November 2009 - jbossweb-commits - Jboss List Archives

JBossWeb SVN: r1270 - in branches/2.1.x: webapps/docs and 1 other directories.

by jbossweb-commits＠lists.jboss.org

Author: jfrederic.clere(a)jboss.com Date: 2009-11-17 10:46:57 -0500 (Tue, 17 Nov 2009) New Revision: 1270 Modified: branches/2.1.x/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java branches/2.1.x/java/org/apache/tomcat/util/net/jsse/JSSESupport.java branches/2.1.x/webapps/docs/changelog.xml branches/2.1.x/webapps/docs/config/http.xml Log: Fix for cve-2009-3555. Modified: branches/2.1.x/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java =================================================================== --- branches/2.1.x/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 2009-11-17 14:18:11 UTC (rev 1269) +++ branches/2.1.x/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 2009-11-17 15:46:57 UTC (rev 1270) @@ -42,6 +42,8 @@ import java.util.Vector; import javax.net.ssl.CertPathTrustManagerParameters; +import javax.net.ssl.HandshakeCompletedEvent; +import javax.net.ssl.HandshakeCompletedListener; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.ManagerFactoryParameters; @@ -99,6 +101,7 @@ protected String clientAuth = "false"; protected SSLServerSocketFactory sslProxy = null; protected String[] enabledCiphers; + protected boolean allowUnsafeLegacyRenegotiation = false; /** * Flag to state that we require client authentication. @@ -149,13 +152,36 @@ SSLSocket asock = null; try { asock = (SSLSocket)socket.accept(); + if (!allowUnsafeLegacyRenegotiation) { + asock.addHandshakeCompletedListener( + new DisableSslRenegotiation()); + } configureClientAuth(asock); } catch (SSLException e){ throw new SocketException("SSL handshake error" + e.toString()); } return asock; } + + private static class DisableSslRenegotiation + implements HandshakeCompletedListener { + private volatile boolean completed = false; + public void handshakeCompleted(HandshakeCompletedEvent event) { + if (completed) { + try { + log.warn("SSL renegotiation is disabled, closing connection"); + event.getSession().invalidate(); + event.getSocket().close(); + } catch (IOException e) { + // ignore + } + } + completed = true; + } + } + + public void handshake(Socket sock) throws IOException { ((SSLSocket)sock).startHandshake(); } @@ -447,6 +473,9 @@ enabledCiphers = getEnabledCiphers(requestedCiphers, sslProxy.getSupportedCipherSuites()); + allowUnsafeLegacyRenegotiation = + "true".equals(attributes.get("allowUnsafeLegacyRenegotiation")); + // Check the SSL config is OK checkConfig(); Modified: branches/2.1.x/java/org/apache/tomcat/util/net/jsse/JSSESupport.java =================================================================== --- branches/2.1.x/java/org/apache/tomcat/util/net/jsse/JSSESupport.java 2009-11-17 14:18:11 UTC (rev 1269) +++ branches/2.1.x/java/org/apache/tomcat/util/net/jsse/JSSESupport.java 2009-11-17 15:46:57 UTC (rev 1270) @@ -170,7 +170,10 @@ break; } } - ssl.setSoTimeout(oldTimeout); + // If legacy re-negotiation is disabled, socked could be closed here + if (!ssl.isClosed()) { + ssl.setSoTimeout(oldTimeout); + } if (listener.completed == false) { throw new SocketException("SSL Cert handshake timeout"); } Modified: branches/2.1.x/webapps/docs/changelog.xml =================================================================== --- branches/2.1.x/webapps/docs/changelog.xml 2009-11-17 14:18:11 UTC (rev 1269) +++ branches/2.1.x/webapps/docs/changelog.xml 2009-11-17 15:46:57 UTC (rev 1270) @@ -20,6 +20,16 @@ <subsection name="Coyote"> <changelog> <fix> + Fix CVE-2009-3555, man-in-the-middle attack in TLS protocol. (markt) + </fix> + </changelog> + </subsection> +</section> + +<section name="JBoss Web 2.1.5.GA (remm)"> + <subsection name="Coyote"> + <changelog> + <fix> <bug>46950</bug>: Allow renegotiation to work for client certificates. (markt) </fix> <fix> Modified: branches/2.1.x/webapps/docs/config/http.xml =================================================================== --- branches/2.1.x/webapps/docs/config/http.xml 2009-11-17 14:18:11 UTC (rev 1269) +++ branches/2.1.x/webapps/docs/config/http.xml 2009-11-17 15:46:57 UTC (rev 1270) @@ -501,6 +501,13 @@ TrustStore then you are using for the KeyStore. </attribute> + <attribute name="allowUnsafeLegacyRenegotiation" required="false"> + Is unsafe legacy TLS renegotiation allowed which is likely to expose + users to CVE-2009-3555, a man-in-the-middle vulnerability in the TLS + protocol that allows an attacker to inject arbitrary data into the user's + request. If not specified, a default of <code>false</code> is used. + </attribute> + </attributes> For more information, see the

15 years, 1 month

1
0
0 / 0

JBossWeb SVN: r1269 - in trunk: test and 7 other directories.

by jbossweb-commits＠lists.jboss.org

Author: jfrederic.clere(a)jboss.com Date: 2009-11-17 09:18:11 -0500 (Tue, 17 Nov 2009) New Revision: 1269 Added: trunk/test/java/org/apache/catalina/ trunk/test/java/org/apache/catalina/startup/ trunk/test/java/org/apache/catalina/startup/TestTomcatSSL.java trunk/test/java/org/apache/catalina/startup/TomcatBaseTest.java trunk/test/java/org/apache/catalina/startup/test.keystore trunk/test/webapps/simple/ trunk/test/webapps/simple/index.html Modified: trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java trunk/test/build.xml trunk/webapps/docs/changelog.xml trunk/webapps/docs/config/http.xml Log: Fix for cve-2009-3555. Modified: trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java =================================================================== --- trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 2009-11-13 18:00:41 UTC (rev 1268) +++ trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 2009-11-17 14:18:11 UTC (rev 1269) @@ -42,6 +42,8 @@ import java.util.Vector; import javax.net.ssl.CertPathTrustManagerParameters; +import javax.net.ssl.HandshakeCompletedEvent; +import javax.net.ssl.HandshakeCompletedListener; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.ManagerFactoryParameters; @@ -99,6 +101,7 @@ protected String clientAuth = "false"; protected SSLServerSocketFactory sslProxy = null; protected String[] enabledCiphers; + protected boolean allowUnsafeLegacyRenegotiation = false; /** * Flag to state that we require client authentication. @@ -149,13 +152,36 @@ SSLSocket asock = null; try { asock = (SSLSocket)socket.accept(); + if (!allowUnsafeLegacyRenegotiation) { + asock.addHandshakeCompletedListener( + new DisableSslRenegotiation()); + } configureClientAuth(asock); } catch (SSLException e){ throw new SocketException("SSL handshake error" + e.toString()); } return asock; } + + private static class DisableSslRenegotiation + implements HandshakeCompletedListener { + private volatile boolean completed = false; + public void handshakeCompleted(HandshakeCompletedEvent event) { + if (completed) { + try { + log.warn("SSL renegotiation is disabled, closing connection"); + event.getSession().invalidate(); + event.getSocket().close(); + } catch (IOException e) { + // ignore + } + } + completed = true; + } + } + + public void handshake(Socket sock) throws IOException { ((SSLSocket)sock).startHandshake(); } @@ -447,6 +473,9 @@ enabledCiphers = getEnabledCiphers(requestedCiphers, sslProxy.getSupportedCipherSuites()); + allowUnsafeLegacyRenegotiation = + "true".equals(attributes.get("allowUnsafeLegacyRenegotiation")); + // Check the SSL config is OK checkConfig(); Modified: trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java =================================================================== --- trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java 2009-11-13 18:00:41 UTC (rev 1268) +++ trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java 2009-11-17 14:18:11 UTC (rev 1269) @@ -170,7 +170,10 @@ break; } } - ssl.setSoTimeout(oldTimeout); + // If legacy re-negotiation is disabled, socked could be closed here + if (!ssl.isClosed()) { + ssl.setSoTimeout(oldTimeout); + } if (listener.completed == false) { throw new SocketException("SSL Cert handshake timeout"); } Modified: trunk/test/build.xml =================================================================== --- trunk/test/build.xml 2009-11-13 18:00:41 UTC (rev 1268) +++ trunk/test/build.xml 2009-11-17 14:18:11 UTC (rev 1269) @@ -33,6 +33,8 @@ <property file="build.properties.default"/> <property name="test.classes" value="${basedir}/output/classes"/> + <property name="tomcat.classes" value="${basedir}/../output/classes"/> + <property name="tomcat.tmp" value="${basedir}/output/classes/output/"/> <property name="compile.source" value="1.5"/> @@ -41,6 +43,7 @@ <path id="jbossweb.test.classpath"> <pathelement location="${test.classes}"/> <pathelement location="${junit.jar}"/> + <pathelement location="${tomcat.classes}"/> </path> <target name="compile" depends="download"> @@ -56,6 +59,7 @@ optimize="${compile.optimize}"> <classpath refid="jbossweb.test.classpath" /> <include name="java/org/jboss/web/cookies/**" /> + <include name="java/org/apache/catalina/startup/**" /> </javac> </target> @@ -68,6 +72,21 @@ </java> </target> + <target name="ssl" depends="compile"> + <mkdir dir="${tomcat.tmp}" /> + <mkdir dir="${tomcat.tmp}/build/webapps/examples" /> + <copy todir="${tomcat.tmp}"> + <fileset dir="${basedir}/java/org/apache/catalina/startup" includes="*.keystore" /> + </copy> + <copy todir="${tomcat.tmp}/build/webapps/examples"> + <fileset dir="${basedir}/webapps/simple" includes="*.html" /> + </copy> + <java dir="${test.classes}" classname="${test.runner}" fork="yes"> + <arg value="org.apache.catalina.startup.TestTomcatSSL"/> + <classpath refid="jbossweb.test.classpath"/> + </java> + </target> +  <target name="proxyflags">  Added: trunk/test/java/org/apache/catalina/startup/TestTomcatSSL.java =================================================================== --- trunk/test/java/org/apache/catalina/startup/TestTomcatSSL.java (rev 0) +++ trunk/test/java/org/apache/catalina/startup/TestTomcatSSL.java 2009-11-17 14:18:11 UTC (rev 1269) @@ -0,0 +1,251 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.catalina.startup; + +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.security.cert.X509Certificate; + +import javax.net.ssl.HandshakeCompletedEvent; +import javax.net.ssl.HandshakeCompletedListener; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; + +import org.apache.catalina.connector.Connector; +import org.apache.tomcat.util.buf.ByteChunk; + +/** + * Requires test.keystore (checked in), generated with: + * keytool -genkey -alias tomcat -keyalg RSA + * pass: changeit + * CN: localhost ( for hostname validation ) + */ +public class TestTomcatSSL extends TomcatBaseTest { + static TrustManager[] trustAllCerts = new TrustManager[] { + new X509TrustManager() { + public X509Certificate[] getAcceptedIssuers() { + return null; + } + public void checkClientTrusted(X509Certificate[] certs, + String authType) { + // NOOP - Trust everything + } + public void checkServerTrusted(X509Certificate[] certs, + String authType) { + // NOOP - Trust everything + } + } + }; + + private void initSsl(Tomcat tomcat, boolean nio) throws Exception { + if (nio) { + Connector connector = + new Connector("org.apache.coyote.http11.Http11NioProtocol"); + connector.setPort(getPort()); + tomcat.getService().addConnector(connector); + tomcat.setConnector(connector); + tomcat.getConnector().setSecure(true); + } else { + tomcat.getConnector().setSecure(true); + } + tomcat.getConnector().setProperty("SSLEnabled", "true"); + tomcat.getConnector().setProperty("sslProtocol", + "tls"); + // test runs in output/tmp + tomcat.getConnector().setAttribute("keystore", + "../test.keystore"); + } + + public void testSimpleSsl() throws Exception { + simpleSsl(false); + } + + // No Nio in jbossweb + // public void testSimpleSslNio() throws Exception { + // simpleSsl(true); + // } + + public void simpleSsl(boolean nio) throws Exception { + // Install the all-trusting trust manager so https:// works + // with unsigned certs. + + try { + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, trustAllCerts, new java.security.SecureRandom()); + javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory( + sc.getSocketFactory()); + } catch (Exception e) { + e.printStackTrace(); + } + + Tomcat tomcat = getTomcatInstance(); + + File appDir = + new File("output/build/webapps/examples"); + tomcat.addWebapp(null, "/examples", appDir.getAbsolutePath()); + + initSsl(tomcat, nio); + + tomcat.start(); + ByteChunk res = getUrl("https://localhost:" + getPort() + + "/examples/"); + assertTrue(res.toString().indexOf("Hello World!") > 0); + } + + boolean handshakeDone = false; + + public void testRenegotiateFail() throws Exception { + renegotiateFail(false); + } + + public void renegotiateFail(boolean nio) throws Exception { + Tomcat tomcat = getTomcatInstance(); + + File appDir = + new File("output/build/webapps/examples"); + // app dir is relative to server home + tomcat.addWebapp(null, "/examples", appDir.getAbsolutePath()); + + initSsl(tomcat, nio); + // Default - MITM not enabled + + tomcat.start(); + SSLContext sslCtx = SSLContext.getInstance("TLS"); + sslCtx.init(null, trustAllCerts, new java.security.SecureRandom()); + SSLSocketFactory socketFactory = sslCtx.getSocketFactory(); + SSLSocket socket = (SSLSocket) socketFactory.createSocket("localhost", getPort()); + + socket.addHandshakeCompletedListener(new HandshakeCompletedListener() { + @Override + public void handshakeCompleted(HandshakeCompletedEvent event) { + handshakeDone = true; + } + }); + + OutputStream os = socket.getOutputStream(); + os.write("GET /examples/ HTTP/1.1\n".getBytes()); + os.flush(); + + InputStream is = socket.getInputStream(); + + socket.startHandshake(); + handshakeDone = false; + byte[] b = new byte[0]; + int maxTries = 5; // 5 sec should be enough - in NIO we'll timeout + socket.setSoTimeout(1000); + for (int i = 0; i < maxTries; i++) { + try { + is.read(b); + } catch (IOException e) { + // timeout + } + if (handshakeDone) { + break; + } + } + os = socket.getOutputStream(); + if (!handshakeDone) { + // success - we timedout without handshake + return; + } + try { + os.write("Host: localhost\n\n".getBytes()); + } catch (IOException ex) { + // success - connection closed + return; + } + + fail("Re-negotiation worked"); + + } + + public void testRenegotiateWorks() throws Exception { + renegotiateWorks(false); + } + + + // Re-negotiation not implemented in NIO + // public void testRenegotiateWorksNio() throws Exception { + // renegotiateWorks(true); + // } + + // public void testRenegotiateFailNio() throws Exception { + // renegotiateFail(true); + // } + + + public void renegotiateWorks(boolean nio) throws Exception { + Tomcat tomcat = getTomcatInstance(); + + File appDir = + new File("output/build/webapps/examples"); + // app dir is relative to server home + tomcat.addWebapp(null, "/examples", appDir.getAbsolutePath()); + + initSsl(tomcat, nio); + // Enable MITM attack + tomcat.getConnector().setAttribute("allowUnsafeLegacyRenegotiation", "true"); + + tomcat.start(); + SSLContext sslCtx = SSLContext.getInstance("TLS"); + sslCtx.init(null, trustAllCerts, new java.security.SecureRandom()); + SSLSocketFactory socketFactory = sslCtx.getSocketFactory(); + SSLSocket socket = (SSLSocket) socketFactory.createSocket("localhost", getPort()); + + socket.addHandshakeCompletedListener(new HandshakeCompletedListener() { + @Override + public void handshakeCompleted(HandshakeCompletedEvent event) { + handshakeDone = true; + } + }); + + OutputStream os = socket.getOutputStream(); + os.write("GET /examples/ HTTP/1.1\n".getBytes()); + os.flush(); + + InputStream is = socket.getInputStream(); + + socket.startHandshake(); + handshakeDone = false; + byte[] b = new byte[0]; + int maxTries = 5; + socket.setSoTimeout(1000); + for (int i = 0; i < maxTries; i++) { + try { + is.read(b); + } catch (IOException e) { + // timeout + } + if (handshakeDone) { + break; + } + } + os = socket.getOutputStream(); + + try { + os.write("Host: localhost\n\n".getBytes()); + } catch (IOException ex) { + fail("Re-negotiation failed"); + } + + } +} Added: trunk/test/java/org/apache/catalina/startup/TomcatBaseTest.java =================================================================== --- trunk/test/java/org/apache/catalina/startup/TomcatBaseTest.java (rev 0) +++ trunk/test/java/org/apache/catalina/startup/TomcatBaseTest.java 2009-11-17 14:18:11 UTC (rev 1269) @@ -0,0 +1,137 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.catalina.startup; + +import java.io.BufferedInputStream; +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.io.PrintWriter; +import java.net.HttpURLConnection; +import java.net.URL; +import java.util.List; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.tomcat.util.buf.ByteChunk; + +import junit.framework.TestCase; + +/** + * Base test case that provides a Tomcat instance for each test - mainly so we + * don't have to keep writing the cleanup code. + */ +public abstract class TomcatBaseTest extends TestCase { + private Tomcat tomcat; + private File tempDir; + private static int port = 8001; + + /** + * Make Tomcat instance accessible to sub-classes. + */ + public Tomcat getTomcatInstance() { + return tomcat; + } + + /** + * Sub-classes need to know port so they can connect + */ + public int getPort() { + return port; + } + + /** + * Sub-classes may want to add connectors on a new port + */ + public int getNextPort() { + port++; + return getPort(); + } + + @Override + public void setUp() throws Exception { + tempDir = new File("output/tmp"); + tempDir.mkdir(); + + tomcat = new Tomcat(); + tomcat.setBaseDir(tempDir.getAbsolutePath()); + tomcat.getHost().setAppBase(tempDir.getAbsolutePath() + "/webapps"); + + // If each test is running on same port - they + // may interfere with each other (on unix at least) + port++; + tomcat.setPort(port); + } + + @Override + public void tearDown() throws Exception { + tomcat.stop(); + ExpandWar.delete(tempDir); + } + + /** + * Simple Hello World servlet for use by test cases + */ + public static final class HelloWorldServlet extends HttpServlet { + + private static final long serialVersionUID = 1L; + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + PrintWriter out = resp.getWriter(); + out.print("<html><body>Hello World</body></html>"); + } + } + + + /** + * Wrapper for getting the response. + */ + public static ByteChunk getUrl(String path) throws IOException { + ByteChunk out = new ByteChunk(); + getUrl(path, out, null); + return out; + } + + public static int getUrl(String path, + ByteChunk out, + Map<String, List<String>> resHead) throws IOException { + URL url = new URL(path); + HttpURLConnection connection = + (HttpURLConnection) url.openConnection(); + connection.setReadTimeout(100000); + connection.connect(); + int rc = connection.getResponseCode(); + if (resHead != null) { + Map<String, List<String>> head = connection.getHeaderFields(); + resHead.putAll(head); + } + InputStream is = connection.getInputStream(); + BufferedInputStream bis = new BufferedInputStream(is); + byte[] buf = new byte[2048]; + int rd = 0; + while((rd = bis.read(buf)) > 0) { + out.append(buf, 0, rd); + } + return rc; + } +} Added: trunk/test/java/org/apache/catalina/startup/test.keystore =================================================================== (Binary files differ) Property changes on: trunk/test/java/org/apache/catalina/startup/test.keystore ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/test/webapps/simple/index.html =================================================================== --- trunk/test/webapps/simple/index.html (rev 0) +++ trunk/test/webapps/simple/index.html 2009-11-17 14:18:11 UTC (rev 1269) @@ -0,0 +1 @@ +<h1>Hello World!</h1> Modified: trunk/webapps/docs/changelog.xml =================================================================== --- trunk/webapps/docs/changelog.xml 2009-11-13 18:00:41 UTC (rev 1268) +++ trunk/webapps/docs/changelog.xml 2009-11-17 14:18:11 UTC (rev 1269) @@ -22,6 +22,9 @@ <update> Servlet 3.0 API. (remm) </update> + <fix> + Fix CVE-2009-3555, man-in-the-middle attack in TLS protocol. (markt) + </fix> <update> Commons Pool 1.5.2. (markt) </update> Modified: trunk/webapps/docs/config/http.xml =================================================================== --- trunk/webapps/docs/config/http.xml 2009-11-13 18:00:41 UTC (rev 1268) +++ trunk/webapps/docs/config/http.xml 2009-11-17 14:18:11 UTC (rev 1269) @@ -501,6 +501,13 @@ TrustStore then you are using for the KeyStore. </attribute> + <attribute name="allowUnsafeLegacyRenegotiation" required="false"> + Is unsafe legacy TLS renegotiation allowed which is likely to expose + users to CVE-2009-3555, a man-in-the-middle vulnerability in the TLS + protocol that allows an attacker to inject arbitrary data into the user's + request. If not specified, a default of <code>false</code> is used. + </attribute> + </attributes> For more information, see the

15 years, 1 month

1
0
0 / 0

JBossWeb SVN: r1268 - in trunk/java/org/apache/catalina: authenticator and 1 other directories.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2009-11-13 13:00:41 -0500 (Fri, 13 Nov 2009) New Revision: 1268 Modified: trunk/java/org/apache/catalina/Authenticator.java trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java trunk/java/org/apache/catalina/authenticator/Constants.java trunk/java/org/apache/catalina/connector/Request.java Log: - Move code over to authenticators, where it is pluggable. Modified: trunk/java/org/apache/catalina/Authenticator.java =================================================================== --- trunk/java/org/apache/catalina/Authenticator.java 2009-11-13 04:23:25 UTC (rev 1267) +++ trunk/java/org/apache/catalina/Authenticator.java 2009-11-13 18:00:41 UTC (rev 1268) @@ -37,10 +37,8 @@ public interface Authenticator { public boolean authenticate(Request request, HttpServletResponse response) throws IOException, ServletException; - // TODO -/* public boolean login(Request request, HttpServletResponse response, - String username, String password) + public void login(Request request, String username, String password) throws ServletException; - public boolean logout(Request request, HttpServletResponse response, Session session) - throws ServletException;*/ + public void logout(Request request) + throws ServletException; } Modified: trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java =================================================================== --- trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2009-11-13 04:23:25 UTC (rev 1267) +++ trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2009-11-13 18:00:41 UTC (rev 1268) @@ -385,6 +385,38 @@ } + public void login(Request request, String username, String password) + throws ServletException { + + // Is there an SSO session against which we can try to reauthenticate? + String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE); + if (ssoId != null) { + if (log.isDebugEnabled()) + log.debug("SSO Id " + ssoId + " set; attempting " + + "reauthentication"); + /* Try to reauthenticate using data cached by SSO. If this fails, + either the original SSO logon was of DIGEST or SSL (which + we can't reauthenticate ourselves because there is no + cached username and password), or the realm denied + the user's reauthentication for some reason. + In either case we have to prompt the user for a logon */ + if (reauthenticateFromSSO(ssoId, request)) + return; + } + + Realm realm = context.getRealm(); + Principal principal = realm.authenticate(username, password); + if (principal != null) { + register(request, request.getResponseFacade(), principal, Constants.LOGIN_METHOD, + username, password); + } + } + + public void logout(Request request) + throws ServletException { + unregister(request, request.getResponseFacade()); + } + /** * Enforce the security restrictions in the web application deployment * descriptor of our associated Context. @@ -453,12 +485,12 @@ // Make sure that constrained resources are not cached by web proxies // or browsers as caching can provide a security hole if (disableProxyCaching && - // FIXME: Disabled for Mozilla FORM support over SSL + // Note: Disabled for Mozilla FORM support over SSL // (improper caching issue) //!request.isSecure() && !"POST".equalsIgnoreCase(request.getMethod())) { if (securePagesWithPragma) { - // FIXME: These cause problems with downloading office docs + // Note: These cause problems with downloading office docs // from IE under SSL and may not be needed for newer Mozilla // clients. response.setHeader("Pragma", "No-cache"); @@ -794,6 +826,48 @@ } + /** + * Register an authenticated Principal and authentication type in our + * request, in the current session (if there is one), and with our + * SingleSignOn valve, if there is one. Set the appropriate cookie + * to be returned. + * + * @param request The servlet request we are processing + * @param response The servlet response we are generating + * @param principal The authenticated Principal to be registered + * @param authType The authentication type to be registered + * @param username Username used to authenticate (if any) + * @param password Password used to authenticate (if any) + */ + protected void unregister(Request request, HttpServletResponse response) { + + // Remove the authentication information from our request + request.setAuthType(null); + request.setUserPrincipal(null); + + Session session = request.getSessionInternal(false); + // Cache the authentication information in our session, if any + if (cache && session != null) { + session.setAuthType(null); + session.setPrincipal(null); + session.removeNote(Constants.SESS_USERNAME_NOTE); + session.removeNote(Constants.SESS_PASSWORD_NOTE); + } + + // Construct a cookie to be returned to the client + if (sso == null) + return; + + String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE); + if (ssoId != null) { + // Update the SSO session with the latest authentication data + request.removeNote(Constants.REQ_SSOID_NOTE); + sso.deregister(ssoId); + } + + } + + // ------------------------------------------------------ Lifecycle Methods Modified: trunk/java/org/apache/catalina/authenticator/Constants.java =================================================================== --- trunk/java/org/apache/catalina/authenticator/Constants.java 2009-11-13 04:23:25 UTC (rev 1267) +++ trunk/java/org/apache/catalina/authenticator/Constants.java 2009-11-13 18:00:41 UTC (rev 1268) @@ -28,6 +28,7 @@ public static final String CERT_METHOD = "CLIENT_CERT"; public static final String DIGEST_METHOD = "DIGEST"; public static final String FORM_METHOD = "FORM"; + public static final String LOGIN_METHOD = "LOGIN"; // User data constraints for transport guarantee public static final String NONE_TRANSPORT = "NONE"; Modified: trunk/java/org/apache/catalina/connector/Request.java =================================================================== --- trunk/java/org/apache/catalina/connector/Request.java 2009-11-13 04:23:25 UTC (rev 1267) +++ trunk/java/org/apache/catalina/connector/Request.java 2009-11-13 18:00:41 UTC (rev 1268) @@ -3084,32 +3084,23 @@ if (userPrincipal != null) { throw new ServletException(sm.getString("coyoteRequest.authFailed")); } - // TODO: for JBoss, should always call Authenticator.login instead so that there's - // a callback - Realm realm = context.getRealm(); - userPrincipal = realm.authenticate(username, password); + if (context.getAuthenticator() != null) { + context.getAuthenticator().login(this, username, password); + } else { + throw new ServletException(sm.getString("coyoteRequest.noAuthenticator")); + } if (userPrincipal == null) { throw new ServletException(sm.getString("coyoteRequest.authFailed")); } - authType = "LOGIN"; - Session session = getSessionInternal(false); - if (session != null) { - session.setPrincipal(userPrincipal); - session.setAuthType(authType); - } - // Note: if SSO is needed, AuthenticatorBase.register is needed } public void logout() throws ServletException { - // TODO: for JBoss, should always call Authenticator.logout instead so that there's - // a callback Principal principal = userPrincipal; - userPrincipal = null; - authType = null; - Session session = getSessionInternal(false); - if (session != null) { - session.setPrincipal(null); - session.setAuthType(null); + if (context.getAuthenticator() != null) { + context.getAuthenticator().logout(this); + } else { + userPrincipal = null; + authType = null; } if (principal instanceof GenericPrincipal) { GenericPrincipal gp = (GenericPrincipal) principal;

15 years, 1 month

1
0
0 / 0

JBossWeb SVN: r1267 - trunk/java/org/apache/jasper/compiler.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2009-11-12 23:23:25 -0500 (Thu, 12 Nov 2009) New Revision: 1267 Modified: trunk/java/org/apache/jasper/compiler/Generator.java trunk/java/org/apache/jasper/compiler/Node.java trunk/java/org/apache/jasper/compiler/Parser.java trunk/java/org/apache/jasper/compiler/Validator.java Log: - Error on undeclared namespace. - Omit support for jsp:attribute. Modified: trunk/java/org/apache/jasper/compiler/Generator.java =================================================================== --- trunk/java/org/apache/jasper/compiler/Generator.java 2009-11-13 01:25:12 UTC (rev 1266) +++ trunk/java/org/apache/jasper/compiler/Generator.java 2009-11-13 04:23:25 UTC (rev 1267) @@ -1900,14 +1900,29 @@ Node.JspAttribute[] attrs = n.getJspAttributes(); for (int i = 0; attrs != null && i < attrs.length; i++) { String attrStr = null; + String omit = null; if (attrs[i].isNamedAttribute()) { + Node.JspAttribute omitAttribute = attrs[i].getNamedAttributeNode().getOmitAttribute(); + if (omitAttribute != null) { + if (omitAttribute.isLiteral()) { + if (JspUtil.booleanValue(omitAttribute.getValue())) { + continue; + } + } else { + omit = "(!" + attributeValue(attrs[i].getNamedAttributeNode().getOmitAttribute(), false, Boolean.class) + ") ? "; + } + } attrStr = generateNamedAttributeValue(attrs[i] .getNamedAttributeNode()); } else { attrStr = attributeValue(attrs[i], false, Object.class); } - String s = " + \" " + attrs[i].getName() + "=\\\"\" + " - + attrStr + " + \"\\\"\""; + String s = null; + if (omit == null) { + s = " + \" " + attrs[i].getName() + "=\\\"\" + " + attrStr + " + \"\\\"\""; + } else { + s = " + (" + omit + "(\" " + attrs[i].getName() + "=\\\"\" + " + attrStr + " + \"\\\"\") : (\"\"))"; + } map.put(attrs[i].getName(), s); } Modified: trunk/java/org/apache/jasper/compiler/Node.java =================================================================== --- trunk/java/org/apache/jasper/compiler/Node.java 2009-11-13 01:25:12 UTC (rev 1266) +++ trunk/java/org/apache/jasper/compiler/Node.java 2009-11-13 04:23:25 UTC (rev 1267) @@ -1869,11 +1869,15 @@ private ChildInfo childInfo; private String name; + + private String omit; private String localName; private String prefix; + private JspAttribute omitAttribute; + public NamedAttribute(Attributes attrs, Mark start, Node parent) { this(JSP_ATTRIBUTE_ACTION, attrs, null, null, start, parent); } @@ -1900,6 +1904,8 @@ localName = name.substring(index + 1); } } + if (parent instanceof JspElement) + omit = this.getAttributeValue("omit"); } public void accept(Visitor v) throws JasperException { @@ -1926,6 +1932,18 @@ return trim; } + public String getOmit() { + return this.omit; + } + + public JspAttribute getOmitAttribute() { + return omitAttribute; + } + + public void setOmitAttribute(JspAttribute omitAttribute) { + this.omitAttribute = omitAttribute; + } + /** * @return A unique temporary variable name to store the result in. * (this probably could go elsewhere, but it's convenient here) @@ -2288,7 +2306,7 @@ * time. */ public boolean isLiteral() { - return !expression && (el != null) && !namedAttribute; + return !expression && (el == null) && !namedAttribute; } /** Modified: trunk/java/org/apache/jasper/compiler/Parser.java =================================================================== --- trunk/java/org/apache/jasper/compiler/Parser.java 2009-11-13 01:25:12 UTC (rev 1266) +++ trunk/java/org/apache/jasper/compiler/Parser.java 2009-11-13 04:23:25 UTC (rev 1267) @@ -1214,6 +1214,9 @@ // Check if this is a user-defined tag. String uri = pageInfo.getURI(prefix); if (uri == null) { + if (pageInfo.isErrorOnUndeclaredNamespace()) { + err.jspError(start, "jsp.error.bad_tag", shortTagName, prefix); + } reader.reset(start); // Remember the prefix for later error checking pageInfo.putNonCustomTagPrefix(prefix, reader.mark()); Modified: trunk/java/org/apache/jasper/compiler/Validator.java =================================================================== --- trunk/java/org/apache/jasper/compiler/Validator.java 2009-11-13 01:25:12 UTC (rev 1266) +++ trunk/java/org/apache/jasper/compiler/Validator.java 2009-11-13 04:23:25 UTC (rev 1267) @@ -478,6 +478,7 @@ private static final JspUtil.ValidAttribute[] attributeAttrs = { new JspUtil.ValidAttribute("name", true), + new JspUtil.ValidAttribute("omit"), new JspUtil.ValidAttribute("trim") }; private static final JspUtil.ValidAttribute[] invokeAttrs = { @@ -674,6 +675,17 @@ public void visit(Node.NamedAttribute n) throws JasperException { JspUtil.checkAttributes("Attribute", n, attributeAttrs, err); visitBody(n); + if (n.getOmit() != null) { + Attributes attrs = n.getAttributes(); + for (int i = 0; i < attrs.getLength(); i++) { + if ("omit".equals(attrs.getLocalName(i))) { + n.setOmitAttribute(getJspAttribute(null, attrs.getQName(i), + attrs.getURI(i), attrs.getLocalName(i), + attrs.getValue(i), java.lang.Boolean.class, + n, false)); + } + } + } } public void visit(Node.JspBody n) throws JasperException {

15 years, 1 month

1
0
0 / 0

JBossWeb SVN: r1266 - in trunk/java/org/apache/catalina: connector and 1 other directory.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2009-11-12 20:25:12 -0500 (Thu, 12 Nov 2009) New Revision: 1266 Modified: trunk/java/org/apache/catalina/Authenticator.java trunk/java/org/apache/catalina/connector/Request.java Log: - Auth needs to be pluggable, so plan to move it to AuthenticatorBase. Modified: trunk/java/org/apache/catalina/Authenticator.java =================================================================== --- trunk/java/org/apache/catalina/Authenticator.java 2009-11-11 18:26:08 UTC (rev 1265) +++ trunk/java/org/apache/catalina/Authenticator.java 2009-11-13 01:25:12 UTC (rev 1266) @@ -37,4 +37,10 @@ public interface Authenticator { public boolean authenticate(Request request, HttpServletResponse response) throws IOException, ServletException; + // TODO +/* public boolean login(Request request, HttpServletResponse response, + String username, String password) + throws ServletException; + public boolean logout(Request request, HttpServletResponse response, Session session) + throws ServletException;*/ } Modified: trunk/java/org/apache/catalina/connector/Request.java =================================================================== --- trunk/java/org/apache/catalina/connector/Request.java 2009-11-11 18:26:08 UTC (rev 1265) +++ trunk/java/org/apache/catalina/connector/Request.java 2009-11-13 01:25:12 UTC (rev 1266) @@ -3081,15 +3081,28 @@ } public void login(String username, String password) throws ServletException { + if (userPrincipal != null) { + throw new ServletException(sm.getString("coyoteRequest.authFailed")); + } + // TODO: for JBoss, should always call Authenticator.login instead so that there's + // a callback Realm realm = context.getRealm(); userPrincipal = realm.authenticate(username, password); if (userPrincipal == null) { throw new ServletException(sm.getString("coyoteRequest.authFailed")); } authType = "LOGIN"; + Session session = getSessionInternal(false); + if (session != null) { + session.setPrincipal(userPrincipal); + session.setAuthType(authType); + } + // Note: if SSO is needed, AuthenticatorBase.register is needed } public void logout() throws ServletException { + // TODO: for JBoss, should always call Authenticator.logout instead so that there's + // a callback Principal principal = userPrincipal; userPrincipal = null; authType = null;

15 years, 1 month

1
0
0 / 0

JBossWeb SVN: r1265 - tags.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2009-11-11 13:26:08 -0500 (Wed, 11 Nov 2009) New Revision: 1265 Added: tags/JBOSSWEB_3_0_0_ALPHA18/ Log: - Should fix cookie regression. Copied: tags/JBOSSWEB_3_0_0_ALPHA18 (from rev 1264, trunk)

15 years, 1 month

1
0
0 / 0

JBossWeb SVN: r1264 - in trunk: res/jboss/org/apache/catalina/startup and 1 other directory.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2009-11-11 13:21:45 -0500 (Wed, 11 Nov 2009) New Revision: 1264 Modified: trunk/java/org/apache/tomcat/util/http/ServerCookie.java trunk/res/jboss/org/apache/catalina/startup/catalina.properties Log: - Cookie fix (which is not going to do anything since the path is normally escaped). - Disable slash as a separator for now. Modified: trunk/java/org/apache/tomcat/util/http/ServerCookie.java =================================================================== --- trunk/java/org/apache/tomcat/util/http/ServerCookie.java 2009-11-11 03:29:33 UTC (rev 1263) +++ trunk/java/org/apache/tomcat/util/http/ServerCookie.java 2009-11-11 18:21:45 UTC (rev 1264) @@ -373,7 +373,7 @@ maybeQuote2(version, buf, path); } else { if (FWD_SLASH_IS_SEPARATOR) { - maybeQuote2(version, buf, path, ServerCookie.tspecials, + maybeQuote2(version, buf, path, ServerCookie.tspecials2, false); } else { maybeQuote2(version, buf, path, Modified: trunk/res/jboss/org/apache/catalina/startup/catalina.properties =================================================================== --- trunk/res/jboss/org/apache/catalina/startup/catalina.properties 2009-11-11 03:29:33 UTC (rev 1263) +++ trunk/res/jboss/org/apache/catalina/startup/catalina.properties 2009-11-11 18:21:45 UTC (rev 1264) @@ -11,6 +11,7 @@ org.apache.catalina.core.StandardHost.deployOnStartup=false org.apache.catalina.core.StandardHost.deployXML=false org.apache.catalina.core.StandardHost.startChildren=false +org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR=false # String cache configuration. org.apache.tomcat.util.buf.StringCache.byte.enabled=true

15 years, 1 month

1
0
0 / 0

JBossWeb SVN: r1263 - in trunk/java/org/apache: tomcat/util/http/mapper and 1 other directory.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2009-11-10 22:29:33 -0500 (Tue, 10 Nov 2009) New Revision: 1263 Modified: trunk/java/org/apache/catalina/core/ApplicationContext.java trunk/java/org/apache/catalina/core/StandardContext.java trunk/java/org/apache/tomcat/util/http/mapper/Mapper.java Log: - Changes to support the special pseudo exact "" wrapper. Modified: trunk/java/org/apache/catalina/core/ApplicationContext.java =================================================================== --- trunk/java/org/apache/catalina/core/ApplicationContext.java 2009-11-11 00:31:24 UTC (rev 1262) +++ trunk/java/org/apache/catalina/core/ApplicationContext.java 2009-11-11 03:29:33 UTC (rev 1263) @@ -431,6 +431,10 @@ // Validate the path argument if (path == null) return (null); + if (path.equals("")) + path = "/"; + if (path.startsWith("?")) + path = "/" + path; if (!path.startsWith("/")) throw new IllegalArgumentException (sm.getString Modified: trunk/java/org/apache/catalina/core/StandardContext.java =================================================================== --- trunk/java/org/apache/catalina/core/StandardContext.java 2009-11-11 00:31:24 UTC (rev 1262) +++ trunk/java/org/apache/catalina/core/StandardContext.java 2009-11-11 03:29:33 UTC (rev 1263) @@ -5198,6 +5198,9 @@ if (urlPattern.indexOf('\n') >= 0 || urlPattern.indexOf('\r') >= 0) { return (false); } + if (urlPattern.equals("")) { + return (true); + } if (urlPattern.startsWith("*.")) { if (urlPattern.indexOf('/') < 0) { checkUnusualURLPattern(urlPattern); Modified: trunk/java/org/apache/tomcat/util/http/mapper/Mapper.java =================================================================== --- trunk/java/org/apache/tomcat/util/http/mapper/Mapper.java 2009-11-11 00:31:24 UTC (rev 1262) +++ trunk/java/org/apache/tomcat/util/http/mapper/Mapper.java 2009-11-11 03:29:33 UTC (rev 1263) @@ -371,7 +371,6 @@ */ protected void addWrapper(Context context, String path, Object wrapper, boolean jspWildCard) { - synchronized (context) { Wrapper newWrapper = new Wrapper(); newWrapper.object = wrapper; @@ -402,6 +401,10 @@ // Default wrapper newWrapper.name = ""; context.defaultWrapper = newWrapper; + } else if (path.equals("")) { + // Root wrapper + newWrapper.name = ""; + context.rootWrapper = newWrapper; } else { // Exact wrapper newWrapper.name = path; @@ -485,6 +488,9 @@ } else if (path.equals("/")) { // Default wrapper context.defaultWrapper = null; + } else if (path.equals("")) { + // Root wrapper + context.rootWrapper = null; } else { // Exact wrapper String name = path; @@ -697,7 +703,14 @@ // Rule 1 -- Exact Match Wrapper[] exactWrappers = context.exactWrappers; - internalMapExactWrapper(exactWrappers, path, mappingData); + if (!noServletPath && (pathEnd - servletPath) == 1 && context.rootWrapper != null) { + mappingData.requestPath.setString("/"); + mappingData.wrapperPath.setString(""); + mappingData.pathInfo.setString("/"); + mappingData.wrapper = context.rootWrapper.object; + } else { + internalMapExactWrapper(exactWrappers, path, mappingData); + } // Rule 2 -- Prefix Match boolean checkJspWelcomeFiles = false; @@ -1305,6 +1318,7 @@ public String[] welcomeResources = new String[0]; public javax.naming.Context resources = null; public Wrapper defaultWrapper = null; + public Wrapper rootWrapper = null; public Wrapper[] exactWrappers = new Wrapper[0]; public Wrapper[] wildcardWrappers = new Wrapper[0]; public Wrapper[] extensionWrappers = new Wrapper[0];

15 years, 1 month

1
0
0 / 0

JBossWeb SVN: r1262 - in trunk: java/org/apache/jasper/compiler and 2 other directories.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2009-11-10 19:31:24 -0500 (Tue, 10 Nov 2009) New Revision: 1262 Removed: trunk/java/org/apache/jasper/compiler/JCICompiler.java trunk/java/org/apache/naming/factory/MailSessionFactory.java trunk/java/org/apache/naming/factory/SendMailFactory.java trunk/java/org/apache/naming/factory/webservices/ trunk/lib/commons-jci-core-1.0.jar trunk/lib/jboss-jaxrpc.jar trunk/lib/mail.jar trunk/lib/wsdl4j.jar Modified: trunk/.classpath Log: - Drop dependencies. Modified: trunk/.classpath =================================================================== --- trunk/.classpath 2009-11-11 00:19:16 UTC (rev 1261) +++ trunk/.classpath 2009-11-11 00:31:24 UTC (rev 1262) @@ -2,9 +2,5 @@ <classpath> <classpathentry excluding="**/.svn/**" kind="src" path="java"/> <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> - <classpathentry kind="lib" path="lib/jboss-jaxrpc.jar"/> - <classpathentry kind="lib" path="lib/mail.jar"/> - <classpathentry kind="lib" path="lib/wsdl4j.jar"/> - <classpathentry kind="lib" path="lib/commons-jci-core-1.0.jar"/> <classpathentry kind="output" path=".settings/output"/> </classpath> Deleted: trunk/java/org/apache/jasper/compiler/JCICompiler.java =================================================================== --- trunk/java/org/apache/jasper/compiler/JCICompiler.java 2009-11-11 00:19:16 UTC (rev 1261) +++ trunk/java/org/apache/jasper/compiler/JCICompiler.java 2009-11-11 00:31:24 UTC (rev 1262) @@ -1,137 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.jasper.compiler; - -import java.io.File; -import java.io.FileNotFoundException; -import java.util.ArrayList; - -import org.apache.commons.jci.compilers.CompilationResult; -import org.apache.commons.jci.compilers.JavaCompiler; -import org.apache.commons.jci.compilers.JavaCompilerFactory; -import org.apache.commons.jci.compilers.JavaCompilerSettings; -import org.apache.commons.jci.problems.CompilationProblem; -import org.apache.commons.jci.readers.FileResourceReader; -import org.apache.commons.jci.stores.FileResourceStore; -import org.apache.jasper.JasperException; - -/** - * JDT class compiler. This compiler will load source dependencies from the - * context classloader, reducing dramatically disk access during - * the compilation process. - * - * @author Cocoon2 - * @author Remy Maucherat - */ -public class JCICompiler extends org.apache.jasper.compiler.Compiler { - - - /** - * Compile the servlet from .java file to .class file - */ - protected void generateClass(String[] smap) - throws FileNotFoundException, JasperException, Exception { - - long t1 = 0; - if (log.isDebugEnabled()) { - t1 = System.currentTimeMillis(); - } - - String packageName = ctxt.getServletPackageName(); - ClassLoader classLoader = ctxt.getJspLoader(); - - String targetResource = (((packageName.length() != 0) ? (packageName + ".") : "") - + ctxt.getServletClassName()).replace('.', '/') + ".java"; - String[] resources = new String[] {targetResource}; - - JavaCompiler javaCompiler = (new JavaCompilerFactory()).createCompiler(options.getCompiler().substring(4)); - FileResourceReader reader = new FileResourceReader(ctxt.getOptions().getScratchDir()); - FileResourceStore store = new FileResourceStore(ctxt.getOptions().getScratchDir()); - JavaCompilerSettings settings = javaCompiler.createDefaultSettings(); - if (settings == null) { - settings = new JavaCompilerSettings(); - } - settings.setDeprecations(false); - if (ctxt.getOptions().getJavaEncoding() != null) { - settings.setSourceEncoding(ctxt.getOptions().getJavaEncoding()); - } - if (ctxt.getOptions().getClassDebugInfo()) { - // No support - } - // Source JVM - if (ctxt.getOptions().getCompilerSourceVM() != null) { - settings.setSourceVersion(ctxt.getOptions().getCompilerSourceVM()); - } else { - // Default to 1.5 - settings.setSourceVersion("1.5"); - } - // Target JVM - if (ctxt.getOptions().getCompilerTargetVM() != null) { - settings.setTargetVersion(ctxt.getOptions().getCompilerTargetVM()); - } else { - // Default to 1.5 - settings.setTargetVersion("1.5"); - } - - CompilationResult result = javaCompiler.compile(resources, reader, store, classLoader, settings); - - ArrayList<JavacErrorDetail> problemList = new ArrayList<JavacErrorDetail>(); - CompilationProblem[] problems = result.getErrors(); - if (problems != null) { - try { - for (int i = 0; i < problems.length; i++) { - CompilationProblem problem = problems[i]; - problemList.add(ErrorDispatcher.createJavacError - (problem.getFileName(), pageNodes, new StringBuilder(problem.getMessage()), - problem.getStartLine(), ctxt)); - } - } catch (JasperException e) { - log.error("Error visiting node", e); - } - } - - if (!ctxt.keepGenerated()) { - File javaFile = new File(ctxt.getServletJavaFileName()); - javaFile.delete(); - } - - if (!problemList.isEmpty()) { - JavacErrorDetail[] jeds = - (JavacErrorDetail[]) problemList.toArray(new JavacErrorDetail[0]); - errDispatcher.javacError(jeds); - } - - if( log.isDebugEnabled() ) { - long t2=System.currentTimeMillis(); - log.debug("Compiled " + ctxt.getServletJavaFileName() + " " - + (t2-t1) + "ms"); - } - - if (ctxt.isPrototypeMode()) { - return; - } - - // JSR45 Support - if (! options.isSmapSuppressed()) { - SmapUtil.installSmap(smap); - } - - } - - -} Deleted: trunk/java/org/apache/naming/factory/MailSessionFactory.java =================================================================== --- trunk/java/org/apache/naming/factory/MailSessionFactory.java 2009-11-11 00:19:16 UTC (rev 1261) +++ trunk/java/org/apache/naming/factory/MailSessionFactory.java 2009-11-11 00:31:24 UTC (rev 1262) @@ -1,157 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.naming.factory; - -import java.security.AccessController; -import java.security.PrivilegedAction; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Properties; -import javax.mail.Authenticator; -import javax.mail.PasswordAuthentication; -import javax.mail.Session; -import javax.naming.Name; -import javax.naming.Context; -import javax.naming.RefAddr; -import javax.naming.Reference; -import javax.naming.spi.ObjectFactory; - -/** - * Factory class that creates a JNDI named JavaMail Session factory, - * which can be used for managing inbound and outbound electronic mail - * messages via JavaMail APIs. All messaging environment properties - * described in the JavaMail Specification may be passed to the Session - * factory; however the following properties are the most commonly used: - * <ul> - * <li> - * <li>mail.smtp.host - Hostname for outbound transport - * connections. Defaults to <code>localhost</code> if not specified.</li> - * </ul> - * - * This factory can be configured in a <code><DefaultContext></code> - * or <code><Context></code> element in your <code>conf/server.xml</code> - * configuration file. An example of factory configuration is: - * <pre> - * <Resource name="mail/smtp" auth="CONTAINER" - * type="javax.mail.Session"/> - * <ResourceParams name="mail/smtp"> - * <parameter> - * <name>factory</name> - * <value>org.apache.naming.factory.MailSessionFactory</value> - * </parameter> - * <parameter> - * <name>mail.smtp.host</name> - * <value>mail.mycompany.com</value> - * </parameter> - * </ResourceParams> - * </pre> - * - * @author Craig R. McClanahan - * @version $Revision$ $Date$ - */ - -public class MailSessionFactory implements ObjectFactory { - - - /** - * The Java type for which this factory knows how to create objects. - */ - protected static final String factoryType = "javax.mail.Session"; - - - /** - * Create and return an object instance based on the specified - * characteristics. - * - * @param refObj Reference information containing our parameters, or null - * if there are no parameters - * @param name The name of this object, relative to context, or null - * if there is no name - * @param context The context to which name is relative, or null if name - * is relative to the default initial context - * @param env Environment variables, or null if there are none - * - * @exception Exception if an error occurs during object creation - */ - public Object getObjectInstance(Object refObj, Name name, Context context, - Hashtable env) throws Exception - { - - // Return null if we cannot create an object of the requested type - final Reference ref = (Reference) refObj; - if (!ref.getClassName().equals(factoryType)) - return (null); - - // Create a new Session inside a doPrivileged block, so that JavaMail - // can read its default properties without throwing Security - // exceptions. - // - // Bugzilla 31288, 33077: add support for authentication. - return AccessController.doPrivileged( new PrivilegedAction() { - public Object run() { - - // Create the JavaMail properties we will use - Properties props = new Properties(); - props.put("mail.transport.protocol", "smtp"); - props.put("mail.smtp.host", "localhost"); - - String password = null; - - Enumeration attrs = ref.getAll(); - while (attrs.hasMoreElements()) { - RefAddr attr = (RefAddr) attrs.nextElement(); - if ("factory".equals(attr.getType())) { - continue; - } - - if ("password".equals(attr.getType())) { - password = (String) attr.getContent(); - continue; - } - - props.put(attr.getType(), (String) attr.getContent()); - } - - Authenticator auth = null; - if (password != null) { - String user = props.getProperty("mail.smtp.user"); - if(user == null) { - user = props.getProperty("mail.user"); - } - - if(user != null) { - final PasswordAuthentication pa = new PasswordAuthentication(user, password); - auth = new Authenticator() { - protected PasswordAuthentication getPasswordAuthentication() { - return pa; - } - }; - } - } - - // Create and return the new Session object - Session session = Session.getInstance(props, auth); - return (session); - - } - } ); - - } - - -} Deleted: trunk/java/org/apache/naming/factory/SendMailFactory.java =================================================================== --- trunk/java/org/apache/naming/factory/SendMailFactory.java 2009-11-11 00:19:16 UTC (rev 1261) +++ trunk/java/org/apache/naming/factory/SendMailFactory.java 2009-11-11 00:31:24 UTC (rev 1262) @@ -1,126 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.naming.factory; - -import java.security.AccessController; -import java.security.PrivilegedAction; -import java.util.Hashtable; -import java.util.Properties; -import java.util.Enumeration; -import javax.mail.Session; -import javax.mail.internet.InternetAddress; -import javax.mail.internet.MimeMessage; -import javax.mail.internet.MimePart; -import javax.mail.internet.MimePartDataSource; -import javax.naming.Name; -import javax.naming.Context; -import javax.naming.Reference; -import javax.naming.RefAddr; -import javax.naming.spi.ObjectFactory; - -/** - * Factory class that creates a JNDI named javamail MimePartDataSource - * object which can be used for sending email using SMTP. - * - * Can be configured in the DefaultContext or Context scope - * of your server.xml configuration file. - * - * Example: - * - * <pre> - * <Resource name="mail/send" auth="CONTAINER" - * type="javax.mail.internet.MimePartDataSource"/> - * <ResourceParams name="mail/send"> - * <parameter><name>factory</name> - * <value>org.apache.naming.factory.SendMailFactory</value> - * </parameter> - * <parameter><name>mail.smtp.host</name> - * <value>your.smtp.host</value> - * </parameter> - * <parameter><name>mail.smtp.user</name> - * <value>someuser</value> - * </parameter> - * <parameter><name>mail.from</name> - * <value>someuser(a)some.host</value> - * </parameter> - * <parameter><name>mail.smtp.sendpartial</name> - * <value>true</value> - * </parameter> - * <parameter><name>mail.smtp.dsn.notify</name> - * <value>FAILURE</value> - * </parameter> - * <parameter><name>mail.smtp.dsn.ret</name> - * <value>FULL</value> - * </parameter> - * </ResourceParams> - * </pre> - * - * @author Glenn Nielsen Rich Catlett - */ - -public class SendMailFactory implements ObjectFactory -{ - // The class name for the javamail MimeMessageDataSource - protected final String DataSourceClassName = - "javax.mail.internet.MimePartDataSource"; - - public Object getObjectInstance(Object RefObj, Name Nm, Context Ctx, - Hashtable Env) throws Exception - { - final Reference Ref = (Reference)RefObj; - - // Creation of the DataSource is wrapped inside a doPrivileged - // so that javamail can read its default properties without - // throwing Security Exceptions - if (Ref.getClassName().equals(DataSourceClassName)) { - return AccessController.doPrivileged( new PrivilegedAction() - { - public Object run() { - // set up the smtp session that will send the message - Properties props = new Properties(); - // enumeration of all refaddr - Enumeration list = Ref.getAll(); - // current refaddr to be set - RefAddr refaddr; - // set transport to smtp - props.put("mail.transport.protocol", "smtp"); - - while (list.hasMoreElements()) { - refaddr = (RefAddr)list.nextElement(); - - // set property - props.put(refaddr.getType(), (String)refaddr.getContent()); - } - MimeMessage message = new MimeMessage( - Session.getInstance(props)); - try { - String from = (String)Ref.get("mail.from").getContent(); - message.setFrom(new InternetAddress(from)); - message.setSubject(""); - } catch (Exception e) {} - MimePartDataSource mds = new MimePartDataSource( - (MimePart)message); - return mds; - } - } ); - } - else { // We can't create an instance of the DataSource - return null; - } - } -} Deleted: trunk/lib/commons-jci-core-1.0.jar =================================================================== (Binary files differ) Deleted: trunk/lib/jboss-jaxrpc.jar =================================================================== (Binary files differ) Deleted: trunk/lib/mail.jar =================================================================== (Binary files differ) Deleted: trunk/lib/wsdl4j.jar =================================================================== (Binary files differ)

15 years, 1 month

1
0
0 / 0

JBossWeb SVN: r1261 - trunk/java/javax/servlet/http.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2009-11-10 19:19:16 -0500 (Tue, 10 Nov 2009) New Revision: 1261 Modified: trunk/java/javax/servlet/http/Cookie.java Log: - Cookie update. Use the RI's system property. Modified: trunk/java/javax/servlet/http/Cookie.java =================================================================== --- trunk/java/javax/servlet/http/Cookie.java 2009-11-10 17:11:41 UTC (rev 1260) +++ trunk/java/javax/servlet/http/Cookie.java 2009-11-11 00:19:16 UTC (rev 1261) @@ -96,25 +96,25 @@ */ public class Cookie implements Cloneable, Serializable { - private static final long serialVersionUID = 4014436410614806011L; + private static final long serialVersionUID = -6454587001725327448L; - public static final boolean STRICT = - Boolean.valueOf(System.getProperty("Cookie.STRICT", "false")).booleanValue(); + private static final String TSPECIALS; - private static final String tspecials; - static { - if (STRICT) { - tspecials = "/()<>@,;:\\\"[]?={} \t"; - } else { - tspecials = ",; "; - } - } - private static final String LSTRING_FILE = "javax.servlet.http.LocalStrings"; private static ResourceBundle lStrings = ResourceBundle.getBundle(LSTRING_FILE); + + static { + if (Boolean.valueOf(System.getProperty( + "org.glassfish.web.rfc2109_cookie_names_enforced", + "true")).booleanValue()) { + TSPECIALS = "/()<>@,;:\\\"[]?={} \t"; + } else { + TSPECIALS = ",; "; + } + } // // The value of the cookie itself. @@ -139,11 +139,13 @@ /** * Constructs a cookie with the specified name and value. * - * The name must conform to RFC 2109. That means it can contain - * only ASCII alphanumeric characters and cannot contain commas, - * semicolons, or white space or begin with a $ character. The cookie's - * name cannot be changed after creation. + * The name must conform to RFC 2109. However, vendors may + * provide a configuration option that allows cookie names conforming + * to the original Netscape Cookie Specification to be accepted. * + * The name of a cookie cannot be changed once the cookie has + * been created. + * * The value can be anything the server chooses to send. Its * value is probably of interest only to the server. The cookie's * value can be changed after creation with the @@ -446,7 +448,7 @@ int len = value.length(); for (int i = 0; i < len; i++) { char c = value.charAt(i); - if (c < 0x20 || c >= 0x7f || tspecials.indexOf(c) != -1) { + if (c < 0x20 || c >= 0x7f || TSPECIALS.indexOf(c) != -1) { return false; } }

15 years, 1 month

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

jbossweb-commits November 2009