String specifying the message to be written to
* the log file
*/
- public void log(String msg) {
- getServletContext().log(getServletName() + ": " + msg);
+ public void log(String message) {
+ getServletContext().log(getServletName() + ": " + message);
}
/**
diff -Nru tomcat9-9.0.27/java/javax/servlet/http/HttpServletRequestWrapper.java tomcat9-9.0.31/java/javax/servlet/http/HttpServletRequestWrapper.java
--- tomcat9-9.0.27/java/javax/servlet/http/HttpServletRequestWrapper.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/javax/servlet/http/HttpServletRequestWrapper.java 2020-02-05 19:26:48.000000000 +0000
@@ -116,8 +116,11 @@
}
/**
- * The default behavior of this method is to return getMapping() on the
- * wrapped request object.
+ * The default behavior of this method is to return
+ * {@link HttpServletRequest#getHttpServletMapping()} on the wrapped request
+ * object.
+ *
+ * @since Servlet 4.0
*/
@Override
public HttpServletMapping getHttpServletMapping() {
diff -Nru tomcat9-9.0.27/java/javax/servlet/http/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/javax/servlet/http/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/javax/servlet/http/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/javax/servlet/http/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -22,3 +22,4 @@
http.method_not_implemented=这个servlet没有为这个URI实现方法[{0}]
http.method_post_not_supported=此URL不支持Http方法POST
http.method_put_not_supported=此URL不支持HTTP方法PUT
+http.non_http=没有HTTP请求或响应
diff -Nru tomcat9-9.0.27/java/javax/servlet/http/PushBuilder.java tomcat9-9.0.31/java/javax/servlet/http/PushBuilder.java
--- tomcat9-9.0.27/java/javax/servlet/http/PushBuilder.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/javax/servlet/http/PushBuilder.java 2020-02-05 19:26:48.000000000 +0000
@@ -134,8 +134,8 @@
* fields are set to {@code null}:
* true causes the attributes
- * to be set, false disables
- * the setting of the attributes.
+ * to be used, false causes
+ * the original values to be used.
*/
public void setRequestAttributesEnabled(boolean requestAttributesEnabled);
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/ant/ServerinfoTask.java tomcat9-9.0.31/java/org/apache/catalina/ant/ServerinfoTask.java
--- tomcat9-9.0.27/java/org/apache/catalina/ant/ServerinfoTask.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/ant/ServerinfoTask.java 2020-02-05 19:26:48.000000000 +0000
@@ -14,8 +14,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
-
package org.apache.catalina.ant;
@@ -44,5 +42,4 @@
execute("/serverinfo");
}
-
}
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/authenticator/AuthenticatorBase.java tomcat9-9.0.31/java/org/apache/catalina/authenticator/AuthenticatorBase.java
--- tomcat9-9.0.27/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2020-02-05 19:26:48.000000000 +0000
@@ -19,6 +19,7 @@
import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
+import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
@@ -33,6 +34,7 @@
import javax.security.auth.message.config.RegistrationListener;
import javax.security.auth.message.config.ServerAuthConfig;
import javax.security.auth.message.config.ServerAuthContext;
+import javax.servlet.DispatcherType;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
@@ -44,7 +46,6 @@
import org.apache.catalina.Context;
import org.apache.catalina.Globals;
import org.apache.catalina.LifecycleException;
-import org.apache.catalina.Manager;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.TomcatPrincipal;
@@ -53,6 +54,7 @@
import org.apache.catalina.authenticator.jaspic.MessageInfoImpl;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
+import org.apache.catalina.filters.CorsFilter;
import org.apache.catalina.filters.RemoteIpFilter;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.util.SessionIdGeneratorBase;
@@ -63,9 +65,12 @@
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.ExceptionUtils;
+import org.apache.tomcat.util.descriptor.web.FilterDef;
+import org.apache.tomcat.util.descriptor.web.FilterMap;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.apache.tomcat.util.http.FastHttpDateFormat;
+import org.apache.tomcat.util.http.RequestUtil;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -237,12 +242,22 @@
*/
protected SingleSignOn sso = null;
+ private AllowCorsPreflight allowCorsPreflight = AllowCorsPreflight.NEVER;
+
private volatile String jaspicAppContextID = null;
private volatile Optionalcache property of our authenticator is set, and
@@ -70,19 +65,15 @@
* Realm.authenticate(), under the following keys:
*/
-
/**
* The notes key for the password used to authenticate this user.
*/
- public static final String SESS_PASSWORD_NOTE =
- "org.apache.catalina.session.PASSWORD";
-
+ public static final String SESS_PASSWORD_NOTE = "org.apache.catalina.session.PASSWORD";
/**
* The notes key for the username used to authenticate this user.
*/
- public static final String SESS_USERNAME_NOTE =
- "org.apache.catalina.session.USERNAME";
+ public static final String SESS_USERNAME_NOTE = "org.apache.catalina.session.USERNAME";
/**
@@ -90,20 +81,17 @@
* cache required information prior to the completion of authentication.
*/
-
/**
* The previously authenticated principal (if caching is disabled).
+ *
+ * @deprecated Unused. Will be removed in Tomcat 10.
*/
- public static final String FORM_PRINCIPAL_NOTE =
- "org.apache.catalina.authenticator.PRINCIPAL";
-
+ @Deprecated
+ public static final String FORM_PRINCIPAL_NOTE = "org.apache.catalina.authenticator.PRINCIPAL";
/**
* The original request information, to which the user will be
* redirected if authentication succeeds.
*/
- public static final String FORM_REQUEST_NOTE =
- "org.apache.catalina.authenticator.REQUEST";
-
-
+ public static final String FORM_REQUEST_NOTE = "org.apache.catalina.authenticator.REQUEST";
}
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/authenticator/FormAuthenticator.java tomcat9-9.0.31/java/org/apache/catalina/authenticator/FormAuthenticator.java
--- tomcat9-9.0.27/java/org/apache/catalina/authenticator/FormAuthenticator.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/authenticator/FormAuthenticator.java 2020-02-05 19:26:48.000000000 +0000
@@ -28,7 +28,6 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.catalina.Manager;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.connector.Request;
@@ -133,10 +132,6 @@
protected boolean doAuthenticate(Request request, HttpServletResponse response)
throws IOException {
- if (checkForCachedAuthentication(request, response, true)) {
- return true;
- }
-
// References to objects we will need later
Session session = null;
Principal principal = null;
@@ -147,22 +142,16 @@
if (log.isDebugEnabled()) {
log.debug("Checking for reauthenticate in session " + session);
}
- String username =
- (String) session.getNote(Constants.SESS_USERNAME_NOTE);
- String password =
- (String) session.getNote(Constants.SESS_PASSWORD_NOTE);
- if ((username != null) && (password != null)) {
+ String username = (String) session.getNote(Constants.SESS_USERNAME_NOTE);
+ String password = (String) session.getNote(Constants.SESS_PASSWORD_NOTE);
+ if (username != null && password != null) {
if (log.isDebugEnabled()) {
log.debug("Reauthenticating username '" + username + "'");
}
- principal =
- context.getRealm().authenticate(username, password);
+ principal = context.getRealm().authenticate(username, password);
if (principal != null) {
- session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
+ register(request, response, principal, HttpServletRequest.FORM_AUTH, username, password);
if (!matchRequest(request)) {
- register(request, response, principal,
- HttpServletRequest.FORM_AUTH,
- username, password);
return true;
}
}
@@ -177,20 +166,7 @@
if (matchRequest(request)) {
session = request.getSessionInternal(true);
if (log.isDebugEnabled()) {
- log.debug("Restore request from session '"
- + session.getIdInternal()
- + "'");
- }
- principal = (Principal)
- session.getNote(Constants.FORM_PRINCIPAL_NOTE);
- register(request, response, principal, HttpServletRequest.FORM_AUTH,
- (String) session.getNote(Constants.SESS_USERNAME_NOTE),
- (String) session.getNote(Constants.SESS_PASSWORD_NOTE));
- // If we're caching principals we no longer need the username
- // and password in the session, so remove them
- if (cache) {
- session.removeNote(Constants.SESS_USERNAME_NOTE);
- session.removeNote(Constants.SESS_PASSWORD_NOTE);
+ log.debug("Restore request from session '" + session.getIdInternal() + "'");
}
if (restoreRequest(request, session)) {
if (log.isDebugEnabled()) {
@@ -206,14 +182,18 @@
}
}
+ // This check has to be after the previous check for a matching request
+ // because that matching request may also include a cached Principal.
+ if (checkForCachedAuthentication(request, response, true)) {
+ return true;
+ }
+
// Acquire references to objects we will need to evaluate
String contextPath = request.getContextPath();
String requestURI = request.getDecodedRequestURI();
// Is this the action request from the login page?
- boolean loginAction =
- requestURI.startsWith(contextPath) &&
- requestURI.endsWith(Constants.FORM_ACTION);
+ boolean loginAction = requestURI.startsWith(contextPath) && requestURI.endsWith(Constants.FORM_ACTION);
LoginConfig config = context.getLoginConfig();
@@ -241,8 +221,7 @@
saveRequest(request, session);
} catch (IOException ioe) {
log.debug("Request body too big to save during authentication");
- response.sendError(HttpServletResponse.SC_FORBIDDEN,
- sm.getString("authenticator.requestBodyTooBig"));
+ response.sendError(HttpServletResponse.SC_FORBIDDEN, sm.getString("authenticator.requestBodyTooBig"));
return false;
}
forwardToLoginPage(request, response, config);
@@ -274,14 +253,21 @@
if (session == null) {
session = request.getSessionInternal(false);
}
+ if (session != null && getChangeSessionIdOnAuthentication()) {
+ // Does session id match?
+ String expectedSessionId = (String) session.getNote(Constants.SESSION_ID_NOTE);
+ if (expectedSessionId == null || !expectedSessionId.equals(request.getRequestedSessionId())) {
+ session.expire();
+ session = null;
+ }
+ }
if (session == null) {
if (containerLog.isDebugEnabled()) {
- containerLog.debug
- ("User took so long to log on the session expired");
+ containerLog.debug("User took so long to log on the session expired");
}
if (landingPage == null) {
- response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
- sm.getString("authenticator.sessionExpired"));
+ response.sendError(
+ HttpServletResponse.SC_REQUEST_TIMEOUT, sm.getString("authenticator.sessionExpired"));
} else {
// Make the authenticator think the user originally requested
// the landing page
@@ -290,19 +276,13 @@
saved.setMethod("GET");
saved.setRequestURI(uri);
saved.setDecodedRequestURI(uri);
- request.getSessionInternal(true).setNote(
- Constants.FORM_REQUEST_NOTE, saved);
+ request.getSessionInternal(true).setNote(Constants.FORM_REQUEST_NOTE, saved);
response.sendRedirect(response.encodeRedirectURL(uri));
}
return false;
}
- // Save the authenticated Principal in our session
- session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
-
- // Save the username and password as well
- session.setNote(Constants.SESS_USERNAME_NOTE, username);
- session.setNote(Constants.SESS_PASSWORD_NOTE, password);
+ register(request, response, principal, HttpServletRequest.FORM_AUTH, username, password);
// Redirect the user to the original request URI (which will cause
// the original request to be restored)
@@ -312,8 +292,7 @@
}
if (requestURI == null) {
if (landingPage == null) {
- response.sendError(HttpServletResponse.SC_BAD_REQUEST,
- sm.getString("authenticator.formlogin"));
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST, sm.getString("authenticator.formlogin"));
} else {
// Make the authenticator think the user originally requested
// the landing page
@@ -331,15 +310,12 @@
Response internalResponse = request.getResponse();
String location = response.encodeRedirectURL(requestURI);
if ("HTTP/1.1".equals(request.getProtocol())) {
- internalResponse.sendRedirect(location,
- HttpServletResponse.SC_SEE_OTHER);
+ internalResponse.sendRedirect(location, HttpServletResponse.SC_SEE_OTHER);
} else {
- internalResponse.sendRedirect(location,
- HttpServletResponse.SC_FOUND);
+ internalResponse.sendRedirect(location, HttpServletResponse.SC_FOUND);
}
}
return false;
-
}
@@ -380,6 +356,33 @@
}
+ @Override
+ protected void register(Request request, HttpServletResponse response,
+ Principal principal, String authType, String username,
+ String password, boolean alwaysUseSession, boolean cache) {
+
+ super.register(request, response, principal, authType, username, password, alwaysUseSession, cache);
+
+ // If caching an authenticated Principal is turned off,
+ // store username and password as session notes to use them for re-authentication.
+ if (!cache) {
+ Session session = request.getSessionInternal(false);
+ if (session != null) {
+ if (username != null) {
+ session.setNote(Constants.SESS_USERNAME_NOTE, username);
+ } else {
+ session.removeNote(Constants.SESS_USERNAME_NOTE);
+ }
+ if (password != null) {
+ session.setNote(Constants.SESS_PASSWORD_NOTE, password);
+ } else {
+ session.removeNote(Constants.SESS_PASSWORD_NOTE);
+ }
+ }
+ }
+ }
+
+
/**
* Called to forward to the login page
*
@@ -414,9 +417,8 @@
if (getChangeSessionIdOnAuthentication()) {
Session session = request.getSessionInternal(false);
if (session != null) {
- Manager manager = request.getContext().getManager();
- manager.changeSessionId(session);
- request.changeSessionId(session.getId());
+ String newSessionId = changeSessionID(request, session);
+ session.setNote(Constants.SESSION_ID_NOTE, newSessionId);
}
}
@@ -503,17 +505,24 @@
}
// Is there a saved request?
- SavedRequest sreq =
- (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
+ SavedRequest sreq = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
if (sreq == null) {
return false;
}
// Is there a saved principal?
- if (session.getNote(Constants.FORM_PRINCIPAL_NOTE) == null) {
+ if (cache && session.getPrincipal() == null || !cache && request.getPrincipal() == null) {
return false;
}
+ // Does session id match?
+ if (getChangeSessionIdOnAuthentication()) {
+ String expectedSessionId = (String) session.getNote(Constants.SESSION_ID_NOTE);
+ if (expectedSessionId == null || !expectedSessionId.equals(request.getRequestedSessionId())) {
+ return false;
+ }
+ }
+
// Does the request URI match?
String decodedRequestURI = request.getDecodedRequestURI();
if (decodedRequestURI == null) {
@@ -538,10 +547,9 @@
throws IOException {
// Retrieve and remove the SavedRequest object from our session
- SavedRequest saved = (SavedRequest)
- session.getNote(Constants.FORM_REQUEST_NOTE);
+ SavedRequest saved = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
session.removeNote(Constants.FORM_REQUEST_NOTE);
- session.removeNote(Constants.FORM_PRINCIPAL_NOTE);
+ session.removeNote(Constants.SESSION_ID_NOTE);
if (saved == null) {
return false;
}
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/authenticator/jaspic/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/catalina/authenticator/jaspic/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/catalina/authenticator/jaspic/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/authenticator/jaspic/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -13,6 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+authConfigFactoryImpl.load=从[{0}]加载持久化提供者注册信息
authConfigFactoryImpl.zeroLengthAppContext=:)应用上下文名称的长度为0是无效的
authConfigFactoryImpl.zeroLengthMessageLayer=零长度的消息层名称是无效的
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/authenticator/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/catalina/authenticator/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/catalina/authenticator/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/authenticator/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -34,13 +34,20 @@
digestAuthenticator.cacheRemove=已从客户端 nonce 缓存中删除有效条目,以便为新条目腾出空间。重播攻击现在是可能的。为防止重播攻击的可能性,请降低nonceValidity或增加nonceCacheSize。此类型的进一步警告将被抑制5分钟。
+formAuthenticator.noErrorPage=没有为上下文[{0}]中的表单身份验证定义错误页
+
+singleSignOn.debug.associate=SSO将应用程序会话[{1}]与SSO会话[{0}]关联
singleSignOn.debug.cookieCheck=SSO检查SSO cookie
singleSignOn.debug.cookieNotFound=SSO没有找到SSO cookie
+singleSignOn.debug.deregisterFail=SSO撤销登记SSO会话[{0}]失败,因为缓存中不包含这个SSO会话
+singleSignOn.debug.hasPrincipal=找到以前经过身份验证的主体[{0}]
+singleSignOn.debug.invoke=SSO为[{0}]处理请求
singleSignOn.debug.principalCheck=SSO为SSO会话[{0}]寻找缓存的Principal
singleSignOn.debug.principalFound=SSO 找到了带着认证类型的缓存代理
singleSignOn.debug.removeSession=SSO 从 SSO session [{1}] 中删除应用程序会话 [{0}]
singleSignOn.debug.update=SSO 更新SSO 会话[{0}] 对认证 类型[{1}]
singleSignOn.sessionExpire.hostNotFound=因为 Host 丢失,SSO 无法使 session [{0}] 失效
singleSignOn.sessionExpire.managerError=由于会话管理器在检索会话时抛出异常,导致单点登录无法使会话[{0}]失效
+singleSignOn.sessionExpire.managerNotFound=SSO无法使会话[{0}]过期,因为找不到管理器
spnegoAuthenticator.authHeaderNoToken=客户端发送的协商授权 header 未包含 token
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/connector/Connector.java tomcat9-9.0.31/java/org/apache/catalina/connector/Connector.java
--- tomcat9-9.0.27/java/org/apache/catalina/connector/Connector.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/connector/Connector.java 2020-02-05 19:26:48.000000000 +0000
@@ -25,6 +25,7 @@
import javax.management.ObjectName;
+import org.apache.catalina.Globals;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.Service;
@@ -165,6 +166,16 @@
/**
+ * The flag that controls recycling of the facades of the request
+ * processing objects. If set to true the object facades
+ * will be discarded when the request is recycled. If the security
+ * manager is enabled, this setting is ignored and object facades are
+ * always discarded.
+ */
+ protected boolean discardFacades = RECYCLE_FACADES;
+
+
+ /**
* The redirect port for non-SSL to SSL redirects.
*/
protected int redirectPort = 443;
@@ -372,6 +383,25 @@
}
+ /**
+ * @return true if the object facades are discarded, either
+ * when the discardFacades value is true or when the
+ * security manager is enabled.
+ */
+ public boolean getDiscardFacades() {
+ return discardFacades || Globals.IS_SECURITY_ENABLED;
+ }
+
+
+ /**
+ * Set the recycling strategy for the object facades.
+ * @param discardFacades the new value of the flag
+ */
+ public void setDiscardFacades(boolean discardFacades) {
+ this.discardFacades = discardFacades;
+ }
+
+
/**
* @return the "enable DNS lookups" flag.
*/
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/connector/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/catalina/connector/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/catalina/connector/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/connector/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -13,6 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+coyoteAdapter.authorize=(:使用Tomcat的领域授权用户[{0}]
coyoteAdapter.checkRecycled.response=遇到非回收的相应并强行回收。
coyoteAdapter.debug=变量[{0}]的值为[{1}]。
@@ -23,20 +24,28 @@
coyoteConnector.protocolHandlerNoAprLibrary=配置的协议[{0}]需要不可用的APR/本机库
coyoteConnector.protocolHandlerNoAprListener=配置的协议[{0}]需要不可用的aprlifecycleListener
coyoteConnector.protocolHandlerPauseFailed=协议处理程序暂停失败
+coyoteConnector.protocolHandlerStartFailed=协议处理器启动失败
coyoteConnector.protocolHandlerStopFailed=协议处理程序.停止失败
coyoteInputStream.nbNotready=在非阻塞模式下,只有之前的读数据完成,并且isReady()方法返回true,你才可以使用 ServletInputStream 读取数据
+coyoteRequest.attributeEvent=属性事件侦听器引发的异常
+coyoteRequest.authenticate.ise=):提交响应后无法调用authenticate()
coyoteRequest.changeSessionId=无法更改 session ID。 没有与此请求关联的 session。
coyoteRequest.chunkedPostTooLarge=由于请求参数数据太大,导致参数不能解析。因为当前请求是块状请求,后续也不会处理。如果应用程序需要接收大的POST请求,可以使用连接器的maxPostSize解决它。
coyoteRequest.filterAsyncSupportUnknown=无法确定是否有任何过滤器不支持异步处理
coyoteRequest.gssLifetimeFail=为用户主体 [{0}] 获取剩余生命期失败
+coyoteRequest.maxPostSizeExceeded=):大多部分请求包含的参数数据(不包括上载的文件)超过了关联连接器上设置的maxPostSize 的限制
coyoteRequest.noMultipartConfig=由于没有提供multi-part配置,无法处理parts
coyoteRequest.sendfileNotCanonical=无法确定指定用于sendfile的文件[{0}]的规范名称
+coyoteRequest.sessionCreateCommitted=提交响应后无法创建会话
coyoteRequest.sessionEndAccessFail=在回收请求时,异常触发了对会话的结束访问。
coyoteRequest.setAttribute.namenull=不能在一个空的名字上调用setAttribute
+coyoteRequest.uploadLocationInvalid=临时上传路径[{0}]无效
coyoteResponse.encoding.invalid=JRE无法识别编码[{0}]
+coyoteResponse.getWriter.ise=当前响应已经调用了方法getOutputStream()
+coyoteResponse.reset.ise=已经提交响应后无法调用reset()
coyoteResponse.sendError.ise=响应提交后无法调用sendError()
coyoteResponse.sendRedirect.note=重定向到{0}
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/connector/mbeans-descriptors.xml tomcat9-9.0.31/java/org/apache/catalina/connector/mbeans-descriptors.xml --- tomcat9-9.0.27/java/org/apache/catalina/connector/mbeans-descriptors.xml 2019-10-07 09:50:40.000000000 +0000 +++ tomcat9-9.0.31/java/org/apache/catalina/connector/mbeans-descriptors.xml 2020-02-05 19:26:48.000000000 +0000 @@ -44,6 +44,10 @@ description="Send AJP flush package for each explicit flush" type="boolean"/> +true if no connector is associated with this request
+ */
+ public boolean getDiscardFacades() {
+ return (connector == null) ? true : connector.getDiscardFacades();
+ }
+
+
+ /**
* Filter chain associated with the request.
*/
protected FilterChain filterChain = null;
@@ -2658,13 +2668,6 @@
}
- /**
- * Changes the session ID of the session associated with this request.
- *
- * @return the old session ID before it was changed
- * @see javax.servlet.http.HttpSessionIdListener
- * @since Servlet 3.1
- */
@Override
public String changeSessionId() {
@@ -2675,9 +2678,8 @@
}
Manager manager = this.getContext().getManager();
- manager.changeSessionId(session);
- String newSessionId = session.getId();
+ String newSessionId = manager.rotateSessionId(session);
this.changeSessionId(newSessionId);
return newSessionId;
@@ -2906,7 +2908,7 @@
} catch (InvalidContentTypeException e) {
parameters.setParseFailedReason(FailReason.INVALID_CONTENT_TYPE);
partsParseException = new ServletException(e);
- } catch (FileUploadBase.SizeException e) {
+ } catch (SizeException e) {
parameters.setParseFailedReason(FailReason.POST_TOO_LARGE);
checkSwallowInput();
partsParseException = new IllegalStateException(e);
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/connector/Response.java tomcat9-9.0.31/java/org/apache/catalina/connector/Response.java
--- tomcat9-9.0.27/java/org/apache/catalina/connector/Response.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/connector/Response.java 2020-02-05 19:26:48.000000000 +0000
@@ -44,7 +44,6 @@
import javax.servlet.http.HttpServletResponseWrapper;
import org.apache.catalina.Context;
-import org.apache.catalina.Globals;
import org.apache.catalina.Session;
import org.apache.catalina.security.SecurityUtil;
import org.apache.catalina.util.SessionConfig;
@@ -229,7 +228,7 @@
isCharacterEncodingSet = false;
applicationResponse = null;
- if (Globals.IS_SECURITY_ENABLED || Connector.RECYCLE_FACADES) {
+ if (getRequest().getDiscardFacades()) {
if (facade != null) {
facade.clear();
facade = null;
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/Context.java tomcat9-9.0.31/java/org/apache/catalina/Context.java
--- tomcat9-9.0.27/java/org/apache/catalina/Context.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/Context.java 2020-02-05 19:26:48.000000000 +0000
@@ -1393,6 +1393,7 @@
*/
public JspConfigDescriptor getJspConfigDescriptor();
+
/**
* Set the JspConfigDescriptor for this context.
* A null value indicates there is not JSP configuration.
@@ -1401,6 +1402,7 @@
*/
public void setJspConfigDescriptor(JspConfigDescriptor descriptor);
+
/**
* Add a ServletContainerInitializer instance to this web application.
*
@@ -1411,6 +1413,7 @@
public void addServletContainerInitializer(
ServletContainerInitializer sci, Settrue if the origin was valid
* @see RFC952
+ *
+ * @deprecated This will be removed in Tomcat 10
+ * Use {@link RequestUtil#isValidOrigin(String)}
*/
+ @Deprecated
protected static boolean isValidOrigin(String origin) {
- // Checks for encoded characters. Helps prevent CRLF injection.
- if (origin.contains("%")) {
- return false;
- }
-
- // "null" is a valid origin
- if ("null".equals(origin)) {
- return true;
- }
-
- // RFC6454, section 4. "If uri-scheme is file, the implementation MAY
- // return an implementation-defined value.". No limits are placed on
- // that value so treat all file URIs as valid origins.
- if (origin.startsWith("file://")) {
- return true;
- }
-
- URI originURI;
- try {
- originURI = new URI(origin);
- } catch (URISyntaxException e) {
- return false;
- }
- // If scheme for URI is null, return false. Return true otherwise.
- return originURI.getScheme() != null;
-
+ return RequestUtil.isValidOrigin(origin);
}
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/filters/CsrfPreventionFilter.java tomcat9-9.0.31/java/org/apache/catalina/filters/CsrfPreventionFilter.java
--- tomcat9-9.0.27/java/org/apache/catalina/filters/CsrfPreventionFilter.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/filters/CsrfPreventionFilter.java 2020-02-05 19:26:48.000000000 +0000
@@ -24,6 +24,7 @@
import java.util.Set;
import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
@@ -32,6 +33,9 @@
import javax.servlet.http.HttpServletResponseWrapper;
import javax.servlet.http.HttpSession;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+
/**
* Provides basic CSRF protection for a web application. The filter assumes
* that:
@@ -43,11 +47,14 @@
*
*/
public class CsrfPreventionFilter extends CsrfPreventionFilterBase {
+ private final Log log = LogFactory.getLog(CsrfPreventionFilter.class);
private final Set@@ -1247,22 +1248,57 @@ return excludedResponseStatusCodes; } + /** - *
* Returns the expiration date of the given {@link XHttpServletResponse} or * {@code null} if no expiration date has been configured for the * declared content type. - *
** {@code protected} for extension. - *
* - * @param response The Servlet response + * @param response The wrapped HTTP response + * * @return the expiration date * @see HttpServletResponse#getContentType() + * + * @deprecated Will be removed in Tomcat 10. + * Use {@link #getExpirationDate(HttpServletRequest, XHttpServletResponse)} */ + @Deprecated protected Date getExpirationDate(XHttpServletResponse response) { + return getExpirationDate((HttpServletRequest) null, response); + } + + + /** + * Returns the expiration date of the given {@link XHttpServletResponse} or + * {@code null} if no expiration date has been configured for the + * declared content type. + *
+ * {@code protected} for extension.
+ *
+ * @param request The HTTP request
+ * @param response The wrapped HTTP response
+ *
+ * @return the expiration date
+ * @see HttpServletResponse#getContentType()
+ */
+ protected Date getExpirationDate(HttpServletRequest request, XHttpServletResponse response) {
String contentType = response.getContentType();
+ if (contentType == null && request != null &&
+ request.getHttpServletMapping().getMappingMatch() == MappingMatch.DEFAULT &&
+ response.getStatus() == HttpServletResponse.SC_NOT_MODIFIED) {
+ // Default servlet normally sets the content type but does not for
+ // 304 responses. Look it up.
+ String servletPath = request.getServletPath();
+ if (servletPath != null) {
+ int lastSlash = servletPath.lastIndexOf('/');
+ if (lastSlash > -1) {
+ String fileName = servletPath.substring(lastSlash + 1);
+ contentType = request.getServletContext().getMimeType(fileName);
+ }
+ }
+ }
if (contentType != null) {
contentType = contentType.toLowerCase(Locale.ENGLISH);
}
@@ -1485,7 +1521,7 @@
return;
}
- Date expirationDate = getExpirationDate(response);
+ Date expirationDate = getExpirationDate(request, response);
if (expirationDate == null) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("expiresFilter.noExpirationConfigured",
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/filters/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/catalina/filters/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/catalina/filters/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/filters/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -17,19 +17,32 @@
corsFilter.nullRequest=HttpServletRequest 对象为空
corsFilter.nullRequestType=CORSRequestType对象为空(null)
corsFilter.onlyHttp=CORS不支持非HTTP请求或响应
+corsFilter.wrongType1=期望类型为[{0}]的HttpServletRequest对象
+corsFilter.wrongType2=期望类型为[{0}]或[{1}]的HttpServletRequest对象
-csrfPrevention.invalidRandomClass=不能使用class [{0}]创建随机源.
+csrfPrevention.invalidRandomClass=不能使用class [{0}]创建随机源。
+expiresFilter.invalidDurationNumber=指令[{1}]中的持续时间(数字)[{0}]无效
+expiresFilter.noDurationFound=在指令[{0}]中找不到持续时间
expiresFilter.noExpirationConfigured=请求[{0}],其响应状态为[{1}]内容类型[{2}],未配置到期日期
expiresFilter.noExpirationConfiguredForContentType=没有为 content-type [{0}] 找到过期配置
+expiresFilter.responseAlreadyCommited=请求[{0}],无法对已提交的响应应用ExpiresFilter。
expiresFilter.startingPointInvalid=在指令[{1}]中无效的起点(访问|现在|修改|a<秒>|m<秒>)[{0}]
+expiresFilter.startingPointNotFound=起始点(access|now|modification|a
\n" +
"
Implementation of Realm that works with a directory
@@ -1527,7 +1528,6 @@
containerLog.debug("Found user by search [" + user + "]");
}
}
-
if (userPassword == null && credentials != null && user != null) {
// The password is available. Insert it since it may be required for
// role searches.
@@ -2222,7 +2222,7 @@
try {
User user = getUser(open(), username, null);
- if (user == null) {
+ if (user == null) {
// User should be found...
return null;
} else {
@@ -2246,6 +2246,22 @@
}
@Override
+ protected Principal getPrincipal(GSSName gssName,
+ GSSCredential gssCredential) {
+ String name = gssName.toString();
+
+ if (isStripRealmForGss()) {
+ int i = name.indexOf('@');
+ if (i > 0) {
+ // Zero so we don't leave a zero length name
+ name = name.substring(0, i);
+ }
+ }
+
+ return getPrincipal(name, gssCredential);
+ }
+
+ @Override
protected Principal getPrincipal(String username,
GSSCredential gssCredential) {
@@ -2341,12 +2357,14 @@
roles = getRoles(context, user);
}
} finally {
- restoreEnvironmentParameter(context,
- Context.SECURITY_AUTHENTICATION, preservedEnvironment);
- restoreEnvironmentParameter(context,
- "javax.security.sasl.server.authentication", preservedEnvironment);
- restoreEnvironmentParameter(context, "javax.security.sasl.qop",
- preservedEnvironment);
+ if (gssCredential != null && isUseDelegatedCredential()) {
+ restoreEnvironmentParameter(context,
+ Context.SECURITY_AUTHENTICATION, preservedEnvironment);
+ restoreEnvironmentParameter(context,
+ "javax.security.sasl.server.authentication", preservedEnvironment);
+ restoreEnvironmentParameter(context, "javax.security.sasl.qop",
+ preservedEnvironment);
+ }
}
if (user != null) {
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/realm/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/catalina/realm/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/catalina/realm/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/realm/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -21,15 +21,24 @@
jaasCallback.username=返回用户名 [{0}]
+jaasMemoryLoginModule.invalidCredentials=用户名或密码不正确
+jaasMemoryLoginModule.noConfig=无法加载配置文件 [{0}]
+
+jaasRealm.authenticateFailure=用户 [{0}] 认证失败
jaasRealm.authenticateSuccess=用户名 [{0}] 已被成功认证为身份 [{1}] -- 主体也已创建
+jaasRealm.classNotFound=找不到类 [{0}]
jaasRealm.failedLogin=由于登录失败,用户名 [{0}] 无法授权
jaasRealm.loginContextCreated=为用户名创建的JAAS 登陆上下文[{0}]
jaasRealm.loginException=登录异常,认证用户名 [{0}]
+jdbcRealm.authenticateFailure=用户名称[{0}]未校验成功
+jdbcRealm.open=打开数据库连接时发生异常
+
jndiRealm.authenticateFailure=用户名[{0}]没有成功认证
jndiRealm.authenticateSuccess=用户名[{0}]成功认证
jndiRealm.cipherSuites=启用 [{0}] 作为 TLS 连接的加密套件。
jndiRealm.exception=执行认证异常
+jndiRealm.negotiatedTls=使用协议[{0}]协商的TLS连接
jndiRealm.open=打开目录服务器链接异常
lockOutRealm.authLockedUser=尝试对锁定的用户[{0}]进行身份验证
@@ -37,6 +46,7 @@
memoryRealm.loadExist=内存数据库文件[{0}]无法读取
memoryRealm.loadPath=从内存数据库文件 [{0}] 加载用户
memoryRealm.readXml=读取内存数据库文件时出现异常
+memoryRealm.xmlFeatureEncoding=配置Digester以允许XML文件中的java编码名称的异常。只支持IANA编码名称。
pbeCredentialHandler.invalidKeySpec=无法生成基于密码的密钥
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/realm/LockOutRealm.java tomcat9-9.0.31/java/org/apache/catalina/realm/LockOutRealm.java
--- tomcat9-9.0.27/java/org/apache/catalina/realm/LockOutRealm.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/realm/LockOutRealm.java 2020-02-05 19:26:48.000000000 +0000
@@ -27,6 +27,7 @@
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSName;
@@ -200,6 +201,18 @@
return null;
}
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public Principal authenticate(GSSName gssName, GSSCredential gssCredential) {
+ String username = gssName.toString();
+
+ Principal authenticatedUser = super.authenticate(gssName, gssCredential);
+
+ return filterLockedAccounts(username, authenticatedUser);
+ }
+
/*
* Filters authenticated principals to ensure that null is
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/realm/RealmBase.java tomcat9-9.0.31/java/org/apache/catalina/realm/RealmBase.java
--- tomcat9-9.0.27/java/org/apache/catalina/realm/RealmBase.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/realm/RealmBase.java 2020-02-05 19:26:48.000000000 +0000
@@ -16,7 +16,6 @@
*/
package org.apache.catalina.realm;
-
import java.beans.PropertyChangeListener;
import java.beans.PropertyChangeSupport;
import java.io.IOException;
@@ -149,7 +148,6 @@
// ------------------------------------------------------------- Properties
-
/**
* @return The HTTP status code used when the container needs to issue an
* HTTP redirect to meet the requirements of a configured transport
@@ -368,6 +366,7 @@
}
}
+
/**
* Try to authenticate with the specified username, which
* matches the digest calculated using the given parameters using the
@@ -497,16 +496,7 @@
}
}
- String name = gssName.toString();
-
- if (isStripRealmForGss()) {
- int i = name.indexOf('@');
- if (i > 0) {
- // Zero so we don't leave a zero length name
- name = name.substring(0, i);
- }
- }
- return getPrincipal(name, gssCredential);
+ return getPrincipal(gssName, gssCredential);
}
} else {
log.error(sm.getString("realmBase.gssContextNotEstablished"));
@@ -518,6 +508,19 @@
/**
+ * {@inheritDoc}
+ */
+ @Override
+ public Principal authenticate(GSSName gssName, GSSCredential gssCredential) {
+ if (gssName == null) {
+ return null;
+ }
+
+ return getPrincipal(gssName, gssCredential);
+ }
+
+
+ /**
* Execute a periodic task, such as reloading, etc. This method will be
* invoked inside the classloading context of this container. Unexpected
* throwables will be caught and logged.
@@ -1220,6 +1223,16 @@
protected abstract Principal getPrincipal(String username);
+ /**
+ * Get the principal associated with the specified user name.
+ *
+ * @param username The user name
+ * @param gssCredential the GSS credential of the principal
+ * @return the principal associated with the given user name.
+ * @deprecated This will be removed in Tomcat 10 onwards. Use
+ * {@link #getPrincipal(GSSName, GSSCredential)} instead.
+ */
+ @Deprecated
protected Principal getPrincipal(String username,
GSSCredential gssCredential) {
Principal p = getPrincipal(username);
@@ -1231,6 +1244,36 @@
return p;
}
+
+ /**
+ * Get the principal associated with the specified {@link GSSName}.
+ *
+ * @param gssName The GSS name
+ * @param gssCredential the GSS credential of the principal
+ * @return the principal associated with the given user name.
+ */
+ protected Principal getPrincipal(GSSName gssName,
+ GSSCredential gssCredential) {
+ String name = gssName.toString();
+
+ if (isStripRealmForGss()) {
+ int i = name.indexOf('@');
+ if (i > 0) {
+ // Zero so we don't leave a zero length name
+ name = name.substring(0, i);
+ }
+ }
+
+ Principal p = getPrincipal(name);
+
+ if (p instanceof GenericPrincipal) {
+ ((GenericPrincipal) p).setGssCredential(gssCredential);
+ }
+
+ return p;
+ }
+
+
/**
* Return the Server object that is the ultimate parent for the container
* with which this Realm is associated. If the server cannot be found (eg
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/Realm.java tomcat9-9.0.31/java/org/apache/catalina/Realm.java
--- tomcat9-9.0.27/java/org/apache/catalina/Realm.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/Realm.java 2020-02-05 19:26:48.000000000 +0000
@@ -25,6 +25,8 @@
import org.apache.catalina.connector.Response;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSName;
/**
* A Realm is a read-only facade for an underlying security realm
@@ -117,6 +119,22 @@
/**
+ * Try to authenticate using a {@link GSSName}
+ *
+ * Note that this default method will be turned into an abstract one in
+ * Tomcat 10.
+ *
+ * @param gssName The {@link GSSName} of the principal to look up
+ * @param gssCredential The {@link GSSCredential} of the principal, may be
+ * {@code null}
+ * @return the associated principal, or {@code null} if there is none
+ */
+ public default Principal authenticate(GSSName gssName, GSSCredential gssCredential) {
+ return null;
+ }
+
+
+ /**
* Try to authenticate using {@link X509Certificate}s
*
* @param certs Array of client certificates, with the first one in
@@ -211,7 +229,9 @@
* Return roles associated with given principal
* @param principal the {@link Principal} to get the roles for.
* @return principal roles
+ * @deprecated This will be removed in Tomcat 10.
*/
+ @Deprecated
public String[] getRoles(Principal principal);
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/servlets/DefaultServlet.java tomcat9-9.0.31/java/org/apache/catalina/servlets/DefaultServlet.java
--- tomcat9-9.0.27/java/org/apache/catalina/servlets/DefaultServlet.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/servlets/DefaultServlet.java 2020-02-05 19:26:48.000000000 +0000
@@ -1815,14 +1815,18 @@
String rewrittenContextPath = rewriteUrl(contextPath);
// Render the page header
- sb.append("\r\n");
+ sb.append("\r\n");
+ /* TODO Activate this as soon as we use smClient with the request locales
+ sb.append("\r\n");
+ */
sb.append("
@@ -120,6 +123,8 @@
* http://host:port/context/webdavedit/content
*
* @author Remy Maucherat
+ *
+ * @see RFC 4918
*/
public class WebdavServlet extends DefaultServlet {
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/session/FileStore.java tomcat9-9.0.31/java/org/apache/catalina/session/FileStore.java
--- tomcat9-9.0.27/java/org/apache/catalina/session/FileStore.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/session/FileStore.java 2020-02-05 19:26:48.000000000 +0000
@@ -127,17 +127,17 @@
@Override
public int getSize() throws IOException {
// Acquire the list of files in our storage directory
- File file = directory();
- if (file == null) {
+ File dir = directory();
+ if (dir == null) {
return 0;
}
- String files[] = file.list();
+ String files[] = dir.list();
// Figure out which files are sessions
int keycount = 0;
if (files != null) {
- for (int i = 0; i < files.length; i++) {
- if (files[i].endsWith(FILE_EXT)) {
+ for (String file : files) {
+ if (file.endsWith(FILE_EXT)) {
keycount++;
}
}
@@ -172,24 +172,23 @@
@Override
public String[] keys() throws IOException {
// Acquire the list of files in our storage directory
- File file = directory();
- if (file == null) {
+ File dir = directory();
+ if (dir == null) {
return new String[0];
}
-
- String files[] = file.list();
+ String files[] = dir.list();
// Bugzilla 32130
- if((files == null) || (files.length < 1)) {
+ if (files == null || files.length < 1) {
return new String[0];
}
// Build and return the list of session identifiers
List
- * This class provides a set of convenience methods for configuring webapp
- * contexts, all overloads of the method
* In complex cases, you may prefer to use the ordinary Tomcat API to create
@@ -223,17 +226,22 @@
hostname = s;
}
+
/**
- * This is equivalent to adding a web application to Tomcat's webapps
- * directory. The equivalent of the default web.xml will be applied to the
- * web application and any WEB-INF/web.xml and META-INF/context.xml packaged
- * with the application will be processed normally. Normal web fragment and
- * {@link javax.servlet.ServletContainerInitializer} processing will be
- * applied.
+ * This is equivalent to adding a web application to a Host's appBase
+ * (usually Tomcat's webapps directory). By default, the equivalent of the
+ * default web.xml will be applied to the web application (see
+ * {@link #initWebappDefaults(String)}). This may be prevented by calling
+ * {@link #setAddDefaultWebXmlToWebapp(boolean)} with {@code false}. Any
+ *
+ * An example {@code rewrite.config} file could look like:
+ *
+ * This method will be called, if there are more than one parameters defined.
+ *
+ * @param params the optional parameters
+ */
+ default void setParameters(String... params) {
+ if (params == null) {
+ return;
+ }
+ if (params.length > 1) {
+ throw new IllegalArgumentException("Too many parameters for this map");
+ }
+ setParameters(params[0]);
+ }
+
+ /**
+ * Maps a key to a replacement value.
+ * The default implementation is a NO-OP.
+ *
+ * @param protocol The HTTP/1.1 protocol implementation that will initially
+ * handle any connections passed to this UpgradeProtocol via
+ * the HTTP upgrade mechanism
+ */
+ public default void setHttp11Protocol(AbstractProtocol protocol) {
+ // NO-OP
+ }
}
diff -Nru tomcat9-9.0.27/java/org/apache/jasper/compiler/Compiler.java tomcat9-9.0.31/java/org/apache/jasper/compiler/Compiler.java
--- tomcat9-9.0.27/java/org/apache/jasper/compiler/Compiler.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/jasper/compiler/Compiler.java 2020-02-05 19:26:48.000000000 +0000
@@ -101,9 +101,9 @@
/**
* Compile the jsp file into equivalent servlet in .java file
*
- * @throws Exception Error generating Java source
- *
* @return A map of class names to JSR 045 source maps
+ *
+ * @throws Exception Error generating Java source
*/
protected Map
* All operations defined here are essentially no-op's.
*
* This class is immutable, and therefore thread-safe.
+ *
* This class is intended to be thread-safe.
+ *
* This class is immutable and thread-safe.
+ *
* This class is immutable and thread-safe.
+ *
* Note that the current implementation uses a ConcurrentHashMap which uses
* equals() to compare keys.
* This means that distinct instance keys must be distinguishable using equals.
+ *
* Optionally, one may configure the pool to examine and possibly evict objects
* as they sit idle in the pool and to ensure that a minimum number of idle
@@ -62,12 +64,15 @@
* configuring this optional feature. Eviction runs contend with client threads
* for access to objects in the pool, so if they run too frequently performance
* issues may result.
+ *
* Implementation note: To prevent possible deadlocks, care has been taken to
* ensure that no call to a factory method will occur within a synchronization
* block. See POOL-125 and DBCP-44 for more information.
+ *
* This class is intended to be thread-safe.
+ *
* When coupled with the appropriate {@link PooledObjectFactory},
*
* Optionally, one may configure the pool to examine and possibly evict objects
* as they sit idle in the pool and to ensure that a minimum number of idle
@@ -46,7 +47,8 @@
* which runs asynchronously. Caution should be used when configuring this
* optional feature. Eviction runs contend with client threads for access to
* objects in the pool, so if they run too frequently performance issues may
- * result.addWebapp. These methods
- * create a webapp context, configure it, and then add it to a {@link Host}.
- * They do not use a global default web.xml; rather, they add a lifecycle
- * listener that adds the standard DefaultServlet, JSP processing, and welcome
- * files.
+ * This class provides a set of convenience methods for configuring web
+ * application contexts; all overloads of the method addWebapp().
+ * These methods are equivalent to adding a web application to the Host's
+ * appBase (normally the webapps directory). These methods create a Context,
+ * configure it with the equivalent of the defaults provided by
+ * conf/web.xml (see {@link #initWebappDefaults(String)} for
+ * details) and add the Context to a Host. These methods do not use a global
+ * default web.xml; rather, they add a {@link LifecycleListener} to configure
+ * the defaults. Any WEB-INF/web.xml and META-INF/context.xml packaged with the
+ * application will be processed normally. Normal web fragment and
+ * {@link javax.servlet.ServletContainerInitializer} processing will be applied.
*
* WEB-INF/web.xml and META-INF/context.xml
+ * packaged with the application will always be processed and normal web
+ * fragment and {@link javax.servlet.ServletContainerInitializer} processing
+ * will always be applied.
*
* @param contextPath The context mapping to use, "" for root context.
- * @param docBase Base directory for the context, for static files.
- * Must exist, relative to the server home
+ * @param docBase Base directory for the context, for static files. Must
+ * exist, relative to the server home
+ *
* @return the deployed context
*/
public Context addWebapp(String contextPath, String docBase) {
@@ -676,13 +684,24 @@
return ctx;
}
+
/**
- * @param host The host in which the context will be deployed
+ * This is equivalent to adding a web application to a Host's appBase
+ * (usually Tomcat's webapps directory). By default, the equivalent of the
+ * default web.xml will be applied to the web application (see
+ * {@link #initWebappDefaults(String)}). This may be prevented by calling
+ * {@link #setAddDefaultWebXmlToWebapp(boolean)} with {@code false}. Any
+ * WEB-INF/web.xml and META-INF/context.xml
+ * packaged with the application will always be processed and normal web
+ * fragment and {@link javax.servlet.ServletContainerInitializer} processing
+ * will always be applied.
+ *
+ * @param host The host in which the context will be deployed
* @param contextPath The context mapping to use, "" for root context.
- * @param docBase Base directory for the context, for static files.
- * Must exist, relative to the server home
+ * @param docBase Base directory for the context, for static files. Must
+ * exist, relative to the server home
+ *
* @return the deployed context
- * @see #addWebapp(String, String)
*/
public Context addWebapp(Host host, String contextPath, String docBase) {
LifecycleListener listener = null;
@@ -698,14 +717,27 @@
return addWebapp(host, contextPath, docBase, listener);
}
+
/**
- * @param host The host in which the context will be deployed
+ * This is equivalent to adding a web application to a Host's appBase
+ * (usually Tomcat's webapps directory). By default, the equivalent of the
+ * default web.xml will be applied to the web application (see
+ * {@link #initWebappDefaults(String)}). This may be prevented by calling
+ * {@link #setAddDefaultWebXmlToWebapp(boolean)} with {@code false}. Any
+ * WEB-INF/web.xml and META-INF/context.xml
+ * packaged with the application will always be processed and normal web
+ * fragment and {@link javax.servlet.ServletContainerInitializer} processing
+ * will always be applied.
+ *
+ * @param host The host in which the context will be deployed
* @param contextPath The context mapping to use, "" for root context.
- * @param docBase Base directory for the context, for static files.
- * Must exist, relative to the server home
- * @param config Custom context configurator helper
+ * @param docBase Base directory for the context, for static files. Must
+ * exist, relative to the server home
+ * @param config Custom context configuration helper. Any configuration
+ * will be in addition to equivalent of the default
+ * web.xml configuration described above.
+ *
* @return the deployed context
- * @see #addWebapp(String, String)
*/
public Context addWebapp(Host host, String contextPath, String docBase,
LifecycleListener config) {
@@ -716,8 +748,9 @@
ctx.setPath(contextPath);
ctx.setDocBase(docBase);
- if (addDefaultWebXmlToWebapp)
+ if (addDefaultWebXmlToWebapp) {
ctx.addLifecycleListener(getDefaultWebXmlListener());
+ }
ctx.setConfigFile(getWebappConfigFile(docBase, contextPath));
@@ -1007,22 +1040,32 @@
}
}
+
/**
- * Provide default configuration for a context. This is the programmatic
- * equivalent of the default web.xml.
+ * Provide default configuration for a context. This is broadly the
+ * programmatic equivalent of the default web.xml and provides the following
+ * features:
+ *
+ *
+ * TODO: Align the MIME mappings with conf/web.xml - possibly via a common
+ * file.
*
- * TODO: in normal Tomcat, if default-web.xml is not found, use this
- * method
- *
- * @param contextPath The context to set the defaults for
+ * @param contextPath The path of the context to set the defaults for
*/
public void initWebappDefaults(String contextPath) {
Container ctx = getHost().findChild(contextPath);
initWebappDefaults((Context) ctx);
}
+
/**
- * Static version of {@link #initWebappDefaults(String)}
+ * Static version of {@link #initWebappDefaults(String)}.
+ *
* @param ctx The context to set the defaults for
*/
public static void initWebappDefaults(Context ctx) {
@@ -1415,33 +1458,8 @@
org.apache.catalina.startup.Tomcat tomcat = new org.apache.catalina.startup.Tomcat();
// Create a Catalina instance and let it parse the configuration files
// It will also set a shutdown hook to stop the Server when needed
- tomcat.init(new ConfigurationSource() {
- protected final File userDir = new File(System.getProperty("user.dir"));
- protected final URI userDirUri = userDir.toURI();
- @Override
- public Resource getResource(String name) throws IOException {
- File f = new File(name);
- if (!f.isAbsolute()) {
- f = new File(userDir, name);
- }
- if (f.isFile()) {
- return new Resource(new FileInputStream(f), f.toURI());
- } else {
- throw new FileNotFoundException(name);
- }
- }
- @Override
- public URI getURI(String name) {
- File f = new File(name);
- if (!f.isAbsolute()) {
- f = new File(userDir, name);
- }
- if (f.isFile()) {
- return f.toURI();
- }
- return userDirUri.resolve(name);
- }
- });
+ // Use the default configuration source
+ tomcat.init(null);
boolean await = false;
String path = "";
// Process command line parameters
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/startup/WebappServiceLoader.java tomcat9-9.0.31/java/org/apache/catalina/startup/WebappServiceLoader.java
--- tomcat9-9.0.27/java/org/apache/catalina/startup/WebappServiceLoader.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/startup/WebappServiceLoader.java 2020-02-05 19:26:48.000000000 +0000
@@ -34,6 +34,7 @@
import javax.servlet.ServletContext;
import org.apache.catalina.Context;
+import org.apache.catalina.WebResource;
import org.apache.tomcat.util.scan.JarFactory;
/**
@@ -58,6 +59,7 @@
* @see java.util.ServiceLoader
*/
public class WebappServiceLoaderchannel.addInterceptor(A);
* channel.addInterceptor(C);
* channel.addInterceptor(B);
- * Will result in a interceptor stack like this:
+ * Will result in an interceptor stack like this:
* A -> C -> B
* The complete stack will look like this:
* Channel -> A -> C -> B -> ChannelCoordinator
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java tomcat9-9.0.31/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java
--- tomcat9-9.0.27/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java 2020-02-05 19:26:48.000000000 +0000
@@ -349,9 +349,6 @@
return new BaseEncryptionManager(algorithm,
new SecretKeySpec(encryptionKey, algorithmName),
providerName);
-// else if("ECB".equalsIgnoreCase(algorithmMode)) {
- // Note: ECB is not an appropriate mode for secure communications.
-// return new ECBEncryptionManager(algorithm, new SecretKeySpec(encryptionKey, algorithmName), providerName);
else
throw new IllegalArgumentException(sm.getString("encryptInterceptor.algorithm.unsupported-mode", algorithmMode));
}
@@ -601,32 +598,6 @@
}
}
- @SuppressWarnings("unused")
- private static class ECBEncryptionManager extends BaseEncryptionManager
- {
- public ECBEncryptionManager(String algorithm, SecretKeySpec secretKey, String providerName)
- throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException {
- super(algorithm, secretKey, providerName);
- }
-
- private static final byte[] EMPTY_IV = new byte[0];
-
- @Override
- protected int getIVSize() {
- return 0;
- }
-
- @Override
- protected byte[] generateIVBytes() {
- return EMPTY_IV;
- }
-
- @Override
- protected AlgorithmParameterSpec generateIV(byte[] bytes, int offset, int length) {
- return null;
- }
- }
-
static class ChannelConfigException
extends ChannelException
{
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/tribes/group/interceptors/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/catalina/tribes/group/interceptors/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/catalina/tribes/group/interceptors/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/tribes/group/interceptors/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -17,7 +17,9 @@
domainFilterInterceptor.message.refused=从集群[{0}]中接收的消息被拒绝
encryptInterceptor.decrypt.error.short-message=解密消息失败: 结尾消息提前结束
+encryptInterceptor.decrypt.failed=无法解密信息
encryptInterceptor.encrypt.failed=无法加密信息
+encryptInterceptor.init.failed=初始化EncryptInterceptor失败
encryptInterceptor.tcpFailureDetector.ordering=加密拦截器必须位于TCP故障检测器的上游。请重新订购加密拦截器,将其列在通道拦截器管道中的TCP故障检测器之前。
gzipInterceptor.report=:)GZip 拦截器报告[\n\
@@ -39,6 +41,7 @@
messageDispatchInterceptor.unableAdd.queue=无法将消息添加到异步队列,队列 bug?
messageDispatchInterceptor.warning.optionflag=警告!你正在覆盖异步选项标志,这将禁用其它程序可能用到的 Channel.SEND_OPTIONS_ASYNCHRONOUS。
+nonBlockingCoordinator.heartbeat.inconsistency=心跳发现不一致,重新启动选举
nonBlockingCoordinator.memberAlive.failed=无法执行成员活动检查,猜测成员下线。
nonBlockingCoordinator.processCoordinationMessage.failed=处理协调消息时出错。 可能是致命的。
@@ -49,6 +52,7 @@
tcpFailureDetector.failureDetection.failed=无法进行失败监测,假定成员宕机。[{0}]
tcpFailureDetector.heartbeat.failed=TCP心跳检测器无法执行心跳
tcpFailureDetector.member.disappeared=认证完成。成员消失[{0}]
+tcpFailureDetector.memberDisappeared.verify=(:收到的membermissed[{0}]消息。将验证。
tcpFailureDetector.still.alive=验证完成。成员 [{0}] 仍然存活
tcpFailureDetector.suspectMember.alive=验证可疑成员服务器还活着。[{0}]
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/tribes/group/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/catalina/tribes/group/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/catalina/tribes/group/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/tribes/group/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -17,5 +17,9 @@
channelCoordinator.invalid.startLevel=启动级别无效,有效级别为:SND_RX_SEQ,SND_TX_SEQ,MBR_TX_SEQ,MBR_RX_SEQ
groupChannel.listener.alreadyExist=侦听器已存在:[{0}][{1}]
+groupChannel.noDestination=没有指定目的地
+groupChannel.nullMessage=无法发送空消息
+groupChannel.optionFlag.conflict=拦截器选项标志冲突:[{0}]
+groupChannel.unable.deserialize=无法反序列化消息:[{0}]
groupChannel.unable.sendHeartbeat=无法通过Tribes拦截器堆栈发送心跳。 会再试一次。
groupChannel.warn.noUtilityExecutor=没有公共的executor 被设置时,创建一个
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java tomcat9-9.0.31/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java
--- tomcat9-9.0.27/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java 2020-02-05 19:26:48.000000000 +0000
@@ -147,7 +147,7 @@
public void setLocalMemberProperties(String listenHost, int listenPort, int securePort, int udpPort) {
if (log.isDebugEnabled()) {
log.debug(String.format("setLocalMemberProperties(%s, %d, %d, %d)", listenHost,
- Integer.toString(listenPort), Integer.toString(securePort), Integer.toString(udpPort)));
+ Integer.valueOf(listenPort), Integer.valueOf(securePort), Integer.valueOf(udpPort)));
}
properties.setProperty("tcpListenHost", listenHost);
properties.setProperty("tcpListenPort", String.valueOf(listenPort));
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/tribes/membership/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/catalina/tribes/membership/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/catalina/tribes/membership/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/tribes/membership/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -13,12 +13,20 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+McastService.parseSoTimeout=无法解析SoTimeout:[{0}]
+McastService.payload=无法发送负载更新
+
mcastService.missing.property=McastService:缺少必需属性 [{0}]。
mcastServiceImpl.bind=尝试将多播套接字绑定到 [{0}:{1}]
+mcastServiceImpl.bind.failed=绑定到多播地址失败。仅绑定到端口。
+mcastServiceImpl.error.receiving=接收mcast包时出错。睡眠500毫秒
mcastServiceImpl.invalid.startLevel=无效的启动级别。只接受以下级别:Channel.MBR_RX_SEQ或 Channel.MBR_TX_SEQ
+mcastServiceImpl.invalid.stopLevel=无效的停止级别。只有Channel.MBR_RX_SEQ和Channel.MBR_TX_SEQ是可接受的级别
mcastServiceImpl.recovery=家族成员,运行恢复线程,广播不是功能。
mcastServiceImpl.recovery.stopFailed=恢复线程未能停止成员服务。
+mcastServiceImpl.recovery.successful=成员身份恢复成功。
+mcastServiceImpl.send.failed=无法发送多播信息
mcastServiceImpl.send.running=McastService.send已经运行
mcastServiceImpl.setInterface=设置多宿主多播接口为:[{0}]
mcastServiceImpl.setSoTimeout=设置集群多播超时时间:[{0}]
@@ -26,12 +34,14 @@
mcastServiceImpl.unable.join=无法加入多播组,请确保你的系统已启用多播。
mcastServiceImpl.unableReceive.broadcastMessage=无法接收广播消息。
-memberImpl.large.payload=负载太大对于处理许多...
+memberImpl.large.payload=负载太大以至于难以处理
memberImpl.notEnough.bytes=成员包中的字节不够。
+memberImpl.package.small=成员包太小以至于不能校验。
staticMember.invalid.uuidLength=UUID必须正好是16个字节,而不是:[{0}]
staticMembershipProvider.leftOver.ignored=消息 [{0}] 被忽略。
+staticMembershipProvider.pingThread.failed=无法发送ping。
staticMembershipProvider.startMembership.noReplies=0响应,可能超时
staticMembershipProvider.stopMembership.sendFailed=无法发送成员消息
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/tribes/tipis/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/catalina/tribes/tipis/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/catalina/tribes/tipis/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/tribes/tipis/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -15,14 +15,20 @@
abstractReplicatedMap.broadcast.noReplies=广播收到0回复,可能是超时了。
abstractReplicatedMap.leftOver.ignored=消息[{0}]被忽略
+abstractReplicatedMap.member.disappeared=成员[{0}]已消失。相关的映射项将重新定位到新节点。
abstractReplicatedMap.transferState.noReplies=传输状态,0响应,也许是超时。
abstractReplicatedMap.unable.get=无法复制 AbstractReplicatedMap.get 操作的数据
+abstractReplicatedMap.unable.put=无法复制AbstractReplicatedMap.Put操作的数据
+abstractReplicatedMap.unable.relocate=无法将[{0}]重新定位到新的备份节点
abstractReplicatedMap.unableSelect.backup=无法选择备用节点
abstractReplicatedMap.unableSend.startMessage=无法发送map启动消息。
+abstractReplicatedMap.unableStart=无法启动复制Map
lazyReplicatedMap.unableReplicate.proxy=不能复制proxy key:[{0}]到备份:[{1}]. 原因是:[{2}]
+mapMessage.deserialize.error.key=反序列化MapMessage主键失败
mapMessage.deserialize.error.value=MapMessage.value的反序列化误差
+replicatedMap.member.disappeared=成员[{0}]消失,关联的键值实体会重新关联到一个新的节点。
replicatedMap.relocate.complete=map 条目的重定位在 [{0}] ms内完成。
replicatedMap.unable.relocate=不能为一个新的备份节点重启定位[{0}]
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/tribes/transport/bio/LocalStrings_pt_BR.properties tomcat9-9.0.31/java/org/apache/catalina/tribes/transport/bio/LocalStrings_pt_BR.properties
--- tomcat9-9.0.27/java/org/apache/catalina/tribes/transport/bio/LocalStrings_pt_BR.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/tribes/transport/bio/LocalStrings_pt_BR.properties 2020-02-05 19:26:48.000000000 +0000
@@ -13,4 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+bioReceiver.socket.closeFailed=Falha ao encerrar a conexão do socket
+
bioSender.send.again=Enviar dados novamente para [{0}:{1,number,integer}]
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/tribes/transport/bio/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/catalina/tribes/transport/bio/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/catalina/tribes/transport/bio/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/tribes/transport/bio/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -21,8 +21,12 @@
bioReplicationTask.socket.closeFailed=无法关闭套接字
bioReplicationTask.unable.service=不能服务bio套接字
+bioSender.ack.eof=在本地端口[{0}:{1,number,integer}]达到EOF
bioSender.ack.missing=不能读确认表格:[{0}] {1,number,integer}] in {2,number,integer} 毫秒, 失去socket连接, 重试连接.
bioSender.ack.wrong=在本地端口[{0}:{1,number,integer}]读取10个字节后丢失正确的ACK
bioSender.closeSocket=发件人关闭套接字到[{0}:{1,number,integer}](关闭计数{2,数字,整数})
+bioSender.fail.AckReceived=收到一个失败的 ack ):org.apache.catalina.tribes.transport.Constants.FAIL_ACK_DATA
bioSender.openSocket=发件人打开套接字到[{0}:{1,number,integer}](打开计数{2,数字,整数})
bioSender.send.again=再次发送数据到 [{0}:{1,number,integer}]
+
+pooledMultiSender.unable.retrieve.sender=无法获取数据发送器,超时([{0}] ms)错误
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/tribes/transport/nio/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/catalina/tribes/transport/nio/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/catalina/tribes/transport/nio/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/tribes/transport/nio/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -20,13 +20,17 @@
nioReceiver.run.fail=不能允许复制监听器
nioReceiver.start.fail=无法启动集群接收器
nioReceiver.stop.fail=无法关闭集群接收的选择器
+nioReceiver.stop.threadRunning=NioReceiver线程没有及时停止。关闭选择器时可能会观察到错误。
nioReceiver.threadpool.fail=ThreadPool 无法初始化。 监听器未启动。
nioReplicationTask.error.register.key=错误的注册key被读取:[{0}]
nioReplicationTask.process.clusterMsg.failed=处理集群消息失败
nioReplicationTask.unable.ack=不能通过channel发送ack,channel已经断开?[{0}]
+nioSender.datagram.already.established=数据报通道已经建立。连接可能正在进行中。
nioSender.not.connected=NioSender未连接,这是不应该发生的。
+nioSender.sender.disconnected=发件人已断开连接,无法处理选择密钥。
+nioSender.unable.receive.ack=无法接收确认消息。已到达套接字通道上的EOF。
nioSender.unknown.state=数据处于未知状态。readyOps = [{0}]
parallelNioSender.send.fail.retrying=成员发送失败:[{0}]; 设置为怀疑并重试。
@@ -35,4 +39,5 @@
parallelNioSender.sender.disconnected.sendFailed=发送失败且sender已断开连接,不再重试。
pooledParallelSender.sender.disconnected=sender 未连接。
+pooledParallelSender.unable.open=无法打开nio选择器。
pooledParallelSender.unable.retrieveSender=无法从sender池中获取一个sender
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/tribes/transport/nio/ParallelNioSender.java tomcat9-9.0.31/java/org/apache/catalina/tribes/transport/nio/ParallelNioSender.java
--- tomcat9-9.0.27/java/org/apache/catalina/tribes/transport/nio/ParallelNioSender.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/tribes/transport/nio/ParallelNioSender.java 2020-02-05 19:26:48.000000000 +0000
@@ -209,7 +209,6 @@
}
}
return result;
-
}
private static class SendResult {
@@ -372,4 +371,4 @@
if ( result ) try { selector.selectNow(); }catch (Exception e){/*Ignore*/}
return result;
}
-}
\ No newline at end of file
+}
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/tribes/transport/ReceiverBase.java tomcat9-9.0.31/java/org/apache/catalina/tribes/transport/ReceiverBase.java
--- tomcat9-9.0.27/java/org/apache/catalina/tribes/transport/ReceiverBase.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/tribes/transport/ReceiverBase.java 2020-02-05 19:26:48.000000000 +0000
@@ -220,10 +220,10 @@
/**
* Same as bind() except it does it for the UDP port
- * @param socket The socket to bind
- * @param portstart Starting port for bind attempts
- * @param retries Number of times to attempt to bind (port incremented
- * between attempts)
+ * @param socket The socket to bind
+ * @param portstart Starting port for bind attempts
+ * @param retries Number of times to attempt to bind (port incremented
+ * between attempts)
* @return int The retry count
* @throws IOException Socket bind error
*/
@@ -603,4 +603,4 @@
this.maxIdleTime = maxIdleTime;
}
-}
\ No newline at end of file
+}
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/tribes/util/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/catalina/tribes/util/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/catalina/tribes/util/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/tribes/util/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -17,3 +17,4 @@
arrays.length.outOfBounds=当前key下没有足够的元素,长度越界
executorFactory.not.running=执行器没有运行,无法强制把命令送入队列
+executorFactory.queue.full=队列已满
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/util/LifecycleBase.java tomcat9-9.0.31/java/org/apache/catalina/util/LifecycleBase.java
--- tomcat9-9.0.27/java/org/apache/catalina/util/LifecycleBase.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/util/LifecycleBase.java 2020-02-05 19:26:48.000000000 +0000
@@ -432,8 +432,8 @@
private void handleSubClassException(Throwable t, String key, Object... args) throws LifecycleException {
- ExceptionUtils.handleThrowable(t);
setStateInternal(LifecycleState.FAILED, null, false);
+ ExceptionUtils.handleThrowable(t);
String msg = sm.getString(key, args);
if (getThrowOnFailure()) {
if (!(t instanceof LifecycleException)) {
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/util/LocalStrings_pt_BR.properties tomcat9-9.0.31/java/org/apache/catalina/util/LocalStrings_pt_BR.properties
--- tomcat9-9.0.27/java/org/apache/catalina/util/LocalStrings_pt_BR.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/util/LocalStrings_pt_BR.properties 2020-02-05 19:26:48.000000000 +0000
@@ -13,4 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-customObjectInputStream.nomatch=A classe [{0}] não casou com a expressão regular [{1}] para classes permitidas para deserialização
+customObjectInputStream.nomatch=A classe [{0}] não combina com a expressão regular [{1}] para classes permitidas para deserialização
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/util/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/catalina/util/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/catalina/util/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/util/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -23,9 +23,15 @@
introspection.classLoadFailed=加载 class [{0}] 失败
+lifecycleBase.alreadyStarted=在调用start()之后,在组件[{0}]上调用start()方法。第二个电话将被忽略。
+lifecycleBase.destroyStopFail=在失败组件[{0}]上调用Stop()以触发清理,但也失败了
lifecycleBase.initFail=初始化组件[{0}]失败。
+lifecycleBase.setState=设置状态从[{0}]到[{1}]
+
+lifecycleMBeanBase.registerFail=在组件初始化期间,无法注册名为{1}的对象{0}]
netmask.cidrNegative=CIDR [{0}]为负数。
netmask.invalidAddress=地址 [{0}] 无效
+sessionIdGeneratorBase.randomAlgorithm=使用算法[{0}]初始化随机数生成器时发生异常
sessionIdGeneratorBase.randomProvider=使用程序提供的初始化随机数生成器异常[{0}]
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/util/TomcatCSS.java tomcat9-9.0.31/java/org/apache/catalina/util/TomcatCSS.java
--- tomcat9-9.0.27/java/org/apache/catalina/util/TomcatCSS.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/util/TomcatCSS.java 2020-02-05 19:26:48.000000000 +0000
@@ -22,15 +22,13 @@
public class TomcatCSS {
public static final String TOMCAT_CSS =
- "h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} " +
- "h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} " +
- "h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} " +
- "body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} " +
- "b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} " +
- "p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} " +
+ "body {font-family:Tahoma,Arial,sans-serif;} " +
+ "h1, h2, h3, b {color:white;background-color:#525D76;} " +
+ "h1 {font-size:22px;} " +
+ "h2 {font-size:16px;} " +
+ "h3 {font-size:14px;} " +
+ "p {font-size:12px;} " +
"a {color:black;} " +
- "a.name {color:black;} " +
".line {height:1px;background-color:#525D76;border:none;}";
-
-}
\ No newline at end of file
+}
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/valves/AbstractAccessLogValve.java tomcat9-9.0.31/java/org/apache/catalina/valves/AbstractAccessLogValve.java
--- tomcat9-9.0.27/java/org/apache/catalina/valves/AbstractAccessLogValve.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/valves/AbstractAccessLogValve.java 2020-02-05 19:26:48.000000000 +0000
@@ -456,7 +456,13 @@
protected AccessLogElement[] logElements = null;
/**
- * Should this valve set request attributes for IP address, hostname,
+ * Array of elements where the value needs to be cached at the start of the
+ * request.
+ */
+ protected CachedElement[] cachedElements = null;
+
+ /**
+ * Should this valve use request attributes for IP address, hostname,
* protocol and port used for the request.
* Default is false.
* @see #setRequestAttributesEnabled(boolean)
@@ -563,6 +569,7 @@
this.pattern = pattern;
}
logElements = createLogElements();
+ cachedElements = createCachedElements(logElements);
}
/**
@@ -675,6 +682,9 @@
// to be cached in the request.
request.getAttribute(Globals.CERTIFICATES_ATTR);
}
+ for (CachedElement element : cachedElements) {
+ element.cache(request);
+ }
getNext().invoke(request, response);
}
@@ -797,7 +807,20 @@
protected interface AccessLogElement {
public void addElement(CharArrayWriter buf, Date date, Request request,
Response response, long time);
+ }
+ /**
+ * Marks an AccessLogElement as needing to be have the value cached at the
+ * start of the request rather than just recorded at the end as the source
+ * data for the element may not be available at the end of the request. This
+ * typically occurs for remote network information, such as ports, IP
+ * addresses etc. when the connection is closed unexpectedly. These elements
+ * take advantage of these values being cached elsewhere on first request
+ * and do not cache the value in the element since the elements are
+ * state-less.
+ */
+ protected interface CachedElement {
+ public void cache(Request request);
}
/**
@@ -849,7 +872,7 @@
/**
* write remote IP address - %a
*/
- protected class RemoteAddrElement implements AccessLogElement {
+ protected class RemoteAddrElement implements AccessLogElement, CachedElement {
@Override
public void addElement(CharArrayWriter buf, Date date, Request request,
Response response, long time) {
@@ -870,12 +893,19 @@
}
buf.append(value);
}
+
+ @Override
+ public void cache(Request request) {
+ if (!requestAttributesEnabled) {
+ request.getRemoteAddr();
+ }
+ }
}
/**
* write remote host name - %h
*/
- protected class HostElement implements AccessLogElement {
+ protected class HostElement implements AccessLogElement, CachedElement {
@Override
public void addElement(CharArrayWriter buf, Date date, Request request,
Response response, long time) {
@@ -898,6 +928,13 @@
}
buf.append(value);
}
+
+ @Override
+ public void cache(Request request) {
+ if (!requestAttributesEnabled) {
+ request.getRemoteHost();
+ }
+ }
}
/**
@@ -1183,7 +1220,7 @@
/**
* write local or remote port for request connection - %p and %{xxx}p
*/
- protected class PortElement implements AccessLogElement {
+ protected class PortElement implements AccessLogElement, CachedElement {
/**
* Type of port to log
@@ -1230,6 +1267,13 @@
}
}
}
+
+ @Override
+ public void cache(Request request) {
+ if (portType == PortType.REMOTE) {
+ request.getRemotePort();
+ }
+ }
}
/**
@@ -1668,6 +1712,18 @@
return list.toArray(new AccessLogElement[0]);
}
+
+ private CachedElement[] createCachedElements(AccessLogElement[] elements) {
+ List
+ * RewriteMap uc example.UpperCaseMap
+ *
+ * RewriteRule ^/(.*)$ ${uc:$1}
+ *
+ *
+ * One parameter can be optionally appended to the {@code RewriteMap} directive.
+ * This could be used – for example – to specify a name of a file, that
+ * contains a lookup table used by the implementation of the map.
+ */
public interface RewriteMap {
+ /**
+ * Optional parameter that can be defined through the {@code RewriteMap}
+ * directive in the {@code rewrite.config} file.
+ *
+ * @param params the optional parameter
+ * @return value is currently ignored
+ */
public String setParameters(String params);
+ /**
+ * Optional parameters that can be defined through the {@code RewriteMap}
+ * directive in the {@code rewrite.config} file.
+ *
+ * The method is free to return {@code null} to indicate, that the default
+ * value from the {@code RewriteRule} directive should be used.
+ *
+ * @param key used by the actual implementation to generate a mapped value
+ * @return mapped value or {@code null}
+ */
public String lookup(String key);
}
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/valves/rewrite/RewriteValve.java tomcat9-9.0.31/java/org/apache/catalina/valves/rewrite/RewriteValve.java
--- tomcat9-9.0.27/java/org/apache/catalina/valves/rewrite/RewriteValve.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/valves/rewrite/RewriteValve.java 2020-02-05 19:26:48.000000000 +0000
@@ -572,7 +572,7 @@
* @return The condition, rule or map resulting from parsing the line
*/
public static Object parse(String line) {
- StringTokenizer tokenizer = new StringTokenizer(line);
+ QuotedStringTokenizer tokenizer = new QuotedStringTokenizer(line);
if (tokenizer.hasMoreTokens()) {
String token = tokenizer.nextToken();
if (token.equals("RewriteCond")) {
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/WebResourceRoot.java tomcat9-9.0.31/java/org/apache/catalina/WebResourceRoot.java
--- tomcat9-9.0.27/java/org/apache/catalina/WebResourceRoot.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/WebResourceRoot.java 2020-02-05 19:26:48.000000000 +0000
@@ -140,7 +140,8 @@
* application. It must start with '/'.
*
* @return The objects that represents the class loader resources at the
- * given path
+ * given path. There will always be at least one element although
+ * that element may represent a resource that is not present.
*/
WebResource[] getClassLoaderResources(String path);
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/webresources/CachedResource.java tomcat9-9.0.31/java/org/apache/catalina/webresources/CachedResource.java
--- tomcat9-9.0.27/java/org/apache/catalina/webresources/CachedResource.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/webresources/CachedResource.java 2020-02-05 19:26:48.000000000 +0000
@@ -17,13 +17,28 @@
package org.apache.catalina.webresources;
import java.io.ByteArrayInputStream;
+import java.io.IOException;
import java.io.InputStream;
+import java.net.JarURLConnection;
+import java.net.MalformedURLException;
import java.net.URL;
+import java.net.URLConnection;
+import java.net.URLStreamHandler;
+import java.nio.charset.Charset;
+import java.security.Permission;
import java.security.cert.Certificate;
+import java.text.Collator;
+import java.util.Arrays;
+import java.util.Locale;
+import java.util.jar.JarEntry;
+import java.util.jar.JarFile;
import java.util.jar.Manifest;
import org.apache.catalina.WebResource;
import org.apache.catalina.WebResourceRoot;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.res.StringManager;
/**
* This class is designed to wrap a 'raw' WebResource and providing caching for
@@ -32,6 +47,9 @@
*/
public class CachedResource implements WebResource {
+ private static final Log log = LogFactory.getLog(CachedResource.class);
+ private static final StringManager sm = StringManager.getManager(CachedResource.class);
+
// Estimate (on high side to be safe) of average size excluding content
// based on profiler data.
private static final long CACHE_ENTRY_SIZE = 500;
@@ -314,7 +332,48 @@
@Override
public URL getURL() {
- return webResource.getURL();
+ /*
+ * We don't want applications using this URL to access the resource
+ * directly as that could lead to inconsistent results when the resource
+ * is updated on the file system but the cache entry has not yet
+ * expired. We saw this, for example, in JSP compilation.
+ * - last modified time was obtained via
+ * ServletContext.getResource("path").openConnection().getLastModified()
+ * - JSP content was obtained via
+ * ServletContext.getResourceAsStream("path")
+ * The result was that the JSP modification was detected but the JSP
+ * content was read from the cache so the non-updated JSP page was
+ * used to generate the .java and .class file
+ *
+ * One option to resolve this issue is to use a custom URL scheme for
+ * resource URLs. This would allow us, via registration of a
+ * URLStreamHandlerFactory, to control how the resources are accessed
+ * and ensure that all access go via the cache We took this approach for
+ * war: URLs so we can use jar:war:file: URLs to reference resources in
+ * unpacked WAR files. However, because URL.setURLStreamHandlerFactory()
+ * may only be caused once, this can cause problems when using other
+ * libraries that also want to use a custom URL scheme.
+ *
+ * The approach below allows us to insert a custom URLStreamHandler
+ * without registering a custom protocol. The only limitation (compared
+ * to registering a custom protocol) is that if the application
+ * constructs the same URL from a String, they will access the resource
+ * directly and not via the cache.
+ */
+ URL resourceURL = webResource.getURL();
+ if (resourceURL == null) {
+ return null;
+ }
+ try {
+ CachedResourceURLStreamHandler handler =
+ new CachedResourceURLStreamHandler(resourceURL, root, webAppPath, usesClassLoaderResources);
+ URL result = new URL(null, resourceURL.toExternalForm(), handler);
+ handler.setAssociatedURL(result);
+ return result;
+ } catch (MalformedURLException e) {
+ log.error(sm.getString("cachedResource.invalidURL", resourceURL.toExternalForm()), e);
+ return null;
+ }
}
@Override
@@ -355,4 +414,188 @@
}
return result;
}
+
+
+ /*
+ * Mimics the behaviour of FileURLConnection.getInputStream for a directory.
+ * Deliberately uses default locale.
+ */
+ private static InputStream buildInputStream(String[] files) {
+ Arrays.sort(files, Collator.getInstance(Locale.getDefault()));
+ StringBuilder result = new StringBuilder();
+ for (String file : files) {
+ result.append(file);
+ // Every entry is followed by \n including the last
+ result.append('\n');
+ }
+ return new ByteArrayInputStream(result.toString().getBytes(Charset.defaultCharset()));
+ }
+
+
+ private static class CachedResourceURLStreamHandler extends URLStreamHandler {
+
+ private final URL resourceURL;
+ private final StandardRoot root;
+ private final String webAppPath;
+ private final boolean usesClassLoaderResources;
+
+ private URL associatedURL = null;
+
+ public CachedResourceURLStreamHandler(URL resourceURL, StandardRoot root, String webAppPath,
+ boolean usesClassLoaderResources) {
+ this.resourceURL = resourceURL;
+ this.root = root;
+ this.webAppPath = webAppPath;
+ this.usesClassLoaderResources = usesClassLoaderResources;
+ }
+
+ protected void setAssociatedURL(URL associatedURL) {
+ this.associatedURL = associatedURL;
+ }
+
+ @Override
+ protected URLConnection openConnection(URL u) throws IOException {
+ // This deliberately uses ==. If u isn't the URL object this
+ // URLStreamHandler was constructed for we do not want to use this
+ // URLStreamHandler to create a connection.
+ if (associatedURL != null && u == associatedURL) {
+ if ("jar".equals(associatedURL.getProtocol())) {
+ return new CachedResourceJarURLConnection(resourceURL, root, webAppPath, usesClassLoaderResources);
+ } else {
+ return new CachedResourceURLConnection(resourceURL, root, webAppPath, usesClassLoaderResources);
+ }
+ } else {
+ // The stream handler has been inherited by a URL that was
+ // constructed from a cache URL. We need to break that link.
+ URL constructedURL = new URL(u.toExternalForm());
+ return constructedURL.openConnection();
+ }
+ }
+ }
+
+
+ /*
+ * Keep this in sync with CachedResourceJarURLConnection.
+ */
+ private static class CachedResourceURLConnection extends URLConnection {
+
+ private final StandardRoot root;
+ private final String webAppPath;
+ private final boolean usesClassLoaderResources;
+ private final URL resourceURL;
+
+ protected CachedResourceURLConnection(URL resourceURL, StandardRoot root, String webAppPath,
+ boolean usesClassLoaderResources) {
+ super(resourceURL);
+ this.root = root;
+ this.webAppPath = webAppPath;
+ this.usesClassLoaderResources = usesClassLoaderResources;
+ this.resourceURL = resourceURL;
+ }
+
+ @Override
+ public void connect() throws IOException {
+ // NO-OP
+ }
+
+ @Override
+ public InputStream getInputStream() throws IOException {
+ WebResource resource = getResource();
+ if (resource.isDirectory()) {
+ return buildInputStream(resource.getWebResourceRoot().list(webAppPath));
+ } else {
+ return getResource().getInputStream();
+ }
+ }
+
+ @Override
+ public Permission getPermission() throws IOException {
+ // Doesn't trigger a call to connect for file:// URLs
+ return resourceURL.openConnection().getPermission();
+ }
+
+ @Override
+ public long getLastModified() {
+ return getResource().getLastModified();
+ }
+
+ @Override
+ public long getContentLengthLong() {
+ return getResource().getContentLength();
+ }
+
+ private WebResource getResource() {
+ return root.getResource(webAppPath, false, usesClassLoaderResources);
+ }
+ }
+
+
+ /*
+ * Keep this in sync with CachedResourceURLConnection.
+ */
+ private static class CachedResourceJarURLConnection extends JarURLConnection {
+
+ private final StandardRoot root;
+ private final String webAppPath;
+ private final boolean usesClassLoaderResources;
+ private final URL resourceURL;
+
+ protected CachedResourceJarURLConnection(URL resourceURL, StandardRoot root, String webAppPath,
+ boolean usesClassLoaderResources) throws IOException {
+ super(resourceURL);
+ this.root = root;
+ this.webAppPath = webAppPath;
+ this.usesClassLoaderResources = usesClassLoaderResources;
+ this.resourceURL = resourceURL;
+ }
+
+ @Override
+ public void connect() throws IOException {
+ // NO-OP
+ }
+
+ @Override
+ public InputStream getInputStream() throws IOException {
+ WebResource resource = getResource();
+ if (resource.isDirectory()) {
+ return buildInputStream(resource.getWebResourceRoot().list(webAppPath));
+ } else {
+ return getResource().getInputStream();
+ }
+ }
+
+ @Override
+ public Permission getPermission() throws IOException {
+ // Doesn't trigger a call to connect for jar:// URLs
+ return resourceURL.openConnection().getPermission();
+ }
+
+ @Override
+ public long getLastModified() {
+ return getResource().getLastModified();
+ }
+
+ @Override
+ public long getContentLengthLong() {
+ return getResource().getContentLength();
+ }
+
+ private WebResource getResource() {
+ return root.getResource(webAppPath, false, usesClassLoaderResources);
+ }
+
+ @Override
+ public JarFile getJarFile() throws IOException {
+ return ((JarURLConnection) resourceURL.openConnection()).getJarFile();
+ }
+
+ @Override
+ public JarEntry getJarEntry() throws IOException {
+ if (getEntryName() == null) {
+ return null;
+ } else {
+ return super.getJarEntry();
+ }
+ }
+ }
}
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/webresources/LocalStrings_ko.properties tomcat9-9.0.31/java/org/apache/catalina/webresources/LocalStrings_ko.properties
--- tomcat9-9.0.27/java/org/apache/catalina/webresources/LocalStrings_ko.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/webresources/LocalStrings_ko.properties 2020-02-05 19:26:48.000000000 +0000
@@ -25,6 +25,8 @@
cache.objectMaxSizeTooBig=objectMaxSize를 위한 값 [{0}]kB이, maxSize/20인 최대한계값 보다 커서, [{1}]kB로 줄여졌습니다.
cache.objectMaxSizeTooBigBytes=[{0}]kB를 캐시하기 위해, 최대 객체 크기로서 지정된 값이 Integer.MAX_VALUE 바이트보다 큰데, Integer.MAX_VALUE는 캐시될 수 있는 최대 크기입니다. 한계 값을 Integer.MAX_VALUE 바이트로 설정하겠습니다.
+cachedResource.invalidURL=URL [{0}]이(가) 유효하지 않기 때문에 CachedResourceURLStreamHandler 인스턴스를 생성할 수 없습니다.
+
classpathUrlStreamHandler.notFound=쓰레드 컨텍스트 클래스로더 또는 현재 클래스의 클래스로더를 사용하여, 리소스 [{0}]을(를) 로드할 수 없습니다.
dirResourceSet.manifestFail=[{0}](으)로부터 manifest를 읽지 못했습니다.
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/webresources/LocalStrings.properties tomcat9-9.0.31/java/org/apache/catalina/webresources/LocalStrings.properties
--- tomcat9-9.0.27/java/org/apache/catalina/webresources/LocalStrings.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/webresources/LocalStrings.properties 2020-02-05 19:26:48.000000000 +0000
@@ -25,6 +25,8 @@
cache.objectMaxSizeTooBig=The value of [{0}]kB for objectMaxSize is larger than the limit of maxSize/20 so has been reduced to [{1}]kB
cache.objectMaxSizeTooBigBytes=The value specified for the maximum object size to cache [{0}]kB is greater than Integer.MAX_VALUE bytes which is the maximum size that can be cached. The limit will be set to Integer.MAX_VALUE bytes.
+cachedResource.invalidURL=Unable to create an instance of CachedResourceURLStreamHandler because the URL [{0}] is malformed
+
classpathUrlStreamHandler.notFound=Unable to load the resource [{0}] using the thread context class loader or the current class''s class loader
dirResourceSet.manifestFail=Failed to read manifest from [{0}]
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/webresources/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/catalina/webresources/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/catalina/webresources/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/webresources/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -13,6 +13,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+abstractArchiveResourceSet.setReadOnlyFalse=基于存档的WebResourceSets 如基于jar的WebResourceSets 硬编码为只读,并且不能配置为读写
+
cache.addFail=无法将位于[{0}]的资源添加到Web应用程序[{1}]的缓存中,因为在清除过期缓存条目后可用空间仍不足 - 请考虑增加缓存的最大空间。
dirResourceSet.notDirectory=基本和内部路径[{0}] {1} [{2}]指定的目录不存在。
@@ -20,9 +22,14 @@
extractingRoot.jarFailed=解压JAR文件[{0}]失败
extractingRoot.targetFailed=无法为提取的 JAR 文件创建目录 [{0}]
+fileResource.getCanonicalPathFail=不能判断资源的标准路径[{0}]
fileResource.getUrlFail=不能决定一个url 为资源[{0}]
+jarResource.getInputStreamFail=无法获取JAR[{1}]中的资源文件[{0}]的一个InputStream
+
standardRoot.checkStateNotStarted=如果当前未启动资源,则可能无法访问这些资源
standardRoot.createUnknownType=无法为未知类型[{0}]创建WebResourceSet。
+standardRoot.invalidPathNormal=资源路径[{0}]已规范化为无效的[{1}]
+standardRoot.lockedFile=Web应用程序[{0}]无法关闭通过以下堆栈跟踪打开的文件[{1}]
standardRoot.noContext=尚未为WebResourceRoot配置上下文
standardRoot.startInvalidMain=指定的主资源集 [{0}] 无效
diff -Nru tomcat9-9.0.27/java/org/apache/catalina/webresources/StandardRoot.java tomcat9-9.0.31/java/org/apache/catalina/webresources/StandardRoot.java
--- tomcat9-9.0.27/java/org/apache/catalina/webresources/StandardRoot.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/catalina/webresources/StandardRoot.java 2020-02-05 19:26:48.000000000 +0000
@@ -207,7 +207,7 @@
return getResource(path, true, false);
}
- private WebResource getResource(String path, boolean validate,
+ protected WebResource getResource(String path, boolean validate,
boolean useClassLoaderResources) {
if (validate) {
path = validate(path);
diff -Nru tomcat9-9.0.27/java/org/apache/coyote/AbstractProcessor.java tomcat9-9.0.31/java/org/apache/coyote/AbstractProcessor.java
--- tomcat9-9.0.27/java/org/apache/coyote/AbstractProcessor.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/coyote/AbstractProcessor.java 2020-02-05 19:26:48.000000000 +0000
@@ -98,7 +98,9 @@
* @param t The error which occurred
*/
protected void setErrorState(ErrorState errorState, Throwable t) {
- response.setError();
+ // Use the return value to avoid processing more than one async error
+ // in a single async cycle.
+ boolean setError = response.setError();
boolean blockIo = this.errorState.isIoAllowed() && !errorState.isIoAllowed();
this.errorState = this.errorState.getMostSevere(errorState);
// Don't change the status code for IOException since that is almost
@@ -110,17 +112,10 @@
if (t != null) {
request.setAttribute(RequestDispatcher.ERROR_EXCEPTION, t);
}
- if (blockIo && !ContainerThreadMarker.isContainerThread() && isAsync()) {
- // The error occurred on a non-container thread during async
- // processing which means not all of the necessary clean-up will
- // have been completed. Dispatch to a container thread to do the
- // clean-up. Need to do it this way to ensure that all the necessary
- // clean-up is performed.
- asyncStateMachine.asyncMustError();
- if (getLog().isDebugEnabled()) {
- getLog().debug(sm.getString("abstractProcessor.nonContainerThreadError"), t);
+ if (blockIo && isAsync() && setError) {
+ if (asyncStateMachine.asyncError()) {
+ processSocketEvent(SocketEvent.ERROR, true);
}
- processSocketEvent(SocketEvent.ERROR, true);
}
}
@@ -252,15 +247,25 @@
rp.setStage(org.apache.coyote.Constants.STAGE_ENDED);
+ SocketState state;
+
if (getErrorState().isError()) {
request.updateCounters();
- return SocketState.CLOSED;
+ state = SocketState.CLOSED;
} else if (isAsync()) {
- return SocketState.LONG;
+ state = SocketState.LONG;
} else {
request.updateCounters();
- return dispatchEndRequest();
+ state = dispatchEndRequest();
+ }
+
+ if (getLog().isDebugEnabled()) {
+ getLog().debug("Socket: [" + socketWrapper +
+ "], Status in: [" + status +
+ "], State out: [" + state + "]");
}
+
+ return state;
}
diff -Nru tomcat9-9.0.27/java/org/apache/coyote/AbstractProcessorLight.java tomcat9-9.0.31/java/org/apache/coyote/AbstractProcessorLight.java
--- tomcat9-9.0.27/java/org/apache/coyote/AbstractProcessorLight.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/coyote/AbstractProcessorLight.java 2020-02-05 19:26:48.000000000 +0000
@@ -46,19 +46,18 @@
do {
if (dispatches != null) {
DispatchType nextDispatch = dispatches.next();
+ if (getLog().isDebugEnabled()) {
+ getLog().debug("Processing dispatch type: [" + nextDispatch + "]");
+ }
state = dispatch(nextDispatch.getSocketStatus());
+ if (!dispatches.hasNext()) {
+ state = checkForPipelinedData(state, socketWrapper);
+ }
} else if (status == SocketEvent.DISCONNECT) {
// Do nothing here, just wait for it to get recycled
} else if (isAsync() || isUpgrade() || state == SocketState.ASYNC_END) {
state = dispatch(status);
- if (state == SocketState.OPEN) {
- // There may be pipe-lined data to read. If the data isn't
- // processed now, execution will exit this loop and call
- // release() which will recycle the processor (and input
- // buffer) deleting any pipe-lined data. To avoid this,
- // process it now.
- state = service(socketWrapper);
- }
+ state = checkForPipelinedData(state, socketWrapper);
} else if (status == SocketEvent.OPEN_WRITE) {
// Extra write event likely after async, ignore
state = SocketState.LONG;
@@ -98,6 +97,21 @@
}
+ private SocketState checkForPipelinedData(SocketState inState, SocketWrapperBase socketWrapper)
+ throws IOException {
+ if (inState == SocketState.OPEN) {
+ // There may be pipe-lined data to read. If the data isn't
+ // processed now, execution will exit this loop and call
+ // release() which will recycle the processor (and input
+ // buffer) deleting any pipe-lined data. To avoid this,
+ // process it now.
+ return service(socketWrapper);
+ } else {
+ return inState;
+ }
+ }
+
+
public void addDispatch(DispatchType dispatchType) {
synchronized (dispatches) {
dispatches.add(dispatchType);
diff -Nru tomcat9-9.0.27/java/org/apache/coyote/AbstractProtocol.java tomcat9-9.0.31/java/org/apache/coyote/AbstractProtocol.java
--- tomcat9-9.0.27/java/org/apache/coyote/AbstractProtocol.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/coyote/AbstractProtocol.java 2020-02-05 19:26:48.000000000 +0000
@@ -19,7 +19,7 @@
import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.util.Collections;
-import java.util.Map;
+import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutionException;
@@ -391,11 +391,17 @@
public void addWaitingProcessor(Processor processor) {
+ if (getLog().isDebugEnabled()) {
+ getLog().debug(sm.getString("abstractProcotol.waitingProcerssor.add", processor));
+ }
waitingProcessors.add(processor);
}
public void removeWaitingProcessor(Processor processor) {
+ if (getLog().isDebugEnabled()) {
+ getLog().debug(sm.getString("abstractProcotol.waitingProcerssor.remove", processor));
+ }
waitingProcessors.remove(processor);
}
@@ -731,7 +737,6 @@
private final AbstractProtocol proto;
private final RequestGroupInfo global = new RequestGroupInfo();
private final AtomicLong registerCount = new AtomicLong(0);
- private final Map proto) {
@@ -770,7 +775,7 @@
S socket = wrapper.getSocket();
- Processor processor = connections.get(socket);
+ Processor processor = (Processor) wrapper.getCurrentProcessor();
if (getLog().isDebugEnabled()) {
getLog().debug(sm.getString("abstractConnectionHandler.connectionsGet",
processor, socket));
@@ -805,11 +810,12 @@
// OpenSSL typically returns null whereas JSSE typically
// returns "" when no protocol is negotiated
if (negotiatedProtocol != null && negotiatedProtocol.length() > 0) {
- UpgradeProtocol upgradeProtocol =
- getProtocol().getNegotiatedProtocol(negotiatedProtocol);
+ UpgradeProtocol upgradeProtocol = getProtocol().getNegotiatedProtocol(negotiatedProtocol);
if (upgradeProtocol != null) {
- processor = upgradeProtocol.getProcessor(
- wrapper, getProtocol().getAdapter());
+ processor = upgradeProtocol.getProcessor(wrapper, getProtocol().getAdapter());
+ if (getLog().isDebugEnabled()) {
+ getLog().debug(sm.getString("abstractConnectionHandler.processorCreate", processor));
+ }
} else if (negotiatedProtocol.equals("http/1.1")) {
// Explicitly negotiated the default protocol.
// Obtain a processor below.
@@ -822,9 +828,8 @@
// replace the code below with the commented out
// block.
if (getLog().isDebugEnabled()) {
- getLog().debug(sm.getString(
- "abstractConnectionHandler.negotiatedProcessor.fail",
- negotiatedProtocol));
+ getLog().debug(sm.getString("abstractConnectionHandler.negotiatedProcessor.fail",
+ negotiatedProtocol));
}
return SocketState.CLOSED;
/*
@@ -841,20 +846,22 @@
if (processor == null) {
processor = recycledProcessors.pop();
if (getLog().isDebugEnabled()) {
- getLog().debug(sm.getString("abstractConnectionHandler.processorPop",
- processor));
+ getLog().debug(sm.getString("abstractConnectionHandler.processorPop", processor));
}
}
if (processor == null) {
processor = getProtocol().createProcessor();
register(processor);
+ if (getLog().isDebugEnabled()) {
+ getLog().debug(sm.getString("abstractConnectionHandler.processorCreate", processor));
+ }
}
processor.setSslSupport(
wrapper.getSslSupport(getProtocol().getClientCertProvider()));
// Associate the processor with the connection
- connections.put(socket, processor);
+ wrapper.setCurrentProcessor(processor);
SocketState state = SocketState.CLOSED;
do {
@@ -873,7 +880,7 @@
wrapper, getProtocol().getAdapter());
wrapper.unRead(leftOverInput);
// Associate with the processor with the connection
- connections.put(socket, processor);
+ wrapper.setCurrentProcessor(processor);
} else {
if (getLog().isDebugEnabled()) {
getLog().debug(sm.getString(
@@ -896,7 +903,7 @@
// Mark the connection as upgraded
wrapper.setUpgraded(true);
// Associate with the processor with the connection
- connections.put(socket, processor);
+ wrapper.setCurrentProcessor(processor);
// Initialise the upgrade handler (which may trigger
// some IO using the new protocol which is why the lines
// above are necessary)
@@ -934,7 +941,7 @@
} else if (state == SocketState.OPEN) {
// In keep-alive but between requests. OK to recycle
// processor. Continue to poll for the next request.
- connections.remove(socket);
+ wrapper.setCurrentProcessor(null);
release(processor);
wrapper.registerReadInterest();
} else if (state == SocketState.SENDFILE) {
@@ -960,7 +967,7 @@
// Connection closed. OK to recycle the processor.
// Processors handling upgrades require additional clean-up
// before release.
- connections.remove(socket);
+ wrapper.setCurrentProcessor(null);
if (processor.isUpgrade()) {
UpgradeToken upgradeToken = processor.getUpgradeToken();
HttpUpgradeHandler httpUpgradeHandler = upgradeToken.getHttpUpgradeHandler();
@@ -1020,7 +1027,7 @@
// Make sure socket/processor is removed from the list of current
// connections
- connections.remove(socket);
+ wrapper.setCurrentProcessor(null);
release(processor);
return SocketState.CLOSED;
}
@@ -1040,7 +1047,15 @@
@Override
public Set getOpenSockets() {
- return connections.keySet();
+ Set result = new HashSet<>();
+ for (SocketWrapperBase socketWrapper : set) {
+ S socket = socketWrapper.getSocket();
+ if (socket != null) {
+ result.add(socket);
+ }
+ }
+ return result;
}
@@ -1071,7 +1086,9 @@
// recycledProcessors since that pool is only for AJP or
// HTTP processors
recycledProcessors.push(processor);
- getLog().debug("Pushed Processor [" + processor + "]");
+ if (getLog().isDebugEnabled()) {
+ getLog().debug("Pushed Processor [" + processor + "]");
+ }
}
}
}
@@ -1083,8 +1100,8 @@
*/
@Override
public void release(SocketWrapperBase socketWrapper) {
- S socket = socketWrapper.getSocket();
- Processor processor = connections.remove(socket);
+ Processor processor = (Processor) socketWrapper.getCurrentProcessor();
+ socketWrapper.setCurrentProcessor(null);
release(processor);
}
@@ -1104,13 +1121,13 @@
",name=" + getProtocol().getProtocolName() +
"Request" + count);
if (getLog().isDebugEnabled()) {
- getLog().debug("Register " + rpName);
+ getLog().debug("Register [" + processor + "] as [" + rpName + "]");
}
Registry.getRegistry(null, null).registerComponent(rp,
rpName, null);
rp.setRpName(rpName);
} catch (Exception e) {
- getLog().warn("Error registering request");
+ getLog().warn(sm.getString("abstractProtocol.processorRegisterError"), e);
}
}
}
@@ -1129,13 +1146,13 @@
rp.setGlobalProcessor(null);
ObjectName rpName = rp.getRpName();
if (getLog().isDebugEnabled()) {
- getLog().debug("Unregister " + rpName);
+ getLog().debug("Unregister [" + rpName + "]");
}
Registry.getRegistry(null, null).unregisterComponent(
rpName);
rp.setRpName(null);
} catch (Exception e) {
- getLog().warn("Error unregistering request", e);
+ getLog().warn(sm.getString("abstractProtocol.processorUnregisterError"), e);
}
}
}
@@ -1152,8 +1169,11 @@
* Note that even if the endpoint is resumed, there is (currently)
* no API to inform the Processors of this.
*/
- for (Processor processor : connections.values()) {
- processor.pause();
+ for (SocketWrapperBase wrapper : proto.getEndpoint().getConnections()) {
+ Processor processor = (Processor) wrapper.getCurrentProcessor();
+ if (processor != null) {
+ processor.pause();
+ }
}
}
}
diff -Nru tomcat9-9.0.27/java/org/apache/coyote/ajp/AbstractAjpProtocol.java tomcat9-9.0.31/java/org/apache/coyote/ajp/AbstractAjpProtocol.java
--- tomcat9-9.0.27/java/org/apache/coyote/ajp/AbstractAjpProtocol.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/coyote/ajp/AbstractAjpProtocol.java 2020-02-05 19:26:48.000000000 +0000
@@ -16,6 +16,9 @@
*/
package org.apache.coyote.ajp;
+import java.net.InetAddress;
+import java.util.regex.Pattern;
+
import org.apache.coyote.AbstractProtocol;
import org.apache.coyote.Processor;
import org.apache.coyote.UpgradeProtocol;
@@ -46,6 +49,8 @@
setConnectionTimeout(Constants.DEFAULT_CONNECTION_TIMEOUT);
// AJP does not use Send File
getEndpoint().setUseSendfile(false);
+ // AJP listens on loopback by default
+ getEndpoint().setAddress(InetAddress.getLoopbackAddress());
ConnectionHandler cHandler = new ConnectionHandler<>(this);
setHandler(cHandler);
getEndpoint().setHandler(cHandler);
@@ -139,17 +144,60 @@
}
- private String requiredSecret = null;
+ private String secret = null;
+ /**
+ * Set the secret that must be included with every request.
+ *
+ * @param secret The required secret
+ */
+ public void setSecret(String secret) {
+ this.secret = secret;
+ }
+ protected String getSecret() {
+ return secret;
+ }
/**
* Set the required secret that must be included with every request.
*
* @param requiredSecret The required secret
+ *
+ * @deprecated Replaced by {@link #setSecret(String)}.
+ * Will be removed in Tomcat 11 onwards
*/
+ @Deprecated
public void setRequiredSecret(String requiredSecret) {
- this.requiredSecret = requiredSecret;
+ setSecret(requiredSecret);
}
+ /**
+ * @return The current secret
+ *
+ * @deprecated Replaced by {@link #getSecret()}.
+ * Will be removed in Tomcat 11 onwards
+ */
+ @Deprecated
protected String getRequiredSecret() {
- return requiredSecret;
+ return getSecret();
+ }
+
+
+ private boolean secretRequired = true;
+ public void setSecretRequired(boolean secretRequired) {
+ this.secretRequired = secretRequired;
+ }
+ public boolean getSecretRequired() {
+ return secretRequired;
+ }
+
+
+ private Pattern allowedRequestAttributesPattern;
+ public void setAllowedRequestAttributesPattern(String allowedRequestAttributesPattern) {
+ this.allowedRequestAttributesPattern = Pattern.compile(allowedRequestAttributesPattern);
+ }
+ public String getAllowedRequestAttributesPattern() {
+ return allowedRequestAttributesPattern.pattern();
+ }
+ protected Pattern getAllowedRequestAttributesPatternInternal() {
+ return allowedRequestAttributesPattern;
}
@@ -206,4 +254,16 @@
throw new IllegalStateException(sm.getString("ajpprotocol.noUpgradeHandler",
upgradeToken.getHttpUpgradeHandler().getClass().getName()));
}
+
+
+ @Override
+ public void start() throws Exception {
+ if (getSecretRequired()) {
+ String secret = getSecret();
+ if (secret == null || secret.length() == 0) {
+ throw new IllegalArgumentException(sm.getString("ajpprotocol.nosecret"));
+ }
+ }
+ super.start();
+ }
}
diff -Nru tomcat9-9.0.27/java/org/apache/coyote/ajp/AjpProcessor.java tomcat9-9.0.31/java/org/apache/coyote/ajp/AjpProcessor.java
--- tomcat9-9.0.27/java/org/apache/coyote/ajp/AjpProcessor.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/coyote/ajp/AjpProcessor.java 2020-02-05 19:26:48.000000000 +0000
@@ -25,6 +25,11 @@
import java.security.NoSuchProviderException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
import javax.servlet.http.HttpServletResponse;
@@ -78,6 +83,9 @@
private static final byte[] pongMessageArray;
+ private static final Set
* The internal states that are used are:
* DISPATCHED - Standard request. Not in Async mode.
- * STARTING - ServletRequest.startAsync() has been called but the
- * request in which that call was made has not finished
- * processing.
- * STARTED - ServletRequest.startAsync() has been called and the
- * request in which that call was made has finished
- * processing.
+ * STARTING - ServletRequest.startAsync() has been called from
+ * Servlet.service() but service() has not exited.
+ * STARTED - ServletRequest.startAsync() has been called from
+ * Servlet.service() and service() has exited.
* READ_WRITE_OP - Performing an asynchronous read or write.
* MUST_COMPLETE - ServletRequest.startAsync() followed by complete() have
* been called during a single Servlet.service() method. The
- * complete() will be processed as soon as the request
- * finishes.
- * COMPLETE_PENDING - ServletRequest.startAsync() has been called and before the
- * request in which that call was had finished processing,
- * complete() was called for a non-container thread. The
- * complete() will be processed as soon as the request
- * finishes. This is different to MUST_COMPLETE because of
- * differences required to avoid race conditions during error
- * handling.
+ * complete() will be processed as soon as Servlet.service()
+ * exits.
+ * COMPLETE_PENDING - ServletRequest.startAsync() has been called from
+ * Servlet.service() but, before service() exited, complete()
+ * was called from another thread. The complete() will
+ * be processed as soon as Servlet.service() exits.
* COMPLETING - The call to complete() was made once the request was in
- * the STARTED state. May or may not be triggered by a
- * container thread - depends if start(Runnable) was used.
+ * the STARTED state.
* TIMING_OUT - The async request has timed out and is waiting for a call
- * to complete(). If that isn't made, the error state will
- * entered.
+ * to complete() or dispatch(). If that isn't made, the error
+ * state will be entered.
* MUST_DISPATCH - ServletRequest.startAsync() followed by dispatch() have
* been called during a single Servlet.service() method. The
- * dispatch() will be processed as soon as the request
- * finishes.
- * DISPATCH_PENDING - ServletRequest.startAsync() has been called and before the
- * request in which that call was had finished processing,
- * dispatch() was called for a non-container thread. The
- * dispatch() will be processed as soon as the request
- * finishes. This is different to MUST_DISPATCH because of
- * differences required to avoid race conditions during error
- * handling.
+ * dispatch() will be processed as soon as Servlet.service()
+ * exits.
+ * DISPATCH_PENDING - ServletRequest.startAsync() has been called from
+ * Servlet.service() but, before service() exited, dispatch()
+ * was called from another thread. The dispatch() will
+ * be processed as soon as Servlet.service() exits.
* DISPATCHING - The dispatch is being processed.
- * MUST_ERROR - ServletRequest.startAsync() has been called followed by an
- * I/O error on a non-container thread. The main purpose of
- * this state is to prevent additional async actions
- * (complete(), dispatch() etc.) on the non-container thread.
- * The container will perform the necessary error handling,
- * including ensuring that the AsyncLister.onError() method
- * is called.
+ * MUST_ERROR - ServletRequest.startAsync() has been called from
+ * Servlet.service() but, before service() exited, an I/O
+ * error occured on another thread. The container will
+ * perform the necessary error handling when
+ * Servlet.service() exits.
* ERROR - Something went wrong.
*
- * |-----«-------------------------------«------------------------------|
- * | |
- * | error() |
- * |-----------------»---| | |--«--------MUST_ERROR---------------«------------------------| |
- * | \|/ \|/\|/ | |
- * | |----------«-----E R R O R--«-----------------------«-------------------------------| | |
- * | | complete() /|\/|\\ \-«--------------------------------«-------| | | |
- * | | | | \ | | | |
- * | | |-----»-------| | \-----------»----------| | | | |
- * | | | | |dispatch() | | ^ |
- * | | | | \|/ ^ | | |
- * | | | | |--|timeout() | | | | |
- * | | | post() | | \|/ | post() | | | |
- * | | | |---------- | --»DISPATCHED«---------- | --------------COMPLETING«-----| | | |
- * | | | | | /|\/|\ | | | /|\ /|\ | | | |
- * | | | | |---»- | ---| | |startAsync() | timeout()|--| | | | | |
- * | | ^ ^ | | | | | | | ^ | |
- * | | | | | |-- \ -----| | complete() | |post() | | | |
- * | | | | | | \ | /--»----- | ---COMPLETE_PENDING-»-| ^ | | |
- * | | | | | | \ | / | | | | |
- * | | | | | ^ \ | / | complete() | | | |
- * | \|/ | | | | \ \|/ / post() | /---»-----| | ^ |
- * | MUST_COMPLETE-«- | - | --«----STARTING--»--------- | ------------| / | | |
- * | /|\ /|\ | | complete() | \ | | / error() | | ^
- * | | | | | | \ | | //---»----------| | |
- * | | | ^ | dispatch()| \ | post() | // | |
- * | | | | | | \ | |-----| | // nct-io-error | |
- * | | | | | | \ | | | | ///---»---------------| |
- * | | | | | \|/ \ | | \|/\| ||| |
- * | | | | |--«--MUST_DISPATCH-----«-----| |--«--STARTED«---------«---------| |
- * | | | | dispatched() /|\ | \ / | | post() | |
- * | | | | | | \ / | | | |
- * | | | | | | \ / | | | |
- * | | | | | |post() | | | | ^ |
- * ^ | ^ | | | \|/ | | |asyncOperation() | |
- * | | | ^ | | DISPATCH_PENDING | | | | |
- * | | | | | | |post() | | | | |
- * | | | | | | | |----------| | |»-READ_WRITE_OP--»---| |
- * | | | | | | | | dispatch() | | | | |
- * | | | | | | | | | | | | |
- * | | | |post() | | | | timeout()| | | | error()|
- * | | | |dispatched() | \|/\|/ \|/ | dispatch()| | |-»--------|
- * | | | |---«---------- | ---DISPATCHING«-----«------ | ------«----| |
- * | | | | | ^ | |
- * | | | | |----| | |
- * | | | | timeout() | |
- * | | | | | |
- * | | | | dispatch() \|/ |
- * | | | |-----------«-----------TIMING_OUT |
- * | | | | | |
- * | | |-------«----------------------------------«------| | |
- * | | complete() | |
- * | | | |
- * |«- | ----«-------------------«-------------------------------«--| |
- * | error() |
- * | complete() |
- * |----------------------------------------------------------------------------|
+ *
+ * The valid state transitions are:
+ *
+ * post() dispatched()
+ * |-------»------------------»---------| |-------«-----------------------«-----|
+ * | | | |
+ * | | | post() |
+ * | post() \|/ \|/ dispatched() |
+ * | |-----»----------------»DISPATCHED«-------------«-------------| |
+ * | | | /|\ | | |
+ * | | startAsync()| |--|timeout() | |
+ * ^ | | | |
+ * | | complete() | dispatch() ^ |
+ * | | |--«---------------«-- | ---«--MUST_ERROR--»-----| | |
+ * | | | | /|\ | | |
+ * | ^ | | | | | |
+ * | | | | /-----|error() | | |
+ * | | | | / | ^ |
+ * | | \|/ ST-complete() \|/ / ST-dispatch() \|/ | |
+ * | MUST_COMPLETE«--------«--------STARTING--------»---------»MUST_DISPATCH |
+ * | / | \ |
+ * | / | \ |
+ * | OT-complete() / | \ OT-dispatch() |
+ * | COMPLETE_PENDING«------«------/ | \-------»---------»DISPATCH_PENDING |
+ * | | | | |
+ * | post()| timeout() post()| post() post()| timeout() |
+ * | | |--| | |--| | |--| |
+ * | \|/ \|/ | complete() \|/\|/ | dispatch() \|/ \|/ | |
+ * |--«-----COMPLETING«--------«----------STARTED--------»---------»DISPATCHING----|
+ * /|\ /|\ /|\ | /|\ \ /|\ /|\ /|\
+ * | | | | \ \asyncOperation() | | |
+ * | | | timeout()| \ \ | | |
+ * | | | | \ \ | | |
+ * | | | | \ \ | | |
+ * | | | | \ \ | | |
+ * | | | | \ \ | | |
+ * | | | | post()\ \ dispatch()| | |
+ * | | | complete() | \ \|/ | | |
+ * | | |---«------------«-- | --«---READ_WRITE----»----| | |
+ * | | | | |
+ * | | complete() \|/ dispatch() | |
+ * | |------------«-------TIMING_OUT--------»----------------| |
+ * | |
+ * | complete() dispatch() |
+ * |---------------«-----------ERROR--------------»-----------------|
+ *
+ *
+ * Notes: * For clarity, the transitions to ERROR which are valid from every state apart from
+ * STARTING are not shown.
+ * * All transitions may happen on either the Servlet.service() thread (ST) or on any
+ * other thread (OT) unless explicitly marked.
*
*/
class AsyncStateMachine {
@@ -278,10 +261,12 @@
*/
synchronized SocketState asyncPostProcess() {
if (state == AsyncState.COMPLETE_PENDING) {
- doComplete();
+ clearNonBlockingListeners();
+ state = AsyncState.COMPLETING;
return SocketState.ASYNC_END;
} else if (state == AsyncState.DISPATCH_PENDING) {
- doDispatch();
+ clearNonBlockingListeners();
+ state = AsyncState.DISPATCHING;
return SocketState.ASYNC_END;
} else if (state == AsyncState.STARTING || state == AsyncState.READ_WRITE_OP) {
state = AsyncState.STARTED;
@@ -312,27 +297,42 @@
if (!ContainerThreadMarker.isContainerThread() && state == AsyncState.STARTING) {
state = AsyncState.COMPLETE_PENDING;
return false;
- } else {
- return doComplete();
}
- }
-
- private synchronized boolean doComplete() {
clearNonBlockingListeners();
- boolean doComplete = false;
- if (state == AsyncState.STARTING || state == AsyncState.TIMING_OUT ||
- state == AsyncState.ERROR || state == AsyncState.READ_WRITE_OP) {
+ boolean triggerDispatch = false;
+ if (state == AsyncState.STARTING || state == AsyncState.MUST_ERROR) {
+ // Processing is on a container thread so no need to transfer
+ // processing to a new container thread
state = AsyncState.MUST_COMPLETE;
- } else if (state == AsyncState.STARTED || state == AsyncState.COMPLETE_PENDING) {
+ } else if (state == AsyncState.STARTED) {
+ state = AsyncState.COMPLETING;
+ // A dispatch to a container thread is always required.
+ // If on a non-container thread, need to get back onto a container
+ // thread to complete the processing.
+ // If on a container thread the current request/response are not the
+ // request/response associated with the AsyncContext so need a new
+ // container thread to process the different request/response.
+ triggerDispatch = true;
+ } else if (state == AsyncState.READ_WRITE_OP || state == AsyncState.TIMING_OUT ||
+ state == AsyncState.ERROR) {
+ // Read/write operations can happen on or off a container thread but
+ // while in this state the call to listener that triggers the
+ // read/write will be in progress on a container thread.
+ // Processing of timeouts and errors can happen on or off a
+ // container thread (on is much more likely) but while in this state
+ // the call that triggers the timeout will be in progress on a
+ // container thread.
+ // The socket will be added to the poller when the container thread
+ // exits the AbstractConnectionHandler.process() method so don't do
+ // a dispatch here which would add it to the poller a second time.
state = AsyncState.COMPLETING;
- doComplete = true;
} else {
throw new IllegalStateException(
sm.getString("asyncStateMachine.invalidAsyncState",
"asyncComplete()", state));
}
- return doComplete;
+ return triggerDispatch;
}
@@ -358,45 +358,42 @@
if (!ContainerThreadMarker.isContainerThread() && state == AsyncState.STARTING) {
state = AsyncState.DISPATCH_PENDING;
return false;
- } else {
- return doDispatch();
}
- }
-
- private synchronized boolean doDispatch() {
clearNonBlockingListeners();
- boolean doDispatch = false;
- if (state == AsyncState.STARTING ||
- state == AsyncState.TIMING_OUT ||
- state == AsyncState.ERROR) {
- // In these three cases processing is on a container thread so no
- // need to transfer processing to a new container thread
+ boolean triggerDispatch = false;
+ if (state == AsyncState.STARTING || state == AsyncState.MUST_ERROR) {
+ // Processing is on a container thread so no need to transfer
+ // processing to a new container thread
state = AsyncState.MUST_DISPATCH;
- } else if (state == AsyncState.STARTED || state == AsyncState.DISPATCH_PENDING) {
+ } else if (state == AsyncState.STARTED) {
state = AsyncState.DISPATCHING;
- // A dispatch is always required.
+ // A dispatch to a container thread is always required.
// If on a non-container thread, need to get back onto a container
// thread to complete the processing.
// If on a container thread the current request/response are not the
// request/response associated with the AsyncContext so need a new
// container thread to process the different request/response.
- doDispatch = true;
- } else if (state == AsyncState.READ_WRITE_OP) {
+ triggerDispatch = true;
+ } else if (state == AsyncState.READ_WRITE_OP || state == AsyncState.TIMING_OUT ||
+ state == AsyncState.ERROR) {
+ // Read/write operations can happen on or off a container thread but
+ // while in this state the call to listener that triggers the
+ // read/write will be in progress on a container thread.
+ // Processing of timeouts and errors can happen on or off a
+ // container thread (on is much more likely) but while in this state
+ // the call that triggers the timeout will be in progress on a
+ // container thread.
+ // The socket will be added to the poller when the container thread
+ // exits the AbstractConnectionHandler.process() method so don't do
+ // a dispatch here which would add it to the poller a second time.
state = AsyncState.DISPATCHING;
- // If on a container thread then the socket will be added to the
- // poller poller when the thread exits the
- // AbstractConnectionHandler.process() method so don't do a dispatch
- // here which would add it to the poller a second time.
- if (!ContainerThreadMarker.isContainerThread()) {
- doDispatch = true;
- }
} else {
throw new IllegalStateException(
sm.getString("asyncStateMachine.invalidAsyncState",
"asyncDispatch()", state));
}
- return doDispatch;
+ return triggerDispatch;
}
@@ -412,36 +409,17 @@
}
- synchronized void asyncMustError() {
- if (state == AsyncState.STARTED) {
- clearNonBlockingListeners();
+ synchronized boolean asyncError() {
+ clearNonBlockingListeners();
+ if (state == AsyncState.STARTING) {
state = AsyncState.MUST_ERROR;
} else {
- throw new IllegalStateException(
- sm.getString("asyncStateMachine.invalidAsyncState",
- "asyncMustError()", state));
- }
- }
-
-
- synchronized void asyncError() {
- if (state == AsyncState.STARTING ||
- state == AsyncState.STARTED ||
- state == AsyncState.DISPATCHED ||
- state == AsyncState.TIMING_OUT ||
- state == AsyncState.MUST_COMPLETE ||
- state == AsyncState.READ_WRITE_OP ||
- state == AsyncState.COMPLETING ||
- state == AsyncState.MUST_ERROR) {
- clearNonBlockingListeners();
state = AsyncState.ERROR;
- } else {
- throw new IllegalStateException(
- sm.getString("asyncStateMachine.invalidAsyncState",
- "asyncError()", state));
}
+ return !ContainerThreadMarker.isContainerThread();
}
+
synchronized void asyncRun(Runnable runnable) {
if (state == AsyncState.STARTING || state == AsyncState.STARTED ||
state == AsyncState.READ_WRITE_OP) {
diff -Nru tomcat9-9.0.27/java/org/apache/coyote/CompressionConfig.java tomcat9-9.0.31/java/org/apache/coyote/CompressionConfig.java
--- tomcat9-9.0.27/java/org/apache/coyote/CompressionConfig.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/coyote/CompressionConfig.java 2020-02-05 19:26:48.000000000 +0000
@@ -20,23 +20,33 @@
import java.io.StringReader;
import java.util.ArrayList;
import java.util.Enumeration;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.http.MimeHeaders;
import org.apache.tomcat.util.http.ResponseUtil;
import org.apache.tomcat.util.http.parser.AcceptEncoding;
+import org.apache.tomcat.util.http.parser.TokenList;
+import org.apache.tomcat.util.res.StringManager;
public class CompressionConfig {
+ private static final Log log = LogFactory.getLog(CompressionConfig.class);
+ private static final StringManager sm = StringManager.getManager(CompressionConfig.class);
+
private int compressionLevel = 0;
private Pattern noCompressionUserAgents = null;
private String compressibleMimeType = "text/html,text/xml,text/plain,text/css," +
"text/javascript,application/javascript,application/json,application/xml";
private String[] compressibleMimeTypes = null;
private int compressionMinSize = 2048;
+ private boolean noCompressionStrongETag = true;
/**
@@ -174,6 +184,35 @@
/**
+ * Determine if compression is disabled if the resource has a strong ETag.
+ *
+ * @return {@code true} if compression is disabled, otherwise {@code false}
+ *
+ * @deprecated Will be removed in Tomcat 10 where it will be hard-coded to
+ * {@code true}
+ */
+ @Deprecated
+ public boolean getNoCompressionStrongETag() {
+ return noCompressionStrongETag;
+ }
+
+
+ /**
+ * Set whether compression is disabled for resources with a strong ETag.
+ *
+ * @param noCompressionStrongETag {@code true} if compression is disabled,
+ * otherwise {@code false}
+ *
+ * @deprecated Will be removed in Tomcat 10 where it will be hard-coded to
+ * {@code true}
+ */
+ @Deprecated
+ public void setNoCompressionStrongETag(boolean noCompressionStrongETag) {
+ this.noCompressionStrongETag = noCompressionStrongETag;
+ }
+
+
+ /**
* Determines if compression should be enabled for the given response and if
* it is, sets any necessary headers to mark it as such.
*
@@ -193,10 +232,21 @@
// Check if content is not already compressed
MessageBytes contentEncodingMB = responseHeaders.getValue("Content-Encoding");
- if (contentEncodingMB != null &&
- (contentEncodingMB.indexOf("gzip") != -1 ||
- contentEncodingMB.indexOf("br") != -1)) {
- return false;
+ if (contentEncodingMB != null) {
+ // Content-Encoding values are ordered but order is not important
+ // for this check so use a Set rather than a List
+ Set
* When skipping broken header line: first character of the header.
* When parsing header value: first character after ':'.
@@ -1045,6 +1073,7 @@
*/
MessageBytes headerValue = null;
public void recycle() {
+ lineStart = 0;
start = 0;
realPos = 0;
lastSignificantChar = 0;
diff -Nru tomcat9-9.0.27/java/org/apache/coyote/http11/Http11NioProtocol.java tomcat9-9.0.31/java/org/apache/coyote/http11/Http11NioProtocol.java
--- tomcat9-9.0.27/java/org/apache/coyote/http11/Http11NioProtocol.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/coyote/http11/Http11NioProtocol.java 2020-02-05 19:26:48.000000000 +0000
@@ -50,10 +50,21 @@
* NO-OP.
*
* @param count Unused
+ *
+ * @deprecated This setter will be removed in Tomcat 10.
*/
+ @Deprecated
public void setPollerThreadCount(int count) {
}
+ /**
+ * Always returns 1.
+ *
+ * @return 1
+ *
+ * @deprecated This getter will be removed in Tomcat 10.
+ */
+ @Deprecated
public int getPollerThreadCount() {
return 1;
}
diff -Nru tomcat9-9.0.27/java/org/apache/coyote/http11/Http11Processor.java tomcat9-9.0.31/java/org/apache/coyote/http11/Http11Processor.java
--- tomcat9-9.0.27/java/org/apache/coyote/http11/Http11Processor.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/coyote/http11/Http11Processor.java 2020-02-05 19:26:48.000000000 +0000
@@ -19,8 +19,10 @@
import java.io.IOException;
import java.io.InterruptedIOException;
import java.nio.ByteBuffer;
-import java.util.Enumeration;
-import java.util.Locale;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletResponse;
@@ -46,12 +48,12 @@
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.ExceptionUtils;
-import org.apache.tomcat.util.buf.Ascii;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.http.FastHttpDateFormat;
import org.apache.tomcat.util.http.MimeHeaders;
import org.apache.tomcat.util.http.parser.HttpParser;
+import org.apache.tomcat.util.http.parser.TokenList;
import org.apache.tomcat.util.log.UserDataHelper;
import org.apache.tomcat.util.net.AbstractEndpoint.Handler.SocketState;
import org.apache.tomcat.util.net.SSLSupport;
@@ -73,6 +75,7 @@
private final AbstractHttp11Protocol protocol;
+
/**
* Input.
*/
@@ -153,7 +156,7 @@
protocol.getRelaxedQueryChars());
inputBuffer = new Http11InputBuffer(request, protocol.getMaxHttpHeaderSize(),
- protocol.getRejectIllegalHeaderName(), httpParser);
+ protocol.getRejectIllegalHeader(), httpParser);
request.setInputBuffer(inputBuffer);
outputBuffer = new Http11OutputBuffer(response, protocol.getMaxHttpHeaderSize());
@@ -185,39 +188,6 @@
/**
- * Specialized utility method: find a sequence of lower case bytes inside
- * a ByteChunk.
- */
- private static int findBytes(ByteChunk bc, byte[] b) {
-
- byte first = b[0];
- byte[] buff = bc.getBuffer();
- int start = bc.getStart();
- int end = bc.getEnd();
-
- // Look for first char
- int srcEnd = b.length;
-
- for (int i = start; i <= (end - srcEnd); i++) {
- if (Ascii.toLower(buff[i]) != first) {
- continue;
- }
- // found first char, now look for a match
- int myPos = i+1;
- for (int srcPos = 1; srcPos < srcEnd;) {
- if (Ascii.toLower(buff[myPos++]) != b[srcPos++]) {
- break;
- }
- if (srcPos == srcEnd) {
- return i - start; // found it
- }
- }
- }
- return -1;
- }
-
-
- /**
* Determine if we must drop the connection because of the HTTP status
* code. Use the same list of codes as Apache/httpd.
*/
@@ -239,9 +209,7 @@
*/
private void addInputFilter(InputFilter[] inputFilters, String encodingName) {
- // Trim provided encoding name and convert to lower case since transfer
- // encoding names are case insensitive. (RFC2616, section 3.6)
- encodingName = encodingName.trim().toLowerCase(Locale.ENGLISH);
+ // Parsing trims and converts to lower case.
if (encodingName.equals("identity")) {
// Skip
@@ -345,16 +313,7 @@
}
// Has an upgrade been requested?
- Enumerationfalse
*/
public boolean accept(Request request);
+
+
+ /**
+ * Configure the HTTP/1.1 protocol that this UpgradeProcotol is nested
+ * under. Connections passed to this UpgradeProtocol via HTTP upgrade will
+ * have been initially handled by this HTTP/1.1 protocol implementation.
+ * GenericKeyedObjectPool.
+ * GenericObjectPool provides robust pooling functionality for
- * arbitrary objects.
* The pool can also be configured to detect and remove "abandoned" objects,
* i.e. objects that have been checked out of the pool but neither used nor
@@ -59,13 +61,16 @@
* their last use will be queried
* using the getLastUsed method on that interface; otherwise
* abandonment is determined by how long an object has been checked out from
- * the pool.
* Implementation note: To prevent possible deadlocks, care has been taken to * ensure that no call to a factory method will occur within a synchronization - * block. See POOL-125 and DBCP-44 for more information.
+ * block. See POOL-125 and DBCP-44 for more information. + * *- * This class is intended to be thread-safe.
+ * This class is intended to be thread-safe. + * * * @see GenericKeyedObjectPool * @@ -576,6 +581,11 @@ } catch (final Exception e) { swallowException(e); } + try { + ensureIdle(1, false); + } catch (final Exception e) { + swallowException(e); + } } else { if (getLifo()) { idleObjects.addFirst(p); @@ -931,15 +941,6 @@ destroyedCount.incrementAndGet(); createCount.decrementAndGet(); } - - if (idleObjects.isEmpty() && idleObjects.hasTakeWaiters()) { - // POOL-356. - // In case there are already threads waiting on something in the pool - // (e.g. idleObjects.takeFirst(); then we need to provide them a fresh instance. - // Otherwise they will be stuck forever (or until timeout) - final PooledObject* This class is intended to be thread-safe. + *
* * @since 2.0 */ diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/dbcp/pool2/impl/LinkedBlockingDeque.java tomcat9-9.0.31/java/org/apache/tomcat/dbcp/pool2/impl/LinkedBlockingDeque.java --- tomcat9-9.0.27/java/org/apache/tomcat/dbcp/pool2/impl/LinkedBlockingDeque.java 2019-10-07 09:50:40.000000000 +0000 +++ tomcat9-9.0.31/java/org/apache/tomcat/dbcp/pool2/impl/LinkedBlockingDeque.java 2020-02-05 19:26:48.000000000 +0000 @@ -34,6 +34,7 @@ * is equal to {@link Integer#MAX_VALUE}. Linked nodes are * dynamically created upon each insertion unless this would bring the * deque above capacity. + * * *Most operations run in constant time (ignoring time spent * blocking). Exceptions include {@link #remove(Object) remove}, @@ -41,14 +42,17 @@ * #removeLastOccurrence removeLastOccurrence}, {@link #contains * contains}, {@link #iterator iterator.remove()}, and the bulk * operations, all of which run in linear time. + *
* *This class and its iterator implement all of the * optional methods of the {@link Collection} and {@link * Iterator} interfaces. + *
* *This class is a member of the * * Java Collections Framework. + *
* * @param* This class is intended to be thread-safe. + *
* * @paramaddObject is useful for
+ * "pre-loading" a pool with idle objects (Optional operation).
+ *
+ * @param key the key a new instance should be added to
+ *
+ * @throws Exception
+ * when {@link KeyedPooledObjectFactory#makeObject} fails.
+ * @throws IllegalStateException
+ * after {@link #close} has been called on this pool.
+ * @throws UnsupportedOperationException
+ * when this pool cannot add new idle objects.
+ */
+ void addObject(K key) throws Exception, IllegalStateException,
+ UnsupportedOperationException;
+
+ /**
+ * Calls {@link KeyedObjectPool#addObject(Object)} with each
+ * key in keys for count number of times. This has
+ * the same effect as calling {@link #addObjects(Object, int)}
+ * for each key in the keys collection.
+ *
+ * @param keys
+ * {@link Collection} of keys to add objects for.
+ * @param count
+ * the number of idle objects to add for each key.
+ * @throws Exception
+ * when {@link KeyedObjectPool#addObject(Object)} fails.
+ * @throws IllegalArgumentException
+ * when keyedPool, keys, or any value
+ * in keys is null.
+ * @see #addObjects(Object, int)
+ */
+ default void addObjects(final Collectionkey count number of times.
+ *
+ * @param key
+ * the key to add objects for.
+ * @param count
+ * the number of idle objects to add for key.
+ * @throws Exception
+ * when {@link KeyedObjectPool#addObject(Object)} fails.
+ * @throws IllegalArgumentException
+ * when key is null.
+ * @since 2.8.0
+ */
+ default void addObjects(final K key, final int count) throws Exception, IllegalArgumentException {
+ if (key == null) {
+ throw new IllegalArgumentException(PoolUtils.MSG_NULL_KEY);
+ }
+ for (int i = 0; i < count; i++) {
+ addObject(key);
+ }
+ }
+
/**
* Obtains an instance from this pool for the specified key.
*
@@ -105,75 +176,50 @@
V borrowObject(K key) throws Exception, NoSuchElementException, IllegalStateException;
/**
- * Return an instance to the pool. By contract, obj
- * must have been obtained using
- * {@link #borrowObject borrowObject} or a related method as defined in an
- * implementation or sub-interface using a key that is
- * equivalent to the one used to borrow the instance in the first place.
- *
- * @param key the key used to obtain the object
- * @param obj a {@link #borrowObject borrowed} instance to be returned.
+ * Clears the pool, removing all pooled instances (optional operation).
*
- * @throws IllegalStateException
- * if an attempt is made to return an object to the pool that
- * is in any state other than allocated (i.e. borrowed).
- * Attempting to return an object more than once or attempting
- * to return an object that was never borrowed from the pool
- * will trigger this exception.
+ * @throws UnsupportedOperationException when this implementation doesn't
+ * support the operation
*
- * @throws Exception if an instance cannot be returned to the pool
+ * @throws Exception if the pool cannot be cleared
*/
- void returnObject(K key, V obj) throws Exception;
+ void clear() throws Exception, UnsupportedOperationException;
/**
- * Invalidates an object from the pool.
- *
- * By contract, obj must have been obtained
- * using {@link #borrowObject borrowObject} or a related method as defined
- * in an implementation or sub-interface using a key that is
- * equivalent to the one used to borrow the Object in the first
- * place.
- *
- * This method should be used when an object that has been borrowed is - * determined (due to an exception or other problem) to be invalid. - *
+ * Clears the specified pool, removing all pooled instances corresponding to + * the givenkey (optional operation).
*
- * @param key the key used to obtain the object
- * @param obj a {@link #borrowObject borrowed} instance to be returned.
+ * @param key the key to clear
*
- * @throws Exception if the instance cannot be invalidated
+ * @throws UnsupportedOperationException when this implementation doesn't
+ * support the operation
+ *
+ * @throws Exception if the key cannot be cleared
*/
- void invalidateObject(K key, V obj) throws Exception;
+ void clear(K key) throws Exception, UnsupportedOperationException;
/**
- * Create an object using the {@link KeyedPooledObjectFactory factory} or
- * other implementation dependent mechanism, passivate it, and then place it
- * in the idle object pool. addObject is useful for
- * "pre-loading" a pool with idle objects (Optional operation).
- *
- * @param key the key a new instance should be added to
- *
- * @throws Exception
- * when {@link KeyedPooledObjectFactory#makeObject} fails.
- * @throws IllegalStateException
- * after {@link #close} has been called on this pool.
- * @throws UnsupportedOperationException
- * when this pool cannot add new idle objects.
+ * Close this pool, and free any resources associated with it.
+ * + * Calling {@link #addObject addObject} or + * {@link #borrowObject borrowObject} after invoking this method on a pool + * will cause them to throw an {@link IllegalStateException}. + *
+ *+ * Implementations should silently fail if not all resources can be freed. + *
*/ - void addObject(K key) throws Exception, IllegalStateException, - UnsupportedOperationException; + @Override + void close(); /** - * Returns the number of instances corresponding to the given - *key currently idle in this pool. Returns a negative value if
- * this information is not available.
- *
- * @param key the key to query
- * @return the number of instances corresponding to the given
- * key currently idle in this pool.
+ * Returns the total number of instances currently borrowed from this pool but
+ * not yet returned. Returns a negative value if this information is not
+ * available.
+ * @return the total number of instances currently borrowed from this pool but
+ * not yet returned.
*/
- int getNumIdle(K key);
+ int getNumActive();
/**
* Returns the number of instances currently borrowed from but not yet
@@ -194,48 +240,55 @@
int getNumIdle();
/**
- * Returns the total number of instances currently borrowed from this pool but
- * not yet returned. Returns a negative value if this information is not
- * available.
- * @return the total number of instances currently borrowed from this pool but
- * not yet returned.
+ * Returns the number of instances corresponding to the given
+ * key currently idle in this pool. Returns a negative value if
+ * this information is not available.
+ *
+ * @param key the key to query
+ * @return the number of instances corresponding to the given
+ * key currently idle in this pool.
*/
- int getNumActive();
+ int getNumIdle(K key);
/**
- * Clears the pool, removing all pooled instances (optional operation).
+ * Invalidates an object from the pool.
+ *
+ * By contract, obj must have been obtained
+ * using {@link #borrowObject borrowObject} or a related method as defined
+ * in an implementation or sub-interface using a key that is
+ * equivalent to the one used to borrow the Object in the first
+ * place.
+ *
+ * This method should be used when an object that has been borrowed is + * determined (due to an exception or other problem) to be invalid. + *
* - * @throws UnsupportedOperationException when this implementation doesn't - * support the operation + * @param key the key used to obtain the object + * @param obj a {@link #borrowObject borrowed} instance to be returned. * - * @throws Exception if the pool cannot be cleared + * @throws Exception if the instance cannot be invalidated */ - void clear() throws Exception, UnsupportedOperationException; + void invalidateObject(K key, V obj) throws Exception; /** - * Clears the specified pool, removing all pooled instances corresponding to - * the givenkey (optional operation).
+ * Return an instance to the pool. By contract, obj
+ * must have been obtained using
+ * {@link #borrowObject borrowObject} or a related method as defined in an
+ * implementation or sub-interface using a key that is
+ * equivalent to the one used to borrow the instance in the first place.
*
- * @param key the key to clear
+ * @param key the key used to obtain the object
+ * @param obj a {@link #borrowObject borrowed} instance to be returned.
*
- * @throws UnsupportedOperationException when this implementation doesn't
- * support the operation
+ * @throws IllegalStateException
+ * if an attempt is made to return an object to the pool that
+ * is in any state other than allocated (i.e. borrowed).
+ * Attempting to return an object more than once or attempting
+ * to return an object that was never borrowed from the pool
+ * will trigger this exception.
*
- * @throws Exception if the key cannot be cleared
- */
- void clear(K key) throws Exception, UnsupportedOperationException;
-
- /**
- * Close this pool, and free any resources associated with it.
- * - * Calling {@link #addObject addObject} or - * {@link #borrowObject borrowObject} after invoking this method on a pool - * will cause them to throw an {@link IllegalStateException}. - *
- *- * Implementations should silently fail if not all resources can be freed. - *
+ * @throws Exception if an instance cannot be returned to the pool */ - @Override - void close(); + void returnObject(K key, V obj) throws Exception; } diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/dbcp/pool2/ObjectPool.java tomcat9-9.0.31/java/org/apache/tomcat/dbcp/pool2/ObjectPool.java --- tomcat9-9.0.27/java/org/apache/tomcat/dbcp/pool2/ObjectPool.java 2019-10-07 09:50:40.000000000 +0000 +++ tomcat9-9.0.31/java/org/apache/tomcat/dbcp/pool2/ObjectPool.java 2020-02-05 19:26:48.000000000 +0000 @@ -60,6 +60,38 @@ public interface ObjectPooladdObject is useful for "pre-loading"
+ * a pool with idle objects. (Optional operation).
+ *
+ * @throws Exception
+ * when {@link PooledObjectFactory#makeObject} fails.
+ * @throws IllegalStateException
+ * after {@link #close} has been called on this pool.
+ * @throws UnsupportedOperationException
+ * when this pool cannot add new idle objects.
+ */
+ void addObject() throws Exception, IllegalStateException,
+ UnsupportedOperationException;
+
+ /**
+ * Calls {@link ObjectPool#addObject()} count
+ * number of times.
+ *
+ * @param count
+ * the number of idle objects to add.
+ * @throws Exception
+ * when {@link ObjectPool#addObject()} fails.
+ * @since 2.8.0
+ */
+ default void addObjects(final int count) throws Exception {
+ for (int i = 0; i < count; i++) {
+ addObject();
+ }
+ }
+
+ /**
* Obtains an instance from this pool.
*
* Instances returned from this method will have been either newly created
@@ -94,56 +126,36 @@
IllegalStateException;
/**
- * Returns an instance to the pool. By contract, obj
- * must have been obtained using {@link #borrowObject()} or
- * a related method as defined in an implementation or sub-interface.
- *
- * @param obj a {@link #borrowObject borrowed} instance to be returned.
+ * Clears any objects sitting idle in the pool, releasing any associated
+ * resources (optional operation). Idle objects cleared must be
+ * {@link PooledObjectFactory#destroyObject(PooledObject)}.
*
- * @throws IllegalStateException
- * if an attempt is made to return an object to the pool that
- * is in any state other than allocated (i.e. borrowed).
- * Attempting to return an object more than once or attempting
- * to return an object that was never borrowed from the pool
- * will trigger this exception.
+ * @throws UnsupportedOperationException
+ * if this implementation does not support the operation
*
- * @throws Exception if an instance cannot be returned to the pool
+ * @throws Exception if the pool cannot be cleared
*/
- void returnObject(T obj) throws Exception;
+ void clear() throws Exception, UnsupportedOperationException;
/**
- * Invalidates an object from the pool.
+ * Closes this pool, and free any resources associated with it.
*
- * By contract, obj must have been obtained
- * using {@link #borrowObject} or a related method as defined in an
- * implementation or sub-interface.
+ * Calling {@link #addObject} or {@link #borrowObject} after invoking this
+ * method on a pool will cause them to throw an {@link IllegalStateException}.
*
- * This method should be used when an object that has been borrowed is - * determined (due to an exception or other problem) to be invalid. + * Implementations should silently fail if not all resources can be freed. *
- * - * @param obj a {@link #borrowObject borrowed} instance to be disposed. - * - * @throws Exception if the instance cannot be invalidated */ - void invalidateObject(T obj) throws Exception; + @Override + void close(); /** - * Creates an object using the {@link PooledObjectFactory factory} or other - * implementation dependent mechanism, passivate it, and then place it in - * the idle object pool.addObject is useful for "pre-loading"
- * a pool with idle objects. (Optional operation).
- *
- * @throws Exception
- * when {@link PooledObjectFactory#makeObject} fails.
- * @throws IllegalStateException
- * after {@link #close} has been called on this pool.
- * @throws UnsupportedOperationException
- * when this pool cannot add new idle objects.
+ * Returns the number of instances currently borrowed from this pool. Returns
+ * a negative value if this information is not available.
+ * @return the number of instances currently borrowed from this pool.
*/
- void addObject() throws Exception, IllegalStateException,
- UnsupportedOperationException;
+ int getNumActive();
/**
* Returns the number of instances currently idle in this pool. This may be
@@ -155,34 +167,38 @@
int getNumIdle();
/**
- * Returns the number of instances currently borrowed from this pool. Returns
- * a negative value if this information is not available.
- * @return the number of instances currently borrowed from this pool.
- */
- int getNumActive();
-
- /**
- * Clears any objects sitting idle in the pool, releasing any associated
- * resources (optional operation). Idle objects cleared must be
- * {@link PooledObjectFactory#destroyObject(PooledObject)}.
+ * Invalidates an object from the pool.
+ *
+ * By contract, obj must have been obtained
+ * using {@link #borrowObject} or a related method as defined in an
+ * implementation or sub-interface.
+ *
+ * This method should be used when an object that has been borrowed is + * determined (due to an exception or other problem) to be invalid. + *
* - * @throws UnsupportedOperationException - * if this implementation does not support the operation + * @param obj a {@link #borrowObject borrowed} instance to be disposed. * - * @throws Exception if the pool cannot be cleared + * @throws Exception if the instance cannot be invalidated */ - void clear() throws Exception, UnsupportedOperationException; + void invalidateObject(T obj) throws Exception; /** - * Closes this pool, and free any resources associated with it. - *- * Calling {@link #addObject} or {@link #borrowObject} after invoking this - * method on a pool will cause them to throw an {@link IllegalStateException}. - *
- *- * Implementations should silently fail if not all resources can be freed. - *
+ * Returns an instance to the pool. By contract,obj
+ * must have been obtained using {@link #borrowObject()} or
+ * a related method as defined in an implementation or sub-interface.
+ *
+ * @param obj a {@link #borrowObject borrowed} instance to be returned.
+ *
+ * @throws IllegalStateException
+ * if an attempt is made to return an object to the pool that
+ * is in any state other than allocated (i.e. borrowed).
+ * Attempting to return an object more than once or attempting
+ * to return an object that was never borrowed from the pool
+ * will trigger this exception.
+ *
+ * @throws Exception if an instance cannot be returned to the pool
*/
- @Override
- void close();
+ void returnObject(T obj) throws Exception;
}
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/dbcp/pool2/PooledObject.java tomcat9-9.0.31/java/org/apache/tomcat/dbcp/pool2/PooledObject.java
--- tomcat9-9.0.27/java/org/apache/tomcat/dbcp/pool2/PooledObject.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/dbcp/pool2/PooledObject.java 2020-02-05 19:26:48.000000000 +0000
@@ -24,6 +24,7 @@
* state, for the pooled objects.
* * Implementations of this class are required to be thread-safe. + *
* * @parampool is null.
+ * @deprecated Use {@link ObjectPool#addObjects(int)}.
*/
+ @Deprecated
public static keyedPool or key is
* null.
+ * @deprecated Use {@link KeyedObjectPool#addObjects(Object, int)}.
*/
+ @Deprecated
public static keyedPool, keys, or any value
* in keys is null.
* @see #prefill(KeyedObjectPool, Object, int)
+ * @deprecated Use {@link KeyedObjectPool#addObjects(Collection, int)}.
*/
+ @Deprecated
public static false if it should be excluded
*/
boolean check(JarScanType jarScanType, String jarName);
+
+ /**
+ *
+ * @return true if all of the scans should be skipped which
+ * can improve startup performance. The default is false.
+ */
+ default boolean isSkipAll() {
+ return false;
+ }
}
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/bcel/classfile/ConstantClass.java tomcat9-9.0.31/java/org/apache/tomcat/util/bcel/classfile/ConstantClass.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/bcel/classfile/ConstantClass.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/bcel/classfile/ConstantClass.java 2020-02-05 19:26:48.000000000 +0000
@@ -48,7 +48,7 @@
/**
* @return Name index in constant pool of class name.
*/
- public final int getNameIndex() {
+ public int getNameIndex() {
return name_index;
}
}
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/bcel/classfile/ConstantDouble.java tomcat9-9.0.31/java/org/apache/tomcat/util/bcel/classfile/ConstantDouble.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/bcel/classfile/ConstantDouble.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/bcel/classfile/ConstantDouble.java 2020-02-05 19:26:48.000000000 +0000
@@ -48,7 +48,7 @@
/**
* @return data, i.e., 8 bytes.
*/
- public final double getBytes() {
+ public double getBytes() {
return bytes;
}
}
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/bcel/classfile/ConstantFloat.java tomcat9-9.0.31/java/org/apache/tomcat/util/bcel/classfile/ConstantFloat.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/bcel/classfile/ConstantFloat.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/bcel/classfile/ConstantFloat.java 2020-02-05 19:26:48.000000000 +0000
@@ -48,7 +48,7 @@
/**
* @return data, i.e., 4 bytes.
*/
- public final float getBytes() {
+ public float getBytes() {
return bytes;
}
}
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/bcel/classfile/ConstantInteger.java tomcat9-9.0.31/java/org/apache/tomcat/util/bcel/classfile/ConstantInteger.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/bcel/classfile/ConstantInteger.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/bcel/classfile/ConstantInteger.java 2020-02-05 19:26:48.000000000 +0000
@@ -48,7 +48,7 @@
/**
* @return data, i.e., 4 bytes.
*/
- public final int getBytes() {
+ public int getBytes() {
return bytes;
}
}
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/bcel/classfile/ConstantLong.java tomcat9-9.0.31/java/org/apache/tomcat/util/bcel/classfile/ConstantLong.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/bcel/classfile/ConstantLong.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/bcel/classfile/ConstantLong.java 2020-02-05 19:26:48.000000000 +0000
@@ -48,7 +48,7 @@
/**
* @return data, i.e., 8 bytes.
*/
- public final long getBytes() {
+ public long getBytes() {
return bytes;
}
}
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/bcel/Const.java tomcat9-9.0.31/java/org/apache/tomcat/util/bcel/Const.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/bcel/Const.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/bcel/Const.java 2020-02-05 19:26:48.000000000 +0000
@@ -23,12 +23,14 @@
public final class Const {
/** One of the access flags for fields, methods, or classes.
- * @see
- * Flag definitions for Fields in the Java Virtual Machine Specification (Java SE 8 Edition).
- * @see
- * Flag definitions for Methods in the Java Virtual Machine Specification (Java SE 8 Edition).
- * @see
- * Flag definitions for Classes in the Java Virtual Machine Specification (Java SE 8 Edition).
+ * @see
+ * Flag definitions for Classes in the Java Virtual Machine Specification (Java SE 9 Edition).
+ * @see
+ * Flag definitions for Fields in the Java Virtual Machine Specification (Java SE 9 Edition).
+ * @see
+ * Flag definitions for Methods in the Java Virtual Machine Specification (Java SE 9 Edition).
+ * @see
+ * Flag definitions for Inner Classes in the Java Virtual Machine Specification (Java SE 9 Edition).
*/
public static final short ACC_FINAL = 0x0010;
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/buf/Asn1Parser.java tomcat9-9.0.31/java/org/apache/tomcat/util/buf/Asn1Parser.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/buf/Asn1Parser.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/buf/Asn1Parser.java 2020-02-05 19:26:48.000000000 +0000
@@ -83,6 +83,12 @@
}
+ public void parseBytes(byte[] dest) {
+ System.arraycopy(source, pos, dest, 0, dest.length);
+ pos += dest.length;
+ }
+
+
private int next() {
return source[pos++] & 0xFF;
}
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/buf/Asn1Writer.java tomcat9-9.0.31/java/org/apache/tomcat/util/buf/Asn1Writer.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/buf/Asn1Writer.java 1970-01-01 00:00:00.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/buf/Asn1Writer.java 2020-02-05 19:26:48.000000000 +0000
@@ -0,0 +1,95 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.buf;
+
+public class Asn1Writer {
+
+ public static byte[] writeSequence(byte[]... components) {
+ int len = 0;
+ for (byte[] component : components) {
+ len += component.length;
+ }
+
+ byte[] combined = new byte[len];
+ int pos = 0;
+ for (byte[] component : components) {
+ System.arraycopy(component, 0, combined, pos, component.length);
+ pos += component.length;
+ }
+
+ return writeTag((byte) 0x30, combined);
+ }
+
+
+ public static byte[] writeInteger(int value) {
+ // How many bytes required to write the value? No more than 4 for int.
+ int valueSize = 1;
+ while ((value >> (valueSize * 8)) > 0) {
+ valueSize++;
+ }
+
+ byte[] valueBytes = new byte[valueSize];
+ int i = 0;
+ while (valueSize > 0) {
+ valueBytes[i] = (byte) (value >> (8 * (valueSize - 1)));
+ value = value >> 8;
+ valueSize--;
+ i++;
+ }
+
+ return writeTag((byte) 0x02, valueBytes);
+ }
+
+ public static byte[] writeOctetString(byte[] data) {
+ return writeTag((byte) 0x04, data);
+ }
+
+ public static byte[] writeTag(byte tagId, byte[] data) {
+ int dataSize = data.length;
+ // How many bytes to write the length?
+ int lengthSize = 1;
+ if (dataSize >127) {
+ // 1 byte we have is now used to record how many bytes we need to
+ // record a length > 127
+ // Result is lengthSize = 1 + number of bytes to record length
+ do {
+ lengthSize++;
+ }
+ while ((dataSize >> (lengthSize * 8)) > 0);
+ }
+
+ // 1 for tag + lengthSize + dataSize
+ byte[] result = new byte[1 + lengthSize + dataSize];
+ result[0] = tagId;
+ if (dataSize < 128) {
+ result[1] = (byte) dataSize;
+ } else {
+ // lengthSize is 1 + number of bytes for length
+ result[1] = (byte) (127 + lengthSize);
+ int i = lengthSize;
+ while (dataSize > 0) {
+ result[i] = (byte) (dataSize & 0xFF);
+ dataSize = dataSize >> 8;
+ i--;
+ }
+ }
+
+ System.arraycopy(data, 0, result, 1 + lengthSize, data.length);
+
+ return result;
+ }
+}
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/buf/CharChunk.java tomcat9-9.0.31/java/org/apache/tomcat/util/buf/CharChunk.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/buf/CharChunk.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/buf/CharChunk.java 2020-02-05 19:26:48.000000000 +0000
@@ -165,7 +165,7 @@
// -------------------- Adding data to the buffer --------------------
- public void append(char b) throws IOException {
+ public void append(char c) throws IOException {
makeSpace(1);
int limit = getLimitInternal();
@@ -173,7 +173,7 @@
if (end >= limit) {
flushBuffer();
}
- buff[end++] = b;
+ buff[end++] = c;
}
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/buf/CharsetCache.java tomcat9-9.0.31/java/org/apache/tomcat/util/buf/CharsetCache.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/buf/CharsetCache.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/buf/CharsetCache.java 2020-02-05 19:26:48.000000000 +0000
@@ -149,7 +149,9 @@
"29626c", "833", "cp29626c", "ibm-1140", "ibm-1141", "ibm-1142", "ibm-1143", "ibm-1144", "ibm-1145",
"ibm-1146", "ibm-1147", "ibm-1148", "ibm-1149", "ibm-29626c", "ibm-858", "ibm-eucjp", "ibm1140", "ibm1141",
"ibm1142", "ibm1143", "ibm1144", "ibm1145", "ibm1146", "ibm1147", "ibm1148", "ibm1149", "ibm29626c",
- "ibm858", "x-ibm29626c"
+ "ibm858", "x-ibm29626c",
+ // Added from HPE JVM 1.8.0.17-hp-ux
+ "cp1051", "cp1386", "cshproman8", "hp-roman8", "ibm-1051", "r8", "roman8", "roman9"
};
private static final Charset DUMMY_CHARSET = new DummyCharset("Dummy", null);
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/buf/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/tomcat/util/buf/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/tomcat/util/buf/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/buf/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -13,4 +13,9 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+asn1Parser.lengthInvalid=无效长度 [{0}]字节报告,但是输入数据的长度是 [{1}]字节
+asn1Parser.tagMismatch=期望找到值 [{0}]但是却找到值 [{1}]
+
+hexUtils.fromHex.nonHex=输入只能由十六进制数字组成
+
uDecoder.urlDecode.conversionError=使用编码[{1}]解码[{0}]失败
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/buf/package.html tomcat9-9.0.31/java/org/apache/tomcat/util/buf/package.html
--- tomcat9-9.0.27/java/org/apache/tomcat/util/buf/package.html 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/buf/package.html 2020-02-05 19:26:48.000000000 +0000
@@ -22,7 +22,7 @@
Encoding is a critical operation for performance. There are few tricks in this package - the C2B and -B2C converters are caching a ISReader/OSWriter and keep everything allocated to do the conversions +B2C converters are caching an ISReader/OSWriter and keep everything allocated to do the conversions in any VM without any garbage.
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/codec/binary/Base64.java tomcat9-9.0.31/java/org/apache/tomcat/util/codec/binary/Base64.java --- tomcat9-9.0.27/java/org/apache/tomcat/util/codec/binary/Base64.java 2019-10-07 09:50:40.000000000 +0000 +++ tomcat9-9.0.31/java/org/apache/tomcat/util/codec/binary/Base64.java 2020-02-05 19:26:48.000000000 +0000 @@ -139,6 +139,10 @@ */ /** Mask used to extract 6 bits, used when encoding */ private static final int MASK_6BITS = 0x3f; + /** Mask used to extract 4 bits, used when decoding final trailing character. */ + private static final int MASK_4BITS = 0xf; + /** Mask used to extract 2 bits, used when decoding final trailing character. */ + private static final int MASK_2BITS = 0x3; // The static final fields above are used for the original static byte[] methods on Base64. // The private member fields below are used with the new streaming approach, which requires @@ -483,12 +487,12 @@ // TODO not currently tested; perhaps it is impossible? break; case 2 : // 12 bits = 8 + 4 - validateCharacter(4, context); + validateCharacter(MASK_4BITS, context); context.ibitWorkArea = context.ibitWorkArea >> 4; // dump the extra 4 bits buffer[context.pos++] = (byte) ((context.ibitWorkArea) & MASK_8BITS); break; case 3 : // 18 bits = 8 + 8 + 2 - validateCharacter(2, context); + validateCharacter(MASK_2BITS, context); context.ibitWorkArea = context.ibitWorkArea >> 2; // dump 2 bits buffer[context.pos++] = (byte) ((context.ibitWorkArea >> 8) & MASK_8BITS); buffer[context.pos++] = (byte) ((context.ibitWorkArea) & MASK_8BITS); @@ -792,20 +796,22 @@ /** - *
- * Validates whether the character is possible in the context of the set of possible base 64 values. - *
+ * Validates whether decoding the final trailing character is possible in the context + * of the set of possible base 64 values. + * + *The character is valid if the lower bits within the provided mask are zero. This + * is used to test the final trailing base-64 digit is zero in the bits that will be discarded. * - * @param numBitsToDrop number of least significant bits to check + * @param emptyBitsMask The mask of the lower bits that should be empty * @param context the context to be used * * @throws IllegalArgumentException if the bits being checked contain any non-zero value */ - private long validateCharacter(final int numBitsToDrop, final Context context) { - if ((context.ibitWorkArea & numBitsToDrop) != 0) { - throw new IllegalArgumentException( - "Last encoded character (before the paddings if any) is a valid base 64 alphabet but not a possible value"); + private static void validateCharacter(final int emptyBitsMask, final Context context) { + if ((context.ibitWorkArea & emptyBitsMask) != 0) { + throw new IllegalArgumentException( + "Last encoded character (before the paddings if any) is a valid base 64 alphabet but not a possible value. " + + "Expected the discarded bits to be zero."); } - return context.ibitWorkArea >> numBitsToDrop; } } diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java tomcat9-9.0.31/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java --- tomcat9-9.0.27/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java 2019-10-07 09:50:40.000000000 +0000 +++ tomcat9-9.0.31/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java 2020-02-05 19:26:48.000000000 +0000 @@ -136,6 +136,18 @@ */ private static final int DEFAULT_BUFFER_SIZE = 128; + /** + * The maximum size buffer to allocate. + * + *
This is set to the same size used in the JDK {@code java.util.ArrayList}:
+ *+ * Some VMs reserve some header words in an array. + * Attempts to allocate larger arrays may result in + * OutOfMemoryError: Requested array size exceeds VM limit. + *+ */ + private static final int MAX_BUFFER_SIZE = Integer.MAX_VALUE - 8; + /** Mask used to extract 8 bits, used in decoding bytes */ protected static final int MASK_8BITS = 0xff; @@ -165,7 +177,7 @@ private final int chunkSeparatorLength; /** - * Note
lineLength is rounded down to the nearest multiple of {@link #encodedBlockSize}
+ * Note lineLength is rounded down to the nearest multiple of the encoded block size.
* If chunkSeparatorLength is zero, then chunking is disabled.
* @param unencodedBlockSize the size of an unencoded block (e.g. Base64 = 3)
* @param encodedBlockSize the size of an encoded block (e.g. Base64 = 4)
@@ -178,7 +190,7 @@
}
/**
- * Note lineLength is rounded down to the nearest multiple of {@link #encodedBlockSize}
+ * Note lineLength is rounded down to the nearest multiple of the encoded block size.
* If chunkSeparatorLength is zero, then chunking is disabled.
* @param unencodedBlockSize the size of an unencoded block (e.g. Base64 = 3)
* @param encodedBlockSize the size of an encoded block (e.g. Base64 = 4)
@@ -220,7 +232,7 @@
/**
* Get the default buffer size. Can be overridden.
*
- * @return {@link #DEFAULT_BUFFER_SIZE}
+ * @return the default buffer size.
*/
protected int getDefaultBufferSize() {
return DEFAULT_BUFFER_SIZE;
@@ -229,18 +241,69 @@
/**
* Increases our buffer by the {@link #DEFAULT_BUFFER_RESIZE_FACTOR}.
* @param context the context to be used
+ * @param minCapacity the minimum required capacity
+ * @return the resized byte[] buffer
+ * @throws OutOfMemoryError if the {@code minCapacity} is negative
+ */
+ private static byte[] resizeBuffer(final Context context, final int minCapacity) {
+ // Overflow-conscious code treats the min and new capacity as unsigned.
+ final int oldCapacity = context.buffer.length;
+ int newCapacity = oldCapacity * DEFAULT_BUFFER_RESIZE_FACTOR;
+ if (compareUnsigned(newCapacity, minCapacity) < 0) {
+ newCapacity = minCapacity;
+ }
+ if (compareUnsigned(newCapacity, MAX_BUFFER_SIZE) > 0) {
+ newCapacity = createPositiveCapacity(minCapacity);
+ }
+
+ final byte[] b = new byte[newCapacity];
+ System.arraycopy(context.buffer, 0, b, 0, context.buffer.length);
+ context.buffer = b;
+ return b;
+ }
+
+ /**
+ * Compares two {@code int} values numerically treating the values
+ * as unsigned. Taken from JDK 1.8.
+ *
+ * TODO: Replace with JDK 1.8 Integer::compareUnsigned(int, int).
+ * + * @param x the first {@code int} to compare + * @param y the second {@code int} to compare + * @return the value {@code 0} if {@code x == y}; a value less + * than {@code 0} if {@code x < y} as unsigned values; and + * a value greater than {@code 0} if {@code x > y} as + * unsigned values */ - private byte[] resizeBuffer(final Context context) { - if (context.buffer == null) { - context.buffer = new byte[getDefaultBufferSize()]; - context.pos = 0; - context.readPos = 0; - } else { - final byte[] b = new byte[context.buffer.length * DEFAULT_BUFFER_RESIZE_FACTOR]; - System.arraycopy(context.buffer, 0, b, 0, context.buffer.length); - context.buffer = b; + private static int compareUnsigned(int x, int y) { + return Integer.compare(x + Integer.MIN_VALUE, y + Integer.MIN_VALUE); + } + + /** + * Create a positive capacity at least as large the minimum required capacity. + * If the minimum capacity is negative then this throws an OutOfMemoryError as no array + * can be allocated. + * + * @param minCapacity the minimum capacity + * @return the capacity + * @throws OutOfMemoryError if the {@code minCapacity} is negative + */ + private static int createPositiveCapacity(int minCapacity) { + if (minCapacity < 0) { + // overflow + throw new OutOfMemoryError("Unable to allocate array size: " + (minCapacity & 0xffffffffL)); } - return context.buffer; + // This is called when we require buffer expansion to a very big array. + // Use the conservative maximum buffer size if possible, otherwise the biggest required. + // + // Note: In this situation JDK 1.8 java.util.ArrayList returns Integer.MAX_VALUE. + // This excludes some VMs that can exceed MAX_BUFFER_SIZE but not allocate a full + // Integer.MAX_VALUE length array. + // The result is that we may have to allocate an array of this size more than once if + // the capacity must be expanded again. + return (minCapacity > MAX_BUFFER_SIZE) ? + minCapacity : + MAX_BUFFER_SIZE; } /** @@ -251,8 +314,15 @@ * @return the buffer */ protected byte[] ensureBufferSize(final int size, final Context context){ - if ((context.buffer == null) || (context.buffer.length < context.pos + size)){ - return resizeBuffer(context); + if (context.buffer == null) { + context.buffer = new byte[getDefaultBufferSize()]; + context.pos = 0; + context.readPos = 0; + + // Overflow-conscious: + // x + y > z == x + y - z > 0 + } else if (context.pos + size - context.buffer.length > 0) { + return resizeBuffer(context, context.pos + size); } return context.buffer; } diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/compat/GraalCompat.java tomcat9-9.0.31/java/org/apache/tomcat/util/compat/GraalCompat.java --- tomcat9-9.0.27/java/org/apache/tomcat/util/compat/GraalCompat.java 2019-10-07 09:50:40.000000000 +0000 +++ tomcat9-9.0.31/java/org/apache/tomcat/util/compat/GraalCompat.java 2020-02-05 19:26:48.000000000 +0000 @@ -18,7 +18,7 @@ import java.io.IOException; -class GraalCompat extends JreCompat { +class GraalCompat extends Jre9Compat { private static final boolean GRAAL; diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/compat/JreCompat.java tomcat9-9.0.31/java/org/apache/tomcat/util/compat/JreCompat.java --- tomcat9-9.0.27/java/org/apache/tomcat/util/compat/JreCompat.java 2019-10-07 09:50:40.000000000 +0000 +++ tomcat9-9.0.31/java/org/apache/tomcat/util/compat/JreCompat.java 2020-02-05 19:26:48.000000000 +0000 @@ -49,7 +49,7 @@ if (GraalCompat.isSupported()) { instance = new GraalCompat(); graalAvailable = true; - jre9Available = false; + jre9Available = Jre9Compat.isSupported(); } else if (Jre9Compat.isSupported()) { instance = new Jre9Compat(); graalAvailable = false; diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/compat/LocalStrings_fr.properties tomcat9-9.0.31/java/org/apache/tomcat/util/compat/LocalStrings_fr.properties --- tomcat9-9.0.27/java/org/apache/tomcat/util/compat/LocalStrings_fr.properties 2019-10-07 09:50:40.000000000 +0000 +++ tomcat9-9.0.31/java/org/apache/tomcat/util/compat/LocalStrings_fr.properties 2020-02-05 19:26:48.000000000 +0000 @@ -14,6 +14,8 @@ # limitations under the License. jre9Compat.invalidModuleUri=L''URI du module fournie [{0}] n''a pas pu être convertie en URL pour être traitée par le JarScanner +jre9Compat.javaPre9=Le code est considéré être exécuté sur une JVM antérieure à Java 9 car la classe n'a pas été trouvée +jre9Compat.unexpected=Impossible de créer les références vers les classes et méthodes de Java 9 jreCompat.noApplicationProtocol=Le Java Runtime utilisé ne supporte pas SSLEngine.getApplicationProtocol(). Il faut Java 9 pour utiliser cette option. jreCompat.noApplicationProtocols=L'environnement Java ne supporte pas SSLParameters.setApplicationProtocols(), cette fonctionnalité demande Java 9 diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/compat/LocalStrings_ko.properties tomcat9-9.0.31/java/org/apache/tomcat/util/compat/LocalStrings_ko.properties --- tomcat9-9.0.27/java/org/apache/tomcat/util/compat/LocalStrings_ko.properties 2019-10-07 09:50:40.000000000 +0000 +++ tomcat9-9.0.31/java/org/apache/tomcat/util/compat/LocalStrings_ko.properties 2020-02-05 19:26:48.000000000 +0000 @@ -14,6 +14,8 @@ # limitations under the License. jre9Compat.invalidModuleUri=[{0}](으)로 제공된 모듈 URI는 JarScanner가 처리할 수 있는 URL로 변환될 수 없습니다. +jre9Compat.javaPre9=Java 9 클래스가 발견되지 않습니다. Java 9 이전 버전에서 동작하고 있는 것으로 보입니다. +jre9Compat.unexpected=Java 9 클래스들과 메소드들을 참조할 수 없습니다. jreCompat.noApplicationProtocol=자바 런타임이 SSLEngine.getApplicationProtocol()을 지원하지 않습니다. 이 기능을 사용하려면 Java 9를 사용해야 합니다. jreCompat.noApplicationProtocols=자바 런타임이 SSLParameters.setApplicationProtocols()을 지원하지 않습니다. 이 기능을 사용하려면 Java 9를 사용해야 합니다. diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/compat/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/tomcat/util/compat/LocalStrings_zh_CN.properties --- tomcat9-9.0.27/java/org/apache/tomcat/util/compat/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000 +++ tomcat9-9.0.31/java/org/apache/tomcat/util/compat/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000 @@ -14,5 +14,7 @@ # limitations under the License. jre9Compat.invalidModuleUri=提供的模块URI [{0}]无法转换为JarScanner要处理的URL +jre9Compat.javaPre9=类未找到,所以假设代码运行在pre-Java 8虚拟机上 +jre9Compat.unexpected=创建对Java 9类的依赖和方法失败 jreCompat.noApplicationProtocol=Java 运行时不支持 SSLEngine.getApplicationProtocol()。要使用该功能你必须使用 Java 9。 diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/descriptor/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/tomcat/util/descriptor/LocalStrings_zh_CN.properties --- tomcat9-9.0.27/java/org/apache/tomcat/util/descriptor/LocalStrings_zh_CN.properties 1970-01-01 00:00:00.000000000 +0000 +++ tomcat9-9.0.31/java/org/apache/tomcat/util/descriptor/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000 @@ -0,0 +1,16 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +digesterFactory.missingSchema=XML模型[{0}]未找到,如果XML校验功能开启了的话,这很可能终止XML校验 diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/descriptor/web/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/tomcat/util/descriptor/web/LocalStrings_zh_CN.properties --- tomcat9-9.0.27/java/org/apache/tomcat/util/descriptor/web/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000 +++ tomcat9-9.0.31/java/org/apache/tomcat/util/descriptor/web/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000 @@ -16,15 +16,25 @@ filterDef.invalidFilterName=过滤器定义中的encapsulation.
*/
- protected String getFileName(FileItemHeaders headers) {
+ public String getFileName(FileItemHeaders headers) {
return getFileName(headers.getHeader(CONTENT_DISPOSITION));
}
@@ -429,7 +428,7 @@
*
* @return The field name for the current encapsulation.
*/
- protected String getFieldName(FileItemHeaders headers) {
+ public String getFieldName(FileItemHeaders headers) {
return getFieldName(headers.getHeader(CONTENT_DISPOSITION));
}
@@ -467,7 +466,7 @@
*
* @return A Map containing the parsed HTTP request headers.
*/
- protected FileItemHeaders getParsedHeaders(String headerPart) {
+ public FileItemHeaders getParsedHeaders(String headerPart) {
final int len = headerPart.length();
FileItemHeadersImpl headers = newFileItemHeaders();
int start = 0;
@@ -549,687 +548,6 @@
}
/**
- * The iterator, which is returned by
- * {@link FileUploadBase#getItemIterator(RequestContext)}.
- */
- private class FileItemIteratorImpl implements FileItemIterator {
-
- /**
- * Default implementation of {@link FileItemStream}.
- */
- class FileItemStreamImpl implements FileItemStream {
-
- /**
- * The file items content type.
- */
- private final String contentType;
-
- /**
- * The file items field name.
- */
- private final String fieldName;
-
- /**
- * The file items file name.
- */
- private final String name;
-
- /**
- * Whether the file item is a form field.
- */
- private final boolean formField;
-
- /**
- * The file items input stream.
- */
- private final InputStream stream;
-
- /**
- * The headers, if any.
- */
- private FileItemHeaders headers;
-
- /**
- * Creates a new instance.
- *
- * @param pName The items file name, or null.
- * @param pFieldName The items field name.
- * @param pContentType The items content type, or null.
- * @param pFormField Whether the item is a form field.
- * @param pContentLength The items content length, if known, or -1
- * @throws IOException Creating the file item failed.
- */
- FileItemStreamImpl(String pName, String pFieldName,
- String pContentType, boolean pFormField,
- long pContentLength) throws IOException {
- name = pName;
- fieldName = pFieldName;
- contentType = pContentType;
- formField = pFormField;
- if (fileSizeMax != -1) { // Check if limit is already exceeded
- if (pContentLength != -1
- && pContentLength > fileSizeMax) {
- FileSizeLimitExceededException e =
- new FileSizeLimitExceededException(
- String.format("The field %s exceeds its maximum permitted size of %s bytes.",
- fieldName, Long.valueOf(fileSizeMax)),
- pContentLength, fileSizeMax);
- e.setFileName(pName);
- e.setFieldName(pFieldName);
- throw new FileUploadIOException(e);
- }
- }
- // OK to construct stream now
- final ItemInputStream itemStream = multi.newInputStream();
- InputStream istream = itemStream;
- if (fileSizeMax != -1) {
- istream = new LimitedInputStream(istream, fileSizeMax) {
- @Override
- protected void raiseError(long pSizeMax, long pCount)
- throws IOException {
- itemStream.close(true);
- FileSizeLimitExceededException e =
- new FileSizeLimitExceededException(
- String.format("The field %s exceeds its maximum permitted size of %s bytes.",
- fieldName, Long.valueOf(pSizeMax)),
- pCount, pSizeMax);
- e.setFieldName(fieldName);
- e.setFileName(name);
- throw new FileUploadIOException(e);
- }
- };
- }
- stream = istream;
- }
-
- /**
- * Returns the items content type, or null.
- *
- * @return Content type, if known, or null.
- */
- @Override
- public String getContentType() {
- return contentType;
- }
-
- /**
- * Returns the items field name.
- *
- * @return Field name.
- */
- @Override
- public String getFieldName() {
- return fieldName;
- }
-
- /**
- * Returns the items file name.
- *
- * @return File name, if known, or null.
- * @throws InvalidFileNameException The file name contains a NUL character,
- * which might be an indicator of a security attack. If you intend to
- * use the file name anyways, catch the exception and use
- * InvalidFileNameException#getName().
- */
- @Override
- public String getName() {
- return Streams.checkFileName(name);
- }
-
- /**
- * Returns, whether this is a form field.
- *
- * @return True, if the item is a form field,
- * otherwise false.
- */
- @Override
- public boolean isFormField() {
- return formField;
- }
-
- /**
- * Returns an input stream, which may be used to
- * read the items contents.
- *
- * @return Opened input stream.
- * @throws IOException An I/O error occurred.
- */
- @Override
- public InputStream openStream() throws IOException {
- if (((Closeable) stream).isClosed()) {
- throw new FileItemStream.ItemSkippedException();
- }
- return stream;
- }
-
- /**
- * Closes the file item.
- *
- * @throws IOException An I/O error occurred.
- */
- void close() throws IOException {
- stream.close();
- }
-
- /**
- * Returns the file item headers.
- *
- * @return The items header object
- */
- @Override
- public FileItemHeaders getHeaders() {
- return headers;
- }
-
- /**
- * Sets the file item headers.
- *
- * @param pHeaders The items header object
- */
- @Override
- public void setHeaders(FileItemHeaders pHeaders) {
- headers = pHeaders;
- }
-
- }
-
- /**
- * The multi part stream to process.
- */
- private final MultipartStream multi;
-
- /**
- * The notifier, which used for triggering the
- * {@link ProgressListener}.
- */
- private final MultipartStream.ProgressNotifier notifier;
-
- /**
- * The boundary, which separates the various parts.
- */
- private final byte[] boundary;
-
- /**
- * The item, which we currently process.
- */
- private FileItemStreamImpl currentItem;
-
- /**
- * The current items field name.
- */
- private String currentFieldName;
-
- /**
- * Whether we are currently skipping the preamble.
- */
- private boolean skipPreamble;
-
- /**
- * Whether the current item may still be read.
- */
- private boolean itemValid;
-
- /**
- * Whether we have seen the end of the file.
- */
- private boolean eof;
-
- /**
- * Creates a new instance.
- *
- * @param ctx The request context.
- * @throws FileUploadException An error occurred while
- * parsing the request.
- * @throws IOException An I/O error occurred.
- */
- FileItemIteratorImpl(RequestContext ctx)
- throws FileUploadException, IOException {
- if (ctx == null) {
- throw new NullPointerException("ctx parameter");
- }
-
- String contentType = ctx.getContentType();
- if ((null == contentType)
- || (!contentType.toLowerCase(Locale.ENGLISH).startsWith(MULTIPART))) {
- throw new InvalidContentTypeException(String.format(
- "the request doesn't contain a %s or %s stream, content type header is %s",
- MULTIPART_FORM_DATA, MULTIPART_MIXED, contentType));
- }
-
-
- final long requestSize = ((UploadContext) ctx).contentLength();
-
- InputStream input; // N.B. this is eventually closed in MultipartStream processing
- if (sizeMax >= 0) {
- if (requestSize != -1 && requestSize > sizeMax) {
- throw new SizeLimitExceededException(String.format(
- "the request was rejected because its size (%s) exceeds the configured maximum (%s)",
- Long.valueOf(requestSize), Long.valueOf(sizeMax)),
- requestSize, sizeMax);
- }
- // N.B. this is eventually closed in MultipartStream processing
- input = new LimitedInputStream(ctx.getInputStream(), sizeMax) {
- @Override
- protected void raiseError(long pSizeMax, long pCount)
- throws IOException {
- FileUploadException ex = new SizeLimitExceededException(
- String.format("the request was rejected because its size (%s) exceeds the configured maximum (%s)",
- Long.valueOf(pCount), Long.valueOf(pSizeMax)),
- pCount, pSizeMax);
- throw new FileUploadIOException(ex);
- }
- };
- } else {
- input = ctx.getInputStream();
- }
-
- String charEncoding = headerEncoding;
- if (charEncoding == null) {
- charEncoding = ctx.getCharacterEncoding();
- }
-
- boundary = getBoundary(contentType);
- if (boundary == null) {
- IOUtils.closeQuietly(input); // avoid possible resource leak
- throw new FileUploadException("the request was rejected because no multipart boundary was found");
- }
-
- notifier = new MultipartStream.ProgressNotifier(listener, requestSize);
- try {
- multi = new MultipartStream(input, boundary, notifier);
- } catch (IllegalArgumentException iae) {
- IOUtils.closeQuietly(input); // avoid possible resource leak
- throw new InvalidContentTypeException(
- String.format("The boundary specified in the %s header is too long", CONTENT_TYPE), iae);
- }
- multi.setHeaderEncoding(charEncoding);
-
- skipPreamble = true;
- findNextItem();
- }
-
- /**
- * Called for finding the next item, if any.
- *
- * @return True, if an next item was found, otherwise false.
- * @throws IOException An I/O error occurred.
- */
- private boolean findNextItem() throws IOException {
- if (eof) {
- return false;
- }
- if (currentItem != null) {
- currentItem.close();
- currentItem = null;
- }
- for (;;) {
- boolean nextPart;
- if (skipPreamble) {
- nextPart = multi.skipPreamble();
- } else {
- nextPart = multi.readBoundary();
- }
- if (!nextPart) {
- if (currentFieldName == null) {
- // Outer multipart terminated -> No more data
- eof = true;
- return false;
- }
- // Inner multipart terminated -> Return to parsing the outer
- multi.setBoundary(boundary);
- currentFieldName = null;
- continue;
- }
- FileItemHeaders headers = getParsedHeaders(multi.readHeaders());
- if (currentFieldName == null) {
- // We're parsing the outer multipart
- String fieldName = getFieldName(headers);
- if (fieldName != null) {
- String subContentType = headers.getHeader(CONTENT_TYPE);
- if (subContentType != null
- && subContentType.toLowerCase(Locale.ENGLISH)
- .startsWith(MULTIPART_MIXED)) {
- currentFieldName = fieldName;
- // Multiple files associated with this field name
- byte[] subBoundary = getBoundary(subContentType);
- multi.setBoundary(subBoundary);
- skipPreamble = true;
- continue;
- }
- String fileName = getFileName(headers);
- currentItem = new FileItemStreamImpl(fileName,
- fieldName, headers.getHeader(CONTENT_TYPE),
- fileName == null, getContentLength(headers));
- currentItem.setHeaders(headers);
- notifier.noteItem();
- itemValid = true;
- return true;
- }
- } else {
- String fileName = getFileName(headers);
- if (fileName != null) {
- currentItem = new FileItemStreamImpl(fileName,
- currentFieldName,
- headers.getHeader(CONTENT_TYPE),
- false, getContentLength(headers));
- currentItem.setHeaders(headers);
- notifier.noteItem();
- itemValid = true;
- return true;
- }
- }
- multi.discardBodyData();
- }
- }
-
- private long getContentLength(FileItemHeaders pHeaders) {
- try {
- return Long.parseLong(pHeaders.getHeader(CONTENT_LENGTH));
- } catch (Exception e) {
- return -1;
- }
- }
-
- /**
- * Returns, whether another instance of {@link FileItemStream}
- * is available.
- *
- * @throws FileUploadException Parsing or processing the
- * file item failed.
- * @throws IOException Reading the file item failed.
- * @return True, if one or more additional file items
- * are available, otherwise false.
- */
- @Override
- public boolean hasNext() throws FileUploadException, IOException {
- if (eof) {
- return false;
- }
- if (itemValid) {
- return true;
- }
- try {
- return findNextItem();
- } catch (FileUploadIOException e) {
- // unwrap encapsulated SizeException
- throw (FileUploadException) e.getCause();
- }
- }
-
- /**
- * Returns the next available {@link FileItemStream}.
- *
- * @throws java.util.NoSuchElementException No more items are
- * available. Use {@link #hasNext()} to prevent this exception.
- * @throws FileUploadException Parsing or processing the
- * file item failed.
- * @throws IOException Reading the file item failed.
- * @return FileItemStream instance, which provides
- * access to the next file item.
- */
- @Override
- public FileItemStream next() throws FileUploadException, IOException {
- if (eof || (!itemValid && !hasNext())) {
- throw new NoSuchElementException();
- }
- itemValid = false;
- return currentItem;
- }
-
- }
-
- /**
- * This exception is thrown for hiding an inner
- * {@link FileUploadException} in an {@link IOException}.
- */
- public static class FileUploadIOException extends IOException {
-
- private static final long serialVersionUID = -3082868232248803474L;
-
- public FileUploadIOException() {
- super();
- }
-
- public FileUploadIOException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public FileUploadIOException(String message) {
- super(message);
- }
-
- public FileUploadIOException(Throwable cause) {
- super(cause);
- }
- }
-
- /**
- * Thrown to indicate that the request is not a multipart request.
- */
- public static class InvalidContentTypeException
- extends FileUploadException {
-
- /**
- * The exceptions UID, for serializing an instance.
- */
- private static final long serialVersionUID = -9073026332015646668L;
-
- /**
- * Constructs a InvalidContentTypeException with no
- * detail message.
- */
- public InvalidContentTypeException() {
- super();
- }
-
- /**
- * Constructs an InvalidContentTypeException with
- * the specified detail message.
- *
- * @param message The detail message.
- */
- public InvalidContentTypeException(String message) {
- super(message);
- }
-
- /**
- * Constructs an InvalidContentTypeException with
- * the specified detail message and cause.
- *
- * @param msg The detail message.
- * @param cause the original cause
- *
- * @since 1.3.1
- */
- public InvalidContentTypeException(String msg, Throwable cause) {
- super(msg, cause);
- }
- }
-
- /**
- * Thrown to indicate an IOException.
- */
- public static class IOFileUploadException extends FileUploadException {
-
- private static final long serialVersionUID = -5858565745868986701L;
-
- public IOFileUploadException() {
- super();
- }
-
- public IOFileUploadException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public IOFileUploadException(String message) {
- super(message);
- }
-
- public IOFileUploadException(Throwable cause) {
- super(cause);
- }
- }
-
- /**
- * This exception is thrown, if a requests permitted size
- * is exceeded.
- */
- public abstract static class SizeException extends FileUploadException {
-
- /**
- * Serial version UID, being used, if serialized.
- */
- private static final long serialVersionUID = -8776225574705254126L;
-
- /**
- * The actual size of the request.
- */
- private final long actual;
-
- /**
- * The maximum permitted size of the request.
- */
- private final long permitted;
-
- /**
- * Creates a new instance.
- *
- * @param message The detail message.
- * @param actual The actual number of bytes in the request.
- * @param permitted The requests size limit, in bytes.
- */
- protected SizeException(String message, long actual, long permitted) {
- super(message);
- this.actual = actual;
- this.permitted = permitted;
- }
-
- /**
- * Retrieves the actual size of the request.
- *
- * @return The actual size of the request.
- * @since 1.3
- */
- public long getActualSize() {
- return actual;
- }
-
- /**
- * Retrieves the permitted size of the request.
- *
- * @return The permitted size of the request.
- * @since 1.3
- */
- public long getPermittedSize() {
- return permitted;
- }
-
- }
-
- /**
- * Thrown to indicate that the request size exceeds the configured maximum.
- */
- public static class SizeLimitExceededException
- extends SizeException {
-
- /**
- * The exceptions UID, for serializing an instance.
- */
- private static final long serialVersionUID = -2474893167098052828L;
-
- /**
- * Constructs a SizeExceededException with
- * the specified detail message, and actual and permitted sizes.
- *
- * @param message The detail message.
- * @param actual The actual request size.
- * @param permitted The maximum permitted request size.
- */
- public SizeLimitExceededException(String message, long actual,
- long permitted) {
- super(message, actual, permitted);
- }
-
- }
-
- /**
- * Thrown to indicate that A files size exceeds the configured maximum.
- */
- public static class FileSizeLimitExceededException
- extends SizeException {
-
- /**
- * The exceptions UID, for serializing an instance.
- */
- private static final long serialVersionUID = 8150776562029630058L;
-
- /**
- * File name of the item, which caused the exception.
- */
- private String fileName;
-
- /**
- * Field name of the item, which caused the exception.
- */
- private String fieldName;
-
- /**
- * Constructs a SizeExceededException with
- * the specified detail message, and actual and permitted sizes.
- *
- * @param message The detail message.
- * @param actual The actual request size.
- * @param permitted The maximum permitted request size.
- */
- public FileSizeLimitExceededException(String message, long actual,
- long permitted) {
- super(message, actual, permitted);
- }
-
- /**
- * Returns the file name of the item, which caused the
- * exception.
- *
- * @return File name, if known, or null.
- */
- public String getFileName() {
- return fileName;
- }
-
- /**
- * Sets the file name of the item, which caused the
- * exception.
- *
- * @param pFileName the file name of the item, which caused the exception.
- */
- public void setFileName(String pFileName) {
- fileName = pFileName;
- }
-
- /**
- * Returns the field name of the item, which caused the
- * exception.
- *
- * @return Field name, if known, or null.
- */
- public String getFieldName() {
- return fieldName;
- }
-
- /**
- * Sets the field name of the item, which caused the
- * exception.
- *
- * @param pFieldName the field name of the item,
- * which caused the exception.
- */
- public void setFieldName(String pFieldName) {
- fieldName = pFieldName;
- }
-
- }
-
- /**
* Returns the progress listener.
*
* @return The progress listener, if any, or null.
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/fileupload/impl/FileItemIteratorImpl.java tomcat9-9.0.31/java/org/apache/tomcat/util/http/fileupload/impl/FileItemIteratorImpl.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/fileupload/impl/FileItemIteratorImpl.java 1970-01-01 00:00:00.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/fileupload/impl/FileItemIteratorImpl.java 2020-02-05 19:26:48.000000000 +0000
@@ -0,0 +1,339 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.http.fileupload.impl;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Locale;
+import java.util.NoSuchElementException;
+
+import org.apache.tomcat.util.http.fileupload.FileItem;
+import org.apache.tomcat.util.http.fileupload.FileItemHeaders;
+import org.apache.tomcat.util.http.fileupload.FileItemIterator;
+import org.apache.tomcat.util.http.fileupload.FileItemStream;
+import org.apache.tomcat.util.http.fileupload.FileUploadBase;
+import org.apache.tomcat.util.http.fileupload.FileUploadException;
+import org.apache.tomcat.util.http.fileupload.IOUtils;
+import org.apache.tomcat.util.http.fileupload.MultipartStream;
+import org.apache.tomcat.util.http.fileupload.ProgressListener;
+import org.apache.tomcat.util.http.fileupload.RequestContext;
+import org.apache.tomcat.util.http.fileupload.UploadContext;
+import org.apache.tomcat.util.http.fileupload.util.LimitedInputStream;
+
+/**
+ * The iterator, which is returned by
+ * {@link FileUploadBase#getItemIterator(RequestContext)}.
+ */
+public class FileItemIteratorImpl implements FileItemIterator {
+ private final FileUploadBase fileUploadBase;
+ private final RequestContext ctx;
+ private long sizeMax, fileSizeMax;
+
+
+ @Override
+ public long getSizeMax() {
+ return sizeMax;
+ }
+
+ @Override
+ public void setSizeMax(long sizeMax) {
+ this.sizeMax = sizeMax;
+ }
+
+ @Override
+ public long getFileSizeMax() {
+ return fileSizeMax;
+ }
+
+ @Override
+ public void setFileSizeMax(long fileSizeMax) {
+ this.fileSizeMax = fileSizeMax;
+ }
+
+ /**
+ * The multi part stream to process.
+ */
+ private MultipartStream multiPartStream;
+
+ /**
+ * The notifier, which used for triggering the
+ * {@link ProgressListener}.
+ */
+ private MultipartStream.ProgressNotifier progressNotifier;
+
+ /**
+ * The boundary, which separates the various parts.
+ */
+ private byte[] multiPartBoundary;
+
+ /**
+ * The item, which we currently process.
+ */
+ private FileItemStreamImpl currentItem;
+
+ /**
+ * The current items field name.
+ */
+ private String currentFieldName;
+
+ /**
+ * Whether we are currently skipping the preamble.
+ */
+ private boolean skipPreamble;
+
+ /**
+ * Whether the current item may still be read.
+ */
+ private boolean itemValid;
+
+ /**
+ * Whether we have seen the end of the file.
+ */
+ private boolean eof;
+
+ /**
+ * Creates a new instance.
+ *
+ * @param pFileUploadBase Upload instance
+ * @param pRequestContext The request context.
+ * @throws FileUploadException An error occurred while
+ * parsing the request.
+ * @throws IOException An I/O error occurred.
+ */
+ public FileItemIteratorImpl(FileUploadBase pFileUploadBase, RequestContext pRequestContext)
+ throws FileUploadException, IOException {
+ fileUploadBase = pFileUploadBase;
+ sizeMax = fileUploadBase.getSizeMax();
+ fileSizeMax = fileUploadBase.getFileSizeMax();
+ ctx = pRequestContext;
+ if (ctx == null) {
+ throw new NullPointerException("ctx parameter");
+ }
+
+
+ skipPreamble = true;
+ findNextItem();
+ }
+
+ protected void init(FileUploadBase fileUploadBase, @SuppressWarnings("unused") RequestContext pRequestContext)
+ throws FileUploadException, IOException {
+ String contentType = ctx.getContentType();
+ if ((null == contentType)
+ || (!contentType.toLowerCase(Locale.ENGLISH).startsWith(FileUploadBase.MULTIPART))) {
+ throw new InvalidContentTypeException(
+ String.format("the request doesn't contain a %s or %s stream, content type header is %s",
+ FileUploadBase.MULTIPART_FORM_DATA, FileUploadBase.MULTIPART_MIXED, contentType));
+ }
+
+ final long requestSize = ((UploadContext) ctx).contentLength();
+
+ InputStream input; // N.B. this is eventually closed in MultipartStream processing
+ if (sizeMax >= 0) {
+ if (requestSize != -1 && requestSize > sizeMax) {
+ throw new SizeLimitExceededException(
+ String.format("the request was rejected because its size (%s) exceeds the configured maximum (%s)",
+ Long.valueOf(requestSize), Long.valueOf(sizeMax)),
+ requestSize, sizeMax);
+ }
+ // N.B. this is eventually closed in MultipartStream processing
+ input = new LimitedInputStream(ctx.getInputStream(), sizeMax) {
+ @Override
+ protected void raiseError(long pSizeMax, long pCount)
+ throws IOException {
+ FileUploadException ex = new SizeLimitExceededException(
+ String.format("the request was rejected because its size (%s) exceeds the configured maximum (%s)",
+ Long.valueOf(pCount), Long.valueOf(pSizeMax)),
+ pCount, pSizeMax);
+ throw new FileUploadIOException(ex);
+ }
+ };
+ } else {
+ input = ctx.getInputStream();
+ }
+
+ String charEncoding = fileUploadBase.getHeaderEncoding();
+ if (charEncoding == null) {
+ charEncoding = ctx.getCharacterEncoding();
+ }
+
+ multiPartBoundary = fileUploadBase.getBoundary(contentType);
+ if (multiPartBoundary == null) {
+ IOUtils.closeQuietly(input); // avoid possible resource leak
+ throw new FileUploadException("the request was rejected because no multipart boundary was found");
+ }
+
+ progressNotifier = new MultipartStream.ProgressNotifier(fileUploadBase.getProgressListener(), requestSize);
+ try {
+ multiPartStream = new MultipartStream(input, multiPartBoundary, progressNotifier);
+ } catch (IllegalArgumentException iae) {
+ IOUtils.closeQuietly(input); // avoid possible resource leak
+ throw new InvalidContentTypeException(
+ String.format("The boundary specified in the %s header is too long", FileUploadBase.CONTENT_TYPE), iae);
+ }
+ multiPartStream.setHeaderEncoding(charEncoding);
+ }
+
+ public MultipartStream getMultiPartStream() throws FileUploadException, IOException {
+ if (multiPartStream == null) {
+ init(fileUploadBase, ctx);
+ }
+ return multiPartStream;
+ }
+
+ /**
+ * Called for finding the next item, if any.
+ *
+ * @return True, if an next item was found, otherwise false.
+ * @throws IOException An I/O error occurred.
+ */
+ private boolean findNextItem() throws FileUploadException, IOException {
+ if (eof) {
+ return false;
+ }
+ if (currentItem != null) {
+ currentItem.close();
+ currentItem = null;
+ }
+ final MultipartStream multi = getMultiPartStream();
+ for (;;) {
+ boolean nextPart;
+ if (skipPreamble) {
+ nextPart = multi.skipPreamble();
+ } else {
+ nextPart = multi.readBoundary();
+ }
+ if (!nextPart) {
+ if (currentFieldName == null) {
+ // Outer multipart terminated -> No more data
+ eof = true;
+ return false;
+ }
+ // Inner multipart terminated -> Return to parsing the outer
+ multi.setBoundary(multiPartBoundary);
+ currentFieldName = null;
+ continue;
+ }
+ FileItemHeaders headers = fileUploadBase.getParsedHeaders(multi.readHeaders());
+ if (currentFieldName == null) {
+ // We're parsing the outer multipart
+ String fieldName = fileUploadBase.getFieldName(headers);
+ if (fieldName != null) {
+ String subContentType = headers.getHeader(FileUploadBase.CONTENT_TYPE);
+ if (subContentType != null
+ && subContentType.toLowerCase(Locale.ENGLISH)
+ .startsWith(FileUploadBase.MULTIPART_MIXED)) {
+ currentFieldName = fieldName;
+ // Multiple files associated with this field name
+ byte[] subBoundary = fileUploadBase.getBoundary(subContentType);
+ multi.setBoundary(subBoundary);
+ skipPreamble = true;
+ continue;
+ }
+ String fileName = fileUploadBase.getFileName(headers);
+ currentItem = new FileItemStreamImpl(this, fileName,
+ fieldName, headers.getHeader(FileUploadBase.CONTENT_TYPE),
+ fileName == null, getContentLength(headers));
+ currentItem.setHeaders(headers);
+ progressNotifier.noteItem();
+ itemValid = true;
+ return true;
+ }
+ } else {
+ String fileName = fileUploadBase.getFileName(headers);
+ if (fileName != null) {
+ currentItem = new FileItemStreamImpl(this, fileName,
+ currentFieldName,
+ headers.getHeader(FileUploadBase.CONTENT_TYPE),
+ false, getContentLength(headers));
+ currentItem.setHeaders(headers);
+ progressNotifier.noteItem();
+ itemValid = true;
+ return true;
+ }
+ }
+ multi.discardBodyData();
+ }
+ }
+
+ private long getContentLength(FileItemHeaders pHeaders) {
+ try {
+ return Long.parseLong(pHeaders.getHeader(FileUploadBase.CONTENT_LENGTH));
+ } catch (Exception e) {
+ return -1;
+ }
+ }
+
+ /**
+ * Returns, whether another instance of {@link FileItemStream}
+ * is available.
+ *
+ * @throws FileUploadException Parsing or processing the
+ * file item failed.
+ * @throws IOException Reading the file item failed.
+ * @return True, if one or more additional file items
+ * are available, otherwise false.
+ */
+ @Override
+ public boolean hasNext() throws FileUploadException, IOException {
+ if (eof) {
+ return false;
+ }
+ if (itemValid) {
+ return true;
+ }
+ try {
+ return findNextItem();
+ } catch (FileUploadIOException e) {
+ // unwrap encapsulated SizeException
+ throw (FileUploadException) e.getCause();
+ }
+ }
+
+ /**
+ * Returns the next available {@link FileItemStream}.
+ *
+ * @throws java.util.NoSuchElementException No more items are
+ * available. Use {@link #hasNext()} to prevent this exception.
+ * @throws FileUploadException Parsing or processing the
+ * file item failed.
+ * @throws IOException Reading the file item failed.
+ * @return FileItemStream instance, which provides
+ * access to the next file item.
+ */
+ @Override
+ public FileItemStream next() throws FileUploadException, IOException {
+ if (eof || (!itemValid && !hasNext())) {
+ throw new NoSuchElementException();
+ }
+ itemValid = false;
+ return currentItem;
+ }
+
+ @Override
+ public ListSizeExceededException with
+ * the specified detail message, and actual and permitted sizes.
+ *
+ * @param message The detail message.
+ * @param actual The actual request size.
+ * @param permitted The maximum permitted request size.
+ */
+ public FileSizeLimitExceededException(String message, long actual,
+ long permitted) {
+ super(message, actual, permitted);
+ }
+
+ /**
+ * Returns the file name of the item, which caused the
+ * exception.
+ *
+ * @return File name, if known, or null.
+ */
+ public String getFileName() {
+ return fileName;
+ }
+
+ /**
+ * Sets the file name of the item, which caused the
+ * exception.
+ *
+ * @param pFileName the file name of the item, which caused the exception.
+ */
+ public void setFileName(String pFileName) {
+ fileName = pFileName;
+ }
+
+ /**
+ * Returns the field name of the item, which caused the
+ * exception.
+ *
+ * @return Field name, if known, or null.
+ */
+ public String getFieldName() {
+ return fieldName;
+ }
+
+ /**
+ * Sets the field name of the item, which caused the
+ * exception.
+ *
+ * @param pFieldName the field name of the item,
+ * which caused the exception.
+ */
+ public void setFieldName(String pFieldName) {
+ fieldName = pFieldName;
+ }
+
+}
\ No newline at end of file
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/fileupload/impl/FileUploadIOException.java tomcat9-9.0.31/java/org/apache/tomcat/util/http/fileupload/impl/FileUploadIOException.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/fileupload/impl/FileUploadIOException.java 1970-01-01 00:00:00.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/fileupload/impl/FileUploadIOException.java 2020-02-05 19:26:48.000000000 +0000
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.http.fileupload.impl;
+
+import java.io.IOException;
+
+import org.apache.tomcat.util.http.fileupload.FileUploadException;
+
+/**
+ * This exception is thrown for hiding an inner
+ * {@link FileUploadException} in an {@link IOException}.
+ */
+public class FileUploadIOException extends IOException {
+
+ /**
+ * The exceptions UID, for serializing an instance.
+ */
+ private static final long serialVersionUID = -7047616958165584154L;
+
+ /**
+ * The exceptions cause; we overwrite the parent
+ * classes field, which is available since Java
+ * 1.4 only.
+ */
+ private final FileUploadException cause;
+
+ /**
+ * Creates a FileUploadIOException with the
+ * given cause.
+ *
+ * @param pCause The exceptions cause, if any, or null.
+ */
+ public FileUploadIOException(FileUploadException pCause) {
+ // We're not doing super(pCause) cause of 1.3 compatibility.
+ cause = pCause;
+ }
+
+ /**
+ * Returns the exceptions cause.
+ *
+ * @return The exceptions cause, if any, or null.
+ */
+ @SuppressWarnings("sync-override") // Field is final
+ @Override
+ public Throwable getCause() {
+ return cause;
+ }
+
+}
\ No newline at end of file
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/fileupload/impl/InvalidContentTypeException.java tomcat9-9.0.31/java/org/apache/tomcat/util/http/fileupload/impl/InvalidContentTypeException.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/fileupload/impl/InvalidContentTypeException.java 1970-01-01 00:00:00.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/fileupload/impl/InvalidContentTypeException.java 2020-02-05 19:26:48.000000000 +0000
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.http.fileupload.impl;
+
+import org.apache.tomcat.util.http.fileupload.FileUploadException;
+
+/**
+ * Thrown to indicate that the request is not a multipart request.
+ */
+public class InvalidContentTypeException
+ extends FileUploadException {
+
+ /**
+ * The exceptions UID, for serializing an instance.
+ */
+ private static final long serialVersionUID = -9073026332015646668L;
+
+ /**
+ * Constructs a InvalidContentTypeException with no
+ * detail message.
+ */
+ public InvalidContentTypeException() {
+ super();
+ }
+
+ /**
+ * Constructs an InvalidContentTypeException with
+ * the specified detail message.
+ *
+ * @param message The detail message.
+ */
+ public InvalidContentTypeException(String message) {
+ super(message);
+ }
+
+ /**
+ * Constructs an InvalidContentTypeException with
+ * the specified detail message and cause.
+ *
+ * @param msg The detail message.
+ * @param cause the original cause
+ *
+ * @since 1.3.1
+ */
+ public InvalidContentTypeException(String msg, Throwable cause) {
+ super(msg, cause);
+ }
+}
\ No newline at end of file
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/fileupload/impl/IOFileUploadException.java tomcat9-9.0.31/java/org/apache/tomcat/util/http/fileupload/impl/IOFileUploadException.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/fileupload/impl/IOFileUploadException.java 1970-01-01 00:00:00.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/fileupload/impl/IOFileUploadException.java 2020-02-05 19:26:48.000000000 +0000
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.http.fileupload.impl;
+
+import java.io.IOException;
+
+import org.apache.tomcat.util.http.fileupload.FileUploadException;
+
+/**
+ * Thrown to indicate an IOException.
+ */
+public class IOFileUploadException extends FileUploadException {
+
+ /**
+ * The exceptions UID, for serializing an instance.
+ */
+ private static final long serialVersionUID = 1749796615868477269L;
+
+ /**
+ * The exceptions cause; we overwrite the parent
+ * classes field, which is available since Java
+ * 1.4 only.
+ */
+ private final IOException cause;
+
+ /**
+ * Creates a new instance with the given cause.
+ *
+ * @param pMsg The detail message.
+ * @param pException The exceptions cause.
+ */
+ public IOFileUploadException(String pMsg, IOException pException) {
+ super(pMsg);
+ cause = pException;
+ }
+
+ /**
+ * Returns the exceptions cause.
+ *
+ * @return The exceptions cause, if any, or null.
+ */
+ @SuppressWarnings("sync-override") // Field is final
+ @Override
+ public Throwable getCause() {
+ return cause;
+ }
+
+}
\ No newline at end of file
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/fileupload/impl/SizeException.java tomcat9-9.0.31/java/org/apache/tomcat/util/http/fileupload/impl/SizeException.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/fileupload/impl/SizeException.java 1970-01-01 00:00:00.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/fileupload/impl/SizeException.java 2020-02-05 19:26:48.000000000 +0000
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.http.fileupload.impl;
+
+import org.apache.tomcat.util.http.fileupload.FileUploadException;
+
+/**
+ * This exception is thrown, if a requests permitted size
+ * is exceeded.
+ */
+public abstract class SizeException extends FileUploadException {
+
+ /**
+ * Serial version UID, being used, if serialized.
+ */
+ private static final long serialVersionUID = -8776225574705254126L;
+
+ /**
+ * The actual size of the request.
+ */
+ private final long actual;
+
+ /**
+ * The maximum permitted size of the request.
+ */
+ private final long permitted;
+
+ /**
+ * Creates a new instance.
+ *
+ * @param message The detail message.
+ * @param actual The actual number of bytes in the request.
+ * @param permitted The requests size limit, in bytes.
+ */
+ protected SizeException(String message, long actual, long permitted) {
+ super(message);
+ this.actual = actual;
+ this.permitted = permitted;
+ }
+
+ /**
+ * Retrieves the actual size of the request.
+ *
+ * @return The actual size of the request.
+ * @since 1.3
+ */
+ public long getActualSize() {
+ return actual;
+ }
+
+ /**
+ * Retrieves the permitted size of the request.
+ *
+ * @return The permitted size of the request.
+ * @since 1.3
+ */
+ public long getPermittedSize() {
+ return permitted;
+ }
+
+}
\ No newline at end of file
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/fileupload/impl/SizeLimitExceededException.java tomcat9-9.0.31/java/org/apache/tomcat/util/http/fileupload/impl/SizeLimitExceededException.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/fileupload/impl/SizeLimitExceededException.java 1970-01-01 00:00:00.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/fileupload/impl/SizeLimitExceededException.java 2020-02-05 19:26:48.000000000 +0000
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.http.fileupload.impl;
+
+/**
+ * Thrown to indicate that the request size exceeds the configured maximum.
+ */
+public class SizeLimitExceededException
+ extends SizeException {
+
+ /**
+ * The exceptions UID, for serializing an instance.
+ */
+ private static final long serialVersionUID = -2474893167098052828L;
+
+ /**
+ * Constructs a SizeExceededException with
+ * the specified detail message, and actual and permitted sizes.
+ *
+ * @param message The detail message.
+ * @param actual The actual request size.
+ * @param permitted The maximum permitted request size.
+ */
+ public SizeLimitExceededException(String message, long actual,
+ long permitted) {
+ super(message, actual, permitted);
+ }
+
+}
\ No newline at end of file
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/fileupload/MultipartStream.java tomcat9-9.0.31/java/org/apache/tomcat/util/http/fileupload/MultipartStream.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/fileupload/MultipartStream.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/fileupload/MultipartStream.java 2020-02-05 19:26:48.000000000 +0000
@@ -22,7 +22,7 @@
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
-import org.apache.tomcat.util.http.fileupload.FileUploadBase.FileUploadIOException;
+import org.apache.tomcat.util.http.fileupload.impl.FileUploadIOException;
import org.apache.tomcat.util.http.fileupload.util.Closeable;
import org.apache.tomcat.util.http.fileupload.util.Streams;
@@ -115,7 +115,7 @@
* @param pListener The listener to invoke.
* @param pContentLength The expected content length.
*/
- ProgressNotifier(ProgressListener pListener, long pContentLength) {
+ public ProgressNotifier(ProgressListener pListener, long pContentLength) {
listener = pListener;
contentLength = pContentLength;
}
@@ -136,7 +136,7 @@
/**
* Called to indicate, that a new file item has been detected.
*/
- void noteItem() {
+ public void noteItem() {
++items;
notifyListener();
}
@@ -332,7 +332,7 @@
*
* @see #MultipartStream(InputStream, byte[], int, ProgressNotifier)
*/
- MultipartStream(InputStream input,
+ public MultipartStream(InputStream input,
byte[] boundary,
ProgressNotifier pNotifier) {
this(input, boundary, DEFAULT_BUFSIZE, pNotifier);
@@ -576,7 +576,7 @@
* Creates a new {@link ItemInputStream}.
* @return A new instance of {@link ItemInputStream}.
*/
- ItemInputStream newInputStream() {
+ public ItemInputStream newInputStream() {
return new ItemInputStream();
}
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/HeaderUtil.java tomcat9-9.0.31/java/org/apache/tomcat/util/http/HeaderUtil.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/HeaderUtil.java 1970-01-01 00:00:00.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/HeaderUtil.java 2020-02-05 19:26:48.000000000 +0000
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.http;
+
+public class HeaderUtil {
+
+ /**
+ * Converts an HTTP header line in byte form to a printable String.
+ * Bytes corresponding to visible ASCII characters will converted to those
+ * characters. All other bytes (0x00 to 0x1F, 0x7F to OxFF) will be
+ * represented in 0xNN form.
+ *
+ * @param bytes Contains an HTTP header line
+ * @param offset The start position of the header line in the array
+ * @param len The length of the HTTP header line
+ *
+ * @return A String with non-printing characters replaced by the 0xNN
+ * equivalent
+ */
+ public static String toPrintableString(byte[] bytes, int offset, int len) {
+ StringBuilder result = new StringBuilder();
+ for (int i = offset; i < offset + len; i++) {
+ char c = (char) (bytes[i] & 0xFF);
+ if (c < 0x20 || c > 0x7E) {
+ result.append("0x");
+ result.append(Character.forDigit((c >> 4) & 0xF, 16));
+ result.append(Character.forDigit((c) & 0xF, 16));
+ } else {
+ result.append(c);
+ }
+ }
+ return result.toString();
+ }
+
+
+ private HeaderUtil() {
+ // Utility class. Hide default constructor.
+ }
+}
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java tomcat9-9.0.31/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java 2020-02-05 19:26:48.000000000 +0000
@@ -326,7 +326,7 @@
SameSiteCookies sameSiteCookiesValue = getSameSiteCookies();
- if (!sameSiteCookiesValue.equals(SameSiteCookies.NONE)) {
+ if (!sameSiteCookiesValue.equals(SameSiteCookies.UNSET)) {
buf.append("; SameSite=");
buf.append(sameSiteCookiesValue.getValue());
}
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/LocalStrings.properties tomcat9-9.0.31/java/org/apache/tomcat/util/http/LocalStrings.properties
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/LocalStrings.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/LocalStrings.properties 2020-02-05 19:26:48.000000000 +0000
@@ -16,7 +16,7 @@
cookies.fallToDebug=\n\
\ Note: further occurrences of Cookie errors will be logged at DEBUG level.
cookies.invalidCookieToken=Cookies: Invalid cookie. Value not a token or quoted value
-cookies.invalidSameSiteCookies=Unknown setting [{0}], must be one of: none, lax, strict. Default value is none.
+cookies.invalidSameSiteCookies=Unknown setting [{0}], must be one of: unset, none, lax, strict. Default value is unset.
cookies.invalidSpecial=Cookies: Unknown Special Cookie
cookies.maxCountFail=More than the maximum allowed number of cookies, [{0}], were detected.
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/tomcat/util/http/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -15,12 +15,17 @@
cookies.invalidCookieToken=Cookie:cookie无效。值不是令牌或引用值
cookies.invalidSpecial=Cookies:未知特殊的Cookie
+cookies.maxCountFail=检测到超过Cookie最大允许的数量[{0}]
+
+headers.maxCountFail=检测到超过了允许设置的最大header 数[{0}]
parameters.bytes=开始处理输入[{0}]
parameters.copyFail=无法创建以调试日志记录为目的的原始参数值的副本
parameters.decodeFail.debug=字符解码失败.参数 [{0}]和值 [{1}]被忽略
+parameters.emptyChunk=忽略空参数块
parameters.fallToDebug=注:更多的参数错误将以DEBUG级别日志进行记录。
parameters.maxCountFail=检测到单个请求([{0}])的最大请求参数数(GET加POST)。 超出此限制的任何参数都被忽略。 要更改此限制,请在Connector上设置maxParameterCount属性。
parameters.maxCountFail.fallToDebug=注意:更多的错误信息只在debug级别日志中记录
+parameters.noequal=):参数从位置[{0}]开始,到位置[{1}]结束,值为[{2}],后面没有“=”字符
rfc6265CookieProcessor.invalidPath=这个cookie被指定了一个无效的路径 [{0}]
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/MimeHeaders.java tomcat9-9.0.31/java/org/apache/tomcat/util/http/MimeHeaders.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/MimeHeaders.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/MimeHeaders.java 2020-02-05 19:26:48.000000000 +0000
@@ -395,7 +395,7 @@
* reset and swap with last header
* @param idx the index of the header to remove.
*/
- private void removeHeader(int idx) {
+ public void removeHeader(int idx) {
MimeHeaderField mh = headers[idx];
mh.recycle();
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/parser/HttpParser.java tomcat9-9.0.31/java/org/apache/tomcat/util/http/parser/HttpParser.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/parser/HttpParser.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/parser/HttpParser.java 2020-02-05 19:26:48.000000000 +0000
@@ -317,6 +317,17 @@
}
+ public static boolean isControl(int c) {
+ // Fast for valid control characters, slower for some incorrect
+ // ones
+ try {
+ return IS_CONTROL[c];
+ } catch (ArrayIndexOutOfBoundsException ex) {
+ return false;
+ }
+ }
+
+
// Skip any LWS and position to read the next character. The next character
// is returned as being able to 'peek()' it allows a small optimisation in
// some cases.
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/parser/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/tomcat/util/http/parser/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/parser/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/parser/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -15,6 +15,7 @@
cookie.valueNotPresent=<不存在>
+http.closingBracket=在非IPv6主机名中找到了右括号']'。
http.illegalCharacterIpv4=字符[{0}]为非法的IPv4地址。
http.illegalCharacterIpv6=字符[{0}]为非法的IPv6地址。
http.invalidCharacterDomain.afterColon=字符 [{0}] 在域名中的冒号后无效。
@@ -25,9 +26,12 @@
http.invalidCharacterDomain.atEnd=字符 [{0}] 在域名末尾无效。
http.invalidCharacterDomain.atStart=字符 [{0}] 在域名开头无效。
http.invalidHextet=hextet无效。 hextet必须包含4个或更少的十六进制字符。
+http.invalidIpv4Location=IPv6地址在无效位置包含嵌入的IPv4地址。
http.invalidLeadingZero=非零的IPv4字符可能不包含前导零。
http.invalidOctet=无效字符[{0}].IPv4字符的有效范围为0~255。
+http.invalidSegmentEndState=状态[{0}]对于段的结尾无效。
http.noClosingBracket=ipv6 地址缺失一个闭合的圆括号
+http.noOpeningBracket=IPv6地址缺少开括号(
http.singleColonEnd=IPv6地址不能以单个“.”结尾。
http.singleColonStart=一个IPv6地址也许不是以单个冒号":"开头的。
http.tooManyColons=IPv6地址不能包含超过2个连续冒号字符。
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/parser/TokenList.java tomcat9-9.0.31/java/org/apache/tomcat/util/http/parser/TokenList.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/parser/TokenList.java 1970-01-01 00:00:00.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/parser/TokenList.java 2020-02-05 19:26:48.000000000 +0000
@@ -0,0 +1,113 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.http.parser;
+
+import java.io.IOException;
+import java.io.Reader;
+import java.io.StringReader;
+import java.util.Collection;
+import java.util.Enumeration;
+import java.util.Locale;
+
+public class TokenList {
+
+ private TokenList() {
+ // Utility class. Hide default constructor.
+ }
+
+
+ /**
+ * Parses an enumeration of header values of the form 1#token, forcing all
+ * parsed values to lower case.
+ *
+ * @param inputs The headers to parse
+ * @param collection The Collection (usually a list of a set) to which the
+ * parsed tokens should be added
+ *
+ * @return {@code} true if the header values were parsed cleanly, otherwise
+ * {@code false} (e.g. if a non-token value was encountered)
+ *
+ * @throws IOException If an I/O error occurs reading the header
+ */
+ public static boolean parseTokenList(Enumerationtrue if the origin was valid
+ * @see RFC952
+ */
+ public static boolean isValidOrigin(String origin) {
+ // Checks for encoded characters. Helps prevent CRLF injection.
+ if (origin.contains("%")) {
+ return false;
+ }
+
+ // "null" is a valid origin
+ if ("null".equals(origin)) {
+ return true;
+ }
+
+ // RFC6454, section 4. "If uri-scheme is file, the implementation MAY
+ // return an implementation-defined value.". No limits are placed on
+ // that value so treat all file URIs as valid origins.
+ if (origin.startsWith("file://")) {
+ return true;
+ }
+
+ URI originURI;
+ try {
+ originURI = new URI(origin);
+ } catch (URISyntaxException e) {
+ return false;
+ }
+ // If scheme for URI is null, return false. Return true otherwise.
+ return originURI.getScheme() != null;
+
+ }
}
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/ResponseUtil.java tomcat9-9.0.31/java/org/apache/tomcat/util/http/ResponseUtil.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/ResponseUtil.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/ResponseUtil.java 2020-02-05 19:26:48.000000000 +0000
@@ -27,7 +27,7 @@
import javax.servlet.http.HttpServletResponse;
-import org.apache.tomcat.util.http.parser.Vary;
+import org.apache.tomcat.util.http.parser.TokenList;
public class ResponseUtil {
@@ -81,7 +81,7 @@
for (String varyHeader : varyHeaders) {
StringReader input = new StringReader(varyHeader);
try {
- Vary.parseVary(input, fieldNames);
+ TokenList.parseTokenList(input, fieldNames);
} catch (IOException ioe) {
// Should never happen
}
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java tomcat9-9.0.31/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/Rfc6265CookieProcessor.java 2020-02-05 19:26:48.000000000 +0000
@@ -164,7 +164,7 @@
SameSiteCookies sameSiteCookiesValue = getSameSiteCookies();
- if (!sameSiteCookiesValue.equals(SameSiteCookies.NONE)) {
+ if (!sameSiteCookiesValue.equals(SameSiteCookies.UNSET)) {
header.append("; SameSite=");
header.append(sameSiteCookiesValue.getValue());
}
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/http/SameSiteCookies.java tomcat9-9.0.31/java/org/apache/tomcat/util/http/SameSiteCookies.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/http/SameSiteCookies.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/http/SameSiteCookies.java 2020-02-05 19:26:48.000000000 +0000
@@ -21,7 +21,12 @@
public enum SameSiteCookies {
/**
- * Don't set the SameSite cookie attribute. Cookie is always sent
+ * Don't set the SameSite cookie attribute.
+ */
+ UNSET("Unset"),
+
+ /**
+ * Cookie is always sent in cross-site requests.
*/
NONE("None"),
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/json/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/tomcat/util/json/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/tomcat/util/json/LocalStrings_zh_CN.properties 1970-01-01 00:00:00.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/json/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -0,0 +1,16 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+parser.expectedEOF=期望EOF,但仍有内容需要解析
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/LocalStrings_zh_CN.properties tomcat9-9.0.31/java/org/apache/tomcat/util/LocalStrings_zh_CN.properties
--- tomcat9-9.0.27/java/org/apache/tomcat/util/LocalStrings_zh_CN.properties 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/LocalStrings_zh_CN.properties 2020-02-05 19:26:48.000000000 +0000
@@ -16,6 +16,7 @@
diagnostics.threadDumpTitle=打印全部线程
diagnostics.vmInfoClassCompilation=:)class汇编
diagnostics.vmInfoClassLoading=类加载中
+diagnostics.vmInfoGarbageCollectors=垃圾收集器[{0}]
diagnostics.vmInfoLogger=日志记录器(Logger)信息
diagnostics.vmInfoOs=操作系统信息
diagnostics.vmInfoRuntime=运行时信息
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/modeler/Registry.java tomcat9-9.0.31/java/org/apache/tomcat/util/modeler/Registry.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/modeler/Registry.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/modeler/Registry.java 2020-02-05 19:26:48.000000000 +0000
@@ -27,6 +27,7 @@
import java.util.Map;
import javax.management.DynamicMBean;
+import javax.management.InstanceNotFoundException;
import javax.management.MBeanAttributeInfo;
import javax.management.MBeanInfo;
import javax.management.MBeanOperationInfo;
@@ -151,7 +152,7 @@
public static synchronized void disableRegistry() {
if (registry == null) {
registry = new NoDescriptorRegistry();
- } else {
+ } else if (!(registry instanceof NoDescriptorRegistry)) {
log.warn(sm.getString("registry.noDisable"));
}
}
@@ -233,8 +234,8 @@
* lifecycle operations.
*
* @param mbeans list of ObjectName on which we'll invoke the operations
- * @param operation Name of the operation ( init, start, stop, etc)
- * @param failFirst If false, exceptions will be ignored
+ * @param operation Name of the operation ( init, start, stop, etc)
+ * @param failFirst If false, exceptions will be ignored
* @throws Exception Error invoking operation
* @since 1.1
*/
@@ -263,7 +264,6 @@
}
}
-
// -------------------- ID registry --------------------
/**
@@ -397,6 +397,36 @@
return null;
}
+ /**
+ * Find the operation info for a method.
+ *
+ * @param oname The bean name
+ * @param opName The operation name
+ * @param argCount The number of arguments to the method
+ * @return the operation info for the specified operation
+ * @throws InstanceNotFoundException If the object name is not bound to an MBean
+ */
+ public MBeanOperationInfo getMethodInfo(ObjectName oname, String opName, int argCount)
+ throws InstanceNotFoundException
+ {
+ MBeanInfo info = null;
+ try {
+ info = getMBeanServer().getMBeanInfo(oname);
+ } catch (InstanceNotFoundException infe) {
+ throw infe;
+ } catch (Exception e) {
+ log.warn(sm.getString("registry.noMetadata", oname), e);
+ return null;
+ }
+ MBeanOperationInfo attInfo[] = info.getOperations();
+ for (int i = 0; i < attInfo.length; i++) {
+ if (opName.equals(attInfo[i].getName())
+ && argCount == attInfo[i].getSignature().length) {
+ return attInfo[i];
+ }
+ }
+ return null;
+ }
/**
* Unregister a component. This is just a helper that avoids exceptions by
diff -Nru tomcat9-9.0.27/java/org/apache/tomcat/util/net/AbstractEndpoint.java tomcat9-9.0.31/java/org/apache/tomcat/util/net/AbstractEndpoint.java
--- tomcat9-9.0.27/java/org/apache/tomcat/util/net/AbstractEndpoint.java 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/java/org/apache/tomcat/util/net/AbstractEndpoint.java 2020-02-05 19:26:48.000000000 +0000
@@ -25,7 +25,9 @@
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
@@ -103,7 +105,10 @@
*
* @return The sockets for which the handler is tracking a currently
* open connection
+ * @deprecated Unused, will be removed in Tomcat 10, replaced
+ * by AbstractEndpoint.getConnections
*/
+ @Deprecated
public Settomcat.util.scan.StandardJarScanFilter.jarsToSkip. (isapir)
+ NullPointerException
+ when working with the URL provided for the root of a packed WAR. (markt)
+ Tomcat#addWebapp() and related methods. (markt)
+ JmxRemoteLifecycleListener as the features it
+ provides are now available in the remote JMX capability included with
+ the JRE. This listener will be removed in Tomcat 10 and may be removed
+ from Tomcat 9.0.x some time after 2020-12-31. (markt)
+ JNDIRealm no longer authenticates to LDAP.
+ (michaelo)
+ WEB-INF/classes are
+ now handled consistently and will always be found irrespective of
+ whether the web application defines a JAR ordering or not. (markt)
+ InputStreams for directories obtained
+ from resource URLs now return a directory listing consistent with the
+ behaviour of FileURLConnection. In addition to restoring
+ the behaviour that was lost as a result of the introduction of
+ CachedResourceURLConnection, it expands the feature to
+ include packedWARs and to take account of resource JARs. (markt)
+ discardFacades. (remm)
+ ${...} property replacement support
+ to XML external entity definitions. (markt)
+ MappingData.contextPath as it is unused. (markt)
+ SSLHostConfig and
+ SSLHostConfigCertificate elements. (markt)
+ Transfer-Encoding header were ignored rather than
+ treated as an error. (markt)
+ rejectIllegalHeaderName
+ to rejectIllegalHeader and expand the underlying
+ implementation to include header values as well as names. (markt)
+ requiredSecret attribute of the AJP/1.3
+ Connector to secret and add a new attribute
+ secretRequired that defaults to true. When
+ secretRequired is true the AJP/1.3 Connector
+ will not start unless the secret attribute is configured to
+ a non-null, non-zero length String. (markt)
+ allowedRequestAttributesPattern to
+ the AJP/1.3 Connector. Requests with unrecognised attributes will be
+ blocked with a 403. (markt)
+ java.lang.Record) added in Java 14. (markt)
+ ExpressionFactory implementations with
+ ServiceLoader. (markt)
+ META-INF/services entry to jasper-el.jar so that the
+ Expression Language implementation can be discovered via the services
+ API. (markt)
+ JarURLConnection. (markt)
+ Authenticator implementations,
+ allowCorsPreflight, that allows the
+ Authenticators to be configured to allow CORS preflight
+ requests to bypass authentication as required by the CORS specification.
+ (markt)
+ Registry.disableRegistry() without the second and
+ subsequent calls triggering the logging of a warning. Based on a patch
+ by Andy Wilkinson. (markt)
+ Realm.getRoles(Principal). (michaelo)
+ FileStore implementation
+ and refactor loops in FileStore to use the ForEach style.
+ Pull request provided by Govinda Sakhare. (markt)
+ SocketTimeoutException if one
+ occurs. (remm/markt)
+ noCompressionStrongETag. (markt)
+ maxConnections attribute
+ of the Connector in the documentation web application.
+ (markt)
+ CATALINA_OPTS and JAVA_OPTS when used in shell
+ scripts to avoid the expansion of *) as it caused various
+ regressions, particularly with daemon.sh. (markt)
+ JAVA_HOME environment variable. Pull request provided by
+ Alexander Norz. (markt)
+ NioEndpoint timeout handling
+ that meant a write timeout could be handled as a read timeout. (markt)
+ socket.txBufSize is configured with an
+ explicit value rather than using the JVM default. (markt)
+ RewriteMap
+ functionality in the RewriteValve. (fschumacher)
+ ExpiresFilter is used without a
+ default and the response is served by the Default Servlet, ensure that
+ the filter processes the response if the Default Servlet sets a 304 (Not
+ Found) status code. (markt)
+ ServletRequest.isAsyncStarted() returns
+ false once AsyncContext.complete() or
+ AsyncContext.dispatch() has been called during
+ AsyncListener.onTimeout() or
+ AsyncListener.onError(). (markt)
+ Expect and
+ Connection HTTP headers looking for a specific token, be
+ stricter in ensuring that the exact token is present. (markt)
+ Content-Encoding
+ header when looking to see if Tomcat is serving pre-compressed content.
+ Ensure that only a full token is matched and that the match is case
+ insensitive. (markt)
+ transfer-encoding
+ request header to use the shared parsing code and reduce duplication.
+ (markt)
+ Unset option to same-site cookies
+ and pass through None value if set by user. Patch provided
+ by John Kelly. (markt)
+ certificateVerification and
+ certificateVerificationDepth are correctly passed to the
+ OpenSSL based SSLEngine implementation. (remm/markt)
+ CPING message is received by the AJP connector because, if
+ the JK Connector is configured with
+ ping_mode="I", the CPING message
+ will not always be followed by the start of a request. (markt)
+ org.apache.coyote.http2.TestHttp2InitialConnection.
+ (michaelo)
+ NullPointerExceptions throw by
+ the Inflater or Deflater used by the
+ PerMessageDeflate extension in an IOException
+ so that the error can be caught and handled by the WebSocket error
+ handling mechanism. (markt)
+ CATALINA_OPTS and
+ JAVA_OPTS when used in shell scripts to avoid the expansion
+ of *. Note that any newlines present in
+ CATALINA_OPTS and/or JAVA_OPTS will no longer
+ removed. (markt)
+ commons-daemon-native.tar.gz and
+ tomcat-native.tar.gz from the binary zip distributions for
+ Windows since compiled versions of those components are already
+ included within the zip distributions. (markt)
+ org.apache.tomcat.util.buf.TestCharsetCache. (michaelo)
+ Use of the AJP protocol requires additional security considerations because
+ it allows greater direct manipulation of Tomcat's internal data structures
+ than the HTTP connectors. Particular attention should be paid to the values
+ used for the address, secret,
+ secretRequired and allowedRequestAttributesPattern
+ attributes.
This connector supports load balancing when used in conjunction with
the jvmRoute attribute of the
Engine.
For servers with more than one IP address, this attribute
specifies which address will be used for listening on the specified
- port. By default, this port will be used on all IP addresses
- associated with the server. A value of 127.0.0.1
- indicates that the Connector will only listen on the loopback
- interface.
The AJP protocol passes some information from the reverse proxy to the + AJP connector using request attributes. These attributes are:
+The AJP protocol supports the passing of arbitrary request attributes.
+ Requests containing arbitrary request attributes will be rejected with a
+ 403 response unless the entire attribute name matches this regular
+ expression. If not specified, the default value is null.
acceptCount setting. The default value varies by
- connector type. For NIO and NIO2 the default is 10000.
- For APR/native, the default is 8192.
- Note that for APR/native on Windows, the configured value will be
- reduced to the highest multiple of 1024 that is less than or equal to
- maxConnections. This is done for performance reasons.
- If set to a value of -1, the maxConnections feature is disabled
- and connections are not counted.
acceptCount setting. The default value
+ is 8192.
+ For NIO/NIO2 only, setting the value to -1, will disable the + maxConnections feature and connections will not be counted.
Only requests from workers with this secret keyword will be accepted. -
+ The default value isnull. This attrbute must be specified
+ with a non-null, non-zero length value unless
+ secretRequired is explicitly configured to be
+ false.
+ If this attribute is true, the AJP Connector will only
+ start if the secret attribute is configured with a
+ non-null, non-zero length value. The default value is true.
+ This attributue should only be set to false when the
+ Connector is used on a trusted network.
(int)The socket send buffer (SO_SNDBUF) size in bytes. JVM default - used if not set.
+ used if not set. Care should be taken if explicitly setting this value. + Very poor performance has been observed on some JVMs with values less + than ~8k.(bool)This is equivalent to standard attribute diff -Nru tomcat9-9.0.27/webapps/docs/config/cluster-interceptor.xml tomcat9-9.0.31/webapps/docs/config/cluster-interceptor.xml --- tomcat9-9.0.27/webapps/docs/config/cluster-interceptor.xml 2019-10-07 09:50:40.000000000 +0000 +++ tomcat9-9.0.31/webapps/docs/config/cluster-interceptor.xml 2020-02-05 19:26:48.000000000 +0000 @@ -205,7 +205,7 @@
If using the TcpFailureDetector, the EncryptInterceptor
must be inserted into the interceptor chain before the
- TcpFailureDetector. This is becuase when validating cluster
+ TcpFailureDetector. This is because when validating cluster
members, TcpFailureDetector writes channel data directly
to the other members without using the remainder of the interceptor chain,
but on the receiving side, the message still goes through the chain (in reverse).
diff -Nru tomcat9-9.0.27/webapps/docs/config/cluster.xml tomcat9-9.0.31/webapps/docs/config/cluster.xml
--- tomcat9-9.0.27/webapps/docs/config/cluster.xml 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/webapps/docs/config/cluster.xml 2020-02-05 19:26:48.000000000 +0000
@@ -52,6 +52,7 @@
There are many options for providing a secure, trusted network for use by a Tomcat cluster. These include:
Enables setting same-site cookie attribute.
-If value is none then the same-site cookie attribute
+
If value is unset then the same-site cookie attribute
won't be set. This is the default value.
If value is none then the same-site cookie attribute
+ will be set and the cookie will always be sent in cross-site requests.
If value is lax then the browser only sends the cookie
in same-site requests and cross-site top level GET requests.
Enables setting same-site cookie attribute.
-If value is none then the same-site cookie attribute
+
If value is unset then the same-site cookie attribute
won't be set. This is the default value.
If value is none then the same-site cookie attribute
+ will be set and the cookie will always be sent in cross-site requests.
If value is lax then the browser only sends the cookie
in same-site requests and cross-site top level GET requests.
This flag configures whether resources with a stong ETag will be
+ considered for compression. If true, resources with a strong
+ ETag will not be compressed. The default value is true.
This attribute is deprecated. It will be removed in Tomcat 10 onwards
+ where it will be hard-coded to true.
The value is a regular expression (using java.util.regex)
matching the user-agent header of HTTP clients for which
diff -Nru tomcat9-9.0.27/webapps/docs/config/http.xml tomcat9-9.0.31/webapps/docs/config/http.xml
--- tomcat9-9.0.27/webapps/docs/config/http.xml 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/webapps/docs/config/http.xml 2020-02-05 19:26:48.000000000 +0000
@@ -94,6 +94,17 @@
_default_ will be used.
A boolean value which can be used to enable or disable the recycling
+ of the facade objects that isolate the container internal request
+ processing objects. If set to true the facades will be
+ set for garbage collection after every request, otherwise they will be
+ reused. This setting has no effect when the security manager is enabled.
+ If not specified, this attribute is set to the value of the
+ org.apache.catalina.connector.RECYCLE_FACADES system
+ property, or false if not set.
Set to true if you want calls to
request.getRemoteHost() to perform DNS lookups in
@@ -448,14 +459,10 @@
falls below maxConnections at which point the server will
start accepting and processing new connections again. Note that once the
limit has been reached, the operating system may still accept connections
- based on the acceptCount setting. The default value varies by
- connector type. For NIO and NIO2 the default is 10000.
- For APR/native, the default is 8192.
Note that for APR/native on Windows, the configured value will be
- reduced to the highest multiple of 1024 that is less than or equal to
- maxConnections. This is done for performance reasons.
- If set to a value of -1, the maxConnections feature is disabled
- and connections are not counted.
acceptCount setting. The default value
+ is 8192.
+ For NIO/NIO2 only, setting the value to -1, will disable the + maxConnections feature and connections will not be counted.
This flag configures whether resources with a stong ETag will be
+ considered for compression. If true, resources with a strong
+ ETag will not be compressed. The default value is true.
This attribute is deprecated. It will be removed in Tomcat 10 onwards
+ where it will be hard-coded to true.
The value is a regular expression (using java.util.regex)
matching the user-agent header of HTTP clients for which
@@ -543,14 +558,19 @@
expected concurrent requests (synchronous and asynchronous).
If an HTTP request is received that contains an illegal header name
- (i.e. the header name is not a token) this setting determines if the
+ If an HTTP request is received that contains an illegal header name or
+ value (e.g. the header name is not a token) this setting determines if the
request will be rejected with a 400 response ( This attribute is deprecated. It will be removed in Tomcat 10 onwards.
+ It is now an alias for rejectIllegalHeader. The HTTP/1.1
specification requires that certain characters are %nn encoded when
@@ -640,11 +660,18 @@
(bool)Use this attribute to enable or disable usage of the
+ (bool) Use this attribute to enable or disable usage of the
asynchronous IO API. The default value is (bool) Use this attribute to enable or disable the addition of the
+ true) or if the
illegal header be ignored (false). The default value is
true which will cause the request to be rejected.true except when
using the APR connector due to low performance.Keep-Alive HTTP response header as described in
+ this
+ Internet-Draft. The default value is true.
(int)The socket send buffer (SO_SNDBUF) size in bytes. JVM default - used if not set.
+ used if not set. Care should be taken if explicitly setting this value. + Very poor performance has been observed on some JVMs with values less + than ~8k.(bool)This is equivalent to standard attribute
diff -Nru tomcat9-9.0.27/webapps/docs/config/listeners.xml tomcat9-9.0.31/webapps/docs/config/listeners.xml
--- tomcat9-9.0.27/webapps/docs/config/listeners.xml 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/webapps/docs/config/listeners.xml 2020-02-05 19:26:48.000000000 +0000
@@ -504,8 +504,60 @@
+ The HTTPD mod_heartmonitor Listener allows tomcat to send heart beat message to
+ the Apache HTTPD mod_heartmonitor module. The following additional attributes are supported by the HTTPD mod_heartmonitor
+ Listener: Port the connector that will received proxied traffic from HTTPD, default the first connector will be used Host it is the IP corresponding the address of the connector that will received proxied traffic,
+ default empty the Port will be used proxyURL is the URL corresponding to the Location in httpd configuration of the heartbeat Handler,
+ default /HeartbeatListener ProxyList is the list of proxies from which tomcat is going to receive requests,
+ formatted like "address:port,address:port" once filled the multicast logic is disable and the multi parameters are
+ ignored Group is the Multicast IP to boardcast messages to HTTPD, default 224.0.1.105 Multiport is the Multicast port to boardcast messages to HTTPD, default 23364 Ttl is the TTL for the boardcast messages, default 16
This listener is now deprecated as the features it provides are + now available in the remote JMX capability included with the JRE. This + listener will be removed in Tomcat 10 and may be removed from Tomcat 9 some + time after 2020-12-31.
+The JMX Remote Lifecycle Listener fixes the ports used by the JMX/RMI Server making things much simpler if you need to connect visualvm or a similar tool to a remote Tomcat instance that is running @@ -656,50 +708,6 @@
The HTTPD mod_heartmonitor Listener allows tomcat to send heart beat message to - the Apache HTTPD mod_heartmonitor module.
- -The following additional attributes are supported by the HTTPD mod_heartmonitor - Listener:
- -Port the connector that will received proxied traffic from HTTPD, default the first connector will be used
-Host it is the IP corresponding the address of the connector that will received proxied traffic, - default empty the Port will be used
-proxyURL is the URL corresponding to the Location in httpd configuration of the heartbeat Handler, - default /HeartbeatListener
-ProxyList is the list of proxies from which tomcat is going to receive requests, - formatted like "address:port,address:port" once filled the multicast logic is disable and the multi parameters are - ignored
-Group is the Multicast IP to boardcast messages to HTTPD, default 224.0.1.105
-Multiport is the Multicast port to boardcast messages to HTTPD, default 23364
-Ttl is the TTL for the boardcast messages, default 16
-Are requests that appear to be CORS preflight requests allowed to
+ bypass the authenticator as required by the CORS specification. The
+ allowed values are never, filter and
+ always. never means that a request will never
+ bypass authentication even if it appears to be a CORS preflight request.
+ filter means that a request will bypass authentication if
+ it appears to be a CORS preflight request; it is mapped to a web
+ application that has the CORS
+ Filter enabled; and the CORS Filter is mapped to /*.
+ always means that all requests that appear to be CORS
+ preflight requests will bypass authentication. If not set, the default
+ value is never.
Should a session always be used once a user is authenticated? This
may offer some performance benefits since the session can then be used
@@ -1344,6 +1359,21 @@
Are requests that appear to be CORS preflight requests allowed to
+ bypass the authenticator as required by the CORS specification. The
+ allowed values are Should a session always be used once a user is authenticated? This
may offer some performance benefits since the session can then be used
@@ -1511,6 +1541,21 @@
Are requests that appear to be CORS preflight requests allowed to
+ bypass the authenticator as required by the CORS specification. The
+ allowed values are Controls if the session ID is changed if a session exists at the
point where users are authenticated. This is to prevent session fixation
@@ -1637,6 +1682,21 @@
Are requests that appear to be CORS preflight requests allowed to
+ bypass the authenticator as required by the CORS specification. The
+ allowed values are Should we cache authenticated Principals if the request is part of an
HTTP session? If not specified, the default value of A fix introduced in Java 8 update 40 (
- JDK-8048194)
- onwards broke SPNEGO authentication for IE with Tomcat running on
- Windows 2008 R2 servers. This option enables a work-around that allows
- SPNEGO authentication to continue working. The work-around should not
- impact other configurations so it is enabled by default. If necessary,
- the workaround can be disabled by setting this attribute to
- Are requests that appear to be CORS preflight requests allowed to
+ bypass the authenticator as required by the CORS specification. The
+ allowed values are A fix introduced in Java 8 update 40 (
+ JDK-8048194)
+ onwards broke SPNEGO authentication for IE with Tomcat running on
+ Windows 2008 R2 servers. This option enables a work-around that allows
+ SPNEGO authentication to continue working. The work-around should not
+ impact other configurations so it is enabled by default. If necessary,
+ the workaround can be disabled by setting this attribute to
+ Should we cache authenticated Principals if the request is part of an
HTTP session? If not specified, the default value of NOTE: Disabling both showServerInfo and showReport will
- only return the HTTP status code and remove all CSS from the default
- response. The location of the UTF-8 encoded HTML file to return for the HTTP
error code represented by
- Tomcat supports using the GraalVM Native Image tool to produce a native
- binary including the container. This documentation page describes the
- build process of such an image.
+ Tomcat supports using the GraalVM 19.3 Native Image tool to produce
+ a native binary including the container. This documentation page
+ describes the build process of such an image.
Download and install GraalVM. The first step is then to add the
native-image tool.
-
Run the GraalVM substrate VM using the trace agent:
- Once that is done, the VM may be shut down. The descriptors can now be
- generated from the trace file.
-
Running the native image is then:
- never, filter and
+ always. never means that a request will never
+ bypass authentication even if it appears to be a CORS preflight request.
+ filter means that a request will bypass authentication if
+ it appears to be a CORS preflight request; it is mapped to a web
+ application that has the CORS
+ Filter enabled; and the CORS Filter is mapped to /*.
+ always means that all requests that appear to be CORS
+ preflight requests will bypass authentication. If not set, the default
+ value is never.never, filter and
+ always. never means that a request will never
+ bypass authentication even if it appears to be a CORS preflight request.
+ filter means that a request will bypass authentication if
+ it appears to be a CORS preflight request; it is mapped to a web
+ application that has the CORS
+ Filter enabled; and the CORS Filter is mapped to /*.
+ always means that all requests that appear to be CORS
+ preflight requests will bypass authentication. If not set, the default
+ value is never.never, filter and
+ always. never means that a request will never
+ bypass authentication even if it appears to be a CORS preflight request.
+ filter means that a request will bypass authentication if
+ it appears to be a CORS preflight request; it is mapped to a web
+ application that has the CORS
+ Filter enabled; and the CORS Filter is mapped to /*.
+ always means that all requests that appear to be CORS
+ preflight requests will bypass authentication. If not set, the default
+ value is never.true
@@ -1737,15 +1797,19 @@
false.never, filter and
+ always. never means that a request will never
+ bypass authentication even if it appears to be a CORS preflight request.
+ filter means that a request will bypass authentication if
+ it appears to be a CORS preflight request and the web application the
+ request maps to has the CORS
+ Filter enabled and mapped to /*. always
+ means that all requests that appear to be CORS preflight requests will
+ bypass authentication. If not set, the default value is
+ never.false will be used.false.true
@@ -1900,8 +1975,7 @@
status codes and/or exception types.nnn. For example,
errorCode.404 specifies the file to return for an HTTP 404
- error. The location may be relative or absolule. If relative, it must be
+ error. The location may be relative or absolute. If relative, it must be
relative to $CATALINA_BASE. The special value of
errorCode.0 may be used to define a default error page to
be used if no error page is defined for a status code. If no matching
diff -Nru tomcat9-9.0.27/webapps/docs/graal.xml tomcat9-9.0.31/webapps/docs/graal.xml
--- tomcat9-9.0.27/webapps/docs/graal.xml 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/webapps/docs/graal.xml 2020-02-05 19:26:48.000000000 +0000
@@ -35,9 +35,9 @@
--static parameter enables static linking of
+ glibc, zlib and libstd++ in the generated binary.
Servlets, JSPs, EL, websockets, the Tomcat container, tomcat-native, HTTP/2
- are all supported out of the box in a native image. However, EL uses
- BeanInfo reflection which needs manual descriptor configuration.
- To give an example, the EL expression
-
@@ -183,6 +173,20 @@ listeners (use of internal code that does not exist in Graal).
++ Missing items for better Tomcat functionality: +
The Oracle website includes the list of options and how to configure - JMX Remote on Java 6: - + JMX Remote on Java 8: + http://docs.oracle.com/javase/6/docs/technotes/guides/management/agent.html.
-The following is a quick configuration guide for Java 6:
+The following is a quick configuration guide for Java 8:
Add the following parameters to setenv.bat script of your
Tomcat (see RUNNING.txt for details).
Note: This syntax is for Microsoft Windows. The command has
to be on the same line. It is wrapped to be more readable. If Tomcat is
running as a Windows service, use its configuration dialog to set
java options for the service.
- For un*xes remove "set " from beginning of the line.
+ For Linux, MacOS, etc, remove "set " from beginning of the
+ line.
If you don't set com.sun.management.jmxremote.rmi.port then the
+JSR 160 JMX-Adaptor will select a port at random which will may it difficult to
+configure a firewall to allow access.
If you require TLS:
If you require authorization (it is strongly recommended that TLS is always +used with authentication):
+Note: The JSR 160 JMX-Adaptor opens a second data channel
- on a random port. That is a problem when you have a local firewall installed.
- To fix it, configure a JmxRemoteLifecycleListener, as described
- in listeners documentation.
-
If you need to specify a host name to be used in the RMI stubs sent to the +client (e.g. because the public host name that must be used to connect is not +the same as the local host name) then you can set:
+If you need to specify a specific interface for the JMX service to bind to +then you can set:
+To simplify JMX usage with Ant 1.6.x, a set of tasks is provided that may +
To simplify JMX usage with Ant, a set of tasks is provided that may be used with antlib.
antlib: Copy your catalina-ant.jar from $CATALINA_HOME/lib to $ANT_HOME/lib.
The following example shows the JMX Accessor usage: The referenced implementation of such a class – in our example Note: Starting with Tomcat 9 you can use more than one parameter. These have to be separated by spaces. Parameters
+ can be quoted with ". This enables space characters inside parameters. That map instance will be given the the lookup value that is configured in the corresponding Say, you want to implement a rewrite map function that converts all lookup keys to uppercase. You
+ would start by implementing a class that implements the Compile this class, put it into a jar and place that jar in Having done that, you can now define a map with the With this setup a request to the url path Back-references are identifiers of the form
diff -Nru tomcat9-9.0.27/webapps/docs/security-howto.xml tomcat9-9.0.31/webapps/docs/security-howto.xml
--- tomcat9-9.0.27/webapps/docs/security-howto.xml 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/webapps/docs/security-howto.xml 2020-02-05 19:26:48.000000000 +0000
@@ -246,18 +246,31 @@
By default, an HTTP and an AJP connector are configured. Connectors
- that will not be used should be removed from server.xml. By default, a non-TLS, HTTP/1.1 connector is configured on port 8080.
+ Connectors that will not be used should be removed from server.xml. AJP Connectors should only be used on trusted networks or be
+ appropriately secured with a suitable AJP Connectors block forwarded requests with unknown request
+ attributes. Known safe and/or expected attributes may be allowed by
+ configuration an appropriate regular expression for the
+ The address attribute may be used to control which IP
- address the connector listens on for connections. By default, the
- connector listens on all configured IP addresses.
diff -Nru tomcat9-9.0.27/webapps/docs/rewrite.xml tomcat9-9.0.31/webapps/docs/rewrite.xml
--- tomcat9-9.0.27/webapps/docs/rewrite.xml 2019-10-07 09:50:40.000000000 +0000
+++ tomcat9-9.0.31/webapps/docs/rewrite.xml 2020-02-05 19:26:48.000000000 +0000
@@ -17,6 +17,7 @@
-->
+
]>
${mapname:key|default}.
- See the documentation for
+ See the documentation for
RewriteMap for more details.
rewriteMapClassName –
+ will be instantiated and initialized with the optional parameter – optionalParameters from above
+ (be careful with whitespace) – by calling setParameters(String). That instance
+ will then be registered under the name given as the first paramter of RewriteMap rule.RewriteRule by
+ calling lookup(String). Your implementation is free to return null to indicate,
+ that the given default should be used, or to return a replacement value.RewriteMap interface.${CATALINA_BASE}/lib.RewriteMap directive
+ and further on use that map in a RewriteRule./index.html would get routed
+ to /INDEX.HTML.%{VARNAME})${mapname:key|default})secret attribute.allowedRequestAttributesPattern attribute.
The allowTrace attribute may be used to enable TRACE requests which can be useful for debugging. Due to the way some browsers handle the response from a TRACE request (which exposes the browser to an XSS attack), support for TRACE requests is disabled by default.
+The discardFacades attribute set to true
+ will cause a new facade object to be created for each request. This
+ reduces the chances of a bug in an application exposing data from one
+ request to another.
The maxPostSize attribute controls the maximum size of a POST request that will be parsed for parameters. The parameters are cached for the duration of the request so this is limited to 2MB by @@ -286,8 +299,9 @@
The server attribute controls the value of the Server
HTTP header. The default value of this header for Tomcat 4.1.x to
-
The SSLEnabled, scheme and secure attributes may all be independently set. These are @@ -448,11 +462,6 @@
Setting org.apache.catalina.connector.RECYCLE_FACADES
- system property to true will cause a new facade object to be
- created for each request. This reduces the chances of a bug in an
- application exposing data from one request to another.
The org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH and org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH diff -Nru tomcat9-9.0.27/webapps/docs/setup.xml tomcat9-9.0.31/webapps/docs/setup.xml --- tomcat9-9.0.27/webapps/docs/setup.xml 2019-10-07 09:50:40.000000000 +0000 +++ tomcat9-9.0.31/webapps/docs/setup.xml 2020-02-05 19:26:48.000000000 +0000 @@ -61,12 +61,17 @@ administration tool and its documentation).
JAVA_HOME environment variable. It is not mandatory to
+ use the default JRE detected by the installer. Any installed Java
+ DEV.LOCAL) is not case sensitive when used in
-the ktpass command, nor when used in jaas.confdev.local) is always used in
+lower case. The domain name is typically not case sensitive.DEV.LOCAL) is always
+used in upper case. The realm name is case sensitive.There are four components to the configuration of the built-in Tomcat support for Windows authentication. The domain controller, the server hosting @@ -80,8 +82,8 @@ component.
The names of the three machines used in the configuration examples below are win-dc01.dev.local (the domain controller), win-tc01.dev.local (the Tomcat -instance) and win-pc01.dev.local (client). All are members of the DEV.LOCAL -domain.
+instance) and win-pc01.dev.local (client). All are members of the +dev.local domain.
Note: In order to use the passwords in the steps below, the domain password policy had to be relaxed. This is not recommended for production environments.
@@ -114,14 +116,14 @@ user istest with a password of testpass.
The above steps have been tested on a domain controller running Windows - Server 2008 R2 64-bit Standard using the Windows Server 2003 functional level + Server 2019 Standard using the Windows Server 2016 functional level for both the forest and the domain.
These steps assume that Tomcat and a Java 6 JDK/JRE have already been - installed and configured and that Tomcat is running as the tc01@DEV.LOCAL +
These steps assume that Tomcat and a Java 8 JDK/JRE have already been + installed and configured and that Tomcat is running as the tc01@dev.local user. The steps to configure the Tomcat instance for Windows authentication are as follows:
@@ -180,7 +182,7 @@ may be used that will simply return a Principal based on the authenticated user name that does not have any roles.The above steps have been tested on a Tomcat server running Windows Server - 2008 R2 64-bit Standard with an Oracle 1.6.0_24 64-bit JDK.
+ 2019 Standard with AdoptOpenJDK 8u232-b09 (64-bit).