[PATCH] Improvement of tomcat documents.
Hi, tomcat committers. I have made a patch to improve some tomcat documents. Could anyone apply it? Changes: - Fixes some typos. - Fixes broken links, Commons DBCP javadoc and Tyrex site, in jndi-datasource-examples-howto.xml. - Writes utf-8 encoding values into a sample xsl file of directory listings in default-servlet.xml. -- Kan Ogawa [EMAIL PROTECTED] Index: jakarta-tomcat-catalina/webapps/docs/default-servlet.xml === RCS file: /home/cvspublic/jakarta-tomcat-catalina/webapps/docs/default-servlet.xml,v retrieving revision 1.1 diff -u -w -r1.1 default-servlet.xml --- jakarta-tomcat-catalina/webapps/docs/default-servlet.xml19 Jun 2003 21:41:48 - 1.1 +++ jakarta-tomcat-catalina/webapps/docs/default-servlet.xml22 Oct 2003 02:59:21 - @@ -37,7 +37,7 @@ section name=Where is it declared? a name=where/a It is declared globally in i$CATALINA_HOME/conf/web.xml/i. -By default here is it's declaration: +By default here is its declaration: source lt;servletgt; lt;servlet-namegt;defaultlt;/servlet-namegt; @@ -151,9 +151,9 @@ section name=How do I customize directory listings? a name=dir/a -pYou can override DefaultServlet with you own implementation and use that +pYou can override DefaultServlet with your own implementation and use that in your web.xml declaration. If you -can undertand what was just said, we will assume yo can read the code +can undertand what was just said, we will assume you can read the code to DefaultServlet servlet and make the appropriate adjustments. (If not, then that method isn't for you) /p @@ -190,12 +190,12 @@ /p The following is a sample xsl file which mimics the default tomcat behavior: source -lt;?xml version=1.0?gt; +lt;?xml version=1.0 encoding=utf-8?gt; lt;xsl:stylesheet xmlns:xsl=http://www.w3.org/1999/XSL/Transform; version=1.0gt; - lt;xsl:output method=xhtml encoding=iso-8859-1 indent=no/gt; + lt;xsl:output method=xhtml encoding=utf-8 indent=no/gt; lt;xsl:template match=listinggt; lt;htmlgt; Index: jakarta-tomcat-catalina/webapps/docs/deployer-howto.xml === RCS file: /home/cvspublic/jakarta-tomcat-catalina/webapps/docs/deployer-howto.xml,v retrieving revision 1.5 diff -u -w -r1.5 deployer-howto.xml --- jakarta-tomcat-catalina/webapps/docs/deployer-howto.xml 30 Jul 2003 18:37:06 - 1.5 +++ jakarta-tomcat-catalina/webapps/docs/deployer-howto.xml 22 Oct 2003 02:59:21 - @@ -51,7 +51,7 @@ /p pContext descriptors allow defining all aspects and configuration parameters -of a Context, such as namign resources and session manager configuration. +of a Context, such as naming resources and session manager configuration. It should be noted that the docBase specified in the Context element can refer to either the .WAR or the directory which will be created when the .WAR is expanded or the .WAR itself./p Index: jakarta-tomcat-catalina/webapps/docs/jndi-datasource-examples-howto.xml === RCS file: /home/cvspublic/jakarta-tomcat-catalina/webapps/docs/jndi-datasource-examples-howto.xml,v retrieving revision 1.5 diff -u -w -r1.5 jndi-datasource-examples-howto.xml --- jakarta-tomcat-catalina/webapps/docs/jndi-datasource-examples-howto.xml 15 Jan 2003 03:40:43 - 1.5 +++ jakarta-tomcat-catalina/webapps/docs/jndi-datasource-examples-howto.xml 22 Oct 2003 02:59:22 - @@ -50,7 +50,7 @@ JDBC 3.0 features with a 1.4 JVM. /p -pSee the a href=http://jakarta.apache.org/commons/dbcp/api/index.html; +pSee the a href=http://jakarta.apache.org/commons/dbcp/apidocs/index.html; DBCP Javadocs/a BasicDataSource class for a complete list of configuration parameters. /p @@ -521,7 +521,7 @@ p Tomcat 5 provides transaction management and resource configuration support through the use of -a href=http://tyrex.exolab.org/;Tyrex/a 1.0. This allows the user to obtain JTA/JCA resources +a href=http://tyrex.sourceforge.net/;Tyrex/a 1.0. This allows the user to obtain JTA/JCA resources from the JNDI namespace, as well as the standard codejavax.transaction.UserTransaction/code. /p @@ -534,7 +534,7 @@ Tyrex jar, as well as the jars it requires. Here is a list of the required jars, and where to obtain them: /p p -The following jars are included with Tyrex binary distribution, available at http://tyrex.exolab.org. +The following jars are included with Tyrex binary distribution, available at http://tyrex.sourceforge.net. ul lityrex-1.0.jar/li @@ -551,13 +551,13 @@ /ul /p p -All six of these jar files need to be placed on $TOMCAT_HOME/common/lib so that both Tomcat and your web application will see them. +All six of these jar files need to be placed on $CATALINA_HOME/common/lib so that both Tomcat and your web application will see them. /p /subsection subsection name
Jakarta Tomcat 4.1 XSS vulnerability
Hi, Jakarta Tomcat 4.1 cross-site scripting vulnerability, which was reported last year, is not yet resolved. http://www.securityfocus.com/archive/82/288502/2002-08-16/2002-08-22/0 I verified this vulnerability on Tomcat 4.1.27 with Coyote HTTP/1.1 connector. http://localhost:8080/666%0a%0ascriptalert(asdf);/script666.jsp On the other hand, on Tomcat 5.0, it was not reproduced. Do you neglect to resolve it to Tomcat 4.x, Tomcat committers? Regards, -- Kan Ogawa [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JkCoyoteHandler with SSL
:46:56,281 INFO [Engine] action: Processing a POST for /logon 19:46:56,291 INFO [Engine] action: Setting locale 'en_US' 19:46:56,291 INFO [Engine] action: Looking for ActionForm bean under attribute 'logon' 19:46:56,291 INFO [Engine] action: Creating new ActionForm instance of class ' pro.registrypro.products.ami.form.logonForm' 19:46:56,291 INFO [Engine] action: Storing instance under attribute 'logon' in scope 'request' 19:46:56,291 INFO [Engine] action: Populating bean properties from this reques t 19:46:56,301 INFO [Engine] action: Validating input form properties 19:46:56,301 INFO [Engine] action: No errors detected, accepting input 19:46:56,301 INFO [Engine] action: Looking for Action instance for class pro.r egistrypro.products.ami.action.logonAction 19:46:56,301 INFO [Engine] action: Double checking for Action instance alread y there 19:46:56,301 INFO [Engine] action: Creating new Action instance 19:46:56,361 INFO [STDOUT] ping: usa-bwdzu56x1fd 19:46:56,361 INFO [STDOUT] ipAddr=10.168.1.61 19:46:56,361 INFO [Engine] action: Begin-Validation 19:46:56,361 INFO [STDOUT] ALRIGHT WE GOT SOMETHING 19:46:56,361 INFO [STDOUT] [-BEGIN CERTIFICATE- MIICnTCCAgYCAQEwDQYJKoZIhvcNAQEEBQAwgYwxCzAJBgNVBAYTAlVTMRAwDgYD VQQIEwdHZW9yZ2lhMRAwDgYDVQQHEwdBdGxhbnRhMRQwEgYDVQQKEwtSZWdpc3Ry eVBybzEMMAoGA1UECxMDRGV2MRIwEAYDVQQDEwkxMjcuMC4wLjExITAfBgkqhkiG 9w0BCQEWEnJ3a2FzdGVuQG54anF6LmNvbTAeFw0wMzA4MTQxNDI4NTRaFw0wNDA4 MTMxNDI4NTRaMIGgMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHR2VvcmdpYTEQMA4G A1UEBxMHQXRsYW50YTEUMBIGA1UEChMLUmVnaXN0cnlQcm8xDDAKBgNVBAsTA0Rl djEnMCUGA1UEAxMeVGVzdCBDbGllbnQgQ2VydCBmb3IgMTI3LjAuMC4xMSAwHgYJ KoZIhvcNAQkBFhFyd2thc3RlbkB4anF6LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEAz6vkmB63Q69eZDWkdWoO+bHNRu4vLQVLl/arA8W1aw7gpXrtQn19 Bw0DIhp2OCIDOixoF6Oq3tfAz5agFcj1haRGCjtI4GlgiuIgM2bN1EuW3pbdwmtE 3jv3qKbMNn5M124Usn/seUn1DlMkv7+7AdDVjZz36zoMmZqaVjoSSdUCAwEAATAN BgkqhkiG9w0BAQQFAAOBgQALS8XG/3RL/F6K7Ytf5CF7du5Ip199TdI9FSrUcbGY JiS9pGlxuhJwd3c5L8A+IuN9gai5FnITnsoBHn4S3a89FxSEeqW4kAno8PWVUBeN KjZiHGHMiyok8h9CWZPv4CDtcLvP3jpoIEgkROs0wnfdOdwK2FyCHj2QuMc3iioO gA== -END CERTIFICATE- ] 19:46:56,371 INFO [STDOUT] ---Certificate--- 19:46:56,371 INFO [STDOUT] type = X.509 19:46:56,371 INFO [STDOUT] version = 1 19:46:56,371 INFO [STDOUT] subject = [EMAIL PROTECTED], CN=Test Cl ient Cert for 127.0.0.1, OU=Dev, O=RegistryPro, L=Atlanta, ST=Georgia, C=US 19:46:56,371 INFO [STDOUT] valid from = Thu Aug 14 10:28:54 EDT 2003 19:46:56,371 INFO [STDOUT] valid to = Fri Aug 13 10:28:54 EDT 2004 19:46:56,371 INFO [STDOUT] serial number = 1 19:46:56,371 INFO [STDOUT] issuer = [EMAIL PROTECTED], CN=127.0.0 .1, OU=Dev, O=RegistryPro, L=Atlanta, ST=Georgia, C=US 19:46:56,371 INFO [STDOUT] signing algorithm = MD5withRSA 19:46:56,381 INFO [STDOUT] public key algorithm = RSA 19:46:56,381 INFO [STDOUT] ---Extensions--- 19:46:56,381 INFO [STDOUT] --- 19:46:56,381 INFO [Engine] action: End Loop 19:46:56,381 INFO [STDOUT] AmiDelegator.checkuser 19:46:56,621 INFO [STDOUT] DataBean context set 19:46:56,651 INFO [STDOUT] Ami.props 19:46:56,681 INFO [STDOUT] uservo=UserVO: login:rpro-developer::: pass-admin::: certid-1::: ip-10.168.1.61::: newpass-nul l::: sid-null::: role-null 19:46:57,102 INFO [STDOUT] eppRes=(message = Wrong certificate ID), (code = 220 0), (tid = 14854711) 19:46:57,102 INFO [STDOUT] sid=null## role=null 19:46:57,112 INFO [STDOUT] code=2200 19:46:57,112 INFO [STDOUT] message=Wrong certificate ID 19:46:57,112 INFO [STDOUT] sid=null 19:46:57,112 INFO [STDOUT] UserBean removed 19:46:57,112 INFO [Engine] action: logon: Got UserException- 'Wrong certificate ID' on session 01BD9DC9B2EF687EE90F8FAD8147B49F 19:46:57,122 INFO [STDOUT] 1 19:46:57,122 INFO [STDOUT] [EMAIL PROTECTED] 19:46:57,162 ERROR [JkCoyoteHandler] Certificate convertion failed -- Kan Ogawa [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[PATCH] The Japanese translation patch for servlet examples in Tomcat4
Hi, Catalina committers. This patch is the Japanese message resource for servlet examples in Tomcat 4, and also includes some modification for it. I wish the patch to be applied. Regards, -- Kan Ogawa [EMAIL PROTECTED]# $Id$ # Default localized resources for example servlets # This locale is ja_JP helloworld.title=\u3053\u3093\u306b\u3061\u306f\u4e16\u754c\uff01 requestinfo.title=\u30ea\u30af\u30a8\u30b9\u30c8\u60c5\u5831 \u4f8b\u984c requestinfo.label.method=\u30e1\u30bd\u30c3\u30c9: requestinfo.label.requesturi=\u30ea\u30af\u30a8\u30b9\u30c8URI: requestinfo.label.protocol=\u30d7\u30ed\u30c8\u30b3\u30eb: requestinfo.label.pathinfo=\u30d1\u30b9\u60c5\u5831: requestinfo.label.remoteaddr=\u30ea\u30e2\u30fc\u30c8\u30a2\u30c9\u30ec\u30b9: requestheader.title=\u30ea\u30af\u30a8\u30b9\u30c8\u30d8\u30c3\u30c0\u60c5\u5831 \u4f8b\u984c requestparams.title=\u30ea\u30af\u30a8\u30b9\u30c8\u30d1\u30e9\u30e1\u30fc\u30bf \u4f8b\u984c requestparams.params-in-req=\u3053\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u30d1\u30e9\u30e1\u30fc\u30bf: requestparams.no-params=\u30d1\u30e9\u30e1\u30fc\u30bf\u304c\u3042\u308a\u307e\u305b\u3093\u3001\u4f55\u304b\u5165\u308c\u3066\u304f\u3060\u3055\u3044\u3002 requestparams.firstname=\u59d3: requestparams.lastname=\u540d: cookies.title=\u30af\u30c3\u30ad\u30fc \u4f8b\u984c cookies.cookies=\u3042\u306a\u305f\u306e\u30d6\u30e9\u30a6\u30b6\u306f\u3001\u6b21\u306e\u30af\u30c3\u30ad\u30fc\u3092\u9001\u4fe1\u3057\u3066\u3044\u307e\u3059: cookies.no-cookies=\u3042\u306a\u305f\u306e\u30d6\u30e9\u30a6\u30b6\u306f\u3001\u30af\u30c3\u30ad\u30fc\u3092\u307e\u3063\u305f\u304f\u9001\u4fe1\u3057\u3066\u3044\u307e\u305b\u3093\u3002 cookies.make-cookie=\u3042\u306a\u305f\u306e\u30d6\u30e9\u30a6\u30b6\u306b\u9001\u4fe1\u3059\u308b\u30af\u30c3\u30ad\u30fc\u3092\u4f5c\u6210\u3057\u3066\u304f\u3060\u3055\u3044\u3002 cookies.name=\u540d\u524d: cookies.value=\u5024: cookies.set=\u53ea\u4eca\u3001\u6b21\u306e\u30af\u30c3\u30ad\u30fc\u3092\u3042\u306a\u305f\u306e\u30d6\u30e9\u30a6\u30b6\u306b\u9001\u4fe1\u3057\u307e\u3057\u305f: sessions.title=\u30bb\u30c3\u30b7\u30e7\u30f3 \u4f8b\u984c sessions.id=\u30bb\u30c3\u30b7\u30e7\u30f3ID: sessions.created=\u30bb\u30c3\u30b7\u30e7\u30f3\u4f5c\u6210\u6642\u523b: sessions.lastaccessed=\u6700\u5f8c\u306b\u9001\u4fe1\u3057\u305f\u6642\u523b: sessions.data=\u3053\u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u306b\u306f\u3001\u6b21\u306e\u30c7\u30fc\u30bf\u304c\u3042\u308a\u307e\u3059: sessions.adddata=\u3053\u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u306b\u30c7\u30fc\u30bf\u3092\u8ffd\u52a0\u3057\u3066\u304f\u3060\u3055\u3044\u3002 sessions.dataname=\u30bb\u30c3\u30b7\u30e7\u30f3\u5c5e\u6027\u540d: sessions.datavalue=\u30bb\u30c3\u30b7\u30e7\u30f3\u5c5e\u6027\u5024: Index: jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/CookieExample.java === RCS file: /home/cvspublic/jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/CookieExample.java,v retrieving revision 1.3 diff -u -w -r1.3 CookieExample.java --- jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/CookieExample.java 23 Apr 2002 15:17:25 - 1.3 +++ jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/CookieExample.java 8 Mar 2003 09:14:05 - @@ -18,13 +18,15 @@ public class CookieExample extends HttpServlet { -ResourceBundle rb = ResourceBundle.getBundle(LocalStrings); - public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { +ResourceBundle rb = +ResourceBundle.getBundle(LocalStrings,request.getLocale()); + response.setContentType(text/html); +response.setLocale(request.getLocale()); PrintWriter out = response.getWriter(); out.println(html); Index: jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/HelloWorldExample.java === RCS file: /home/cvspublic/jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/HelloWorldExample.java,v retrieving revision 1.2 diff -u -w -r1.2 HelloWorldExample.java --- jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/HelloWorldExample.java 29 Nov 2001 18:27:25 - 1.2 +++ jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/HelloWorldExample.java 8 Mar 2003 09:14:05 - @@ -23,7 +23,10 @@ { ResourceBundle rb = ResourceBundle.getBundle(LocalStrings,request.getLocale()); + response.setContentType(text/html); +response.setLocale(request.getLocale()); + PrintWriter out = response.getWriter(); out.println(html); Index: jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/RequestHeaderExample.java === RCS file: /home/cvspublic/jakarta-tomcat-4.0/webapps/examples/WEB-INF/classes/RequestHeaderExample.java,v
RE: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets InvokerServlet.java
Hi, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 08, 2002 5:34 AM remm2002/10/07 13:33:31 Modified:catalina/src/share/org/apache/catalina/servlets Tag: tomcat_40_branch InvokerServlet.java Log: - Port patch. - Proposed fix for 13365. Please review. I have confirmed the fix for 13365. When I requested the /examples/servlet/default/jsp/snp/snoop.jsp url on the browser, HTTP 404 Status had been returned. The patch I suggested to Bugzilla 13365 is unnecessary. Thanks. -- Kan Ogawa [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [PATCH] improve internationalization for admin tool
Hi, Amy. Takashi Okamoto wrote: Hi tomcat, (especially amy) This is the second patch to internationalize the admin tools. First patch was commited by amy. New patch will improve at following point: + store file with utf-8 encoding and add encoding='utf-8' at xml header. + use filter servlet to decode post and get parameters. (you have to include SetCharacterEncodingFilter in admin web application with this patch) SetCharacterEncodingFilter isn't included in your patch. Can you submit that as well? In admin web application, can you add the same filter as filters.SetCharacterEncodingFilter class in Tomcat examples application ??? -- Kan Ogawa [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
[PATCH] The response of a multi-byte character in Tomcat 4 - Manager Application.
Hi, I 'm using Tomcat 4.0.1 , but a multi-byte character isn't displayed correctly in Tomcat 4 - Manager Application, concretely, ManagerServlet and HTMLManagerServlet. Now, since these servlets set the contents-type as text/plain or text/html, a single-byte character only can be displayed correctly. Therefore, it is necessary to set the contents-type which corresponded to every locale. For example, in Japanese case, the contents-type to return HTML contents is text/html; charset=Shift_JIS. So I send the patch with which it is fixed. By applying this patch, a charset corresponding to the default locale of the server running Tomcat 4 comes to be included to the content-type. == Name: Kan Ogawa EMail: [EMAIL PROTECTED] == ManagerServlet.java.diff HTMLManagerServlet.java.diff -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]