Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session ManagerBase.java

[Renato]

Hi Yoav,

I just give it try and it didn't work. I still see
thousands of opened '/dev/urandom' with lsof:

java8457 webserver   19r   CHR  1,9   
 39427 /dev/urandom
java8457 webserver   20r   CHR  1,9   
 39427 /dev/urandom
java8457 webserver   21r   CHR  1,9   
 39427 /dev/urandom
java8457 webserver   22r   CHR  1,9   
 39427 /dev/urandom
java8457 webserver   23r   CHR  1,9   
 39427 /dev/urandom
java8457 webserver   24r   CHR  1,9   
 39427 /dev/urandom
java8457 webserver   25r   CHR  1,9   
 39427 /dev/urandom
java8457 webserver   26r   CHR  1,9   
 39427 /dev/urandom
java8457 webserver   27r   CHR  1,9   
 39427 /dev/urandom
java8457 webserver   28r   CHR  1,9   
 39427 /dev/urandom
java8457 webserver   29r   CHR  1,9   
 39427 /dev/urandom
java8457 webserver   30r   CHR  1,9   
 39427 /dev/urandom
java8457 webserver   31r   CHR  1,9   
 39427 /dev/urandom
java8457 webserver   32r   CHR  1,9   
 39427 /dev/urandom
java8457 webserver   33r   CHR  1,9   
 39427 /dev/urandom
java8457 webserver   34r   CHR  1,9   
 39427 /dev/urandom
java8457 webserver   35r   CHR  1,9   
 39427 /dev/urandom
java8457 webserver   36r   CHR  1,9   
 39427 /dev/urandom

I think the leak is on 'new FileInputStream(f)' and
not is randomIS.

Thanks again.

--- [EMAIL PROTECTED] wrote:

> yoavs   2004/08/31 07:07:54
> 
>   Modified:   
> catalina/src/share/org/apache/catalina/session
> ManagerBase.java
>   Log:
>   Added explicit close of randomIS DataInputSource
> for better resource handling.
>   
>   Revision  ChangesPath
>   1.32  +14 -1
>
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/ManagerBase.java
>   
>   Index: ManagerBase.java
>  
>
===
>   RCS file:
>
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/ManagerBase.java,v
>   retrieving revision 1.31
>   retrieving revision 1.32
>   diff -u -r1.31 -r1.32
>   --- ManagerBase.java16 Aug 2004 09:31:05 -
> 1.31
>   +++ ManagerBase.java31 Aug 2004 14:07:54 -
> 1.32
>   @@ -452,6 +452,12 @@
>if( log.isDebugEnabled() )
>log.debug( "Opening " +
> devRandomSource );
>} catch( IOException ex ) {
>   +try {
>   +   randomIS.close();
>   +   } catch (Exception e) {
>   +log.warn("Failed to close
> randomIS.");
>   +   }
>   +
>randomIS=null;
>}
>}
>   @@ -728,6 +734,13 @@
>} catch( Exception ex ) {
>}
>devRandomSource=null;
>   + 
>   +try {
>   +   randomIS.close();
>   +   } catch (Exception e) {
>   +log.warn("Failed to close
> randomIS.");
>   +   }
>   +
>randomIS=null;
>}
>Random random = getRandom();
>   
>   
>   
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 




___
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [Patch] File descriptor leak in ManagerBase - please advise.

[Renato]

Hi,

I just saw your fix. I'll give it a try and let you
know.

Thanks.

--- "Shapira, Yoav" <[EMAIL PROTECTED]> wrote:

> 
> Hi,
> randomIS is set to null in the getBytes method.  But
> that's not as good
> as an explicit close.  So I'll add an explicit close
> before setting
> randomIS to null.  Your patch I don't like as much
> because it closes the
> stream before the readLong method is invoked on it.
> 
> Yoav Shapira
> Millennium Research Informatics
> 
> 
> >-Original Message-
> >From: Renato [mailto:[EMAIL PROTECTED]
> >Sent: Monday, August 30, 2004 1:43 PM
> >To: [EMAIL PROTECTED]
> >Subject: [Patch] File descriptor leak in
> ManagerBase - please advise.
> >
> >Hi all,
> >
> >I running linux with tomcat 5.0.28. Today I have
> the
> >following error:
> >
> >java.net.SocketException: Too many open files
> >at
> java.net.Socket.createImpl(Socket.java:331)
> >at java.net.Socket.(Socket.java:304)
> >at java.net.Socket.(Socket.java:124)
> >(...)
> >
> >By checking with 'lsof -p "tomcat_pid"', I saw that
> >there thousands of opened /dev/urandom files.
> >
> >I looked at the code and I found that in class
> >org/apache/catalina/session/ManagerBase.java, the
> >/dev/urandom is opened but apparently never
> closed...
> >( any reason ? )
> >
> >I made this patch and it fixed my problem, with no
> >colateral effected so far...
> >
> >---
> >../jakarta-tomcat-5.0.27-src/jakarta-tomcat-
>
>catalina/catalina/src/share/org/apache/catalina/session/ManagerBase.jav
> a
> > 2004-06-17 22:11:20.0 -0300
> >+++
> >jakarta-tomcat-
>
>catalina/catalina/src/share/org/apache/catalina/session/ManagerBase.jav
> a
> >2004-08-30 14:23:43.0 -0300
> >@@ -194,10 +194,12 @@
> > try {
> > File f=new File( devRandomSource
> );
> > if( ! f.exists() ) return null;
> >-randomIS= new DataInputStream( new
> >FileInputStream(f));
> >+FileInputStream fin = new
> >FileInputStream(f);
> >+randomIS= new
> DataInputStream(fin);
> > randomIS.readLong();
> > if( log.isDebugEnabled() )
> > log.debug( "Opening " +
> >devRandomSource );
> >+fin.close();
> > return randomIS;
> > } catch (IOException ex){
> > return null;
> >@@ -505,10 +507,12 @@
> > devRandomSource=s;
> > File f=new File(
> devRandomSource
> >);
> > if( ! f.exists() ) return;
> >-randomIS= new DataInputStream(
> >new FileInputStream(f));
> >+FileInputStream fin = new
> >FileInputStream(f);
> >+randomIS= new
> >DataInputStream(fin);
> > randomIS.readLong();
> > if( log.isDebugEnabled() )
> > log.debug( "Opening " +
> >devRandomSource );
> >+   fin.close();
> > } catch( IOException ex ) {
> > randomIS=null;
> > }
> >
> >Any comment ?
> >Thanks for the attention
> >Renato - Brazil.
> >
> >
> >
> >
> >___
> >Do you Yahoo!?
> >Win 1 of 4,000 free domain names from Yahoo! Enter
> now.
> >http://promotions.yahoo.com/goldrush
> >
>
>-
> >To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> >For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 
> 
> 
> This e-mail, including any attachments, is a
> confidential business communication, and may contain
> information that is confidential, proprietary and/or
> privileged.  This e-mail is intended only for the
> individual(s) to whom it is addressed, and may not
> be saved, copied, printed, disclosed or used by
> anyone else.  If you are not the(an) intended
> recipient, please immediately delete this e-mail
> from your computer system and notify the sender. 
> Thank you.
> 
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 




__
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [VOTE] 4.1.26 stability rating

[Renato]

[ ] Alpha
[ ] Beta
[X] Stable

So far, it's running ok.

Renato

__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [VOTE] [4.1.24] Stability rating

[Renato]

I have a machine on production with this version already. Everything seems fine up to 
now.
 Remy Maucherat <[EMAIL PROTECTED]> wrote:
[ ] Alpha
[ ] Beta
[x] Stable (GA)


Remy


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!

accessClassInPackage.org.apache.catalina.realm permission

[Renato]

Hi all,

( sorry to post here... in users list nobody answered )

One of my users is asking for the following permission in his context

java.security.AccessControlException: access denied (java.lang.RuntimePermission 
accessClassInPackage.org.apache.catalina.realm) 

He is using the securityfilter.jar library

I'm using Tomcat 4.1.12 with SecurityManager. 

Is is safe to grant this permission ? 

Thanks
Renato




-
Do you Yahoo!?
HotJobs - Search new jobs daily now

Tomcat authenticating in JBoss ?

[Renato]

We have an application that must be run separately in two servers: the WebApp on 
Tomcat ( 4.1 ) and the J2EE App on JBoss. Each Webapp can access only the EJBs within 
a specific ear. In order to do this we are thinking in a way to "authenticate each 
webapp" in JBoss.

We are thinking of using JAASRealm as the entry point to JAAS layer. When the webapp 
is first invoked, it will call the JBoss ClientLoginModule, that 
will pass username and password to be authenticated in JBoss.

There are 2 major problems with this solution: first, JAASRealm is meant to 
authenticate and authorize users ( at least we think so... ) and it isn´t being used 
to do it, and second, the ClientLoginModule doesn´t return the expected subject to 
JAASRealm.

A solution would be write a LoginModule to Tomcat that do exactly the same thing as 
ClientLoginModule and create a subject to JAASRealm which will be
considered a succesfull authorization (i.e., cheat on JAASRealm).

Did anybody do this ? Is this approach correct ? 

Thanks !!

 



-
Yahoo! - We Remember
9-11: A tribute to the more than 3,000 lives lost

JAASRealm doc ?

[Renato]

Hi all,

We are trying to integrate Tomcat 4.1 and JBoss securely through JAASRealm, but I 
cannot find any doc about how to use it ? Could somebody that is more familiar with 
it, add some doc ?

Thanks

Renato.

 



-
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes

Problem with individual jars and Security Manager in TC4.1.10

[Renato]

Hi all,

I'm trying to upgrade a production installation running TC 4.0.4 to lastest 4.1.10. So 
far, so good ( still using Jasper 1 ), but I think there is a problem with the 
configuration of catalina.policy for individual jar files.

On catalina.policy it says to use:

grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar" {

But if I use like this I get:

java.security.policy: error adding Entry:
java.net.MalformedURLException: no !/ in spec


If I include "!/-" as it usually worked in TC 4.0.4 apparently it woks ok.

Anybody ? Glenn ?

Thanks

 

 

 



-
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes

[PATCH] Backporting bug in StandardSession.java to 4.0.x

[Renato]

 Hi,
A while ago [EMAIL PROTECTED] posted an obvious bug when recycling sessions. But this was 
for Tomcat 4.1.x and the bug is still in Tomcat 4.0.x. Here is the patch against 4.0.4:
*** StandardSession.java.orig   Sun Jun 23 00:06:43 2002
--- StandardSession.javaSun Jun 23 00:07:16 2002
***
*** 721,725 
  id = null;
  lastAccessedTime = 0L;
- manager = null;
  maxInactiveInterval = -1;
  notes.clear();
--- 721,724 
***
*** 732,735 
--- 731,736 
  ((ManagerBase) manager).recycle(this);
  
+ manager = null;
+ 
  }
  
Since 4.1.x is not even beta yet, isn't it wise to backport all the bug fixes to the 
4.0.x branch ?

Thanks

Renato.



-
Do You Yahoo!?
Sign-up for Video Highlights of 2002 FIFA World Cup

Re: [4.0.4] Binaries available

[Renato]

 Is there possibility the patch for bug #9715 could make it to 4.0.5-b1 ? I found it 
very very useful...
Thanks !
Renato - Brazil
  Remy Maucherat <[EMAIL PROTECTED]> wrote: The Tomcat 4.0.4 binaries are now available. 
Both the tester and 
Watchdog passed successfully on the build. It also includes very little 
changes over 4.0.4 Beta 3.

Please test for showstoppers or build errors. The welcome file for the 
main directory references the j-t-c build directory for native connector 
builds, so it would be nice if this was populated with builds for JK 1.2 
and Webapp. RPMs are also needed (thanks in advance Henri :)).

The official release announcement will happen early next week unless 
some major problem is found since then.

I would also like to apologize for the delays in making this release 
available.

Downloads for the proposed final build:
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/test/v4.0.4/

Remy


--
To unsubscribe, e-mail: 
For additional commands, e-mail: 



-
Do You Yahoo!?
Sign-up for Video Highlights of 2002 FIFA World Cup

Manager application working again in 4.0.4-B1. Please evaluate patch

[Renato]

Hi all,

Apparently the new piece of in StandardContext that releases the DirContext breaks the 
ManagerServlet since it's messes with docBase ( when it tries to start again, docBase 
in just relative not absolute ). The following patch moves super.stop() before the 
release of DirContext and add a setResources(DirContext) of what was left of 
DirContext ( I'm not sure f this part )

*** StandardContext.java.oldThu Mar 21 11:29:06 2002
--- StandardContext.javaThu Mar 21 11:43:53 2002
***
*** 3455,3458 
--- 3455,3463 
  }

+ // Normal container shutdown processing
+ if (debug >= 1)
+ log("Processing standard container shutdown");
+ super.stop();
+
  // Release our resources DirContext
  DirContext dirContext = getResources();
***
*** 3471,3479 
  }
  }
!
! // Normal container shutdown processing
! if (debug >= 1)
! log("Processing standard container shutdown");
! super.stop();

  // Unbinding thread
--- 3476,3480 
  }
  }
! setResources(dirContext);

      // Unbinding thread

Thanks

Renato - Brazil

 



-
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards®

Re: Manager application: diferences between 4.0.3 and 4.0.4-b1

[Renato]

More info. I was looking at both - 4.0.3 and 4.0.4-B1 - and I found out the following 
difference in the code:
- when calling webappclassloader, 'modified' method, it checks for the modified date 
of the jar/class by calling resources.getAttributes
- looking at the ProxyDirContext ( getAttributes method ), I found a difference. 
> 4.0.3: it does a cacheLookup and return an entry;
> 4.0.4-B1: it always returns a null. So it tries to open the File which doesn't 
exist because of the relative path that is used and says the resource is missing.
This change has something related to new code that releases DirContext in 
StandarContext ?
Thanks 
PS. How can I disable Webappclassloader from keep checking every minute for changes in 
my webapp ? ( it's messes up with debugging :)) ).
  Renato <[EMAIL PROTECTED]> wrote: 
Hi,

I have an application that uses the rowset.jar from Sun. When I use the manager 
application in Tomcat 4.0.3 it works ok. I'm able to stop and start the context that 
is using it. Although when I load this application on 4.0.4-B1 and try to stop the 
context I get the message:

WebappClassLoader: Resource '/WEB-INF/lib/rowset.jar' is missing


And when I start the context, it fails:

FAIL - Application at context path /examples could not be startedFAIL - Encountered 
exception java.lang.IllegalStateException: standardHost.start /examples: 
LifecycleException: Loader has already been started

I can test any patch. 

Thanks

Renato - Brazil.





-
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage


-
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage

Manager application: diferences between 4.0.3 and 4.0.4-b1

[Renato]

Hi,

I have an application that uses the rowset.jar from Sun. When I use the manager 
application in Tomcat 4.0.3 it works ok. I'm able to stop and start the context that 
is using it. Although when I load this application on 4.0.4-B1 and try to stop the 
context I get the message:

WebappClassLoader: Resource '/WEB-INF/lib/rowset.jar' is missing


And when I start the context, it fails:

FAIL - Application at context path /examples could not be startedFAIL - Encountered 
exception java.lang.IllegalStateException: standardHost.start /examples: 
LifecycleException:  Loader has already been started

I can test any patch. 

Thanks

Renato - Brazil.

 



-
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage

Re: [4.0.3] Beta 1 release

[Renato]

 I guess security issues have to be always a priority. I think we can live with 4.0.2a 
( there is a Tomcat 3.3a and I imagine people are used to it ) and a 4.0.3-B1.
  Remy Maucherat <[EMAIL PROTECTED]> wrote: Hi,

I'd like to propose to release Tomcat 4.0.3 Beta 1 at the end of this week
(03/01 seems an appropriate target). This release will include the fix for
the security issue publicized earlier today, as well as other fixes. I
personally don't think the issue is significant enough so that there's the
need for a full 4.0.2a release, or an emergency 4.0.3 release.

I will also make available a binary patch for 4.0.2 Final, which will fix
the vulnerability. Note: This has never been done in the past, so I'm not
convinced this is really a good idea. Security patches could be *the*
exception, and justify it.

Votes / comments ?

Remy


--
To unsubscribe, e-mail: 
For additional commands, e-mail: 



-
Do You Yahoo!?
Yahoo! Greetings - Send FREE e-cards for every occasion!

Re: [PROPOSAL] - Tocmat 4, implement new Catalina SecurityManager Policy class

[Renato Weiner]

It's a great proposal. Just one thing, Read/Write File permissions and the directory 
tree it applies will be included in the Servlet permission right ?
  Glenn Nielsen <[EMAIL PROTECTED]> wrote: Due to recent questions about the 
SecurityManager implementation in
Tomcat 4 I decided to post my proposal for overhauling how security
policies are managed in Tomcat 4. This is something I have wanted
to do for a while but has been sitting on the back burner as I have
been very busy with other work (non open source) related projects..

Regards,

Glenn

--
Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder |
MOREnet System Programming | * if iz ina coment. |
Missouri Research and Education Network | */ |
--[PROPOSAL] - 
Implement new Catalina SecurityManager Policy class

Overview


Currently all Java SecurityManager permissions are set using the
catalina.policy file using the default Sun PolicyFile class.
This works fine for setting security policies but makes use of
a policy with more restrictive permissions very painstaking to
configure. And makes it impossible for those responsible for
an individual web application to set their own security policies
unless they have access to the catalina.policy file.

Implementation Summary
==

Allow an alternate Policy class to be configured in conf/server.xml
so that the code which manages security policies is configurable.

Since the JVM bootstrap class loader is used for the JVM itself
and the JVM classpath class loader is used for bin/bootstrap.jar,
permissions for these CodeSources's would still need to be configured
in catalina.policy.

The replacement Policy class would be used to set permissions for
all classes loaded by internal catalina class loaders.

If no replacement Policy class is defined in server.xml the catalina.policy
would be the sole source of security policy permission grants.

Security Policy Management
==

Rather than use a CodeBase which is a valid file URL to a code source,
the CodeBase will be based on function with the following hierarchy.
Assigning permissions by function rather than codeBase should make
configuring the security policies easier. Once the code is implemented
so that policy can be managed by function, generation of the security
permissions required by catalina can be generated by the new admin web app.

Server Permissions Functional Hierarchy
---

The following are for configuring the permissions for the Catalina Server.

Server - Entire servlet container
Permissions applied to following jar files:

server/lib/catalina.jar

Server/Jasper - JSP Compiler and Runtime permissions
Permissions required here are also assigned to the Server.
Permissions applied to following jar files:

shared/lib/jasper-compiler.jar
shared/lib/jasper-runtime.jar
server/webapps/admin/WEB-INF/lib/jasper-compiler.jar
server/webapps/admin/WEB-INF/lib/jasper-runtime.jar
server/webapps/manager/WEB-INF/lib/jasper-compiler.jar
server/webapps/manager/WEB-INF/lib/jasper-runtime.jar

Server/Servlet
Permissions assigned here are assigned to
the Server and the following jar files:

common/lib/servlet.jar
server/lib/servlets-invoker.jar

Server/Servlet/CGI - Permissions granted for CGI Servlet
Permissions assigned here are assigned to
the Server, Server/Servlet, and servlets-cgi.jar.

Server/Servlet/SSI - Permissions granted for SSI Servlet
Permissions assigned here are assigned to
the Server, Server/Servlet, and servlets-ssi.jar.

Server/Servlet/Webdav - Permissions granted to webdav servlet
Permissions assigned here are assigned to
the Server, Server/Servlet, and servlets-webdav.jar.

Server/Servlet/Manager - Permissions granted to manager servlet
Permissions assigned here are assigned to
the Server, Server/Servlet, and servlets-manager.jar.

Server/Database - Permissions for db connectivity
Permissions assigned here are also assigned to
the Server and Server/Jasper.
Permissions applied to following jar files:

common/lib/{tryex}.jar
common/lib/{jdbc driver}.jar
server/lib/commons-dbcp.jar

Q. Since both tyrex and commons-dbcp fulfill the same
function, can't the jar file for tyrex be moved to
server/lib?

Server/Mail - Permissions for sending/getting email
Permissions assigned here are also assigned to
the Server and Server/Jasper.

Maximum and Default permissions for web applications


The following set the maximum and default permissions for web
applications scope globally, by host, or a single webapp.

Server/Max - Maximum allowed permissions for all webapps
Permissions for Server/Max are assigned to servlet.jar
Server/Default - Default permissions granted to all webapps
Server/Host/Max - Maximum allowed permissions to all webapps for this host
Server/Host/Default - Default permission

Re: DO NOT REPLY [Bug 6660] - Catalina with SecurityManager is possibly broken.

[Renato Weiner]

 If you can point me out where in Catalina code I could take a look, I'll appreciate. 
Also if you need a beta-tester for your application, you count on me.
Thanks !
  Glenn Nielsen <[EMAIL PROTECTED]> wrote: I also administer Tomcat for web 
hosting purposes and am aware of
the problems configuring per web application policies. I have
been working on a redesign of the SecurityManager implementation in
Tomcat 4 which will make administration of these policies easier
yet still allow very strict policy settings. I don't know when
this will be ready.

Glenn

[EMAIL PROTECTED] wrote:
> 
> DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
> RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
> .
> ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
> INSERTED IN THE BUG DATABASE.
> 
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6660
> 
> Catalina with SecurityManager is possibly broken.
> 
> [EMAIL PROTECTED] changed:
> 
> What |Removed |Added
> 
> Status|REOPENED |RESOLVED
> Resolution| |WONTFIX
> 
> --- Additional Comments From [EMAIL PROTECTED] 2002-02-25 20:19 ---
> Sorry, my mistake, the URL specified for the codebase probably has to be a valid
> URL.
> I'm afraid this can't be fixed, then.
> 
> --
> To unsubscribe, e-mail: 
> For additional commands, e-mail: 

-- 
--
Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder |
MOREnet System Programming | * if iz ina coment. |
Missouri Research and Education Network | */ |
--

--
To unsubscribe, e-mail: 
For additional commands, e-mail: 



-
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games

Re: DO NOT REPLY [Bug 6660] - Catalina with SecurityManager is possibly broken.

[Renato Weiner]

Hi Remy,
Doing: grant codeBase "jar:file:{path-to-webapp}/WEB-INF/lib/WriteFile.jar!/-" {  
worked fine
Doing: grant codeBase "jar:file:{path-to-webapp}/WEB-INF/lib/-" {  did not worked.
(even tried:  grant codeBase "jar:file:{path-to-webapp}/WEB-INF/lib/-!/-" {  did not 
worked. )
I'm reopening the bug report because if we can't grant permissions on all jars files 
on the /lib it will a maintanance hell for wenhosting...
Thanks for the patience !
Renato.
  Remy Maucherat <[EMAIL PROTECTED]> wrote: > What if I want my users to put any *.jar 
files on /lib ( which will be
> controled by the policy anyway... ) ? Do I need to configure each of them
on
> catalina.policy and then restart Tomcat ? ( this is not good... :(( ).

> grant codeBase "jar:file:{path-to-webapp}/WEB-INF/lib/WriteFile.jar!/-" {

Doing: 'grant codeBase "jar:file:{path-to-webapp}/WEB-INF/lib/-"' should get
the job done.

Remy


--
To unsubscribe, e-mail: 
For additional commands, e-mail: 



-
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games

Re: DO NOT REPLY [Bug 6660] - Catalina with SecurityManager is possibly broken.

[Renato Weiner]

 What if I want my users to put any *.jar files on /lib ( which will be controled by 
the policy anyway... )  ? Do I need to configure each of them on catalina.policy and 
then restart Tomcat ? ( this is not good... :(( ).
  [EMAIL PROTECTED] wrote: DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6660

Catalina with SecurityManager is possibly broken.

[EMAIL PROTECTED] changed:

What |Removed |Added

Status|NEW |RESOLVED
Resolution| |WORKSFORME



--- Additional Comments From [EMAIL PROTECTED] 2002-02-25 18:36 ---
The implementation of the Java SecurityManager is significantly different
between Tomcat 3.2/3.3 and Tomcat 4. The Tomcat 4 version implements much
finer control over granting permissions in the policy file. Even down to
granting permisions to individual classes within a jar.

jar's in /WEB-INF/lib have a completely different codeBase than classes in
/WEB-INF/classes.

To fix your problem add the following grant to your catalina.policy

grant codeBase "jar:file:{path-to-webapp}/WEB-INF/lib/WriteFile.jar!/-" {
permission java.io.FilePermission "/home/client/-", "read,write,delete";
permission java.util.PropertyPermission "*", "read";
};

--
To unsubscribe, e-mail: 
For additional commands, e-mail: 



-
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games

Catalina with SecurityManager is possibly broken.

[Renato Weiner]

Hi all,

I found what I suppose to be a serious bug for whomever relays on running Catalina 
with a
Security Manager. It's not a vulnerability but it has the potencial to break several 
applications
like O'reilly's cos.jar ( upload ) and JSSE.

Description: security manager rules are not applied correctly to classes on /lib 
directory

Here are the steps to reproduce:

Create 2 classes:



import java.io.*;

public class WriteFile {

  public void write() throws IOException {

 FileWriter fw = new FileWriter("/home/client/write_area/test.txt");
 PrintWriter pw = new PrintWriter(fw);

 pw.println("Testing security manager...");
 pw.close();
 fw.close();
  }
}



( create a jar:  jar -cvf WriteFile.jar WriteFile.class )



import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import WriteFile;

public class SecManagerTest extends HttpServlet {

  public void doGet(HttpServletRequest req, HttpServletResponse res) throws 
ServletException, IOException {

  res.setContentType("text/html");
  PrintWriter out = res.getWriter();
  WriteFile wf = new WriteFile();
  wf.write();

  out.println("");
  out.println("");
  out.println("Security Manager works!!");
  out.println("");
  out.println("");
  }
}



Insert these lines after the catalina.policy file

grant codeBase "file:/home/client/-" {
permission java.io.FilePermission "/home/client/-", "read,write,delete";
permission java.util.PropertyPermission "*", "read";
};

Start catalina with:

./catalina.sh start -security 

* NOW THE TESTS 

First test. Put WriteFile.class and SecManagerTest.class on /WEB-INF/classes

Try to execute the servlet. It works !!!

Second test. Put WriteFile.jar on /WEB-INF/lib ( and remove WriteFile.class from 
/classes ! ). 
Restart Catalina. Try to access the servlet:

java.security.AccessControlException: access denied (java.io.FilePermission 
/home/client/write_area/teste.txt write)
 at java.security.AccessControlContext.checkPermission(AccessControlContext.java:272)
 at java.security.AccessController.checkPermission(AccessController.java:399)
 at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
 at java.lang.SecurityManager.checkWrite(SecurityManager.java:978)
 at java.io.FileOutputStream.(FileOutputStream.java:96)
 at java.io.FileOutputStream.(FileOutputStream.java:62)
 at java.io.FileWriter.(FileWriter.java:38)
 at WriteFile.write(WriteFile.java:7)
 at SecManagerTest.doGet(SecManagerTest.java:13)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
(...)


In Tomcat 3.3 beta 1, it works perfectly. 

There is definitely something wrong with the Security Manager in Catalina. 

Webhosting companies ans users that depends on the security manager cannot fully use 
Catalina ( again, everything works pretty well with Tomcat 3.3 ). 

If you want me to test some patches let me know !!

Renato - Brazil



-
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games

Re: DO NOT REPLY [Bug 6598] - The Implicate mapping of TLDs in packaged libraries no longer works

[Renato Weiner]

 Pardon me... Where should we create the temp directory ? 
  [EMAIL PROTECTED] wrote: DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6598

The Implicate mapping of TLDs in packaged libraries no longer works

[EMAIL PROTECTED] changed:

What |Removed |Added

Status|NEW |RESOLVED
Resolution| |DUPLICATE



--- Additional Comments From [EMAIL PROTECTED] 2002-02-20 22:57 ---
This is a known issue. Just create a 'temp' subdirectory, and the issue should
go away.

*** This bug has been marked as a duplicate of 6400 ***

--
To unsubscribe, e-mail: 
For additional commands, e-mail: 



-
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games

MBeans dev

[Renato]

Hi all,

I've seen a lot of development regarding MBean lately and I'm a little lost 
about what are the new functionality that Catalina will have. Could 
somebody explain what MBean are ( and for what they are useful ) or give 
some directives, where I can read about ? ( I know there is plenty of 
material about Message Beans in J2EE but I imagine these MBeans for Tomcat 
are somehow different, aren't they ? )

Thanks for the patience
Renato.

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Strange Tomcat 3.3 error

[Renato]

Hi all,

Sometimes, when I start my Tomcat 3.3 + Apache ( nightly build 0 I have the 
following error:

.
/web.xml - java.net.NoRouteToHostException: Connection timed out
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:329)
at java.net.PlainSocketImpl.connectToAddress
(PlainSocketImpl.java:141)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:128)
at java.net.Socket.(Socket.java:285)
at java.net.Socket.(Socket.java:112)
at sun.net.NetworkClient.doConnect(NetworkClient.java:56)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:347)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:534)
at sun.net.www.http.HttpClient.(HttpClient.java:282)
at sun.net.www.http.HttpClient.(HttpClient.java:292)
at sun.net.www.http.HttpClient.New(HttpClient.java:304)
at sun.net.www.protocol.http.HttpURLConnection.connect
(HttpURLConnection.java:393)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream
(HttpURLConnection.java:487)
at java.net.HttpURLConnection.getResponseCode
(HttpURLConnection.java:221)
at org.apache.crimson.parser.Resolver.createInputSource
(Resolver.java:287)
at org.apache.crimson.parser.ExternalEntity.getInputSource
(ExternalEntity.java:92)
at org.apache.crimson.parser.Parser2.pushReader(Parser2.java:3133)
at org.apache.crimson.parser.Parser2.externalParameterEntity
(Parser2.java(Compiled Code))
at org.apache.crimson.parser.Parser2.maybeDoctypeDecl
(Parser2.java:1167)
at org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:489)
at org.apache.crimson.parser.Parser2.parse(Parser2.java:305)
at org.apache.crimson.parser.XMLReaderImpl.parse
(XMLReaderImpl.java:442)
at org.xml.sax.helpers.XMLReaderAdapter.parse
(XMLReaderAdapter.java:223)
at org.apache.tomcat.util.xml.XmlMapper.readXml(Unknown Source)
   at org.apache.tomcat.facade.WebXmlReader.processWebXmlFile(Unknown 
Source)
at org.apache.tomcat.facade.WebXmlReader.contextInit(Unknown Source)
at org.apache.tomcat.core.Context.init(Unknown Source)
at org.apache.tomcat.core.ContextManager.init(Unknown Source)
at org.apache.tomcat.startup.EmbededTomcat.initContextManager
(Unknown Source)
at org.apache.tomcat.startup.EmbededTomcat.execute1(Unknown Source)
at org.apache.tomcat.startup.EmbededTomcat$1.run(Unknown Source)
at org.apache.tomcat.util.compat.Jdk12Support$PrivilegedProxy.run
(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.tomcat.util.compat.Jdk12Support.doPrivileged(Unknown 
Source)
at org.apache.tomcat.startup.EmbededTomcat.execute(Unknown Source)
at java.lang.reflect.Method.invoke(Native Method)
at org.apache.tomcat.util.IntrospectionUtils.execute(Unknown Source)
at org.apache.tomcat.startup.Main.execute(Unknown Source)
at org.apache.tomcat.startup.Main.main(Unknown Source)

It works fine, but it take ages to start. What can this be ?

Thanks
Renato - Brazil

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Tomcat 4 step back ?

[Renato]

Hi all,

Recently I went through a migration process from Tomcat 3.2 to Tomcat 4.0 
trying 3.3. I've seen a huge difference in the number of threads started in 
each implementation when someone have a lot of Virtual Hosts defined.

( the following situation is right after starting Tomcat with mod_jk )

Tomcat 3.2 is almost 1 Thread for each Virtual Host. If you have 500 
virtual host you will 500 threads started. 

Tomcat 3.3 is much better. You will have no more than 100 threads.

Tomcat 4.0 scares me. I have a machine with just 40 Virtual Host and there 
are already more than 80 threads started.

So far Tomcat 3.3 connection model looks like better in terms of threads.

Anybody could explain this to me ? 

Thanks

--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Fwd: Re: Tomcat 4.0.2-b2 + JSSE + Security Manager

[Renato]

Hi Glenn, 

Thanks for the advice. My last try was to leave security manager with just 
these lines:

grant {
permission java.security.AllPermission;
};

( which I premuse is the same as running without a security manager ) and 
it didn't work. 

I opened a bug report because I don't think I'm able to do something 
further.

Thanks for the help !
Renato - Brazil



On Wed, 23 Jan 2002 20:17:49 -0600, Glenn Nielsen 
<[EMAIL PROTECTED]> escreveu :

> Oh, one more thing you can try.  Configure the following permission
> in your catalina.policy.
> 
> 
>   permission 
java.security.SecurityPermission "getProperty.cert.provider.x509v1";
> 
> Regards,
> 
> Glenn
> 
> Renato wrote:
> > 
> > This is the last message I got, besides the usual already reported.
> > 
> > default context init failed: java.security.PrivilegedActionException
> > <>
> > 
> > Looking at the docs, it looks like it couldn't find the JSSE libraries. 
I
> > even forced the jsse.jar, jcert.jar and jnet.jar on the global classpath
> > when starting Catalina but I still can't use Security Manager and JSSE 
at
> > the same time.
> > 
> > Anything else I could do ?
> > 
> > On Tue, 22 Jan 2002 13:58:17 -0600, Glenn Nielsen
> > <[EMAIL PROTECTED]> escreveu :
> > 
> > > Try starting tomcat 4 with -security and the following properties 
defined:
> > >
> > > -Djava.security.debug=access,failure -Djava.net.debug=ssl
> > >
> > > That should generate alot of debug data to help you track down the 
source
> > > of the problem.
> > >
> > > Regards,
> > >
> > > Glenn
> > >
> > > Renato wrote:
> > >
> > > > Hi all,
> > > >
> > > > I'm installing Tomcat 4.0.2B2. Everything is fine except for the
> > following:
> > > >
> > > > - I try to run a servlet that uses JSSE. If I start Catalina without
> > the '-
> > > > security' it works fine, if I start with the '-security' it 
generates
> > the
> > > > error:
> > > >
> > > > java.net.SocketException: SSL implementation not available
> > > > (...)
> > > >
> > > > The JSSE libraries are on ${java.home}/jre/lib/ext and this path has
> > > > permission to all.
> > > >
> > > > I also tried on Tomcat 3.3 and the servlet works with or without the
> > > > security manager.
> > > >
> > > > Any hint ?
> > > >
> > > > Thanks
> > > > Renato - Brazil
> > > >
> > > > --
> > > > To unsubscribe, e-mail:   <mailto:tomcat-dev-
> > [EMAIL PROTECTED]>
> > > > For additional commands, e-mail: <mailto:tomcat-dev-
> > [EMAIL PROTECTED]>
> > > >
> > >
> > >
> > >
> > > --
> > > --
> > > Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder|
> > > MOREnet System Programming   |  * if iz ina coment.  |
> > > Missouri Research and Education Network  |  */   |
> > > --
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:   <mailto:tomcat-dev-
> > [EMAIL PROTECTED]>
> > > For additional commands, e-mail: <mailto:tomcat-dev-
> > [EMAIL PROTECTED]>
> > >
> > >
> > >
> > >
> > 
> > --
> > To unsubscribe, e-mail:   <mailto:tomcat-dev-
[EMAIL PROTECTED]>
> > For additional commands, e-mail: <mailto:tomcat-dev-
[EMAIL PROTECTED]>
> 
> -- 
> --
> Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder|
> MOREnet System Programming   |  * if iz ina coment.  |
> Missouri Research and Education Network  |  */   |
> --
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-dev-
[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:tomcat-dev-
[EMAIL PROTECTED]>
> 
> 
> 
> 

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Interceptor in Tomcat 4.0 ???

[Renato]

Hi all,

I have an Interceptor I wrote for Tomcat 3.3 and I want to migrate to 
Catalina. I think the concept know is a Valve, right ? Is there a guideline 
how to migrate an interceptor ?

Thanks
Renato - Brazil.

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Tomcat 4.0.2-b2 + JSSE + Security Manager

[Renato]

Hi all,

I'm installing Tomcat 4.0.2B2. Everything is fine except for the following:

- I try to run a servlet that uses JSSE. If I start Catalina without the '-
security' it works fine, if I start with the '-security' it generates the 
error: 

java.net.SocketException: SSL implementation not available
(...)

The JSSE libraries are on ${java.home}/jre/lib/ext and this path has 
permission to all.

I also tried on Tomcat 3.3 and the servlet works with or without the 
security manager.

Any hint ?

Thanks
Renato - Brazil

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Difference in the Request class between Tomcat 3.2 and Tomcat 3.3

[Renato]

Just found it... they change names... ( silly me :)) )

On Wed Dec 19 11:54:57 2001, "Renato" <[EMAIL PROTECTED]> 
escreveu :

> Hi all,
> 
> What happened to methods getRemoteAddr, getServerName, getServletPath in 
> the Request class for Tomcat 3.3 ? 
> 
> I had an Interceptor written for Tomcat 3.2 that uses these methods 
within 
> the Request. How can I access internal servlet information from Request 
int 
> Tomcat 3.3 ?
> 
> Thanks again
> Renato - Brazil.
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-dev-
[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:tomcat-dev-
[EMAIL PROTECTED]>
> 
> 
> 
> 

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Difference in the Request class between Tomcat 3.2 and Tomcat 3.3

[Renato]

Hi all,

What happened to methods getRemoteAddr, getServerName, getServletPath in 
the Request class for Tomcat 3.3 ? 

I had an Interceptor written for Tomcat 3.2 that uses these methods within 
the Request. How can I access internal servlet information from Request int 
Tomcat 3.3 ?

Thanks again
Renato - Brazil.

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util J avaGeneratorTool.java

[Renato]

Is Tomcat 3.3 affected by this ?


On Wed, 19 Dec 2001 08:10:52 -0500, Larry Isaacs <[EMAIL PROTECTED]> 
escreveu :

> I can't get code involving index and length right without
> a lot of trial and error.  Fortunately the internal test
> revealed this one.
> 
> Larry
> 
> > -Original Message-
> > From: Bill Barker [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, December 19, 2001 1:09 AM
> > To: Tomcat Developers List
> > Subject: Re: cvs commit: 
> > jakarta-tomcat/src/share/org/apache/tomcat/util
> > JavaGeneratorTool.java
> > 
> > 
> > Oh, well, I guess I had to screw up eventually :-(
> > 
> > Thanks for cleaning up my mess.
> > - Original Message -
> > From: <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, December 18, 2001 6:39 PM
> > Subject: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util
> > JavaGeneratorTool.java
> > 
> > 
> > > larryi  01/12/18 18:39:39
> > >
> > >   Modified:src/share/org/apache/tomcat/util 
> > JavaGeneratorTool.java
> > >   Log:
> > >   Fix IndexOutOfBoundsException
> > >
> > >   Revision  ChangesPath
> > >   1.5   +1 -1
> > jakarta-tomcat/src/share/org/apache/tomcat/util/JavaGeneratorTool.java
> > >
> > >   Index: JavaGeneratorTool.java
> > >   
> > ===
> > >   RCS file:
> > /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/Java
> > GeneratorTool.
> > java,v
> > >   retrieving revision 1.4
> > >   retrieving revision 1.5
> > >   diff -u -r1.4 -r1.5
> > >   --- JavaGeneratorTool.java 2001/12/14 03:55:11 1.4
> > >   +++ JavaGeneratorTool.java 2001/12/19 02:39:39 1.5
> > >   @@ -78,7 +78,7 @@
> > >continue;
> > >}
> > >
> > >   - if( (s.length()>=endIdx) && s.charAt( endIdx ) != '/' ) {
> > >   + if( (s.length()>endIdx) && s.charAt( endIdx ) != '/' ) {
> > >index = s.indexOf(keywords[i],index+3);
> > >continue;
> > >}
> > >
> > >
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> > 
> > > For additional commands, e-mail:
> > 
> > >
> > 
> > 
> > --
> > To unsubscribe, e-mail:   
> > 
> > For additional commands, e-mail: 
> > 
> > 
> 
> --
> To unsubscribe, e-mail:   
> For additional commands, e-mail: 
> 
> 
> 
> 

--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Tomcat 3.3 deployment - last minute problem

[Renato]

Hi Bill,

Thanks for the help. 

I found out the problem. It was jikes. I was using jikes in the 
JspInterceptor and somewhat it wasn't working. 

Now, I will upgrade all my user base to Tomcat 3.3 :))

Renato.


On Tue, 18 Dec 2001 14:29:24 -0800, "Bill Barker" <[EMAIL PROTECTED]> 
escreveu :

> The only thing that I can think of is that your javac doesn't support
> the -encoding switch.  Is it possible that you have an old copy of 
tools.jar
> somewhere?  Jasper writes out the .java file in UTF8 encoding, which is 
then
> passed to javac to compile to a .class.  If javac is trying to read the
> .java file as iso-latin-1, then you'd see something like you're reporting.
> You might try using Jikes.
> 
> Tomcat's JspWriter doesn't do any encoding.  It just (eventually) passes 
the
> chars to the result of calling response.getWriter.  This means that the
> encoding should the same as for a servlet (which you've reported does 
work).
> 
> I can't personally reproduce your problem on either Windows or Solaris, 
so I
> don't know how much more help I can be.  The main files involved are
> src/facade22/org/apache/tomcat/facade/JspInterceptor.java and
> src/share/org/apache/jasper/compiler/Compiler.java, if you want to dig
> through the code.
> - Original Message -
> From: "Renato" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Tuesday, December 18, 2001 6:27 PM
> Subject: Re: Tomcat 3.3 deployment - last minute problem
> 
> 
> > Hi all,
> >
> > I'm investigating this problem and may found something. The html that is
> > pushed to my browser is definitely pure Unicode ( UTF8 ), so somehow the
> > HTML bytes are not been properly translated to chars. Where can I look 
in
> > the code to make some tests ?
> >
> > Thanks
> > Renato.
> >
> > > Reply-to: "Tomcat Developers List"
> > > From: "Renato"
> > > Date: Fri Dec 14 15:19:28 2001
> > > To: "Tomcat Developers List" ,
> > > Tomcat Developers List ,
> > > ,
> > > Subject: Re: Tomcat 3.3 deployment - last minute problem
> > >
> > > Hi,
> > >
> > > This is what I'm using:
> > >
> > >
> > >
> > > I saw the servlet generated in the work directory and it actually 
write
> > the
> > > response.setContentType("text/html;charset=ISO-8859-1")
> > >
> > > ( default type in server.xml is set to ISO-8859-1 too )
> > >
> > > How can I know the charset of Linux ? ( I'll STW of course.. :)) )
> > >
> > > Thanks for the promptness !
> > >
> > > On Fri, 14 Dec 2001 08:48:31 -0800 (PST), escreveu :
> > >
> > > > On Fri, 14 Dec 2001, Renato wrote:
> > > >
> > > > > *** HTML pages with latin characters don't display correctly on
> Linux
> > > ***
> > > > >
> > > > > ( JSP file with: )
> > > > > Ex:
> > > áéíóú
> > >
> > > > >
> > > > > It's maybe a problem with the locale variables on my Linux, which 
I
> > > don't
> > > > > quite understand ( tried LC_ALL, LANG, LC_CTYPE and it didn't 
work )
> > or
> > > > > Tomcat itself.
> > > >
> > > > Do you set the charset in the page
> > > > setContentType("text/html;charset=8859-??") or the jsp equivalent ?
> > > >
> > > > What charset do you use to write the page ? ( i.e. UTF or 8859-
?? ) ?
> > > >
> > > > There are few variables:
> > > > - Java default charset ( which is typically the same as the OS
> charset).
> > > > This is what jasper uses to read the page from disk. The page is
> > converted
> > > > to UTF by the reader. ( you can override the charset used on each
> page,
> > > > don't remember the directive )
> > > >
> > > > - output charset. This is specified in setContentType() or
> > setCharEncoding
> > > > on the response, and is used to convert from UTF to the target
> charset.
> > > >
> > > >
> > > > Costin
> > > >
> >
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> >
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-dev-
[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:tomcat-dev-
[EMAIL PROTECTED]>
> 
> 
> 
> 

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Tomcat 3.3 deployment - last minute problem

[Renato]

Hi all,

I'm investigating this problem and may found something. The html that is 
pushed to my browser is definitely pure Unicode ( UTF8 ), so somehow the 
HTML bytes are not been properly translated to chars. Where can I look in 
the code to make some tests ?

Thanks
Renato.

> Reply-to: "Tomcat Developers List" 
> From: "Renato" 
> Date: Fri Dec 14 15:19:28 2001
> To: "Tomcat Developers List" ,
> Tomcat Developers List ,
> , 
> Subject: Re: Tomcat 3.3 deployment - last minute problem
> 
> Hi,
> 
> This is what I'm using:
> 
> 
> 
> I saw the servlet generated in the work directory and it actually write 
the 
> response.setContentType("text/html;charset=ISO-8859-1") 
> 
> ( default type in server.xml is set to ISO-8859-1 too )
> 
> How can I know the charset of Linux ? ( I'll STW of course.. :)) )
> 
> Thanks for the promptness !
> 
> On Fri, 14 Dec 2001 08:48:31 -0800 (PST), escreveu :
> 
> > On Fri, 14 Dec 2001, Renato wrote:
> > 
> > > *** HTML pages with latin characters don't display correctly on Linux 
> ***
> > >
> > > ( JSP file with: )
> > > Ex: 
> áéíóú
> 
> > >
> > > It's maybe a problem with the locale variables on my Linux, which I 
> don't
> > > quite understand ( tried LC_ALL, LANG, LC_CTYPE and it didn't work ) 
or
> > > Tomcat itself.
> > 
> > Do you set the charset in the page
> > setContentType("text/html;charset=8859-??") or the jsp equivalent ?
> > 
> > What charset do you use to write the page ? ( i.e. UTF or 8859-?? ) ?
> > 
> > There are few variables:
> > - Java default charset ( which is typically the same as the OS charset).
> > This is what jasper uses to read the page from disk. The page is 
converted
> > to UTF by the reader. ( you can override the charset used on each page,
> > don't remember the directive )
> > 
> > - output charset. This is specified in setContentType() or 
setCharEncoding
> > on the response, and is used to convert from UTF to the target charset.
> > 
> > 
> > Costin
> > 


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Tomcat 3.3 deployment - last minute problem

[Renato]

Hi,

This is what I'm using:

<%@ page contentType="text/html; charset=ISO-8859-1" %>

I saw the servlet generated in the work directory and it actually write the 
response.setContentType("text/html;charset=ISO-8859-1") 

( default type in server.xml is set to ISO-8859-1 too )

How can I know the charset of Linux ? ( I'll STW of course.. :)) )

Thanks for the promptness !

On Fri, 14 Dec 2001 08:48:31 -0800 (PST), <[EMAIL PROTECTED]> escreveu :

> On Fri, 14 Dec 2001, Renato wrote:
> 
> > *** HTML pages with latin characters don't display correctly on Linux 
***
> >
> > ( JSP file with: )
> > Ex:   áéíóú
> >
> > It's maybe a problem with the locale variables on my Linux, which I 
don't
> > quite understand ( tried LC_ALL, LANG, LC_CTYPE and it didn't work ) or
> > Tomcat itself.
> 
> Do you set the charset in the page
> setContentType("text/html;charset=8859-??") or the jsp equivalent ?
> 
> What charset do you use to write the page ? ( i.e. UTF or 8859-?? ) ?
> 
> There are few variables:
> - Java default charset ( which is typically the same as the OS charset).
> This is what jasper uses to read the page from disk. The page is converted
> to UTF by the reader. ( you can override the charset used on each page,
> don't remember the directive  )
> 
> - output charset. This is specified in setContentType() or setCharEncoding
> on the response, and is used to convert from UTF to the target charset.
> 
> 
> Costin
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-dev-
[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:tomcat-dev-
[EMAIL PROTECTED]>
> 
> 
> 
> 

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Tomcat 3.3 deployment - last minute problem

[Renato]

Hi all,

I have one last problem that prevents me from upgrading a big user base 
from Tomcat 3.2.4 to Tomcat 3.3 ( which will be the last nightly build ).

*** HTML pages with latin characters don't display correctly on Linux ***

( JSP file with: )
Ex:   áéíóú

I'm not quite sure if it's a bug or no. Here are some different scenarios 
and what happens:

- in Tomcat 3.2.4 it works ( someone told me 3.2.x charset is broken 
anyway )
- in Tomcat 3.3 installed on Window it works.
- in Tomcat 3.3 installed on Linux ( Red Hat 7.2, tested with IBM, Sun, 
JRockit JVM ) it doesn't work.

It's maybe a problem with the locale variables on my Linux, which I don't 
quite understand ( tried LC_ALL, LANG, LC_CTYPE and it didn't work ) or 
Tomcat itself. 

Any hints ? 

Thanks
Renato - Brazil

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Tomcat 3.3 and JSP/HTML pages with accents

[Renato]

Hi all,

I'm trying to upgrade from Tomcat 3.2 to Tomcat 3.3 and I have some jsp 
pages that have caracteres with accents. With tomcat 3.3 it 
outputs 'garbage' to the browser.

Example: 

...

I have accents - áéíóú âêîôû

...


What am I missing ?

Thanks.





--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Connection reset by peer

[Renato]

It looks that this error however is happening at the connector pool level. 
I see other 'connection reset by peer' errors but they have different 
stacks. This one looks more critical. It might also a bug in the JVM.


> Hello,
> 
> I had the same problem with tomcat in windows environment. Its just that
> when ever your connection between Tomcat and its client (mostly a web
> browser) breaks (may be due to pressing stop button in the browser or due 
to
> any other reason) it throws exception. And the exception stack trace was
> printed on the console. So nothing to worry about this.
> 
> I am not too sure, but I guess your tomcat didn't hang due to this reason.
> There must be some other problem with your environment as well.
> 
> Regards,
> Ali.
> - Original Message -
> From: "Renato" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Monday, December 10, 2001 5:26 PM
> Subject: Connection reset by peer
> 
> 
> > Hi all,
> >
> > I was looking through tomcat's log ( tomcat 3.2.4 + mod_jk under Red Hat
> > 7.2 + Sun JVM 1.3.1_01 ) and I saw a lot of messages like this:
> >
> > java.net.SocketException: Connection reset by peer: Connection reset by
> peer
> > at java.net.SocketInputStream.socketRead(Native Method)
> > at java.net.SocketInputStream.read(SocketInputStream.java:86)
> > at org.apache.tomcat.service.connector.TcpConnector.receiveFully
> > (TcpConnector.java:150)
> > at org.apache.tomcat.service.connector.TcpConnector.receive
> > (TcpConnector.java:121)
> > at
> >
> 
org.apache.tomcat.service.connector.Ajp13ConnectionHandler.processConnection
> > (Ajp13ConnectionHandler.ja
> > va:146)
> > at org.apache.tomcat.service.TcpWorkerThread.runIt
> > (PoolTcpEndpoint.java:416)
> > at org.apache.tomcat.util.ThreadPool$ControlRunnable.run
> > (ThreadPool.java:501)
> > at java.lang.Thread.run(Thread.java:484)
> >
> > After a while Tomcat starts failing to respond till it hangs completely.
> >
> > I've seen Sun's JVM release and already set up the 'work around'
> parameters
> > for Linux.
> >
> > Any other hint ?
> >
> > Thanks
> > Renato.
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-dev-
[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:tomcat-dev-
[EMAIL PROTECTED]>
> 
> 
> 
> 

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Connection reset by peer

[Renato]

Hi all,

I was looking through tomcat's log ( tomcat 3.2.4 + mod_jk under Red Hat 
7.2 + Sun JVM 1.3.1_01 ) and I saw a lot of messages like this:

java.net.SocketException: Connection reset by peer: Connection reset by peer
at java.net.SocketInputStream.socketRead(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:86)
at org.apache.tomcat.service.connector.TcpConnector.receiveFully
(TcpConnector.java:150)
at org.apache.tomcat.service.connector.TcpConnector.receive
(TcpConnector.java:121)
at 
org.apache.tomcat.service.connector.Ajp13ConnectionHandler.processConnection
(Ajp13ConnectionHandler.ja
va:146)
at org.apache.tomcat.service.TcpWorkerThread.runIt
(PoolTcpEndpoint.java:416)
at org.apache.tomcat.util.ThreadPool$ControlRunnable.run
(ThreadPool.java:501)
at java.lang.Thread.run(Thread.java:484)

After a while Tomcat starts failing to respond till it hangs completely.

I've seen Sun's JVM release and already set up the 'work around' parameters 
for Linux.

Any other hint ?

Thanks
Renato.

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Directory listing vulnerability in Tomcat 3.2

[Renato]

I just downloaded and installed Tomcat 3.2.4 and the problem in on this 
version too.

I think that if you a 404 error page defined, this problem doesn't happen.

Anyway, I think it's a vulnerability.

On Mon Dec  3 11:16:34 2001, "Renato" <[EMAIL PROTECTED]> 
escreveu :

> Hi all,
> 
> Recently I saw in the vuln-dev list a directory
> listing vulnerability in Tomcat 3.2.3. It's simple,
> just call the URL:
> 
> http://yousite/%3f.jsp
> 
> Is it fixed in Tomcat 3.2.4 ?
> 
> Thanks
> 
> 
> 
> --
> To unsubscribe:   <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>
> 
> 
> 
> 

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: [PATCH] SimplePool.java

[Renato Weiner]

What about Tomcat 3.2.3 ? There are the same lines of
code...


--- "Schreibman, David" <[EMAIL PROTECTED]>
wrote:
> Here's a simple tweak that clears out references to
> objects that are removed
> from the pool.  The current code can delay garbage
> collection for objects
> that are removed from the pool but not returned.
> 
> The diff is against 3.3-rc1
> 
> -David
> 
> > --- SimplePool.java.origThu Oct  4 10:14:51 2001
> +++ SimplePool.java   Thu Oct  4 10:54:08 2001
> @@ -132,6 +132,7 @@
>   synchronized( lock ) {
>   if( current >= 0 ) {
>   item = pool[current];
> + pool[current] = null;
>   current -= 1;
>   }
>   if( debug > 0 ) 
> 


__
Do You Yahoo!?
NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1

JAXP 1.1 and Tomcat 3.2.3

[Renato Weiner]

Hi all,

I'm trying to build Tomcat 3.2.3 with JAXP 1.1 and I
have this error:

Buildfile: build.xml

BUILD FAILED

javax.xml.parsers.FactoryConfigurationError:
java.lang.ClassNotFoundException:
org.apache.crimson.jaxp.SAXParserF
actoryImpl
at
javax.xml.parsers.SAXParserFactory.newInstance(SAXParserFactory.java:120)
at
org.apache.tools.ant.ProjectHelper.getParserFactory(ProjectHelper.java:706)
at
org.apache.tools.ant.ProjectHelper.parse(ProjectHelper.java:105)
at
org.apache.tools.ant.ProjectHelper.configureProject(ProjectHelper.java:85)
at
org.apache.tools.ant.Main.runBuild(Main.java:403)
at
org.apache.tools.ant.Main.main(Main.java:149)

Total time: 0 seconds
java.lang.ClassNotFoundException:
org.apache.crimson.jaxp.SAXParserFactoryImpl

Is Tomcat 3.2.3 compatible with JAXP 1.1 ??

Thanks
Renato - Brazil.

__
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com

Problem with ThreadPool.java

[Renato Weiner]

Hi all,

I was running some volume tests with Tomcat 3.2.3 using the 'ab' application that 
comes with apache. I simulated diffent loads of concurrent users. If set the 
concurrency to 5 it runs fine my Servlets, but if I set to more than 8, I got an 
exception in the ThreadPool. Here is the message:

2001-07-26 19:00:14 - ThreadPool: Caught exception executing org.apache.tomcat.s
ervice.TcpWorkerThread@799ff5, terminating thread - java.util.NoSuchElementExcep
tion
at java.util.Vector.lastElement(Vector.java:454)
at org.apache.tomcat.util.ThreadPool.runIt(ThreadPool.java:234)
at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
405)
at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:501)
at java.lang.Thread.run(Thread.java:484)

The error is reproducable. If anybody send a patch I can test it.

Thanks

Renato.

 

 



-
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core ContextManager.java

[Renato Weiner]

 Hi Larry,
Please, ignore my last message. With this change, it fixed the problem. 
Thanks a lot !!
Renato.
 
  [EMAIL PROTECTED] wrote: 
larryi 01/07/06 11:40:08Modified: src/share/org/apache/tomcat/core Tag: tomcat_32ContextManager.javaLog:Fix recursive error handling if web.xml maps error code 404 to a non-existentJSP page. With this fix, no response will be sent if status handler is calledrecursively. You will need to examine the log output to see the error.If web.xml maps error code 404 to a non-existent html, use default "not found"handler instead of default "status" handler.Revision Changes PathNo revisionNo revision1.100.2.24 +22 -2 jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.javaIndex: ContextManager.java===RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ContextManager.java,vretrieving revision 1.100.2.23retrieving revision 1.100.2.24diff -u -r1.100.2.23 -r1.100.2.24--- ContextManager.java 2001/04/25 16:50:12 1.100.2.23+++ ContextManager.java 2001/07/06 18:40:05 1.100.2.24@@ -1047,8 +1047,16 @@if( debug>0 )ctx.log( "Handler " + errorServlet + " " + errorPath);- if( errorServlet==null )- errorServlet=ctx.getServletByName( "tomcat.statusHandler");+ if ( statusLoop( ctx, req ) ){+ log( "Error loop for " + req + " error code " + code);+ return;+ }+ if( errorServlet==null ) {+ if( code == 404 )+ errorServlet=ctx.getServletByName( "tomcat.notFoundHandler");+ else+ errorServlet=ctx.getServletByName( "tomcat.statusHandler");+ }req.setAttribute("javax.servlet.error.status_code",new Integer( code));@@ -1194,6 +1202,18 @@return true;}return false;+ }++ /** Handle the case of status handler generating an error+ */+ private boolean statusLoop( Context ctx, Request req ) {+ if ( req.getAttribute("javax.servlet.error.status_code") != null ) {+ if( ctx.getDebug() > 0 )+ ctx.log( "Error: nested error inside status servlet " ++ req.getAttribute("javax.servlet.error.status_code"));+ return true;+ }+ return false;}/**Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!http://personal.mail.yahoo.com/

RE: Tomcat 3.2.2 and Error page 404 ( not solved )

[Renato Weiner]

 Hi Marc,
The latest nightly build didn't work either. This is what I did, just to check.
I downloaded jakarta-tomcat-20010705-src.tar.gz ( from tomcat-3.2-dev tree ) and compiled. My web.xml is:
.
404/404.jsp
404.jsp doesn't exist. 
I have the looping messages I described early. 
Just to make sure I wasn't doing anything wrong with the compilation, I downloaded the binaries, tested and it didn't work.
I think this error should be fixed. Users delete files and commit mistakes all the time and misconfiguring the web.xml is a very common one.
Thanks all
Renato.
 
 
  Marc Saegesser <[EMAIL PROTECTED]> wrote: 
This has already been fixed in 3.2.3-dev. Try the latest nightly build.> -Original Message-> From: David Rees [mailto:[EMAIL PROTECTED]]> Sent: Wednesday, July 04, 2001 3:14 PM> To: [EMAIL PROTECTED]> Subject: Re: Tomcat 3.2.2 and Error page 404> > > On Wed, Jul 04, 2001 at 11:53:05AM -0700, Renato Weiner wrote:> > > > Hi all,> > I know this has been discussed, but I can't find an ultimate > answer on this topic. I'm running Tomcat 3.2.2, I have latest the > StaticInterceptor.java from CVS. If I configure my web.xml with a > dynamic 404 error ( let's sat 404.jsp ) that doesn't exist, I got > an endless loop:> > > > 2001-07-04 02:10:17 - Ctx( : ): 404 R( + /servlet/xxx + > null) JSP file not found> > > > 2001-07-04 02:10:17 - Ctx( : ): Get real path /404.jsp > /home/client1/404.jsp /home/client1> > > > 2001-07-04 02:10:17 - Ctx( : ): Get real path /404.jsp > /home/client1/404.jsp /home/client1> > > > 2001-07-04 02:10:17 - Ctx( : ): Get real path /404.jsp > /home/client1/404.jsp /home/client1> > > > Do anybody has a solution for this ?> > I have hit this myself. The only solution is to make sure that > the error pages you > define in face do exist. I haven't had time to look into root > cause of this myself, but > I'm not familiar with the Tomcat source anyway...> > -DaveDo You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!http://personal.mail.yahoo.com/

Tomcat 3.2.2 and Error page 404

[Renato Weiner]

 Hi all,
I know this has been discussed, but I can't find an ultimate answer on this topic. I'm running Tomcat 3.2.2, I have latest the StaticInterceptor.java from CVS. If I configure my web.xml with a dynamic 404 error ( let's sat 404.jsp ) that doesn't exist, I got an endless loop:
2001-07-04 02:10:17 - Ctx( : ): 404 R(  + /servlet/xxx + null) JSP file not found
2001-07-04 02:10:17 - Ctx( : ): Get real path /404.jsp /home/client1/404.jsp /home/client1
2001-07-04 02:10:17 - Ctx( : ): Get real path /404.jsp /home/client1/404.jsp /home/client1
2001-07-04 02:10:17 - Ctx( : ): Get real path /404.jsp /home/client1/404.jsp /home/client1
Do anybody has a solution for this ?
Thanks 
Renato.Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!http://personal.mail.yahoo.com/

Timing-out servlet execution

[Renato Weiner]

Hi all,
I'm using Tomcat 3.2.2 in Linux, JDK 1.3.1, shared environment. Everything is pretty fine, except for the fact that sometimes one of the users write an endless loop. I looking for a way to 'time-out' servlet execution. I could change ServelWrapper class, but according some advise I received, it's very hard to terminate a Thread, since in Java 2, the method Thread.destroy() is not implement.
Does anybody have a patch that 'times-out' servlet execution ? Any hints to write a patch ?
Thanks 
Renato.Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!http://personal.mail.yahoo.com/