Commit a57552e1 authored by Emmanuel Bourg's avatar Emmanuel Bourg

Imported Upstream version 8.0.30

parent fe281df4
......@@ -415,6 +415,23 @@ For example:
test.relaxTiming=true
8. It is known that some platforms (e.g. OSX El Capitan) require IPv4 to
be the default for the multicast tests to work. This is configured by
the following property:
java.net.preferIPv4Stack=true
9. Optional support is provided for FindBugs. It can be enabled using the
following property:
execute.findbugs=true
The report file by default is written to
output/findbugs
* NOTE: Findbugs is licensed under LGPL. Using Findbugs during Tomcat build is
optional and is off by default.
(8) Source code checks
......
......@@ -67,17 +67,15 @@ create your own from the Tomcat source code, as described in
(3) Configure Environment Variables
Tomcat is a Java application and does not use environment variables. The
variables are used by the Tomcat startup scripts. The scripts use the variables
to prepare the command that starts Tomcat.
Tomcat is a Java application and does not use environment variables directly.
Environment variables are used by the Tomcat startup scripts. The scripts use
the environment variables to prepare the command that starts Tomcat.
(3.1) Set CATALINA_HOME (required) and CATALINA_BASE (optional)
The CATALINA_HOME environment variable should be set to the location of the
root directory of the "binary" distribution of Tomcat.
An example was given in (2.2) above.
The Tomcat startup scripts have some logic to set this variable
automatically if it is absent, based on the location of the startup script
in *nix and on the current directory in Windows. That logic might not work
......
......@@ -323,10 +323,10 @@ goto end
goto end
:doJpda
if not "%SECURITY_POLICY_FILE%" == "" goto doSecurityJpda
%_EXECJAVA% %JAVA_OPTS% %CATALINA_OPTS% %JPDA_OPTS% %DEBUG_OPTS% -Djava.endorsed.dirs="%JAVA_ENDORSED_DIRS%" -classpath "%CLASSPATH%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
%_EXECJAVA% %JAVA_OPTS% %JPDA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -Djava.endorsed.dirs="%JAVA_ENDORSED_DIRS%" -classpath "%CLASSPATH%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
goto end
:doSecurityJpda
%_EXECJAVA% %JAVA_OPTS% %CATALINA_OPTS% %JPDA_OPTS% %DEBUG_OPTS% -Djava.endorsed.dirs="%JAVA_ENDORSED_DIRS%" -classpath "%CLASSPATH%" -Djava.security.manager -Djava.security.policy=="%SECURITY_POLICY_FILE%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
%_EXECJAVA% %JAVA_OPTS% %JPDA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -Djava.endorsed.dirs="%JAVA_ENDORSED_DIRS%" -classpath "%CLASSPATH%" -Djava.security.manager -Djava.security.policy=="%SECURITY_POLICY_FILE%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
goto end
:end
......@@ -278,7 +278,7 @@ if [ "$1" = "jpda" ] ; then
if [ -z "$JPDA_OPTS" ]; then
JPDA_OPTS="-agentlib:jdwp=transport=$JPDA_TRANSPORT,address=$JPDA_ADDRESS,server=y,suspend=$JPDA_SUSPEND"
fi
CATALINA_OPTS="$CATALINA_OPTS $JPDA_OPTS"
CATALINA_OPTS="$JPDA_OPTS $CATALINA_OPTS"
shift
fi
......
......@@ -25,7 +25,7 @@
# ----- Version Control Flags -----
version.major=8
version.minor=0
version.build=28
version.build=30
version.patch=0
version.suffix=
......@@ -51,6 +51,13 @@ test.threads=1
# Note the Cobertura code coverage tool is GPLv2 licensed
test.cobertura=false
# Note the FindBugs is LGPL licensed
execute.findbugs=false
# Some platforms (e.g. OSX El Capitan) require IPv4 to be the default for the
# multicast tests to work
java.net.preferIPv4Stack=false
# Location of GPG executable (used only for releases)
gpg.exec=/path/to/gpg
......@@ -214,7 +221,7 @@ objenesis.loc=https://objenesis.googlecode.com/files/objenesis-${objenesis.versi
objenesis.jar=${objenesis.home}/objenesis-${objenesis.version}.jar
# ----- Checkstyle, version 6.0 or later -----
checkstyle.version=6.8.1
checkstyle.version=6.13
checkstyle.home=${base.path}/checkstyle-${checkstyle.version}
checkstyle.loc=${base-sf.loc}/checkstyle/checkstyle/${checkstyle.version}/checkstyle-${checkstyle.version}-all.jar
checkstyle.jar=${checkstyle.home}/checkstyle-${checkstyle.version}-all.jar
......@@ -236,5 +243,9 @@ cobertura.jar=${cobertura.home}/cobertura-${cobertura.version}.jar
cobertura.lib=${cobertura.home}/lib
cobertura.loc=${base-sf.loc}/cobertura/cobertura-2.0.3-bin.tar.gz
# ----- JVM settings for unit tests
java.net.preferIPv4Stack=false
# ----- Findbugs -----
findbugs.version=3.0.1
findbugs.home=${base.path}/findbugs-${findbugs.version}
findbugs.lib=${findbugs.home}/lib
findbugs.jar=${findbugs.lib}/findbugs-ant.jar
findbugs.loc=${base-sf.loc}/project/findbugs/findbugs/${findbugs.version}/findbugs-${findbugs.version}.tar.gz
......@@ -176,6 +176,11 @@
<property name="tomcat.classes.cobertura" value="${tomcat.classes}-cobertura"/>
<property name="cobertura.report.format" value="html"/>
<!-- FindBugs settings -->
<property name="findbugs.out" value="${tomcat.output}/findbugs"/>
<property name="findbugs.report.format" value="html"/>
<property name="findbugs.report.level" value="low"/>
<!-- Workaround against http://bugs.sun.com/view_bug.do?bug_id=6202721 -->
<available file="/dev/urandom" property="test.jvmarg.egd" value="-Djava.security.egd=file:/dev/./urandom"/>
<property name="test.jvmarg.egd" value="" />
......@@ -1532,8 +1537,6 @@
<exclude name="**/OneLineFormatter*.class"/>
<exclude name="**/DateFormatCache.class"/>
<exclude name="**/DateFormatCache*.class"/>
<!-- This class cannot be instrumented when tcnative library is not in java.library.path -->
<exclude name="**/jni/socket/AprSocket.class"/>
</fileset>
<auxClasspath path="${jdt.jar}" />
</cobertura-instrument>
......@@ -1556,6 +1559,32 @@
format="${cobertura.report.format}"/>
</target>
<target name="findbugs"
if="${execute.findbugs}"
depends="compile,download-findbugs">
<path id="findbugs.classpath">
<fileset file="${findbugs.jar}" />
</path>
<taskdef classpathref="findbugs.classpath" name="findbugs" classname="edu.umd.cs.findbugs.anttask.FindBugsTask"/>
<mkdir dir="${findbugs.out}" />
<findbugs home="${findbugs.home}"
output="${findbugs.report.format}"
outputFile="${findbugs.out}/findbugs-report.${findbugs.report.format}"
reportLevel="${findbugs.report.level}"
excludeFilter="res/findbugs/filter-false-positives.xml" >
<sourcePath path="${basedir}/java" />
<class location="${tomcat.classes}" />
<auxClasspath>
<fileset file="${jdt.jar}" />
<fileset file="${ant.core.lib}" />
</auxClasspath>
</findbugs>
</target>
<target name="extras-prepare" >
<mkdir dir="${tomcat.extras}"/>
<mkdir dir="${tomcat.extras.sources}"/>
......@@ -2844,6 +2873,17 @@ skip.installer property in build.properties" />
</target>
<target name="download-findbugs"
if="${execute.findbugs}"
description="Download FindBugs" >
<antcall target="downloadgz">
<param name="sourcefile" value="${findbugs.loc}"/>
<param name="destfile" value="${findbugs.jar}"/>
</antcall>
</target>
<target name="download-dist"
description="Download additional components for a distribution" >
......
......@@ -42,16 +42,8 @@
<!-- parameters (default values are in square brackets): -->
<!-- -->
<!-- debug Debugging detail level for messages logged -->
<!-- by this servlet. Useful values range from 0 -->
<!-- to 5 where 0 means no logging and 5 means -->
<!-- maximum logging. Values of 10 or more mean -->
<!-- maximum logging plus debug info added to the -->
<!-- HTTP response. If an error occurs and debug is -->
<!-- 10 or more the standard error page mechanism -->
<!-- will be disabled and a response body with -->
<!-- debug information will be produced. Note that -->
<!-- any value of 10 or more has the same effect as -->
<!-- a value of 10. [0] -->
<!-- by this servlet. Useful values are 0, 1, and -->
<!-- 11 where higher values mean more detail. [0] -->
<!-- -->
<!-- fileEncoding Encoding to be used to read static resources -->
<!-- [platform default] -->
......@@ -241,6 +233,19 @@
<!-- -->
<!-- xpoweredBy Determines whether X-Powered-By response -->
<!-- header is added by generated servlet. [false] -->
<!-- -->
<!-- strictQuoteEscaping When scriptlet expressions are used for -->
<!-- attribute values, should the rules in JSP.1.6 -->
<!-- for the escaping of quote characters be -->
<!-- strictly applied? [true] -->
<!-- The default can be changed with the -->
<!-- org.apache.jasper.compiler.Parser. -->
<!-- STRICT_QUOTE_ESCAPING system property. -->
<!-- -->
<!-- quoteAttributeEL When EL is used in an attribute value on a -->
<!-- JSP page should the rules for quoting of -->
<!-- attributes described in JSP.1.6 be applied to -->
<!-- the expression? [true] -->
<servlet>
<servlet-name>jsp</servlet-name>
......@@ -330,7 +335,21 @@
<!-- Recommended value: WEB-INF/cgi -->
<!-- -->
<!-- debug Debugging detail level for messages logged -->
<!-- by this servlet. [0] -->
<!-- by this servlet. Useful values range from 0 -->
<!-- to 5 where 0 means no logging and 5 means -->
<!-- maximum logging. Values of 10 or more mean -->
<!-- maximum logging plus debug info added to the -->
<!-- HTTP response. If an error occurs and debug -->
<!-- is 10 or more the standard error page -->
<!-- mechanism will be disabled and a response -->
<!-- body with debug information will be produced. -->
<!-- Note that any value of 10 or more has the -->
<!-- same effect as a value of 10. If set to 10 or -->
<!-- more the standard error page mechanism will -->
<!-- be disabled and a debug page shown instead. -->
<!-- The debug page is not considered secure and -->
<!-- should not be enabled for production systems. -->
<!-- [0] -->
<!-- -->
<!-- executable Name of the executable used to run the -->
<!-- script. [perl] -->
......
......@@ -40,20 +40,20 @@ public class BeanELResolver extends ELResolver {
"org.apache.el.BeanELResolver.CACHE_SIZE";
static {
String cacheSizeStr;
if (System.getSecurityManager() == null) {
CACHE_SIZE = Integer.parseInt(
System.getProperty(CACHE_SIZE_PROP, "1000"));
cacheSizeStr = System.getProperty(CACHE_SIZE_PROP, "1000");
} else {
CACHE_SIZE = AccessController.doPrivileged(
new PrivilegedAction<Integer>() {
cacheSizeStr = AccessController.doPrivileged(
new PrivilegedAction<String>() {
@Override
public Integer run() {
return Integer.valueOf(
System.getProperty(CACHE_SIZE_PROP, "1000"));
public String run() {
return System.getProperty(CACHE_SIZE_PROP, "1000");
}
}).intValue();
});
}
CACHE_SIZE = Integer.parseInt(cacheSizeStr);
}
private final boolean readOnly;
......
......@@ -116,6 +116,7 @@ public interface ServletRequest {
*
* @return a long integer containing the length of the request body or -1 if
* the length is not known
* @since Servlet 3.1
*/
public long getContentLengthLong();
......@@ -410,7 +411,7 @@ public interface ServletRequest {
* proxy that sent the request.
*
* @return an integer specifying the port number
* @since 2.4
* @since Servlet 2.4
*/
public int getRemotePort();
......@@ -420,7 +421,7 @@ public interface ServletRequest {
*
* @return a <code>String</code> containing the host name of the IP on which
* the request was received.
* @since 2.4
* @since Servlet 2.4
*/
public String getLocalName();
......@@ -430,7 +431,7 @@ public interface ServletRequest {
*
* @return a <code>String</code> containing the IP address on which the
* request was received.
* @since 2.4
* @since Servlet 2.4
*/
public String getLocalAddr();
......@@ -439,7 +440,7 @@ public interface ServletRequest {
* the request was received.
*
* @return an integer specifying the port number
* @since 2.4
* @since Servlet 2.4
*/
public int getLocalPort();
......
......@@ -28,7 +28,7 @@ import java.util.Map;
* class implements the Wrapper or Decorator pattern. Methods default to calling
* through to the wrapped request object.
*
* @since v 2.3
* @since Servlet 2.3
* @see javax.servlet.ServletRequest
*/
public class ServletRequestWrapper implements ServletRequest {
......@@ -115,6 +115,12 @@ public class ServletRequestWrapper implements ServletRequest {
return this.request.getContentLength();
}
/**
* The default behavior of this method is to return getContentLengthLong()
* on the wrapped request object.
*
* @since Servlet 3.1
*/
@Override
public long getContentLengthLong() {
return this.request.getContentLengthLong();
......@@ -308,7 +314,7 @@ public class ServletRequestWrapper implements ServletRequest {
* The default behavior of this method is to return getRemotePort() on the
* wrapped request object.
*
* @since 2.4
* @since Servlet 2.4
*/
@Override
public int getRemotePort() {
......@@ -319,7 +325,7 @@ public class ServletRequestWrapper implements ServletRequest {
* The default behavior of this method is to return getLocalName() on the
* wrapped request object.
*
* @since 2.4
* @since Servlet 2.4
*/
@Override
public String getLocalName() {
......@@ -330,7 +336,7 @@ public class ServletRequestWrapper implements ServletRequest {
* The default behavior of this method is to return getLocalAddr() on the
* wrapped request object.
*
* @since 2.4
* @since Servlet 2.4
*/
@Override
public String getLocalAddr() {
......@@ -341,7 +347,7 @@ public class ServletRequestWrapper implements ServletRequest {
* The default behavior of this method is to return getLocalPort() on the
* wrapped request object.
*
* @since 2.4
* @since Servlet 2.4
*/
@Override
public int getLocalPort() {
......
......@@ -29,6 +29,7 @@ import javax.servlet.ServletSecurityElement;
import javax.servlet.descriptor.JspConfigDescriptor;
import org.apache.catalina.deploy.NamingResourcesImpl;
import org.apache.tomcat.ContextBind;
import org.apache.tomcat.InstanceManager;
import org.apache.tomcat.JarScanner;
import org.apache.tomcat.util.descriptor.web.ApplicationParameter;
......@@ -57,7 +58,7 @@ import org.apache.tomcat.util.http.CookieProcessor;
*
* @author Craig R. McClanahan
*/
public interface Context extends Container {
public interface Context extends Container, ContextBind {
// ----------------------------------------------------- Manifest Constants
......@@ -1609,45 +1610,6 @@ public interface Context extends Container {
*/
public Map<String, String> findPreDestroyMethods();
/**
* Change the current thread context class loader to the web application
* class loader. If no web application class loader is defined, or if the
* current thread is already using the web application class loader then no
* change will be made. If the class loader is changed and a
* {@link ThreadBindingListener} is configured then
* {@link ThreadBindingListener#bind()} will be called after the change has
* been made.
*
* @param usePrivilegedAction
* Should a {@link java.security.PrivilegedAction} be used when
* obtaining the current thread context class loader and setting
* the new one?
* @param originalClassLoader
* The current class loader if known to save this method having to
* look it up
*
* @return If the class loader has been changed by the method it will return
* the thread context class loader in use when the method was
* called. If no change was made then this method returns null.
*/
public ClassLoader bind(boolean usePrivilegedAction, ClassLoader originalClassLoader);
/**
* Restore the current thread context class loader to the original class
* loader in used before {@link #bind(boolean, ClassLoader)} was called. If
* no original class loader is passed to this method then no change will be
* made. If the class loader is changed and a {@link ThreadBindingListener}
* is configured then {@link ThreadBindingListener#unbind()} will be called
* before the change is made.
*
* @param usePrivilegedAction
* Should a {@link java.security.PrivilegedAction} be used when
* setting the current thread context class loader?
* @param originalClassLoader
* The class loader to restore as the thread context class loader
*/
public void unbind(boolean usePrivilegedAction, ClassLoader originalClassLoader);
/**
* Obtain the token necessary for operations on the associated JNDI naming
* context.
......@@ -1670,4 +1632,104 @@ public interface Context extends Container {
* for this Context.
*/
public CookieProcessor getCookieProcessor();
/**
* When a client provides the ID for a new session, should that ID be
* validated? The only use case for using a client provided session ID is to
* have a common session ID across multiple web applications. Therefore,
* any client provided session ID should already exist in another web
* application. If this check is enabled, the client provided session ID
* will only be used if the session ID exists in at least one other web
* application for the current host. Note that the following additional
* tests are always applied, irrespective of this setting:
* <ul>
* <li>The session ID is provided by a cookie</li>
* <li>The session cookie has a path of {@code /}</li>
* </ul>
*
* @param validateClientProvidedNewSessionId
* {@code true} if validation should be applied
*/
public void setValidateClientProvidedNewSessionId(boolean validateClientProvidedNewSessionId);
/**
* Will client provided session IDs be validated (see {@link
* #setValidateClientProvidedNewSessionId(boolean)}) before use?
*
* @return {@code true} if validation will be applied. Otherwise, {@code
* false}
*/
public boolean getValidateClientProvidedNewSessionId();
/**
* If enabled, requests for a web application context root will be
* redirected (adding a trailing slash) by the Mapper. This is more
* efficient but has the side effect of confirming that the context path is
* valid.
*
* @param mapperContextRootRedirectEnabled Should the redirects be enabled?
*/
public void setMapperContextRootRedirectEnabled(boolean mapperContextRootRedirectEnabled);
/**
* Determines if requests for a web application context root will be
* redirected (adding a trailing slash) by the Mapper. This is more
* efficient but has the side effect of confirming that the context path is
* valid.
*
* @return {@code true} if the Mapper level redirect is enabled for this
* Context.
*/
public boolean getMapperContextRootRedirectEnabled();
/**
* If enabled, requests for a directory will be redirected (adding a
* trailing slash) by the Mapper. This is more efficient but has the
* side effect of confirming that the directory is valid.
*
* @param mapperDirectoryRedirectEnabled Should the redirects be enabled?
*/
public void setMapperDirectoryRedirectEnabled(boolean mapperDirectoryRedirectEnabled);
/**
* Determines if requests for a directory will be redirected (adding a
* trailing slash) by the Mapper. This is more efficient but has the
* side effect of confirming that the directory is valid.
*
* @return {@code true} if the Mapper level redirect is enabled for this
* Context.
*/
public boolean getMapperDirectoryRedirectEnabled();
/**
* Controls whether HTTP 1.1 and later location headers generated by a call
* to {@link javax.servlet.http.HttpServletResponse#sendRedirect(String)}
* will use relative or absolute redirects.
* <p>
* Relative redirects are more efficient but may not work with reverse
* proxies that change the context path. It should be noted that it is not
* recommended to use a reverse proxy to change the context path because of
* the multiple issues it creates.
* <p>
* Absolute redirects should work with reverse proxies that change the
* context path but may cause issues with the
* {@link org.apache.catalina.filters.RemoteIpFilter} if the filter is
* changing the scheme and/or port.
*
* @param useRelativeRedirects {@code true} to use relative redirects and
* {@code false} to use absolute redirects
*/
public void setUseRelativeRedirects(boolean useRelativeRedirects);
/**
* Will HTTP 1.1 and later location headers generated by a call to
* {@link javax.servlet.http.HttpServletResponse#sendRedirect(String)} use
* relative or absolute redirects.
*
* @return {@code true} if relative redirects will be used {@code false} if
* absolute redirects are used.
*
* @see #setUseRelativeRedirects(boolean)
*/
public boolean getUseRelativeRedirects();
}
......@@ -259,7 +259,7 @@ public final class Globals {
* compliance.
*/
public static final boolean STRICT_SERVLET_COMPLIANCE =
Boolean.valueOf(System.getProperty("org.apache.catalina.STRICT_SERVLET_COMPLIANCE", "false")).booleanValue();
Boolean.parseBoolean(System.getProperty("org.apache.catalina.STRICT_SERVLET_COMPLIANCE", "false"));
/**
......
......@@ -59,13 +59,13 @@ public interface Loader {
/**
* Return the Java class loader to be used by this Container.
* @return the Java class loader to be used by this Container.
*/
public ClassLoader getClassLoader();
/**
* Return the Context with which this Loader has been associated.
* @return the Context with which this Loader has been associated.
*/
public Context getContext();
......@@ -79,7 +79,7 @@ public interface Loader {
/**
* Return the "follow standard delegation model" flag used to configure
* @return the "follow standard delegation model" flag used to configure
* our ClassLoader.
*/
public boolean getDelegate();
......@@ -95,7 +95,7 @@ public interface Loader {
/**
* Return the reloadable flag for this Loader.
* @return the reloadable flag for this Loader.
*/
public boolean getReloadable();
......@@ -119,6 +119,9 @@ public interface Loader {
/**
* Has the internal repository associated with this Loader been modified,
* such that the loaded classes should be reloaded?
*
* @return <code>true</code> when the repository has been modified,
* <code>false</code> otherwise
*/
public boolean modified();
......
......@@ -44,7 +44,7 @@ public interface Pipeline {
/**
* <p>Return the Valve instance that has been distinguished as the basic
* @return the Valve instance that has been distinguished as the basic
* Valve for this Pipeline (if any).
*/
public Valve getBasic();
......@@ -95,7 +95,7 @@ public interface Pipeline {
/**
* Return the set of Valves in the pipeline associated with this
* @return the set of Valves in the pipeline associated with this
* Container, including the basic Valve (if any). If there are no
* such Valves, a zero-length array is returned.
*/
......@@ -118,7 +118,7 @@ public interface Pipeline {
/**
* <p>Return the Valve instance that has been distinguished as the basic
* @return the Valve instance that has been distinguished as the basic
* Valve for this Pipeline (if any).
*/
public Valve getFirst();
......@@ -131,7 +131,7 @@ public interface Pipeline {
/**
* Return the Container with which this Pipeline is associated.
* @return the Container with which this Pipeline is associated.
*/
public Container getContainer();
......
......@@ -41,7 +41,7 @@ public interface Realm {
// ------------------------------------------------------------- Properties
/**
* Return the Container with which this Realm has been associated.