August 2008 - jbossweb-commits - Jboss List Archives

JBossWeb SVN: r747 - trunk/java/org/apache/juli.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2008-08-25 07:02:39 -0400 (Mon, 25 Aug 2008) New Revision: 747 Modified: trunk/java/org/apache/juli/ClassLoaderLogManager.java Log: - Remove casts since generics are now used. Modified: trunk/java/org/apache/juli/ClassLoaderLogManager.java =================================================================== --- trunk/java/org/apache/juli/ClassLoaderLogManager.java 2008-08-25 10:59:29 UTC (rev 746) +++ trunk/java/org/apache/juli/ClassLoaderLogManager.java 2008-08-25 11:02:39 UTC (rev 747) @@ -135,9 +135,9 @@ Handler handler = null; ClassLoader current = classLoader; while (current != null) { - info = (ClassLoaderLogInfo) classLoaderLoggers.get(current); + info = classLoaderLoggers.get(current); if (info != null) { - handler = (Handler) info.handlers.get(handlerName); + handler = info.handlers.get(handlerName); if (handler != null) { break; } @@ -174,7 +174,7 @@ public synchronized Logger getLogger(final String name) { ClassLoader classLoader = Thread.currentThread() .getContextClassLoader(); - return (Logger) getClassLoaderInfo(classLoader).loggers.get(name); + return getClassLoaderInfo(classLoader).loggers.get(name); } @@ -198,7 +198,7 @@ public String getProperty(String name) { ClassLoader classLoader = Thread.currentThread() .getContextClassLoader(); - String prefix = (String) this.prefix.get(); + String prefix = this.prefix.get(); if (prefix != null) { name = prefix + name; } @@ -210,7 +210,7 @@ if ((result == null) && (info.props.isEmpty())) { ClassLoader current = classLoader.getParent(); while (current != null) { - info = (ClassLoaderLogInfo) classLoaderLoggers.get(current); + info = classLoaderLoggers.get(current); if (info != null) { result = info.props.getProperty(name); if ((result != null) || (!info.props.isEmpty())) { @@ -265,8 +265,7 @@ if (classLoader == null) { classLoader = ClassLoader.getSystemClassLoader(); } - ClassLoaderLogInfo info = (ClassLoaderLogInfo) classLoaderLoggers - .get(classLoader); + ClassLoaderLogInfo info = classLoaderLoggers.get(classLoader); if (info == null) { final ClassLoader classLoaderParam = classLoader; AccessController.doPrivileged(new PrivilegedAction() { @@ -279,7 +278,7 @@ return null; } }); - info = (ClassLoaderLogInfo) classLoaderLoggers.get(classLoader); + info = classLoaderLoggers.get(classLoader); } return info; } @@ -362,8 +361,7 @@ protected void readConfiguration(InputStream is, ClassLoader classLoader) throws IOException { - ClassLoaderLogInfo info = - (ClassLoaderLogInfo) classLoaderLoggers.get(classLoader); + ClassLoaderLogInfo info = classLoaderLoggers.get(classLoader); try { info.props.load(is); @@ -503,8 +501,7 @@ nextName = name.substring(0, dotIndex); name = name.substring(dotIndex + 1); } - LogNode childNode = (LogNode) currentNode.children - .get(nextName); + LogNode childNode = currentNode.children.get(nextName); if (childNode == null) { childNode = new LogNode(currentNode); currentNode.children.put(nextName, childNode);

15 years, 8 months

1
0
0 / 0

JBossWeb SVN: r746 - trunk/java/org/apache/catalina/startup.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2008-08-25 06:59:29 -0400 (Mon, 25 Aug 2008) New Revision: 746 Modified: trunk/java/org/apache/catalina/startup/ContextConfig.java Log: - Cleanup. Modified: trunk/java/org/apache/catalina/startup/ContextConfig.java =================================================================== --- trunk/java/org/apache/catalina/startup/ContextConfig.java 2008-08-25 10:58:38 UTC (rev 745) +++ trunk/java/org/apache/catalina/startup/ContextConfig.java 2008-08-25 10:59:29 UTC (rev 746) @@ -259,9 +259,9 @@ // Process the event that has occurred if (event.getType().equals(Lifecycle.START_EVENT)) { start(); - } else if (event.getType().equals(StandardContext.BEFORE_START_EVENT)) { + } else if (event.getType().equals(Lifecycle.BEFORE_START_EVENT)) { beforeStart(); - } else if (event.getType().equals(StandardContext.AFTER_START_EVENT)) { + } else if (event.getType().equals(Lifecycle.AFTER_START_EVENT)) { // Restore docBase for management tools if (originalDocBase != null) { String docBase = context.getDocBase();

15 years, 8 months

1
0
0 / 0

JBossWeb SVN: r745 - trunk/native/connector/src.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2008-08-25 06:58:38 -0400 (Mon, 25 Aug 2008) New Revision: 745 Modified: trunk/native/connector/src/address.c trunk/native/connector/src/info.c Log: - Keep the native code in sync. Modified: trunk/native/connector/src/address.c =================================================================== --- trunk/native/connector/src/address.c 2008-08-18 12:47:01 UTC (rev 744) +++ trunk/native/connector/src/address.c 2008-08-25 10:58:38 UTC (rev 745) @@ -30,6 +30,7 @@ apr_pool_t *p = J2P(pool, apr_pool_t *); TCN_ALLOC_CSTRING(hostname); apr_sockaddr_t *sa = NULL; + apr_sockaddr_t *sl = NULL; apr_int32_t f; @@ -38,10 +39,26 @@ TCN_THROW_IF_ERR(apr_sockaddr_info_get(&sa, J2S(hostname), f, (apr_port_t)port, (apr_int32_t)flags, p), sa); + sl = sa; + /* + * apr_sockaddr_info_get may return several address so this is not + * go to work in some cases (but as least it works for Linux) + * XXX: with AP_ENABLE_V4_MAPPED it is going to work otherwise it won't. + */ +#if APR_HAVE_IPV6 + if (hostname == NULL) { + /* Try all address using IPV6 one */ + while (sl) { + if (sl->family == APR_INET6) + break; /* Done */ + sl = sl->next; + } + } +#endif cleanup: TCN_FREE_CSTRING(hostname); - return P2J(sa); + return P2J(sl); } TCN_IMPLEMENT_CALL(jstring, Address, getnameinfo)(TCN_STDARGS, Modified: trunk/native/connector/src/info.c =================================================================== --- trunk/native/connector/src/info.c 2008-08-18 12:47:01 UTC (rev 744) +++ trunk/native/connector/src/info.c 2008-08-25 10:58:38 UTC (rev 745) @@ -200,12 +200,17 @@ static void fill_ainfo(JNIEnv *e, jobject obj, apr_sockaddr_t *info) { + apr_int32_t f; + if (info->family == APR_UNSPEC) f = 0; + else if (info->family == APR_INET) f = 1; + else if (info->family == APR_INET6) f = 2; + else f = info->family; SET_AINFO_J(pool, P2J(info->pool)); SET_AINFO_S(hostname, info->hostname); SET_AINFO_S(servname, info->servname); SET_AINFO_I(port, info->port); - SET_AINFO_I(family, info->family); + SET_AINFO_I(family, f); SET_AINFO_J(next, P2J(info->next)); }

15 years, 8 months

1
0
0 / 0

JBossWeb SVN: r744 - in trunk: webapps/docs and 1 other directory.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2008-08-18 08:47:01 -0400 (Mon, 18 Aug 2008) New Revision: 744 Modified: trunk/java/org/apache/catalina/connector/MapperListener.java trunk/webapps/docs/changelog.xml Log: - Fix possible NPE on shutdown. Modified: trunk/java/org/apache/catalina/connector/MapperListener.java =================================================================== --- trunk/java/org/apache/catalina/connector/MapperListener.java 2008-08-18 04:04:18 UTC (rev 743) +++ trunk/java/org/apache/catalina/connector/MapperListener.java 2008-08-18 12:47:01 UTC (rev 744) @@ -156,9 +156,10 @@ public void destroy() { try { - ObjectName objectName = new ObjectName( - "JMImplementation:type=MBeanServerDelegate"); - mBeanServer.removeNotificationListener(objectName, this); + ObjectName objectName = new ObjectName("JMImplementation:type=MBeanServerDelegate"); + if (mBeanServer != null) { + mBeanServer.removeNotificationListener(objectName, this); + } } catch (Exception e) { log.warn("Error unregistering MBeanServerDelegate", e); } Modified: trunk/webapps/docs/changelog.xml =================================================================== --- trunk/webapps/docs/changelog.xml 2008-08-18 04:04:18 UTC (rev 743) +++ trunk/webapps/docs/changelog.xml 2008-08-18 12:47:01 UTC (rev 744) @@ -42,6 +42,9 @@ <add> <bug>41407</bug>: Add support for CLIENT-CERT to the JASS Realm. (markt) </add> + <fix> + NPE on shutdown when an error occurs starting connectors. (remm) + </fix> </changelog> </subsection> <subsection name="Coyote">

15 years, 8 months

1
0
0 / 0

JBossWeb SVN: r743 - in trunk: java/org/apache/catalina/core and 2 other directories.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2008-08-18 00:04:18 -0400 (Mon, 18 Aug 2008) New Revision: 743 Modified: trunk/bin/catalina.sh trunk/java/org/apache/catalina/core/StandardHost.java trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java trunk/java/org/apache/catalina/realm/JAASRealm.java trunk/webapps/docs/changelog.xml Log: - Port 3 Tomcat patches, most notably JAAS realm additions. Modified: trunk/bin/catalina.sh =================================================================== --- trunk/bin/catalina.sh 2008-08-13 17:13:12 UTC (rev 742) +++ trunk/bin/catalina.sh 2008-08-18 04:04:18 UTC (rev 743) @@ -183,6 +183,9 @@ if [ -r "$CATALINA_BASE"/conf/logging.properties ]; then JAVA_OPTS="$JAVA_OPTS -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager" LOGGING_CONFIG="-Djava.util.logging.config.file=$CATALINA_BASE/conf/logging.properties" +else + # Bugzilla 45585 + LOGGING_CONFIG="-Dnop" fi # ----- Execute The Requested Command ----------------------------------------- @@ -225,7 +228,7 @@ if [ "$1" = "-security" ] ; then echo "Using Security Manager" shift - exec "$_RUNJDB" $JAVA_OPTS "$LOGGING_CONFIG" $CATALINA_OPTS \ + exec "$_RUNJDB" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ -sourcepath "$CATALINA_HOME"/../../java \ -Djava.security.manager \ @@ -235,7 +238,7 @@ -Djava.io.tmpdir="$CATALINA_TMPDIR" \ org.apache.catalina.startup.Bootstrap "$@" start else - exec "$_RUNJDB" $JAVA_OPTS "$LOGGING_CONFIG" $CATALINA_OPTS \ + exec "$_RUNJDB" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ -sourcepath "$CATALINA_HOME"/../../java \ -Dcatalina.base="$CATALINA_BASE" \ @@ -251,7 +254,7 @@ if [ "$1" = "-security" ] ; then echo "Using Security Manager" shift - exec "$_RUNJAVA" $JAVA_OPTS "$LOGGING_CONFIG" $CATALINA_OPTS \ + exec "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ -Djava.security.manager \ -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \ @@ -260,7 +263,7 @@ -Djava.io.tmpdir="$CATALINA_TMPDIR" \ org.apache.catalina.startup.Bootstrap "$@" start else - exec "$_RUNJAVA" $JAVA_OPTS "$LOGGING_CONFIG" $CATALINA_OPTS \ + exec "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ -Dcatalina.base="$CATALINA_BASE" \ -Dcatalina.home="$CATALINA_HOME" \ @@ -275,7 +278,7 @@ if [ "$1" = "-security" ] ; then echo "Using Security Manager" shift - "$_RUNJAVA" $JAVA_OPTS "$LOGGING_CONFIG" $CATALINA_OPTS \ + "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ -Djava.security.manager \ -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \ @@ -289,7 +292,7 @@ echo $! > $CATALINA_PID fi else - "$_RUNJAVA" $JAVA_OPTS "$LOGGING_CONFIG" $CATALINA_OPTS \ + "$_RUNJAVA" "$LOGGING_CONFIG" $JAVA_OPTS $CATALINA_OPTS \ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ -Dcatalina.base="$CATALINA_BASE" \ -Dcatalina.home="$CATALINA_HOME" \ @@ -354,4 +357,4 @@ echo " version What version of tomcat are you running?" exit 1 -fi \ No newline at end of file +fi Modified: trunk/java/org/apache/catalina/core/StandardHost.java =================================================================== --- trunk/java/org/apache/catalina/core/StandardHost.java 2008-08-13 17:13:12 UTC (rev 742) +++ trunk/java/org/apache/catalina/core/StandardHost.java 2008-08-18 04:04:18 UTC (rev 743) @@ -706,7 +706,7 @@ } catch (Throwable t) { log.error(sm.getString ("standardHost.invalidErrorReportValveClass", - errorReportValveClass)); + errorReportValveClass), t); } } if(log.isDebugEnabled()) { Modified: trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java =================================================================== --- trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java 2008-08-13 17:13:12 UTC (rev 742) +++ trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java 2008-08-18 04:04:18 UTC (rev 743) @@ -24,11 +24,10 @@ import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.TextInputCallback; import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.catalina.util.StringManager; -import org.jboss.logging.Logger; -import org.jboss.logging.Logger; /** * Implementation of the JAAS <code>CallbackHandler</code> interface, @@ -49,7 +48,6 @@ */ public class JAASCallbackHandler implements CallbackHandler { - private static Logger log = Logger.getLogger(JAASCallbackHandler.class); // ------------------------------------------------------------ Constructor @@ -78,6 +76,35 @@ } } + + /** + * Construct a callback handler for DIGEST authentication. + * + * @param realm Our associated JAASRealm instance + * @param username Username to be authenticated with + * @param password Password to be authenticated with + * @param nonce Server generated nonce + * @param nc Nonce count + * @param cnonce Client generated nonce + * @param qop Quality of protection aplied to the message + * @param realmName Realm name + * @param md5a2 Second MD5 digest used to calculate the digest + * MD5(Method + ":" + uri) + * @param authMethod The authentication mehtod in use + */ + public JAASCallbackHandler(JAASRealm realm, String username, + String password, String nonce, String nc, + String cnonce, String qop, String realmName, + String md5a2, String authMethod) { + this(realm, username, password); + this.nonce = nonce; + this.nc = nc; + this.cnonce = cnonce; + this.qop = qop; + this.realmName = realmName; + this.md5a2 = md5a2; + this.authMethod = authMethod; + } // ----------------------------------------------------- Instance Variables @@ -98,20 +125,55 @@ */ protected JAASRealm realm = null; - /** * The username to be authenticated with. */ protected String username = null; + /** + * Server generated nonce. + */ + protected String nonce = null; + + /** + * Nonce count. + */ + protected String nc = null; + + /** + * Client generated nonce. + */ + protected String cnonce = null; + /** + * Quality of protection aplied to the message. + */ + protected String qop; + + /** + * Realm name. + */ + protected String realmName; + + /** + * Second MD5 digest. + */ + protected String md5a2; + + /** + * The authentication methdod to be used. If null, assume BASIC/FORM. + */ + protected String authMethod; + // --------------------------------------------------------- Public Methods /** * Retrieve the information requested in the provided <code>Callbacks</code>. - * This implementation only recognizes <code>NameCallback</code> and - * <code>PasswordCallback</code> instances. + * This implementation only recognizes {@link NameCallback}, + * {@link PasswordCallback} and {@link TextInputCallback}. + * {@link TextInputCallback} is ued to pass the various additional + * parameters required for DIGEST authentication. * * @param callbacks The set of <code>Callback</code>s to be processed * @@ -137,6 +199,25 @@ } ((PasswordCallback) callbacks[i]).setPassword (passwordcontents); + } else if (callbacks[i] instanceof TextInputCallback) { + TextInputCallback cb = ((TextInputCallback) callbacks[i]); + if (cb.getPrompt().equals("nonce")) { + cb.setText(nonce); + } else if (cb.getPrompt().equals("nc")) { + cb.setText(nc); + } else if (cb.getPrompt().equals("cnonce")) { + cb.setText(cnonce); + } else if (cb.getPrompt().equals("qop")) { + cb.setText(qop); + } else if (cb.getPrompt().equals("realmName")) { + cb.setText(realmName); + } else if (cb.getPrompt().equals("md5a2")) { + cb.setText(md5a2); + } else if (cb.getPrompt().equals("authMethod")) { + cb.setText(authMethod); + } else { + throw new UnsupportedCallbackException(callbacks[i]); + } } else { throw new UnsupportedCallbackException(callbacks[i]); } Modified: trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java =================================================================== --- trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java 2008-08-13 17:13:12 UTC (rev 742) +++ trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java 2008-08-18 04:04:18 UTC (rev 743) @@ -31,6 +31,7 @@ import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.TextInputCallback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.FailedLoginException; import javax.security.auth.login.LoginException; @@ -38,13 +39,13 @@ import org.apache.catalina.Context; import org.apache.catalina.Realm; +import org.apache.catalina.authenticator.Constants; import org.apache.catalina.connector.Request; import org.apache.catalina.deploy.SecurityConstraint; import org.apache.catalina.util.RequestUtil; import org.apache.catalina.util.StringManager; import org.apache.tomcat.util.digester.Digester; import org.jboss.logging.Logger; -import org.jboss.logging.Logger; /** @@ -194,8 +195,19 @@ return (false); // Add our Principal to the Subject if needed - if (!subject.getPrincipals().contains(principal)) + if (!subject.getPrincipals().contains(principal)) { subject.getPrincipals().add(principal); + // Add the roles as additional sudjucts as per the contract with the + // JAASRealm + if (principal instanceof GenericPrincipal) { + String roles[] = ((GenericPrincipal) principal).getRoles(); + for (int i = 0; i < roles.length; i++) { + subject.getPrincipals().add( + new GenericPrincipal(null, roles[i], null)); + } + + } + } committed = true; return (true); @@ -212,7 +224,7 @@ */ public SecurityConstraint [] findSecurityConstraints(Request request, Context context) { - ArrayList results = null; + ArrayList<SecurityConstraint> results = null; // Are there any defined security constraints? SecurityConstraint constraints[] = context.findConstraints(); if ((constraints == null) || (constraints.length == 0)) { @@ -235,7 +247,7 @@ constraints[i].included(uri, method)); if (constraints[i].included(uri, method)) { if(results == null) { - results = new ArrayList(); + results = new ArrayList<SecurityConstraint>(); } results.add(constraints[i]); } @@ -298,18 +310,40 @@ // Set up our CallbackHandler requests if (callbackHandler == null) throw new LoginException("No CallbackHandler specified"); - Callback callbacks[] = new Callback[2]; + Callback callbacks[] = new Callback[9]; callbacks[0] = new NameCallback("Username: "); callbacks[1] = new PasswordCallback("Password: ", false); + callbacks[2] = new TextInputCallback("nonce"); + callbacks[3] = new TextInputCallback("nc"); + callbacks[4] = new TextInputCallback("cnonce"); + callbacks[5] = new TextInputCallback("qop"); + callbacks[6] = new TextInputCallback("realmName"); + callbacks[7] = new TextInputCallback("md5a2"); + callbacks[8] = new TextInputCallback("authMethod"); // Interact with the user to retrieve the username and password String username = null; String password = null; + String nonce = null; + String nc = null; + String cnonce = null; + String qop = null; + String realmName = null; + String md5a2 = null; + String authMethod = null; + try { callbackHandler.handle(callbacks); username = ((NameCallback) callbacks[0]).getName(); password = new String(((PasswordCallback) callbacks[1]).getPassword()); + nonce = ((TextInputCallback) callbacks[2]).getText(); + nc = ((TextInputCallback) callbacks[3]).getText(); + cnonce = ((TextInputCallback) callbacks[4]).getText(); + qop = ((TextInputCallback) callbacks[5]).getText(); + realmName = ((TextInputCallback) callbacks[6]).getText(); + md5a2 = ((TextInputCallback) callbacks[7]).getText(); + authMethod = ((TextInputCallback) callbacks[8]).getText(); } catch (IOException e) { throw new LoginException(e.toString()); } catch (UnsupportedCallbackException e) { @@ -317,7 +351,17 @@ } // Validate the username and password we have received - principal = super.authenticate(username, password); + if (authMethod == null) { + // BASIC or FORM + principal = super.authenticate(username, password); + } else if (authMethod.equals(Constants.DIGEST_METHOD)) { + principal = super.authenticate(username, password, nonce, nc, + cnonce, qop, realmName, md5a2); + } else if (authMethod.equals(Constants.CERT_METHOD)) { + principal = super.getPrincipal(username); + } else { + throw new LoginException("Unknown authentication method"); + } log.debug("login " + username + " " + principal); Modified: trunk/java/org/apache/catalina/realm/JAASRealm.java =================================================================== --- trunk/java/org/apache/catalina/realm/JAASRealm.java 2008-08-13 17:13:12 UTC (rev 742) +++ trunk/java/org/apache/catalina/realm/JAASRealm.java 2008-08-18 04:04:18 UTC (rev 743) @@ -25,6 +25,7 @@ import java.util.List; import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.AccountExpiredException; import javax.security.auth.login.CredentialExpiredException; import javax.security.auth.login.FailedLoginException; @@ -33,12 +34,13 @@ import org.apache.catalina.Container; import org.apache.catalina.LifecycleException; +import org.apache.catalina.authenticator.Constants; import org.apache.catalina.util.StringManager; import org.jboss.logging.Logger; /** - * Implmentation of Realm that authenticates users via the Java + * Implementation of Realm that authenticates users via the Java * Authentication and Authorization Service (JAAS). JAAS support requires * either JDK 1.4 (which includes it as part of the standard platform) or * JDK 1.3 (with the plug-in <code>jaas.jar</code> file). @@ -213,7 +215,7 @@ * @return The value of useContextClassLoader */ public boolean isUseContextClassLoader() { - return useContextClassLoader; + return useContextClassLoader; } public void setContainer(Container container) { @@ -309,20 +311,56 @@ /** - * Return the <code>Principal</code> associated with the specified username and - * credentials, if there is one; otherwise return <code>null</code>. + * Return the <code>Principal</code> associated with the specified username + * and credentials, if there is one; otherwise return <code>null</code>. * - * If there are any errors with the JDBC connection, executing - * the query or anything we return null (don't authenticate). This - * event is also logged, and the connection will be closed so that - * a subsequent request will automatically re-open it. - * * @param username Username of the <code>Principal</code> to look up * @param credentials Password or other credentials to use in * authenticating this username */ public Principal authenticate(String username, String credentials) { + return authenticate(username, + new JAASCallbackHandler(this, username, credentials)); + } + + /** + * Return the <code>Principal</code> associated with the specified username + * and digest, if there is one; otherwise return <code>null</code>. + * + * @param username Username of the <code>Principal</code> to look up + * @param clientDigest Digest to use in authenticating this username + * @param nonce Server generated nonce + * @param nc Nonce count + * @param cnonce Client generated nonce + * @param qop Quality of protection aplied to the message + * @param realmName Realm name + * @param md5a2 Second MD5 digest used to calculate the digest + * MD5(Method + ":" + uri) + * @param authMethod The authentication scheme in use + */ + public Principal authenticate(String username, String clientDigest, + String nonce, String nc, String cnonce, String qop, + String realmName, String md5a2) { + return authenticate(username, + new JAASCallbackHandler(this, username, clientDigest, nonce, + nc, cnonce, qop, realmName, md5a2, + Constants.DIGEST_METHOD)); + } + + + // -------------------------------------------------------- Package Methods + + + // ------------------------------------------------------ Protected Methods + + + /** + * Perform the actual JAAS authentication + */ + protected Principal authenticate(String username, + CallbackHandler callbackHandler) { + // Establish a LoginContext to use for authentication try { LoginContext loginContext = null; @@ -341,9 +379,7 @@ } try { - loginContext = new LoginContext - (appName, new JAASCallbackHandler(this, username, - credentials)); + loginContext = new LoginContext(appName, callbackHandler); } catch (Throwable e) { log.error(sm.getString("jaasRealm.unexpectedError"), e); return (null); @@ -405,14 +441,7 @@ return null; } } - - // -------------------------------------------------------- Package Methods - - - // ------------------------------------------------------ Protected Methods - - /** * Return a short name for this <code>Realm</code> implementation. */ @@ -424,7 +453,9 @@ /** - * Return the password associated with the given principal's user name. + * Return the password associated with the given principal's user name. This + * always returns null as the JAASRealm has no way of obtaining this + * information. */ protected String getPassword(String username) { @@ -438,7 +469,9 @@ */ protected Principal getPrincipal(String username) { - return (null); + return authenticate(username, + new JAASCallbackHandler(this, username, null, null, null, null, + null, null, null, Constants.CERT_METHOD)); } Modified: trunk/webapps/docs/changelog.xml =================================================================== --- trunk/webapps/docs/changelog.xml 2008-08-13 17:13:12 UTC (rev 742) +++ trunk/webapps/docs/changelog.xml 2008-08-18 04:04:18 UTC (rev 743) @@ -28,6 +28,20 @@ <add> New embedded API (startup.Tomcat class). (remm) </add> + <add> + <bug>45576</bug>: Add DIGEST support to the JAAS Realm. (markt) + </add> + <fix> + <bug>45585</bug>: Allow Tomcat to start if using + <code>$CATALINA_BASE</code> but not JULI. Patch based on a suggestion by + Ian Ward Comfort. (markt) + </fix> + <fix> + The JAAS Realm did not assign roles to authenticated users. (markt) + </fix> + <add> + <bug>41407</bug>: Add support for CLIENT-CERT to the JASS Realm. (markt) + </add> </changelog> </subsection> <subsection name="Coyote">

15 years, 8 months

1
0
0 / 0

JBossWeb SVN: r742 - in trunk: webapps/docs and 1 other directory.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2008-08-13 13:13:12 -0400 (Wed, 13 Aug 2008) New Revision: 742 Modified: trunk/java/org/apache/coyote/http11/Http11AprProcessor.java trunk/webapps/docs/changelog.xml Log: - Fix problem when calling resume() during a begin event (either directly or using close()). - Always recycle all flags, as it can cause state problems otherwise in rare cases. Modified: trunk/java/org/apache/coyote/http11/Http11AprProcessor.java =================================================================== --- trunk/java/org/apache/coyote/http11/Http11AprProcessor.java 2008-08-11 13:55:10 UTC (rev 741) +++ trunk/java/org/apache/coyote/http11/Http11AprProcessor.java 2008-08-13 17:13:12 UTC (rev 742) @@ -328,7 +328,7 @@ protected boolean readNotifications = true; protected boolean writeNotification = false; protected boolean resumeNotification = false; - protected boolean cometProcessing = false; + protected boolean cometProcessing = true; // ------------------------------------------------------------- Properties @@ -793,13 +793,11 @@ if (error) { inputBuffer.nextRequest(); outputBuffer.nextRequest(); - recycleComet(); recycle(); return SocketState.CLOSED; } else if (!comet) { boolean pipelined = inputBuffer.nextRequest(); outputBuffer.nextRequest(); - recycleComet(); recycle(); return (pipelined) ? SocketState.CLOSED : SocketState.OPEN; } else { @@ -962,6 +960,7 @@ recycle(); return SocketState.CLOSED; } else { + cometProcessing = false; return SocketState.LONG; } } else { @@ -1001,15 +1000,11 @@ inputBuffer.recycle(); outputBuffer.recycle(); this.socket = 0; - } - - - public void recycleComet() { cometTimeout = -1; readNotifications = true; writeNotification = false; resumeNotification = false; - cometProcessing = false; + cometProcessing = true; } Modified: trunk/webapps/docs/changelog.xml =================================================================== --- trunk/webapps/docs/changelog.xml 2008-08-11 13:55:10 UTC (rev 741) +++ trunk/webapps/docs/changelog.xml 2008-08-13 17:13:12 UTC (rev 742) @@ -30,6 +30,14 @@ </add> </changelog> </subsection> + <subsection name="Coyote"> + <changelog> + <fix> + Consider that a normal request is Comet (it is possible to get a resume before + officially going into Comet mode). (remm) + </fix> + </changelog> + </subsection> <subsection name="Jasper"> <changelog> <fix>

15 years, 8 months

1
0
0 / 0

JBossWeb SVN: r741 - in trunk: java/org/apache/jasper and 3 other directories.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2008-08-11 09:55:10 -0400 (Mon, 11 Aug 2008) New Revision: 741 Added: trunk/java/org/apache/jasper/compiler/JCICompiler.java trunk/lib/commons-jci-core-1.0.jar Modified: trunk/.classpath trunk/java/org/apache/jasper/JspCompilationContext.java trunk/webapps/docs/changelog.xml Log: - Add JCI support (not functional though, JCI is not usable at the moment). Modified: trunk/.classpath =================================================================== --- trunk/.classpath 2008-08-05 13:28:49 UTC (rev 740) +++ trunk/.classpath 2008-08-11 13:55:10 UTC (rev 741) @@ -5,5 +5,6 @@ <classpathentry kind="lib" path="lib/jboss-jaxrpc.jar"/> <classpathentry kind="lib" path="lib/mail.jar"/> <classpathentry kind="lib" path="lib/wsdl4j.jar"/> + <classpathentry kind="lib" path="lib/commons-jci-core-1.0.jar"/> <classpathentry kind="output" path=".settings/output"/> </classpath> Modified: trunk/java/org/apache/jasper/JspCompilationContext.java =================================================================== --- trunk/java/org/apache/jasper/JspCompilationContext.java 2008-08-05 13:28:49 UTC (rev 740) +++ trunk/java/org/apache/jasper/JspCompilationContext.java 2008-08-11 13:55:10 UTC (rev 741) @@ -218,6 +218,11 @@ if (jspCompiler == null) { jspCompiler = createCompiler("org.apache.jasper.compiler.AntCompiler"); } + } else if (options.getCompiler().startsWith("jci:")) { + jspCompiler = createCompiler("org.apache.jasper.compiler.JCICompiler"); + if (jspCompiler == null) { + jspCompiler = createCompiler("org.apache.jasper.compiler.JDTCompiler"); + } } else { jspCompiler = createCompiler("org.apache.jasper.compiler.AntCompiler"); if (jspCompiler == null) { @@ -241,13 +246,9 @@ } catch (IllegalAccessException e) { log.warn(Localizer.getMessage("jsp.error.compiler"), e); } catch (NoClassDefFoundError e) { - if (log.isDebugEnabled()) { - log.debug(Localizer.getMessage("jsp.error.compiler"), e); - } + log.info(Localizer.getMessage("jsp.error.compiler"), e); } catch (ClassNotFoundException e) { - if (log.isDebugEnabled()) { - log.debug(Localizer.getMessage("jsp.error.compiler"), e); - } + log.info(Localizer.getMessage("jsp.error.compiler"), e); } return compiler; } Added: trunk/java/org/apache/jasper/compiler/JCICompiler.java =================================================================== --- trunk/java/org/apache/jasper/compiler/JCICompiler.java (rev 0) +++ trunk/java/org/apache/jasper/compiler/JCICompiler.java 2008-08-11 13:55:10 UTC (rev 741) @@ -0,0 +1,137 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.jasper.compiler; + +import java.io.File; +import java.io.FileNotFoundException; +import java.util.ArrayList; + +import org.apache.commons.jci.compilers.CompilationResult; +import org.apache.commons.jci.compilers.JavaCompiler; +import org.apache.commons.jci.compilers.JavaCompilerFactory; +import org.apache.commons.jci.compilers.JavaCompilerSettings; +import org.apache.commons.jci.problems.CompilationProblem; +import org.apache.commons.jci.readers.FileResourceReader; +import org.apache.commons.jci.stores.FileResourceStore; +import org.apache.jasper.JasperException; + +/** + * JDT class compiler. This compiler will load source dependencies from the + * context classloader, reducing dramatically disk access during + * the compilation process. + * + * @author Cocoon2 + * @author Remy Maucherat + */ +public class JCICompiler extends org.apache.jasper.compiler.Compiler { + + + /** + * Compile the servlet from .java file to .class file + */ + protected void generateClass(String[] smap) + throws FileNotFoundException, JasperException, Exception { + + long t1 = 0; + if (log.isDebugEnabled()) { + t1 = System.currentTimeMillis(); + } + + String packageName = ctxt.getServletPackageName(); + ClassLoader classLoader = ctxt.getJspLoader(); + + String targetResource = (((packageName.length() != 0) ? (packageName + ".") : "") + + ctxt.getServletClassName()).replace('.', '/') + ".java"; + String[] resources = new String[] {targetResource}; + + JavaCompiler javaCompiler = (new JavaCompilerFactory()).createCompiler(options.getCompiler().substring(4)); + FileResourceReader reader = new FileResourceReader(ctxt.getOptions().getScratchDir()); + FileResourceStore store = new FileResourceStore(ctxt.getOptions().getScratchDir()); + JavaCompilerSettings settings = javaCompiler.createDefaultSettings(); + if (settings == null) { + settings = new JavaCompilerSettings(); + } + settings.setDeprecations(false); + if (ctxt.getOptions().getJavaEncoding() != null) { + settings.setSourceEncoding(ctxt.getOptions().getJavaEncoding()); + } + if (ctxt.getOptions().getClassDebugInfo()) { + // No support + } + // Source JVM + if (ctxt.getOptions().getCompilerSourceVM() != null) { + settings.setSourceVersion(ctxt.getOptions().getCompilerSourceVM()); + } else { + // Default to 1.5 + settings.setSourceVersion("1.5"); + } + // Target JVM + if (ctxt.getOptions().getCompilerTargetVM() != null) { + settings.setTargetVersion(ctxt.getOptions().getCompilerTargetVM()); + } else { + // Default to 1.5 + settings.setTargetVersion("1.5"); + } + + CompilationResult result = javaCompiler.compile(resources, reader, store, classLoader, settings); + + ArrayList<JavacErrorDetail> problemList = new ArrayList<JavacErrorDetail>(); + CompilationProblem[] problems = result.getErrors(); + if (problems != null) { + try { + for (int i = 0; i < problems.length; i++) { + CompilationProblem problem = problems[i]; + problemList.add(ErrorDispatcher.createJavacError + (problem.getFileName(), pageNodes, new StringBuffer(problem.getMessage()), + problem.getStartLine(), ctxt)); + } + } catch (JasperException e) { + log.error("Error visiting node", e); + } + } + + if (!ctxt.keepGenerated()) { + File javaFile = new File(ctxt.getServletJavaFileName()); + javaFile.delete(); + } + + if (!problemList.isEmpty()) { + JavacErrorDetail[] jeds = + (JavacErrorDetail[]) problemList.toArray(new JavacErrorDetail[0]); + errDispatcher.javacError(jeds); + } + + if( log.isDebugEnabled() ) { + long t2=System.currentTimeMillis(); + log.debug("Compiled " + ctxt.getServletJavaFileName() + " " + + (t2-t1) + "ms"); + } + + if (ctxt.isPrototypeMode()) { + return; + } + + // JSR45 Support + if (! options.isSmapSuppressed()) { + SmapUtil.installSmap(smap); + } + + } + + +} Added: trunk/lib/commons-jci-core-1.0.jar =================================================================== (Binary files differ) Property changes on: trunk/lib/commons-jci-core-1.0.jar ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Modified: trunk/webapps/docs/changelog.xml =================================================================== --- trunk/webapps/docs/changelog.xml 2008-08-05 13:28:49 UTC (rev 740) +++ trunk/webapps/docs/changelog.xml 2008-08-11 13:55:10 UTC (rev 741) @@ -35,6 +35,9 @@ <fix> <bug>45511</bug>: New fix for 42565. (markt) </fix> + <add> + <jira>108</jira>: Experimental support for JCI. (remm) + </add> </changelog> </subsection> </section>

15 years, 9 months

1
0
0 / 0

JBossWeb SVN: r740 - branches/2.0.x/src/share/classes/org/apache/catalina/connector.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2008-08-05 09:28:49 -0400 (Tue, 05 Aug 2008) New Revision: 740 Modified: branches/2.0.x/src/share/classes/org/apache/catalina/connector/CoyoteAdapter.java Log: - CVE-2008-2938: Additional URI decoding checks. Modified: branches/2.0.x/src/share/classes/org/apache/catalina/connector/CoyoteAdapter.java =================================================================== --- branches/2.0.x/src/share/classes/org/apache/catalina/connector/CoyoteAdapter.java 2008-08-05 13:28:16 UTC (rev 739) +++ branches/2.0.x/src/share/classes/org/apache/catalina/connector/CoyoteAdapter.java 2008-08-05 13:28:49 UTC (rev 740) @@ -380,6 +380,12 @@ } // Character decoding convertURI(decodedURI, request); + // Check that the URI is still normalized + if (!checkNormalize(req.decodedURI())) { + res.setStatus(400); + res.setMessage("Invalid URI character encoding"); + return false; + } } else { // The URL is chars or String, and has been sent using an in-memory // protocol handler, we have to assume the URL has been properly @@ -744,6 +750,67 @@ } + /** + * Check that the URI is normalized following character decoding. + * + * This method checks for "\", 0, "//", "/./" and "/../". This method will + * return false if sequences that are supposed to be normalized are still + * present in the URI. + * + * @param uriMB URI to be checked (should be chars) + */ + public static boolean checkNormalize(MessageBytes uriMB) { + + CharChunk uriCC = uriMB.getCharChunk(); + char[] c = uriCC.getChars(); + int start = uriCC.getStart(); + int end = uriCC.getEnd(); + + int pos = 0; + + // Check for '\' and 0 + for (pos = start; pos < end; pos++) { + if (c[pos] == '\\') { + return false; + } + if (c[pos] == 0) { + return false; + } + } + + // Check for "//" + for (pos = start; pos < (end - 1); pos++) { + if (c[pos] == '/') { + if (c[pos + 1] == '/') { + return false; + } + } + } + + // Check for ending with "/." or "/.." + if (((end - start) >= 2) && (c[end - 1] == '.')) { + if ((c[end - 2] == '/') + || ((c[end - 2] == '.') + && (c[end - 3] == '/'))) { + return false; + } + } + + // Check for "/./" + if (uriCC.indexOf("/./", 0, 3, 0) >= 0) { + return false; + } + + // Check for "/../" + if (uriCC.indexOf("/../", 0, 4, 0) >= 0) { + return false; + } + + return true; + + } + + // ------------------------------------------------------ Protected Methods

15 years, 9 months

1
0
0 / 0

JBossWeb SVN: r739 - branches/2.0.x/src/share/classes/org/apache/catalina/core.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2008-08-05 09:28:16 -0400 (Tue, 05 Aug 2008) New Revision: 739 Modified: branches/2.0.x/src/share/classes/org/apache/catalina/core/ApplicationContext.java Log: - CVE-2008-2370: Request dispatcher query string. Modified: branches/2.0.x/src/share/classes/org/apache/catalina/core/ApplicationContext.java =================================================================== --- branches/2.0.x/src/share/classes/org/apache/catalina/core/ApplicationContext.java 2008-08-05 13:24:00 UTC (rev 738) +++ branches/2.0.x/src/share/classes/org/apache/catalina/core/ApplicationContext.java 2008-08-05 13:28:16 UTC (rev 739) @@ -368,10 +368,21 @@ throw new IllegalArgumentException (sm.getString ("applicationContext.requestDispatcher.iae", path)); + + // Get query string + String queryString = null; + int pos = path.indexOf('?'); + if (pos >= 0) { + queryString = path.substring(pos + 1); + path = path.substring(0, pos); + } + path = normalize(path); if (path == null) return (null); + pos = path.length(); + // Use the thread local URI and mapping data DispatchData dd = dispatchData.get(); if (dd == null) { @@ -381,15 +392,6 @@ MessageBytes uriMB = dd.uriMB; uriMB.recycle(); - - // Get query string - String queryString = null; - int pos = path.indexOf('?'); - if (pos >= 0) { - queryString = path.substring(pos + 1); - } else { - pos = path.length(); - } // Use the thread local mapping data MappingData mappingData = dd.mappingData;

15 years, 9 months

1
0
0 / 0

JBossWeb SVN: r738 - in branches/2.0.x/src/share/classes/org/apache: coyote and 2 other directories.

by jbossweb-commits＠lists.jboss.org

Author: remy.maucherat(a)jboss.com Date: 2008-08-05 09:24:00 -0400 (Tue, 05 Aug 2008) New Revision: 738 Modified: branches/2.0.x/src/share/classes/org/apache/catalina/core/StandardContextValve.java branches/2.0.x/src/share/classes/org/apache/coyote/Constants.java branches/2.0.x/src/share/classes/org/apache/coyote/ajp/AjpAprProcessor.java branches/2.0.x/src/share/classes/org/apache/coyote/ajp/AjpProcessor.java branches/2.0.x/src/share/classes/org/apache/coyote/http11/InternalAprOutputBuffer.java branches/2.0.x/src/share/classes/org/apache/coyote/http11/InternalNioOutputBuffer.java branches/2.0.x/src/share/classes/org/apache/coyote/http11/InternalOutputBuffer.java Log: - CVE-2008-1232: XSS in error messages. Modified: branches/2.0.x/src/share/classes/org/apache/catalina/core/StandardContextValve.java =================================================================== --- branches/2.0.x/src/share/classes/org/apache/catalina/core/StandardContextValve.java 2008-08-05 13:10:55 UTC (rev 737) +++ branches/2.0.x/src/share/classes/org/apache/catalina/core/StandardContextValve.java 2008-08-05 13:24:00 UTC (rev 738) @@ -120,8 +120,7 @@ || (requestPathMB.equalsIgnoreCase("/META-INF")) || (requestPathMB.startsWithIgnoreCase("/WEB-INF/", 0)) || (requestPathMB.equalsIgnoreCase("/WEB-INF"))) { - String requestURI = request.getDecodedRequestURI(); - notFound(requestURI, response); + notFound(response); return; } @@ -137,8 +136,7 @@ // Select the Wrapper to be used for this Request Wrapper wrapper = request.getWrapper(); if (wrapper == null) { - String requestURI = request.getDecodedRequestURI(); - notFound(requestURI, response); + notFound(response); return; } @@ -289,10 +287,10 @@ * @param requestURI The request URI for the requested resource * @param response The response we are creating */ - private void notFound(String requestURI, HttpServletResponse response) { + private void notFound(HttpServletResponse response) { try { - response.sendError(HttpServletResponse.SC_NOT_FOUND, requestURI); + response.sendError(HttpServletResponse.SC_NOT_FOUND); } catch (IllegalStateException e) { ; } catch (IOException e) { Modified: branches/2.0.x/src/share/classes/org/apache/coyote/Constants.java =================================================================== --- branches/2.0.x/src/share/classes/org/apache/coyote/Constants.java 2008-08-05 13:10:55 UTC (rev 737) +++ branches/2.0.x/src/share/classes/org/apache/coyote/Constants.java 2008-08-05 13:24:00 UTC (rev 738) @@ -60,5 +60,13 @@ (System.getSecurityManager() != null); + /** + * If true, custom HTTP status messages will be used in headers. + */ + public static final boolean USE_CUSTOM_STATUS_MSG_IN_HEADER = + Boolean.valueOf(System.getProperty( + "org.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER", + "false")).booleanValue(); + } Modified: branches/2.0.x/src/share/classes/org/apache/coyote/ajp/AjpAprProcessor.java =================================================================== --- branches/2.0.x/src/share/classes/org/apache/coyote/ajp/AjpAprProcessor.java 2008-08-05 13:10:55 UTC (rev 737) +++ branches/2.0.x/src/share/classes/org/apache/coyote/ajp/AjpAprProcessor.java 2008-08-05 13:24:00 UTC (rev 738) @@ -917,7 +917,10 @@ // HTTP header contents responseHeaderMessage.appendInt(response.getStatus()); - String message = response.getMessage(); + String message = null; + if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) { + message = response.getMessage(); + } if (message == null){ message = HttpMessages.getMessage(response.getStatus()); } else { Modified: branches/2.0.x/src/share/classes/org/apache/coyote/ajp/AjpProcessor.java =================================================================== --- branches/2.0.x/src/share/classes/org/apache/coyote/ajp/AjpProcessor.java 2008-08-05 13:10:55 UTC (rev 737) +++ branches/2.0.x/src/share/classes/org/apache/coyote/ajp/AjpProcessor.java 2008-08-05 13:24:00 UTC (rev 738) @@ -923,7 +923,10 @@ // HTTP header contents responseHeaderMessage.appendInt(response.getStatus()); - String message = response.getMessage(); + String message = null; + if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) { + message = response.getMessage(); + } if (message == null){ message = HttpMessages.getMessage(response.getStatus()); } else { Modified: branches/2.0.x/src/share/classes/org/apache/coyote/http11/InternalAprOutputBuffer.java =================================================================== --- branches/2.0.x/src/share/classes/org/apache/coyote/http11/InternalAprOutputBuffer.java 2008-08-05 13:10:55 UTC (rev 737) +++ branches/2.0.x/src/share/classes/org/apache/coyote/http11/InternalAprOutputBuffer.java 2008-08-05 13:24:00 UTC (rev 738) @@ -421,11 +421,14 @@ buf[pos++] = Constants.SP; // Write message - String message = response.getMessage(); + String message = null; + if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) { + message = response.getMessage(); + } if (message == null) { write(HttpMessages.getMessage(status)); } else { - write(message); + write(message.replace('\n', ' ').replace('\r', ' ')); } // End the response status line Modified: branches/2.0.x/src/share/classes/org/apache/coyote/http11/InternalNioOutputBuffer.java =================================================================== --- branches/2.0.x/src/share/classes/org/apache/coyote/http11/InternalNioOutputBuffer.java 2008-08-05 13:10:55 UTC (rev 737) +++ branches/2.0.x/src/share/classes/org/apache/coyote/http11/InternalNioOutputBuffer.java 2008-08-05 13:24:00 UTC (rev 738) @@ -471,11 +471,14 @@ buf[pos++] = Constants.SP; // Write message - String message = response.getMessage(); + String message = null; + if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) { + message = response.getMessage(); + } if (message == null) { write(HttpMessages.getMessage(status)); } else { - write(message); + write(message.replace('\n', ' ').replace('\r', ' ')); } // End the response status line Modified: branches/2.0.x/src/share/classes/org/apache/coyote/http11/InternalOutputBuffer.java =================================================================== --- branches/2.0.x/src/share/classes/org/apache/coyote/http11/InternalOutputBuffer.java 2008-08-05 13:10:55 UTC (rev 737) +++ branches/2.0.x/src/share/classes/org/apache/coyote/http11/InternalOutputBuffer.java 2008-08-05 13:24:00 UTC (rev 738) @@ -438,11 +438,14 @@ buf[pos++] = Constants.SP; // Write message - String message = response.getMessage(); + String message = null; + if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) { + message = response.getMessage(); + } if (message == null) { write(getMessage(status)); } else { - write(message); + write(message.replace('\n', ' ').replace('\r', ' ')); } // End the response status line

15 years, 9 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

jbossweb-commits August 2008