archive-es.com » ES » E » EPPA.ES

Total: 100

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Apache Tomcat 7 (7.0.22) - Realm Configuration HOW-TO
    something like this adapt the syntax as required for your particular database create table users user name varchar 15 not null primary key user pass varchar 15 not null create table user roles user name varchar 15 not null role name varchar 15 not null primary key user name role name Example Realm elements are included commented out in the default CATALINA BASE conf server xml file Here s an example for using a MySQL database called authority configured with the tables described above and accessed with username dbuser and password dbpass Realm className org apache catalina realm JDBCRealm driverName org gjt mm mysql Driver connectionURL jdbc mysql localhost authority user dbuser amp password dbpass userTable users userNameCol user name userCredCol user pass userRoleTable user roles roleNameCol role name Additional Notes JDBCRealm operates according to the following rules When a user attempts to access a protected resource for the first time Tomcat will call the authenticate method of this Realm Thus any changes you have made to the database directly new users changed passwords or roles etc will be immediately reflected Once a user has been authenticated the user and his or her associated roles are cached within Tomcat for the duration of the user s login For FORM based authentication that means until the session times out or is invalidated for BASIC authentication that means until the user closes their browser The cached user is not saved and restored across sessions serialisations Any changes to the database information for an already authenticated user will not be reflected until the next time that user logs on again Administering the information in the users and user roles table is the responsibility of your own applications Tomcat does not provide any built in capabilities to maintain users and roles DataSourceRealm Introduction DataSourceRealm is an implementation of the Tomcat Realm interface that looks up users in a relational database accessed via a JNDI named JDBC DataSource There is substantial configuration flexibility that lets you adapt to existing table and column names as long as your database structure conforms to the following requirements There must be a table referenced below as the users table that contains one row for every valid user that this Realm should recognize The users table must contain at least two columns it may contain more if your existing applications required it Username to be recognized by Tomcat when the user logs in Password to be recognized by Tomcat when the user logs in This value may in cleartext or digested see below for more information There must be a table referenced below as the user roles table that contains one row for every valid role that is assigned to a particular user It is legal for a user to have zero one or more than one valid role The user roles table must contain at least two columns it may contain more if your existing applications required it Username to be recognized by Tomcat same value as is specified in the users table Role name of a valid role associated with this user Quick Start To set up Tomcat to use DataSourceRealm you will need to follow these steps If you have not yet done so create tables and columns in your database that conform to the requirements described above Configure a database username and password for use by Tomcat that has at least read only access to the tables described above Tomcat will never attempt to write to these tables Configure a JNDI named JDBC DataSource for your database Refer to the JNDI DataSource Example HOW TO for information on how to configure a JNDI named JDBC DataSource Set up a Realm element as described below in your CATALINA BASE conf server xml file Restart Tomcat if it is already running Realm Element Attributes To configure DataSourceRealm you will create a Realm element and nest it in your CATALINA BASE conf server xml file as described above The attributes for the DataSourceRealm are defined in the Realm configuration documentation Example An example SQL script to create the needed tables might look something like this adapt the syntax as required for your particular database create table users user name varchar 15 not null primary key user pass varchar 15 not null create table user roles user name varchar 15 not null role name varchar 15 not null primary key user name role name Here is an example for using a MySQL database called authority configured with the tables described above and accessed with the JNDI JDBC DataSource with name java comp env jdbc authority Realm className org apache catalina realm DataSourceRealm dataSourceName jdbc authority userTable users userNameCol user name userCredCol user pass userRoleTable user roles roleNameCol role name Additional Notes DataSourceRealm operates according to the following rules When a user attempts to access a protected resource for the first time Tomcat will call the authenticate method of this Realm Thus any changes you have made to the database directly new users changed passwords or roles etc will be immediately reflected Once a user has been authenticated the user and his or her associated roles are cached within Tomcat for the duration of the user s login For FORM based authentication that means until the session times out or is invalidated for BASIC authentication that means until the user closes their browser The cached user is not saved and restored across sessions serialisations Any changes to the database information for an already authenticated user will not be reflected until the next time that user logs on again Administering the information in the users and user roles table is the responsibility of your own applications Tomcat does not provide any built in capabilities to maintain users and roles JNDIRealm Introduction JNDIRealm is an implementation of the Tomcat Realm interface that looks up users in an LDAP directory server accessed by a JNDI provider typically the standard LDAP provider that is available with the JNDI API classes The realm supports a variety of approaches to using a directory for authentication Connecting to the directory The realm s connection to the directory is defined by the connectionURL configuration attribute This is a URL whose format is defined by the JNDI provider It is usually an LDAP URL that specifies the domain name of the directory server to connect to and optionally the port number and distinguished name DN of the required root naming context If you have more than one provider you can configure an alternateURL If a socket connection can not be made to the provider at the connectionURL an attempt will be made to use the alternateURL When making a connection in order to search the directory and retrieve user and role information the realm authenticates itself to the directory with the username and password specified by the connectionName and connectionPassword properties If these properties are not specified the connection is anonymous This is sufficient in many cases Selecting the user s directory entry Each user that can be authenticated must be represented in the directory by an individual entry that corresponds to an element in the initial DirContext defined by the connectionURL attribute This user entry must have an attribute containing the username that is presented for authentication Often the distinguished name of the user s entry contains the username presented for authentication but is otherwise the same for all users In this case the userPattern attribute may be used to specify the DN with 0 marking where the username should be substituted Otherwise the realm must search the directory to find a unique entry containing the username The following attributes configure this search userBase the entry that is the base of the subtree containing users If not specified the search base is the top level context userSubtree the search scope Set to true if you wish to search the entire subtree rooted at the userBase entry The default value of false requests a single level search including only the top level userSearch pattern specifying the LDAP search filter to use after substitution of the username Authenticating the user Bind mode By default the realm authenticates a user by binding to the directory with the DN of the entry for that user and the password presented by the user If this simple bind succeeds the user is considered to be authenticated For security reasons a directory may store a digest of the user s password rather than the clear text version see Digested Passwords for more information In that case as part of the simple bind operation the directory automatically computes the correct digest of the plaintext password presented by the user before validating it against the stored value In bind mode therefore the realm is not involved in digest processing The digest attribute is not used and will be ignored if set Comparison mode Alternatively the realm may retrieve the stored password from the directory and compare it explicitly with the value presented by the user This mode is configured by setting the userPassword attribute to the name of a directory attribute in the user s entry that contains the password Comparison mode has some disadvantages First the connectionName and connectionPassword attributes must be configured to allow the realm to read users passwords in the directory For security reasons this is generally undesirable indeed many directory implementations will not allow even the directory manager to read these passwords In addition the realm must handle password digests itself including variations in the algorithms used and ways of representing password hashes in the directory However the realm may sometimes need access to the stored password for example to support HTTP Digest Access Authentication RFC 2069 Note that HTTP digest authentication is different from the storage of password digests in the repository for user information as discussed above Assigning roles to the user The directory realm supports two approaches to the representation of roles in the directory Roles as explicit directory entries Roles may be represented by explicit directory entries A role entry is usually an LDAP group entry with one attribute containing the name of the role and another whose values are the distinguished names or usernames of the users in that role The following attributes configure a directory search to find the names of roles associated with the authenticated user roleBase the base entry for the role search If not specified the search base is the top level directory context roleSubtree the search scope Set to true if you wish to search the entire subtree rooted at the roleBase entry The default value of false requests a single level search including the top level only roleSearch the LDAP search filter for selecting role entries It optionally includes pattern replacements 0 for the distinguished name and or 1 for the username of the authenticated user roleName the attribute in a role entry containing the name of that role roleNested enable nested roles Set to true if you want to nest roles in roles If configured every newly found roleName and distinguished Name will be recursively tried for a new role search The default value is false Roles as an attribute of the user entry Role names may also be held as the values of an attribute in the user s directory entry Use userRoleName to specify the name of this attribute A combination of both approaches to role representation may be used Quick Start To set up Tomcat to use JNDIRealm you will need to follow these steps Make sure your directory server is configured with a schema that matches the requirements listed above If required configure a username and password for use by Tomcat that has read only access to the information described above Tomcat will never attempt to modify this information Place a copy of the JNDI driver you will be using typically ldap jar available with JNDI inside the CATALINA HOME lib directory Set up a Realm element as described below in your CATALINA BASE conf server xml file Restart Tomcat if it is already running Realm Element Attributes To configure JNDIRealm you will create a Realm element and nest it in your CATALINA BASE conf server xml file as described above The attributes for the JNDIRealm are defined in the Realm configuration documentation Example Creation of the appropriate schema in your directory server is beyond the scope of this document because it is unique to each directory server implementation In the examples below we will assume that you are using a distribution of the OpenLDAP directory server version 2 0 11 or later which can be downloaded from http www openldap org Assume that your slapd conf file contains the following settings among others database ldbm suffix dc mycompany dc com rootdn cn Manager dc mycompany dc com rootpw secret We will assume for connectionURL that the directory server runs on the same machine as Tomcat See http java sun com products jndi docs html for more information about configuring and using the JNDI LDAP provider Next assume that this directory server has been populated with elements as shown below in LDIF format Define top level entry dn dc mycompany dc com objectClass dcObject dc mycompany Define an entry to contain people searches for users are based on this entry dn ou people dc mycompany dc com objectClass organizationalUnit ou people Define a user entry for Janet Jones dn uid jjones ou people dc mycompany dc com objectClass inetOrgPerson uid jjones sn jones cn janet jones mail j jones mycompany com userPassword janet Define a user entry for Fred Bloggs dn uid fbloggs ou people dc mycompany dc com objectClass inetOrgPerson uid fbloggs sn bloggs cn fred bloggs mail f bloggs mycompany com userPassword fred Define an entry to contain LDAP groups searches for roles are based on this entry dn ou groups dc mycompany dc com objectClass organizationalUnit ou groups Define an entry for the tomcat role dn cn tomcat ou groups dc mycompany dc com objectClass groupOfUniqueNames cn tomcat uniqueMember uid jjones ou people dc mycompany dc com uniqueMember uid fbloggs ou people dc mycompany dc com Define an entry for the role1 role dn cn role1 ou groups dc mycompany dc com objectClass groupOfUniqueNames cn role1 uniqueMember uid fbloggs ou people dc mycompany dc com An example Realm element for the OpenLDAP directory server configured as described above might look like this assuming that users use their uid e g jjones to login to the application and that an anonymous connection is sufficient to search the directory and retrieve role information Realm className org apache catalina realm JNDIRealm connectionURL ldap localhost 389 userPattern uid 0 ou people dc mycompany dc com roleBase ou groups dc mycompany dc com roleName cn roleSearch uniqueMember 0 With this configuration the realm will determine the user s distinguished name by substituting the username into the userPattern authenticate by binding to the directory with this DN and the password received from the user and search the directory to find the user s roles Now suppose that users are expected to enter their email address rather than their userid when logging in In this case the realm must search the directory for the user s entry A search is also necessary when user entries are held in multiple subtrees corresponding perhaps to different organizational units or company locations Further suppose that in addition to the group entries you want to use an attribute of the user s entry to hold roles Now the entry for Janet Jones might read as follows dn uid jjones ou people dc mycompany dc com objectClass inetOrgPerson uid jjones sn jones cn janet jones mail j jones mycompany com memberOf role2 memberOf role3 userPassword janet This realm configuration would satisfy the new requirements Realm className org apache catalina realm JNDIRealm connectionURL ldap localhost 389 userBase ou people dc mycompany dc com userSearch mail 0 userRoleName memberOf roleBase ou groups dc mycompany dc com roleName cn roleSearch uniqueMember 0 Now when Janet Jones logs in as j jones mycompany com the realm searches the directory for a unique entry with that value as its mail attribute and attempts to bind to the directory as uid jjones ou people dc mycompany dc com with the given password If authentication succeeds she is assigned three roles role2 and role3 the values of the memberOf attribute in her directory entry and tomcat the value of the cn attribute in the only group entry of which she is a member Finally to authenticate the user by retrieving the password from the directory and making a local comparison in the realm you might use a realm configuration like this Realm className org apache catalina realm JNDIRealm connectionName cn Manager dc mycompany dc com connectionPassword secret connectionURL ldap localhost 389 userPassword userPassword userPattern uid 0 ou people dc mycompany dc com roleBase ou groups dc mycompany dc com roleName cn roleSearch uniqueMember 0 However as discussed above the default bind mode for authentication is usually to be preferred Additional Notes JNDIRealm operates according to the following rules When a user attempts to access a protected resource for the first time Tomcat will call the authenticate method of this Realm Thus any changes you have made to the directory new users changed passwords or roles etc will be immediately reflected Once a user has been authenticated the user and his or her associated roles are cached within Tomcat for the duration of the user s login For FORM based authentication that means until the session times out or is invalidated for BASIC authentication that means until the user closes their browser The cached user is not saved and restored across sessions serialisations Any changes to the directory information for an already authenticated user will not be reflected until the next time that user logs on again Administering the information in the directory server is the responsibility of your own applications Tomcat does not provide any built in capabilities to maintain users and roles

    Original URL path: http://ticket.eppa.es/docs/realm-howto.html (2015-09-25)
    Open archived version from archive


  • Apache Tomcat 7 (7.0.22) - JNDI Datasource HOW-TO
    the old mm mysql JDBC driver is org gjt mm mysql Driver we recommend using Connector J though Class name for the official MySQL Connector J driver is com mysql jdbc Driver url The JDBC connection url for connecting to your MySQL dB Resource name jdbc TestDB auth Container type javax sql DataSource maxActive 100 maxIdle 30 maxWait 10000 username javauser password javadude driverClassName com mysql jdbc Driver url jdbc mysql localhost 3306 javatest Context 3 web xml configuration Now create a WEB INF web xml for this test application web app xmlns http java sun com xml ns j2ee xmlns xsi http www w3 org 2001 XMLSchema instance xsi schemaLocation http java sun com xml ns j2ee http java sun com xml ns j2ee web app 2 4 xsd version 2 4 description MySQL Test App description resource ref description DB Connection description res ref name jdbc TestDB res ref name res type javax sql DataSource res type res auth Container res auth resource ref web app 4 Test code Now create a simple test jsp page for use later taglib uri http java sun com jsp jstl sql prefix sql taglib uri http java sun com jsp jstl core prefix c sql query var rs dataSource jdbc TestDB select id foo bar from testdata sql query html head title DB Test title head body h2 Results h2 c forEach var row items rs rows Foo row foo br Bar row bar br c forEach body html That JSP page makes use of JSTL s SQL and Core taglibs You can get it from Sun s Java Web Services Developer Pack or Jakarta Taglib Standard 1 1 project just make sure you get a 1 1 x release Once you have JSTL copy jstl jar and standard jar to your web app s WEB INF lib directory Finally deploy your web app into CATALINA BASE webapps either as a warfile called DBTest war or into a sub directory called DBTest Once deployed point a browser at http localhost 8080 DBTest test jsp to view the fruits of your hard work Oracle 8i 9i 10g 0 Introduction Oracle requires minimal changes from the MySQL configuration except for the usual gotchas Drivers for older Oracle versions may be distributed as zip files rather than jar files Tomcat will only use jar files installed in CATALINA HOME lib Therefore classes111 zip or classes12 zip will need to be renamed with a jar extension Since jarfiles are zipfiles there is no need to unzip and jar these files a simple rename will suffice For Oracle 9i onwards you should use oracle jdbc OracleDriver rather than oracle jdbc driver OracleDriver as Oracle have stated that oracle jdbc driver OracleDriver is deprecated and support for this driver class will be discontinued in the next major release 1 Context configuration In a similar manner to the mysql config above you will need to define your Datasource in your Context Here we define a Datasource called myoracle using the thin driver to connect as user scott password tiger to the sid called mysid Note with the thin driver this sid is not the same as the tnsname The schema used will be the default schema for the user scott Use of the OCI driver should simply involve a changing thin to oci in the URL string Resource name jdbc myoracle auth Container type javax sql DataSource driverClassName oracle jdbc OracleDriver url jdbc oracle thin 127 0 0 1 1521 mysid username scott password tiger maxActive 20 maxIdle 10 maxWait 1 2 web xml configuration You should ensure that you respect the element ordering defined by the DTD when you create you applications web xml file resource ref description Oracle Datasource example description res ref name jdbc myoracle res ref name res type javax sql DataSource res type res auth Container res auth resource ref 3 Code example You can use the same example application as above asuming you create the required DB instance tables etc replacing the Datasource code with something like Context initContext new InitialContext Context envContext Context initContext lookup java comp env DataSource ds DataSource envContext lookup jdbc myoracle Connection conn ds getConnection etc PostgreSQL 0 Introduction PostgreSQL is configured in a similar manner to Oracle 1 Required files Copy the Postgres JDBC jar to CATALINA HOME lib As with Oracle the jars need to be in this directory in order for DBCP s Classloader to find them This has to be done regardless of which configuration step you take next 2 Resource configuration You have two choices here define a datasource that is shared across all Tomcat applications or define a datasource specifically for one application 2a Shared resource configuration Use this option if you wish to define a datasource that is shared across multiple Tomcat applications or if you just prefer defining your datasource in this file This author has not had success here although others have reported so Clarification would be appreciated here Resource name jdbc postgres auth Container type javax sql DataSource driverClassName org postgresql Driver url jdbc postgresql 127 0 0 1 5432 mydb username myuser password mypasswd maxActive 20 maxIdle 10 maxWait 1 2b Application specific resource configuration Use this option if you wish to define a datasource specific to your application not visible to other Tomcat applications This method is less invasive to your Tomcat installation Create a resource definition for your Context The Context element should look something like the following Context Resource name jdbc postgres auth Container type javax sql DataSource driverClassName org postgresql Driver url jdbc postgresql 127 0 0 1 5432 mydb username myuser password mypasswd maxActive 20 maxIdle 10 maxWait 1 Context 3 web xml configuration resource ref description postgreSQL Datasource example description res ref name jdbc postgres res ref name res type javax sql DataSource res type res auth Container res auth resource ref 4 Accessing the datasource When accessing the datasource programmatically remember to prepend java comp env to your JNDI

    Original URL path: http://ticket.eppa.es/docs/jndi-datasource-examples-howto.html (2015-09-25)
    Open archived version from archive


  • remaining classes are considered part of the Tomcat internals and may change without notice between point releases JNI Based Applications Applications that require native libraries must ensure that the libraries have been loaded prior to use Typically this is done with a call like static System loadLibrary path to library file in some class However the application must also ensure that the library is not loaded more than once If the above code were placed in a class inside the web application i e under WEB INF classes or WEB INF lib and the application were reloaded the loadLibrary call would be attempted a second time To avoid this problem place classes that load native libraries outside of the web application and ensure that the loadLibrary call is executed only once during the lifetime of a particular JVM Bundled APIs A standard installation of Tomcat 7 0 makes all of the following APIs available for use by web applications by placing them in lib annotations api jar Annotations package catalina jar Tomcat Catalina implementation catalina ant jar Tomcat Catalina Ant tasks catalina ha jar High availability package catalina tribes jar Group communication el api jar EL 2 2 API jasper jar Jasper 2 Compiler and Runtime jasper el jar Jasper 2 EL implementation ecj 3 7 jar Eclipse JDT Java compiler jsp api jar JSP 2 2 API servlet api jar Servlet 3 0 API tomcat api jar Interfaces shared by Catalina and Jasper tomcat coyote jar Tomcat connectors and utility classes tomcat dbcp jar package renamed database connection pool based on Commons DBCP You can make additional APIs available to all of your web applications by putting unpacked classes into a classes directory not created by default or by placing them in JAR files in the lib directory To override the XML parser implementation or interfaces use the endorsed mechanism of the JVM The default configuration defines JARs located in endorsed as endorsed Web application reloading and static fields in shared libraries Some shared libraries many are part of the JDK keep references to objects instantiated by the web application To avoid class loading related problems ClassCastExceptions messages indicating that the classloader is stopped etc the shared libraries state should be reinitialized Something which might help is to avoid putting classes which would be referenced by a shared static field in the web application classloader and putting them in the shared classloader instead JARs should be put in the lib folder and classes should be put in the classes folder Tomcat on Linux GLIBC 2 2 Linux 2 4 users should define an environment variable export LD ASSUME KERNEL 2 2 5 Redhat Linux 9 0 users should use the following setting to avoid stability problems export LD ASSUME KERNEL 2 4 1 There are some Linux bugs reported against the NIO sendfile behavior make sure you have a JDK that is up to date or disable sendfile behavior in the Connector 6427312 fc FileChannel transferTo throws IOException system

    Original URL path: http://ticket.eppa.es/docs/RELEASE-NOTES.txt (2015-09-25)
    Open archived version from archive

  • Apache Tomcat 7 (7.0.22) - Changelog
    configuration markt 51278 Allow ServletContainerInitializers to override settings in the global default web xml and the host web xml markt 51310 When stopping the Server object on shutdown call destroy after calling stop markt Coyote 51145 Add an AJP NIO connector markt rjung Jasper 51220 Add a system property to enable tag pooling with JSPs that use a custom base class Based on a patch by Dan Mikusa markt Include a comment header in generated java files that indicates when the file was generated and which version of Tomcat generated it markt 51240 Ensure that maxConnections limit is enforced when multiple acceptor threads are configured markt Cluster 51230 Add missing attributes to JMX for ReplicationValve and JvmRouteBinderValve Patch provided by Eiji Takahashi markt Web applications Add documentation for AJP NIO connector markt rjung 51182 Document JAAS supported added in 51119 Patch provided by Neil Laurance markt 51225 Fix broken documentation links for non English locales in the HTML Manager application Patch provided by Eiji Takahashi markt 51229 Fix bugs in the Servlet 3 0 asynchronous examples Patch provided by Eiji Takahashi markt 51251 Add web application version support to the Ant tasks Based on a patch provided by Eiji Takahashi markt 51294 Clarify behaviour of unpackWAR attribute of StandardContext components markt Other 46451 Configure svn bugtraq properties for Tomcat trunk Based on a patch provided by Marc Guillemot markt 51309 Correct logic in catalina sh stop when using a PID file to ensure the correct message is shown Patch provided by Caio Cezar markt Tomcat 7 0 14 markt released 2011 05 12 Catalina Stylistic improvements to MIME type sync script Based on a patch provided by Felix Schumacher rjung Ensure that the SSLValve provides the SSL key size as an Integer rather than a String markt Ensure that the RemoteIpValve works correctly with Servlet 3 0 asynchronous requests markt Use safe equality test when determining event type in the MapperListener markt Use correct class loader when loading Servlet classes in StandardWrapper markt Provide additional configuration options for the RemoteIpValve and RemoteIpFilter to allow greater control over the values returned by ServletRequest getServerPort and ServletRequest getLocalPort when Tomcat is behind a reverse proxy markt Ensure session cookie paths end in so that session cookies created for a context with a path of foo do not get returned with requests mapped to a context with a path of foobar markt Jasper 51177 Ensure Tomcat s MapElResolver always returns Object class for getType as required by the EL specification markt Tomcat 7 0 13 markt not released Catalina Correct mix up in Realm Javadoc markt Fix display of response headers in AccessLogValve kkolinko Implement display of multiple request headers in AccessLogValve print not just the value of the first header but of the all of them separated by commas kkolinko 50306 New StuckThreadDetectionValve to detect requests that take a long time to process which might indicate that their processing threads are stuck Based on a patch provided by TomLu slaurent 51038 Ensure that asynchronous requests are included in access logs markt 51042 Don t trigger session creation listeners when a session ID is changed as part of the authentication process markt 51050 Add additional common but non standard file extension to MIME type mappings for MPEG 4 files Based on a patch by Cédrik Lime markt Add some additional common JARs that do not contain TLDs or web fragments to the list of JARs to skip when scanning for TLDs and web fragments markt While scanning JARs for TLDs and fragments avoid using JarFile and use JarInputStream as in most circumstances where JARs are scanned JarFile will create a temporary copy of the JAR rather than using the resource directly This change significantly improves startup performance for applications with lots of JARs to be scanned markt Ensure response is committed when AsyncContext complete is called markt Add a container event that is fired when a session s ID is changed e g on authentication markt 51099 Correctly implement non default login configurations configured via the loginConfigName attribute for the the SPNEGO authenticator fhanik markt 51119 Add JAAS authentication support to the JMXRemoteLifecycleListener Patch provided by Neil Laurance markt 51136 Provide methods that enable the name of a Context on Context creation when using Tomcat in an embedded scenario Based on a patch provided by David Calavera markt 51137 Add additional Microsoft Office MIME type mappings rjung Partial sync of MIME type mapping with mime types from the Apache web server About 600 MIME types added some changed rjung Make access logging more robust when logging requests that generate 400 responses since the request object is unlikely to be fully correctly populated in that case markt Coyote 50957 Fix regression in HTTP BIO connector that triggered errors when processing pipe lined requests markt 50158 Ensure the asynchronous requests never timeout if the timeout is set to zero or less Based on a patch provided by Chris markt 51073 Throw an exception and do not start the APR connector if it is configured for SSL and an invalid value is provided for SSLProtocol markt Align all the connector implementations with the documented default setting for processorCache of 200 This changes the default from 1 unlimited for the AJP BIO AJP APR and HTTP APR connectors Additional information was also added to the documentation on how to select an appropriate value Take account of time spent waiting for a processing thread when calculating connection and keep alive timeouts for the HTTP BIO connector markt 51095 Don t trigger a NullPointerException when the SSL handshake fails with the HTTP APR connector Patch provided by Mike Glazer markt Improve handling in AJP connectors of the case where too large a AJP packet is received markt Restore the automatic disabling of HTTP keep alive with the BIO connector once 75 of the processing threads are in use and make the threshold configurable markt Make pollerSize and maxConnections synonyms for the APR connectors since they perform the same function markt Use maxThreads rather than 10000 as the default maxConnections for the BIO connectors markt Jasper 47371 Correctly coerce the empty string to zero when used as an operand in EL arithmetic Patch provided by gbt markt Label JSP tag file line and column numbers when reporting errors since it may not be immediately obvious what the numbers represent markt Correct a regression in the fix for 49916 that resulted in JSPs being compiled twice rather than just once markt Log JARs that are scanned for TLDs where no TLD is found so that users can easily identify JARs that can be added to the list of JARs to skip markt Use a single TLD location cache for a web application rather than one per JSP compilation to speed up JSP compilation markt 51124 Refactor BodyContentImpl to assist in determining the root cause of this bug Based on a patch by Ramiro markt Cluster 50950 Correct possible NotSerializableException for an authenticated session when running with a security manager markt Web applications Configure Security Manager How To to include a copy of the actual conf catalina policy file when the documentation is built rather than maintaining a copy of its content kkolinko Fix broken stylesheet URL in XML based manager status output rjung 51156 Ensure session expiration option is available in Manager application was running web applications that were defined in server xml markt Other Clarify error messages in sh files to mention that if a script is not found it might be because execute permission is needed kkolinko Update commons pool to 1 5 6 markt 51135 Fix auto detection of JAVA HOME for 64 bit Windows platforms that only have a 32 bit JVM installed markt 51154 Remove duplicate deprecated tags in ServletContext Javadoc Patch provided by sebb markt 51155 Add comments to deprecated tags that have none Patch provided by sebb markt Tomcat 7 0 12 markt released 2011 04 06 Catalina Automatically correct invalid paths when specified for Context elements inside server xml and log a warning that the configuration has been corrected markt Don t unpack WAR files if they are not located in the Host s appBase markt Don t log to standard out in SSLValve markt Handle the case where a web crawler provides an invalid session ID in the CrawlerSessionManagerValve markt Update pattern used in CrawlerSessionManagerValve to that used by the ASF infrastructure team markt Remove unnecessary whitespace from MIME mapping entries in global web xml file markt When using parallel deployment correctly handle the scenario when the client sends multiple JSESSIONID cookies markt 12428 Add support disabled by default for preemptive authentication This can be configured per context Based on a patch suggested by Werner Donn markt Make the CSRF nonce cache serializable so that it can be replicated across a cluster and or persisted across Tomcat restarts markt Resolve some refactoring TODOs in the implementation of the new Context attribute swallowAbortedUploads markt Include the seed time when calculating the time taken to create SecureRandom instances for session ID generation report excessive times greater than 100ms at INFO level and provide a value for the message key so a meaningful message appears in the logs markt Don t register Contexts that fail to start with the Mapper markt 48685 Add initial support for SPNEGO Kerberos authentication also referred to as integrated Windows authentication This includes user authentication authorisation via the directory using the user s delegated credentials and exposing the user s delegated credentials via a request attribute so applications can make use of them to impersonate the current user when accessing third party systems that use a compatible authentication mechanism Based on a patch provided by Michael Osipov markt HTTP range requests cannot be reliably served when a Writer is in use so prevent the DefaultServlet from attempting to do so kkolinko Protect the DefaultServlet from Valves Filters and Wrappers that write content to the response Prevent partial responses to partial GET requests in this case since the range cannot be reliably determined Also prevent the DefaultServlet from setting a content length header since this too cannot be reliably determined markt 50929 When wrapping an exception include the root cause Patch provided by sebb markt 50991 Fix regression in fix for 25060 that called close on a JNDI resource while it was still available to the application markt Provide a configuration option that lets the close method to be used for a JNDI Resource to be defined by the user This change also disables using the close method unless one is explicitly defined for the resource and limits it to singleton resources markt Correctly track changes to context xml files and trigger redeployment when copyXML is set to false markt 50997 Relax the requirement that directories must have a name ending in jar to be treated as an expanded JAR file by the default JarScanner Based on patch by Rodion Zhitomirsky markt Don t append the jvmRoute to a session ID if the jvmRoute is a zero length string markt Don t register non singelton DataSource resources with JMX markt CVE 2011 1184 Provide additional configuration options for the DIGEST authenticator markt Provide a workaround for Tomcat hanging during shutdown when running the unit tests markt Coyote 50887 Add support for configuring the JSSE provider used to convert client certificates Based on a patch by pknopp markt 50903 When a connector is stopped ensure that requests that are currently in a keep alive state and waiting for client data are not processed Requests where processing has started will continue to completion markt 50927 Improve error message when SSLCertificateFile is not specified when using APR with SSL Based on a patch provided by sebb markt 50928 Don t ignore keyPass attribute for HTTP BIO and NIO connectors Based on a patch provided by sebb markt Cluster Securely seed the SecureRandom instance used for UUID generation and report excessive creation time greater than 100ms at INFO level markt Web applications 50924 Clean up HTTP connector comparison table markt Slightly expanded the documentation of the Host element to clarify the relationship between host name and DNS name markt 50925 Update SSL how to to take account of keyPass connector attribute markt Improve Tomcat Logging documentation kkolinko Align the authenticator documentation and MBean descriptors with the implementation markt Prevent the custom error pages for the Manager and Host Manager applications from being accessed directly markt 50984 When using the Manager application ensure that undeployment fails if a file cannot be deleted markt Other Update Eclipse JDT complier to 3 6 2 markt Update WSDL4J library to 1 6 2 used by JSR 109 support in the extras package markt Update optional CheckStyle library to 5 3 markt 50911 Reduce noise generated during the build of the Windows installer so warnings are more obvious Patch provided by sebb markt Further work to reduce compiler and validation warnings across the code base markt Tomcat 7 0 11 markt released 2011 03 11 Catalina CVE 2011 1088 Completed fix Don t ignore ServletSecurity annotations markt 25060 Close Apache Commons DBCP datasources when the associated JNDI naming context is stopped e g for a non global DataSource resource on web application reload to close remaining database connections immediately rather than waiting for garbage collection markt 26701 Provide a mechanism for users to register their own URLStreamHandlerFactory objects markt 50855 Fix NPE on HttpServletRequest logout when debug logging is enabled markt New context attribute swallowAbortedUploads allows to make request data swallowing configurable for requests that are too large rjung 50854 Add additional permissions required by the Manager application when running under a security Manager and support a shared Manager installation when CATALINA HOME CATALINA BASE markt 50893 Add additional information to the download README for the extras components markt Calling stop and then destroy on a connector incorrectly triggered an exception markt Coyote 48208 Allow the configuration of a custom trust manager for use in CLIENT CERT authentication markt Fix issues that prevented asynchronous servlets from working when used with the HTTP APR connector on platforms that support TCP DEFER ACCEPT markt Jasper Correct possible threading issue in JSP compilation when development mode is used markt 50895 Don t initialize classes created during the compilation stage markt Tomcat 7 0 10 markt released 2011 03 08 Catalina CVE 2011 1088 Partial fix Don t ignore ServletSecurity annotations markt 27988 Improve reporting of missing files markt 28852 Add URL encoding where missing to parameters in URLs presented by Ant tasks to the Manager application Based on a patch by Stephane Bailliez markt Improve handling of SSL renegotiation by failing earlier when the request body contains more bytes than maxSavePostSize markt Improve shut down speed by not renewing threads during shut down when the ThreadLocalLeakPreventionListener is enabled markt Coyote 49284 Add SSL re negotiation support to the HTTP NIO connector and extend test cases to cover CLIENT CERT authentication fhanik markt Tomcat 7 0 9 markt not released Catalina 19444 Add an option to the JNDI realm to allow role searches to be performed by the authenticated user markt 21669 Add the ability to specify the roleBase for the JNDI Realm as relative to the users DN Based on a patch by Art W markt 22405 Add a new Lifecycle listener org apache catalina security SecurityListener that prevents Tomcat from starting insecurely It requires that Tomcat is not started as root and that a umask at least as restrictive as 0007 is used This new listener is not enabled by default markt 48863 Better logging when specifying an invalid directory for a class loader Based on a patch by Ralf Hauser markt kkolinko 48870 Refactor to remove use of parallel arrays markt Enhance the RemoteIpFilter and RemoteIpValve so that the modified remote address remote host protocol and server port may be used in an access log if desired markt Restore access to Environments Resources and ResourceLinks via JMX which was lost in early 7 0 x re factoring markt Remove ServerLifecycleListener This was already removed from server xml and with the Lifecycle re factoring is no longer required markt Add additional checks to ensure that sub classes of org apache catalina util LifecycleBase correctly implement the expected state transitions markt 50189 Once the application has finished writing to the response prevent further reads from the request since this causes various problems in the connectors which do not expect this markt 50700 Ensure that the override attribute of context parameters is correctly followed markt 50721 Correctly handle URL decoding where the URL ends in nn Patch provided by Christof Marti markt 50737 Add additional information when an invalid WAR file is detected markt 50748 Allow the content length header to be set up to the point the response is committed when a writer is being used markt 50751 When authenticating with the JNDI Realm only attempt to read user attributes from the directory if attributes are required markt 50752 Fix typo in debug message in deprecated Embedded class markt 50789 Provide an option to enable ServletRequestListeners for forwards as required by some CDI frameworks markt 50793 When processing Servlet 3 0 async requests ensure that the requestInitialized and requestDestroyed events are only fired once per request at the correct times markt 50802 Ensure that ServletContext getResourcePaths includes static resources packaged in JAR files in its output markt Web crawlers can trigger the creation of many thousands of sessions as they crawl a site which may result in significant memory consumption The new Crawler Session Manager Valve ensures that crawlers are associated with a single session just like normal users regardless of whether or not they provide a session token with their requests markt Don t attempt to start NamingResources for Contexts multiple times markt 50826 Avoid IllegalArgumentException if an embedded Tomcat instance that includes at least one Context is destroyed without ever being started markt Ensure a web application is taken out of service if the web xml file is not valid kkolinko markt Ensure Servlet 2 2 jspFile elements are correctly converted to use a leading if missing markt 50836 Better documentation of the meaning of Lifecycle isAvailable and correct a couple of cases where this could incorrectly return true markt Coyote 50780 Fix memory leak in APR implementation of AJP connector introduced by the refactoring for 49884 markt If server configuration errors and or faulty applications caused the ulimit for open files to be reached the acceptor threads for all connectors could enter a tight loop This loop consumed CPU and also logged an error message for every iteration of the loop which lead to large log files being generated The acceptors have been enhanced to better handle this situation markt Jasper 50720 Ensure that the use of non ISO 8859 1 character sets for web xml does not trigger an error when Jasper parses the web xml file markt 50726 Ensure that the use of the genStringAsCharArray does not result in String constants that are too long for valid Java code markt 50790 Improve method resolution in EL expressions markt Cluster 50771 Ensure HttpServletRequest getAuthType returns the name of the authentication scheme if request has already been authenticated kfujino Web applications 50713 Remove roles command from the Manager application markt Tribes 50667 r1068549 Allow RPC callers to get confirmation when sending a reply fhanik Other 50743 Cache CheckStyle results between builds to speed up validation Patch provided by Oliver markt Tomcat 7 0 8 markt released 2011 02 05 Catalina Fix NPE in CoyoteAdapter when postParseRequest call fails kkolinko 50709 Make ApplicationContextFacade non final to enable extension markt When running under a security manager user requests may fail with a security exception markt Coyote Reduce level of log message for invalid URL parameters from WARNING to INFO markt Fix hanging Servlet 3 asynchronous requests when using the APR based AJP connector markt Other Align server xml installed by the Windows installer with the one bundled in zip tar gz files The differences are LockOutRealm being used and AccessLogValve being enabled by default kkolinko Tomcat 7 0 7 markt not released Catalina 18462 Don t merge stdout and stderr internally so users retain the option to treat them separately markt 18797 Provide protection against null or zero length names being provided for users roles and groups in the MemoryRealm and UserDatabaseRealm markt Improve fix for 50205 to trigger an error earlier if invalid configuration is used markt Provide additional control over component class loaders primarily for use when embedding markt Fix NPE in RemoteAddrFilter RemoteHostFilter kkolinko 49711 HttpServletRequest getParts will work in a filter or servlet without an MultipartConfig annotation or MultipartConfigElement if the new allowCasualMultipartParsing context attribute is set to true schultz 49978 Correct another instance where deployment incorrectly failed if a directory in the work area already existed markt 50582 Refactor access logging so chunked encoding is not forced for all requests if bytes sent is logged markt 50597 Don t instantiate a new instance of a Filter if an instance was provided via the ServletContext addFilter String Filter method Patch provided by Ismael Juma markt 50598 Correct URL for Manager text interface markt 50620 Stop exceptions that occur during Session endAccess from preventing the normal completion of Request recycle markt 50629 Make StandardContext bindThread and StandardContext unbindThread protected to allow use by sub classes markt Use getName instead of logName in error messages in StandardContext kkolinko 50642 Move the sun net www http HttpClient keep alive thread memory leak protection from the JreMemoryLeakPreventionListener to the WebappClassLoader since the thread that triggers the memory leak is created on demand markt 50673 Improve Catalina shutdown when running as a service Do not call System exit kkolinko 50683 Ensure annotations are scanned when unpackWARs is set to false in the Host where a web application is deployed markt Improve HTTP specification compliance in support of Accept Language header This protects from known exploit of the Oracle JVM bug that triggers a DoS CVE 2010 4476 kkolinko Coyote Prevent possible thread exhaustion if a Comet timeout event takes a while to complete markt Prvent multiple Comet END events if the CometServlet calls event close during an END event markt 50325 When the JVM indicates support for RFC 5746 disable Tomcat s allowUnsafeLegacyRenegotiation configuration attribute and use the JVM configuration to control renegotiation markt 50405 Fix occassional NPE when using NIO connector and Comet markt Ensure correct recycling of NIO input filters when processing Comet events markt 50627 Correct interaction of NIO socket and Poller when processing Comet events markt Correct interaction of APR socket and Poller when processing Comet events markt 50631 InternalNioInputBuffer should honor maxHttpHeadSize kkolinko Jasper Improve special case handling of javax servlet jsp el ScopedAttributeELResolver in javax el CompositeELResolver to handle sub classes markt 15688 Use fully qualified class names in generated jsp files to avoid naming conflicts with user imports markt 46819 Remove redundant object instantiations in JspRuntimeLibrary Patch provided by Anthony Whitford markt Improve error message when EL identifiers are not valid Java identifiers and use i18n for the error message markt 50680 Prevent an NPE when using tag files from an exploded JAR file e g from within an IDE Patch provided by Larry Isaacs markt Cluster 50591 Fix NPE in ReplicationValve kkolinko Internationalise the log messages for the FarmWarDeployer markt 50600 Prevent a ConcurrentModificationException when removing a WAR file via the FarmWarDeployer markt Be consistent with locks on sessionCreationTiming sessionExpirationTiming in DeltaManager resetStatistics kkolinko 50648 Correctly set the interrupt status if a thread using RpcChannel is interrupted waiting for a message reply Based on a patch by Olivier Costet markt 50646 Ensure larger Tribes messages are fully read Patch provided by Olivier Costet markt 50679 Update the FarmWarDeployer to support parallel deployment markt Web applications 22278 Add a commented out RemoteAddrValve that limits access to the Manager and Host Manager applications to localhost Based on a patch by Yann Cébron markt Correct a handful of Javadoc warnings markt Provide additional detail about how web application version order is determined when using parallel deployment markt Correct the documentation for the recoveryCount count attribute of the the default cluster membership markt 50441 Clarify when it is valid to set the docBase attribute in a Context element markt 50526 Provide additional documetation on configuring JavaMail resources markt 50599 Use correct names of roles required to access the Manager application markt Other Extend the Checkstyle tests to check for license headers markt Modify the build script so a release build always rebuilds the dependencies to ensure that the correct Tomcat version appears in the manifest markt Code clean up to remove unused code and reduce IDE warnings markt 50601 Code clean up Patch provided by sebb markt 50606 Improve CGIServlet Provide support for specifying empty value for the executable init param Provide support for explicit additional arguments for the executable Those were broken when implementing fix for bug 49657 kkolinko Tomcat 7 0 6 markt released 2011 01 14 General Update to Commons Daemon 1 0 5 mturk Catalina 8705 org apache catalina SessionListener now extends java util EventListener markt 10526 Add an option to the Authenticator s to force the creation of a session on authentication which may offer some performance benefits markt 10972 Improve error message if the className attribute is missing on an element in server xml where it is required markt 48692 Provide option to parse application x www form urlencoded PUT requests schultz 48822 Include context name in case of error while stopping or starting a context during its reload Patch provided by Marc Guillemot slaurent 48837 Extend thread local memory leak detection to include classes loaded by subordinate class loaders to the web application s class loader such as the Jasper class loader Based on a patch by Sylvain Laurent markt 48973 Avoid creating a SESSIONS ser file when stopping an application if there s no session Patch provided by Marc Guillemot slaurent 49000 No longer accept specification invalid name only cookies by default This behaviour can be restored using a system property markt 49159 Improve memory leak protection by renewing threads of the pool when a web application is stopped slaurent 49372 Re fix after connector re factoring If connector initialisation fails e g if a port is alreasy in use do not trigger an LifecycleException for an invalid state transition markt 49543 Allow Tomcat to use shared data sources with per application credentials fhanik 49650 Remove unnecessary entries package access property defined in catalina properties Patch provided by Owen Farrell markt 50106 Correct several MBean descriptors Patch provided by Eiji Takahashi markt Further performance improvements to session ID generation Remove legacy configuration options that are no longer required Provide additional options to control the SecureRandom instances used to generate session IDs markt 50201 Update the access log reference in StandardEngine when the ROOT web application is redeployed started stopped or defaultHost is changed markt kkolinko 50282 Load javax security auth login Configuration with JreMemoryLeakPreventionListener to avoid memory leak when stopping a web application that would use JAAS slaurent 50351 Fix the regression that broke BeanFactory resources caused by the previous fix for 50159 markt 50352 Ensure that AsyncListener onComplete is fired when AsyncContext complete is called markt 50358 Set the correct LifecycleState when stopping instances of the deprecated Embedded class markt Further Lifecycle refactoring for Connectors and associated components markt Correct handling of versioned web applications in deployer markt Correct removal of LifeCycleListener s from Container s via JMX markt Don t use null s to construct log messages markt Code clean up Replace use of inefficient constructors with more efficient alternatives markt 50411 Ensure sessions are removed from the Store associated with a PersistentManager markt 50413 Ensure 304 responses are not returned when using static files as error pages markt kkolinko 50448 Fix possible IllegalStateException caused by recent session management refactoring markt Ensure aliases settings for a context are retained after a context is reloaded markt Log a warning if context xml files define values for properties that do not exist e g if there is a typo in a property name markt 50453 Correctly handle multiple X Forwarded For headers in the RemoteIpFilter and RemoteIpValve Patch provided by Jim Riggs markt 50541 Add support for setting the size limit and time limit for LDAP seaches when using the JNDI Realm with userSearch markt All configuration options that use regular expression now require a single regular expression using java util regex rather than a list of comma separated or semi colon separated expressions markt 50496 Bytes sent in the access log are now counted after compression chunking etc rather than before markt 50550 When a new directory is created e g via WebDAV ensure that a subsequent request for that directory does not result in a 404 response markt 50554 Code clean up markt 50556 Improve JreMemoryLeakPreventionListener to prevent a potential class loader leak caused by a thread spawned when the class com sun jndi ldap LdapPoolManager is initialized and the system property com sun jndi ldap connect pool timeout is set to a value greater than 0 slaurent Coyote 47319 Return the client s IP address rather than null for calls to getRemoteHost when the APR connector is used with enableLookups true but the IP address is not resolveable markt 50108 Add get set methods for Connector property minSpareThreads Patch provided by Eiji Takahashi markt 50360 Provide an option to control when the socket associated with a connector is bound By default the socket is bound on Connector init and released on Connector destroy as per the current behaviour but this can be changed so that the socket is bound on Connector start and released on Connector stop This fix also includes further Lifecycle refactoring for Connectors and associated components markt Remove a huge memory leak in the NIO connector introduced by the fix for 49884 markt 50467 Protected against NPE triggered by a race condition that causes the NIO poller to fail preventing the processing of further requests markt Jasper 13731 Make variables in jspService method final where possible markt 50408 Fix NoSuchMethodException when using scoped variables with EL method invocation markt 50460 Avoid a memory leak caused by using a cached exception instance in JspDocumentParser and ProxyDirContext kkolinko 50500 Use correct coercions as per the EL spec for arithmetic operations involving string values containing e or E Based on a patch by Brian Weisleder markt Cluster 50185 Add additional trace level logging to Tribes to assist with fault diagnosis Based on a patch by Ariel markt Don t try and obtain session data from the cluster if the current node is the only node in the cluster Log requesting session data as INFO rather than WARNING markt 50503 When web application has a version Engine level Clustering works correctly kfujino 50547 Add time stamp for CHANGE SESSION ID message and SESSION EXPIRED message kfujino Web applications 21157 Ensure cookies are written before the response is commited in the Cookie example Patch provided by Stefan Radzom markt 50294 Add more information to documentation regarding format of configuration files Patch provided by Luke Meyer markt Correctly validate provided context path so sessions for the ROOT web application can be viewed through the HTML Manager markt Improve documentation of database connection factory rjung 50488 Update classpath required when using jsvc and add a note regarding server VMs markt Further filtering of Manager display output kkolinko Other Don t configure Windows installer to use PID file since it is not removed when the service stops which prevents the service from starting markt 14416 Make TagLibraryInfo getTag more robust at handling null s markt 50552 Avoid NPE that hides error message when using Ant tasks schultz Provide two alternative locations for the libraries downloaded from the ASF web site at build time Use the main distribution site as default and the archive one as fallback kkolinko Tomcat 7 0 5 markt beta 2010 12 01 General Update to Commons Daemon 1 0 4 mturk Catalina 3839 Provide a mechanism to gracefully handle the case where users book mark the form login page or otherwise misuse the FORM authentication process Based on a suggestion by Mark Morris markt 49180 Add option to disable log rotation in juli FileHandler Patch provided by Pid pidster at apache funkman 49991 Ensure servlet request listeners are fired for the login and error pages during FORM authentication markt 50107 When removing a Host via JMX do not attempt to destroy the host s pipeline twice Patch provided by Eiji Takahashi markt 50138 Fix threading issues in org apache catalina security SecurityUtil markt 50157 Ensure MapperListener is only added to a container object once markt 50159 Add a new attribute for Resource elements singleton that controls whether or not a new object is created every time a JNDI lookup is performed to obtain the resource The default value is true which will return the same instance of the resource in every JNDI lookup markt 50168 Separate the Lifecycle DESTROY EVENT into Lifecycle BEFORE DESTROY EVENT and Lifecycle AFTER DESTROY EVENT Use the additional state to ensure that Context objects are only destroyed once markt 50169 Ensure that when a Container is started that it doesn t try and register with the mapper unless its parent has already started Patch provided by Eiji Takahashi markt 50222 Modify memory leak prevention code so it pins the system class loader in memory rather than than the common class loader which is better for embedded systems Patch provided by Christopher Schultz markt Improve debug logging for MapperListener registration markt Expose names of LifecycleListeners and ContainerListeners for StandardContext via JMX markt Add a new option resourceOnlyServlets to Context elements that provides a mechanism for working around the issues caused by new requirements for welcome file mapping introduced in Servlet 3 0 By default the existing Tomcat 6 0 x welcome file handling is used markt Make Tomcat more tolerant of null when generating JMX names for Valves markt Make AccessLogValve attribute enabled changeable via JMX pero Correct infinite loop if ServletRequest startAsync ServletRequest ServletResponse was called markt 50232 Remove dependency between StoreBase and PersistentManager and associated code clean up Patch provided by Tiago Batista markt 50252 Prevent ClassCastException when using a ResourceLink Patch provided by Eiji Takahashi markt Reduce synchronization in session managers to improve performance of session creation markt If starting children automatically when adding them to a container e g when adding a Context to a Host don t lock the parent s set of children whilst the new child is being started since this can block other threads and cause issues such as lost cluster messages markt Implement support for parallel deployment This allows multiple versions of the same web application to be deployed to the same context path at the same time Users without a current session will be mapped to the latest version of the web application Users with a current session will continue to use the version of the web application with which the session is associated until the session expires markt 50308 Allow asynchronous request processing to call AsyncContext dispatch once the asynchronous request has timed out markt Make memory leak prevention code that clears ThreadLocal instances more robust against objects with toString methods that throw exceptions markt Coyote 49860 Complete support for handling trailing headers in chunked HTTP requests markt Impose a limit on the length of the trailing headers The limit is configurable with a system property and is 8192 by default kkolinko 50207 Ensure Comet timeout events are triggered This bug was a regression triggered by the fix for 49884 markt Jasper 49297 Enforce the rules in the JSP specification for parsing the attributes of custom and standard actions that require that the attribute names are unique within an element and that there is whitespace before the attribute name The whitespace test can be disabled by setting the system property org apache jasper compiler Parser STRICT WHITESPACE to false Attributes of the page directive

    Original URL path: http://ticket.eppa.es/docs/changelog.html (2015-09-25)
    Open archived version from archive

  • API docs
    Tomcat s internal javadoc is not installed by default Download and install the fulldocs package to get it You can also access the javadoc online in the Tomcat documentation bundle

    Original URL path: http://ticket.eppa.es/docs/api/index.html (2015-09-25)
    Open archived version from archive

  • Apache Tomcat 7 (7.0.22) - Tomcat Web Application Deployment
    hostname context xml CATALINA BASE webapps webappname META INF context xml Files in 1 are named webappname xml but files in 2 are named context xml If a Context Descriptor is not provided for a Context Tomcat configures the Context using default values Deployment on Tomcat startup If you are not interested in using the Tomcat Manager or TCD then you ll need to deploy your web applications statically to Tomcat followed by a Tomcat startup The location you deploy web applications to for this type of deployment is called the appBase which is specified per Host You either copy a so called exploded web application i e non compressed to this location or a compressed web application resource WAR file The web applications present in the location specified by the Host s default Host is localhost appBase attribute default appBase is CATALINA BASE webapps will be deployed on Tomcat startup only if the Host s deployOnStartup attribute is true The following deployment sequence will occur on Tomcat startup in that case Any Context Descriptors will be deployed first Exploded web applications not referenced by any Context Descriptor will then be deployed If they have an associated WAR file in the appBase and it is newer than the exploded web application the exploded directory will be removed and the webapp will be redeployed from the WAR WAR files will be deployed Note again that for each deployed web application a Context Descriptor will be created unless one exists already Deploying on a running Tomcat server It is possible to deploy web applications to a running Tomcat server If the Host autoDeploy attribute is true the Host will attempt to deploy and update web applications dynamically as needed for example if a new WAR is dropped into the appBase For this to work the Host needs to have background processing enabled which is the default configuration autoDeploy set to true and a running Tomcat allows for Deployment of WAR files copied into the Host appBase Deployment of exploded web applications which are copied into the Host appBase Re deployment of a web application which has already been deployed from a WAR when the new WAR is provided In this case the exploded web application is removed and the WAR is expanded again Note that the explosion will not occur if the Host is configured so that WARs are not exploded with a unpackWARs attribute set to false in which case the web application will be simply redeployed as a compressed archive Re deployment of a web application if the WEB INF web xml file or any other resource defined as a WatchedResource is updated Re deployment of a web application if the Context Descriptor file from which the web application has been deployed is updated Re deployment of a web application if a Context Descriptor file with a filename corresponding to the Context path of the previously deployed web application is added to the CATALINA BASE conf enginename hostname directory Undeployment

    Original URL path: http://ticket.eppa.es/docs/deployer-howto.html (2015-09-25)
    Open archived version from archive

  • Apache Tomcat 7 (7.0.22) - Introduction
    Files Throughout the docs you ll notice there are numerous references to CATALINA HOME This represents the root of your Tomcat installation When we say This information can be found in your CATALINA HOME README txt file we mean to look at the README txt file at the root of your Tomcat install Optionally Tomcat may be configured for multiple instances by defining CATALINA BASE for each instance If multiple instances are not configured CATALINA BASE is the same as CATALINA HOME These are some of the key tomcat directories bin Startup shutdown and other scripts The sh files for Unix systems are functional duplicates of the bat files for Windows systems Since the Win32 command line lacks certain functionality there are some additional files in here conf Configuration files and related DTDs The most important file in here is server xml It is the main configuration file for the container logs Log files are here by default webapps This is where your webapps go Configuring Tomcat This section will acquaint you with the basic information used during the configuration of the container All of the information in the configuration files is read at startup meaning that any change to the files necessitates a restart of the container Where to Go for Help While we ve done our best to ensure that these documents are clearly written and easy to understand we may have missed something Provided below are various web sites and mailing lists in case you get stuck As Tomcat 7 is a new release of Tomcat keep in mind that some of the issues and solutions vary between the major versions of Tomcat 6 x versus 7 x As you search around the web there will be some documentation that is not relevant to Tomcat 7 but

    Original URL path: http://ticket.eppa.es/docs/introduction.html (2015-09-25)
    Open archived version from archive

  • Apache Tomcat 7 (7.0.22) - Security Manager HOW-TO
    1088176 2011 04 02 23 09 37Z kkolinko SYSTEM CODE PERMISSIONS These permissions apply to javac grant codeBase file java home lib permission java security AllPermission These permissions apply to all shared system extensions grant codeBase file java home jre lib ext permission java security AllPermission These permissions apply to javac when java home points at JAVA HOME jre grant codeBase file java home lib permission java security AllPermission These permissions apply to all shared system extensions when java home points at JAVA HOME jre grant codeBase file java home lib ext permission java security AllPermission CATALINA CODE PERMISSIONS These permissions apply to the daemon code grant codeBase file catalina home bin commons daemon jar permission java security AllPermission These permissions apply to the logging API Note If tomcat juli jar is in catalina base and not in catalina home update this section accordingly grant codeBase file catalina base bin tomcat juli jar grant codeBase file catalina home bin tomcat juli jar permission java io FilePermission java home file separator lib file separator logging properties read permission java io FilePermission catalina base file separator conf file separator logging properties read permission java io FilePermission catalina base file separator logs read write permission java io FilePermission catalina base file separator logs file separator read write permission java lang RuntimePermission shutdownHooks permission java lang RuntimePermission getClassLoader permission java lang RuntimePermission setContextClassLoader permission java util logging LoggingPermission control permission java util PropertyPermission java util logging config class read permission java util PropertyPermission java util logging config file read permission java util PropertyPermission catalina base read Note To enable per context logging configuration permit read access to the appropriate file Be sure that the logging configuration is secure before enabling such access E g for the examples web application uncomment and unwrap the following to be on a single line permission java io FilePermission catalina base file separator webapps file separator examples file separator WEB INF file separator classes file separator logging properties read These permissions apply to the server startup code grant codeBase file catalina home bin bootstrap jar permission java security AllPermission These permissions apply to the servlet API classes and those that are shared across all class loaders located in the lib directory grant codeBase file catalina home lib permission java security AllPermission If using a per instance lib directory i e catalina base lib then the following permission will need to be uncommented grant codeBase file catalina base lib permission java security AllPermission WEB APPLICATION PERMISSIONS These permissions are granted by default to all web applications In addition a web application will be given a read FilePermission and JndiPermission for all files and directories in its document root grant Required for JNDI lookup of named JDBC DataSource s and javamail named MimePart DataSource used to send mail permission java util PropertyPermission java home read permission java util PropertyPermission java naming read permission java util PropertyPermission javax sql read OS Specific properties to allow read access permission java util PropertyPermission os

    Original URL path: http://ticket.eppa.es/docs/security-manager-howto.html (2015-09-25)
    Open archived version from archive