JBossWeb SVN: r1988 - in trunk: java/org/apache/tomcat/util/http and 1 other directories.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2012-02-29 08:56:29 -0500 (Wed, 29 Feb 2012)
New Revision: 1988
Added:
trunk/java/org/apache/tomcat/util/http/LocalStrings.properties
Modified:
trunk/java/org/apache/coyote/Request.java
trunk/java/org/apache/tomcat/util/http/Parameters.java
trunk/webapps/docs/changelog.xml
Log:
AS7-3898: Move back to Tomcat code because the new code GC friendly characteristics were not useful in practice, and
it remains worse in profiling.
Modified: trunk/java/org/apache/coyote/Request.java
===================================================================
--- trunk/java/org/apache/coyote/Request.java 2012-02-29 08:29:01 UTC (rev 1987)
+++ trunk/java/org/apache/coyote/Request.java 2012-02-29 13:56:29 UTC (rev 1988)
@@ -73,7 +73,6 @@
parameters.setQuery(queryMB);
parameters.setURLDecoder(urlDecoder);
- parameters.setHeaders(headers);
}
Added: trunk/java/org/apache/tomcat/util/http/LocalStrings.properties
===================================================================
--- trunk/java/org/apache/tomcat/util/http/LocalStrings.properties (rev 0)
+++ trunk/java/org/apache/tomcat/util/http/LocalStrings.properties 2012-02-29 13:56:29 UTC (rev 1988)
@@ -0,0 +1,31 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+parameters.bytes=Start processing with input [{0}]
+parameters.copyFail=Failed to create copy of original parameter values for debug logging purposes
+parameters.decodeFail.debug=Character decoding failed. Parameter [{0}] with value [{1}] has been ignored.
+parameters.decodeFail.info=Character decoding failed. Parameter [{0}] with value [{1}] has been ignored. Note that the name and value quoted here may be corrupted due to the failed decoding. Use debug level logging to see the original, non-corrupted values.
+parameters.emptyChunk=Empty parameter chunk ignored
+parameters.invalidChunk=Invalid chunk starting at byte [{0}] and ending at byte [{1}] with a value of [{2}] ignored
+parameters.maxCountFail=More than the maximum number of request parameters (GET plus POST) for a single request ([{0}]) were detected. Any parameters beyond this limit have been ignored. To change this limit, set the maxParameterCount attribute on the Connector.
+parameters.maxCountFail.fallToDebug=\n Note: further occurrences of this error will be logged at DEBUG level.
+parameters.multipleDecodingFail=Character decoding failed. A total of [{0}] failures were detected. Enable debug level logging for this logger to log all failures.
+parameters.noequal=Parameter starting at position [{0}] and ending at position [{1}] with a value of [{0}] was not followed by an '=' character
+parameters.fallToDebug=\n Note: further occurrences of Parameter errors will be logged at DEBUG level.
+parameters.failed=Parameters processing failed.
+
+cookies.invalidCookieToken=Cookies: Invalid cookie. Value not a token or quoted value
+cookies.invalidSpecial=Cookies: Unknown Special Cookie
+cookies.fallToDebug=\n Note: further occurrences of Cookie errors will be logged at DEBUG level.
Modified: trunk/java/org/apache/tomcat/util/http/Parameters.java
===================================================================
--- trunk/java/org/apache/tomcat/util/http/Parameters.java 2012-02-29 08:29:01 UTC (rev 1987)
+++ trunk/java/org/apache/tomcat/util/http/Parameters.java 2012-02-29 13:56:29 UTC (rev 1988)
@@ -14,244 +14,105 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package org.apache.tomcat.util.http;
import java.io.IOException;
+import java.nio.charset.Charset;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
+import java.util.Map;
+
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.CharChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.buf.UDecoder;
+import org.apache.tomcat.util.res.StringManager;
/**
- *
+ *
* @author Costin Manolache
- * @author Remy Maucherat
*/
public final class Parameters {
protected static org.jboss.logging.Logger log = org.jboss.logging.Logger
.getLogger(Parameters.class);
- protected static final int NEED_NEXT = -2;
- protected static final int LAST = -1;
- public static final int INITIAL_SIZE = 8;
- protected static final String[] ARRAY_TYPE = new String[0];
+ protected static final StringManager sm =
+ StringManager.getManager("org.apache.tomcat.util.http");
+
protected static final int MAX_COUNT =
Integer.valueOf(System.getProperty("org.apache.tomcat.util.http.Parameters.MAX_COUNT", "512")).intValue();
- protected class Field {
- MessageBytes name = MessageBytes.newInstance();
- MessageBytes value = MessageBytes.newInstance();
+ private final HashMap<String,ArrayList<String>> paramHashValues =
+ new HashMap<String,ArrayList<String>>();
+ private boolean didQueryParameters=false;
- // Extra info for speed
+ MessageBytes queryMB;
- // multiple fields with same name - a linked list will
- // speed up multiple name enumerations and search.
- int nextPos;
+ UDecoder urlDec;
+ MessageBytes decodedQuery=MessageBytes.newInstance();
- // hashkey
- int hash;
- Field nextSameHash;
+ String encoding=null;
+ String queryStringEncoding=null;
- Field() {
- nextPos = NEED_NEXT;
- }
+ private int limit = MAX_COUNT;
+ private int parameterCount = 0;
- void recycle() {
- name.recycle();
- value.recycle();
- nextPos = NEED_NEXT;
- }
- }
-
/**
- * Enumerate the distinct header names. Each nextElement() is O(n) ( a
- * comparation is done with all previous elements ).
- *
- * This is less frequesnt than add() - we want to keep add O(1).
+ * Is set to <code>true</code> if there were failures during parameter
+ * parsing.
*/
- protected class NamesEnumeration implements Enumeration<String> {
- int pos;
- String next;
+ private boolean parseFailed = false;
- // toString and unique options are not implemented -
- // we allways to toString and unique.
-
- /**
- * Create a new multi-map enumeration.
- *
- * @param headers
- * the collection to enumerate
- * @param toString
- * convert each name to string
- * @param unique
- * return only unique names
- */
- public NamesEnumeration() {
- pos = 0;
- findNext();
- }
-
- private void findNext() {
- next = null;
- for (; pos < count; pos++) {
- if (fields[pos].nextPos == LAST) {
- next = getName(pos).toString();
- break;
- }
- }
- // next time findNext is called it will try the
- // next element
- pos++;
- }
-
- public boolean hasMoreElements() {
- return next != null;
- }
-
- public String nextElement() {
- String current = next;
- findNext();
- return current;
- }
- }
-
- protected Field[] fields;
- // fields in use
- protected int count;
-
- protected boolean didQueryParameters = false;
- protected boolean didMerge = false;
-
- protected MessageBytes queryMB;
-
- protected UDecoder urlDec;
- protected MessageBytes decodedQuery = MessageBytes.newInstance();
-
- protected String encoding = null;
- protected String queryStringEncoding = null;
-
- /**
- *
- */
public Parameters() {
- fields = new Field[INITIAL_SIZE];
+ // NO-OP
}
- public void setQuery(MessageBytes queryMB) {
- this.queryMB = queryMB;
+ public void setQuery( MessageBytes queryMB ) {
+ this.queryMB=queryMB;
}
- public void setHeaders(MimeHeaders headers) {
- // Not used anymore at the moment
+ public void setLimit(int limit) {
+ this.limit = limit;
}
- public void setEncoding(String s) {
- encoding = s;
+ public String getEncoding() {
+ return encoding;
}
- public void setURLDecoder(UDecoder u) {
- urlDec = u;
+ public void setEncoding( String s ) {
+ encoding=s;
+ if(log.isDebugEnabled()) {
+ log.debug( "Set encoding to " + s );
+ }
}
- public void setQueryStringEncoding(String s) {
- queryStringEncoding = s;
- }
-
- public void recycle() {
- for (int i = 0; i < count; i++) {
- fields[i].recycle();
+ public void setQueryStringEncoding( String s ) {
+ queryStringEncoding=s;
+ if(log.isDebugEnabled()) {
+ log.debug( "Set query string encoding to " + s );
}
- count = 0;
- didQueryParameters = false;
- didMerge = false;
- encoding = null;
- decodedQuery.recycle();
}
- /**
- * Returns the current number of header fields.
- */
- protected int size() {
- return count;
+ public boolean isParseFailed() {
+ return parseFailed;
}
- /**
- * Returns the Nth header name This may be used to iterate through all
- * header fields.
- *
- * An exception is thrown if the index is not valid ( <0 or >size )
- */
- protected MessageBytes getName(int n) {
- // n >= 0 && n < count ? headers[n].getName() : null
- return fields[n].name;
+ public void setParseFailed(boolean parseFailed) {
+ this.parseFailed = parseFailed;
}
- /**
- * Returns the Nth header value This may be used to iterate through all
- * header fields.
- */
- protected MessageBytes getValue(int n) {
- return fields[n].value;
+ public void recycle() {
+ parameterCount = 0;
+ paramHashValues.clear();
+ didQueryParameters=false;
+ encoding=null;
+ decodedQuery.recycle();
+ parseFailed = false;
}
- /**
- * Create a new, unitialized entry.
- */
- protected int addField() {
- int len = fields.length;
- int pos = count;
- if (count >= len) {
- if (count >= MAX_COUNT) {
- throw new IllegalStateException("Parameter count exceeded allowed maximum: " + MAX_COUNT);
- }
- // expand header list array
- Field tmp[] = new Field[pos * 2];
- System.arraycopy(fields, 0, tmp, 0, len);
- fields = tmp;
- }
- if (fields[pos] == null) {
- fields[pos] = new Field();
- }
- count++;
- return pos;
- }
-
- protected int findFirst(String name) {
- for (int i = 0; i < count; i++) {
- if (fields[i].name.equals(name)) {
- return i;
- }
- }
- return -1;
- }
-
- protected int findNext(int startPos) {
- int next = fields[startPos].nextPos;
- if (next != NEED_NEXT) {
- return next;
- }
- if (next == LAST) {
- return LAST;
- }
-
- // next==NEED_NEXT, we never searched for this header
- MessageBytes name = fields[startPos].name;
- for (int i = (startPos + 1); i < count; i++) {
- if (fields[i].name.equals(name)) {
- // cache the search result
- fields[startPos].nextPos = i;
- return i;
- }
- }
- fields[startPos].nextPos = LAST;
- return -1;
- }
-
// -------------------- Data access --------------------
// Access to the current name/values, no side effect ( processing ).
// You must explicitely call handleQueryParameters and the post methods.
@@ -263,234 +124,324 @@
return;
}
for (int i = 0; i < values.length; i++) {
- String value = values[i];
- int pos = addField();
- getName(pos).setString(name);
- getValue(pos).setString(value);
+ addParameter(name, values[i]);
}
}
public String[] getParameterValues(String name) {
handleQueryParameters();
- int pos = findFirst(name);
- if (pos >= 0) {
- ArrayList<String> result = new ArrayList<String>();
- while (pos >= 0) {
- result.add(getValue(pos).toString());
- pos = findNext(pos);
- }
- return result.toArray(ARRAY_TYPE);
- } else {
+ // no "facade"
+ ArrayList<String> values = paramHashValues.get(name);
+ if (values == null) {
return null;
}
+ return values.toArray(new String[values.size()]);
}
public Enumeration<String> getParameterNames() {
handleQueryParameters();
- for (int i = 0; i < count; i++) {
- if (fields[i].nextPos == NEED_NEXT) {
- findNext(i);
- }
- }
- return new NamesEnumeration();
+ return Collections.enumeration(paramHashValues.keySet());
}
-
- public void getParameterMap(HashMap<String, String[]> parameterMap) {
- handleQueryParameters();
- for (int i = 0; i < count; i++) {
- String name = getName(i).toString();
- if (!parameterMap.containsKey(name)) {
- ArrayList<String> result = new ArrayList<String>();
- int j = i;
- while (j >= 0) {
- result.add(getValue(j).toString());
- j = findNext(j);
- }
- parameterMap.put(name, result.toArray(ARRAY_TYPE));
- }
- }
- }
- // Shortcut.
- public String getParameter(String name) {
+ public String getParameter(String name ) {
handleQueryParameters();
- int pos = findFirst(name);
- if (pos >= 0) {
- return getValue(pos).toString();
+ ArrayList<String> values = paramHashValues.get(name);
+ if (values != null) {
+ if(values.size() == 0) {
+ return "";
+ }
+ return values.get(0);
} else {
return null;
}
}
-
// -------------------- Processing --------------------
/** Process the query string into parameters
*/
public void handleQueryParameters() {
- if (didQueryParameters)
+ if( didQueryParameters ) {
return;
+ }
- didQueryParameters = true;
+ didQueryParameters=true;
- if (queryMB == null || queryMB.isNull())
+ if( queryMB==null || queryMB.isNull() ) {
return;
+ }
- if (debug > 0)
- log("Decoding query " + decodedQuery + " " + queryStringEncoding);
+ if(log.isDebugEnabled()) {
+ log.debug("Decoding query " + decodedQuery + " " +
+ queryStringEncoding);
+ }
try {
- decodedQuery.duplicate(queryMB);
+ decodedQuery.duplicate( queryMB );
} catch (IOException e) {
// Can't happen, as decodedQuery can't overflow
e.printStackTrace();
}
- processParameters(decodedQuery, queryStringEncoding);
+ processParameters( decodedQuery, queryStringEncoding );
}
- protected void addParam(String name, String value) {
- if (name == null) {
+
+ public void addParameter( String key, String value )
+ throws IllegalStateException {
+
+ if( key==null ) {
return;
}
- int pos = addField();
- getName(pos).setString(name);
- getValue(pos).setString(value);
+
+ parameterCount ++;
+ if (limit > -1 && parameterCount > limit) {
+ // Processing this parameter will push us over the limit. ISE is
+ // what Request.parseParts() uses for requests that are too big
+ parseFailed = true;
+ throw new IllegalStateException(sm.getString(
+ "parameters.maxCountFail", Integer.valueOf(limit)));
+ }
+
+ ArrayList<String> values = paramHashValues.get(key);
+ if (values == null) {
+ values = new ArrayList<String>(1);
+ paramHashValues.put(key, values);
+ }
+ values.add(value);
}
- // -------------------- Parameter parsing --------------------
+ public void setURLDecoder( UDecoder u ) {
+ urlDec=u;
+ }
+ // -------------------- Parameter parsing --------------------
// we are called from a single thread - we can do it the hard way
// if needed
- protected ByteChunk tmpName = new ByteChunk();
- protected ByteChunk tmpValue = new ByteChunk();
- protected CharChunk tmpNameC = new CharChunk(32);
- protected CharChunk tmpValueC = new CharChunk(128);
+ ByteChunk tmpName=new ByteChunk();
+ ByteChunk tmpValue=new ByteChunk();
+ private final ByteChunk origName=new ByteChunk();
+ private final ByteChunk origValue=new ByteChunk();
+ CharChunk tmpNameC=new CharChunk(1024);
+ public static final String DEFAULT_ENCODING = "ISO-8859-1";
+ private static final Charset DEFAULT_CHARSET =
+ Charset.forName(DEFAULT_ENCODING);
- public void processParameters(MessageBytes data) {
- processParameters(data, encoding);
+
+ public void processParameters( byte bytes[], int start, int len ) {
+ processParameters(bytes, start, len, null);
}
- public void processParameters(MessageBytes data, String encoding) {
- if (data == null || data.isNull() || data.getLength() <= 0)
- return;
+ private void processParameters(byte bytes[], int start, int len, String enc) {
- if (data.getType() != MessageBytes.T_BYTES) {
- data.toBytes();
+ if(log.isDebugEnabled()) {
+ log.debug(sm.getString("parameters.bytes",
+ new String(bytes, start, len, DEFAULT_CHARSET)));
}
- ByteChunk bc = data.getByteChunk();
- processParameters(bc.getBytes(), bc.getOffset(), bc.getLength(),
- encoding);
- }
- public void processParameters(byte bytes[], int start, int len) {
- processParameters(bytes, start, len, encoding);
- }
+ int decodeFailCount = 0;
- public void processParameters(byte bytes[], int start, int len, String enc) {
- int end = start + len;
int pos = start;
+ int end = start + len;
- if (debug > 0)
- log("Bytes: " + new String(bytes, start, len));
+ while(pos < end) {
+ int nameStart = pos;
+ int nameEnd = -1;
+ int valueStart = -1;
+ int valueEnd = -1;
- do {
- boolean noEq = false;
- int valStart = -1;
- int valEnd = -1;
+ boolean parsingName = true;
+ boolean decodeName = false;
+ boolean decodeValue = false;
+ boolean parameterComplete = false;
- int nameStart = pos;
- int nameEnd = ByteChunk.indexOf(bytes, nameStart, end, '=');
- // Workaround for a&b&c encoding
- int nameEnd2 = ByteChunk.indexOf(bytes, nameStart, end, '&');
- if ((nameEnd2 != -1) && (nameEnd == -1 || nameEnd > nameEnd2)) {
- nameEnd = nameEnd2;
- noEq = true;
- valStart = nameEnd;
- valEnd = nameEnd;
- if (debug > 0)
- log("no equal " + nameStart + " " + nameEnd + " "
- + new String(bytes, nameStart, nameEnd - nameStart));
+ do {
+ switch(bytes[pos]) {
+ case '=':
+ if (parsingName) {
+ // Name finished. Value starts from next character
+ nameEnd = pos;
+ parsingName = false;
+ valueStart = ++pos;
+ } else {
+ // Equals character in value
+ pos++;
+ }
+ break;
+ case '&':
+ if (parsingName) {
+ // Name finished. No value.
+ nameEnd = pos;
+ } else {
+ // Value finished
+ valueEnd = pos;
+ }
+ parameterComplete = true;
+ pos++;
+ break;
+ case '%':
+ case '+':
+ // Decoding required
+ if (parsingName) {
+ decodeName = true;
+ } else {
+ decodeValue = true;
+ }
+ pos ++;
+ break;
+ default:
+ pos ++;
+ break;
+ }
+ } while (!parameterComplete && pos < end);
+
+ if (pos == end) {
+ if (nameEnd == -1) {
+ nameEnd = pos;
+ } else if (valueStart > -1 && valueEnd == -1){
+ valueEnd = pos;
+ }
}
- if (nameEnd == -1)
- nameEnd = end;
- if (!noEq) {
- valStart = (nameEnd < end) ? nameEnd + 1 : end;
- valEnd = ByteChunk.indexOf(bytes, valStart, end, '&');
- if (valEnd == -1)
- valEnd = (valStart < end) ? end : valStart;
+ if (log.isDebugEnabled() && valueStart == -1) {
+ log.debug(sm.getString("parameters.noequal",
+ Integer.valueOf(nameStart), Integer.valueOf(nameEnd),
+ new String(bytes, nameStart, nameEnd-nameStart,
+ DEFAULT_CHARSET)));
}
- pos = valEnd + 1;
-
- if (nameEnd <= nameStart) {
- log.warn("Parameters: Invalid chunk ignored.");
+ if (nameEnd <= nameStart ) {
+ if (valueStart == -1) {
+ // &&
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("parameters.emptyChunk"));
+ }
+ // Do not flag as error
+ continue;
+ }
+ // &=foo&
+ if (log.isDebugEnabled()) {
+ String extract;
+ if (valueEnd >= nameStart) {
+ extract = new String(bytes, nameStart, valueEnd
+ - nameStart, DEFAULT_CHARSET);
+ } else {
+ extract = "";
+ }
+ String message = sm.getString("parameters.invalidChunk",
+ Integer.valueOf(nameStart),
+ Integer.valueOf(valueEnd), extract);
+ log.debug(message);
+ }
+ parseFailed = true;
continue;
// invalid chunk - it's better to ignore
}
+
tmpName.setBytes(bytes, nameStart, nameEnd - nameStart);
- tmpValue.setBytes(bytes, valStart, valEnd - valStart);
+ if (valueStart >= 0) {
+ tmpValue.setBytes(bytes, valueStart, valueEnd - valueStart);
+ } else {
+ tmpValue.setBytes(bytes, 0, 0);
+ }
+ // Take copies as if anything goes wrong originals will be
+ // corrupted. This means original values can be logged.
+ // For performance - only done for debug
+ if (log.isDebugEnabled()) {
+ try {
+ origName.append(bytes, nameStart, nameEnd - nameStart);
+ if (valueStart >= 0) {
+ origValue.append(bytes, valueStart, valueEnd - valueStart);
+ } else {
+ origValue.append(bytes, 0, 0);
+ }
+ } catch (IOException ioe) {
+ // Should never happen...
+ parseFailed = true;
+ log.error(sm.getString("parameters.copyFail"), ioe);
+ }
+ }
+
try {
- addParam(urlDecode(tmpName, enc), urlDecode(tmpValue, enc));
+ String name;
+ String value;
+
+ if (decodeName) {
+ urlDecode(tmpName);
+ }
+ tmpName.setEncoding(enc);
+ name = tmpName.toString();
+
+ if (valueStart >= 0) {
+ if (decodeValue) {
+ urlDecode(tmpValue);
+ }
+ tmpValue.setEncoding(enc);
+ value = tmpValue.toString();
+ } else {
+ value = "";
+ }
+
+ addParameter(name, value);
} catch (IOException e) {
- // Exception during character decoding: skip parameter
- log.warn("Parameters: Character decoding failed. "
- + "Parameter skipped.", e);
+ parseFailed = true;
+ decodeFailCount++;
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("parameters.decodeFail.debug",
+ origName.toString(), origValue.toString()), e);
+ }
}
tmpName.recycle();
tmpValue.recycle();
+ // Only recycle copies if we used them
+ if (log.isDebugEnabled()) {
+ origName.recycle();
+ origValue.recycle();
+ }
+ }
- } while (pos < end);
+ if (decodeFailCount > 1 && log.isDebugEnabled()) {
+ log.debug(sm.getString("parameters.multipleDecodingFail",
+ Integer.valueOf(decodeFailCount)));
+ }
+ if (parseFailed) {
+ throw new IllegalStateException(sm.getString("parameters.failed"));
+ }
}
- protected String urlDecode(ByteChunk bc, String enc) throws IOException {
- if (urlDec == null) {
- urlDec = new UDecoder();
+ private void urlDecode(ByteChunk bc)
+ throws IOException {
+ if( urlDec==null ) {
+ urlDec=new UDecoder();
}
- urlDec.convert(bc);
- String result = null;
- if (enc != null) {
- bc.setEncoding(enc);
- result = bc.toString();
- } else {
- CharChunk cc = tmpNameC;
- int length = bc.getLength();
- cc.allocate(length, -1);
- // Default encoding: fast conversion
- byte[] bbuf = bc.getBuffer();
- char[] cbuf = cc.getBuffer();
- int start = bc.getStart();
- for (int i = 0; i < length; i++) {
- cbuf[i] = (char) (bbuf[i + start] & 0xff);
- }
- cc.setChars(cbuf, 0, length);
- result = cc.toString();
- cc.recycle();
+ urlDec.convert(bc, true);
+ }
+
+ public void processParameters( MessageBytes data, String encoding ) {
+ if( data==null || data.isNull() || data.getLength() <= 0 ) {
+ return;
}
- return result;
+
+ if( data.getType() != MessageBytes.T_BYTES ) {
+ data.toBytes();
+ }
+ ByteChunk bc=data.getByteChunk();
+ processParameters( bc.getBytes(), bc.getOffset(),
+ bc.getLength(), encoding);
}
- /** Debug purpose
+ /**
+ * Debug purpose
*/
public String paramsAsString() {
StringBuilder sb = new StringBuilder();
- Enumeration en = getParameterNames();
- while (en.hasMoreElements()) {
- String k = (String) en.nextElement();
- sb.append(k).append("=");
- String v[] = (String[]) getParameterValues(k);
- for (int i = 0; i < v.length; i++)
- sb.append(v[i]).append(",");
- sb.append("\n");
+ for (Map.Entry<String, ArrayList<String>> e : paramHashValues.entrySet()) {
+ sb.append(e.getKey()).append('=');
+ ArrayList<String> values = e.getValue();
+ for (String value : values) {
+ sb.append(value).append(',');
+ }
+ sb.append('\n');
}
return sb.toString();
}
-
- private static int debug = 0;
-
- private void log(String s) {
- if (log.isDebugEnabled())
- log.debug("Parameters: " + s);
- }
-
}
Modified: trunk/webapps/docs/changelog.xml
===================================================================
--- trunk/webapps/docs/changelog.xml 2012-02-29 08:29:01 UTC (rev 1987)
+++ trunk/webapps/docs/changelog.xml 2012-02-29 13:56:29 UTC (rev 1988)
@@ -16,6 +16,21 @@
<body>
+<section name="JBoss Web 7.0.12.Final (remm)">
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Rebase parameters handling. (markt)
+ </fix>
+ <fix>
+ <jboss-jira>AS7-3953</jboss-jira>: Add system properties for configuration
+ of some lesser used features in the HTTP connector: server header, header size,
+ and compression. (remm)
+ </fix>
+ </changelog>
+ </subsection>
+</section>
+
<section name="JBoss Web 7.0.11.Final (remm)">
<subsection name="Catalina">
<changelog>
12 years, 9 months
- 1
- 0
JBossWeb SVN: r1987 - trunk/java/org/apache/coyote/http11.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2012-02-29 03:29:01 -0500 (Wed, 29 Feb 2012)
New Revision: 1987
Modified:
trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
trunk/java/org/apache/coyote/http11/Http11Protocol.java
Log:
AS7-3953: Add system properties for lesser used configuration options of the HTTP connector.
Modified: trunk/java/org/apache/coyote/http11/Http11AprProtocol.java
===================================================================
--- trunk/java/org/apache/coyote/http11/Http11AprProtocol.java 2012-02-27 16:44:56 UTC (rev 1986)
+++ trunk/java/org/apache/coyote/http11/Http11AprProtocol.java 2012-02-29 08:29:01 UTC (rev 1987)
@@ -320,7 +320,7 @@
/**
* Maximum size of the HTTP message header.
*/
- protected int maxHttpHeaderSize = 8 * 1024;
+ protected int maxHttpHeaderSize = Integer.valueOf(System.getProperty("org.apache.coyote.http11.Http11Protocol.MAX_HEADER_SIZE", "8192")).intValue();
public int getMaxHttpHeaderSize() { return maxHttpHeaderSize; }
public void setMaxHttpHeaderSize(int valueI) { maxHttpHeaderSize = valueI; }
@@ -338,25 +338,25 @@
/**
* Integrated compression support.
*/
- protected String compression = "off";
+ protected String compression = System.getProperty("org.apache.coyote.http11.Http11Protocol.COMPRESSION", "off");
public String getCompression() { return compression; }
public void setCompression(String valueS) { compression = valueS; }
// HTTP
- protected String noCompressionUserAgents = null;
+ protected String noCompressionUserAgents = System.getProperty("org.apache.coyote.http11.Http11Protocol.COMPRESSION_RESTRICTED_UA");
public String getNoCompressionUserAgents() { return noCompressionUserAgents; }
public void setNoCompressionUserAgents(String valueS) { noCompressionUserAgents = valueS; }
// HTTP
- protected String compressableMimeTypes = "text/html,text/xml,text/plain";
+ protected String compressableMimeTypes = System.getProperty("org.apache.coyote.http11.Http11Protocol.COMPRESSION_MIME_TYPES", "text/html,text/xml,text/plain");
public String getCompressableMimeType() { return compressableMimeTypes; }
public void setCompressableMimeType(String valueS) { compressableMimeTypes = valueS; }
// HTTP
- protected int compressionMinSize = 2048;
+ protected int compressionMinSize = Integer.valueOf(System.getProperty("org.apache.coyote.http11.Http11Protocol.COMPRESSION_MIN_SIZE", "2048")).intValue();
public int getCompressionMinSize() { return compressionMinSize; }
public void setCompressionMinSize(int valueI) { compressionMinSize = valueI; }
@@ -402,7 +402,7 @@
/**
* Server header.
*/
- protected String server;
+ protected String server = System.getProperty("org.apache.coyote.http11.Http11Protocol.SERVER");
public void setServer( String server ) { this.server = server; }
public String getServer() { return server; }
Modified: trunk/java/org/apache/coyote/http11/Http11Protocol.java
===================================================================
--- trunk/java/org/apache/coyote/http11/Http11Protocol.java 2012-02-27 16:44:56 UTC (rev 1986)
+++ trunk/java/org/apache/coyote/http11/Http11Protocol.java 2012-02-29 08:29:01 UTC (rev 1987)
@@ -376,7 +376,7 @@
/**
* Maximum size of the HTTP message header.
*/
- protected int maxHttpHeaderSize = 8 * 1024;
+ protected int maxHttpHeaderSize = Integer.valueOf(System.getProperty("org.apache.coyote.http11.Http11Protocol.MAX_HEADER_SIZE", "8192")).intValue();
public int getMaxHttpHeaderSize() { return maxHttpHeaderSize; }
public void setMaxHttpHeaderSize(int valueI) { maxHttpHeaderSize = valueI; }
@@ -395,25 +395,25 @@
/**
* Integrated compression support.
*/
- protected String compression = "off";
+ protected String compression = System.getProperty("org.apache.coyote.http11.Http11Protocol.COMPRESSION", "off");
public String getCompression() { return compression; }
public void setCompression(String valueS) { compression = valueS; }
// HTTP
- protected String noCompressionUserAgents = null;
+ protected String noCompressionUserAgents = System.getProperty("org.apache.coyote.http11.Http11Protocol.COMPRESSION_RESTRICTED_UA");
public String getNoCompressionUserAgents() { return noCompressionUserAgents; }
public void setNoCompressionUserAgents(String valueS) { noCompressionUserAgents = valueS; }
// HTTP
- protected String compressableMimeTypes = "text/html,text/xml,text/plain";
+ protected String compressableMimeTypes = System.getProperty("org.apache.coyote.http11.Http11Protocol.COMPRESSION_MIME_TYPES", "text/html,text/xml,text/plain");
public String getCompressableMimeType() { return compressableMimeTypes; }
public void setCompressableMimeType(String valueS) { compressableMimeTypes = valueS; }
// HTTP
- protected int compressionMinSize = 2048;
+ protected int compressionMinSize = Integer.valueOf(System.getProperty("org.apache.coyote.http11.Http11Protocol.COMPRESSION_MIN_SIZE", "2048")).intValue();
public int getCompressionMinSize() { return compressionMinSize; }
public void setCompressionMinSize(int valueI) { compressionMinSize = valueI; }
@@ -430,7 +430,7 @@
/**
* Server header.
*/
- protected String server;
+ protected String server = System.getProperty("org.apache.coyote.http11.Http11Protocol.SERVER");
public void setServer( String server ) { this.server = server; }
public String getServer() { return server; }
12 years, 9 months
- 1
- 0
JBossWeb SVN: r1986 - trunk/java/org/apache/tomcat/util/http.
by jbossweb-commits@lists.jboss.org
Author: remy.maucherat(a)jboss.com
Date: 2012-02-27 11:44:56 -0500 (Mon, 27 Feb 2012)
New Revision: 1986
Modified:
trunk/java/org/apache/tomcat/util/http/Parameters.java
Log:
Add some optimizations to parameters handling (just to keep them somewhere).
Modified: trunk/java/org/apache/tomcat/util/http/Parameters.java
===================================================================
--- trunk/java/org/apache/tomcat/util/http/Parameters.java 2012-02-24 20:31:30 UTC (rev 1985)
+++ trunk/java/org/apache/tomcat/util/http/Parameters.java 2012-02-27 16:44:56 UTC (rev 1986)
@@ -20,7 +20,7 @@
import java.io.IOException;
import java.util.ArrayList;
import java.util.Enumeration;
-
+import java.util.HashMap;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.CharChunk;
import org.apache.tomcat.util.buf.MessageBytes;
@@ -74,7 +74,7 @@
*
* This is less frequesnt than add() - we want to keep add O(1).
*/
- protected class NamesEnumeration implements Enumeration {
+ protected class NamesEnumeration implements Enumeration<String> {
int pos;
String next;
@@ -99,16 +99,8 @@
private void findNext() {
next = null;
for (; pos < count; pos++) {
- next = getName(pos).toString();
- for (int j = 0; j < pos; j++) {
- if (getName(j).equals(next)) {
- // duplicate.
- next = null;
- break;
- }
- }
- if (next != null) {
- // it's not a duplicate
+ if (fields[pos].nextPos == LAST) {
+ next = getName(pos).toString();
break;
}
}
@@ -121,7 +113,7 @@
return next != null;
}
- public Object nextElement() {
+ public String nextElement() {
String current = next;
findNext();
return current;
@@ -243,6 +235,9 @@
if (next != NEED_NEXT) {
return next;
}
+ if (next == LAST) {
+ return LAST;
+ }
// next==NEED_NEXT, we never searched for this header
MessageBytes name = fields[startPos].name;
@@ -290,10 +285,31 @@
}
}
- public Enumeration getParameterNames() {
+ public Enumeration<String> getParameterNames() {
handleQueryParameters();
+ for (int i = 0; i < count; i++) {
+ if (fields[i].nextPos == NEED_NEXT) {
+ findNext(i);
+ }
+ }
return new NamesEnumeration();
}
+
+ public void getParameterMap(HashMap<String, String[]> parameterMap) {
+ handleQueryParameters();
+ for (int i = 0; i < count; i++) {
+ String name = getName(i).toString();
+ if (!parameterMap.containsKey(name)) {
+ ArrayList<String> result = new ArrayList<String>();
+ int j = i;
+ while (j >= 0) {
+ result.add(getValue(j).toString());
+ j = findNext(j);
+ }
+ parameterMap.put(name, result.toArray(ARRAY_TYPE));
+ }
+ }
+ }
// Shortcut.
public String getParameter(String name) {
12 years, 10 months
- 1
- 0
JBossWeb SVN: r1985 - branches/JBOSSWEB_2_0_0_GA_CP13_JBPAPP-8232/src/share/classes/org/apache/tomcat/util/net/jsse.
by jbossweb-commits@lists.jboss.org
Author: dehort
Date: 2012-02-24 15:31:30 -0500 (Fri, 24 Feb 2012)
New Revision: 1985
Modified:
branches/JBOSSWEB_2_0_0_GA_CP13_JBPAPP-8232/src/share/classes/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
branches/JBOSSWEB_2_0_0_GA_CP13_JBPAPP-8232/src/share/classes/org/apache/tomcat/util/net/jsse/JSSESupport.java
Log:
Applying patch for ConcurrentModificationException in HandshakeCompletedNotify-Thead issue
[JBPAPP-8232]
Modified: branches/JBOSSWEB_2_0_0_GA_CP13_JBPAPP-8232/src/share/classes/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
===================================================================
--- branches/JBOSSWEB_2_0_0_GA_CP13_JBPAPP-8232/src/share/classes/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 2012-02-24 20:19:02 UTC (rev 1984)
+++ branches/JBOSSWEB_2_0_0_GA_CP13_JBPAPP-8232/src/share/classes/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java 2012-02-24 20:31:30 UTC (rev 1985)
@@ -51,6 +51,7 @@
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
@@ -148,40 +149,24 @@
SSLSocket asock = null;
try {
asock = (SSLSocket)socket.accept();
- if (!allowUnsafeLegacyRenegotiation) {
- asock.addHandshakeCompletedListener(
- new DisableSslRenegotiation());
- }
- configureClientAuth(asock);
} catch (SSLException e){
throw new SocketException("SSL handshake error" + e.toString());
}
return asock;
}
- private static class DisableSslRenegotiation
- implements HandshakeCompletedListener {
- private volatile boolean completed = false;
+ public void handshake(Socket sock) throws IOException {
+ // We do getSession instead of startHandshake() so we can call this multiple times
+ SSLSession session = ((SSLSocket)sock).getSession();
+ if (session.getCipherSuite().equals("SSL_NULL_WITH_NULL_NULL"))
+ throw new IOException("SSL handshake failed. Ciper suite in SSL Session is SSL_NULL_WITH_NULL_NULL");
- public void handshakeCompleted(HandshakeCompletedEvent event) {
- if (completed) {
- try {
- log.warn("SSL renegotiation is disabled, closing connection");
- event.getSession().invalidate();
- event.getSocket().close();
- } catch (IOException e) {
- // ignore
- }
- }
- completed = true;
+ if (!allowUnsafeLegacyRenegotiation) {
+ // Prevent futher handshakes by removing all cipher suites
+ ((SSLSocket) sock).setEnabledCipherSuites(new String[0]);
}
}
-
- public void handshake(Socket sock) throws IOException {
- ((SSLSocket)sock).startHandshake();
- }
-
/*
* Determines the SSL cipher suites to be enabled.
*
Modified: branches/JBOSSWEB_2_0_0_GA_CP13_JBPAPP-8232/src/share/classes/org/apache/tomcat/util/net/jsse/JSSESupport.java
===================================================================
--- branches/JBOSSWEB_2_0_0_GA_CP13_JBPAPP-8232/src/share/classes/org/apache/tomcat/util/net/jsse/JSSESupport.java 2012-02-24 20:19:02 UTC (rev 1984)
+++ branches/JBOSSWEB_2_0_0_GA_CP13_JBPAPP-8232/src/share/classes/org/apache/tomcat/util/net/jsse/JSSESupport.java 2012-02-24 20:31:30 UTC (rev 1985)
@@ -148,6 +148,15 @@
ssl.setNeedClientAuth(true);
}
+ if (ssl.getEnabledCipherSuites().length == 0) {
+ // Handshake is never going to be successful.
+ // Assume this is because handshakes are disabled
+ log.warn("SSL server initiated renegotiation is disabled, closing connection");
+ session.invalidate();
+ ssl.close();
+ return;
+ }
+
InputStream in = ssl.getInputStream();
int oldTimeout = ssl.getSoTimeout();
ssl.setSoTimeout(1000);
@@ -170,10 +179,7 @@
break;
}
}
- // If legacy re-negotiation is disabled, socked could be closed here
- if (!ssl.isClosed()) {
- ssl.setSoTimeout(oldTimeout);
- }
+ ssl.setSoTimeout(oldTimeout);
if (listener.completed == false) {
throw new SocketException("SSL Cert handshake timeout");
}
12 years, 10 months
- 1
- 0
JBossWeb SVN: r1984 - branches.
by jbossweb-commits@lists.jboss.org
Author: dehort
Date: 2012-02-24 15:19:02 -0500 (Fri, 24 Feb 2012)
New Revision: 1984
Added:
branches/JBOSSWEB_2_0_0_GA_CP13_JBPAPP-8232/
Log:
Making a branch for bundling two one-off patches
[JBPAPP-8232]
12 years, 10 months
- 1
- 0
JBossWeb SVN: r1983 - in trunk/webapps/docs: config and 1 other directory.
by jbossweb-commits@lists.jboss.org
Author: jfrederic.clere(a)jboss.com
Date: 2012-02-24 08:26:29 -0500 (Fri, 24 Feb 2012)
New Revision: 1983
Removed:
trunk/webapps/docs/config/realm.xml
Modified:
trunk/webapps/docs/index.xml
trunk/webapps/docs/project.xml
Log:
Arrange more docs.
Deleted: trunk/webapps/docs/config/realm.xml
===================================================================
--- trunk/webapps/docs/config/realm.xml 2012-02-24 12:38:40 UTC (rev 1982)
+++ trunk/webapps/docs/config/realm.xml 2012-02-24 13:26:29 UTC (rev 1983)
@@ -1,527 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE document [
- <!ENTITY project SYSTEM "project.xml">
-]>
-<document url="realm.html">
-
- &project;
-
- <properties>
- <author email="craigmcc(a)apache.org">Craig R. McClanahan</author>
- <title>The Realm Component</title>
- </properties>
-
-<body>
-
-
-<section name="Introduction">
-
- <p>A <strong>Realm</strong> element represents a "database" of usernames,
- passwords, and <em>roles</em> (similar to Unix <em>groups</em>) assigned
- to those users. Different implementations of Realm allow Catalina to be
- integrated into environments where such authentication information is already
- being created and maintained, and then utilize that information to implement
- <em>Container Managed Security</em> as described in the Servlet
- Specification.</p>
-
- <p>You may nest a Realm inside any Catalina container
- <a href="engine.html">Engine</a>, <a href="host.html">Host</a>, or
- <a href="context.html">Context</a>). In addition, Realms associated with
- an Engine or a Host are automatically inherited by lower-level
- containers, unless explicitly overridden.</p>
-
- <p>For more in-depth information about container managed security in web
- applications, as well as more information on configuring and using the
- standard realm component implementations, please see the
- <a href="../realm-howto.html">Container-Managed Security Guide</a>.
- </p>
-
- <blockquote><em>
- <p>The description below uses the variable name $CATALINA_HOME
- to refer to the directory into which you have installed JBoss Web,
- and is the base directory against which most relative paths are
- resolved. However, if you have configured JBoss Web for multiple
- instances by setting a CATALINA_BASE directory, you should use
- $CATALINA_BASE instead of $CATALINA_HOME for each of these
- references.</p>
- </em></blockquote>
-
-</section>
-
-
-<section name="Attributes">
-
- <subsection name="Common Attributes">
-
- <p>All implementations of <strong>Realm</strong>
- support the following attributes:</p>
-
- <attributes>
-
- <attribute name="className" required="true">
- <p>Java class name of the implementation to use. This class must
- implement the <code>org.apache.catalina.Realm</code> interface.</p>
- </attribute>
-
- </attributes>
-
- </subsection>
-
-
- <subsection name="Standard Implementation">
-
- <p>Unlike most Catalina components, there are several standard
- <strong>Realm</strong> implementations available. As a result,
- the <code>className</code> attribute MUST be used to select the
- implementation you wish to use.</p>
-
- <h3>JDBC Database Realm (org.apache.catalina.realm.JDBCRealm)</h3>
-
- <p>The <strong>JDBC Database Realm</strong> connects Catalina to
- a relational database, accessed through an appropriate JDBC driver,
- to perform lookups of usernames, passwords, and their associated
- roles. Because the lookup is done each time that it is required,
- changes to the database will be immediately reflected in the
- information used to authenticate new logins.</p>
-
- <p>A rich set of additional attributes lets you configure the required
- connection to the underlying database, as well as the table and
- column names used to retrieve the required information:</p>
-
- <attributes>
-
- <attribute name="connectionName" required="true">
- <p>The database username to use when establishing the JDBC
- connection.</p>
- </attribute>
-
- <attribute name="connectionPassword" required="true">
- <p>The database password to use when establishing the JDBC
- connection.</p>
- </attribute>
-
- <attribute name="connectionURL" required="true">
- <p>The connection URL to be passed to the JDBC driver when
- establishing a database connection.</p>
- </attribute>
-
- <attribute name="digest" required="false">
- <p>The name of the <code>MessageDigest</code> algorithm used
- to encode user passwords stored in the database. If not specified,
- user passwords are assumed to be stored in clear-text.</p>
- </attribute>
-
- <attribute name="digestEncoding" required="false">
- <p>The charset for encoding digests. If not specified, the platform
- default will be used.</p>
- </attribute>
-
- <attribute name="driverName" required="true">
- <p>Fully qualified Java class name of the JDBC driver to be
- used to connect to the authentication database.</p>
- </attribute>
-
- <attribute name="roleNameCol" required="true">
- <p>Name of the column, in the "user roles" table, which contains
- a role name assigned to the corresponding user.</p>
- </attribute>
-
- <attribute name="userCredCol" required="true">
- <p>Name of the column, in the "users" table, which contains
- the user's credentials (i.e. password(. If a value for the
- <code>digest</code> attribute is specified, this component
- will assume that the passwords have been encoded with the
- specified algorithm. Otherwise, they will be assumed to be
- in clear text.</p>
- </attribute>
-
- <attribute name="userNameCol" required="true">
- <p>Name of the column, in the "users" and "user roles" table,
- that contains the user's username.</p>
- </attribute>
-
- <attribute name="userRoleTable" required="true">
- <p>Name of the "user roles" table, which must contain columns
- named by the <code>userNameCol</code> and <code>roleNameCol</code>
- attributes.</p>
- </attribute>
-
- <attribute name="userTable" required="true">
- <p>Name of the "users" table, which must contain columns named
- by the <code>userNameCol</code> and <code>userCredCol</code>
- attributes.</p>
- </attribute>
-
- </attributes>
-
- <p>See the <a href="../realm-howto.html">Container-Managed Security Guide</a> for more
- information on setting up container managed security using the
- JDBC Database Realm component.</p>
-
- <h3>Combined Realm (org.apache.catalina.realm.CombinedRealm)</h3>
-
- <p><strong>CombinedRealm</strong> is an implementation of the Tomcat 6
- <code>Realm</code> interface that authenticates users through one or more
- sub-Realms.</p>
-
- <p>Using CombinedRealm gives the developer the ability to combine multiple
- Realms of the same or different types. This can be used to authenticate
- against different sources, provide fall back in case one Realm fails or for
- any other purpose that requires multiple Realms.</p>
-
- <p>Sub-realms are defined by nesting <code>Realm</code> elements inside the
- <code>Realm</code> element that defines the CombinedRealm. Authentication
- will be attempted against each <code>Realm</code> in the order they are
- listed. Authentication against any Realm will be sufficient to authenticate
- the user.</p>
-
- <p>The Combined Realm implementation does not support any additional
- attributes.</p>
-
- <p>See the <a href="../realm-howto.html">Container-Managed Security
- Guide</a> for more information on setting up container managed security
- using the Combined Realm component.</p>
-
- <h3>
- DataSource Database Realm (org.apache.catalina.realm.DataSourceRealm)
- </h3>
-
- <p>The <strong>DataSource Database Realm</strong> connects Catalina to
- a relational database, accessed through a JNDI named JDBC DataSource
- to perform lookups of usernames, passwords, and their associated
- roles. Because the lookup is done each time that it is required,
- changes to the database will be immediately reflected in the
- information used to authenticate new logins.</p>
-
- <p>The JDBC Realm uses a single db connection. This requires that
- realm based authentication be synchronized, i.e. only one authentication
- can be done at a time. This could be a bottleneck for applications
- with high volumes of realm based authentications.</p>
-
- <p>The DataSource Database Realm supports simultaneous realm based
- authentications and allows the underlying JDBC DataSource to
- handle optimizations like database connection pooling.</p>
-
- <p>A rich set of additional attributes lets you configure the name
- of the JNDI JDBC DataSource, as well as the table and
- column names used to retrieve the required information:</p>
-
- <attributes>
-
- <attribute name="dataSourceName" required="true">
- <p>The name of the JNDI JDBC DataSource for this Realm.</p>
- </attribute>
-
- <attribute name="digest" required="false">
- <p>The name of the <code>MessageDigest</code> algorithm used
- to encode user passwords stored in the database. If not specified,
- user passwords are assumed to be stored in clear-text.</p>
- </attribute>
-
- <attribute name="roleNameCol" required="true">
- <p>Name of the column, in the "user roles" table, which contains
- a role name assigned to the corresponding user.</p>
- </attribute>
-
- <attribute name="userCredCol" required="true">
- <p>Name of the column, in the "users" table, which contains
- the user's credentials (i.e. password(. If a value for the
- <code>digest</code> attribute is specified, this component
- will assume that the passwords have been encoded with the
- specified algorithm. Otherwise, they will be assumed to be
- in clear text.</p>
- </attribute>
-
- <attribute name="userNameCol" required="true">
- <p>Name of the column, in the "users" and "user roles" table,
- that contains the user's username.</p>
- </attribute>
-
- <attribute name="userRoleTable" required="true">
- <p>Name of the "user roles" table, which must contain columns
- named by the <code>userNameCol</code> and <code>roleNameCol</code>
- attributes.</p>
- </attribute>
-
- <attribute name="userTable" required="true">
- <p>Name of the "users" table, which must contain columns named
- by the <code>userNameCol</code> and <code>userCredCol</code>
- attributes.</p>
- </attribute>
-
- </attributes>
-
- <p>See the <a href="../realm-howto.html#DataSourceRealm">
- DataSource Realm HOW-TO</a> for more information on setting up container
- managed security using the DataSource Database Realm component.</p>
-
-
- <h3>JNDI Directory Realm (org.apache.catalina.realm.JNDIRealm)</h3>
-
-
- <p>The <strong>JNDI Directory Realm</strong> connects Catalina to
- an LDAP Directory, accessed through an appropriate JNDI driver,
- that stores usernames, passwords, and their associated
- roles. Changes to the directory are immediately reflected in the
- information used to authenticate new logins.</p>
-
-
- <p>The directory realm supports a variety of approaches to using
- LDAP for authentication:</p>
-
- <ul>
- <li>The realm can either use a pattern to determine the
- distinguished name (DN) of the user's directory entry, or search
- the directory to locate that entry.
- </li>
-
- <li>The realm can authenticate the user either by binding to the
- directory with the DN of the user's entry and the password
- presented by the user, or by retrieving the password from the
- user's entry and performing a comparison locally.
- </li>
-
- <li>Roles may be represented in the directory as explicit entries
- found by a directory search (e.g. group entries of which the user
- is a member), as the values of an attribute in the user's entry,
- or both.
- </li>
- </ul>
-
- <p> A rich set of additional attributes lets you configure the
- required behaviour as well as the connection to the underlying
- directory and the element and attribute names used to retrieve
- information from the directory:</p>
-
- <attributes>
- <attribute name="alternateURL" required="false">
- <p>If a socket connection can not be made to the provider at
- the <code>connectionURL</code> an attempt will be made to use the
- <code>alternateURL</code>.</p>
- </attribute>
-
- <attribute name="authentication" required="false">
- <p>A string specifying the type of authentication to use.
- "none", "simple", "strong" or a provider specific definition
- can be used. If no value is given the providers default is used.</p>
- </attribute>
-
- <attribute name="connectionName" required="false">
- <p>The directory username to use when establishing a
- connection to the directory for LDAP search operations. If not
- specified an anonymous connection is made, which is often
- sufficient unless you specify the <code>userPassword</code>
- property.</p>
- </attribute>
-
- <attribute name="connectionPassword" required="false">
- <p>The directory password to use when establishing a
- connection to the directory for LDAP search operations. If not
- specified an anonymous connection is made, which is often
- sufficient unless you specify the <code>userPassword</code>
- property.</p>
- </attribute>
-
- <attribute name="connectionURL" required="true">
- <p>The connection URL to be passed to the JNDI driver when
- establishing a connection to the directory.</p>
- </attribute>
-
- <attribute name="contextFactory" required="false">
- <p>Fully qualified Java class name of the factory class used
- to acquire our JNDI <code>InitialContext</code>. By default,
- assumes that the standard JNDI LDAP provider will be utilized.</p>
- </attribute>
-
- <attribute name="derefAliases" required="false">
- <p>A string specifying how aliases are to be dereferenced during
- search operations. The allowed values are "always", "never",
- "finding" and "searching". If not specified, "always" is used.</p>
- </attribute>
-
- <attribute name="protocol" required="false">
- <p>A string specifying the security protocol to use. If not given
- the providers default is used.</p>
- </attribute>
-
- <attribute name="roleBase" required="false">
- <p>The base directory entry for performing role searches. If
- not specified the top-level element in the directory context
- will be used.</p>
- </attribute>
-
- <attribute name="roleName" required="false">
- <p>The name of the attribute that contains role names in the
- directory entries found by a role search. In addition you can
- use the <code>userRoleName</code> property to specify the name
- of an attribute, in the user's entry, containing additional
- role names. If <code>roleName</code> is not specified a role
- search does not take place, and roles are taken only from the
- user's entry.</p>
- </attribute>
-
- <attribute name="roleSearch" required="false">
- <p>The LDAP filter expression used for performing role
- searches. Use <code>{0}</code> to substitute the
- distinguished name (DN) of the user, and/or <code>{1}</code> to
- substitute the username. If not specified a role search does
- not take place and roles are taken only from the attribute in
- the user's entry specified by the <code>userRoleName</code>
- property.</p>
- </attribute>
-
- <attribute name="roleSubtree" required="false">
- <p>Set to <code>true</code> if you want to search the entire
- subtree of the element specified by the <code>roleBase</code>
- property for role entries associated with the user. The
- default value of <code>false</code> causes only the top level
- to be searched.</p>
- </attribute>
-
- <attribute name="userBase" required="false">
- <p>The base element for user searches performed using the
- <code>userSearch</code> expression. Not used if you are using
- the <code>userPattern</code> expression.</p>
- </attribute>
-
- <attribute name="userPassword" required="false">
- <p>Name of the attribute in the user's entry containing the
- user's password. If you specify this value, JNDIRealm will
- bind to the directory using the values specified by
- <code>connectionName</code> and
- <code>connectionPassword</code> properties, and retrieve the
- corresponding attribute for comparison to the value specified
- by the user being authenticated. If you do
- <strong>not</strong> specify this value, JNDIRealm will
- attempt a simple bind to the directory using the DN of the
- user's entry and the password presented by the user, with a
- successful bind being interpreted as an authenticated
- user.</p>
- </attribute>
-
- <attribute name="userPattern" required="false">
- <p>Pattern for the distinguished name (DN) of the user's
- directory entry, with <code>{0}</code> marking where the
- actual username should be inserted. You can use this property
- instead of <code>userSearch</code>, <code>userSubtree</code>
- and <code>userBase</code> when the distinguished name contains
- the username and is otherwise the same for all users.</p>
- </attribute>
-
- <attribute name="userRoleName" required="false">
- <p>The name of an attribute in the user's directory entry
- containing zero or more values for the names of roles assigned
- to this user. In addition you can use the
- <code>roleName</code> property to specify the name of an
- attribute to be retrieved from individual role entries found
- by searching the directory. If <code>userRoleName</code> is
- not specified all the roles for a user derive from the role
- search.</p>
- </attribute>
-
- <attribute name="userSearch" required="false">
- <p>The LDAP filter expression to use when searching for a
- user's directory entry, with <code>{0}</code> marking where
- the actual username should be inserted. Use this property
- (along with the <code>userBase</code> and
- <code>userSubtree</code> properties) instead of
- <code>userPattern</code> to search the directory for the
- user's entry.</p>
- </attribute>
-
- <attribute name="userSubtree" required="false">
- <p>Set to <code>true</code> if you want to search the entire
- subtree of the element specified by the <code>userBase</code>
- property for the user's entry. The default value of
- <code>false</code> causes only the top level to be searched.
- Not used if you are using the <code>userPattern</code>
- expression.</p>
- </attribute>
-
- </attributes>
-
- <p>See the <a href="../realm-howto.html">Container-Managed Security Guide</a> for more
- information on setting up container managed security using the
- JNDI Directory Realm component.</p>
-
-
- <h3>Memory Based Realm (org.apache.catalina.realm.MemoryRealm)</h3>
-
- <p>The <strong>Memory Based Realm</strong> is a simple Realm implementation
- that reads user information from an XML format, and represents it as a
- collection of Java objects in memory. This implementation is intended
- solely to get up and running with container managed security - it is NOT
- intended for production use. As such, there are no mechanisms for
- updating the in-memory collection of users when the content of the
- underlying data file is changed.</p>
-
- <p>The Memory Based Realm implementation supports the following
- additional attributes:</p>
-
- <attributes>
-
- <attribute name="pathname" required="false">
- <p>Absolute or relative (to $CATALINA_HOME) pathname to the XML file
- containing our user information. See below for details on the
- XML element format required. If no pathname is specified, the
- default value is <code>conf/tomcat-users.xml</code>.</p>
- </attribute>
-
- </attributes>
-
- <p>The XML document referenced by the <code>pathname</code> attribute must
- conform to the following requirements:</p>
- <ul>
- <li>The root (outer) element must be <code><tomcat-users></code>.
- </li>
- <li>Each authorized user must be represented by a single XML element
- <code><user></code>, nested inside the root element.</li>
- <li>Each <code><user></code> element must have the following
- attributes:
- <ul>
- <li><strong>name</strong> - Username of this user (must be unique
- within this file).</li>
- <li><strong>password</strong> - Password of this user (in
- clear text).</li>
- <li><strong>roles</strong> - Comma-delimited list of the role names
- assigned to this user.</li>
- </ul></li>
- </ul>
-
- <p>See the <a href="../realm-howto.html">Container-Managed Security Guide</a> for more
- information on setting up container managed security using the
- Memory Based Realm component.</p>
-
-
- </subsection>
-
-
-</section>
-
-
-<section name="Nested Components">
-
- <h3>Combined Realm Implementation</h3>
-
- <p>If you are using the <em>Combined Realm Implementation</em>
- <strong><Realm></strong> elements may be nested inside it.</p>
-
- <h3>Other Realm Implementations</h3>
-
- <p>No other Realm implementation supports nested components.</p>
-
-</section>
-
-
-<section name="Special Features">
-
- <p>See <a href="host.html">Single Sign On</a> for information about
- configuring Single Sign On support for a virtual host.</p>
-
-</section>
-
-
-</body>
-
-
-</document>
Modified: trunk/webapps/docs/index.xml
===================================================================
--- trunk/webapps/docs/index.xml 2012-02-24 12:38:40 UTC (rev 1982)
+++ trunk/webapps/docs/index.xml 2012-02-24 13:26:29 UTC (rev 1983)
@@ -19,8 +19,8 @@
<section name="Introduction">
<p>This is the top-level entry point of the documentation bundle for the
-<strong>JBoss Web</strong> Servlet/JSP container, which is based on the
-Apache Tomcat 6.0 project developed by the Apache Software Foundation.
+<strong>JBoss Web</strong> Servlet/JSP container, which is based on a fork
+of the Apache Tomcat project developed by the Apache Software Foundation.
JBoss Web implements the Servlet 3.0 and JavaServer Pages 2.2 specifications from the
<a href="http://www.jcp.org">Java Community Process</a>, and includes many
additional features that make it a useful platform for developing and deploying
@@ -55,10 +55,6 @@
<li><a href="deployer-howto.html"><strong>Deployer</strong></a> -
Operating the JBoss Web Deployer to deploy, precompile, and validate web
applications.</li>
-<li><a href="realm-howto.html"><strong>Realms and Access Control</strong></a>
- - Description of how to configure <em>Realms</em> (databases of users,
- passwords, and their associated roles) for use in web applications that
- utilize <em>Container Managed Security</em>.</li>
<li><a href="security-manager-howto.html"><strong>Security Manager</strong></a>
- Configuring and using a Java Security Manager to
support fine-grained control over the behavior of your web applications.
@@ -66,9 +62,6 @@
<li><a href="class-loader-howto.html"><strong>Classloading</strong></a>
- Information about class loading in JBoss Web, including where to place
your application classes so that they are visible.</li>
-<li><a href="jasper-howto.html"><strong>JSPs</strong></a>
- - Information about Jasper configuration, as well as the JSP compiler
- usage.</li>
<li><a href="ssl-howto.html"><strong>SSL</strong></a> -
Installing and
configuring SSL support so that your JBoss Web will serve requests using
@@ -144,9 +137,6 @@
<li><a href="jasper/docs/api/index.html"><strong>Jasper Javadocs</strong></a>
- Javadoc API documentation for the <em>Jasper</em> JSP container
portion of JBoss Web.</li>
-<li><a href="architecture/index.html"><strong>JBoss Web Architecture</strong></a>
- - Documentation of the JBoss Web Server Architecture.</li>
-
</ul>
</section>
Modified: trunk/webapps/docs/project.xml
===================================================================
--- trunk/webapps/docs/project.xml 2012-02-24 12:38:40 UTC (rev 1982)
+++ trunk/webapps/docs/project.xml 2012-02-24 13:26:29 UTC (rev 1983)
@@ -17,14 +17,11 @@
<item name="System Properties" href="sysprops.html"/>
<item name="First webapp" href="appdev/index.html"/>
<item name="Deployer" href="deployer-howto.html"/>
- <item name="Realms and AAA" href="realm-howto.html"/>
<item name="Security Manager" href="security-manager-howto.html"/>
<item name="Classloading" href="class-loader-howto.html"/>
- <item name="JSPs" href="jasper-howto.html"/>
<item name="SSL" href="ssl-howto.html"/>
- <item name="URL Rewriting" href="rewrite.html"/>
- <item name="Proxy Support" href="proxy-howto.html"/>
- <item name="MBean Descriptor" href="mbeans-descriptor-howto.html"/>
+ <item name="URL Rewriting" href="rewrite.html"/>
+ <item name="Proxy Support" href="proxy-howto.html"/>
<item name="Default Servlet" href="default-servlet.html"/>
<item name="Connectors" href="connectors.html"/>
<item name="Monitoring and Management" href="monitoring.html"/>
@@ -37,7 +34,6 @@
<menu name="JBoss Web Development">
<item name="Building" href="building.html"/>
<item name="Changelog" href="changelog.html"/>
- <item name="Architecture" href="architecture/index.html" />
<item name="Functional Specs." href="funcspecs/index.html"/>
<item name="Legal" href="legal.html"/>
</menu>
12 years, 10 months
- 1
- 0
JBossWeb SVN: r1982 - trunk/webapps/docs.
by jbossweb-commits@lists.jboss.org
Author: jfrederic.clere(a)jboss.com
Date: 2012-02-24 07:38:40 -0500 (Fri, 24 Feb 2012)
New Revision: 1982
Modified:
trunk/webapps/docs/ssl-howto.xml
Log:
Arrange the doc.
Modified: trunk/webapps/docs/ssl-howto.xml
===================================================================
--- trunk/webapps/docs/ssl-howto.xml 2012-02-23 23:39:35 UTC (rev 1981)
+++ trunk/webapps/docs/ssl-howto.xml 2012-02-24 12:38:40 UTC (rev 1982)
@@ -9,6 +9,7 @@
<properties>
<author email="ccain(a)apache.org">Christopher Cain</author>
<author email="yoavs(a)apache.org">Yoav Shapira</author>
+ <author email="jfcleres(a)apache.org">Jean-Frederic Clere</author>
<title>SSL Configuration HOW-TO</title>
</properties>
@@ -21,16 +22,6 @@
jdk 1.5 and higher. When using APR, JBoss Web will
use OpenSSL, which uses a different configuration.</b></p>
- <blockquote><em>
- <p>The description below uses the variable name $CATALINA_HOME
- to refer to the directory into which you have installed JBoss Web,
- and is the base directory against which most relative paths are
- resolved. However, if you have configured JBoss Web for multiple
- instances by setting a CATALINA_BASE directory, you should use
- $CATALINA_BASE instead of $CATALINA_HOME for each of these
- references.</p>
- </em></blockquote>
-
<p>To install and configure SSL support on JBoss Web, you need to follow
these simple steps. For more information, read the rest of this HOW-TO.</p>
<ol>
@@ -45,8 +36,21 @@
</source>
<p></p>
and specify a password value of "changeit".</li><br/><br/>
-<li>Uncomment the "SSL HTTP/1.1 Connector" entry in
- <code>$CATALINA_HOME/conf/server.xml</code> and tweak as necessary.</li>
+<li>Add a "SSL HTTP/1.1 Connector" entry in
+ <code>standalone/configuration/standalone.xml</code> and tweak if necessary.
+<source>
+ <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false" >
+ <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
+ <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
+ <ssl/>
+ </connector>
+ <virtual-server name="default-host" enable-welcome-root="true">
+ <alias name="localhost"/>
+ <alias name="example.com"/>
+ </virtual-server>
+ </subsystem>
+</source>
+</li>
<br/><br/>
</ol>
@@ -265,117 +269,26 @@
</subsection>
-<subsection name="Edit the JBoss Web Configuration File">
-<p>If you are using APR, you have the option of configuring an alternative engine to openSSL.
-<source>
-<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="someengine" SSLRandomSeed="somedevice" />
-</source>
-The default value is
-<source>
-<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" SSLRandomSeed="builtin" />
-</source>
-So to use SSL under APR, make sure the SSLEngine attribute is set to something other than <code>off</code>.
-The default value is <code>on</code> and if you specify another value, it has to be a valid engine name.
-<br/>
-If you haven't compiled in SSL support into your Tomcat Native library, then you can turn this initialization off
-<source>
-<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />
-</source>
-SSLRandomSeed allows to specify a source of entropy. Productive system needs a reliable source of entropy
-but entropy may need a lot of time to be collected therefore test systems could use no blocking entropy
-sources like "/dev/urandom" that will allow quicker starts of JBoss Web.
-
+<subsection name="Configuring the web-subsystem">
+<p>If your platform supports native (could be if you have installed jbossweb-native) it will be used by default.
+ If you don't want that set native to false in the web sub-system:
</p>
-
-<p>The final step is to configure your secure socket in the
-<code>$CATALINA_HOME/conf/server.xml</code> file, where
-<code>$CATALINA_HOME</code> represents the directory into which you
-installed JBoss Web. An example <code><Connector></code> element
-for an SSL connector is included in the default <code>server.xml</code>
-file installed with JBoss Web. It will look something like this:</p>
<source>
-<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
-<!--
-<Connector
- port="8443" minSpareThreads="5" maxSpareThreads="75"
- enableLookups="true" disableUploadTimeout="true"
- acceptCount="100" maxThreads="200"
- scheme="https" secure="true" SSLEnabled="true"
- keystoreFile="${user.home}/.keystore" keystorePass="changeit"
- clientAuth="false" sslProtocol="TLS"/>
--->
+ <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false" >
</source>
<p>
- The example above will throw an error if you have the APR and the Tomcat Native libraries in your path,
- as tomcat will try to autoload the APR connector. The APR connector uses different attributes for
- SSL keys and certificates. An example of such configuration would be
-<source>
-<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
-<!--
-<Connector
- port="8443" minSpareThreads="5" maxSpareThreads="75"
- enableLookups="true" disableUploadTimeout="true"
- acceptCount="100" maxThreads="200"
- scheme="https" secure="true" SSLEnabled="true"
- SSLCertificateFile="/usr/local/ssl/server.crt"
- SSLCertificateKeyFile="/usr/local/ssl/server.pem"
- clientAuth="false" sslProtocol="TLS"/>
--->
-</source>
+NOTE that SSL requires a source of entropy. Productive system needs a reliable source of entropy
+but entropy may need a lot of time to be collected.
</p>
-<p>
- To avoid auto configuration you can define which connector to use by specifying a classname
- in the protocol attribute.<br/>
- To define a Java connector, regardless if the APR library is loaded or not do:
-<source>
-<-- Define a blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
-<!--
-<Connector protocol="org.apache.coyote.http11.Http11Protocol"
- port="8443" minSpareThreads="5" maxSpareThreads="75"
- enableLookups="true" disableUploadTimeout="true"
- acceptCount="100" maxThreads="200"
- scheme="https" secure="true" SSLEnabled="true"
- keystoreFile="${user.home}/.keystore" keystorePass="changeit"
- clientAuth="false" sslProtocol="TLS"/>
--->
-<-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
-<!--
-<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
- port="8443" minSpareThreads="5" maxSpareThreads="75"
- enableLookups="true" disableUploadTimeout="true"
- acceptCount="100" maxThreads="200"
- scheme="https" secure="true" SSLEnabled="true"
- keystoreFile="${user.home}/.keystore" keystorePass="changeit"
- clientAuth="false" sslProtocol="TLS"/>
--->
-</source>
-and to specify an APR connector
-<source>
-<-- Define a APR SSL Coyote HTTP/1.1 Connector on port 8443 -->
-<!--
-<Connector protocol="org.apache.coyote.http11.Http11AprProtocol"
- port="8443" minSpareThreads="5" maxSpareThreads="75"
- enableLookups="true" disableUploadTimeout="true"
- acceptCount="100" maxThreads="200"
- scheme="https" secure="true" SSLEnabled="true"
- SSLCertificateFile="/usr/local/ssl/server.crt"
- SSLCertificateKeyFile="/usr/local/ssl/server.pem"
- clientAuth="false" sslProtocol="TLS"/>
--->
-</source>
+<p>You may use jboss-cli or edit standalone.xml to configure the connector in the web-system</p>
-</p>
-
-<p>You will note that the Connector element itself is commented out by default,
-so you will need to remove the comment tags around it. Then, you can
-customize the specified attributes as necessary. For detailed information
-about the various options, consult the
-<a href="config/index.html">Server Configuration Reference</a>. The
+<p>For detailed information about the various options, consult the
+<a href="config/ssl.html">The HTTPS Connector</a>. The
following discussion covers only those attributes of most interest when
setting up SSL communication.</p>
-<p>The <code>port</code> attribute (default value is 8443) is the TCP/IP
+<p>The <code>port</code> of the <code>socket-binding</code>attribute (default value is 8443) is the TCP/IP
port number on which JBoss Web will listen for secure connections. You can
change this to any port number you wish (such as to the default port for
<code>https</code> communications, which is 443). However, special setup
@@ -384,7 +297,7 @@
<blockquote><em>
<p>If you change the port number here, you should also change the
- value specified for the <code>redirectPort</code> attribute on the
+ value specified for the <code>redirect-port</code> attribute on the
non-SSL connector. This allows JBoss Web to automatically redirect
users who attempt to access a page with a security constraint specifying
that SSL is required, as required by the Servlet 2.4 Specification.</p>
@@ -394,76 +307,6 @@
You may need to add or change the following attribute
values, depending on how you configured your keystore earlier:</p>
- <attributes>
-
- <attribute name="algorithm" required="false">
- <p>The certificate encoding algorithm to be used. This defaults to the Sun
- implementation (<code>SunX509</code>). For IBM JVMs you should use the
- value <code>IbmX509</code>. For other vendors, consult the JVM
- documentation for the correct value.</p>
- </attribute>
-
- <attribute name="clientAuth" required="false">
- <p>Set to <code>true</code> if you want the SSL stack to require a
- valid certificate chain from the client before accepting a connection.
- Set to <code>want</code> if you want the SSL stack to request a client
- Certificate, but not fail if one isn't presented. A <code>false</code>
- value (which is the default) will not require a certificate chain
- unless the client requests a resource protected by a security
- constraint that uses <code>CLIENT-CERT</code> authentication.</p>
- </attribute>
-
- <attribute name="keystoreFile" required="false">
- <p>The pathname of the keystore file where you have stored the
- server certificate to be loaded. By default, the pathname is
- the file "<code>.keystore</code>" in the operating system home
- directory of the user that is running JBoss Web.</p>
- </attribute>
-
- <attribute name="keystorePass" required="false">
- <p>The password used to access the server certificate from the
- specified keystore file. The default value is "<code>changeit</code>".
- </p>
- </attribute>
-
- <attribute name="keystoreType" required="false">
- <p>The type of keystore file to be used for the server certificate.
- If not specified, the default value is "<code>JKS</code>".
- For example the *.p12 files from openssl can be used using
- <code>PKCS12</code></p>
- </attribute>
-
- <attribute name="sslProtocol" required="false">
- <p>The version of the SSL protocol to use. If not specified,
- the default is "<code>TLS</code>".</p>
- </attribute>
-
- <attribute name="ciphers" required="false">
- <p>A comma seperated list of the encryption ciphers that may be used.
- If not specified, then any available cipher may be used.</p>
- </attribute>
-
- <attribute name="keyAlias" required="false">
- <p>The alias used to for the server certificate in the keystore. If not
- specified the first key read in the keystore will be used.</p>
- </attribute>
-
- <attribute name="truststoreFile" required="false">
- <p>The TrustStore file to use to validate client certificates.</p>
- </attribute>
-
- <attribute name="truststorePass" required="false">
- <p>The password to access the TrustStore. This defaults to the value
- of <code>keystorePass</code>.</p>
- </attribute>
-
- <attribute name="truststoreType" required="false">
- <p>Add this element if your are using a different format for the
- TrustStore then you are using for the KeyStore.</p>
- </attribute>
-
- </attributes>
-
<p>After completing these configuration changes, you must restart JBoss Web as
you normally do, and you should be in business. You should be able to access
any web application supported by JBoss Web via SSL. For example, try:</p>
12 years, 10 months
- 1
- 0
JBossWeb SVN: r1981 - branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470.
by jbossweb-commits@lists.jboss.org
Author: bmaxwell
Date: 2012-02-23 18:39:35 -0500 (Thu, 23 Feb 2012)
New Revision: 1981
Modified:
branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/build.properties.default
branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/build.xml
Log:
[BZ794470] updated build version
Modified: branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/build.properties.default
===================================================================
--- branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/build.properties.default 2012-02-23 23:38:51 UTC (rev 1980)
+++ branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/build.properties.default 2012-02-23 23:39:35 UTC (rev 1981)
@@ -13,7 +13,7 @@
version.major=2
version.minor=0
version.build=0
-version.patch=GA_CP16_JBPAPP-8221
+version.patch=GA_CP16_BZ794470
# ----- Vesion Control Flags -----
jboss.version.major=4
Modified: branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/build.xml
===================================================================
--- branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/build.xml 2012-02-23 23:38:51 UTC (rev 1980)
+++ branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/build.xml 2012-02-23 23:39:35 UTC (rev 1981)
@@ -16,7 +16,7 @@
<property name="version.major" value="2" />
<property name="version.minor" value="0" />
<property name="version.build" value="0" />
- <property name="version.patch" value="GA_CP16_JBPAPP-8221" />
+ <property name="version.patch" value="GA_CP16_BZ794470" />
<property name="version.flag" value="" />
<property name="version.number" value="${version.major}.${version.minor}.${version.build}.${version.patch}" />
<property name="version" value="${version.major}.${version.minor}.${version.build}.${version.patch}${version.flag}" />
12 years, 10 months
- 1
- 0
JBossWeb SVN: r1980 - branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/src/share/classes/org/apache/catalina/authenticator.
by jbossweb-commits@lists.jboss.org
Author: bmaxwell
Date: 2012-02-23 18:38:51 -0500 (Thu, 23 Feb 2012)
New Revision: 1980
Modified:
branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/src/share/classes/org/apache/catalina/authenticator/FormAuthenticator.java
branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/src/share/classes/org/apache/catalina/authenticator/SavedRequest.java
Log:
[BZ794470] fix POST content type incorrect for multipart forms after login
Modified: branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/src/share/classes/org/apache/catalina/authenticator/FormAuthenticator.java
===================================================================
--- branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/src/share/classes/org/apache/catalina/authenticator/FormAuthenticator.java 2012-02-23 23:14:57 UTC (rev 1979)
+++ branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/src/share/classes/org/apache/catalina/authenticator/FormAuthenticator.java 2012-02-23 23:38:51 UTC (rev 1980)
@@ -436,7 +436,13 @@
// Set content type
MessageBytes contentType = MessageBytes.newInstance();
- contentType.setString("application/x-www-form-urlencoded");
+
+ //If no content type specified, use default for POST
+ String savedContentType = saved.getContentType();
+ if (savedContentType == null)
+ savedContentType = "application/x-www-form-urlencoded";
+
+ contentType.setString(savedContentType);
request.getCoyoteRequest().setContentType(contentType);
}
}
@@ -496,6 +502,10 @@
body.append(buffer, 0, bytesRead);
}
saved.setBody(body);
+
+ //Save content type, cannot assume application/x-www-form-urlencoded
+ //since it could be a multi-part form
+ saved.setContentType(request.getContentType());
}
saved.setMethod(request.getMethod());
Modified: branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/src/share/classes/org/apache/catalina/authenticator/SavedRequest.java
===================================================================
--- branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/src/share/classes/org/apache/catalina/authenticator/SavedRequest.java 2012-02-23 23:14:57 UTC (rev 1979)
+++ branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/src/share/classes/org/apache/catalina/authenticator/SavedRequest.java 2012-02-23 23:38:51 UTC (rev 1980)
@@ -178,4 +178,17 @@
public void setBody(ByteChunk body) {
this.body = body;
}
+
+ /**
+ * The content type of the request, used if this is a POST.
+ */
+ private String contentType = null;
+
+ public String getContentType() {
+ return (this.contentType);
+ }
+
+ public void setContentType(String contentType) {
+ this.contentType = contentType;
+ }
}
12 years, 10 months
- 1
- 0
JBossWeb SVN: r1979 - branches.
by jbossweb-commits@lists.jboss.org
Author: bmaxwell
Date: 2012-02-23 18:14:57 -0500 (Thu, 23 Feb 2012)
New Revision: 1979
Added:
branches/JBOSSWEB_2_0_0_GA_CP16_BZ794470/
Log:
[BZ794470] create patch branch off of current CVE fixes
12 years, 10 months
- 1
- 0