Commit cfa27289 authored by Emmanuel Bourg's avatar Emmanuel Bourg

New upstream version 8.5.9

parent d8d99506
......@@ -282,7 +282,7 @@ You can build them by using the following commands:
codesigning.user=request-via-pmc
codesigning.pwd=request-via-pmc
codesigning.partnercode=request-via-pmc
codesigning.service=Microsoft Signing
codesigning.service=Microsoft Windows Signing
Release managers will be provided with the necessary credentials by the PMC.
It will also be necessary to enable TLS 1.1 and TLS 1.2 by default (they are
......@@ -469,6 +469,11 @@ NOTE: Cobertura is licensed under GPL v2 with parts of it being under
java.net.preferIPv4Stack=true
10. It is possible to control whether the output of the tests is displayed
on the console or not. By default it is displayed and can be disabled
by the following property:
test.verbose=true
(8) Source code checks
......
......@@ -210,12 +210,10 @@ set LOGGING_CONFIG=-Dnop
if not exist "%CATALINA_BASE%\conf\logging.properties" goto noJuliConfig
set LOGGING_CONFIG=-Djava.util.logging.config.file="%CATALINA_BASE%\conf\logging.properties"
:noJuliConfig
set "JAVA_OPTS=%JAVA_OPTS% %LOGGING_CONFIG%"
if not "%LOGGING_MANAGER%" == "" goto noJuliManager
set LOGGING_MANAGER=-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
:noJuliManager
set "JAVA_OPTS=%JAVA_OPTS% %LOGGING_MANAGER%"
rem ----- Execute The Requested Command ---------------------------------------
......@@ -333,17 +331,17 @@ goto setArgs
rem Execute Java with the applicable properties
if not "%JPDA%" == "" goto doJpda
if not "%SECURITY_POLICY_FILE%" == "" goto doSecurity
%_EXECJAVA% %JAVA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -classpath "%CLASSPATH%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
%_EXECJAVA% %LOGGING_CONFIG% %LOGGING_MANAGER% %JAVA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -classpath "%CLASSPATH%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
goto end
:doSecurity
%_EXECJAVA% %JAVA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -classpath "%CLASSPATH%" -Djava.security.manager -Djava.security.policy=="%SECURITY_POLICY_FILE%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
%_EXECJAVA% %LOGGING_CONFIG% %LOGGING_MANAGER% %JAVA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -classpath "%CLASSPATH%" -Djava.security.manager -Djava.security.policy=="%SECURITY_POLICY_FILE%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
goto end
:doJpda
if not "%SECURITY_POLICY_FILE%" == "" goto doSecurityJpda
%_EXECJAVA% %JAVA_OPTS% %JPDA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -classpath "%CLASSPATH%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
%_EXECJAVA% %LOGGING_CONFIG% %LOGGING_MANAGER% %JAVA_OPTS% %JPDA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -classpath "%CLASSPATH%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
goto end
:doSecurityJpda
%_EXECJAVA% %JAVA_OPTS% %JPDA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -classpath "%CLASSPATH%" -Djava.security.manager -Djava.security.policy=="%SECURITY_POLICY_FILE%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
%_EXECJAVA% %LOGGING_CONFIG% %LOGGING_MANAGER% %JAVA_OPTS% %JPDA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -classpath "%CLASSPATH%" -Djava.security.manager -Djava.security.policy=="%SECURITY_POLICY_FILE%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
goto end
:end
......@@ -142,6 +142,10 @@ echo Using JVM: "%JVM%"
set "CLASSPATH=%CATALINA_HOME%\bin\bootstrap.jar;%CATALINA_BASE%\bin\tomcat-juli.jar"
if not "%CATALINA_HOME%" == "%CATALINA_BASE%" set "CLASSPATH=%CLASSPATH%;%CATALINA_HOME%\bin\tomcat-juli.jar"
if "%SERVICE_STARTUP_MODE%" == "" set SERVICE_STARTUP_MODE=manual
if "%JvmMs%" == "" set JvmMs=128
if "%JvmMx%" == "" set JvmMx=256
"%EXECUTABLE%" //IS//%SERVICE_NAME% ^
--Description "Apache Tomcat @VERSION@ Server - http://tomcat.apache.org/" ^
--DisplayName "%DISPLAYNAME%" ^
......@@ -159,9 +163,10 @@ if not "%CATALINA_HOME%" == "%CATALINA_BASE%" set "CLASSPATH=%CLASSPATH%;%CATALI
--StopClass org.apache.catalina.startup.Bootstrap ^
--StartParams start ^
--StopParams stop ^
--JvmOptions "-Dcatalina.home=%CATALINA_HOME%;-Dcatalina.base=%CATALINA_BASE%;-Djava.io.tmpdir=%CATALINA_BASE%\temp;-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager;-Djava.util.logging.config.file=%CATALINA_BASE%\conf\logging.properties" ^
--JvmMs 128 ^
--JvmMx 256
--JvmOptions "-Dcatalina.home=%CATALINA_HOME%;-Dcatalina.base=%CATALINA_BASE%;-Djava.io.tmpdir=%CATALINA_BASE%\temp;-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager;-Djava.util.logging.config.file=%CATALINA_BASE%\conf\logging.properties;%JvmArgs%" ^
--Startup "%SERVICE_STARTUP_MODE%" ^
--JvmMs "%JvmMs%" ^
--JvmMx "%JvmMx%"
if not errorlevel 1 goto installed
echo Failed installing '%SERVICE_NAME%' service
goto end
......
......@@ -25,7 +25,7 @@
# ----- Version Control Flags -----
version.major=8
version.minor=5
version.build=8
version.build=9
version.patch=0
version.suffix=
......@@ -40,6 +40,8 @@ execute.test.apr=true
test.haltonfailure=false
# Activate AccessLog during testing
test.accesslog=false
# Display the tests output on the console
test.verbose=true
# Number of parallel threads to use for testing. The recommended value is one
# thread per core.
......@@ -65,7 +67,7 @@ do.codesigning=false
codesigning.user=request-via-pmc
codesigning.pwd=request-via-pmc
codesigning.partnercode=request-via-pmc
codesigning.service=Microsoft Signing
codesigning.service=Microsoft Windows Signing
# ----- Settings to use when downloading files -----
trydownload.httpusecaches=true
......
......@@ -1411,7 +1411,7 @@
<sequential>
<mkdir dir="${test.reports}" />
<junit printsummary="yes" fork="yes" dir="." showoutput="yes"
<junit printsummary="yes" fork="yes" dir="." showoutput="${test.verbose}"
errorproperty="test.result.error"
failureproperty="test.result.failure"
haltonfailure="${test.haltonfailure}"
......
......@@ -77,8 +77,12 @@
redirectPort="8443" />
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation with the JSSE engine. When
using the JSSE engine, the JSSE configuration attributes must be used.
This connector uses the NIO implementation. The default
SSLImplementation will depend on the presence of the APR/native
library and the useOpenSSL attribute of the
AprLifecycleListener.
Either JSSE or OpenSSL style configuration may be used regardless of
the SSLImplementation selected. JSSE style configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
......@@ -90,9 +94,10 @@
</Connector>
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation. When using the
APR/native implementation or the OpenSSL engine with NIO or NIO2 then
the OpenSSL configuration attributes must be used.
This connector uses the APR/native implementation which always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used. OpenSSL style
configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
......
......@@ -74,11 +74,10 @@ public interface AccessLog {
public void log(Request request, Response response, long time);
/**
* Should this valve set request attributes for IP address, Hostname,
* Should this valve set request attributes for IP address, hostname,
* protocol and port used for the request? This are typically used in
* conjunction with the {@link org.apache.catalina.valves.AccessLogValve}
* which will otherwise log the original values.
* Default is <code>true</code>.
*
* The attributes set are:
* <ul>
......
......@@ -231,4 +231,12 @@ public interface Realm {
* @return principal roles
*/
public String[] getRoles(Principal principal);
/**
* Return the availability of the realm for authentication.
* @return <code>true</code> if the realm is able to perform authentication
*/
public boolean isAvailable();
}
......@@ -48,6 +48,7 @@ import org.apache.catalina.LifecycleException;
import org.apache.catalina.Manager;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.TomcatPrincipal;
import org.apache.catalina.Valve;
import org.apache.catalina.Wrapper;
import org.apache.catalina.authenticator.jaspic.CallbackHandlerImpl;
......@@ -61,6 +62,7 @@ import org.apache.catalina.valves.ValveBase;
import org.apache.coyote.ActionCode;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.ExceptionUtils;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.apache.tomcat.util.http.FastHttpDateFormat;
......@@ -1107,6 +1109,16 @@ public abstract class AuthenticatorBase extends ValveBase
}
}
Principal p = request.getPrincipal();
if (p instanceof TomcatPrincipal) {
try {
((TomcatPrincipal) p).logout();
} catch (Throwable t) {
ExceptionUtils.handleThrowable(t);
log.debug(sm.getString("authenticator.tomcatPrincipalLogoutFail"), t);
}
}
register(request, request.getResponse(), null, null, null, null);
}
......
......@@ -30,6 +30,7 @@ authenticator.notContext=Configuration error: Must be attached to a Context
authenticator.requestBodyTooBig=The request body was too large to be cached during the authentication process
authenticator.sessionExpired=The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser
authenticator.unauthorized=Cannot authenticate with the provided credentials
authenticator.tomcatPrincipalLogoutFail=Logout with TomcatPrincipal instance has failed
digestAuthenticator.cacheRemove=A valid entry has been removed from client nonce cache to make room for new entries. A replay attack is now possible. To prevent the possibility of replay attacks, reduce nonceValidity or increase cnonceCacheSize. Further warnings of this type will be suppressed for 5 minutes.
......
......@@ -666,9 +666,11 @@ public class InputBuffer extends Reader
}
CharBuffer tmp = CharBuffer.allocate(newSize);
int oldPosition = cb.position();
cb.position(0);
tmp.put(cb);
tmp.flip();
tmp.position(oldPosition);
cb = tmp;
tmp = null;
}
......
......@@ -1319,8 +1319,23 @@ public abstract class ContainerBase extends LifecycleMBeanBase
}
// -------------------------------------- ContainerExecuteDelay Inner Class
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
Container parent = getParent();
if (parent != null) {
sb.append(parent.toString());
sb.append('.');
}
sb.append(this.getClass().getSimpleName());
sb.append('[');
sb.append(getName());
sb.append(']');
return sb.toString();
}
// -------------------------------------- ContainerExecuteDelay Inner Class
/**
* Private thread class to invoke the backgroundProcess method
......
......@@ -5605,28 +5605,9 @@ public class StandardContext extends ContainerBase
log.debug("resetContext " + getObjectName());
}
/**
* Return a String representation of this component.
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
if (getParent() != null) {
sb.append(getParent().toString());
sb.append(".");
}
sb.append("StandardContext[");
sb.append(getName());
sb.append("]");
return (sb.toString());
}
// ------------------------------------------------------ Protected Methods
/**
* Adjust the URL pattern to begin with a leading slash, if appropriate
* (i.e. we are running a servlet 2.2 application). Otherwise, return
......
......@@ -22,7 +22,6 @@ import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Container;
import org.apache.catalina.Wrapper;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
......@@ -48,17 +47,6 @@ final class StandardContextValve extends ValveBase {
}
/**
* Cast to a StandardContext right away, as it will be needed later.
*
* @see org.apache.catalina.Contained#setContainer(org.apache.catalina.Container)
*/
@Override
public void setContainer(Container container) {
super.setContainer(container);
}
/**
* Select the appropriate child Wrapper to process this request,
* based on the specified request URI. If no matching Wrapper can
......
......@@ -263,19 +263,6 @@ public class StandardEngine extends ContainerBase implements Engine {
}
/**
* Return a String representation of this component.
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder("StandardEngine[");
sb.append(getName());
sb.append("]");
return (sb.toString());
}
/**
* Override the default implementation. If no access log is defined for the
* Engine, look for one in the Engine's default host and then the default
......
......@@ -835,24 +835,6 @@ public class StandardHost extends ContainerBase implements Host {
}
/**
* @return a String representation of this component.
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
if (getParent() != null) {
sb.append(getParent().toString());
sb.append(".");
}
sb.append("StandardHost[");
sb.append(getName());
sb.append("]");
return (sb.toString());
}
/**
* Start this component and implement the requirements
* of {@link org.apache.catalina.util.LifecycleBase#startInternal()}.
......
......@@ -1259,25 +1259,6 @@ public class StandardWrapper extends ContainerBase
}
/**
* @return a String representation of this component.
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
if (getParent() != null) {
sb.append(getParent().toString());
sb.append(".");
}
sb.append("StandardWrapper[");
sb.append(getName());
sb.append("]");
return (sb.toString());
}
/**
* Process an UnavailableException, marking this servlet as unavailable
* for the specified amount of time.
......
......@@ -52,7 +52,9 @@ public class CombinedRealm extends RealmBase {
/**
* Descriptive information about this Realm implementation.
* @deprecated This will be removed in Tomcat 9 onwards.
*/
@Deprecated
protected static final String name = "CombinedRealm";
/**
......@@ -392,6 +394,7 @@ public class CombinedRealm extends RealmBase {
}
@Override
@Deprecated
protected String getName() {
return name;
}
......@@ -418,4 +421,15 @@ public class CombinedRealm extends RealmBase {
throw uoe;
}
@Override
public boolean isAvailable() {
for (Realm realm : realms) {
if (!realm.isAvailable()) {
return false;
}
}
return true;
}
}
......@@ -73,7 +73,9 @@ public class DataSourceRealm extends RealmBase {
/**
* Descriptive information about this Realm implementation.
* @deprecated This will be removed in Tomcat 9 onwards.
*/
@Deprecated
protected static final String name = "DataSourceRealm";
......@@ -107,6 +109,12 @@ public class DataSourceRealm extends RealmBase {
protected String userTable = null;
/**
* Last connection attempt.
*/
private volatile boolean connectionSuccess = true;
// ------------------------------------------------------------- Properties
......@@ -270,6 +278,11 @@ public class DataSourceRealm extends RealmBase {
}
@Override
public boolean isAvailable() {
return connectionSuccess;
}
// -------------------------------------------------------- Package Methods
......@@ -378,22 +391,21 @@ public class DataSourceRealm extends RealmBase {
context = getServer().getGlobalNamingContext();
}
DataSource dataSource = (DataSource)context.lookup(dataSourceName);
return dataSource.getConnection();
Connection connection = dataSource.getConnection();
connectionSuccess = true;
return connection;
} catch (Exception e) {
connectionSuccess = false;
// Log the problem for posterity
containerLog.error(sm.getString("dataSourceRealm.exception"), e);
}
return null;
}
/**
* Return a short name for this Realm implementation.
*/
@Override
@Deprecated
protected String getName() {
return (name);
return name;
}
/**
......
......@@ -242,6 +242,9 @@ public class GenericPrincipal implements TomcatPrincipal, Serializable {
if (loginContext != null) {
loginContext.logout();
}
if (gssCredential != null) {
gssCredential.dispose();
}
}
......
......@@ -141,7 +141,9 @@ public class JAASRealm extends RealmBase {
/**
* Descriptive information about this <code>Realm</code> implementation.
* @deprecated This will be removed in Tomcat 9 onwards.
*/
@Deprecated
protected static final String name = "JAASRealm";
......@@ -468,14 +470,11 @@ public class JAASRealm extends RealmBase {
}
}
/**
* @return a short name for this <code>Realm</code> implementation.
*/
@Override
@Deprecated
protected String getName() {
return (name);
return name;
}
......
......@@ -93,7 +93,9 @@ public class JDBCRealm
/**
* Descriptive information about this Realm implementation.
* @deprecated This will be removed in Tomcat 9 onwards.
*/
@Deprecated
protected static final String name = "JDBCRealm";
......@@ -414,6 +416,12 @@ public class JDBCRealm
}
@Override
public boolean isAvailable() {
return (dbConnection != null);
}
/**
* Close the specified database connection.
*
......@@ -494,14 +502,10 @@ public class JDBCRealm
}
/**
* @return a short name for this Realm implementation.
*/
@Override
@Deprecated
protected String getName() {
return (name);
return name;
}
......
......@@ -236,7 +236,9 @@ public class JNDIRealm extends RealmBase {
/**
* Descriptive information about this Realm implementation.
* @deprecated This will be removed in Tomcat 9 onwards.
*/
@Deprecated
protected static final String name = "JNDIRealm";
......@@ -2167,14 +2169,10 @@ public class JNDIRealm extends RealmBase {
}
/**
* @return a short name for this Realm implementation.
*/
@Override
@Deprecated
protected String getName() {
return name;
}
......@@ -2379,6 +2377,12 @@ public class JNDIRealm extends RealmBase {
}
@Override
public boolean isAvailable() {
// Simple best effort check
return (context != null);
}
private DirContext createDirContext(Hashtable<String, String> env) throws NamingException {
if (useStartTls) {
return createTlsDirContext(env);
......
......@@ -73,6 +73,7 @@ realmBase.createUsernameRetriever.InstantiationException=Cannot create object of
realmBase.createUsernameRetriever.IllegalAccessException=Cannot create object of type {0}.
realmBase.credentialHandler.customCredentialHandler=Unable to set the property [{0}] to value [{1}] as a custom CredentialHandler has been configured
realmBase.cannotGetRoles=Cannot get roles from principal [{0}]
realmBase.gssContextNotEstablished=Authenticator implementation error: the passed security context is not fully established
userDatabaseRealm.lookup=Exception looking up UserDatabase under key {0}
userDatabaseRealm.noDatabase=No UserDatabase component found under key {0}
dataSourceRealm.authenticateFailure=Username {0} NOT successfully authenticated
......
......@@ -212,7 +212,7 @@ public class LockOutRealm extends CombinedRealm {
*/
private Principal filterLockedAccounts(String username, Principal authenticatedUser) {
// Register all failed authentications
if (authenticatedUser == null) {
if (authenticatedUser == null && isAvailable()) {
registerAuthFailure(username);
}
......
......@@ -57,7 +57,9 @@ public class MemoryRealm extends RealmBase {
/**
* Descriptive information about this Realm implementation.
* @deprecated This will be removed in Tomcat 9 onwards.
*/
@Deprecated
protected static final String name = "MemoryRealm";
......@@ -206,14 +208,10 @@ public class MemoryRealm extends RealmBase {
}
/**
* @return a short name for this Realm implementation.
*/
@Override
@Deprecated
protected String getName() {
return (name);
return name;
}
......
......@@ -28,6 +28,7 @@ public class NullRealm extends RealmBase {
private static final String NAME = "NullRealm";
@Override
@Deprecated
protected String getName() {
return NAME;
}
......
......@@ -475,7 +475,7 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm {
* {@inheritDoc}
*/
@Override
public Principal authenticate(GSSContext gssContext, boolean storeCred) {
public Principal authenticate(GSSContext gssContext, boolean storeCreds) {
if (gssContext.isEstablished()) {
GSSName gssName = null;
try {
......@@ -495,7 +495,7 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm {
}
}
GSSCredential gssCredential = null;
if (storeCred && gssContext.getCredDelegState()) {
if (storeCreds && gssContext.getCredDelegState()) {
try {
gssCredential = gssContext.getDelegCred();
} catch (GSSException e) {
......@@ -508,6 +508,8 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm {
}
return getPrincipal(name, gssCredential);
}
} else {
log.error(sm.getString("realmBase.gssContextNotEstablished"));
}
// Fail in all other cases
......@@ -1051,6 +1053,11 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm {
}
@Override
public boolean isAvailable() {
return true;
}
@Override
protected void initInternal() throws LifecycleException {
......@@ -1168,7 +1175,11 @@ public abstract class RealmBase extends LifecycleMBeanBase implements Realm {
/**
* @return a short name for this Realm implementation, for use in
* log messages.
*
* @deprecated This will be removed in Tomcat 9 onwards. Use
* {@link Class#getSimpleName()} instead.
*/
@Deprecated
protected abstract String getName();
......