraints.length; i++) {
   SecurityCollection [] collection = constraints[i].findCollections();
   
  @@ -576,11 +576,11 @@
   }
   }
   }
  -/*
  +
   if(found) {
   return resultsToArray(results);
   }
  -*/
  +
   for (i = 0; i < constraints.length; i++) {
   SecurityCollection [] collection = constraints[i].findCollections();
   
  @@ -605,7 +605,7 @@
   }
   }
   }
  -
  +
   if(results == null) {
   // No applicable security constraint was found
   if (log.isDebugEnabled())
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm RealmBase.java

[Remy Maucherat]

[EMAIL PROTECTED] wrote:
remm2004/01/11 01:23:42

  Modified:catalina/src/share/org/apache/catalina/realm RealmBase.java
  Log:
  - Ooops. Put back the if(found) blocks.
I left in some of my changes:

  @@ -457,10 +457,7 @@

   // Check each defined security constraint
   HttpServletRequest hreq = (HttpServletRequest) 
request.getRequest();
  -String uri = request.getDecodedRequestURI();
  -String contextPath = hreq.getContextPath();
  -if (contextPath.length() > 0)
  -uri = uri.substring(contextPath.length());
  +String uri = request.getRequestPathMB().toString();

In many cases, the mapper has the String already, so this often saves 
one String (and I really don't like substring anyway).

  @@ -546,6 +547,7 @@
   "' against " + method + " " + uri + " --> " +
   constraints[i].included(uri, method));
   boolean matched = false;
  +int pos = -1;
   for(int j=0; j < collection.length; j++){
   String [] patterns = collection[j].findPatterns();
   for(int k=0; k < patterns.length && !matched; k++) {
  @@ -558,6 +560,7 @@
  uri.length()-dot == pattern.length()-1) {
if(pattern.regionMatches(1,uri,dot,uri.length()-dot)) {
   matched = true;
  +pos = j;
   }
   }
   }
  @@ -565,17 +568,19 @@
   }
   if(matched) {
   found = true;
  -if(collection[i].findMethod(method)) {
  +if(collection[pos].findMethod(method)) {
   if(results == null) {
   results = new ArrayList();
  -}
  +}
   results.add(constraints[i]);
   }
   }
   }
i was an index in the constraints array, so this should be a genuine bug.

Rémy



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup SetDocBaseRule.java

[remm]

remm2004/01/11 02:05:35

  Modified:catalina/src/share/org/apache/catalina/startup
SetDocBaseRule.java
  Log:
  - Fix array out of bounds when docBase is equal to "".
  
  Revision  ChangesPath
  1.10  +10 -6 
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/SetDocBaseRule.java
  
  Index: SetDocBaseRule.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup/SetDocBaseRule.java,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- SetDocBaseRule.java   27 Sep 2003 12:06:32 -  1.9
  +++ SetDocBaseRule.java   11 Jan 2004 10:05:35 -  1.10
  @@ -193,10 +193,14 @@
   }
   
   if (docBase.startsWith(canonicalAppBase.getPath())) {
  -docBase = docBase.substring
  -(canonicalAppBase.getPath().length() + 1);
  +docBase = docBase.substring(canonicalAppBase.getPath().length());
  +docBase = docBase.replace(File.separatorChar, '/');
  +if (docBase.startsWith("/")) {
  +docBase = docBase.substring(1);
  +}
  +} else {
  +docBase = docBase.replace(File.separatorChar, '/');
   }
  -docBase = docBase.replace(File.separatorChar, '/');
   
   child.setDocBase(docBase);
   
  
  
  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Bug report for Tomcat 3 [2004/01/11]

[bugzilla]

+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=CriticalMAJ=Major |
| |   |   MIN=Minor   NOR=Normal  ENH=Enhancement   |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
| 2350|Ver|Nor|2001-06-27|ServletConfig.getInitParameter() requires url-patt|
| 2478|Opn|Cri|2001-07-06|Passing Session variables between JSP's and Servle|
| 4551|Opn|Nor|2001-10-31|Ctx( /tt01 ): IOException in: R( /tt01 + /com/abc/|
| 4980|New|Min|2001-11-20|Startup message indicates incorrect log file  |
| 4994|New|Nor|2001-11-21|Tomcat needs a mechanism for clean and certain shu|
| 5064|New|Cri|2001-11-25|Socket write error when include files is more than|
| 5108|New|Maj|2001-11-26|Docs for Tomcat 3.2.x appear to be for Tomcat 3.3 |
| 5137|New|Nor|2001-11-27|Null pointer in class loader after attempting to r|
| 5160|Unc|Maj|2001-11-28|'IllegalStateException'   |
| 5331|New|Nor|2001-12-09|getPathInfo vs URL normalization  |
| 5510|New|Blk|2001-12-19|How to call ejb deployed in JBoss from Tomcat serv|
| 5756|New|Nor|2002-01-08|jspc.bat exits with wrong ERRORLEVEL  |
| 5797|New|Nor|2002-01-10|UnCatched ? StringIndexOutOfBoundsException: Strin|
| 6027|New|Maj|2002-01-25|Tomcat  Automatically shuts down as service   |
| 6168|New|Blk|2002-02-01|IllegalStateException |
| 6451|New|Cri|2002-02-14|Stackoverflow |
| 6478|New|Enh|2002-02-14|Default Tomcat Encoding   |
| 6488|Ver|Maj|2002-02-15|Error: 304. Apparent bug in default ErrorHandler c|
| 6648|New|Nor|2002-02-25|jakarta-servletapi build with java 1.4 javadoc err|
| 6702|New|Cri|2002-02-27|win 2k services not working   |
| 6796|New|Cri|2002-03-01|Tomcat dies periodically  |
| 6989|New|Maj|2002-03-08|Unable to read tld file during parallel JSP compil|
| 7008|Opn|Maj|2002-03-10|facade.HttpServletRequestFacade.getParameter(HttpS|
| 7013|New|Cri|2002-03-10|Entering a servlet path with non-ISO8859-1 charact|
| 7227|New|Nor|2002-03-19| directive don't work |
| 7236|New|Blk|2002-03-19|Permission denied to do thread.stop   |
| 7626|New|Nor|2002-03-29|classloader not working properly  |
| 7652|New|Cri|2002-04-01|Tomcat stalls periodically|
| 7762|New|Enh|2002-04-05|stdout logfile handling   |
| 7785|New|Blk|2002-04-06|tomcat bug in context reloading   |
| 7789|New|Maj|2002-04-06|JSP Cookie Read/Write Fails With DNS Names|
| 7863|New|Maj|2002-04-09|I have a problem when running Tomcat with IIS |
| 8154|New|Nor|2002-04-16|logrotate script in RPM rotates non-existing file |
| 8187|New|Cri|2002-04-17|Errors when Tomcat used with MS Access database   |
| 8239|New|Cri|2002-04-18|Resource temporary unavailable|
| 8263|New|Cri|2002-04-18|url-pattern easy to circumvent|
| 8634|New|Nor|2002-04-30|no way to specify different modules.xml file  |
| 8992|New|Blk|2002-05-10|IE6/XP: Limitation of POST Area within HTTP reques|
| 9086|New|Enh|2002-05-14|NPE org.apache.tomcat.core.ServerSession.setAttrib|
| 9250|New|Maj|2002-05-20|outOfMemoryError  |
| 9367|New|Maj|2002-05-23|HttpSessionBindingEvent not thrown for HttpSession|
| 9390|New|Nor|2002-05-24|jasper compilation error in tomcat|
| 9480|New|Nor|2002-05-29|Data connection pooling   |
| 9607|New|Maj|2002-06-04|precompile JSP|
| 9737|New|Nor|2002-06-10|ArrayIndexOutOfBoundsException when sending just p|
|1|New|Cri|2002-06-19|IOException Broken Pipe when authenticating JDBCRe|
|10047|New|Cri|2002-06-20|IllegalStateException |
|10202|New|Maj|2002-06-25|Tomcat is not responding in time  |
|10357|Unc|Blk|2002-06-30|java.lang.IllegalArgumentException: Short Read|
|10406|New|Cri|2002-07-02|IllegalStateException |
|11087|New|Blk|2002-07-23|IllegalStateException |
|11105|New|Nor|2002

Bug report for Tomcat 4 [2004/01/11]

[bugzilla]

+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=CriticalMAJ=Major |
| |   |   MIN=Minor   NOR=Normal  ENH=Enhancement   |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|  218|Unc|Nor|2000-11-02|IIS & in-process tomcat BugRat Report#333 |
| 3614|Opn|Nor|2001-09-14|bug in manager webapp |
| 3755|Opn|Nor|2001-09-20|freezes at shutdown   |
| 3888|Opn|Blk|2001-09-30|WebappClassLoader: Lifecycle error : CL stopped   |
| 4091|Opn|Nor|2001-10-11|custom host with unpackWARs="true" don't expand wa|
| 4138|Opn|Nor|2001-10-12|Processor threads have inconsistent ClassLoader st|
| 4352|Ass|Nor|2001-10-22|JDBCRealm does not work with CLIENT-CERT auth-meth|
| 5329|New|Nor|2001-12-08|NT Service exits startup before Tomcat is finished|
| 5598|Opn|Maj|2001-12-27|(JSP Problem) RequestDispatcher doesn't include HT|
| 5704|Ass|Maj|2002-01-05|CgiServlet corrupting images? |
| 5715|Opn|Nor|2002-01-07|response.setContentType() in Filter.doFilter not c|
| 5795|New|Enh|2002-01-10|Catalina Shutdown relies on localhost causing prob|
| 5829|New|Enh|2002-01-13|StandardManager needs to cope with sessions throwi|
| 5858|New|Enh|2002-01-15|Add tomcat dir to java.library.path   |
| 5952|Opn|Nor|2002-01-22|Refence to $JAVACMD  in tomcat.conf incorrect in R|
| 5985|New|Enh|2002-01-23|Tomcat should perform a more restrictive validatio|
| 5998|Opn|Maj|2002-01-24|Exception hiding when a JspExceptioin is thrown by|
| 6218|Opn|Nor|2002-02-04|Relative links broken for servlets|
| 6229|New|Enh|2002-02-04|Need way to specify where to write catalina.out   |
| 6399|New|Nor|2002-02-12|unknown protocol: https   |
| 6408|New|Enh|2002-02-12|Starting tomcat from a cygwin bash shell using 'st|
| 6582|New|Min|2002-02-20|Sample code does not match behavior   |
| 6600|Opn|Enh|2002-02-20|enodeURL adds 'jsession' when 'isRequestedSessionI|
| 6614|New|Enh|2002-02-21|Have Bootstrap and StandardClassLoader use the sam|
| 6659|New|Nor|2002-02-25|HttpUtils.getRequestURL gives incorrect URL with w|
| 6671|New|Enh|2002-02-25|Simple custom tag example uses old declaration sty|
| 7043|New|Enh|2002-03-12|database user and password for JDBC Based Store   |
| 7190|New|Nor|2002-03-18|GenericServlet spurious log's in init(), destroy()|
| 7207|New|Nor|2002-03-18|Redeployment Problem under Tomcat 4.0.2   |
| 7360|New|Nor|2002-03-22|res-sharing-scope not supported   |
| 7366|New|Enh|2002-03-22|ISAPI Redirector Replacement  |
| 7374|New|Enh|2002-03-22|Apache Tomcat/4.0.1 message on standard output|
| 7571|New|Nor|2002-03-28|DataInputStream readLong() Problem|
| 7588|New|Nor|2002-03-28|Session cannot be established if there are multipl|
| 7676|New|Enh|2002-04-02|Allow name property to use match experssions in  without className in server.xml produces N|
|10982|New|Min|2002-07-19|JNDI URL Handler class is missing in naming-resour|
|11008|New|Blk|2002-07-20|Win32/cygwin compile report + patch (gcc 3.1.1 com|
|11042|New|Min|2002-07-22|Misleading comment in server.xml  |
|11069|Opn|Enh|2002-07-23|Tomcat not flag error if tld is outside of /WEB-IN|
|11091|New|Cri|2002-07-23|Tomcat (4.1.7 - 4.1.9)-LE-jdk14 ignores error page|
|11129|New|Enh|2002-07-24|New valve for putting the sessionIDs in the reques|
|11158|New|Maj|2002-07-25|WebappClassLoader does'nt find any class in an ext|
|11197|New|Nor|2002-07-26|Filters and JSP.3.2   |
|11248|New|Enh|2002-07-29|DefaultServlet doesn't send expires header|
|11364|Opn|Maj|2002-08-01|jk2 appears to forward all virtual host requests t|
|11489|New|Enh|2002-08-06|Scanning JAR files in WEB-INF/lib without temp dir|
|11542|New|Nor|2002-08-07|cannot transfer jsp files with webdav default inst|
|11561|New|Maj|2002-08-08|JNDI problem with jdk1.4  |
|11645|New|Nor|2002-08-13|RequestStream and HttpRequestStream throw an IOExc|
|11662|New|Maj|2002-08-13|GlobalResources unavailable in DefaultContext |
|11679|New|Min|2002-08-14|"anonymous bind fa

Bug report for Watchdog [2004/01/11]

[bugzilla]

+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=CriticalMAJ=Major |
| |   |   MIN=Minor   NOR=Normal  ENH=Enhancement   |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|  278|Unc|Nor|2000-12-04|Bug in GetParameterValuesTestServlet.java file Bug|
|  279|Unc|Nor|2000-12-04|Logical Error in GetParameterValuesTestServlet Bug|
|  469|Unc|Nor|2001-01-17|in example-taglib.tld "urn" should be "uri" BugRat|
|  470|Unc|Nor|2001-01-17|FAIL positiveForward.jsp and positiveInclude.jsp B|
| 9634|New|Enh|2002-06-05|No tests exist for ServletContext.getResourcePaths|
|10703|New|Enh|2002-07-11|Need to test getRequestURI after RequestDispatcher|
|11336|New|Enh|2002-07-31|Test wrapped path methods with RD.foward()|
|11663|New|Maj|2002-08-13|JSP precompile tests rely on Jasper specific behav|
|11664|New|Maj|2002-08-13|A sweep is needed of all Watchdog 4.0 tag librarie|
|11665|New|Maj|2002-08-13|ServletToJSPErrorPageTest and ServletToServletErro|
|11666|New|Maj|2002-08-13|SetBufferSize_1TestServlet is invalid.|
|14004|New|Maj|2002-10-28|Incorrent behaviour of all attribute-related lifec|
|15504|New|Nor|2002-12-18|JSP positiveGetValues test relies on order preserv|
|24649|New|Nor|2003-11-12|getRemoteHost fails when agent has uppercase chara|
+-+---+---+--+--+
| Total   14 bugs   |
+---+

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 12240] - Management of error-codes

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12240

Management of error-codes

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||WORKSFORME



--- Additional Comments From [EMAIL PROTECTED]  2004-01-11 18:54 ---
This works for me with the latest version of TC4. If you still experience 
difficulties, please post to tomcat-user.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 12253] - Catalina fails to set proper charset

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12253

Catalina fails to set proper charset

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||FIXED



--- Additional Comments From [EMAIL PROTECTED]  2004-01-11 19:07 ---
Character encoding has been the source of quite a bit of debate on the tomcat-
dev list in recent weeks. There have been a few changes (see summary below) as 
a result. Essentially some additional configuration options have been 
provided. The UTF-8 issue (also reported in bug 22666) has also been fixed.

Character encoding summary
==

There are a number of situations where there may be a requirement to use non-
US ASCII characters in a URI. These include:
- Parameters in the query string
- Servlet paths

There is a standard for encoding URIs (http://www.w3.org/International/O-URL-
code.html) but this standard is not consistently followed by clients. This 
causes a number of problems.

The functionality provided by Tomcat (4 and 5) to handle this less than ideal 
situation is described below.

1. The Coyote HTTP/1.1 connector has a useBodyEncodingForURI attribute which 
if set to true will use the request body encoding to decode the URI query 
parameters.
  - The default value is true for TC4 (breaks spec but gives consistent 
behaviour across TC4 versions)
  - The default value is false for TC5 (spec compliant but there may be 
migration issues for some apps)
2. The Coyote HTTP/1.1 connector has a URIEncoding attribute which defaults to 
ISO-8859-1.
3. The parameters class (o.a.t.u.http.Parameters) has a QueryStringEncoding 
field which defaults to the URIEncoding. It must be set before the parameters 
are parsed to have an effect.

Things to note regarding the servlet API:
1. HttpServletRequest.setCharacterEncoding() normally only applies to the 
request body NOT the URI.
2. HttpServletRequest.getPathInfo() is decoded by the web container.
3. HttpServletRequest.getRequestURI() is not decoded by container.

Other tips:
1. Use POST with forms to return parameters as the parameters are then part of 
the request body.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 12249] - tomcat binds to IP addresses it is configured not to bind to

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12249

tomcat binds to IP addresses it is configured not to bind to

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution||WORKSFORME



--- Additional Comments From [EMAIL PROTECTED]  2004-01-11 19:24 ---
I have justed tested this with the CVS version of TC4 and the http connector 
works correctly. I have also reviewed the connector source and can not see any 
changes since 4.0.4 that would affect the binding behaviour of the connector.

Based on this, and on Remy's original comments, I am resolving this as works 
for me.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm RealmBase.java

[Bill Barker]

- Original Message - 
From: "Remy Maucherat" <[EMAIL PROTECTED]>
To: "Tomcat Developers List" <[EMAIL PROTECTED]>
Sent: Sunday, January 11, 2004 1:27 AM
Subject: Re: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
RealmBase.java


> [EMAIL PROTECTED] wrote:
> > remm2004/01/11 01:23:42
> >
> >   Modified:catalina/src/share/org/apache/catalina/realm
RealmBase.java
> >   Log:
> >   - Ooops. Put back the if(found) blocks.
>
> I left in some of my changes:
>
>@@ -457,10 +457,7 @@
>
> // Check each defined security constraint
> HttpServletRequest hreq = (HttpServletRequest)
> request.getRequest();
>-String uri = request.getDecodedRequestURI();
>-String contextPath = hreq.getContextPath();
>-if (contextPath.length() > 0)
>-uri = uri.substring(contextPath.length());
>+String uri = request.getRequestPathMB().toString();
>
> In many cases, the mapper has the String already, so this often saves
> one String (and I really don't like substring anyway).
>

This was older code that pre-dates the j-t-c Mapper.  +1 for this one.

>@@ -546,6 +547,7 @@
> "' against " + method + " " + uri + " --> " +
> constraints[i].included(uri, method));
> boolean matched = false;
>+int pos = -1;
> for(int j=0; j < collection.length; j++){
> String [] patterns = collection[j].findPatterns();
> for(int k=0; k < patterns.length && !matched; k++) {
>@@ -558,6 +560,7 @@
>uri.length()-dot == pattern.length()-1) {
>
> if(pattern.regionMatches(1,uri,dot,uri.length()-dot)) {
> matched = true;
>+pos = j;
> }
> }
> }
>@@ -565,17 +568,19 @@
> }
> if(matched) {
> found = true;
>-if(collection[i].findMethod(method)) {
>+if(collection[pos].findMethod(method)) {
> if(results == null) {
> results = new ArrayList();
>-}
>+}
> results.add(constraints[i]);
> }
> }
> }
>
> i was an index in the constraints array, so this should be a genuine bug.
>

This was a cut-and-paste bug.  Also +1.

> Rémy
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


This message is intended only for the use of the person(s) listed above as the 
intended recipient(s), and may contain information that is PRIVILEGED and 
CONFIDENTIAL.  If you are not an intended recipient, you may not read, copy, or 
distribute this message or any attachment. If you received this communication in 
error, please notify us immediately by e-mail and then delete all copies of this 
message and any attachments.

In addition you should be aware that ordinary (unencrypted) e-mail sent through the 
Internet is not secure. Do not send confidential or sensitive information, such as 
social security numbers, account numbers, personal identification numbers and 
passwords, to us via ordinary (unencrypted) e-mail.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm RealmBase.java

[Bill Barker]

- Original Message - 
From: "Remy Maucherat" <[EMAIL PROTECTED]>
To: "Tomcat Developers List" <[EMAIL PROTECTED]>
Sent: Sunday, January 11, 2004 1:18 AM
Subject: Re: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
RealmBase.java


> Bill Barker wrote:
> >>remm2004/01/10 09:23:39
> >>
> >>  Modified:catalina/src/share/org/apache/catalina/realm
RealmBase.java
> >>  Log:
> >>  - findMethod wasn't called on the right collection.
> >>  - The algorithm ignored extension mapped constraints as long as a
> >
> > widcard
> >
> >>or exact mapped constraint was found. This doesn't seem right (I did
> >
> > quickly
> >
> >>read the relevant portions of the spec).
> >
> >
> > -1.  This is exactly what the spec says should happen.  Just because it
is
> > silly doesn't change the fact it is what we have to implement.  Go read
> > section 12.8.3 again.
>
> Ah ok. So the container provided authentication  is really useless after
> all.
> I didn't understand it that way.
>

It's the only way that you can use the "Combinining Constraints" (section
12.8.1) at all, since that says to use the least restrictive constraint.

> Are there situations where more than one constraint is returned ?
>

Not very often, but it is possible.  The example in 12.8.2 would be one such
case.

> Rémy
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


This message is intended only for the use of the person(s) listed above as the 
intended recipient(s), and may contain information that is PRIVILEGED and 
CONFIDENTIAL.  If you are not an intended recipient, you may not read, copy, or 
distribute this message or any attachment. If you received this communication in 
error, please notify us immediately by e-mail and then delete all copies of this 
message and any attachments.

In addition you should be aware that ordinary (unencrypted) e-mail sent through the 
Internet is not secure. Do not send confidential or sensitive information, such as 
social security numbers, account numbers, personal identification numbers and 
passwords, to us via ordinary (unencrypted) e-mail.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SECURITY BUG: No place to disable HTTP TRACE vulnerability

[Bill Barker]

- Original Message - 
From: "Remy Maucherat" <[EMAIL PROTECTED]>
To: "Tomcat Developers List" <[EMAIL PROTECTED]>
Sent: Sunday, January 11, 2004 1:18 AM
Subject: Re: SECURITY BUG: No place to disable HTTP TRACE vulnerability


> Bill Barker wrote:
> > Ok, this isn't right.  Tomcat defaults to NonLoginAuthenticator if there
is
> > no login-config.  This one just approves everybody for everything.
>
> Ok. This isn't absolutely critical, but needs to be fixed.
>

I just tested this with a fresh build of everything, and it seems that
Tomcat is working fine.  I set allowTrace="true" on the connector, and put
in a security-constraint to forbid TRACE in ROOT/WEB-INF/web.xml but no
login-config.  The result is a perfectly good 403 response to 'TRACE /
HTTP/1.0', and a perfectly good TRACE response to 'TRACE /jsp-examples/
HTTP/1.0'.

I'm afraid that you will have to provide a test case if you want to re-open
this issue ;-).  I'm resolving it as WORKSFORME.

> Rémy
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


This message is intended only for the use of the person(s) listed above as the 
intended recipient(s), and may contain information that is PRIVILEGED and 
CONFIDENTIAL.  If you are not an intended recipient, you may not read, copy, or 
distribute this message or any attachment. If you received this communication in 
error, please notify us immediately by e-mail and then delete all copies of this 
message and any attachments.

In addition you should be aware that ordinary (unencrypted) e-mail sent through the 
Internet is not secure. Do not send confidential or sensitive information, such as 
social security numbers, account numbers, personal identification numbers and 
passwords, to us via ordinary (unencrypted) e-mail.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 25610] - javadocs of TLV.validate() need

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25610

javadocs of TLV.validate() need

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution||FIXED



--- Additional Comments From [EMAIL PROTECTED]  2004-01-12 00:15 ---
This appears to be fixed.  Note that since the 2.0 spec is already final, 
reopening will simply result in closing it as WONTFIX.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 26039] - spanish translations

[bugzilla]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26039

spanish translations





--- Additional Comments From [EMAIL PROTECTED]  2004-01-12 00:22 ---
The attachment looks like a jar file.  You need to submit your patch as 
a 'diff' file (preferably using 'cvs diff') if you want it to be considered.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Possible Bug in 4.1.27 - RequestDispatcher fails after cross context include

[Scott Goldstein]

I sent this to the user list, but received no reply.  This is in response to 
bug #25965.

I have two web applications, client and server (attached). In the client web
application, there is a single servlet, ClientServlet which performs an
include to another servlet, ServerServlet, in server web application. This is
done through the following code:

ServletContext serverServletContext =
getServletContext().getContext(SERVER_CONTEXT_ROOT);
RequestDispatcher requestDispatcher =
serverServletContext.getRequestDispatcher(SERVER_SERVLET_PATH);
requestDispatcher.include(httpServletRequest, httpServletResponse);

This portion of the test case works as expected.

The ServerServlet will then attempt to include a jsp file, test.jsp, within
the server web application using the following:
RequestDispatcher dispatcher = httpServletRequest.getRequestDispatcher
("/test.jsp");
dispatcher.include(httpServletRequest, httpServletResponse);

This, however, does not work as expected. Although the dispatcher is not null,
the content of the jsp is not displayed.

Note that if you invoke the ServletServlet directly, without going through the
ClientServlet of the Client web application, the jsp is displayed as expected.

Thoughts?

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session StandardManager.java

[fhanik]

fhanik  2004/01/11 21:21:48

  Modified:catalina/src/share/org/apache/catalina Manager.java
   catalina/src/share/org/apache/catalina/core
StandardContext.java
   catalina/src/share/org/apache/catalina/session
StandardManager.java
  Log:
  Refactoring parts of the code. In order for custom managers (such as the clustering 
managers) to take advantage of the background threads that are already implemented, it 
is better to have the Manager interface to expose the backgroundProcess method. That 
way the context can invoke any other manager in a similar way.
  I opted for this way instead of using reflection. Yell if you don't like it, and I 
will change it back.
  
  Revision  ChangesPath
  1.4   +11 -5 
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/Manager.java
  
  Index: Manager.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/Manager.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- Manager.java  9 Dec 2002 15:57:43 -   1.3
  +++ Manager.java  12 Jan 2004 05:21:48 -  1.4
  @@ -186,7 +186,7 @@
* Get a session from the recycled ones or create a new empty one.
* The PersistentManager manager does not need to create session data
* because it reads it from the Store.
  - */ 
  + */
   public Session createEmptySession();
   
   /**
  @@ -260,5 +260,11 @@
*/
   public void unload() throws IOException;
   
  +/**
  + * This method will be invoked by the context/container on a periodic
  + * basis and allows the manager to implement
  + * a method that executes periodic tasks, such as expiring sessions etc.
  + */
  +public void backgroundProcess();
   
   }
  
  
  
  1.105 +124 -125  
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardContext.java
  
  Index: StandardContext.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardContext.java,v
  retrieving revision 1.104
  retrieving revision 1.105
  diff -u -r1.104 -r1.105
  --- StandardContext.java  5 Jan 2004 08:46:20 -   1.104
  +++ StandardContext.java  12 Jan 2004 05:21:48 -  1.105
  @@ -71,6 +71,7 @@
   import java.io.InputStreamReader;
   import java.io.ObjectOutputStream;
   import java.io.Serializable;
  +import java.lang.reflect.Method;
   import java.net.URLDecoder;
   import java.util.ArrayList;
   import java.util.HashMap;
  @@ -206,14 +207,14 @@
   /**
* The set of instantiated application event listener objects.
*/
  -private transient Object applicationEventListenersObjects[] = 
  +private transient Object applicationEventListenersObjects[] =
   new Object[0];
   
   
   /**
* The set of instantiated application lifecycle listener objects.
*/
  -private transient Object applicationLifecycleListenersObjects[] = 
  +private transient Object applicationLifecycleListenersObjects[] =
   new Object[0];
   
   
  @@ -228,12 +229,12 @@
* The application available flag for this Context.
*/
   private boolean available = false;
  -
  +
   /**
  - * The broadcaster that sends j2ee notifications. 
  + * The broadcaster that sends j2ee notifications.
*/
   private NotificationBroadcasterSupport broadcaster = null;
  -
  +
   /**
* The Locale to character set mapper for this application.
*/
  @@ -303,7 +304,7 @@
   private String displayName = null;
   
   
  -/** 
  +/**
* Override the default web xml location. ContextConfig is not configurable
* so the setter is not used.
*/
  @@ -373,7 +374,7 @@
   /**
* The mapper associated with this context.
*/
  -private org.apache.tomcat.util.http.mapper.Mapper mapper = 
  +private org.apache.tomcat.util.http.mapper.Mapper mapper =
   new org.apache.tomcat.util.http.mapper.Mapper();
   
   
  @@ -491,7 +492,7 @@
* The notification sequence number.
*/
   private long sequenceNumber = 0;
  -
  +
   /**
* The status code error pages for this web application, keyed by
* HTTP status code (as an Integer).
  @@ -622,7 +623,7 @@
   private long tldScanTime;
   
   /** Name of the engine. If null, the domain is used.
  - */ 
  + */
   private String engineName = null;
   private String j2EEApplication="none";
   private String j2EEServer="none";
  @@ -1307,7 +1308,7 @@
   
   }
   
  -
  +
   /**
* Set the context path for this Cont

cvs commit: jakarta-tomcat-catalina/modules/cluster/src/share/org/apache/catalina/cluster/tcp ReplicationValve.java

[fhanik]

fhanik  2004/01/11 21:23:11

  Modified:modules/cluster/src/share/org/apache/catalina/cluster
ClusterSession.java SessionMessage.java
   modules/cluster/src/share/org/apache/catalina/cluster/session
DeltaManager.java DeltaSession.java
ReplicatedSession.java
SimpleTcpReplicationManager.java
   modules/cluster/src/share/org/apache/catalina/cluster/tcp
ReplicationValve.java
  Added:   modules/cluster/src/share/org/apache/catalina/cluster/session
DeltaRequest.java
  Log:
  Started to implement delta replication. This will allow for less data to be sent 
over the wire.
  
  Revision  ChangesPath
  1.2   +67 -2 
jakarta-tomcat-catalina/modules/cluster/src/share/org/apache/catalina/cluster/ClusterSession.java
  
  Index: ClusterSession.java
  ===
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/modules/cluster/src/share/org/apache/catalina/cluster/ClusterSession.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- ClusterSession.java   15 Nov 2003 00:58:20 -  1.1
  +++ ClusterSession.java   12 Jan 2004 05:23:10 -  1.2
  @@ -1,8 +1,73 @@
  +/*
  + * $Header$
  + * $Revision$
  + * $Date$
  + *
  + * 
  + *
  + * The Apache Software License, Version 1.1
  + *
  + * Copyright (c) 1999 The Apache Software Foundation.  All rights
  + * reserved.
  + *
  + * Redistribution and use in source and binary forms, with or without
  + * modification, are permitted provided that the following conditions
  + * are met:
  + *
  + * 1. Redistributions of source code must retain the above copyright
  + *notice, this list of conditions and the following disclaimer.
  + *
  + * 2. Redistributions in binary form must reproduce the above copyright
  + *notice, this list of conditions and the following disclaimer in
  + *the documentation and/or other materials provided with the
  + *distribution.
  + *
  + * 3. The end-user documentation included with the redistribution, if
  + *any, must include the following acknowlegement:
  + *   "This product includes software developed by the
  + *Apache Software Foundation (http://www.apache.org/)."
  + *Alternately, this acknowlegement may appear in the software itself,
  + *if and wherever such third-party acknowlegements normally appear.
  + *
  + * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
  + *Foundation" must not be used to endorse or promote products derived
  + *from this software without prior written permission. For written
  + *permission, please contact [EMAIL PROTECTED]
  + *
  + * 5. Products derived from this software may not be called "Apache"
  + *nor may "Apache" appear in their names without prior written
  + *permission of the Apache Group.
  + *
  + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
  + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  + * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
  + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
  + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
  + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
  + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  + * SUCH DAMAGE.
  + * 
  + *
  + * This software consists of voluntary contributions made by many
  + * individuals on behalf of the Apache Software Foundation.  For more
  + * information on the Apache Software Foundation, please see
  + * .
  + *
  + * [Additional notices, if required by prior licensing conditions]
  + *
  + */
  +
  +
   package org.apache.catalina.cluster;
   
   import org.apache.catalina.Session;
  +import javax.servlet.http.HttpSession;
   
  -public interface ClusterSession extends Session {
  +public interface ClusterSession extends Session, HttpSession {
  /**
   * returns true if this session is the primary session, if that is the
   * case, the manager can expire it upon timeout.
  @@ -16,4 +81,4 @@
   */
  public void setPrimarySession(boolean primarySession);
   
  -}
  \ No newline at end of file
  +}
  
  
  
  1.5   +8 -17 
jakarta-tomcat-catalina/modules/cluster/src/share/org/apache/catalina/cluster/SessionMessage.java
  
  Index: SessionMessage.java

SSL Socket does not timeout when no handshake occurs

[Alex Chan]

I have found that if a connection is initiated on the SSL port but the
client does not participate in the SSL handshake, the socket seems to hang
around indefinitely. The test I used was to telnet to the secure port
without typing/sending any further data.

When doing the same to the non-secure port, the socket will timeout
according to the connectionTimeout parameter.

I noticed in the code PoolTcpEndPoint.java, in the TcpWorkerThread.runIt()
method, that
endpoint.setSocketOptions(s) is called after
endpoint.getServerSocketFactory().handshake(s).
I tried moving the call to setSocketOptions() before handshake() and the SSL
socket times out according to the connectionTimeout.

As I am a relatively new Tomcat user, I'm not sure what are the
impact/implications of this change.
Any feedback, particularly as to whether you agree this is a problem, would
be most appreciated.

Thanks in advance,
- Alex