[PACTH] [jakarta-tomcat-5]

. * * @author Craig R. McClanahan + * @author Jean-Francois Arcand * @version $Revision: 1.66 $ $Date: 2002/06/23 20:35:30 $ */ @@ -224,7 +225,6 @@ * @param event The lifecycle event that has occurred */ public void lifecycleEvent(LifecycleEvent event) { - // Identify

[PATCH][jakarta-tomcat-catalina]

Hi, this minor change fixes a bug : when an appllication is undeployed (removed), ContainerEvent with the value of REMOVE_EVENT are fired. The bug is also in jakarta-tomcat-4. Should I send another patch? Thanks, -- Jeanfrancois Index: StandardHostDeployer.java

[PATCH] [jakarta-servletapi-5]

Hi , attached is the remaining XML schema that need to be available locally. src/share/dtd/j2ee_1_4.xsd src/share/dtd/web-app_2_4.xsd src/share/dtd/jsp_2_0.xsd src/share/dtd/jsptaglibrary_2_0.xsd Thanks, -- Jeanfrancois jakarta-servletapi- 5_localschema.zip Description: Zip c

[PATCH] [jakarta-servletapi-5]

Hi, this include a modified version of xml.xsd (from W3c) were the DOCTYPE element is removed (commented). Xerces 2.0.1 seems to have problem with this entity when schema is used and the parser is running inside a firewall, using a local copy of the xml.xsd. Thanks, -- Jeanfrancois Index:

[PATCH]'jakarta-tomcat-catalina]

Hi, this patch clean up the code and turn on automatically namespace validation when using schema. Thanks, -- Jeanfrancois Index: ContextConfig.java === RCS file: /home/cvspublic/jakarta-tomcat-catalina/catalina/src/share/org/

[PATCH][tomcat-catalina] RealmBase/Authenticator re-factoring.

HI, I have completed the move of the authorization logic from the o.a.c.authenticator.AuthenticatorBase to the o.a.c.realm.RealmBase. The Realm class has now three new methods: /** * Return the SecurityConstraint configured to guard the request URI for * this request, or null if

[PATCH][servletapi-5] Build.xml

Hi, minor change to include all *.xsd in the same directory (javax/servlet/resources) since there is a Xerces limitation when resolving systemId from multiple URIs (only 1 is supported). Thanks, -- Jeanfrancois Index: build.xml ===

[PATCH][Catalina] Use fully qualified URI for locating local schema

Hi, this patch change the way local schema are stored -> use the full URI instead a the file name. Thanks, -- Jeanfrancois Index: Constants.java === RCS file: /home/cvspublic/jakarta-tomcat-catalina/catalina/src/share/org/apach

Re: [PATCH][Catalina] Use fully qualified URI for locating localschema

47) > at > org.apache.catalina.core.StandardService.start(StandardService.java:497) > at > org.apache.catalina.core.StandardServer.start(StandardServer.java:2231) > at org.apache.catalina.startup.Catalina.start(Catalina.java:516) > at > org.apache

Re: [5.0] Build notes

Patrick Luby wrote: > Costin, > > [EMAIL PROTECTED] wrote: > >> On Sun, 11 Aug 2002, Patrick Luby wrote: >> >> >>> commons-digester/logging, etc. I think that this would make the >>> build more reliable since Tomcat 5 is dependent on very specific >>> versions of Apache dependencies (e.g. Xer

Re: [5][PATCH]Run Watchdog from the jakarta-tomcat-5 build.xml

Steve Downey wrote: > Thanks for pointing the tomcat5 task out. I'm trying to reimplement > with that, and have run into a couple of snags. > > First is that o.a.c.startup.CatalinaService doesn't distinguish > between catalina.home and catalina.base. setHome() actually sets both > of them. A

[5.0] [PROPOSAL] Validation/NamespaceAware

Hi, based on the mailling list feedback, I would like to propose the following solution for the XML Parser DTD/Schema validation/namespace aware problems: - Add the following attributes in server.xml under the HOST element: xmlValidation="false" xmlNamespaceAware="false" and set them equal t

[PATCH][5] build.properties.defaut, BUILDING.txt

This patch update the required version of the Digester. Thanks, -- Jeanfrancois Index: build.properties.default === RCS file: /home/cvspublic/jakarta-tomcat-5/build.properties.default,v retrieving revision 1.27 diff -u -r1.27 buil

[PATCH] Xerces 2.0.1 also is buggy

Hi, Xerces 2.0.1 contains a bug that produce the error Remy reports earlier this week :-( Xerces 2.0.2 contains a bug that produce a StackTraceOverflow :-( In order to supports schema and dtd, Xerces nightly build is the only version that parse properly DTD and schema when validation is on.

Re: [VOTE] New committer: Jean-Francois Arcand

Thanks everybody! Now you can say you have a Quebecois as a commiter ;-) -- Jeanfrancois Patrick Luby wrote: > All, > > Jean-François Arcand has received several +1's and no -1's. So, > Jean-François, congratulations! > > Can someone create an account for Jean-François Arcand? > > Thanks, > >

[PATCH] [Catalina]

* * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * [Additional notices, if required by

[PATCH][5] build.properties.default BUILDING.txt

This patch updated the required version of the Digester package in oder to support schema/dtd local validation. Thanks, -- Jeanfrancois Index: BUILDING.txt === RCS file: /home/cvspublic/jakarta-tomcat-5/BUILDING.txt,v retrieving

Re: Tomcat 5 build failing,

That stangethe nightly build script that start at 11:59pm each day doesn't break. The scripts starts from a clean workspace.What is the error you are seeing? -- Jeanfrancois Filip Hanik wrote: Is the regular "ant dist" command failing only for me, or are the build scripts broken or the

build.xml still broken...

Hi, the nightly scriptm who starts from a clean workspace, fail with the following: downloadfile: [mkdir] Created dir: /home/jfarcand/jakarta-tomcat/tyrex-1.0 [get] Getting: http://telia.dl.sourceforge.net/sourceforge/tyrex/tyrex-1.0.jar init: [mkdir] Created dir: /disk/raid0/home/jfa

Re: Xerces Question

From your description, everything seems fine. Does the error occurs only inside Tomcat or if you parse your file using the command line if also choke? -- Jeanfrancois Bill Barker wrote: I've been trying to set up a CLIENT-CERT authentication for MemoryRealm (one of the few that handles it :).

Re: [VOTE] [4.1.24] Stability rating

[ ] Alpha [ ] Beta [X ] Stable (GA) -- Jeanfrancois - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Re: [5.0] Monitor servlet

Hi Remy, the servlet doesn't compile with JDK 1.3.x : StatusManagerServlet.java:274: cannot resolve symbol [javac] symbol : method maxMemory () [javac] location: class java.lang.Runtime [javac] writer.print(Runtime.getRuntime().maxMemory()); [javac]

Re: [5.0] Monitor servlet

Remy Maucherat wrote: Jean-Francois Arcand wrote: Hi Remy, the servlet doesn't compile with JDK 1.3.x : StatusManagerServlet.java:274: cannot resolve symbol [javac] symbol : method maxMemory () [javac] location: class java.lang.Runtime [javac] writer.

Re: Why does Tomcat use xerces under java 1.4 instead of the internaljvm classes?

Because the xerces version bundled with 1.4 is an older one, doesn't support XML schema properly, and contains bugs (and is not as performant as the 2.x version) -- Jeanfrancois David Thielen wrote: thanks - dave - To unsubsc

Re: Why does Tomcat use xerces under java 1.4 instead of the internaljvm classes?

Costin Manolache wrote: Jean-Francois Arcand wrote: Because the xerces version bundled with 1.4 is an older one, doesn't support XML schema properly, and contains bugs (and is not as performant as the 2.x version) Isn't Crimson in JDK1.4 ? I remember we decided to disable

Re: [4.1.x] Next release

Costin Manolache wrote: Remy Maucherat wrote: Could I get some details on that filter/facade bug ? Yes, Filter.init() is called with the Context object instead of the facade. While Servlet.init() is called correctly. This may allow access to the internals, and is just weird ( getting

Re: [4.1.x] Next release

Remy Maucherat wrote: Costin Manolache wrote: Remy Maucherat wrote: Could I get some details on that filter/facade bug ? Yes, Filter.init() is called with the Context object instead of the facade. While Servlet.init() is called correctly. This may allow access to the internals, and is just

Re: Why does Tomcat use xerces under java 1.4 instead of the internaljvm classes?

Costin Manolache wrote: Jean-Francois Arcand wrote: At least in tomcat5 I never use xerces - only the bundled parser, and so far I've seen no problems. Crimson is a very good parser, and it still faster that Xerces in some case. The only reason I see for bundling xerces is for

Re: xerces in tomcat-4.1.x

Wait :-) I still did not ran all the tests that I have, specially the lovely XML schema one. It seems to work fine when validation is turned off, but I would like to be sure...mayb we can start using it with Tomcat 5 and change Tomcat 4.1.x once we are sure it work. -- Jeanfrancois jean-frede

Re: [5.0] More dependencies

Remy Maucherat wrote: Remy Maucherat wrote: - daemon: Home of Mladen's procrun, a very promising exe wrapper for Java programs on Windows; this also contains a Unix wrapper for Java programs; the Unix wrapper could be advertised as "the" recommended solution to run Tomcat on 80 on Unix, and i

Re: cvs commit:jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5CoyoteRequest.java

Remy Maucherat wrote: Jean-Francois Arcand wrote: OK, let's try to describe the problem. First, here is the stack trace the application is throwing when running: java.lang.NullPointerException at org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute(CoyoteRequestFaca de.jav

Re: cvs commit:jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5CoyoteRequest.java

Remy Maucherat wrote: [EMAIL PROTECTED] wrote: jfarcand2003/06/06 12:04:51 Modified:catalina/src/share/org/apache/coyote/tomcat5 CoyoteRequest.java Log: Revert the patch until I come with a better solution. I'd like to be convinced there's a bug here ;-)

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/coreStandardContext.java

Remy Maucherat wrote: [EMAIL PROTECTED] wrote: jfarcand2003/05/28 21:13:24 Modified:catalina/src/share/org/apache/catalina/core StandardContext.java Log: Revert back my latest changes since it did not fix the problem completely. Don't worry about that I

Re: [5] reference to 2.3 dtd instead of 2.4?

Tim Funk wrote: The dtd in jakarta-servletapi-5\jsr154\examples\WEB-INF\web.xml says: http://java.sun.com/dtd/web-app_2_3.dtd";> Is this right? Yes it is. The examples doesn't contains any new 2.4 features. Of course it will be better if we improve the examples to demonstrate the new 2.4 feat

Re: [5.0] Commons dependencies

Remy Maucherat wrote: Costin Manolache wrote: Remy Maucherat wrote: - modeler: Basis for Tomcat 5 JMX features, with a lot of new impressively efficient functionality since release 1.0; again, a critical component [Costin (do you have enough time to continue being the RM of that component ?)]

Re: cvs commit:jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5CoyoteRequest.java

OK, let's try to describe the problem. First, here is the stack trace the application is throwing when running: java.lang.NullPointerException at org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute(CoyoteRequestFaca de.java:271) at com.sun.web.ui.view.html.CCButton.getAttribute(CCButton

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5MapperListener.java

Remy Maucherat wrote: [EMAIL PROTECTED] wrote: jfarcand2003/07/22 21:02:29 Modified:catalina/src/share/org/apache/coyote/tomcat5 MapperListener.java Log: When using the embedded interface (or jmx directly), context are never removed because of this condit

Re: [5] Authentication for Overlapping Constraints

Bill Barker wrote: Tomcat doesn't adhere to the (new) requirements in the 2.4 Servlet-Spec for handling the case of Overlapping Constraints: When a url-pattern and http-method pair occurs in multiple security constraints, the applicable constraints (on the pattern and method) are defined by com

Re: [5.0.5] New tag tomorrow ?

+1 Remy Maucherat wrote: To be able to reach beta quality around the end of this month, a new milestone will need to be released at the end of this week (and more generally, I think a one milestone per week schedule can't hurt when trying to go to beta - even if we end up missing the deadline

[5] Mapper bug?

Hi, I'm currently doing a very basic test: [EMAIL PROTECTED] jfarcand]$ wget http://localhost:8080/ --20:59:22-- http://localhost:8080/ => `index.html' Resolving localhost... done. Connecting to localhost[127.0.0.1]:8080... connected. HTTP request sent, awaiting response... 400 No Hos

Re: [5] Mapper bug?

Forget that. The bug is in front of the computer! -- Jeanfrancois Jean-Francois Arcand wrote: Hi, I'm currently doing a very basic test: [EMAIL PROTECTED] jfarcand]$ wget http://localhost:8080/ --20:59:22-- http://localhost:8080/ => `index.html' Resolving loca

Re: [VOTE] 4.1.26 stability rating

Finaly... Remy Maucherat wrote: [ ] Alpha [ ] Beta [X] Stable -- Jeanfrancois - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Re: securityManager in JasperLoader.java

Hi Jean-Frederic, the current source have: int dot = name.lastIndexOf('.'); if (securityManager != null) { if (dot >= 0) { try { // Do not call the security manager since by default, we grant that package. if (!"org.a

Re: [5.0.7] New build by Sunday

Remy Maucherat wrote: Jean-Francois Arcand wrote: +1. There is 1 bug in bugtraq currently open about *.jsp url mapping that I need to investigate (I'm not sure yet it's a bug) but I hope to have a fix before Sunday. And what would the bug be ? (I think I know the mapper code far b

Re: [5.0.7] New build by Sunday

+1. There is 1 bug in bugtraq currently open about *.jsp url mapping that I need to investigate (I'm not sure yet it's a bug) but I hope to have a fix before Sunday. -- Jeanfrancois Remy Maucherat wrote: Hi, I plan to make a new build available by Sunday. Comments ? Any issues which would nee

Re: [VOTE] 5.0.7 stability rating

Remy Maucherat wrote: [X ] Alpha [ ] Beta Please vote :) Add comments if needed. (1) Xerces validation doesn't work (seems the way we load the DTD is incorrect, producing the current error...but wait, we never know with Xerces ;-) ). Since validation was by default supported in 4.x, I'm

Re: Xerces location and bug

Remy Maucherat wrote: Jean-Francois Arcand wrote: Hi, I've just realized that when you install Tomcat 5 from a fresh workspace, Xerces is not copied under common/endorsed. I don't remember what was the decision regarding Xerces. Have we decide to completely remove it? If yes, the

Re: [VOTE] Tomcat 5.0 release plan

+1 -- Jeanfrancois Remy Maucherat wrote: I have updated the dates mentioned in the release plan (given that Tomcat 5 can't go to beta before the end of last month ;-) ). It now calls for a beta before the 15th of August, which means either Tomcat 5.0.6 or 5.0.7 would have to be declared beta t

Re: Resend: Tomcat 4.1.24 & JVM 1.4.2 security hole?

Oups I've missed the discussion . There is a 1.4.2 bug found by Remy (and reported in bugtraq as 4895132. I'm not sure you can access the bug). The workaround is to add the following property when starting Tomcat: -Dsun.io.useCanonCaches=false Can you try it and see if that fixe the problem (I

Re: [VOTE] New committer: Eric Carmichael

+1. If he like Xerces, he can jump on that side too ;-) -- Jeanfrancois Remy Maucherat wrote: I'd like to nominate Eric Carmichael as a committer on the Tomcat project. Eric has been steadily supplying quality patches to the new Jasper which will implement the JSP 2.0 specification, and has h

Re: [VOTE] 5.0.7 stability rating

Remy Maucherat wrote: Jean-Francois Arcand wrote: Remy Maucherat wrote: [X ] Alpha [ ] Beta Please vote :) Add comments if needed. (1) Xerces validation doesn't work (seems the way we load the DTD is incorrect, producing the current error...but wait, we never know with X

Xerces location and bug

Hi, I've just realized that when you install Tomcat 5 from a fresh workspace, Xerces is not copied under common/endorsed. I don't remember what was the decision regarding Xerces. Have we decide to completely remove it? If yes, then we shoud remove the dependency in build.properties and unpdate

Re: [VOTE] 5.0.9 stability rating

Remy Maucherat wrote: [ ] Alpha [X ] Beta Except for validation (which I'm still investigating (try to create smaller test case for the Xerces folks) -- Jeanfrancois - To unsubscribe, e-mail: [EMAIL PROTECTED] For addition

Re: [VOTE] 5.0.9 stability rating

Bill Barker wrote: - Original Message - From: "Remy Maucherat" <[EMAIL PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]> Sent: Monday, August 25, 2003 12:32 AM Subject: Re: [VOTE] 5.0.9 stability rating Bill Barker wrote: Tim Funk wrote: Installed 5.0.9 fro

Re: [VOTE] 5.0.9 stability rating

Bill Barker wrote: - Original Message - From: "Jean-Francois Arcand" <[EMAIL PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]> Sent: Monday, August 25, 2003 6:20 AM Subject: Re: [VOTE] 5.0.9 stability rating Bill Barker wrote: - Or

Re: [VOTE] 5.0.11 stability rating

Seems my apache/sun email are blocked when I reply. :-( Remy Maucherat wrote: > > [X] Alpha > [ ] Beta > When turning the security manager on: > java.security.AccessControlException: access denied (java.io.FilePermission > /home/ja120114/src/jakarta-tomcat-5/build/server/webapps/manag

Re: [5.0] Session at ApacheCon

Remy Maucherat wrote: > http://apachecon.com/html/session-popup.html/e=MjAwMy9VUw?id=897 > > New XML Schema support > > Well, hum, it doesn't work for me ^_^; I hope it work at that time ;-) > > > New Connector Architecture > > It was already there in 4.1.x. If you do a diff, you'll see that

Re: [5.0] Session at ApacheCon

Filip Hanik wrote: >and clustering :) True. But I will try to speak about things that I know (or seems to know ;-)). For sure I will at least add it to the what's new list. Thanks, -- Jeanfrancois >- Original Message - >From: "Remy Maucherat" <[EMAIL PROTECTED]> >To: "Tomcat Devel

Re: [VOTE] 5.0.12 stability rating

Remy Maucherat wrote: [ ] Alpha [X ] Beta -- Jeanfrancois - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup ContextConfig.java TldConfig.java

Remy Maucherat wrote: [EMAIL PROTECTED] wrote: jfarcand2003/09/23 14:37:01 Modified:catalina/src/share/org/apache/catalina/startup ContextConfig.java TldConfig.java Log: Revert my previous patch since it force validation even when the value is set to false (for schema). I didn't upgr

Re: [5] Proposal: webapp startup

[EMAIL PROTECTED] wrote: >There are several possible use cases, and I think we should try to >provide options to support each one. > >Regardless of the startup timing, in all cases no request will >be served from an webapp until all initialization is done, including >load on startup servlets. T

[PATCH][Catalina] Validation turned off by default.

Hi, attached is a patch that implement the mechanism to turn off/on the XML validation and namespace awareness. Starting with this patch, validation/namespace will be turned off. If you want to turn it on, do: *xmlValidation and xmlNamespaceAware are optional attributes. Current server.xml

Re: [TC 5] XMLSchema validation and Xerces 2.1.0

Hans Schmid wrote: >Hi, > >as far as I understand, there are problems in Tomcat 5 >with the XML Schema validation. A hack in Tomcat plus Xerces 2.0.1 >are currentzly in the build system. > >Has anyone tried the new Xerces release 2.1.0 yet ? > Yes, I have done some tesing and it works fine. I

Re: [TC 5] XMLSchema validation and Xerces 2.1.0

David Oxley wrote: >Also, you probably ought to include the XML parser (Xerces 2.1.0) with the >LE edition of TC5 (If it does fix it). > >Does Sun JDK1.4 come with Xerces or Crimson? I thought I read that it was >supplied with a version of Xerces, but the source that comes with it has >org.apac

Re: [TC 5] XMLSchema validation and Xerces 2.1.0

Remy Maucherat wrote: > Jean-Francois Arcand wrote: > >> >> >> Hans Schmid wrote: >> >>> Hi, >>> >>> as far as I understand, there are problems in Tomcat 5 with the XML >>> Schema validation. A hack in Tomcat plus Xerces 2.0.1

Re: Abuse@verizon.net

jean-frederic clere wrote: > Hi, > > Each time I am replying a message of the list I am getting a message > from [EMAIL PROTECTED] (Advert or complain?). > > Has any one received this kind of message? I don't, but I suspect your mail server has been placed on a spam mail list and now monitor

Re: [4.1.10] Stability rating

Remy Maucherat wrote: > I think milestone 4.1.10 is of good quality and we can consider > releasing it as the first stable release in the 4.1.x line. > > > [ ] Alpha > [ ] Beta > [X ] Stable > From the DTD validation point of view, the performance seems better with Xerces 2.1 (informal t

Re: [VOTE] [4.0.5] [4.1.12] Security releases

Remy Maucherat wrote: > A security vulnerability which affects all releases of Tomcat 4.x has > been discovered. > > It is proposed that new Tomcat 4.0.x and 4.1.x releases are made, at > which time the exploit will be publicized. The security advisory will > also include an easy workaround

Re: [VOTE] commit new Tomcat 4 SecurityManager XML Policy code toCVS

t). The spec doesn't say anything about the way policy file are represented (open the door to n <!-- google_ad_client = "pub-7266757337600734"; google_alternate_ad_url = "http://www.mail-archive.com/blank.png"; google_ad_width = 160; google_ad_height = 600; google_

[Off Topic] SecurityManager XML Policy questions/recommendations

Hi Glenn, here is a couple of questions regarding your SecurityManager XML works: (1) All permissions seems to be stored in class SecurityPolicyBase. The Map used to store permission is static, meaning all permissions will be stored in (why all? doing permissions.implies will browse every p

Re: [Off Topic] SecurityManager XML Policy questions/recommendations

Hi Glenn, see below... Glenn Nielsen wrote: > Hi Jean-Francois, > > My comments are intermixed below. > > Jean-Francois Arcand wrote: > >> Hi Glenn, here is a couple of questions regarding your >> SecurityManager XML works: >> >> (1) A

Re: [VOTE] [5.0] Milestones

> > > [ X] +1 Yes, start releasing milestones > [ ] -1 No, because: > > > > -- To unsubscribe, e-mail: For additional commands, e-mail:

Re: cvs commit: jakarta-tomcat-4.0/catalina/src/conf catalina.policy

Hi Glenn, your last addition seems, IMO, to open a security isssue with classes located under the o.a.c.util directory. Actually, maybe not for Tomcat 4.1, but for 5.0, I have created a class called SecurityAudit.java that contains some security check. If we port your latest changes, this clas

Re: Little refactoring in o.a.t.u.net

Tar the code and post it here...so we can look and enjoy :-) -- Jeanfrancois Ignacio J. Ortega wrote: >I have in my workspace working a litle refactoring of the o.a.t.u.net >package translating the JSSE* classes to his own package ( named of >course jsse) and the same for PureTLs* ones ( with a

Re: Is Compile Failure? was Re: Need some clarifications

Henri Gomez wrote: > Steve Downey wrote: > >> Actually, with the recent release of commons-logging, we should be >> able to get rid of the explicit LogKit and Log4J. They're there so as >> to get a complete build of commons-logging. Tomcat 5 itself doesn't >> use either directly. >> >> Xerce

Re: [5.0] [VOTE] Removal of the LE distribution

+1 [X] Yes, remove the LE distribution -1 [ ] No, keep both distributions But...The only problem I see is the Xerces version included in 1.3 doesn't support XML Schema. So if people turn on validation, the parser will not work for Servlet 2.4/JSP 2.0I recommend we make it clear in the i

Re: [5.0] [VOTE] Removal of the LE distribution

Bill Barker wrote: >- Original Message - >From: "Remy Maucherat" <[EMAIL PROTECTED]> >To: "Tomcat Developers List" <[EMAIL PROTECTED]> >Sent: Thursday, October 03, 2002 7:50 PM >Subject: Re: [5.0] [VOTE] Removal of the LE distribution > > > > >>Costin Manolache wrote: >> >> >>>Rem

Re: xerces-j2 2.2.0 problem submitted in bugzilla

I just spoke to a Xalan member and he told me they have the same problem (exception) but this time with "/" instead of "--". We should stick with Xerces 2.1.0seems to have more that one bug in Xerces 2.2.0. -- Jeanfrancois Henri Gomez wrote: > I reported the error in xerces2 bugzilla

Re: JSP 2.0's J2SE 1.4 Requirement

Costin Manolache wrote: >Remy Maucherat wrote: > > > >>>If the EG prefers features over portability - then we need to find a >>>way to create a distribution without JSP ( is this possible ?) and maybe >>>compensate by including cocoon or velocity. >>> >>> >>Personally, I would support 1

[Proposal] Security Audit

Hi, I'm looking to do a Security Audit on the current Tomcat 5.0 codebase. I would like to collect as more as information as where you think I should look at (code, security hole, etc.). I'm planning to do the audit using the default SecurityManager. Rigth now, I have started looking at: - do

Re: [5.0] [VOTE] Remove deprecated and unsupported components

> > > [ X ] Remove deprecated org.apache.catalina.connector components from > the j-t-catalina module > [ ] Leave them in > -- Jeanfrancois -- To unsubscribe, e-mail: For additional commands, e-mail:

Tomcat 4.1.12: Xerces 2.2 problems - > Struts 1.0.2 bug.

Hi, with Tomcat 4.1.12, Xerces 2.2 is throwing the following exception: org.xml.sax.SAXParseException: The string "--" is not permitted within comments. at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) This is a bug in the org.apache.struts.digester.Digester class. If y

Re: [Proposal] Security Audit

uff?) - Serializable (exposes private stuff?) Does anyone publish a security checklist list like this? Blah Blah, -bob On Tue, 2002-10-08 at 16:36, Jean-Francois Arcand wrote: Hi, I'm looking to do a Security Audit on the current Tomcat 5.0 codebase. I would like to coll

Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/netSSLServerSocketFactory.java

Hi Remy, when you start with the SecurityManager, the following exception is thrown. java.lang.ClassNotFoundException: org.apache.catalina.connector.HttpRequestBase$Privilege dGetSession at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.j ava:890)

Re: [VOTE] tomcat-commiters list

Costin Manolache wrote: >I would like to propose a new mailing list. > >The list will be closed to commiters only. The main purpose >will be discussions of security and other special issues. >This should avoid [Cc] threads. > >The main target should be active commiters - so it should >start em

[Security Audit] Package protection...

HI, is somebody aware why package org.apache.coyote.* and org.apache.tomcat.* are not protected againts package insertion/access in Catalina.java. What is the reasons? Actually, classes are not available to a Webapp (the Classloader is taking care of it) but when Tomcat is embedded in an app

Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/startupCatalina.java CatalinaService.java

Hi Glenn, should it be org.apache.tomcat.util instead of org.apache.util ? Thanks, -- Jeanfrancois [EMAIL PROTECTED] wrote: >glenn 2002/10/15 13:33:19 > > Modified:catalina/src/share/org/apache/catalina/startup Catalina.java >CatalinaService.java > Log: >

[Security Audit] CoyoteRequest.doGetSession

Hi, In o.a.c.tomcat5.CoyoteRequest (same in tomcat4), there is a doPrivilege block that grant the doGetSession method. This method delegate the logic to the o.a.c.Manager instance. A Manager can (but it's not required) uses a o.a.c.Store object . The Manager and the Store object may need spec

Re: [Security Audit] CoyoteRequest.doGetSession

d by default whatever they want. If I want to denied ManagerA file permissions, I have no way to do it right now...right? > > > -1 for changing/removing the doPrivileged() Other voices? > > > Regards, > > Glenn Thanks, -- Jeanfrancois > > > Jean-Franc

Re: [Security Audit] CoyoteRequest.doGetSession

not the best >> implementation, but I think you get my point ). >> > > Persisting session data is the responsibility of the container not > the web application. Session management/persistence should be completely > transparent to the webapp including security policy permissi

[Proposal] Having a Tomcat.security file.

Hi, I've re-factored Catalina.java and CatalinaService.java and merge the security code into a single class: o.a.c.security.SecurityConfig. This class will manage all the package access/definition security properties. Actually, the list of package access/definition are harcoded in that class.

Re: [Proposal] Having a Tomcat.security file.

Glenn Nielsen wrote: > Jean-Francois Arcand wrote: > >> Hi, >> >> I've re-factored Catalina.java and CatalinaService.java and merge the >> security code into a single class: o.a.c.security.SecurityConfig. >> This class will manage all the package

Re: Tomcat 4.0.3 doesn't deploy WAR files with particular names

The appropriate forum for that type of questions will be first under tomcat-user mailling list :-) I've just rename one of my war " wiponline.war" file without any problems. So it is not related to Tomcat. Maybe you JDK have a bug? -- Jeanfrancois Markus Zänglein wrote: >HI > >I was faced

Security Check in Classloader.

Hi, In StandardClassLoader, starting line 815, the SecurityManager is invoked: // (.5) Permission to access this class when using a SecurityManager if (securityManager != null) { int i = name.lastIndexOf('.'); if (i >= 0) { try {

Re: Security Check in Classloader.

Foget that email. The problem is in front of the computer, not in the class ;-) -- Jeanfrancois Jean-Francois Arcand wrote: Hi, In StandardClassLoader, starting line 815, the SecurityManager is invoked: // (.5) Permission to access this class when using a SecurityManager if

Re: [VOTE] New Committer John Turner

+1 He is quite impressive on tomcat-users list -- Jeanfrancois Bob Herrmann wrote: Mladen's word is enough for me. +1 for John Turner Cheers, -bob On Fri, 2002-10-18 at 15:11, Mladen Turk wrote: Hi, I'd like to propose John Turner [Jturner at AAS.com] as a new Tomcat committer. He do

MBean error when adding a new o.a.c.s.Manager.

Hi, I got the following error when I start Tomcat with the o.a.c.session.PersistentManager manager: ServerLifecycleListener: createMBeans: MBeanException java.lang.Exception: ManagedBean is not found with PersistentManager at org.apache.catalina.mbeans.MBeanUtils.createMBean(MBeanUtils.j

MBean error when using o.a.c.session.PersistentManager

Hi, I got the following error when I start Tomcat with the o.a.c.session.PersistentManager manager: ServerLifecycleListener: createMBeans: MBeanException java.lang.Exception: ManagedBean is not found with PersistentManager at org.apache.catalina.mbeans.MBeanUtils.createMBean(MBeanUtils.

Re: MBean error when using o.a.c.session.PersistentManager

Sorry for the second postmy mail server is having problems Jean-Francois Arcand wrote: Hi, I got the following error when I start Tomcat with the o.a.c.session.PersistentManager manager: ServerLifecycleListener: createMBeans: MBeanException java.lang.Exception: ManagedBean is not

Re: [Security Audit] CoyoteRequest.doGetSession

OK, I have committed the change, do testing, and try to hack the code I just wrote. Of course, more testing will be appreciated :-) -- Jeanfrancois Glenn Nielsen wrote: Jean-Francois Arcand wrote: Glenn Nielsen wrote: Costin Manolache wrote: I'm in the middle on this one -

  1   2   >