* To reconstruct a URL with a scheme and host, use {@link #getRequestURL}.
*
- * @return a String containing the part of the URL from the protocol name up to the query string
+ * @return a String containing the path part of the URL from after the authority to before the query
+ * string
*
* @see #getRequestURL
*/
diff -Nru tomcat10-10.1.40/java/jakarta/servlet/http/LocalStrings_ja.properties tomcat10-10.1.52/java/jakarta/servlet/http/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/jakarta/servlet/http/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/jakarta/servlet/http/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -28,7 +28,7 @@
http.method_delete_not_supported=HTTPのDELETEメソッドは、このURLではサポートされていません。
http.method_get_not_supported=HTTPのGETメソッドは、このURLではサポートされていません。
-http.method_not_implemented=メソッド [{0}] は RFC 2068 には定義されておらず、サーブレット API ではサポートされません
+http.method_not_implemented=メソッド [{0}] はこの URI のこのサーブレットでは実装されていません
http.method_post_not_supported=HTTPのPOSTメソッドは、このURLではサポートされていません。
http.method_put_not_supported=HTTPのPUTメソッドは、このURLではサポートされていません。
http.non_http=リクエストが HTTP リクエストではない、あるいはレスポンスが HTTP レスポンスではありません。
diff -Nru tomcat10-10.1.40/java/jakarta/servlet/http/LocalStrings_ru.properties tomcat10-10.1.52/java/jakarta/servlet/http/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/jakarta/servlet/http/LocalStrings_ru.properties 1970-01-01 00:00:00.000000000 +0000
+++ tomcat10-10.1.52/java/jakarta/servlet/http/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -0,0 +1,21 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Do not edit this file directly.
+# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
+
+http.method_get_not_supported=HTTP метод GET не поддерживается этим URL
+http.method_post_not_supported=HTTP метод POST не поддерживается этим URL
+http.method_put_not_supported=HTTP метод PUT не поддерживается этим URL
diff -Nru tomcat10-10.1.40/java/jakarta/servlet/jsp/LocalStrings_ru.properties tomcat10-10.1.52/java/jakarta/servlet/jsp/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/jakarta/servlet/jsp/LocalStrings_ru.properties 1970-01-01 00:00:00.000000000 +0000
+++ tomcat10-10.1.52/java/jakarta/servlet/jsp/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Do not edit this file directly.
+# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
+
+el.unknown.identifier=Неизвестный идентификатор
diff -Nru tomcat10-10.1.40/java/jakarta/servlet/jsp/tagext/BodyContent.java tomcat10-10.1.52/java/jakarta/servlet/jsp/tagext/BodyContent.java
--- tomcat10-10.1.40/java/jakarta/servlet/jsp/tagext/BodyContent.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/jakarta/servlet/jsp/tagext/BodyContent.java 2026-01-23 19:33:36.000000000 +0000
@@ -71,7 +71,7 @@
public void clearBody() {
try {
this.clear();
- } catch (IOException ex) {
+ } catch (IOException ioe) {
// TODO -- clean this one up.
throw new Error("internal error!;");
}
diff -Nru tomcat10-10.1.40/java/jakarta/websocket/ContainerProvider.java tomcat10-10.1.52/java/jakarta/websocket/ContainerProvider.java
--- tomcat10-10.1.40/java/jakarta/websocket/ContainerProvider.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/jakarta/websocket/ContainerProvider.java 2026-01-23 19:33:36.000000000 +0000
@@ -47,7 +47,7 @@
Class clazz =
(Class) Class.forName(DEFAULT_PROVIDER_CLASS_NAME);
result = clazz.getConstructor().newInstance();
- } catch (ReflectiveOperationException | IllegalArgumentException | SecurityException e) {
+ } catch (ReflectiveOperationException | IllegalArgumentException | SecurityException ignore) {
// No options left. Just return null.
}
}
diff -Nru tomcat10-10.1.40/java/jakarta/websocket/server/ServerEndpointConfig.java tomcat10-10.1.52/java/jakarta/websocket/server/ServerEndpointConfig.java
--- tomcat10-10.1.40/java/jakarta/websocket/server/ServerEndpointConfig.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/jakarta/websocket/server/ServerEndpointConfig.java 2026-01-23 19:33:36.000000000 +0000
@@ -182,7 +182,7 @@
@SuppressWarnings("unchecked")
Class clazz = (Class) Class.forName(DEFAULT_IMPL_CLASSNAME);
result = clazz.getConstructor().newInstance();
- } catch (ReflectiveOperationException | IllegalArgumentException | SecurityException e) {
+ } catch (ReflectiveOperationException | IllegalArgumentException | SecurityException ignore) {
// No options left. Just return null.
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Authenticator.java tomcat10-10.1.52/java/org/apache/catalina/Authenticator.java
--- tomcat10-10.1.40/java/org/apache/catalina/Authenticator.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Authenticator.java 2026-01-23 19:33:36.000000000 +0000
@@ -27,8 +27,6 @@
/**
* An Authenticator is a component (usually a Valve or Container) that provides some sort of authentication
* service.
- *
- * @author Craig R. McClanahan
*/
public interface Authenticator {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Cluster.java tomcat10-10.1.52/java/org/apache/catalina/Cluster.java
--- tomcat10-10.1.40/java/org/apache/catalina/Cluster.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Cluster.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,9 +21,6 @@
* support different ways to communicate within the Cluster. A Cluster implementation is responsible for setting up a
* way to communicate within the Cluster and also supply "ClientApplications" with ClusterSender used when
* sending information in the Cluster and ClusterInfo used for receiving information in the Cluster.
- *
- * @author Bip Thelin
- * @author Remy Maucherat
*/
public interface Cluster extends Contained {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Contained.java tomcat10-10.1.52/java/org/apache/catalina/Contained.java
--- tomcat10-10.1.40/java/org/apache/catalina/Contained.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Contained.java 2026-01-23 19:33:36.000000000 +0000
@@ -17,13 +17,8 @@
package org.apache.catalina;
/**
- *
* Decoupling interface which specifies that an implementing class is associated with at most one
* Container instance.
- *
- *
- * @author Craig R. McClanahan
- * @author Peter Donald
*/
public interface Contained {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Container.java tomcat10-10.1.52/java/org/apache/catalina/Container.java
--- tomcat10-10.1.40/java/org/apache/catalina/Container.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Container.java 2026-01-23 19:33:36.000000000 +0000
@@ -60,9 +60,6 @@
*
Resources - JNDI directory context enabling access to static resources, enabling custom linkages to
* existing server components when Catalina is embedded in a larger server.
*
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
public interface Container extends Lifecycle {
@@ -429,7 +426,7 @@
*
* @param request Request (associated with the response) to log
* @param response Response (associated with the request) to log
- * @param time Time taken to process the request/response in milliseconds (use 0 if not known)
+ * @param time Time taken to process the request/response in nanoseconds (use 0 if not known)
* @param useDefault Flag that indicates that the request/response should be logged in the engine's default access
* log
*/
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ContainerEvent.java tomcat10-10.1.52/java/org/apache/catalina/ContainerEvent.java
--- tomcat10-10.1.40/java/org/apache/catalina/ContainerEvent.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ContainerEvent.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
/**
* General event for notifying listeners of significant changes on a Container.
- *
- * @author Craig R. McClanahan
*/
public final class ContainerEvent extends EventObject {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ContainerListener.java tomcat10-10.1.52/java/org/apache/catalina/ContainerListener.java
--- tomcat10-10.1.40/java/org/apache/catalina/ContainerListener.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ContainerListener.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
/**
* Interface defining a listener for significant Container generated events. Note that "container start" and "container
* stop" events are normally LifecycleEvents, not ContainerEvents.
- *
- * @author Craig R. McClanahan
*/
public interface ContainerListener {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ContainerServlet.java tomcat10-10.1.52/java/org/apache/catalina/ContainerServlet.java
--- tomcat10-10.1.40/java/org/apache/catalina/ContainerServlet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ContainerServlet.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
* A ContainerServlet is a servlet that has access to Catalina internal functionality, and is loaded from the
* Catalina class loader instead of the web application class loader. The property setter methods must be called by the
* container whenever a new instance of this servlet is put into service.
- *
- * @author Craig R. McClanahan
*/
public interface ContainerServlet {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Context.java tomcat10-10.1.52/java/org/apache/catalina/Context.java
--- tomcat10-10.1.40/java/org/apache/catalina/Context.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Context.java 2026-01-23 19:33:36.000000000 +0000
@@ -61,8 +61,6 @@
* The child containers attached to a Context are generally implementations of Wrapper (representing individual servlet
* definitions).
*
- *
- * @author Craig R. McClanahan
*/
public interface Context extends Container, ContextBind {
@@ -1100,7 +1098,7 @@
/**
* @return the array of watched resources for this Context. If none are defined, a zero length array will be
- * returned.
+ * returned.
*/
String[] findWatchedResources();
@@ -1116,7 +1114,7 @@
/**
* @return the array of welcome files defined for this Context. If none are defined, a zero-length array is
- * returned.
+ * returned.
*/
String[] findWelcomeFiles();
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Engine.java tomcat10-10.1.52/java/org/apache/catalina/Engine.java
--- tomcat10-10.1.40/java/org/apache/catalina/Engine.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Engine.java 2026-01-23 19:33:36.000000000 +0000
@@ -32,8 +32,6 @@
*
* If used, an Engine is always the top level Container in a Catalina hierarchy. Therefore, the implementation's
* setParent() method should throw IllegalArgumentException.
- *
- * @author Craig R. McClanahan
*/
public interface Engine extends Container {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Globals.java tomcat10-10.1.52/java/org/apache/catalina/Globals.java
--- tomcat10-10.1.40/java/org/apache/catalina/Globals.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Globals.java 2026-01-23 19:33:36.000000000 +0000
@@ -18,8 +18,6 @@
/**
* Global constants that are applicable to multiple packages within Catalina.
- *
- * @author Craig R. McClanahan
*/
public final class Globals {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Group.java tomcat10-10.1.52/java/org/apache/catalina/Group.java
--- tomcat10-10.1.40/java/org/apache/catalina/Group.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Group.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,8 +25,6 @@
* group inherits the {@link Role}s assigned to the group.
*
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public interface Group extends Principal {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Host.java tomcat10-10.1.52/java/org/apache/catalina/Host.java
--- tomcat10-10.1.40/java/org/apache/catalina/Host.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Host.java 2026-01-23 19:33:36.000000000 +0000
@@ -37,8 +37,6 @@
*
* The child containers attached to a Host are generally implementations of Context (representing an individual servlet
* context).
- *
- * @author Craig R. McClanahan
*/
public interface Host extends Container {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Lifecycle.java tomcat10-10.1.52/java/org/apache/catalina/Lifecycle.java
--- tomcat10-10.1.40/java/org/apache/catalina/Lifecycle.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Lifecycle.java 2026-01-23 19:33:36.000000000 +0000
@@ -75,8 +75,6 @@
*
* The {@link LifecycleEvent}s fired during state changes are defined in the methods that trigger the changed. No
* {@link LifecycleEvent}s are fired if the attempted transition is not valid.
- *
- * @author Craig R. McClanahan
*/
public interface Lifecycle {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/LifecycleEvent.java tomcat10-10.1.52/java/org/apache/catalina/LifecycleEvent.java
--- tomcat10-10.1.40/java/org/apache/catalina/LifecycleEvent.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/LifecycleEvent.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
/**
* General event for notifying listeners of significant changes on a component that implements the Lifecycle interface.
- *
- * @author Craig R. McClanahan
*/
public final class LifecycleEvent extends EventObject {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/LifecycleException.java tomcat10-10.1.52/java/org/apache/catalina/LifecycleException.java
--- tomcat10-10.1.40/java/org/apache/catalina/LifecycleException.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/LifecycleException.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
/**
* General purpose exception that is thrown to indicate a lifecycle related problem. Such exceptions should generally be
* considered fatal to the operation of the application containing this component.
- *
- * @author Craig R. McClanahan
*/
public final class LifecycleException extends Exception {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/LifecycleListener.java tomcat10-10.1.52/java/org/apache/catalina/LifecycleListener.java
--- tomcat10-10.1.40/java/org/apache/catalina/LifecycleListener.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/LifecycleListener.java 2026-01-23 19:33:36.000000000 +0000
@@ -18,11 +18,9 @@
/**
- * Interface defining a listener for significant events (including "component start" and "component stop") generated by a
- * component that implements the Lifecycle interface. The listener will be fired after the associated state change has
+ * Interface defining a listener for significant events (including "component start" and "component stop") generated by
+ * a component that implements the Lifecycle interface. The listener will be fired after the associated state change has
* taken place.
- *
- * @author Craig R. McClanahan
*/
public interface LifecycleListener {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Loader.java tomcat10-10.1.52/java/org/apache/catalina/Loader.java
--- tomcat10-10.1.40/java/org/apache/catalina/Loader.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Loader.java 2026-01-23 19:33:36.000000000 +0000
@@ -35,8 +35,6 @@
*
Based on a policy chosen by the implementation, must call the Context.reload() method on the owning
* Context when a change to one or more of the class files loaded by this class loader is detected.
*
- *
- * @author Craig R. McClanahan
*/
public interface Loader {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Manager.java tomcat10-10.1.52/java/org/apache/catalina/Manager.java
--- tomcat10-10.1.40/java/org/apache/catalina/Manager.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Manager.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,8 +31,6 @@
*
Must allow a call to stop() to be followed by a call to start() on the same
* Manager instance.
*
- *
- * @author Craig R. McClanahan
*/
public interface Manager {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Pipeline.java tomcat10-10.1.52/java/org/apache/catalina/Pipeline.java
--- tomcat10-10.1.40/java/org/apache/catalina/Pipeline.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Pipeline.java 2026-01-23 19:33:36.000000000 +0000
@@ -19,21 +19,15 @@
import java.util.Set;
/**
- *
* Interface describing a collection of Valves that should be executed in sequence when the invoke() method
* is invoked. It is required that a Valve somewhere in the pipeline (usually the last one) must process the request and
* create the corresponding response, rather than trying to pass the request on.
- *
*
* There is generally a single Pipeline instance associated with each Container. The container's normal request
* processing functionality is generally encapsulated in a container-specific Valve, which should always be executed at
* the end of a pipeline. To facilitate this, the setBasic() method is provided to set the Valve instance
* that will always be executed last. Other Valves will be executed in the order that they were added, before the basic
* Valve is executed.
- *
- *
- * @author Craig R. McClanahan
- * @author Peter Donald
*/
public interface Pipeline extends Contained {
@@ -81,7 +75,7 @@
/**
* @return the array of Valves in the pipeline associated with this Container, including the basic Valve (if any).
- * If there are no such Valves, a zero-length array is returned.
+ * If there are no such Valves, a zero-length array is returned.
*/
Valve[] getValves();
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Realm.java tomcat10-10.1.52/java/org/apache/catalina/Realm.java
--- tomcat10-10.1.40/java/org/apache/catalina/Realm.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Realm.java 2026-01-23 19:33:36.000000000 +0000
@@ -32,8 +32,6 @@
* A Realm is a read-only facade for an underlying security realm used to authenticate individual users, and
* identify the security roles associated with those users. Realms can be attached at any Container level, but will
* typically only be attached to a Context, or higher level, Container.
- *
- * @author Craig R. McClanahan
*/
public interface Realm extends Contained {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Role.java tomcat10-10.1.52/java/org/apache/catalina/Role.java
--- tomcat10-10.1.40/java/org/apache/catalina/Role.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Role.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,8 +26,6 @@
* Principals.
*
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public interface Role extends Principal {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Server.java tomcat10-10.1.52/java/org/apache/catalina/Server.java
--- tomcat10-10.1.40/java/org/apache/catalina/Server.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Server.java 2026-01-23 19:33:36.000000000 +0000
@@ -34,8 +34,6 @@
* In between, the implementation must open a server socket on the port number specified by the port
* property. When a connection is accepted, the first line is read and compared with the specified shutdown command. If
* the command matches, shutdown of the server is initiated.
- *
- * @author Craig R. McClanahan
*/
public interface Server extends Lifecycle {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Service.java tomcat10-10.1.52/java/org/apache/catalina/Service.java
--- tomcat10-10.1.40/java/org/apache/catalina/Service.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Service.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,8 +26,6 @@
*
* A given JVM can contain any number of Service instances; however, they are completely independent of each other and
* share only the basic JVM facilities and classes on the system class path.
- *
- * @author Craig R. McClanahan
*/
public interface Service extends Lifecycle {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Session.java tomcat10-10.1.52/java/org/apache/catalina/Session.java
--- tomcat10-10.1.40/java/org/apache/catalina/Session.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Session.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,8 +26,6 @@
/**
* A Session is the Catalina-internal facade for an HttpSession that is used to maintain state
* information between requests for a particular user of a web application.
- *
- * @author Craig R. McClanahan
*/
public interface Session {
@@ -58,6 +56,10 @@
*/
String SESSION_PASSIVATED_EVENT = "passivateSession";
+ /**
+ * The SessionEvent event type when a session changes its sessionId.
+ */
+ String SESSION_CHANGED_ID_EVENT = "changeSessionId";
// ------------------------------------------------------------- Properties
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/SessionEvent.java tomcat10-10.1.52/java/org/apache/catalina/SessionEvent.java
--- tomcat10-10.1.40/java/org/apache/catalina/SessionEvent.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/SessionEvent.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,8 +22,6 @@
/**
* General event for notifying listeners of significant changes on a Session.
- *
- * @author Craig R. McClanahan
*/
public final class SessionEvent extends EventObject {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/SessionListener.java tomcat10-10.1.52/java/org/apache/catalina/SessionListener.java
--- tomcat10-10.1.40/java/org/apache/catalina/SessionListener.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/SessionListener.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,8 +21,6 @@
/**
* Interface defining a listener for significant Session generated events.
- *
- * @author Craig R. McClanahan
*/
public interface SessionListener extends EventListener {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Store.java tomcat10-10.1.52/java/org/apache/catalina/Store.java
--- tomcat10-10.1.40/java/org/apache/catalina/Store.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Store.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,13 +25,9 @@
* A Store is the abstraction of a Catalina component that provides persistent storage and loading of Sessions
* and their associated user data. Implementations are free to save and load the Sessions to any media they wish, but it
* is assumed that saved Sessions are persistent across server or context restarts.
- *
- * @author Craig R. McClanahan
*/
public interface Store {
- // ------------------------------------------------------------- Properties
-
/**
* @return the Manager instance associated with this Store.
*/
@@ -54,9 +50,6 @@
int getSize() throws IOException;
- // --------------------------------------------------------- Public Methods
-
-
/**
* Add a property change listener to this component.
*
@@ -77,6 +70,11 @@
/**
* Load and return the Session associated with the specified session identifier from this Store, without removing
* it. If there is no such stored Session, return null.
+ *
+ * Implementations should expect, and correctly handle, concurrent calls to any method but in particular calls to
+ * {@code #load(String)}, {@code #save(Session)} and {@code #remove(String)} for the same session.
+ *
+ * The session ID is user provided so stores must treat it as untrusted data.
*
* @param id Session identifier of the session to load
*
@@ -91,6 +89,11 @@
/**
* Remove the Session with the specified session identifier from this Store, if present. If no such Session is
* present, this method takes no action.
+ *
+ * Implementations should expect, and correctly handle, concurrent calls to any method but in particular calls to
+ * {@code #load(String)}, {@code #save(Session)} and {@code #remove(String)} for the same session.
+ *
+ * The session ID is user provided so stores must treat it as untrusted data.
*
* @param id Session identifier of the Session to be removed
*
@@ -118,12 +121,13 @@
/**
* Save the specified Session into this Store. Any previously saved information for the associated session
* identifier is replaced.
+ *
+ * Implementations should expect, and correctly handle, concurrent calls to any method but in particular calls to
+ * {@code #load(String)}, {@code #save(Session)} and {@code #remove(String)} for the same session.
*
* @param session Session to be saved
*
* @exception IOException if an input/output error occurs
*/
void save(Session session) throws IOException;
-
-
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/User.java tomcat10-10.1.52/java/org/apache/catalina/User.java
--- tomcat10-10.1.40/java/org/apache/catalina/User.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/User.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,8 +26,6 @@
* {@link Group}s through which they inherit additional security roles, and is optionally assigned a set of specific
* {@link Role}s.
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public interface User extends Principal {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/UserDatabase.java tomcat10-10.1.52/java/org/apache/catalina/UserDatabase.java
--- tomcat10-10.1.40/java/org/apache/catalina/UserDatabase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/UserDatabase.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,8 +23,6 @@
* along with definitions of corresponding {@link Role}s, and referenced by a {@link Realm} for authentication and
* access control.
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public interface UserDatabase {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Valve.java tomcat10-10.1.52/java/org/apache/catalina/Valve.java
--- tomcat10-10.1.40/java/org/apache/catalina/Valve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Valve.java 2026-01-23 19:33:36.000000000 +0000
@@ -24,17 +24,12 @@
import org.apache.catalina.connector.Response;
/**
- *
* A Valve is a request processing component associated with a particular Container. A series of Valves are
* generally associated with each other into a Pipeline. The detailed contract for a Valve is included in the
* description of the invoke() method below.
- *
+ *
* HISTORICAL NOTE: The "Valve" name was assigned to this concept because a valve is what you use in a real world
* pipeline to control and/or modify flows through it.
- *
- * @author Craig R. McClanahan
- * @author Gunnar Rjnning
- * @author Peter Donald
*/
public interface Valve {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/WebResourceRoot.java tomcat10-10.1.52/java/org/apache/catalina/WebResourceRoot.java
--- tomcat10-10.1.40/java/org/apache/catalina/WebResourceRoot.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/WebResourceRoot.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,6 +21,8 @@
import java.util.List;
import java.util.Set;
+import org.apache.catalina.util.ResourceSet;
+
/**
* Represents the complete set of resources for a web application. The resources for a web application consist of
* multiple ResourceSets and when looking for a Resource, the ResourceSets are processed in the following order:
@@ -95,8 +97,8 @@
* calls to this method until the web application is reloaded. No guarantee is made as to what the search order for
* JAR files may be.
*
- * @param path The path of the class loader resource of interest relative to the root of class loader resources
- * for this web application.
+ * @param path The path of the class loader resource of interest relative to the root of class loader resources for
+ * this web application.
*
* @return The object that represents the class loader resource at the given path
*/
@@ -246,14 +248,16 @@
void setContext(Context context);
/**
- * Configure if this resources allow the use of symbolic links.
+ * Configure if this web application allows the use of symbolic links by default. Individual {@link ResourceSet}s
+ * may override this setting.
*
* @param allowLinking true if symbolic links are allowed.
*/
void setAllowLinking(boolean allowLinking);
/**
- * Determine if this resources allow the use of symbolic links.
+ * Determine if this web application allows the use of symbolic links by default. Individual {@link ResourceSet}s
+ * may override this setting.
*
* @return true if symbolic links are allowed
*/
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/WebResourceSet.java tomcat10-10.1.52/java/org/apache/catalina/WebResourceSet.java
--- tomcat10-10.1.40/java/org/apache/catalina/WebResourceSet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/WebResourceSet.java 2026-01-23 19:33:36.000000000 +0000
@@ -135,4 +135,19 @@
* resources.
*/
void gc();
+
+ /**
+ * Configure if this {@code ResourceSet} allows the use of symbolic links.
+ *
+ * @param allowLinking true if symbolic links are allowed.
+ */
+ void setAllowLinking(boolean allowLinking);
+
+ /**
+ * Determine if this {@code ResourceSet} allows the use of symbolic links. If {@link #setAllowLinking(boolean)} has
+ * not been called for this instance, the value of {@link WebResourceRoot#getAllowLinking()} is returned.
+ *
+ * @return true if symbolic links are allowed
+ */
+ boolean getAllowLinking();
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/Wrapper.java tomcat10-10.1.52/java/org/apache/catalina/Wrapper.java
--- tomcat10-10.1.40/java/org/apache/catalina/Wrapper.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/Wrapper.java 2026-01-23 19:33:36.000000000 +0000
@@ -36,8 +36,6 @@
*
* Child Containers are not allowed on Wrapper implementations, so the addChild() method should throw an
* IllegalArgumentException.
- *
- * @author Craig R. McClanahan
*/
public interface Wrapper extends Container {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/AbstractCatalinaTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/AbstractCatalinaTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/AbstractCatalinaTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/AbstractCatalinaTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -28,6 +28,7 @@
import java.net.URLConnection;
import org.apache.catalina.util.IOTools;
+import org.apache.tomcat.util.http.Method;
import org.apache.tools.ant.BuildException;
import org.apache.tools.ant.Project;
@@ -35,8 +36,6 @@
* Abstract base class for Ant tasks that interact with the Manager web application for dynamically deploying
* and undeploying applications. These tasks require Ant 1.4 or later.
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public abstract class AbstractCatalinaTask extends BaseRedirectorHelperTask {
@@ -187,7 +186,7 @@
preAuthenticate();
hconn.setDoOutput(true);
- hconn.setRequestMethod("PUT");
+ hconn.setRequestMethod(Method.PUT);
if (contentType != null) {
hconn.setRequestProperty("Content-Type", contentType);
}
@@ -198,7 +197,7 @@
}
} else {
hconn.setDoOutput(false);
- hconn.setRequestMethod("GET");
+ hconn.setRequestMethod(Method.GET);
}
hconn.setRequestProperty("User-Agent", "Catalina-Ant-Task/1.0");
@@ -297,7 +296,7 @@
hconn.setDoInput(true);
hconn.setUseCaches(false);
hconn.setDoOutput(false);
- hconn.setRequestMethod("OPTIONS");
+ hconn.setRequestMethod(Method.OPTIONS);
hconn.setRequestProperty("User-Agent", "Catalina-Ant-Task/1.0");
// Establish the connection with the server
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/BaseRedirectorHelperTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/BaseRedirectorHelperTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/BaseRedirectorHelperTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/BaseRedirectorHelperTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -30,14 +30,12 @@
/**
* Abstract base class to add output redirection support for Catalina Ant tasks. These tasks require Ant 1.5 or later.
*
- * WARNING: due to dependency chain, Ant could call a Task more than once and this can affect the output
- * redirection when configured. If you are collecting the output in a property, it will collect the output of only the
- * first run, since Ant properties are immutable and once created they cannot be changed.
+ * WARNING: due to dependency chain, Ant could call a Task more than once and this can affect the
+ * output redirection when configured. If you are collecting the output in a property, it will collect the output of
+ * only the first run, since Ant properties are immutable and once created they cannot be changed.
* If you are collecting output in a file the file will be overwritten with the output of the last run, unless you set
* append="true", in which case each run will append it's output to the file.
*
- * @author Gabriele Garuglieri
- *
* @since 5.5
*/
public abstract class BaseRedirectorHelperTask extends Task {
@@ -218,8 +216,8 @@
redirectOutput = true;
}
/*
- * Due to dependency chain, Ant could call the Task more than once, this is to prevent that we attempt to configure
- * uselessly more than once the Redirector.
+ * Due to dependency chain, Ant could call the Task more than once, this is to prevent that we attempt to
+ * configure uselessly more than once the Redirector.
*/
redirectorConfigured = true;
}
@@ -256,8 +254,8 @@
log("Error closing redirector: " + ioe.getMessage(), Project.MSG_ERR);
}
/*
- * Due to dependency chain, Ant could call the Task more than once, this is to prevent that we attempt to reuse the
- * previously closed Streams.
+ * Due to dependency chain, Ant could call the Task more than once, this is to prevent that we attempt to reuse
+ * the previously closed Streams.
*/
redirectOutStream = null;
redirectOutPrintStream = null;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/DeployTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/DeployTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/DeployTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/DeployTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -32,8 +32,6 @@
/**
* Ant task that implements the /deploy command, supported by the Tomcat manager application.
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public class DeployTask extends AbstractCatalinaCommandTask {
@@ -145,15 +143,15 @@
FileChannel fsChannel = fsInput.getChannel();
contentLength = fsChannel.size();
stream = new BufferedInputStream(fsInput, 1024);
- } catch (IOException e) {
+ } catch (IOException ioe) {
if (fsInput != null) {
try {
fsInput.close();
- } catch (IOException ioe) {
+ } catch (IOException ignore) {
// Ignore
}
}
- throw new BuildException(e);
+ throw new BuildException(ioe);
}
}
contentType = "application/octet-stream";
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/JKStatusUpdateTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/JKStatusUpdateTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/JKStatusUpdateTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/JKStatusUpdateTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -24,8 +24,6 @@
/**
* Ant task that implements the /status command, supported by the mod_jk status (1.2.9) application.
*
- * @author Peter Rossbach
- *
* @since 5.5.9
*/
public class JKStatusUpdateTask extends AbstractCatalinaTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/JMXGetTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/JMXGetTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/JMXGetTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/JMXGetTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,8 +26,6 @@
/**
* Ant task that implements the JMX Get command (/jmxproxy/?get) supported by the Tomcat manager
* application.
- *
- * @author Peter Rossbach
*/
public class JMXGetTask extends AbstractCatalinaTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/JMXQueryTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/JMXQueryTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/JMXQueryTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/JMXQueryTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,8 +26,6 @@
/**
* Ant task that implements the JMX Query command (/jmxproxy/?qry) supported by the Tomcat manager
* application.
- *
- * @author Vivek Chopra
*/
public class JMXQueryTask extends AbstractCatalinaTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/JMXSetTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/JMXSetTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/JMXSetTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/JMXSetTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,8 +26,6 @@
/**
* Ant task that implements the JMX Set command (/jmxproxy/?set) supported by the Tomcat manager
* application.
- *
- * @author Vivek Chopra
*/
public class JMXSetTask extends AbstractCatalinaTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/ListTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/ListTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/ListTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/ListTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,8 +23,6 @@
/**
* Ant task that implements the /list command, supported by the Tomcat manager application.
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public class ListTask extends AbstractCatalinaTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/ReloadTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/ReloadTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/ReloadTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/ReloadTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,8 +23,6 @@
/**
* Ant task that implements the /reload command, supported by the Tomcat manager application.
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public class ReloadTask extends AbstractCatalinaCommandTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/ResourcesTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/ResourcesTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/ResourcesTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/ResourcesTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,8 +26,6 @@
/**
* Ant task that implements the /resources command, supported by the Tomcat manager application.
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public class ResourcesTask extends AbstractCatalinaTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/ServerinfoTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/ServerinfoTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/ServerinfoTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/ServerinfoTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -16,19 +16,13 @@
*/
package org.apache.catalina.ant;
-
import org.apache.tools.ant.BuildException;
-
/**
* Ant task that implements the /serverinfo command supported by the Tomcat manager application.
- *
- * @author Vivek Chopra
*/
public class ServerinfoTask extends AbstractCatalinaTask {
- // Public Methods
-
/**
* Execute the requested operation.
*
@@ -36,9 +30,7 @@
*/
@Override
public void execute() throws BuildException {
-
super.execute();
execute("/serverinfo");
-
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/SessionsTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/SessionsTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/SessionsTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/SessionsTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -16,18 +16,13 @@
*/
package org.apache.catalina.ant;
-
import org.apache.tools.ant.BuildException;
-
/**
* Ant task that implements the /sessions command supported by the Tomcat manager application.
- *
- * @author Vivek Chopra
*/
public class SessionsTask extends AbstractCatalinaCommandTask {
-
protected String idle = null;
public String getIdle() {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/StartTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/StartTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/StartTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/StartTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,8 +23,6 @@
/**
* Ant task that implements the /start command, supported by the Tomcat manager application.
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public class StartTask extends AbstractCatalinaCommandTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/StopTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/StopTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/StopTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/StopTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,8 +23,6 @@
/**
* Ant task that implements the /stop command, supported by the Tomcat manager application.
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public class StopTask extends AbstractCatalinaCommandTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/UndeployTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/UndeployTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/UndeployTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/UndeployTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,8 +23,6 @@
/**
* Ant task that implements the /undeploy command, supported by the Tomcat manager application.
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public class UndeployTask extends AbstractCatalinaCommandTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/ValidatorTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/ValidatorTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/ValidatorTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/ValidatorTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -32,8 +32,6 @@
/**
* Task for validating a web application deployment descriptor, using XML schema validation.
*
- * @author Remy Maucherat
- *
* @since 5.0
*/
public class ValidatorTask extends BaseRedirectorHelperTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorCondition.java tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorCondition.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorCondition.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorCondition.java 2026-01-23 19:33:36.000000000 +0000
@@ -77,8 +77,6 @@
* NOTE: For numeric expressions the type must be set and use xml entities as operations.
* As type we currently support long and double.
*
- * @author Peter Rossbach
- *
* @since 5.5.10
*/
public class JMXAccessorCondition extends JMXAccessorConditionBase {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorCreateTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorCreateTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorCreateTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorCreateTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -46,16 +46,14 @@
* </jmxCreate/>
*
*
- * WARNINGNot all Tomcat MBeans can create remotely and auto register by its parents! Please, use the MBeanFactory
- * operation to generate valves and realms.
+ * WARNINGNot all Tomcat MBeans can create remotely and auto register by its parents! Please, use the
+ * MBeanFactory operation to generate valves and realms.
*
*
* First call to a remote MBean server save the JMXConnection a reference jmx.server
*
* These tasks require Ant 1.6 or later interface.
*
- * @author Peter Rossbach
- *
* @since 5.5.12
*/
public class JMXAccessorCreateTask extends JMXAccessorTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorEqualsCondition.java tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorEqualsCondition.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorEqualsCondition.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorEqualsCondition.java 2026-01-23 19:33:36.000000000 +0000
@@ -54,8 +54,6 @@
* </target>
*
*
- * @author Peter Rossbach
- *
* @since 5.5.10
*/
public class JMXAccessorEqualsCondition extends JMXAccessorConditionBase {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorGetTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorGetTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorGetTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorGetTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -49,8 +49,6 @@
*
* These tasks require Ant 1.6 or later interface.
*
- * @author Peter Rossbach
- *
* @since 5.5.10
*/
public class JMXAccessorGetTask extends JMXAccessorTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorInvokeTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorInvokeTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorInvokeTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorInvokeTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -54,6 +54,7 @@
*
*
*
* First call to a remote MBeanserver save the JMXConnection a referenz jmx.server
*
* These tasks require Ant 1.6 or later interface.
*
- * @author Peter Rossbach
- *
* @since 5.5.10
*/
public class JMXAccessorInvokeTask extends JMXAccessorTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorQueryTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorQueryTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorQueryTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorQueryTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -51,8 +51,6 @@
* The property manager.length show the size of the result and with manager.[0..length].name the resulted ObjectNames
* are saved. These tasks require Ant 1.6 or later interface.
*
- * @author Peter Rossbach
- *
* @since 5.5.10
*/
public class JMXAccessorQueryTask extends JMXAccessorTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorSetTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorSetTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorSetTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorSetTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -55,8 +55,6 @@
*
* These tasks require Ant 1.6 or later interface.
*
- * @author Peter Rossbach
- *
* @since 5.5.10
*/
public class JMXAccessorSetTask extends JMXAccessorTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -77,8 +77,6 @@
* execute when property exist and with unless when property not exists.
* NOTE : These tasks require Ant 1.6 or later interface.
*
- * @author Peter Rossbach
- *
* @since 5.5.10
*/
public class JMXAccessorTask extends BaseRedirectorHelperTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorUnregisterTask.java tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorUnregisterTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/ant/jmx/JMXAccessorUnregisterTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ant/jmx/JMXAccessorUnregisterTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -45,8 +45,6 @@
*
* These tasks require Ant 1.6 or later interface.
*
- * @author Peter Rossbach
- *
* @since 5.5.12
*/
public class JMXAccessorUnregisterTask extends JMXAccessorTask {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/AuthenticatorBase.java tomcat10-10.1.52/java/org/apache/catalina/authenticator/AuthenticatorBase.java
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/AuthenticatorBase.java 2026-01-23 19:33:36.000000000 +0000
@@ -70,6 +70,7 @@
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.apache.tomcat.util.http.FastHttpDateFormat;
+import org.apache.tomcat.util.http.Method;
import org.apache.tomcat.util.http.RequestUtil;
import org.apache.tomcat.util.res.StringManager;
@@ -85,8 +86,6 @@
*
* USAGE CONSTRAINT: This Valve is only useful when processing HTTP requests. Requests of any other type will
* simply be passed through.
- *
- * @author Craig R. McClanahan
*/
public abstract class AuthenticatorBase extends ValveBase implements Authenticator, RegistrationListener {
@@ -211,7 +210,6 @@
* {@code remote-user} and {@code auth-type} to a reverse proxy. This is useful, e.g., for access log consistency or
* other decisions to make.
*/
-
protected boolean sendAuthInfoResponseHeaders = false;
protected SessionIdGeneratorBase sessionIdGenerator = null;
@@ -221,6 +219,8 @@
*/
protected SingleSignOn sso = null;
+ private SsoReauthenticationMode ssoReauthenticationMode = SsoReauthenticationMode.DEFAULT;
+
private AllowCorsPreflight allowCorsPreflight = AllowCorsPreflight.NEVER;
private volatile String jaspicAppContextID = null;
@@ -230,6 +230,15 @@
// ------------------------------------------------------------- Properties
+ public String getSsoReauthenticationMode() {
+ return ssoReauthenticationMode.name().toLowerCase(Locale.ENGLISH);
+ }
+
+ public void setSsoReauthenticationMode(String ssoReauthenticationMode) {
+ this.ssoReauthenticationMode =
+ SsoReauthenticationMode.valueOf(ssoReauthenticationMode.trim().toUpperCase(Locale.ENGLISH));
+ }
+
public String getAllowCorsPreflight() {
return allowCorsPreflight.name().toLowerCase(Locale.ENGLISH);
}
@@ -486,7 +495,7 @@
// Make sure that constrained resources are not cached by web proxies
// or browsers as caching can provide a security hole
- if (constraints != null && disableProxyCaching && !"POST".equalsIgnoreCase(request.getMethod())) {
+ if (constraints != null && disableProxyCaching && !Method.POST.equals(request.getMethod())) {
if (securePagesWithPragma) {
// Note: These can cause problems with downloading files with IE
response.setHeader("Pragma", "No-cache");
@@ -609,7 +618,7 @@
if (allowCorsPreflight != AllowCorsPreflight.NEVER) {
// First check to see if this is a CORS Preflight request
// This is a subset of the tests in CorsFilter.checkRequestType
- if ("OPTIONS".equals(request.getMethod())) {
+ if (Method.OPTIONS.equals(request.getMethod())) {
String originHeader = request.getHeader(CorsFilter.REQUEST_HEADER_ORIGIN);
if (originHeader != null && !originHeader.isEmpty() && RequestUtil.isValidOrigin(originHeader) &&
!RequestUtil.isSameOrigin(request, originHeader)) {
@@ -726,12 +735,13 @@
Class clazz = null;
try {
clazz = Class.forName(jaspicCallbackHandlerClass, true, Thread.currentThread().getContextClassLoader());
- } catch (ClassNotFoundException e) {
- // Proceed with the retry below
+ } catch (ClassNotFoundException ignore) {
+ // Not found in the context class loader (web application class loader). Re-try below.
}
try {
if (clazz == null) {
+ // Look in the same class loader that loaded this class - usually Tomcat's common loader.
clazz = Class.forName(jaspicCallbackHandlerClass);
}
callbackHandler = (CallbackHandler) clazz.getConstructor().newInstance();
@@ -878,40 +888,87 @@
* Check to see if the user has already been authenticated earlier in the processing chain or if there is enough
* information available to authenticate the user without requiring further user interaction.
*
- * @param request The current request
- * @param response The current response
- * @param useSSO Should information available from SSO be used to attempt to authenticate the current user?
+ * @param request The current request
+ * @param response The current response
+ * @param useSsoCachedUserAndPassword Should the user and password available from SSO be used to attempt to
+ * authenticate the current user?
*
* @return true if the user was authenticated via the cache, otherwise false
*/
- protected boolean checkForCachedAuthentication(Request request, HttpServletResponse response, boolean useSSO) {
+ protected boolean checkForCachedAuthentication(Request request, HttpServletResponse response,
+ boolean useSsoCachedUserAndPassword) {
+
+ /*
+ * There are two methods for authentication caching implemented by the SSO Valve. The first caches the
+ * authenticated Principal returned by the Realm. The second caches the user name and password passed to the
+ * Realm that were used for authentication.
+ *
+ * If cached authentication is not available or fails for any reason, the Authenticator will attempt the normal
+ * authentication process for the Authenticator.
+ *
+ * Which cached authentication methods are used depends on the configuration of the SSO Valve and/or the
+ * Authenticator.
+ *
+ * If the SSO Valve is configured to require re-authentication, any cached Principal will not be used unless the
+ * Authenticator is explicitly configured (via ssoReauthenticationMode) to use it.
+ *
+ * If the SSO Valve is configured to require re-authentication, whether the cached user name and password can be
+ * used will be determined by the calling Authenticator type unless the Authenticator's ssoReauthenticationMode
+ * is explicitly configured.
+ */
+
+ // Determine which - if any - checks for cached authentication will be made.
+ boolean checkPrincipal = false;
+ boolean checkPassword = false;
- // Has the user already been authenticated?
- Principal principal = request.getUserPrincipal();
+ // Will be null if SSO is not configured or there is no current SSO session
String ssoId = (String) request.getNote(Constants.REQ_SSOID_NOTE);
- if (principal != null) {
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("authenticator.check.found", principal.getName()));
- }
- // Associate the session with any existing SSO session. Even if
- // useSSO is false, this will ensure coordinated session
- // invalidation at log out.
+
+ if (sso == null) {
+ // There is no SSO - check in case some other component has set the Principal
+ checkPrincipal = true;
+ } else if (ssoReauthenticationMode == SsoReauthenticationMode.DEFAULT && !sso.getRequireReauthentication() ||
+ ssoReauthenticationMode == SsoReauthenticationMode.PRINCIPAL) {
+ checkPrincipal = true;
+ // If checkPrincipal is enabled then checkPassword is enabled if there is an SSO session
if (ssoId != null) {
- associate(ssoId, request.getSessionInternal(true));
+ checkPassword = true;
}
- return true;
+ } else if (ssoId != null && (ssoReauthenticationMode == SsoReauthenticationMode.PASSWORD ||
+ sso.getRequireReauthentication() && useSsoCachedUserAndPassword)) {
+ checkPassword = true;
}
- // Is there an SSO session against which we can try to reauthenticate?
- if (useSSO && ssoId != null) {
+ // Check for a cached Principal. Most likely from SSO but could be another component.
+ if (checkPrincipal) {
+ if (ssoId != null && sso != null && sso.getRequireReauthentication()) {
+ // There is a valid SSO session but SSO Valve won't have cached the Principal.
+ sso.populateRequestFromSsoEntry(request, ssoId);
+ }
+
+ // Has the user already been authenticated?
+ Principal principal = request.getUserPrincipal();
+ if (principal != null) {
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("authenticator.check.found", principal.getName()));
+ }
+ // Associate the session with any existing SSO session. Even if
+ // useSSO is false, this will ensure coordinated session
+ // invalidation at log out.
+ if (ssoId != null) {
+ associate(ssoId, request.getSessionInternal(true));
+ }
+ return true;
+ }
+ }
+
+ // Check for a user and password cached by SSO
+ if (checkPassword) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("authenticator.check.sso", ssoId));
}
/*
- * Try to reauthenticate using data cached by SSO. If this fails, either the original SSO logon was of
- * DIGEST or SSL (which we can't reauthenticate ourselves because there is no cached username and password),
- * or the realm denied the user's reauthentication for some reason. In either case we have to prompt the
- * user for a logon
+ * Try to reauthenticate using data cached by SSO. If this fails we have to prompt the user for credentials.
*/
if (reauthenticateFromSSO(ssoId, request)) {
return true;
@@ -1294,4 +1351,12 @@
FILTER,
ALWAYS
}
+
+
+ protected enum SsoReauthenticationMode {
+ DEFAULT,
+ PRINCIPAL,
+ PASSWORD,
+ FULL
+ }
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/BasicAuthenticator.java tomcat10-10.1.52/java/org/apache/catalina/authenticator/BasicAuthenticator.java
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/BasicAuthenticator.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/BasicAuthenticator.java 2026-01-23 19:33:36.000000000 +0000
@@ -34,8 +34,6 @@
/**
* An Authenticator and Valve implementation of HTTP BASIC Authentication, as outlined in RFC 7617: "The
* 'Basic' HTTP Authentication Scheme"
- *
- * @author Craig R. McClanahan
*/
public class BasicAuthenticator extends AuthenticatorBase {
@@ -116,7 +114,7 @@
}
} catch (IllegalArgumentException iae) {
if (log.isDebugEnabled()) {
- log.debug(sm.getString("basicAuthenticator.invalidAuthorization", iae.getMessage()));
+ log.debug(sm.getString("basicAuthenticator.invalidAuthorization"), iae);
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/DigestAuthenticator.java tomcat10-10.1.52/java/org/apache/catalina/authenticator/DigestAuthenticator.java
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/DigestAuthenticator.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/DigestAuthenticator.java 2026-01-23 19:33:36.000000000 +0000
@@ -47,9 +47,6 @@
/**
* An Authenticator and Valve implementation of HTTP DIGEST Authentication, as outlined in RFC 7616: "HTTP
* Digest Authentication"
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
public class DigestAuthenticator extends AuthenticatorBase {
@@ -266,14 +263,16 @@
@Override
protected boolean doAuthenticate(Request request, HttpServletResponse response) throws IOException {
- // NOTE: We don't try to reauthenticate using any existing SSO session,
- // because that will only work if the original authentication was
- // BASIC or FORM, which are less secure than the DIGEST auth-type
- // specified for this webapp
- //
- // Change to true below to allow previous FORM or BASIC authentications
- // to authenticate users for this webapp
- // TODO make this a configurable attribute (in SingleSignOn??)
+ /*
+ * Reauthentication using the cached user name and password (if any) is not enabled for DIGEST authentication.
+ * This was an historical design decision made because DIGEST authentication is viewed as more secure than
+ * BASIC/FORM.
+ *
+ * However, reauthentication was introduced to handle the case where the Realm took additional actions on
+ * authentication. Reauthenticating with the cached user name and password should be sufficient for DIGEST in
+ * that scenario. However, the original behaviour to reauthenticate has been retained in case of any (very
+ * unlikely) backwards compatibility issues.
+ */
if (checkForCachedAuthentication(request, response, false)) {
return true;
}
@@ -539,7 +538,7 @@
Map directives;
try {
directives = Authorization.parseAuthorizationDigest(new StringReader(authorization));
- } catch (IOException e) {
+ } catch (IOException ioe) {
return false;
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/FormAuthenticator.java tomcat10-10.1.52/java/org/apache/catalina/authenticator/FormAuthenticator.java
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/FormAuthenticator.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/FormAuthenticator.java 2026-01-23 19:33:36.000000000 +0000
@@ -42,14 +42,12 @@
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
+import org.apache.tomcat.util.http.Method;
import org.apache.tomcat.util.http.MimeHeaders;
/**
* An Authenticator and Valve implementation of FORM BASED Authentication, as described in the Servlet API
* Specification.
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
public class FormAuthenticator extends AuthenticatorBase {
@@ -247,7 +245,7 @@
try {
saveRequest(request, session);
} catch (IOException ioe) {
- log.debug(sm.getString("authenticator.requestBodyTooBig"));
+ log.debug(sm.getString("authenticator.requestBodyTooBig"), ioe);
response.sendError(HttpServletResponse.SC_FORBIDDEN, sm.getString("authenticator.requestBodyTooBig"));
return false;
}
@@ -303,7 +301,7 @@
// the landing page
String uri = request.getContextPath() + landingPage;
SavedRequest saved = new SavedRequest();
- saved.setMethod("GET");
+ saved.setMethod(Method.GET);
saved.setRequestURI(uri);
saved.setDecodedRequestURI(uri);
request.getSessionInternal(true).setNote(Constants.FORM_REQUEST_NOTE, saved);
@@ -328,7 +326,7 @@
// the landing page
String uri = request.getContextPath() + landingPage;
SavedRequest saved = new SavedRequest();
- saved.setMethod("GET");
+ saved.setMethod(Method.GET);
saved.setRequestURI(uri);
saved.setDecodedRequestURI(uri);
session.setNote(Constants.FORM_REQUEST_NOTE, saved);
@@ -364,15 +362,7 @@
// a resource is protected for some HTTP methods but not protected for
// GET which is used after authentication when redirecting to the
// protected resource.
- // TODO: This is similar to the FormAuthenticator.matchRequest() logic
- // Is there a way to remove the duplication?
- Session session = request.getSessionInternal(false);
- if (session != null) {
- SavedRequest savedRequest = (SavedRequest) session.getNote(Constants.FORM_REQUEST_NOTE);
- return savedRequest != null && decodedRequestURI.equals(savedRequest.getDecodedRequestURI());
- }
-
- return false;
+ return matchRequest(request, false);
}
@@ -448,7 +438,7 @@
// Always use GET for the login page, regardless of the method used
String oldMethod = request.getMethod();
- request.getCoyoteRequest().method().setString("GET");
+ request.getCoyoteRequest().setMethod(Method.GET);
RequestDispatcher disp = context.getServletContext().getRequestDispatcher(loginPage);
try {
@@ -464,7 +454,7 @@
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, msg);
} finally {
// Restore original method so that it is written into access log
- request.getCoyoteRequest().method().setString(oldMethod);
+ request.getCoyoteRequest().setMethod(oldMethod);
}
}
@@ -506,15 +496,21 @@
}
+ protected boolean matchRequest(Request request) {
+ return matchRequest(request, true);
+ }
+
/**
* Does this request match the saved one (so that it must be the redirect we signaled after successful
* authentication?)
*
* @param request The request to be verified
+ * @param strict true to check for a valid Principal and valid Session ID, false to only
+ * check for a valid saved request and matching URI
*
* @return true if the requests matched the saved one
*/
- protected boolean matchRequest(Request request) {
+ protected boolean matchRequest(Request request, boolean strict) {
// Has a session been created?
Session session = request.getSessionInternal(false);
if (session == null) {
@@ -527,17 +523,19 @@
return false;
}
- // Is there a saved principal?
- if (cache && session.getPrincipal() == null || !cache && request.getPrincipal() == null) {
- return false;
- }
-
- // Does session id match?
- if (getChangeSessionIdOnAuthentication()) {
- String expectedSessionId = (String) session.getNote(Constants.SESSION_ID_NOTE);
- if (expectedSessionId == null || !expectedSessionId.equals(request.getRequestedSessionId())) {
+ if (strict) {
+ // Is there a saved principal?
+ if (cache && session.getPrincipal() == null || !cache && request.getPrincipal() == null) {
return false;
}
+
+ // Does session id match?
+ if (getChangeSessionIdOnAuthentication()) {
+ String expectedSessionId = (String) session.getNote(Constants.SESSION_ID_NOTE);
+ if (expectedSessionId == null || !expectedSessionId.equals(request.getRequestedSessionId())) {
+ return false;
+ }
+ }
}
// Does the request URI match?
@@ -590,7 +588,7 @@
String method = saved.getMethod();
MimeHeaders rmh = request.getCoyoteRequest().getMimeHeaders();
rmh.recycle();
- boolean cacheable = "GET".equalsIgnoreCase(method) || "HEAD".equalsIgnoreCase(method);
+ boolean cacheable = Method.GET.equals(method) || Method.HEAD.equals(method);
Iterator names = saved.getHeaderNames();
while (names.hasNext()) {
String name = names.next();
@@ -624,7 +622,7 @@
// If no content type specified, use default for POST
String savedContentType = saved.getContentType();
- if (savedContentType == null && "POST".equalsIgnoreCase(method)) {
+ if (savedContentType == null && Method.POST.equals(method)) {
savedContentType = Globals.CONTENT_TYPE_FORM_URL_ENCODING;
}
@@ -632,7 +630,7 @@
request.getCoyoteRequest().setContentType(contentType);
}
- request.getCoyoteRequest().method().setString(method);
+ request.getCoyoteRequest().setMethod(method);
// The method, URI, queryString and protocol are normally stored as
// bytes in the HttpInputBuffer and converted lazily to String. At this
// point, the method has already been set as String in the line above
@@ -646,8 +644,8 @@
request.getCoyoteRequest().queryString().toStringType();
request.getCoyoteRequest().protocol().toStringType();
- if (saved.getOriginalMaxInactiveInterval() > 0) {
- session.setMaxInactiveInterval(saved.getOriginalMaxInactiveInterval());
+ if (saved.getOriginalMaxInactiveIntervalOptional() != null) {
+ session.setMaxInactiveInterval(saved.getOriginalMaxInactiveIntervalOptional().intValue());
}
return true;
@@ -719,17 +717,20 @@
if (session instanceof HttpSession) {
if (((HttpSession) session).isNew()) {
int originalMaxInactiveInterval = session.getMaxInactiveInterval();
- if (originalMaxInactiveInterval > getAuthenticationSessionTimeout()) {
+ if (originalMaxInactiveInterval > getAuthenticationSessionTimeout() ||
+ originalMaxInactiveInterval <= 0) {
saved.setOriginalMaxInactiveInterval(originalMaxInactiveInterval);
session.setMaxInactiveInterval(getAuthenticationSessionTimeout());
}
- } else if (previousSavedRequest != null && previousSavedRequest.getOriginalMaxInactiveInterval() > 0) {
+ } else if (previousSavedRequest != null &&
+ previousSavedRequest.getOriginalMaxInactiveIntervalOptional() != null) {
/*
* The user may have refreshed the browser page during authentication. Transfer the original max
* inactive interval from previous saved request to current one else, once authentication is completed,
- * the session will retain the the shorter authentication session timeout
+ * the session will retain the shorter authentication session timeout
*/
- saved.setOriginalMaxInactiveInterval(previousSavedRequest.getOriginalMaxInactiveInterval());
+ saved.setOriginalMaxInactiveInterval(
+ previousSavedRequest.getOriginalMaxInactiveIntervalOptional().intValue());
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/LocalStrings.properties tomcat10-10.1.52/java/org/apache/catalina/authenticator/LocalStrings.properties
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/LocalStrings.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/LocalStrings.properties 2026-01-23 19:33:36.000000000 +0000
@@ -42,7 +42,7 @@
authenticator.userDataPermissionFail=User data does not comply with the constraints of the resource
authenticator.userPermissionFail=User [{0}] does not have authorization to access the resource
-basicAuthenticator.invalidAuthorization=Invalid Authorization: [{0}]
+basicAuthenticator.invalidAuthorization=Invalid Authorization header
basicAuthenticator.invalidCharset=The only permitted values are null, the empty string or UTF-8
basicAuthenticator.notBase64=Basic Authorization credentials are not Base64
basicAuthenticator.notBasic=Authorization header method is not ''Basic''
@@ -76,9 +76,12 @@
singleSignOn.debug.principalNotFound=SSO did not find a cached Principal. Erasing SSO cookie for session [{0}]
singleSignOn.debug.register=SSO registering SSO session [{0}] for user [{1}] with authentication type [{2}]
singleSignOn.debug.removeSession=SSO removing application session [{0}] from SSO session [{1}]
+singleSignOn.debug.sessionChangedId=SSO changing sessionID in session [{0}, oldSessionId {1}] from SSO session [{2}]
singleSignOn.debug.sessionLogout=SSO processing a log out for SSO session [{0}] and application session [{1}]
singleSignOn.debug.sessionTimeout=SSO processing a time out for SSO session [{0}] and application session [{1}]
singleSignOn.debug.update=SSO updating SSO session [{0}] to authentication type [{1}]
+singleSignOn.duplicateRealm=SSO found a realm defined on context [{0}], this will conflict with principals defined in the main realm
+singleSignOn.noRealm=This SSO [{0}] has no realm associated with it
singleSignOn.sessionExpire.contextNotFound=SSO unable to expire session [{0}] because the Context could not be found
singleSignOn.sessionExpire.engineNull=SSO unable to expire session [{0}] because the Engine was null
singleSignOn.sessionExpire.hostNotFound=SSO unable to expire session [{0}] because the Host could not be found
@@ -92,6 +95,6 @@
spnegoAuthenticator.ticketValidateFail=Failed to validate client supplied ticket
sslAuthenticatorValve.authFailed=Authentication with the provided certificates failed
-sslAuthenticatorValve.http2=The context [{0}] in virtual host [{1}] is configured to use CLIENT-CERT authentication and [{2}] is configured to support HTTP/2. Use of CLIENT-CERT authentication is not compatible with the use of HTTP/2.
+sslAuthenticatorValve.http2=The context [{0}] in virtual host [{1}] is configured to use CLIENT-CERT authentication and [{2}] is configured to support HTTP/2. Use of CLIENT-CERT authentication is not compatible with the use of HTTP/2 unless certificateVerification is set to required.
sslAuthenticatorValve.noCertificates=No certificates are included with this request
-sslAuthenticatorValve.tls13=The context [{0}] in virtual host [{1}] is configured to use CLIENT-CERT authentication and [{2}] is configured to support TLS 1.3 using JSSE. Use of CLIENT-CERT authentication is not compatible with the use of TLS 1.3 and JSSE.
+sslAuthenticatorValve.tls13=The context [{0}] in virtual host [{1}] is configured to use CLIENT-CERT authentication and [{2}] is configured to support TLS 1.3 using JSSE. Use of CLIENT-CERT authentication is not compatible with the use of TLS 1.3 and JSSE unless certificateVerification is set to required.
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/LocalStrings_fr.properties tomcat10-10.1.52/java/org/apache/catalina/authenticator/LocalStrings_fr.properties
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/LocalStrings_fr.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/LocalStrings_fr.properties 2026-01-23 19:33:36.000000000 +0000
@@ -42,7 +42,7 @@
authenticator.userDataPermissionFail=Les données envoyées par l'utilisateur ne répondent pas aux contraintes définies pour la ressource
authenticator.userPermissionFail=L''utilisateur [{0}] n''a pas l''autorisation d''accéder à la ressource
-basicAuthenticator.invalidAuthorization=L''autorisation est invalide: [{0}]
+basicAuthenticator.invalidAuthorization=L'autorisation est invalide
basicAuthenticator.invalidCharset=Les seules valeurs permises sont null, la chaîne vide, ou des caractères UTF-8
basicAuthenticator.notBase64=Les informations d'identification Basic ne sont pas encodées en Base64
basicAuthenticator.notBasic=La méthode d'authentification n'est pas ''Basic''
@@ -76,9 +76,12 @@
singleSignOn.debug.principalNotFound=Le SSO n''a pas trouvé de principal en cache, le cookie SSO de la session [{0}] est effacé
singleSignOn.debug.register=Enregistrement de la session SSO [{0}] pour l''utilisateur [{1}] avec le type d''authentification [{2}]
singleSignOn.debug.removeSession=Le SSO retire la session applicative [{0}] de la session SSO [{1}]
+singleSignOn.debug.sessionChangedId=Changement de l''id de session [{0}, ancien id {1}] dans la session SSO [{2}]
singleSignOn.debug.sessionLogout=Le SSO effectue une déconnection pour la session SSO [{0}] et la session [{1}] de l''application
singleSignOn.debug.sessionTimeout=Le SSO traite un timeout pour la session SSO [{0}] et la session [{1}] de l''application
singleSignOn.debug.update=Le SSO met à jour la session SSO [{0}] avec le type d''authentification [{1}]
+singleSignOn.duplicateRealm=Le SSO a trouvé un royaume défini sur le contexte [{0}] qui va entrer en conflit avec les principals définis dans le royaume du SSO
+singleSignOn.noRealm=Ce SSO [{0}] n''a aucun royaume associé avec lui
singleSignOn.sessionExpire.contextNotFound=Le SSO n''a pu faire expirer la session [{0}] parce que le contexte n''a pas été trouvé
singleSignOn.sessionExpire.engineNull=Le SSO n''a pu faire expirer la session [{0}] parce que le moteur est null
singleSignOn.sessionExpire.hostNotFound=SSO ne peut pas faire expirer le session [{0}] parce que l''hôte ("Host") n''a pas été trouvé
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/LocalStrings_ja.properties tomcat10-10.1.52/java/org/apache/catalina/authenticator/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -42,7 +42,7 @@
authenticator.userDataPermissionFail=ユーザデータがリソースの制約に従っていません
authenticator.userPermissionFail=ユーザ [{0}] にはリソースへのアクセス権限がありません
-basicAuthenticator.invalidAuthorization=無効な認証: [{0}]
+basicAuthenticator.invalidAuthorization=無効な認証
basicAuthenticator.invalidCharset=指定できる値は、null、空の文字列またはUTF-8です。
basicAuthenticator.notBase64=Basic認証の資格情報がBase64ではありません
basicAuthenticator.notBasic=認証ヘッダメソッドが ''Basic'' ではありません
@@ -76,9 +76,12 @@
singleSignOn.debug.principalNotFound=SSO はキャッシュされたプリンシパルを検出しませんでした。セッション [{0}] の SSO Cookie を消去しています
singleSignOn.debug.register=SSO は認証タイプ [{2}] のユーザー [{1}] の SSO セッション [{0}] を登録しています
singleSignOn.debug.removeSession=SSOはSSOセッション [{1}] からアプリケーションセッション [{0}] を削除しています
+singleSignOn.debug.sessionChangedId=SSO は SSO セッション [{2}] からセッション [{0}、oldSessionId {1}] のセッション ID を変更しています
singleSignOn.debug.sessionLogout=SSOはSSOセッション[{0}]とアプリケーションセッション[{1}]をログアウト処理しています
singleSignOn.debug.sessionTimeout=SSOはSSOセッション[{0}]とアプリケーションセッション[{1}]のタイムアウトを処理しています
singleSignOn.debug.update=SSOはSSOセッション [{0}] を認証タイプ [{1}] に更新します
+singleSignOn.duplicateRealm=SSO はコンテキスト [{0}] で定義されたレルムを検出しました。これはメインレルムで定義されたプリンシパルと競合します
+singleSignOn.noRealm=このSSO [{0}]にはレルムが関連付けられていません
singleSignOn.sessionExpire.contextNotFound=Context が見つからないため、SSO はセッション [{0}] を破棄できません
singleSignOn.sessionExpire.engineNull=Engine が null だったため、SSO はセッション [{0}] を破棄できません
singleSignOn.sessionExpire.hostNotFound=ホストが見つからないため SSO セッション [{0}] を破棄できません
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/LocalStrings_ru.properties tomcat10-10.1.52/java/org/apache/catalina/authenticator/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/LocalStrings_ru.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -16,4 +16,7 @@
# Do not edit this file directly.
# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
+authenticator.check.found=Уже аутентифицирован [{0}]
authenticator.noAuthHeader=Заголовок авторизации не был отправлен клиентом
+
+basicAuthenticator.invalidCharset=Единственные разрешенные значения это null, пустая строка или UTF-8
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java tomcat10-10.1.52/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/NonLoginAuthenticator.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,8 +25,6 @@
/**
* An Authenticator and Valve implementation that checks only security constraints not involving user
* authentication.
- *
- * @author Craig R. McClanahan
*/
public final class NonLoginAuthenticator extends AuthenticatorBase {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/SSLAuthenticator.java tomcat10-10.1.52/java/org/apache/catalina/authenticator/SSLAuthenticator.java
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/SSLAuthenticator.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/SSLAuthenticator.java 2026-01-23 19:33:36.000000000 +0000
@@ -37,12 +37,11 @@
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.net.Constants;
import org.apache.tomcat.util.net.SSLHostConfig;
+import org.apache.tomcat.util.net.SSLHostConfig.CertificateVerification;
/**
* An Authenticator and Valve implementation of authentication that utilizes SSL certificates to identify
* client users.
- *
- * @author Craig R. McClanahan
*/
public class SSLAuthenticator extends AuthenticatorBase {
@@ -60,14 +59,17 @@
@Override
protected boolean doAuthenticate(Request request, HttpServletResponse response) throws IOException {
- // NOTE: We don't try to reauthenticate using any existing SSO session,
- // because that will only work if the original authentication was
- // BASIC or FORM, which are less secure than the CLIENT-CERT auth-type
- // specified for this webapp
- //
- // Change to true below to allow previous FORM or BASIC authentications
- // to authenticate users for this webapp
- // TODO make this a configurable attribute (in SingleSignOn??)
+ /*
+ * Reauthentication using the cached user name and password (if any) is not enabled for CLIENT-CERT
+ * authentication. This was an historical design decision made because CLIENT-CERT authentication is viewed as
+ * more secure than BASIC/FORM.
+ *
+ * However, reauthentication was introduced to handle the case where the Realm took additional actions on
+ * authentication. Reauthenticating with the cached user name and password may not be sufficient for CLIENT-CERT
+ * since it will not make any TLS information (client certificate etc) available that a web application may
+ * depend on. Therefore, the reauthentication behaviour for CLIENT-CERT is to perform a normal CLIENT-CERT
+ * authentication.
+ */
if (checkForCachedAuthentication(request, response, false)) {
return true;
}
@@ -175,28 +177,52 @@
Connector[] connectors = engine.getService().findConnectors();
for (Connector connector : connectors) {
- // First check for upgrade
- UpgradeProtocol[] upgradeProtocols = connector.findUpgradeProtocols();
- for (UpgradeProtocol upgradeProtocol : upgradeProtocols) {
- if ("h2".equals(upgradeProtocol.getAlpnName())) {
- log.warn(sm.getString("sslAuthenticatorValve.http2", context.getName(), host.getName(), connector));
+ /*
+ * There are two underlying issues here.
+ *
+ * 1. JSSE does not implement post-handshake authentication (PHA) for TLS 1.3. That means CLIENT-CERT
+ * authentication will only work if the virtual host requires a certificate OR the client never requests a
+ * protected resource.
+ *
+ * 2. HTTP/2 does not permit re-negotiation nor PHA. That means CLIENT-CERT authentication will only work if
+ * the virtual host requires a certificate OR the client never requests a protected resource.
+ *
+ * We can't rely on the client never requesting a protected resource but we can check if all the virtual
+ * hosts are configured to require a certificate.
+ */
+ boolean allHostsRequireCertificate = true;
+ for (SSLHostConfig sslHostConfig : connector.findSslHostConfigs()) {
+ if (sslHostConfig.getCertificateVerification() != CertificateVerification.REQUIRED) {
+ allHostsRequireCertificate = false;
break;
}
}
- // Then check for TLS 1.3
- SSLHostConfig[] sslHostConfigs = connector.findSslHostConfigs();
- for (SSLHostConfig sslHostConfig : sslHostConfigs) {
- if (!sslHostConfig.isTls13RenegotiationAvailable()) {
- String[] enabledProtocols = sslHostConfig.getEnabledProtocols();
- if (enabledProtocols == null) {
- // Possibly boundOnInit is used, so use the less accurate protocols
- enabledProtocols = sslHostConfig.getProtocols().toArray(new String[0]);
+ // Only need to check for use of HTTP/2 or TLS 1.3 if one or more hosts doesn't require a certificate
+ if (!allHostsRequireCertificate) {
+ // Check if the Connector is configured to support upgrade to HTTP/2
+ UpgradeProtocol[] upgradeProtocols = connector.findUpgradeProtocols();
+ for (UpgradeProtocol upgradeProtocol : upgradeProtocols) {
+ if ("h2".equals(upgradeProtocol.getAlpnName())) {
+ log.warn(sm.getString("sslAuthenticatorValve.http2", context.getName(), host.getName(),
+ connector));
+ break;
}
- for (String enabledProtocol : enabledProtocols) {
- if (Constants.SSL_PROTO_TLSv1_3.equals(enabledProtocol)) {
- log.warn(sm.getString("sslAuthenticatorValve.tls13", context.getName(), host.getName(),
- connector));
+ }
+
+ // Check if any of the virtual hosts support TLS 1.3 without supporting PHA
+ for (SSLHostConfig sslHostConfig : connector.findSslHostConfigs()) {
+ if (!sslHostConfig.isTls13RenegotiationAvailable()) {
+ String[] enabledProtocols = sslHostConfig.getEnabledProtocols();
+ if (enabledProtocols == null) {
+ // Possibly boundOnInit is used, so use the less accurate protocols
+ enabledProtocols = sslHostConfig.getProtocols().toArray(new String[0]);
+ }
+ for (String enabledProtocol : enabledProtocols) {
+ if (Constants.SSL_PROTO_TLSv1_3.equals(enabledProtocol)) {
+ log.warn(sm.getString("sslAuthenticatorValve.tls13", context.getName(), host.getName(),
+ connector));
+ }
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/SavedRequest.java tomcat10-10.1.52/java/org/apache/catalina/authenticator/SavedRequest.java
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/SavedRequest.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/SavedRequest.java 2026-01-23 19:33:36.000000000 +0000
@@ -35,8 +35,6 @@
*
* IMPLEMENTATION NOTE - It is assumed that this object is accessed only from the context of a single thread, so
* no synchronization around internal collection classes is performed.
- *
- * @author Craig R. McClanahan
*/
public final class SavedRequest implements Serializable {
@@ -181,13 +179,26 @@
/**
* The original maxInactiveInterval for the session.
*/
- private int originalMaxInactiveInterval = -1;
+ private Integer originalMaxInactiveInterval = null;
- public int getOriginalMaxInactiveInterval() {
+ public Integer getOriginalMaxInactiveIntervalOptional() {
return originalMaxInactiveInterval;
}
+ /**
+ * Obtain the original session maxInactiveInterval.
+ *
+ * @return the original session maxInactiveInterval
+ *
+ * @deprecated This method will be removed in Tomcat 12.0.x onwards. Use
+ * {@link SavedRequest#getOriginalMaxInactiveIntervalOptional()}
+ */
+ @Deprecated
+ public int getOriginalMaxInactiveInterval() {
+ return (originalMaxInactiveInterval == null) ? -1 : originalMaxInactiveInterval.intValue();
+ }
+
public void setOriginalMaxInactiveInterval(int originalMaxInactiveInterval) {
- this.originalMaxInactiveInterval = originalMaxInactiveInterval;
+ this.originalMaxInactiveInterval = Integer.valueOf(originalMaxInactiveInterval);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/SingleSignOn.java tomcat10-10.1.52/java/org/apache/catalina/authenticator/SingleSignOn.java
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/SingleSignOn.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/SingleSignOn.java 2026-01-23 19:33:36.000000000 +0000
@@ -28,6 +28,7 @@
import org.apache.catalina.Container;
import org.apache.catalina.Context;
import org.apache.catalina.Engine;
+import org.apache.catalina.Host;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Manager;
import org.apache.catalina.Realm;
@@ -50,8 +51,33 @@
*
The web applications themselves must use one of the standard Authenticators found in the
* org.apache.catalina.authenticator package.
*
- *
- * @author Craig R. McClanahan
+ *
+ * On first authentication to any web application, an SSO session is created and the authenticated Principal, the
+ * authentication type and the plain text user name and password used to authenticate (if available) are cached using a
+ * key based on the SSO session. On subsequent requests to a web application on the Host where this Valve is configured,
+ * the cached authenticated Principal and the authentication type are added to the request by the SSO Valve and no
+ * further authentication takes place.
+ *
+ * In some scenarios, adding the authenticated Principal and the authentication type is insufficient. This usually
+ * occurs when the web application depends on additional actions the Realm takes on authentication which are bypassed by
+ * the SSO Valve. Examples of this include the Realm setting security credentials on the request thread to support EJB
+ * access or the CLIENT-CERT authenticator providing the client certificate and other TLS attributes. To address this,
+ * the {@code requireReauthentication} flag can be set to {@code true} which will cause the SSO Valve not to set the
+ * cached Principal and authentication type on the request and the web application authenticator will authenticate the
+ * request. By default this reauthentication will occur in the following ways:
+ *
+ *
BASIC - call the realm using the plain text user name and password cached by the SSO Valve if available. If not
+ * cached, obtain those values from the request. If not present in the request, request them from the user agent.
+ *
FORM - call the realm using the plain text user name and password cached by the SSO Valve if available. If not
+ * cached, request them from the user agent.
+ *
DIGEST - call the realm using the credentials present in the request. If not present in the request, request them
+ * from the user agent.
+ *
CLIENT-CERT - call the realm using the credentials present in the TLS connection. If not present in the TLS
+ * connection, request them from the user agent.
+ *
SPNEGO - request authentication credentials from the user agent.
+ *
+ * Note that this means that enabling reauthentication only makes sense if there are two or more web applications in the
+ * Host that use BASIC or FORM. If that is not the case, the SSO Valve will just add processing overhead.
*/
public class SingleSignOn extends ValveBase {
@@ -426,8 +452,8 @@
Session session;
try {
session = manager.findSession(key.getSessionId());
- } catch (IOException e) {
- containerLog.warn(sm.getString("singleSignOn.sessionExpire.managerError", key), e);
+ } catch (IOException ioe) {
+ containerLog.warn(sm.getString("singleSignOn.sessionExpire.managerError", key), ioe);
return;
}
if (session == null) {
@@ -439,8 +465,8 @@
/**
- * Attempts reauthentication to the given Realm using the credentials associated with the single
- * sign-on session identified by argument ssoId.
+ * Attempts reauthentication to the given Realm using the cached plain text credentials associated with
+ * the single sign-on session identified by argument ssoId.
*
* If reauthentication is successful, the Principal and authorization type associated with the SSO
* session will be bound to the given Request object via calls to {@link Request#setAuthType
@@ -480,6 +506,15 @@
}
+ protected void populateRequestFromSsoEntry(Request request, String ssoId) {
+ SingleSignOnEntry entry = cache.get(ssoId);
+ if (entry != null) {
+ request.setAuthType(entry.getAuthType());
+ request.setUserPrincipal(entry.getPrincipal());
+ }
+ }
+
+
/**
* Register the specified Principal as being associated with the specified value for the single sign on identifier.
*
@@ -571,12 +606,39 @@
@Override
protected void startInternal() throws LifecycleException {
- Container c = getContainer();
- while (c != null && !(c instanceof Engine)) {
- c = c.getParent();
- }
- if (c != null) {
- engine = (Engine) c;
+ Container container = getContainer();
+ while (container != null && !(container instanceof Engine)) {
+ container = container.getParent();
+ }
+ if (container != null) {
+ engine = (Engine) container;
+ }
+ // Starting with the associated container, verify it has a realm associated,
+ // and that no child container returns a different realm
+ container = getContainer();
+ Realm containerRealm = container.getRealm();
+ if (containerRealm == null) {
+ containerLog.warn(sm.getString("singleSignOn.noRealm", container.getName()));
+ } else {
+ if (container instanceof Engine) {
+ for (Container host : engine.findChildren()) {
+ if (host.getRealm() != containerRealm) {
+ containerLog.warn(sm.getString("singleSignOn.duplicateRealm", host.getName()));
+ } else {
+ for (Container context : host.findChildren()) {
+ if (context.getRealm() != containerRealm) {
+ containerLog.warn(sm.getString("singleSignOn.duplicateRealm", context.getName()));
+ }
+ }
+ }
+ }
+ } else if (container instanceof Host) {
+ for (Container context : container.findChildren()) {
+ if (context.getRealm() != containerRealm) {
+ containerLog.warn(sm.getString("singleSignOn.duplicateRealm", context.getName()));
+ }
+ }
+ }
}
super.startInternal();
}
@@ -587,4 +649,27 @@
super.stopInternal();
engine = null;
}
+
+ protected void sessionChangedId(String ssoId, Session session, String oldSessionId) {
+ if (containerLog.isDebugEnabled()) {
+ containerLog.debug(sm.getString("singleSignOn.debug.sessionChangedId", session, oldSessionId, ssoId));
+ }
+
+ SingleSignOnEntry entry = cache.get(ssoId);
+ if (entry == null) {
+ return;
+ }
+
+ /*
+ * Associate the new sessionId with this SingleSignOnEntry. A SessionListener will be registered for the new
+ * sessionID. If not, then we would not notice any subsequent Session.SESSION_DESTROYED_EVENT for the session.
+ */
+ entry.addSession(this, ssoId, session);
+
+ /*
+ * Remove the obsolete sessionId from the SingleSignOnEntry. The sessionId part of the SingleSignOnSessionKey is
+ * final.
+ */
+ entry.removeSession(session, oldSessionId);
+ }
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/SingleSignOnEntry.java tomcat10-10.1.52/java/org/apache/catalina/authenticator/SingleSignOnEntry.java
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/SingleSignOnEntry.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/SingleSignOnEntry.java 2026-01-23 19:33:36.000000000 +0000
@@ -34,8 +34,6 @@
* AuthenticatorBase subclasses that need it in order to perform reauthentications when SingleSignOn is in
* use.
*
- * @author B Stansberry, based on work by Craig R. McClanahan
- *
* @see SingleSignOn
* @see AuthenticatorBase#reauthenticateFromSSO
*/
@@ -101,6 +99,18 @@
sessionKeys.remove(key);
}
+ /**
+ * Removes the given Session from the list of those associated with this SSO, using the previous
+ * sessionId
+ *
+ * @param session the Session to remove.
+ * @param oldSessionId the previous sessionId of the Session to remove.
+ */
+ public void removeSession(Session session, String oldSessionId) {
+ SingleSignOnSessionKey key = new SingleSignOnSessionKey(session, oldSessionId);
+ sessionKeys.remove(key);
+ }
+
/**
* Returns the HTTP Session identifiers associated with this SSO.
*
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/SingleSignOnListener.java tomcat10-10.1.52/java/org/apache/catalina/authenticator/SingleSignOnListener.java
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/SingleSignOnListener.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/SingleSignOnListener.java 2026-01-23 19:33:36.000000000 +0000
@@ -38,7 +38,8 @@
@Override
public void sessionEvent(SessionEvent event) {
- if (!Session.SESSION_DESTROYED_EVENT.equals(event.getType())) {
+ final String type = event.getType();
+ if (!(Session.SESSION_DESTROYED_EVENT.equals(type) || Session.SESSION_CHANGED_ID_EVENT.equals(type))) {
return;
}
@@ -56,6 +57,15 @@
if (sso == null) {
return;
}
- sso.sessionDestroyed(ssoId, session);
+
+ switch (type) {
+ case Session.SESSION_CHANGED_ID_EVENT:
+ sso.sessionChangedId(ssoId, session, (String) event.getData());
+ break;
+
+ case Session.SESSION_DESTROYED_EVENT:
+ sso.sessionDestroyed(ssoId, session);
+ break;
+ }
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/SingleSignOnSessionKey.java tomcat10-10.1.52/java/org/apache/catalina/authenticator/SingleSignOnSessionKey.java
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/SingleSignOnSessionKey.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/SingleSignOnSessionKey.java 2026-01-23 19:33:36.000000000 +0000
@@ -41,6 +41,13 @@
this.hostName = context.getParent().getName();
}
+ public SingleSignOnSessionKey(Session session, String sessionId) {
+ this.sessionId = sessionId;
+ Context context = session.getManager().getContext();
+ this.contextName = context.getName();
+ this.hostName = context.getParent().getName();
+ }
+
public String getSessionId() {
return sessionId;
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java tomcat10-10.1.52/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/SpnegoAuthenticator.java 2026-01-23 19:33:36.000000000 +0000
@@ -135,7 +135,17 @@
@Override
protected boolean doAuthenticate(Request request, HttpServletResponse response) throws IOException {
- if (checkForCachedAuthentication(request, response, true)) {
+ /*
+ * Reauthentication using the cached user name and password (if any) is not enabled for SPNEGO authentication.
+ * This is because the delegated credentials will nto be available unless a normal SPNEGO authentication takes
+ * place.
+ *
+ * Reauthentication was introduced to handle the case where the Realm took additional actions on authentication.
+ * Reauthenticating with the cached user name and password may not be sufficient for SPNEGO since it will not
+ * make the delegated credentials available that a web application may depend on. Therefore, the
+ * reauthentication behaviour for SPNEGO is to perform a normal SPNEGO authentication.
+ */
+ if (checkForCachedAuthentication(request, response, false)) {
return true;
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java tomcat10-10.1.52/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -556,7 +556,7 @@
@Override
public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject)
- throws AuthException {
+ throws AuthException {
return module.validateRequest(messageInfo, clientSubject, serviceSubject);
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/jaspic/LocalStrings_ru.properties tomcat10-10.1.52/java/org/apache/catalina/authenticator/jaspic/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/jaspic/LocalStrings_ru.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/jaspic/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -18,4 +18,6 @@
authConfigFactoryImpl.zeroLengthAppContext=Название контекста приложения нулевой длины является недействительным
+persistentProviderRegistrations.deleteFail=Временный файл [{0}] не может быть удален
persistentProviderRegistrations.existsDeleteFail=Временный файл [{0}] уже существует и не может быть удалён
+persistentProviderRegistrations.moveFail=Невозможно переместить [{0}] в [{1}]
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/authenticator/jaspic/PersistentProviderRegistrations.java tomcat10-10.1.52/java/org/apache/catalina/authenticator/jaspic/PersistentProviderRegistrations.java
--- tomcat10-10.1.40/java/org/apache/catalina/authenticator/jaspic/PersistentProviderRegistrations.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/authenticator/jaspic/PersistentProviderRegistrations.java 2026-01-23 19:33:36.000000000 +0000
@@ -141,12 +141,12 @@
writer.write(" \n");
}
writer.write("\n");
- } catch (IOException e) {
+ } catch (IOException ioe) {
if (!configFileNew.delete()) {
Log log = LogFactory.getLog(PersistentProviderRegistrations.class);
log.warn(sm.getString("persistentProviderRegistrations.deleteFail", configFileNew.getAbsolutePath()));
}
- throw new SecurityException(e);
+ throw new SecurityException(ioe);
}
// Move the current file out of the way
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/ClientAbortException.java tomcat10-10.1.52/java/org/apache/catalina/connector/ClientAbortException.java
--- tomcat10-10.1.40/java/org/apache/catalina/connector/ClientAbortException.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/ClientAbortException.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
/**
* Extend IOException to identify it as being caused by an abort of a request by a remote client.
- *
- * @author Glenn L. Nielsen
*/
public final class ClientAbortException extends BadRequestException {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/Connector.java tomcat10-10.1.52/java/org/apache/catalina/connector/Connector.java
--- tomcat10-10.1.40/java/org/apache/catalina/connector/Connector.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/Connector.java 2026-01-23 19:33:36.000000000 +0000
@@ -29,22 +29,22 @@
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.Service;
-import org.apache.catalina.core.AprStatus;
import org.apache.catalina.util.LifecycleMBeanBase;
import org.apache.coyote.AbstractProtocol;
import org.apache.coyote.Adapter;
import org.apache.coyote.ProtocolHandler;
import org.apache.coyote.UpgradeProtocol;
import org.apache.coyote.http11.AbstractHttp11JsseProtocol;
-import org.apache.coyote.http11.AbstractHttp11Protocol;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.jni.AprStatus;
import org.apache.tomcat.util.IntrospectionUtils;
import org.apache.tomcat.util.buf.B2CConverter;
import org.apache.tomcat.util.buf.CharsetUtil;
import org.apache.tomcat.util.buf.EncodedSolidusHandling;
import org.apache.tomcat.util.buf.StringUtils;
import org.apache.tomcat.util.compat.JreCompat;
+import org.apache.tomcat.util.http.Method;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
@@ -53,9 +53,6 @@
/**
* Implementation of a Coyote connector.
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
public class Connector extends LifecycleMBeanBase {
@@ -64,6 +61,22 @@
public static final String INTERNAL_EXECUTOR_NAME = "Internal";
+ private static final boolean aprStatusPresent;
+
+ static {
+ /*
+ * The AprStatus class has to be in the org.apache.tomcat.jni package so it can be referenced by the OpenSSL
+ * clean-up code to avoid a race condition on shutdown between the AprLifecycleListener shutting down the Tomcat
+ * Native library along with any remaining open connections and the OpenSSL clean-up code shutting down an
+ * individual connection that can trigger a JVM crash.
+ *
+ * In some deployment scenarios AprStatus is not present - e.g. because tomcat-jni.jar is not present. To avoid
+ * a CNFE in this class on Connector initialisation when AprStatus is not present - and ugly work-arounds that
+ * try loading the class and catching the exception - use getResource() to see if AprStatus is present.
+ */
+ aprStatusPresent =
+ (Connector.class.getClassLoader().getResource("org/apache/tomcat/jni/AprStatus.class") != null);
+ }
// ------------------------------------------------------------ Constructor
@@ -212,6 +225,10 @@
*/
protected int maxParameterCount = 10000;
+ private int maxPartCount = 50;
+
+ private int maxPartHeaderSize = 512;
+
/**
* Maximum size of a POST which will be automatically parsed by the container. 2 MiB by default.
*/
@@ -227,7 +244,7 @@
* Comma-separated list of HTTP methods that will be parsed according to POST-style rules for
* application/x-www-form-urlencoded request bodies.
*/
- protected String parseBodyMethods = "POST";
+ protected String parseBodyMethods = Method.POST;
/**
* A Set of methods determined by {@link #parseBodyMethods}.
@@ -482,6 +499,26 @@
}
+ public int getMaxPartCount() {
+ return maxPartCount;
+ }
+
+
+ public void setMaxPartCount(int maxPartCount) {
+ this.maxPartCount = maxPartCount;
+ }
+
+
+ public int getMaxPartHeaderSize() {
+ return maxPartHeaderSize;
+ }
+
+
+ public void setMaxPartHeaderSize(int maxPartHeaderSize) {
+ this.maxPartHeaderSize = maxPartHeaderSize;
+ }
+
+
/**
* @return the maximum size of a POST which will be automatically parsed by the container.
*/
@@ -541,7 +578,7 @@
methodSet.addAll(Arrays.asList(StringUtils.splitCommaSeparated(methods)));
}
- if (methodSet.contains("TRACE")) {
+ if (methodSet.contains(Method.TRACE)) {
throw new IllegalArgumentException(sm.getString("coyoteConnector.parseBodyMethodNoTrace"));
}
@@ -1025,25 +1062,21 @@
setParseBodyMethods(getParseBodyMethods());
}
- if (JreCompat.isJre22Available() && OpenSSLStatus.getUseOpenSSL() && OpenSSLStatus.isAvailable() &&
- protocolHandler instanceof AbstractHttp11Protocol) {
- // Use FFM and OpenSSL if available
- AbstractHttp11JsseProtocol jsseProtocolHandler = (AbstractHttp11JsseProtocol) protocolHandler;
- if (jsseProtocolHandler.isSSLEnabled() && jsseProtocolHandler.getSslImplementationName() == null) {
- // OpenSSL is compatible with the JSSE configuration, so use it if it is available
- jsseProtocolHandler
- .setSslImplementationName("org.apache.tomcat.util.net.openssl.panama.OpenSSLImplementation");
- }
- } else if (AprStatus.isAprAvailable() && AprStatus.getUseOpenSSL() &&
- protocolHandler instanceof AbstractHttp11Protocol) {
- // Use tomcat-native and OpenSSL otherwise, if available
+ if (protocolHandler instanceof AbstractHttp11JsseProtocol) {
AbstractHttp11JsseProtocol jsseProtocolHandler = (AbstractHttp11JsseProtocol) protocolHandler;
if (jsseProtocolHandler.isSSLEnabled() && jsseProtocolHandler.getSslImplementationName() == null) {
- // OpenSSL is compatible with the JSSE configuration, so use it if APR is available
- jsseProtocolHandler.setSslImplementationName(OpenSSLImplementation.class.getName());
+ // If SSL is enabled and a specific implementation isn't specified, select the correct default.
+ if (JreCompat.isJre22Available() && OpenSSLStatus.getUseOpenSSL() && OpenSSLStatus.isAvailable()) {
+ // Use FFM and OpenSSL if available
+ jsseProtocolHandler.setSslImplementationName(
+ "org.apache.tomcat.util.net.openssl.panama.OpenSSLImplementation");
+ } else if (aprStatusPresent && AprStatus.isAprAvailable() && AprStatus.getUseOpenSSL()) {
+ // Use tomcat-native and OpenSSL otherwise, if available
+ jsseProtocolHandler.setSslImplementationName(OpenSSLImplementation.class.getName());
+ }
+ // Otherwise the default JSSE will be used
}
}
- // Otherwise the default JSSE will be used
try {
protocolHandler.init();
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/CoyoteAdapter.java tomcat10-10.1.52/java/org/apache/catalina/connector/CoyoteAdapter.java
--- tomcat10-10.1.40/java/org/apache/catalina/connector/CoyoteAdapter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/CoyoteAdapter.java 2026-01-23 19:33:36.000000000 +0000
@@ -48,6 +48,7 @@
import org.apache.tomcat.util.buf.CharChunk;
import org.apache.tomcat.util.buf.HexUtils;
import org.apache.tomcat.util.buf.MessageBytes;
+import org.apache.tomcat.util.http.Method;
import org.apache.tomcat.util.http.ServerCookie;
import org.apache.tomcat.util.http.ServerCookies;
import org.apache.tomcat.util.net.SSLSupport;
@@ -57,9 +58,6 @@
/**
* Implementation of a request processor which delegates the processing to a Coyote processor.
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
public class CoyoteAdapter implements Adapter {
@@ -260,9 +258,9 @@
}
success = false;
}
- } catch (IOException e) {
+ } catch (IOException ioe) {
+ // Issues that should be logged will have already been logged
success = false;
- // Ignore
} catch (Throwable t) {
ExceptionUtils.handleThrowable(t);
success = false;
@@ -373,8 +371,8 @@
response.finishResponse();
}
- } catch (IOException e) {
- // Ignore
+ } catch (IOException ignore) {
+ // Issues that should be logged will have already been logged
} finally {
AtomicBoolean error = new AtomicBoolean(false);
res.action(ActionCode.IS_ERROR, error);
@@ -595,7 +593,7 @@
// Check for ping OPTIONS * request
if (undecodedURI.equals("*")) {
- if (req.method().equals("OPTIONS")) {
+ if (Method.OPTIONS.equals(req.getMethod())) {
StringBuilder allow = new StringBuilder();
allow.append("GET, HEAD, POST, PUT, DELETE, OPTIONS");
// Trace if allowed
@@ -614,7 +612,7 @@
MessageBytes decodedURI = req.decodedURI();
// Filter CONNECT method
- if (req.method().equals("CONNECT")) {
+ if (Method.CONNECT.equals(req.getMethod())) {
response.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, sm.getString("coyoteAdapter.connect"));
} else {
// No URI for CONNECT requests
@@ -782,8 +780,8 @@
// point.
try {
Thread.sleep(1000);
- } catch (InterruptedException e) {
- // Should never happen
+ } catch (InterruptedException ignore) {
+ // Should never happen but, if it does, just continue looping
}
// Reset mapping
request.getMappingData().recycle();
@@ -813,14 +811,14 @@
}
// Filter TRACE method
- if (!connector.getAllowTrace() && req.method().equals("TRACE")) {
+ if (!connector.getAllowTrace() && Method.TRACE.equals(req.getMethod())) {
Wrapper wrapper = request.getWrapper();
StringBuilder header = null;
if (wrapper != null) {
String[] methods = wrapper.getServletMethods();
if (methods != null) {
for (String method : methods) {
- if ("TRACE".equals(method)) {
+ if (Method.TRACE.equals(method)) {
continue;
}
if (header == null) {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/CoyoteInputStream.java tomcat10-10.1.52/java/org/apache/catalina/connector/CoyoteInputStream.java
--- tomcat10-10.1.40/java/org/apache/catalina/connector/CoyoteInputStream.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/CoyoteInputStream.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,8 +31,6 @@
/**
* This class handles reading bytes.
- *
- * @author Remy Maucherat
*/
public class CoyoteInputStream extends ServletInputStream {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/CoyoteOutputStream.java tomcat10-10.1.52/java/org/apache/catalina/connector/CoyoteOutputStream.java
--- tomcat10-10.1.40/java/org/apache/catalina/connector/CoyoteOutputStream.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/CoyoteOutputStream.java 2026-01-23 19:33:36.000000000 +0000
@@ -27,9 +27,6 @@
/**
* Coyote implementation of the servlet output stream.
- *
- * @author Costin Manolache
- * @author Remy Maucherat
*/
public class CoyoteOutputStream extends ServletOutputStream {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/CoyotePrincipal.java tomcat10-10.1.52/java/org/apache/catalina/connector/CoyotePrincipal.java
--- tomcat10-10.1.40/java/org/apache/catalina/connector/CoyotePrincipal.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/CoyotePrincipal.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,8 +22,6 @@
/**
* Generic implementation of java.security.Principal that is used to represent principals authenticated
* at the protocol handler level.
- *
- * @author Remy Maucherat
*/
public class CoyotePrincipal implements Principal, Serializable {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/CoyoteReader.java tomcat10-10.1.52/java/org/apache/catalina/connector/CoyoteReader.java
--- tomcat10-10.1.40/java/org/apache/catalina/connector/CoyoteReader.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/CoyoteReader.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,8 +22,6 @@
/**
* Coyote implementation of the buffered reader.
- *
- * @author Remy Maucherat
*/
public class CoyoteReader extends BufferedReader {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/CoyoteWriter.java tomcat10-10.1.52/java/org/apache/catalina/connector/CoyoteWriter.java
--- tomcat10-10.1.40/java/org/apache/catalina/connector/CoyoteWriter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/CoyoteWriter.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,8 +21,6 @@
/**
* Coyote implementation of the servlet writer.
- *
- * @author Remy Maucherat
*/
public class CoyoteWriter extends PrintWriter {
@@ -91,8 +89,8 @@
try {
ob.flush();
- } catch (IOException e) {
- setErrorException(e);
+ } catch (IOException ioe) {
+ setErrorException(ioe);
}
}
@@ -105,7 +103,7 @@
// so the stream can be reused. We close ob.
try {
ob.close();
- } catch (IOException ex) {
+ } catch (IOException ignore) {
// Ignore
}
error = false;
@@ -129,8 +127,8 @@
try {
ob.write(c);
- } catch (IOException e) {
- setErrorException(e);
+ } catch (IOException ioe) {
+ setErrorException(ioe);
}
}
@@ -145,8 +143,8 @@
try {
ob.write(buf, off, len);
- } catch (IOException e) {
- setErrorException(e);
+ } catch (IOException ioe) {
+ setErrorException(ioe);
}
}
@@ -167,8 +165,8 @@
try {
ob.write(s, off, len);
- } catch (IOException e) {
- setErrorException(e);
+ } catch (IOException ioe) {
+ setErrorException(ioe);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/InputBuffer.java tomcat10-10.1.52/java/org/apache/catalina/connector/InputBuffer.java
--- tomcat10-10.1.40/java/org/apache/catalina/connector/InputBuffer.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/InputBuffer.java 2026-01-23 19:33:36.000000000 +0000
@@ -48,8 +48,6 @@
* The buffer used by Tomcat request. This is a derivative of the Tomcat 3.3 OutputBuffer, adapted to handle input
* instead of output. This allows complete recycling of the facade objects (the ServletInputStream and the
* BufferedReader).
- *
- * @author Remy Maucherat
*/
public class InputBuffer extends Reader implements ByteChunk.ByteInputChannel, ApplicationBufferHandler {
@@ -60,6 +58,8 @@
private static final Log log = LogFactory.getLog(InputBuffer.class);
+ private static final ByteBuffer EMPTY_BUFFER = ByteBuffer.allocate(0);
+
public static final int DEFAULT_BUFFER_SIZE = 8 * 1024;
// The buffer can be used for byte[] and char[] reading
@@ -76,8 +76,11 @@
// ----------------------------------------------------- Instance Variables
- /**
- * The byte buffer.
+ /*
+ * The byte buffer. Data is always injected into this class by calling {@link #setByteBuffer(ByteBuffer)} rather
+ * than copying data into any existing buffer. It is initialised to an empty buffer as there are code paths that
+ * access the buffer when it is expected to be empty and an empty buffer gives cleaner code than lots of null
+ * checks.
*/
private ByteBuffer bb;
@@ -151,8 +154,8 @@
public InputBuffer(int size) {
this.size = size;
- bb = ByteBuffer.allocate(size);
- clear(bb);
+ // Will be replaced when there is data to read so initialise to empty buffer.
+ bb = EMPTY_BUFFER;
cb = CharBuffer.allocate(size);
clear(cb);
readLimit = size;
@@ -191,7 +194,11 @@
}
readLimit = size;
markPos = -1;
- clear(bb);
+ /*
+ * This buffer will have been replaced if there was data to read so re-initialise to an empty buffer to clear
+ * any reference to an injected buffer.
+ */
+ bb = EMPTY_BUFFER;
closed = false;
if (conv != null) {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/LocalStrings.properties tomcat10-10.1.52/java/org/apache/catalina/connector/LocalStrings.properties
--- tomcat10-10.1.40/java/org/apache/catalina/connector/LocalStrings.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/LocalStrings.properties 2026-01-23 19:33:36.000000000 +0000
@@ -62,6 +62,7 @@
coyoteRequest.noAsync=Unable to start async because the following classes in the processing chain do not support async [{0}]
coyoteRequest.noMultipartConfig=Unable to process parts as no multi-part configuration has been provided
coyoteRequest.parseParameters=Exception thrown whilst processing POSTed parameters
+coyoteRequest.partsParseException=Exception [{0}] occurred parsing parts and will be thrown
coyoteRequest.postTooLarge=Parameters were not parsed because the size of the posted data was too big. Use the maxPostSize attribute of the connector to resolve this if the application should accept large POSTs.
coyoteRequest.sendfileNotCanonical=Unable to determine canonical name of file [{0}] specified for use with sendfile
coyoteRequest.sessionCreateCommitted=Cannot create a session after the response has been committed
@@ -91,6 +92,7 @@
request.fragmentInDispatchPath=The fragment in dispatch path [{0}] has been removed
request.illegalWrap=The request wrapper must wrap the request obtained from getRequest()
request.notAsync=It is illegal to call this method if the current request is not in asynchronous mode (i.e. isAsyncStarted() returns false)
+request.partCleanup.failed=Unable to delete temporary file for uploaded part after multi-part processing failed
request.session.failed=Failed to load session [{0}] due to [{1}]
requestFacade.nullRequest=The request object has been recycled and is no longer associated with this facade
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/LocalStrings_es.properties tomcat10-10.1.52/java/org/apache/catalina/connector/LocalStrings_es.properties
--- tomcat10-10.1.40/java/org/apache/catalina/connector/LocalStrings_es.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/LocalStrings_es.properties 2026-01-23 19:33:36.000000000 +0000
@@ -38,7 +38,7 @@
coyoteRequest.attributeEvent=Excepción lanzada mediante el escuchador de eventos de atributos
coyoteRequest.authenticate.ise=No puedo llamar a authenticate() tras haberse acometido la respuesta
coyoteRequest.changeSessionId=No se puede cambiar el ID de sesión. No hay sesión asociada con esta solicitud
-coyoteRequest.chunkedPostTooLarge=No se han analizado los parámetros porque la medida de los datos enviados meiante "post" era demasiado grande. Debido a que este requerimiento es una parte del original, no puede ser procesado. Utiliza el atributo "maxPostSize" del conector para resolver esta situación, en caso de que la aplicación deba de aceptar POSTs mayores.
+coyoteRequest.chunkedPostTooLarge=No se han analizado los parámetros porque la medida de los datos enviados meiante POST era demasiado grande. Debido a que este requerimiento es una parte del original, no puede ser procesado. Utiliza el atributo "maxPostSize" del conector para resolver esta situación, en caso de que la aplicación deba de aceptar POSTs mayores.
coyoteRequest.filterAsyncSupportUnknown=Imposible determinar si algún filtro no soporta procesamiento asincrónico
coyoteRequest.getInputStream.ise=getReader() ya ha sido llamado para este requerimiento
coyoteRequest.getReader.ise=getInputStream() ya ha sido llamado para este requerimiento
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/LocalStrings_fr.properties tomcat10-10.1.52/java/org/apache/catalina/connector/LocalStrings_fr.properties
--- tomcat10-10.1.40/java/org/apache/catalina/connector/LocalStrings_fr.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/LocalStrings_fr.properties 2026-01-23 19:33:36.000000000 +0000
@@ -62,6 +62,7 @@
coyoteRequest.noAsync=Impossible de démarrer le mode asynchrone car les classes [{0}] de la chaîne de traitement ne le supportent pas
coyoteRequest.noMultipartConfig=Impossible de traiter des parties, parce qu'aucune configuration multi-parties n'a été fournie
coyoteRequest.parseParameters=Exception lors du traitement des paramètres envoyés par POST
+coyoteRequest.partsParseException=Une exception [{0}] s''est produite lors du traitement des portions du message et sera lancée
coyoteRequest.postTooLarge=Les paramètres n'ont pas été évalués car la taille des données postées est trop important. Utilisez l'attribut maxPostSize du connecteur pour corriger ce problème si votre application doit accepter des POSTs importants.
coyoteRequest.sendfileNotCanonical=Impossible d''obtenir le nom canonique du fichier [{0}] qui a été donné pour le sendfile
coyoteRequest.sessionCreateCommitted=Impossible de créer une session après que la réponse ait été envoyée
@@ -91,6 +92,7 @@
request.fragmentInDispatchPath=Le fragment dans le chemin de dispatch [{0}] a été enlevé
request.illegalWrap=L'enrobeur de la réponse doit enrober la requête obtenue à partir de getRequest()
request.notAsync=Il est interdit d'appeler cette méthode si la requête actuelle n'est pas en mode asynchrone (isAsyncStarted() a renvoyé false)
+request.partCleanup.failed=Impossible d'effacer le fichier temporaire pour la partie envoyée après l'échec de traitement du multi partie
request.session.failed=Erreur de chargement de la session [{0}] à cause de [{1}]
requestFacade.nullRequest=L'objet requête a été recyclé et n'est plus associé à cette façade
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/LocalStrings_ja.properties tomcat10-10.1.52/java/org/apache/catalina/connector/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/org/apache/catalina/connector/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -62,8 +62,9 @@
coyoteRequest.noAsync=処理チェーン内の次のクラスが非同期をサポートしていないため、非同期を開始できません [{0}]
coyoteRequest.noMultipartConfig=multi-part 構成が提供されていないため、partを処理できません
coyoteRequest.parseParameters=POST パラメーターの処理中に例外を投げました。
+coyoteRequest.partsParseException=パートの解析中に例外 [{0}] が発生しました
coyoteRequest.postTooLarge=POSTされたデータが大きすぎたので、パラメータが構文解析できませんでした。そのアプリケーションが巨大なPOSTを受け付けねばならない場合には、これを解決するためにコネクタのmaxPostSize属性を使用してください。
-coyoteRequest.sendfileNotCanonical=sendfile に指定されたファイル [{0}] の正式名を取得できません
+coyoteRequest.sendfileNotCanonical=sendfile に指定されたファイル [{0}] の正規名を取得できません
coyoteRequest.sessionCreateCommitted=レスポンスをコミットした後でセッションを作成できません
coyoteRequest.sessionEndAccessFail=リクエストの再利用中に行ったセッションへのアクセス終了処理で例外が送出されました。
coyoteRequest.setAttribute.namenull=setAttributeを名前を指定せずに呼び出すことはできません
@@ -91,6 +92,7 @@
request.fragmentInDispatchPath=ディスパッチパス [{0}] 中のフラグメントは除去されました
request.illegalWrap=リクエストラッパーは getRequest() で取得したリクエストをラップしなければなりません。
request.notAsync=非同期モードではないリクエストでこのメソッドを呼び出すことはできません。(例えば isAsyncStarted() が false を返す場合)
+request.partCleanup.failed=マルチパート処理が失敗した後、アップロードされたパートのテンポラリファイルを削除できませんでした
request.session.failed=[{1}]が原因で、セッション[{0}]の読み込みに失敗しました
requestFacade.nullRequest=リクエストオブジェクトは回収されこのファサードに関連付けられなくなりました。
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/LocalStrings_ru.properties tomcat10-10.1.52/java/org/apache/catalina/connector/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/org/apache/catalina/connector/LocalStrings_ru.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -25,5 +25,6 @@
coyoteInputStream.nbNotready=В неблокирующем режиме невозможно читать из ServletInputStream до тех пор пока не завершится предыдущее чтение и IsReady() не вернёт true
+coyoteRequest.changeSessionId=Невозможно изменить ID сессии. Нет сессии связаной с этим запросом.
coyoteRequest.sendfileNotCanonical=Невозможно определить каноническое имя файла [{0}] указанное для использования с sendfile
coyoteRequest.sessionEndAccessFail=Исключение вызвало прекращение доступа к сессии при очистке запроса
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/OutputBuffer.java tomcat10-10.1.52/java/org/apache/catalina/connector/OutputBuffer.java
--- tomcat10-10.1.40/java/org/apache/catalina/connector/OutputBuffer.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/OutputBuffer.java 2026-01-23 19:33:36.000000000 +0000
@@ -37,14 +37,12 @@
import org.apache.coyote.Response;
import org.apache.tomcat.util.buf.B2CConverter;
import org.apache.tomcat.util.buf.C2BConverter;
+import org.apache.tomcat.util.http.Method;
import org.apache.tomcat.util.res.StringManager;
/**
* The buffer used by Tomcat response. This is a derivative of the Tomcat 3.3 OutputBuffer, with the removal of some of
* the state handling (which in Coyote is mostly the Processor's responsibility).
- *
- * @author Costin Manolache
- * @author Remy Maucherat
*/
public class OutputBuffer extends Writer {
@@ -238,8 +236,8 @@
// - the content length has not been explicitly set
// AND
// - some content has been written OR this is NOT a HEAD request
- if ((!coyoteResponse.isCommitted()) && (coyoteResponse.getContentLengthLong() == -1) &&
- ((bb.remaining() > 0 || !coyoteResponse.getRequest().method().equals("HEAD")))) {
+ if (!coyoteResponse.isCommitted() && coyoteResponse.getContentLengthLong() == -1 &&
+ (bb.remaining() > 0 || !Method.HEAD.equals(coyoteResponse.getRequest().getMethod()))) {
coyoteResponse.setContentLength(bb.remaining());
}
@@ -335,11 +333,11 @@
// Prevent further output for this response
closed = true;
throw e;
- } catch (IOException e) {
+ } catch (IOException ioe) {
// An IOException on a write is almost always due to
// the remote client aborting the request. Wrap this
// so that it can be handled better by the error dispatcher.
- throw new ClientAbortException(e);
+ throw new ClientAbortException(ioe);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/Request.java tomcat10-10.1.52/java/org/apache/catalina/connector/Request.java
--- tomcat10-10.1.40/java/org/apache/catalina/connector/Request.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/Request.java 2026-01-23 19:33:36.000000000 +0000
@@ -111,6 +111,7 @@
import org.apache.tomcat.util.http.fileupload.FileItem;
import org.apache.tomcat.util.http.fileupload.FileUpload;
import org.apache.tomcat.util.http.fileupload.disk.DiskFileItemFactory;
+import org.apache.tomcat.util.http.fileupload.impl.FileCountLimitExceededException;
import org.apache.tomcat.util.http.fileupload.impl.InvalidContentTypeException;
import org.apache.tomcat.util.http.fileupload.impl.SizeException;
import org.apache.tomcat.util.http.fileupload.servlet.ServletRequestContext;
@@ -124,9 +125,6 @@
/**
* Wrapper object for the Coyote request.
- *
- * @author Remy Maucherat
- * @author Craig R. McClanahan
*/
public class Request implements HttpServletRequest {
@@ -143,6 +141,11 @@
*/
public Request(Connector connector) {
this.connector = connector;
+ if (connector != null) {
+ maxParameterCount = connector.getMaxParameterCount();
+ maxPartCount = connector.getMaxPartCount();
+ maxPartHeaderSize = connector.getMaxPartHeaderSize();
+ }
}
@@ -411,14 +414,22 @@
private HttpServletRequest applicationRequest = null;
+ /**
+ * The maximum number of request parameters
+ */
+ private int maxParameterCount = -1;
+
+ private int maxPartCount = -1;
+
+ private int maxPartHeaderSize = -1;
// --------------------------------------------------------- Public Methods
- protected void addPathParameter(String name, String value) {
+ public void addPathParameter(String name, String value) {
coyoteRequest.addPathParameter(name, value);
}
- protected String getPathParameter(String name) {
+ public String getPathParameter(String name) {
return coyoteRequest.getPathParameter(name);
}
@@ -441,6 +452,15 @@
userPrincipal = null;
subject = null;
parametersParsed = false;
+ if (connector != null) {
+ maxParameterCount = connector.getMaxParameterCount();
+ maxPartCount = connector.getMaxPartCount();
+ maxPartHeaderSize = connector.getMaxPartHeaderSize();
+ } else {
+ maxParameterCount = -1;
+ maxPartCount = -1;
+ maxPartHeaderSize = -1;
+ }
if (parts != null) {
for (Part part : parts) {
try {
@@ -505,7 +525,7 @@
}
- protected void recycleSessionInfo() {
+ public void recycleSessionInfo() {
if (session != null) {
try {
session.endAccess();
@@ -829,6 +849,36 @@
}
+ /**
+ * Set the maximum number of request parameters (GET plus POST including multipart) for a single request.
+ *
+ * @param maxParameterCount The maximum number of request parameters
+ */
+ public void setMaxParameterCount(int maxParameterCount) {
+ this.maxParameterCount = maxParameterCount;
+ }
+
+
+ /**
+ * Set the maximum number of parts for a single multipart request.
+ *
+ * @param maxPartCount The maximum number of request parts
+ */
+ public void setMaxPartCount(int maxPartCount) {
+ this.maxPartCount = maxPartCount;
+ }
+
+
+ /**
+ * Set the maximum header size per part for a single multipart request.
+ *
+ * @param maxPartHeaderSize The maximum size of the headers for one part
+ */
+ public void setMaxPartHeaderSize(int maxPartHeaderSize) {
+ this.maxPartHeaderSize = maxPartHeaderSize;
+ }
+
+
// ------------------------------------------------- ServletRequest Methods
@Override
@@ -900,8 +950,8 @@
* {@inheritDoc}
*
* The attribute names returned will only be those for the attributes set via {@link #setAttribute(String, Object)}.
- * Tomcat internal attributes will not be included even though they are accessible via {@link #getAttribute(String)}.
- * The Tomcat internal attributes include:
+ * Tomcat internal attributes will not be included even though they are accessible via
+ * {@link #getAttribute(String)}. The Tomcat internal attributes include:
*
*
{@link Globals#DISPATCHER_TYPE_ATTR}
*
{@link Globals#DISPATCHER_REQUEST_PATH_ATTR}
@@ -1381,8 +1431,8 @@
String canonicalPath;
try {
canonicalPath = new File(value.toString()).getCanonicalPath();
- } catch (IOException e) {
- throw new SecurityException(sm.getString("coyoteRequest.sendfileNotCanonical", value), e);
+ } catch (IOException ioe) {
+ throw new SecurityException(sm.getString("coyoteRequest.sendfileNotCanonical", value), ioe);
}
// Sendfile is performed in Tomcat's security context so need to
// check if the web app is permitted to access the file while still
@@ -2110,7 +2160,7 @@
@Override
public String getMethod() {
- return coyoteRequest.method().toStringType();
+ return coyoteRequest.getMethod();
}
@@ -2252,8 +2302,8 @@
Session session = null;
try {
session = manager.findSession(requestedSessionId);
- } catch (IOException e) {
- // Can't find the session
+ } catch (IOException ignore) {
+ // Error looking up session. Treat it as not found.
}
if ((session == null) || !session.isValid()) {
@@ -2265,8 +2315,8 @@
if (ctxt.getManager().findSession(requestedSessionId) != null) {
return true;
}
- } catch (IOException e) {
- // Ignore
+ } catch (IOException ignore) {
+ // Error looking up session. Treat it as not found.
}
}
}
@@ -2484,6 +2534,11 @@
parseParts(true);
if (partsParseException != null) {
+ Context context = getContext();
+ if (context != null && context.getLogger().isDebugEnabled()) {
+ context.getLogger()
+ .debug(sm.getString("coyoteRequest.partsParseException", partsParseException.getMessage()));
+ }
if (partsParseException instanceof IOException) {
throw (IOException) partsParseException;
} else if (partsParseException instanceof IllegalStateException) {
@@ -2514,15 +2569,33 @@
} else {
if (explicit) {
partsParseException = new IllegalStateException(sm.getString("coyoteRequest.noMultipartConfig"));
- return;
} else {
parts = Collections.emptyList();
- return;
}
+ return;
}
}
- int maxParameterCount = getConnector().getMaxParameterCount();
+ /*
+ * When the request body is multipart/form-data, both the parts and the query string count towards
+ * maxParameterCount. If parseParts() is called before getParameterXXX() then the parts will be parsed before
+ * the query string. Otherwise, the query string will be parsed first.
+ *
+ * maxParameterCount must be respected regardless of which is parsed first.
+ *
+ * maxParameterCount is reset from the Connector at the start of every request.
+ *
+ * If parts are parsed first, non-file parts will be added to the parameter map and any files will reduce
+ * maxParameterCount by 1 so that when the query string is parsed the difference between the size of the
+ * parameter map and maxParameterCount will be the original maxParameterCount less the number of parts. i.e. the
+ * maxParameterCount applied to the query string will be the original maxParameterCount less the number of
+ * parts.
+ *
+ * If the query string is parsed first, all parameters will be added to the parameter map and, ignoring
+ * maxPartCount, the part limit will be set to the original maxParameterCount less the size of the parameter
+ * map. i.e. the maxParameterCount applied to the parts will be the original maxParameterCount less the number
+ * of query parameters.
+ */
Parameters parameters = coyoteRequest.getParameters();
parameters.setLimit(maxParameterCount);
@@ -2571,35 +2644,53 @@
upload.setFileItemFactory(factory);
upload.setFileSizeMax(mce.getMaxFileSize());
upload.setSizeMax(mce.getMaxRequestSize());
- if (maxParameterCount > -1) {
- // There is a limit. The limit for parts needs to be reduced by
- // the number of parameters we have already parsed.
- // Must be under the limit else parsing parameters would have
- // triggered an exception.
- upload.setFileCountMax(maxParameterCount - parameters.size());
+ upload.setPartHeaderSizeMax(maxPartHeaderSize);
+ /*
+ * There are two independent limits on the number of parts.
+ *
+ * 1. The limit based on parameters. This is maxParameterCount less the number of parameters already
+ * processed.
+ *
+ * 2. The limit based on parts. This is maxPartCount.
+ *
+ * The lower of these two limits will be applied to this request.
+ *
+ * Note: Either of both limits may be set to -1 (unlimited).
+ */
+ int partLimit = maxParameterCount;
+ if (partLimit > -1) {
+ partLimit = partLimit - parameters.size();
+ }
+ int maxPartCount = this.maxPartCount;
+ if (maxPartCount > -1) {
+ if (partLimit < 0 || partLimit > maxPartCount) {
+ partLimit = maxPartCount;
+ }
}
+ upload.setFileCountMax(partLimit);
parts = new ArrayList<>();
+ List items = null;
try {
- List items = upload.parseRequest(new ServletRequestContext(this));
+ items = upload.parseRequest(new ServletRequestContext(this));
int maxPostSize = getConnector().getMaxPostSize();
- int postSize = 0;
+ long postSize = 0;
Charset charset = getCharset();
for (FileItem item : items) {
ApplicationPart part = new ApplicationPart(item, location);
- parts.add(part);
if (part.getSubmittedFileName() == null) {
String name = part.getName();
if (maxPostSize >= 0) {
// Have to calculate equivalent size. Not completely
// accurate but close enough.
- postSize += name.getBytes(charset).length;
+ // Name
+ postSize = Math.addExact(postSize, name.getBytes(charset).length);
// Equals sign
- postSize++;
+ postSize = Math.addExact(postSize, 1);
// Value length
- postSize += part.getSize();
+ postSize = Math.addExact(postSize, part.getSize());
// Value separator
- postSize++;
+ postSize = Math.addExact(postSize, 1);
if (postSize > maxPostSize) {
parameters.setParseFailedReason(FailReason.POST_TOO_LARGE);
throw new IllegalStateException(sm.getString("coyoteRequest.maxPostSizeExceeded"));
@@ -2612,24 +2703,46 @@
// Not possible
}
parameters.addParameter(name, value);
+ } else {
+ // Adjust the limit to account for a file part which is not added to the parameter map.
+ maxParameterCount--;
}
+ parts.add(part);
}
success = true;
} catch (InvalidContentTypeException e) {
parameters.setParseFailedReason(FailReason.INVALID_CONTENT_TYPE);
partsParseException = new ServletException(e);
- } catch (SizeException e) {
+ } catch (SizeException | FileCountLimitExceededException e) {
parameters.setParseFailedReason(FailReason.POST_TOO_LARGE);
checkSwallowInput();
partsParseException = new IllegalStateException(e);
- } catch (IOException e) {
+ } catch (IOException ioe) {
parameters.setParseFailedReason(FailReason.IO_ERROR);
- partsParseException = e;
+ partsParseException = ioe;
} catch (IllegalStateException e) {
// addParameters() will set parseFailedReason
checkSwallowInput();
partsParseException = e;
+ } finally {
+ /*
+ * GC will delete any temporary copies of uploaded files left in the work directory but if we know that
+ * the upload has failed then explicitly clean up now.
+ */
+ if (!success) {
+ parts.clear();
+ if (items != null) {
+ for (FileItem item : items) {
+ try {
+ item.delete();
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ log.warn(sm.getString("request.partCleanup.failed"), t);
+ }
+ }
+ }
+ }
}
} finally {
// This might look odd but is correct. setParseFailedReason() only
@@ -2680,11 +2793,11 @@
if (requestedSessionId != null) {
try {
session = manager.findSession(requestedSessionId);
- } catch (IOException e) {
+ } catch (IOException ioe) {
if (log.isDebugEnabled()) {
- log.debug(sm.getString("request.session.failed", requestedSessionId, e.getMessage()), e);
+ log.debug(sm.getString("request.session.failed", requestedSessionId, ioe.getMessage()), ioe);
} else {
- log.info(sm.getString("request.session.failed", requestedSessionId, e.getMessage()));
+ log.info(sm.getString("request.session.failed", requestedSessionId, ioe.getMessage()));
}
session = null;
}
@@ -2693,6 +2806,8 @@
}
if (session != null) {
session.access();
+ // The client has chosen to join the session
+ session.setNew(false);
return session;
}
}
@@ -2733,9 +2848,8 @@
found = true;
break;
}
- } catch (IOException e) {
- // Ignore. Problems with this manager will be
- // handled elsewhere.
+ } catch (IOException ignore) {
+ // Error looking up session. Treat it as not found.
}
}
}
@@ -2845,7 +2959,7 @@
scookie.getValue().getByteChunk().setCharset(getCookieProcessor().getCharset());
cookie.setValue(unescape(scookie.getValue().toString()));
cookies[idx++] = cookie;
- } catch (IllegalArgumentException e) {
+ } catch (IllegalArgumentException ignore) {
// Ignore bad cookie
}
}
@@ -2864,14 +2978,30 @@
parametersParsed = true;
+ /*
+ * When the request body is multipart/form-data, both the parts and the query string count towards
+ * maxParameterCount. If parseParts() is called before getParameterXXX() then the parts will be parsed before
+ * the query string. Otherwise, the query string will be parsed first.
+ *
+ * maxParameterCount must be respected regardless of which is parsed first.
+ *
+ * maxParameterCount is reset from the Connector at the start of every request.
+ *
+ * If parts are parsed first, non-file parts will be added to the parameter map and any files will reduce
+ * maxParameterCount by 1 so that when the query string is parsed the difference between the size of the
+ * parameter map and maxParameterCount will be the original maxParameterCount less the number of parts. i.e. the
+ * maxParameterCount applied to the query string will be the original maxParameterCount less the number of
+ * parts.
+ *
+ * If the query string is parsed first, all parameters will be added to the parameter map and, ignoring
+ * maxPartCount, the part limit will be set to the original maxParameterCount less the size of the parameter
+ * map. i.e. the maxParameterCount applied to the parts will be the original maxParameterCount less the number
+ * of query parameters.
+ */
Parameters parameters = coyoteRequest.getParameters();
boolean success = false;
try {
// Set this every time in case limit has been changed via JMX
- int maxParameterCount = getConnector().getMaxParameterCount();
- if (parts != null && maxParameterCount > 0) {
- maxParameterCount -= parts.size();
- }
parameters.setLimit(maxParameterCount);
// getCharacterEncoding() may have been overridden to search for
@@ -2935,17 +3065,18 @@
}
try {
readPostBodyFully(formData, len);
- } catch (IOException e) {
+ } catch (IOException ioe) {
// Client disconnect
Context context = getContext();
if (context != null && context.getLogger().isDebugEnabled()) {
- context.getLogger().debug(sm.getString("coyoteRequest.parseParameters"), e);
+ context.getLogger().debug(sm.getString("coyoteRequest.parseParameters"), ioe);
}
parameters.setParseFailedReason(FailReason.CLIENT_DISCONNECT);
return;
}
parameters.processParameters(formData, 0, len);
- } else if ("chunked".equalsIgnoreCase(coyoteRequest.getHeader("transfer-encoding"))) {
+ } else if (coyoteRequest.protocol().equals("HTTP/2.0") ||
+ "chunked".equalsIgnoreCase(coyoteRequest.getHeader("transfer-encoding"))) {
byte[] formData = null;
try {
formData = readChunkedPostBody();
@@ -2957,12 +3088,12 @@
context.getLogger().debug(sm.getString("coyoteRequest.parseParameters"), ise);
}
return;
- } catch (IOException e) {
+ } catch (IOException ioe) {
// Client disconnect
parameters.setParseFailedReason(FailReason.CLIENT_DISCONNECT);
Context context = getContext();
if (context != null && context.getLogger().isDebugEnabled()) {
- context.getLogger().debug(sm.getString("coyoteRequest.parseParameters"), e);
+ context.getLogger().debug(sm.getString("coyoteRequest.parseParameters"), ioe);
}
return;
}
@@ -3107,7 +3238,7 @@
List acceptLanguages;
try {
acceptLanguages = AcceptLanguage.parse(new StringReader(value));
- } catch (IOException e) {
+ } catch (IOException ioe) {
// Mal-formed headers are ignore. Do the same in the unlikely event
// of an IOException.
return;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/RequestFacade.java tomcat10-10.1.52/java/org/apache/catalina/connector/RequestFacade.java
--- tomcat10-10.1.40/java/org/apache/catalina/connector/RequestFacade.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/RequestFacade.java 2026-01-23 19:33:36.000000000 +0000
@@ -49,9 +49,6 @@
/**
* Facade class that wraps a Coyote request object. All methods are delegated to the wrapped request.
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
public class RequestFacade implements HttpServletRequest {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/Response.java tomcat10-10.1.52/java/org/apache/catalina/connector/Response.java
--- tomcat10-10.1.40/java/org/apache/catalina/connector/Response.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/Response.java 2026-01-23 19:33:36.000000000 +0000
@@ -67,9 +67,6 @@
/**
* Wrapper object for the Coyote response.
- *
- * @author Remy Maucherat
- * @author Craig R. McClanahan
*/
public class Response implements HttpServletResponse {
@@ -1404,8 +1401,8 @@
redirectURLCC.append(':');
redirectURLCC.append(location, 0, location.length());
return redirectURLCC.toString();
- } catch (IOException e) {
- throw new IllegalArgumentException(location, e);
+ } catch (IOException ioe) {
+ throw new IllegalArgumentException(location, ioe);
}
} else if (leadingSlash || !UriUtil.hasScheme(location)) {
@@ -1446,8 +1443,8 @@
redirectURLCC.append(location, 0, location.length());
normalize(redirectURLCC);
- } catch (IOException e) {
- throw new IllegalArgumentException(location, e);
+ } catch (IOException ioe) {
+ throw new IllegalArgumentException(location, ioe);
}
return redirectURLCC.toString();
@@ -1481,8 +1478,8 @@
if (cc.endsWith("/.") || cc.endsWith("/..")) {
try {
cc.append('/');
- } catch (IOException e) {
- throw new IllegalArgumentException(cc.toString(), e);
+ } catch (IOException ioe) {
+ throw new IllegalArgumentException(cc.toString(), ioe);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/connector/ResponseFacade.java tomcat10-10.1.52/java/org/apache/catalina/connector/ResponseFacade.java
--- tomcat10-10.1.40/java/org/apache/catalina/connector/ResponseFacade.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/connector/ResponseFacade.java 2026-01-23 19:33:36.000000000 +0000
@@ -37,8 +37,6 @@
/**
* Facade class that wraps a Coyote response object. All methods are delegated to the wrapped response.
- *
- * @author Remy Maucherat
*/
public class ResponseFacade implements HttpServletResponse {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationContext.java tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationContext.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationContext.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationContext.java 2026-01-23 19:33:36.000000000 +0000
@@ -83,9 +83,6 @@
/**
* Standard implementation of ServletContext that represents a web application's execution environment. An
* instance of this class is associated with each instance of StandardContext.
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
public class ApplicationContext implements ServletContext {
@@ -374,7 +371,7 @@
// From this point, the removal of path parameters, decoding and normalization is only for mapping purposes.
// Remove path parameters
- String uriToMap = stripPathParams(uri);
+ String uriToMap = org.apache.catalina.util.RequestUtil.stripPathParams(uri, null);
// Decode only if the uri derived from the provided path is expected to be encoded
if (getContext().getDispatchersUseEncodedPaths()) {
@@ -449,34 +446,6 @@
}
- // Package private to facilitate testing
- static String stripPathParams(String input) {
- // Shortcut
- if (input.indexOf(';') < 0) {
- return input;
- }
-
- StringBuilder sb = new StringBuilder(input.length());
- int pos = 0;
- int limit = input.length();
- while (pos < limit) {
- int nextSemiColon = input.indexOf(';', pos);
- if (nextSemiColon < 0) {
- nextSemiColon = limit;
- }
- sb.append(input, pos, nextSemiColon);
- int followingSlash = input.indexOf('/', nextSemiColon);
- if (followingSlash < 0) {
- pos = limit;
- } else {
- pos = followingSlash;
- }
- }
-
- return sb.toString();
- }
-
-
@Override
public URL getResource(String path) throws MalformedURLException {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationContextFacade.java tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationContextFacade.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationContextFacade.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationContextFacade.java 2026-01-23 19:33:36.000000000 +0000
@@ -51,8 +51,6 @@
/**
* Facade object which masks the internal ApplicationContext object from the web application.
- *
- * @author Remy Maucherat
*/
public class ApplicationContextFacade implements ServletContext {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationDispatcher.java tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationDispatcher.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationDispatcher.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationDispatcher.java 2026-01-23 19:33:36.000000000 +0000
@@ -56,8 +56,6 @@
* resource. This implementation allows application level servlets to wrap the request and/or response objects that are
* passed on to the called resource, as long as the wrapping classes extend
* jakarta.servlet.ServletRequestWrapper and jakarta.servlet.ServletResponseWrapper.
- *
- * @author Craig R. McClanahan
*/
final class ApplicationDispatcher implements AsyncDispatcher, RequestDispatcher {
@@ -364,7 +362,7 @@
} catch (IllegalStateException | IOException f) {
// Ignore
}
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore
}
}
@@ -594,11 +592,11 @@
wrapper.getLogger().error(sm.getString("applicationDispatcher.allocateException", wrapper.getName()),
StandardWrapper.getRootCause(e));
servletException = e;
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
- wrapper.getLogger().error(sm.getString("applicationDispatcher.allocateException", wrapper.getName()), e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ wrapper.getLogger().error(sm.getString("applicationDispatcher.allocateException", wrapper.getName()), t);
servletException =
- new ServletException(sm.getString("applicationDispatcher.allocateException", wrapper.getName()), e);
+ new ServletException(sm.getString("applicationDispatcher.allocateException", wrapper.getName()), t);
// servlet = null; is already done so no need to do it explicitly
}
@@ -614,9 +612,9 @@
// Servlet Service Method is called by the FilterChain
} catch (BadRequestException | CloseNowException e) {
ioException = e;
- } catch (IOException e) {
- wrapper.getLogger().error(sm.getString("applicationDispatcher.serviceException", wrapper.getName()), e);
- ioException = e;
+ } catch (IOException ioe) {
+ wrapper.getLogger().error(sm.getString("applicationDispatcher.serviceException", wrapper.getName()), ioe);
+ ioException = ioe;
} catch (UnavailableException e) {
wrapper.getLogger().error(sm.getString("applicationDispatcher.serviceException", wrapper.getName()), e);
servletException = e;
@@ -646,11 +644,11 @@
} catch (ServletException e) {
wrapper.getLogger().error(sm.getString("applicationDispatcher.deallocateException", wrapper.getName()), e);
servletException = e;
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
- wrapper.getLogger().error(sm.getString("applicationDispatcher.deallocateException", wrapper.getName()), e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ wrapper.getLogger().error(sm.getString("applicationDispatcher.deallocateException", wrapper.getName()), t);
servletException = new ServletException(
- sm.getString("applicationDispatcher.deallocateException", wrapper.getName()), e);
+ sm.getString("applicationDispatcher.deallocateException", wrapper.getName()), t);
}
// Reset the old context class loader
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationFilterChain.java tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationFilterChain.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationFilterChain.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationFilterChain.java 2026-01-23 19:33:36.000000000 +0000
@@ -40,8 +40,6 @@
* Implementation of jakarta.servlet.FilterChain used to manage the execution of a set of filters for a
* particular request. When the set of defined filters has all been executed, the next call to doFilter()
* will execute the servlet's service() method itself.
- *
- * @author Craig R. McClanahan
*/
public final class ApplicationFilterChain implements FilterChain {
@@ -165,10 +163,10 @@
}
} catch (IOException | ServletException | RuntimeException e) {
throw e;
- } catch (Throwable e) {
- e = ExceptionUtils.unwrapInvocationTargetException(e);
- ExceptionUtils.handleThrowable(e);
- throw new ServletException(sm.getString("filterChain.filter"), e);
+ } catch (Throwable t) {
+ t = ExceptionUtils.unwrapInvocationTargetException(t);
+ ExceptionUtils.handleThrowable(t);
+ throw new ServletException(sm.getString("filterChain.filter"), t);
}
return;
}
@@ -196,10 +194,10 @@
}
} catch (IOException | ServletException | RuntimeException e) {
throw e;
- } catch (Throwable e) {
- e = ExceptionUtils.unwrapInvocationTargetException(e);
- ExceptionUtils.handleThrowable(e);
- throw new ServletException(sm.getString("filterChain.servlet"), e);
+ } catch (Throwable t) {
+ t = ExceptionUtils.unwrapInvocationTargetException(t);
+ ExceptionUtils.handleThrowable(t);
+ throw new ServletException(sm.getString("filterChain.servlet"), t);
} finally {
if (dispatcherWrapsSameObject) {
lastServicedRequest.set(null);
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationFilterConfig.java tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationFilterConfig.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationFilterConfig.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationFilterConfig.java 2026-01-23 19:33:36.000000000 +0000
@@ -49,8 +49,6 @@
/**
* Implementation of a jakarta.servlet.FilterConfig useful in managing the filter instances instantiated
* when a web application is first started.
- *
- * @author Craig R. McClanahan
*/
public final class ApplicationFilterConfig implements FilterConfig, Serializable {
@@ -179,11 +177,8 @@
@Override
public String toString() {
- return "ApplicationFilterConfig[" + "name=" +
- filterDef.getFilterName() +
- ", filterClass=" +
- filterDef.getFilterClass() +
- ']';
+ return "ApplicationFilterConfig[" + "name=" + filterDef.getFilterName() + ", filterClass=" +
+ filterDef.getFilterClass() + ']';
}
// --------------------------------------------------------- Public Methods
@@ -323,8 +318,8 @@
try {
oname = new ObjectName(onameStr);
Registry.getRegistry(null).registerComponent(this, oname, null);
- } catch (Exception ex) {
- log.warn(sm.getString("applicationFilterConfig.jmxRegisterFail", getFilterClass(), getFilterName()), ex);
+ } catch (Exception e) {
+ log.warn(sm.getString("applicationFilterConfig.jmxRegisterFail", getFilterClass(), getFilterName()), e);
}
}
@@ -337,9 +332,9 @@
if (log.isDebugEnabled()) {
log.debug(sm.getString("applicationFilterConfig.jmxUnregister", getFilterClass(), getFilterName()));
}
- } catch (Exception ex) {
+ } catch (Exception e) {
log.warn(sm.getString("applicationFilterConfig.jmxUnregisterFail", getFilterClass(), getFilterName()),
- ex);
+ e);
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationFilterFactory.java tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationFilterFactory.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationFilterFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationFilterFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,9 +31,6 @@
/**
* Factory for the creation and caching of Filters and creation of Filter Chains.
- *
- * @author Greg Murray
- * @author Remy Maucherat
*/
public final class ApplicationFilterFactory {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationHttpRequest.java tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationHttpRequest.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationHttpRequest.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationHttpRequest.java 2026-01-23 19:33:36.000000000 +0000
@@ -63,9 +63,6 @@
* WARNING: Due to Java's lack of support for multiple inheritance, all of the logic in
* ApplicationRequest is duplicated in ApplicationHttpRequest. Make sure that you keep these
* two classes in synchronization when making changes!
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
class ApplicationHttpRequest extends HttpServletRequestWrapper {
@@ -550,7 +547,7 @@
if (localSession != null && !localSession.isValid()) {
localSession = null;
}
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore
}
if (localSession == null && create) {
@@ -596,7 +593,7 @@
Session session = null;
try {
session = manager.findSession(requestedSessionId);
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore
}
return (session != null) && session.isValid();
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationHttpResponse.java tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationHttpResponse.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationHttpResponse.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationHttpResponse.java 2026-01-23 19:33:36.000000000 +0000
@@ -33,8 +33,6 @@
* WARNING: Due to Java's lack of support for multiple inheritance, all of the logic in
* ApplicationResponse is duplicated in ApplicationHttpResponse. Make sure that you keep these
* two classes in synchronization when making changes!
- *
- * @author Craig R. McClanahan
*/
class ApplicationHttpResponse extends HttpServletResponseWrapper {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationPushBuilder.java tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationPushBuilder.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationPushBuilder.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationPushBuilder.java 2026-01-23 19:33:36.000000000 +0000
@@ -293,7 +293,7 @@
org.apache.coyote.Request pushTarget = new org.apache.coyote.Request();
- pushTarget.method().setString(method);
+ pushTarget.setMethod(method);
// The next three are implied by the Javadoc getPath()
pushTarget.serverName().setString(baseRequest.getServerName());
pushTarget.setServerPort(baseRequest.getServerPort());
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationRequest.java tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationRequest.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationRequest.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationRequest.java 2026-01-23 19:33:36.000000000 +0000
@@ -36,8 +36,6 @@
* WARNING: Due to Java's lack of support for multiple inheritance, all of the logic in
* ApplicationRequest is duplicated in ApplicationHttpRequest. Make sure that you keep these
* two classes in synchronization when making changes!
- *
- * @author Craig R. McClanahan
*/
class ApplicationRequest extends ServletRequestWrapper {
@@ -59,8 +57,7 @@
*/
private static final Set specialsSet = new HashSet<>(Arrays.asList(specials));
- private static final int shortestSpecialNameLength =
- specialsSet.stream().mapToInt(String::length).min().getAsInt();
+ private static final int shortestSpecialNameLength = specialsSet.stream().mapToInt(String::length).min().getAsInt();
/**
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationResponse.java tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationResponse.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/ApplicationResponse.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/ApplicationResponse.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,8 +31,6 @@
* WARNING: Due to Java's lack of support for multiple inheritance, all of the logic in
* ApplicationResponse is duplicated in ApplicationHttpResponse. Make sure that you keep these
* two classes in synchronization when making changes!
- *
- * @author Craig R. McClanahan
*/
class ApplicationResponse extends ServletResponseWrapper {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/AprLifecycleListener.java tomcat10-10.1.52/java/org/apache/catalina/core/AprLifecycleListener.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/AprLifecycleListener.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/AprLifecycleListener.java 2026-01-23 19:33:36.000000000 +0000
@@ -19,6 +19,7 @@
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.List;
+import java.util.concurrent.locks.Lock;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleEvent;
@@ -63,12 +64,17 @@
// ---------------------------------------------- Constants
- protected static final int TCN_REQUIRED_MAJOR = 1;
- protected static final int TCN_REQUIRED_MINOR = 2;
- protected static final int TCN_REQUIRED_PATCH = 34;
+ private static final int TCN_1_REQUIRED_MINOR = 3;
+ private static final int TCN_1_REQUIRED_PATCH = 4;
+ private static final int TCN_1_RECOMMENDED_MINOR = 3;
+ private static final int TCN_1_RECOMMENDED_PATCH = 4;
+
+ protected static final int TCN_REQUIRED_MAJOR = 2;
+ protected static final int TCN_REQUIRED_MINOR = 0;
+ protected static final int TCN_REQUIRED_PATCH = 12;
protected static final int TCN_RECOMMENDED_MAJOR = 2;
protected static final int TCN_RECOMMENDED_MINOR = 0;
- protected static final int TCN_RECOMMENDED_PV = 5;
+ protected static final int TCN_RECOMMENDED_PV = 12;
// ---------------------------------------------- Properties
@@ -99,25 +105,27 @@
private static final int FIPS_OFF = 0;
- protected static final Object lock = new Object();
-
- // Guarded by lock
+ // Guarded APRStatus.getStatusLock()
private static int referenceCount = 0;
private boolean instanceInitialized = false;
public static boolean isAprAvailable() {
// https://bz.apache.org/bugzilla/show_bug.cgi?id=48613
- if (AprStatus.isInstanceCreated()) {
- synchronized (lock) {
+ if (org.apache.tomcat.jni.AprStatus.isInstanceCreated()) {
+ Lock writeLock = org.apache.tomcat.jni.AprStatus.getStatusLock().writeLock();
+ writeLock.lock();
+ try {
init();
+ } finally {
+ writeLock.unlock();
}
}
- return AprStatus.isAprAvailable();
+ return org.apache.tomcat.jni.AprStatus.isAprAvailable();
}
public AprLifecycleListener() {
- AprStatus.setInstanceCreated(true);
+ org.apache.tomcat.jni.AprStatus.setInstanceCreated(true);
}
// ---------------------------------------------- LifecycleListener Methods
@@ -131,7 +139,9 @@
public void lifecycleEvent(LifecycleEvent event) {
if (Lifecycle.BEFORE_INIT_EVENT.equals(event.getType())) {
- synchronized (lock) {
+ Lock writeLock = org.apache.tomcat.jni.AprStatus.getStatusLock().writeLock();
+ writeLock.lock();
+ try {
instanceInitialized = true;
if (!(event.getLifecycle() instanceof Server)) {
log.warn(sm.getString("listener.notServer", event.getLifecycle().getClass().getSimpleName()));
@@ -145,7 +155,7 @@
log.info(msg);
}
initInfoLogMessages.clear();
- if (AprStatus.isAprAvailable()) {
+ if (org.apache.tomcat.jni.AprStatus.isAprAvailable()) {
try {
initializeSSL();
} catch (Throwable t) {
@@ -156,15 +166,18 @@
}
// Failure to initialize FIPS mode is fatal
if (!(null == FIPSMode || "off".equalsIgnoreCase(FIPSMode)) && !isFIPSModeActive()) {
- String errorMessage = sm.getString("aprListener.initializeFIPSFailed");
- Error e = new Error(errorMessage);
+ Error e = new Error(sm.getString("aprListener.initializeFIPSFailed"));
// Log here, because thrown error might be not logged
- log.fatal(errorMessage, e);
+ log.fatal(e.getMessage(), e);
throw e;
}
+ } finally {
+ writeLock.unlock();
}
} else if (Lifecycle.AFTER_DESTROY_EVENT.equals(event.getType())) {
- synchronized (lock) {
+ Lock writeLock = org.apache.tomcat.jni.AprStatus.getStatusLock().writeLock();
+ writeLock.lock();
+ try {
// Instance may get destroyed without ever being initialized
if (instanceInitialized) {
referenceCount--;
@@ -173,7 +186,7 @@
// Still being used
return;
}
- if (!AprStatus.isAprAvailable()) {
+ if (!org.apache.tomcat.jni.AprStatus.isAprAvailable()) {
return;
}
try {
@@ -181,16 +194,18 @@
} catch (Throwable t) {
Throwable throwable = ExceptionUtils.unwrapInvocationTargetException(t);
ExceptionUtils.handleThrowable(throwable);
- log.info(sm.getString("aprListener.aprDestroy"));
+ log.warn(sm.getString("aprListener.aprDestroy"), throwable);
}
+ } finally {
+ writeLock.unlock();
}
}
}
private static void terminateAPR() {
- AprStatus.setAprInitialized(false);
- AprStatus.setAprAvailable(false);
+ org.apache.tomcat.jni.AprStatus.setAprInitialized(false);
+ org.apache.tomcat.jni.AprStatus.setAprAvailable(false);
fipsModeActive = false;
sslInitialized = false; // terminate() will clean the pool
// There could be unreferenced SSL_CTX still waiting for GC
@@ -199,13 +214,10 @@
}
private static void init() {
- int rqver = TCN_REQUIRED_MAJOR * 1000 + TCN_REQUIRED_MINOR * 100 + TCN_REQUIRED_PATCH;
- int rcver = TCN_RECOMMENDED_MAJOR * 1000 + TCN_RECOMMENDED_MINOR * 100 + TCN_RECOMMENDED_PV;
-
- if (AprStatus.isAprInitialized()) {
+ if (org.apache.tomcat.jni.AprStatus.isAprInitialized()) {
return;
}
- AprStatus.setAprInitialized(true);
+ org.apache.tomcat.jni.AprStatus.setAprInitialized(true);
try {
Library.initialize(null);
@@ -239,9 +251,34 @@
}
return;
}
+
+ /*
+ * With parallel development of 1.x and 2.x there are now minimum and recommended versions for both branches.
+ *
+ * The minimum required version is increased when the Tomcat Native API is changed (typically extended) to
+ * include functionality that Tomcat expects to always be present.
+ *
+ * The minimum recommended version is increased when there is a change in Tomcat Native that while not required
+ * is recommended (such as bug fixes).
+ */
+ int rqver;
+ int rcver;
+ if (tcnMajor == 1) {
+ rqver = 1000 + TCN_1_REQUIRED_MINOR * 100 + TCN_1_REQUIRED_PATCH;
+ rcver = 1000 + TCN_1_RECOMMENDED_MINOR * 100 + TCN_1_RECOMMENDED_PATCH;
+ } else {
+ rqver = TCN_REQUIRED_MAJOR * 1000 + TCN_REQUIRED_MINOR * 100 + TCN_REQUIRED_PATCH;
+ rcver = TCN_RECOMMENDED_MAJOR * 1000 + TCN_RECOMMENDED_MINOR * 100 + TCN_RECOMMENDED_PV;
+ }
+
if (tcnVersion < rqver) {
- log.error(sm.getString("aprListener.tcnInvalid", Library.versionString(),
- TCN_REQUIRED_MAJOR + "." + TCN_REQUIRED_MINOR + "." + TCN_REQUIRED_PATCH));
+ if (tcnMajor == 1) {
+ log.error(sm.getString("aprListener.tcnInvalid.1", Library.versionString(),
+ "1." + TCN_1_REQUIRED_MINOR + "." + TCN_1_REQUIRED_PATCH));
+ } else {
+ log.error(sm.getString("aprListener.tcnInvalid", Library.versionString(),
+ TCN_REQUIRED_MAJOR + "." + TCN_REQUIRED_MINOR + "." + TCN_REQUIRED_PATCH));
+ }
try {
// Terminate the APR in case the version
// is below required.
@@ -253,14 +290,19 @@
return;
}
if (tcnVersion < rcver) {
- initInfoLogMessages.add(sm.getString("aprListener.tcnVersion", Library.versionString(),
- TCN_RECOMMENDED_MAJOR + "." + TCN_RECOMMENDED_MINOR + "." + TCN_RECOMMENDED_PV));
+ if (tcnMajor == 1) {
+ initInfoLogMessages.add(sm.getString("aprListener.tcnVersion.1", Library.versionString(),
+ "1." + TCN_1_RECOMMENDED_MINOR + "." + TCN_1_RECOMMENDED_PATCH));
+ } else {
+ initInfoLogMessages.add(sm.getString("aprListener.tcnVersion", Library.versionString(),
+ TCN_RECOMMENDED_MAJOR + "." + TCN_RECOMMENDED_MINOR + "." + TCN_RECOMMENDED_PV));
+ }
}
initInfoLogMessages
.add(sm.getString("aprListener.tcnValid", Library.versionString(), Library.aprVersionString()));
- AprStatus.setAprAvailable(true);
+ org.apache.tomcat.jni.AprStatus.setAprAvailable(true);
}
private static void initializeSSL() throws Exception {
@@ -290,7 +332,7 @@
method = clazz.getMethod(methodName, paramTypes);
method.invoke(null, paramValues);
- AprStatus.setOpenSSLVersion(SSL.version());
+ org.apache.tomcat.jni.AprStatus.setOpenSSLVersion(SSL.version());
// OpenSSL 3 onwards uses providers
boolean usingProviders = tcnMajor > 1 || (tcnVersion > 1233 && (SSL.version() & 0xF0000000L) > 0x20000000);
@@ -430,17 +472,17 @@
}
public void setUseOpenSSL(boolean useOpenSSL) {
- if (useOpenSSL != AprStatus.getUseOpenSSL()) {
- AprStatus.setUseOpenSSL(useOpenSSL);
+ if (useOpenSSL != org.apache.tomcat.jni.AprStatus.getUseOpenSSL()) {
+ org.apache.tomcat.jni.AprStatus.setUseOpenSSL(useOpenSSL);
}
}
public static boolean getUseOpenSSL() {
- return AprStatus.getUseOpenSSL();
+ return org.apache.tomcat.jni.AprStatus.getUseOpenSSL();
}
public static boolean isInstanceCreated() {
- return AprStatus.isInstanceCreated();
+ return org.apache.tomcat.jni.AprStatus.isInstanceCreated();
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/AprStatus.java tomcat10-10.1.52/java/org/apache/catalina/core/AprStatus.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/AprStatus.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/AprStatus.java 2026-01-23 19:33:36.000000000 +0000
@@ -18,58 +18,56 @@
/**
* Holds APR status without the need to load other classes.
+ *
+ * @deprecated Unused. Use {@link org.apache.tomcat.jni.AprStatus} instead. This class will be removed in Tomcat 12
+ * onwards.
*/
+@Deprecated
public class AprStatus {
- private static volatile boolean aprInitialized = false;
- private static volatile boolean aprAvailable = false;
- private static volatile boolean useOpenSSL = true;
- private static volatile boolean instanceCreated = false;
- private static volatile int openSSLVersion = 0;
public static boolean isAprInitialized() {
- return aprInitialized;
+ return org.apache.tomcat.jni.AprStatus.isAprInitialized();
}
public static boolean isAprAvailable() {
- return aprAvailable;
+ return org.apache.tomcat.jni.AprStatus.isAprAvailable();
}
public static boolean getUseOpenSSL() {
- return useOpenSSL;
+ return org.apache.tomcat.jni.AprStatus.getUseOpenSSL();
}
public static boolean isInstanceCreated() {
- return instanceCreated;
+ return org.apache.tomcat.jni.AprStatus.isInstanceCreated();
}
public static void setAprInitialized(boolean aprInitialized) {
- AprStatus.aprInitialized = aprInitialized;
+ org.apache.tomcat.jni.AprStatus.setAprInitialized(aprInitialized);
}
public static void setAprAvailable(boolean aprAvailable) {
- AprStatus.aprAvailable = aprAvailable;
+ org.apache.tomcat.jni.AprStatus.setAprAvailable(aprAvailable);
}
public static void setUseOpenSSL(boolean useOpenSSL) {
- AprStatus.useOpenSSL = useOpenSSL;
+ org.apache.tomcat.jni.AprStatus.setUseOpenSSL(useOpenSSL);
}
public static void setInstanceCreated(boolean instanceCreated) {
- AprStatus.instanceCreated = instanceCreated;
+ org.apache.tomcat.jni.AprStatus.setInstanceCreated(instanceCreated);
}
/**
* @return the openSSLVersion
*/
public static int getOpenSSLVersion() {
- return openSSLVersion;
+ return org.apache.tomcat.jni.AprStatus.getOpenSSLVersion();
}
/**
* @param openSSLVersion the openSSLVersion to set
*/
public static void setOpenSSLVersion(int openSSLVersion) {
- AprStatus.openSSLVersion = openSSLVersion;
+ org.apache.tomcat.jni.AprStatus.setOpenSSLVersion(openSSLVersion);
}
-
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/ContainerBase.java tomcat10-10.1.52/java/org/apache/catalina/core/ContainerBase.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/ContainerBase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/ContainerBase.java 2026-01-23 19:33:36.000000000 +0000
@@ -118,8 +118,6 @@
*
*
* Subclasses that fire additional events should document them in the class comments of the implementation class.
- *
- * @author Craig R. McClanahan
*/
public abstract class ContainerBase extends LifecycleMBeanBase implements Container {
@@ -754,12 +752,12 @@
for (Future result : results) {
try {
result.get();
- } catch (Throwable e) {
- log.error(sm.getString("containerBase.threadedStartFailed"), e);
+ } catch (Throwable t) {
+ log.error(sm.getString("containerBase.threadedStartFailed"), t);
if (multiThrowable == null) {
multiThrowable = new MultiThrowable();
}
- multiThrowable.add(e);
+ multiThrowable.add(t);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/DefaultInstanceManager.java tomcat10-10.1.52/java/org/apache/catalina/core/DefaultInstanceManager.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/DefaultInstanceManager.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/DefaultInstanceManager.java 2026-01-23 19:33:36.000000000 +0000
@@ -189,8 +189,7 @@
}
/**
- * Call postConstruct method on the specified instance recursively from the deepest superclass
- * to actual class.
+ * Call postConstruct method on the specified instance recursively from the deepest superclass to actual class.
*
* @param instance object to call postconstruct methods on
* @param clazz (super) class to examine for postConstruct annotation.
@@ -227,8 +226,7 @@
/**
- * Call preDestroy method on the specified instance recursively from the deepest superclass
- * to actual class.
+ * Call preDestroy method on the specified instance recursively from the deepest superclass to actual class.
*
* @param instance object to call preDestroy methods on
* @param clazz (super) class to examine for preDestroy annotation.
@@ -330,13 +328,11 @@
} else if (JPA_PRESENT && (persistenceContextAnnotation =
method.getAnnotation(PersistenceContext.class)) != null) {
annotations.add(new AnnotationCacheEntry(method.getName(), method.getParameterTypes(),
- persistenceContextAnnotation.name(),
- AnnotationCacheEntryType.SETTER));
+ persistenceContextAnnotation.name(), AnnotationCacheEntryType.SETTER));
} else if (JPA_PRESENT &&
(persistenceUnitAnnotation = method.getAnnotation(PersistenceUnit.class)) != null) {
annotations.add(new AnnotationCacheEntry(method.getName(), method.getParameterTypes(),
- persistenceUnitAnnotation.name(),
- AnnotationCacheEntryType.SETTER));
+ persistenceUnitAnnotation.name(), AnnotationCacheEntryType.SETTER));
}
}
@@ -383,17 +379,15 @@
AnnotationCacheEntryType.FIELD));
} else if (WS_PRESENT &&
(webServiceRefAnnotation = field.getAnnotation(WebServiceRef.class)) != null) {
- annotations.add(new AnnotationCacheEntry(fieldName, null,
- webServiceRefAnnotation.name(), AnnotationCacheEntryType.FIELD));
+ annotations.add(new AnnotationCacheEntry(fieldName, null, webServiceRefAnnotation.name(),
+ AnnotationCacheEntryType.FIELD));
} else if (JPA_PRESENT && (persistenceContextAnnotation =
field.getAnnotation(PersistenceContext.class)) != null) {
annotations.add(new AnnotationCacheEntry(fieldName, null,
- persistenceContextAnnotation.name(),
- AnnotationCacheEntryType.FIELD));
+ persistenceContextAnnotation.name(), AnnotationCacheEntryType.FIELD));
} else if (JPA_PRESENT &&
(persistenceUnitAnnotation = field.getAnnotation(PersistenceUnit.class)) != null) {
- annotations.add(new AnnotationCacheEntry(fieldName, null,
- persistenceUnitAnnotation.name(),
+ annotations.add(new AnnotationCacheEntry(fieldName, null, persistenceUnitAnnotation.name(),
AnnotationCacheEntryType.FIELD));
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java tomcat10-10.1.52/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java 2026-01-23 19:33:36.000000000 +0000
@@ -78,9 +78,9 @@
}
/**
- * The first access to {@link DriverManager} will trigger the loading of all {@link java.sql.Driver}s in the
- * current class loader. The web application level memory leak protection can take care of this in most cases but
- * triggering the loading here has fewer side effects.
+ * The first access to {@link DriverManager} will trigger the loading of all {@link java.sql.Driver}s in the current
+ * class loader. The web application level memory leak protection can take care of this in most cases but triggering
+ * the loading here has fewer side effects.
*/
private boolean driverManagerProtection = true;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/LocalStrings.properties tomcat10-10.1.52/java/org/apache/catalina/core/LocalStrings.properties
--- tomcat10-10.1.40/java/org/apache/catalina/core/LocalStrings.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/LocalStrings.properties 2026-01-23 19:33:36.000000000 +0000
@@ -90,9 +90,11 @@
aprListener.skipFIPSInitialization=Already in FIPS mode; skipping FIPS initialization.
aprListener.sslInit=Failed to initialize the SSLEngine.
aprListener.sslRequired=[{0}] is not a valid value for SSLEngine when using version [{1}] of the Tomcat Native library since SSL is required for version 2.x onwards.
-aprListener.tcnInvalid=An incompatible version [{0}] of the Apache Tomcat Native library is installed, while Tomcat requires version [{1}]
+aprListener.tcnInvalid=An incompatible version [{0}] of the Apache Tomcat Native library is installed, while Tomcat requires at least version [{1}]
+aprListener.tcnInvalid.1=An incompatible version [{0}] of the Apache Tomcat Native library is installed, while Tomcat requires at least version [{1}] of Tomcat Native 1.x
aprListener.tcnValid=Loaded Apache Tomcat Native library [{0}] using APR version [{1}].
aprListener.tcnVersion=An older version [{0}] of the Apache Tomcat Native library is installed, while Tomcat recommends a minimum version of [{1}]
+aprListener.tcnVersion.1=An older version [{0}] of the Apache Tomcat Native library is installed, while Tomcat recommends a minimum version of [{1}] of Tomcat Native 1.x
aprListener.tooLateForFIPSMode=Cannot setFIPSMode: SSL has already been initialized
aprListener.tooLateForSSLEngine=Cannot setSSLEngine: SSL has already been initialized
aprListener.tooLateForSSLRandomSeed=Cannot setSSLRandomSeed: SSL has already been initialized
@@ -276,7 +278,9 @@
standardHost.notContext=Child of a Host must be a Context
standardHost.nullName=Host name is required
standardHost.problematicAppBase=Using an empty string for appBase on host [{0}] will set it to CATALINA_BASE, which is a bad idea
+standardHost.problematicAppBaseParent=appBase on host [{0}] is a parent folder of CATALINA_BASE, which is a bad idea
standardHost.problematicLegacyAppBase=Using an empty string for legacyAppBase on host [{0}] will set it to CATALINA_BASE, which is a bad idea
+standardHost.problematicLegacyAppBaseParent=legacyAppBase on host [{0}] is a parent folder of CATALINA_BASE, which is a bad idea
standardHostValve.customStatusFailed=Custom error page [{0}] could not be dispatched correctly
standardHostValve.exception=Exception Processing [{0}]
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/LocalStrings_ja.properties tomcat10-10.1.52/java/org/apache/catalina/core/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/org/apache/catalina/core/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -276,7 +276,9 @@
standardHost.notContext=Host の子供はContextでなければいけません
standardHost.nullName=ホスト名が必要です
standardHost.problematicAppBase=ホスト [{0}] のappBaseに空の文字列を使用すると、CATALINA_BASEに設定されますが、これは悪い考えです
+standardHost.problematicAppBaseParent=Host [{0}] の appBase は CATALINA_BASE の親フォルダですが、これは適切ではありません
standardHost.problematicLegacyAppBase=ホスト [{0}] のlegacyAppBaseに空の文字列を使用すると、CATALINA_BASEに設定されます。これは悪い考えです
+standardHost.problematicLegacyAppBaseParent=Host [{0}] の legacyAppBase は CATALINA_BASE の親フォルダですが、これは適切ではありません
standardHostValve.customStatusFailed=カスタムエラーページ [{0}] を正しくディスパッチできませんでした
standardHostValve.exception=例外処理 [{0}]
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/LocalStrings_ru.properties tomcat10-10.1.52/java/org/apache/catalina/core/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/org/apache/catalina/core/LocalStrings_ru.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -28,17 +28,22 @@
applicationHttpRequest.sessionEndAccessFail=Исключение вызвало прекращение доступа к сессии при очистке запроса
aprListener.initializingFIPS=Инициализируется режим FIPS...
+aprListener.tcnVersion=Была обнаружена более старая версия [{0}] библиотеки Apache Tomcat Native, в то время как Tomcat рекомендует использовать как минимум версию [{1}]
filterChain.filter=При выполнении фильтра выброшено исключение
+naming.addEnvEntry=Добавляется переменная окружения [{0}]
naming.unbindFailed=Ошибка при отвязывании объекта: [{0}]
naming.wsdlFailed=wsdl файл не найден: [{0}]
standardContext.filterStart=Ошибка при старте фильтра [{0}]
standardContext.invalidWrapperClass=[{0}] не является подклассом StandardWrapper
+standardContext.managerFail=Невозможно запустить менеджер сессий
+standardContext.notStarted=Контекст с именем [{0}] ещё небыл запущен
standardContext.parameter.duplicate=Дублированный параметр инициализации контекста [{0}]
standardContext.predestroy.duplicate=Дублированное определение метода @PreDestroy для класса [{0}]
standardContext.securityConstraint.mixHttpMethod=Запрещено смешивать и в одной и той же коллекции веб-ресурсов
+standardContext.securityConstraint.pattern=Некорректный [{0}] в ограничении безопасности
standardContext.startingContext=Ошибка запуска контекста с именем [{0}]
standardWrapper.allocate=Ошибка при выделении экземпляра сервлета
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/NamingContextListener.java tomcat10-10.1.52/java/org/apache/catalina/core/NamingContextListener.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/NamingContextListener.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/NamingContextListener.java 2026-01-23 19:33:36.000000000 +0000
@@ -76,8 +76,6 @@
/**
* Helper class used to initialize and populate the JNDI context associated with each context and server.
- *
- * @author Remy Maucherat
*/
public class NamingContextListener implements LifecycleListener, PropertyChangeListener {
@@ -235,7 +233,7 @@
try {
createNamingContext();
} catch (NamingException e) {
- log.error(sm.getString("naming.namingContextCreationFailed", e));
+ log.error(sm.getString("naming.namingContextCreationFailed", container), e);
}
namingResources.addPropertyChangeListener(this);
@@ -248,7 +246,7 @@
ContextBindings.bindClassLoader(container, token,
((Context) container).getLoader().getClassLoader());
} catch (NamingException e) {
- log.error(sm.getString("naming.bindFailed", e));
+ log.error(sm.getString("naming.bindFailed", container), e);
}
}
@@ -257,7 +255,7 @@
try {
ContextBindings.bindClassLoader(container, token, this.getClass().getClassLoader());
} catch (NamingException e) {
- log.error(sm.getString("naming.bindFailed", e));
+ log.error(sm.getString("naming.bindFailed", container), e);
}
if (container instanceof StandardServer) {
((StandardServer) container).setGlobalNamingContext(namingContext);
@@ -491,6 +489,13 @@
} else {
compCtx = namingContext.createSubcontext("comp");
envCtx = compCtx.createSubcontext("env");
+ /*
+ * Jakarta Platform Specification, 5.2.2: Application Component Environment Namespaces
+ *
+ * "java:module" and "java:comp" refer to the same namespace in a web module (i.e. a web application).
+ * Implement this by binding the "comp" sub-context we just created to the "module" name as well.
+ */
+ namingContext.bind("module", compCtx);
}
int i;
@@ -565,7 +570,7 @@
// Ignore because UserTransaction was obviously
// added via ResourceLink
} catch (NamingException e) {
- log.error(sm.getString("naming.bindFailed", e));
+ log.error(sm.getString("naming.bindFailed", "UserTransaction"), e);
}
}
@@ -574,7 +579,7 @@
try {
compCtx.bind("Resources", ((Context) container).getResources());
} catch (NamingException e) {
- log.error(sm.getString("naming.bindFailed", e));
+ log.error(sm.getString("naming.bindFailed", "Resources"), e);
}
}
@@ -648,7 +653,7 @@
createSubcontexts(envCtx, ejb.getName());
envCtx.bind(ejb.getName(), ref);
} catch (NamingException e) {
- log.error(sm.getString("naming.bindFailed", e));
+ log.error(sm.getString("naming.bindFailed", ejb.getName()), e);
}
}
@@ -748,7 +753,7 @@
createSubcontexts(envCtx, env.getName());
envCtx.bind(env.getName(), value);
} catch (NamingException e) {
- log.error(sm.getString("naming.invalidEnvEntryValue", e));
+ log.error(sm.getString("naming.invalidEnvEntryValue", env.getName()), e);
}
}
}
@@ -839,7 +844,7 @@
log.debug(sm.getString("naming.addSlash", service.getWsdlfile()));
}
} catch (MalformedURLException e) {
- log.error(sm.getString("naming.wsdlFailed", e));
+ log.error(sm.getString("naming.wsdlFailed", service.getWsdlfile()), e);
}
}
if (wsdlURL == null) {
@@ -874,7 +879,7 @@
log.debug(sm.getString("naming.addSlash", service.getJaxrpcmappingfile()));
}
} catch (MalformedURLException e) {
- log.error(sm.getString("naming.wsdlFailed", e));
+ log.error(sm.getString("naming.wsdlFailed", service.getJaxrpcmappingfile()), e);
}
}
if (jaxrpcURL == null) {
@@ -935,7 +940,7 @@
createSubcontexts(envCtx, service.getName());
envCtx.bind(service.getName(), ref);
} catch (NamingException e) {
- log.error(sm.getString("naming.bindFailed", e));
+ log.error(sm.getString("naming.bindFailed", service.getName()), e);
}
}
@@ -970,7 +975,7 @@
createSubcontexts(envCtx, resource.getName());
envCtx.bind(resource.getName(), ref);
} catch (NamingException e) {
- log.error(sm.getString("naming.bindFailed", e));
+ log.error(sm.getString("naming.bindFailed", resource.getName()), e);
}
if (("javax.sql.DataSource".equals(ref.getClassName()) ||
@@ -982,7 +987,7 @@
Registry.getRegistry(null).registerComponent(actualResource, on, null);
objectNames.put(resource.getName(), on);
} catch (Exception e) {
- log.warn(sm.getString("naming.jmxRegistrationFailed", e));
+ log.warn(sm.getString("naming.jmxRegistrationFailed", resource.getName()), e);
}
// Bug 63210. DBCP2 DataSources require an explicit close. This goes
// further and cleans up and AutoCloseable DataSource by default.
@@ -1022,7 +1027,7 @@
createSubcontexts(envCtx, resourceEnvRef.getName());
envCtx.bind(resourceEnvRef.getName(), ref);
} catch (NamingException e) {
- log.error(sm.getString("naming.bindFailed", e));
+ log.error(sm.getString("naming.bindFailed", resourceEnvRef.getName()), e);
}
}
@@ -1054,7 +1059,7 @@
createSubcontexts(envCtx, resourceLink.getName());
ctx.bind(resourceLink.getName(), ref);
} catch (NamingException e) {
- log.error(sm.getString("naming.bindFailed", e));
+ log.error(sm.getString("naming.bindFailed", resourceLink.getName()), e);
}
ResourceLinkFactory.registerGlobalResourceAccess(getGlobalNamingContext(), resourceLink.getName(),
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/OpenSSLLifecycleListener.java tomcat10-10.1.52/java/org/apache/catalina/core/OpenSSLLifecycleListener.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/OpenSSLLifecycleListener.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/OpenSSLLifecycleListener.java 2026-01-23 19:33:36.000000000 +0000
@@ -125,7 +125,7 @@
} catch (Throwable t) {
Throwable throwable = ExceptionUtils.unwrapInvocationTargetException(t);
ExceptionUtils.handleThrowable(throwable);
- log.info(sm.getString("openssllistener.destroy"));
+ log.warn(sm.getString("openssllistener.destroy"), throwable);
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/PropertiesRoleMappingListener.java tomcat10-10.1.52/java/org/apache/catalina/core/PropertiesRoleMappingListener.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/PropertiesRoleMappingListener.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/PropertiesRoleMappingListener.java 2026-01-23 19:33:36.000000000 +0000
@@ -111,9 +111,9 @@
Context context = (Context) event.getLifecycle();
try (Resource resource = context.findConfigFileResource(roleMappingFile)) {
props.load(resource.getInputStream());
- } catch (IOException e) {
+ } catch (IOException ioe) {
throw new IllegalStateException(
- sm.getString("propertiesRoleMappingListener.roleMappingFileFail", roleMappingFile), e);
+ sm.getString("propertiesRoleMappingListener.roleMappingFileFail", roleMappingFile), ioe);
}
int linkCount = 0;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/StandardContext.java tomcat10-10.1.52/java/org/apache/catalina/core/StandardContext.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/StandardContext.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/StandardContext.java 2026-01-23 19:33:36.000000000 +0000
@@ -42,6 +42,7 @@
import java.util.Set;
import java.util.TreeMap;
import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.locks.Lock;
@@ -141,9 +142,6 @@
/**
* Standard implementation of the Context interface. Each child container must be a Wrapper implementation to
* process the requests directed to a particular servlet.
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
public class StandardContext extends ContainerBase implements Context, NotificationEmitter {
@@ -423,7 +421,7 @@
/**
* The MIME mappings for this web application, keyed by extension.
*/
- private final Map mimeMappings = new HashMap<>();
+ private final ConcurrentMap mimeMappings = new ConcurrentHashMap<>();
/**
@@ -2454,8 +2452,8 @@
if (!workDir.isAbsolute()) {
try {
workDir = new File(getCatalinaBase().getCanonicalFile(), getWorkDir());
- } catch (IOException e) {
- log.warn(sm.getString("standardContext.workPath", getName()), e);
+ } catch (IOException ioe) {
+ log.warn(sm.getString("standardContext.workPath", getName()), ioe);
}
}
return workDir.getAbsolutePath();
@@ -2827,12 +2825,8 @@
@Override
public void addMimeMapping(String extension, String mimeType) {
-
- synchronized (mimeMappings) {
- mimeMappings.put(extension.toLowerCase(Locale.ENGLISH), mimeType);
- }
+ mimeMappings.put(extension.toLowerCase(Locale.ENGLISH), mimeType);
fireContainerEvent("addMimeMapping", extension);
-
}
@@ -3106,9 +3100,7 @@
@Override
public String[] findMimeMappings() {
- synchronized (mimeMappings) {
- return mimeMappings.keySet().toArray(new String[0]);
- }
+ return mimeMappings.keySet().toArray(new String[0]);
}
@@ -3403,12 +3395,8 @@
@Override
public void removeMimeMapping(String extension) {
-
- synchronized (mimeMappings) {
- mimeMappings.remove(extension);
- }
+ mimeMappings.remove(extension);
fireContainerEvent("removeMimeMapping", extension);
-
}
@@ -4108,7 +4096,7 @@
Throwable throwable = ExceptionUtils.unwrapInvocationTargetException(t);
ExceptionUtils.handleThrowable(throwable);
getLogger().error(sm.getString("standardContext.listenerStop", listeners[j].getClass().getName()),
- throwable);
+ throwable);
ok = false;
}
}
@@ -4130,7 +4118,7 @@
Throwable throwable = ExceptionUtils.unwrapInvocationTargetException(t);
ExceptionUtils.handleThrowable(throwable);
getLogger().error(sm.getString("standardContext.listenerStop", listeners[j].getClass().getName()),
- throwable);
+ throwable);
ok = false;
}
}
@@ -4403,8 +4391,8 @@
if ((getCluster() != null) && distributable) {
try {
contextManager = getCluster().createManager(getName());
- } catch (Exception ex) {
- log.error(sm.getString("standardContext.cluster.managerError"), ex);
+ } catch (Exception e) {
+ log.error(sm.getString("standardContext.cluster.managerError"), e);
ok = false;
}
} else {
@@ -4763,8 +4751,8 @@
// This object will no longer be visible or used.
try {
resetContext();
- } catch (Exception ex) {
- log.error(sm.getString("standardContext.resetContextFail", getName()), ex);
+ } catch (Exception e) {
+ log.error(sm.getString("standardContext.resetContextFail", getName()), e);
}
// reset the instance manager
@@ -5012,9 +5000,8 @@
if (isUseNaming()) {
try {
ContextBindings.bindThread(this, getNamingToken());
- } catch (NamingException e) {
- // Silent catch, as this is a normal case during the early
- // startup stages
+ } catch (NamingException ignore) {
+ // Silent catch, as this is a normal case during the early startup stages
}
}
@@ -5349,8 +5336,9 @@
try {
catalinaHomePath = getCatalinaBase().getCanonicalPath();
dir = new File(catalinaHomePath, workDir);
- } catch (IOException e) {
- log.warn(sm.getString("standardContext.workCreateException", workDir, getCatalinaBase(), getName()), e);
+ } catch (IOException ioe) {
+ log.warn(sm.getString("standardContext.workCreateException", workDir, getCatalinaBase(), getName()),
+ ioe);
}
}
if (!dir.mkdirs() && !dir.isDirectory()) {
@@ -5435,11 +5423,8 @@
@Override
protected String getObjectNameKeyProperties() {
- return "j2eeType=WebModule," + getObjectKeyPropertiesNameOnly() +
- ",J2EEApplication=" +
- getJ2EEApplication() +
- ",J2EEServer=" +
- getJ2EEServer();
+ return "j2eeType=WebModule," + getObjectKeyPropertiesNameOnly() + ",J2EEApplication=" + getJ2EEApplication() +
+ ",J2EEServer=" + getJ2EEServer();
}
private String getObjectKeyPropertiesNameOnly() {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/StandardContextValve.java tomcat10-10.1.52/java/org/apache/catalina/core/StandardContextValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/StandardContextValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/StandardContextValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -34,8 +34,6 @@
* Valve that implements the default basic behavior for the StandardContext container implementation.
*
* USAGE CONSTRAINT: This implementation is likely to be useful only when processing HTTP requests.
- *
- * @author Craig R. McClanahan
*/
final class StandardContextValve extends ValveBase {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/StandardEngine.java tomcat10-10.1.52/java/org/apache/catalina/core/StandardEngine.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/StandardEngine.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/StandardEngine.java 2026-01-23 19:33:36.000000000 +0000
@@ -45,8 +45,6 @@
/**
* Standard implementation of the Engine interface. Each child container must be a Host implementation to process
* the specific fully qualified host name of that virtual host.
- *
- * @author Craig R. McClanahan
*/
public class StandardEngine extends ContainerBase implements Engine {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/StandardEngineValve.java tomcat10-10.1.52/java/org/apache/catalina/core/StandardEngineValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/StandardEngineValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/StandardEngineValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -29,8 +29,6 @@
* Valve that implements the default basic behavior for the StandardEngine container implementation.
*
* USAGE CONSTRAINT: This implementation is likely to be useful only when processing HTTP requests.
- *
- * @author Craig R. McClanahan
*/
final class StandardEngineValve extends ValveBase {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/StandardHost.java tomcat10-10.1.52/java/org/apache/catalina/core/StandardHost.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/StandardHost.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/StandardHost.java 2026-01-23 19:33:36.000000000 +0000
@@ -18,6 +18,7 @@
import java.io.File;
import java.io.IOException;
+import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@@ -49,9 +50,6 @@
/**
* Standard implementation of the Host interface. Each child container must be a Context implementation to
* process the requests directed to a particular web application.
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
public class StandardHost extends ContainerBase implements Host {
@@ -232,6 +230,12 @@
// Ignore
}
+ Path appBasePath = file.toPath();
+ Path basePath = getCatalinaBase().toPath();
+ if (basePath.startsWith(appBasePath)) {
+ log.warn(sm.getString("standardHost.problematicAppBaseParent", getName()));
+ }
+
this.appBaseFile = file;
return file;
}
@@ -275,6 +279,12 @@
// Ignore
}
+ Path appBasePath = file.toPath();
+ Path basePath = getCatalinaBase().toPath();
+ if (basePath.startsWith(appBasePath)) {
+ log.warn(sm.getString("standardHost.problematicLegacyAppBaseParent", getName()));
+ }
+
this.legacyAppBaseFile = file;
return file;
}
@@ -331,7 +341,8 @@
}
try {
file = file.getCanonicalFile();
- } catch (IOException e) {// ignore
+ } catch (IOException ignore) {
+ // Ignore
}
this.hostConfigBase = file;
return file;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/StandardHostValve.java tomcat10-10.1.52/java/org/apache/catalina/core/StandardHostValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/StandardHostValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/StandardHostValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -44,9 +44,6 @@
* Valve that implements the default basic behavior for the StandardHost container implementation.
*
* USAGE CONSTRAINT: This implementation is likely to be useful only when processing HTTP requests.
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
final class StandardHostValve extends ValveBase {
@@ -212,8 +209,8 @@
response.finishResponse();
} catch (ClientAbortException e) {
// Ignore
- } catch (IOException e) {
- container.getLogger().warn(sm.getString("standardHostValve.exception", errorPage), e);
+ } catch (IOException ioe) {
+ container.getLogger().warn(sm.getString("standardHostValve.exception", errorPage), ioe);
}
}
}
@@ -266,8 +263,8 @@
if (custom(request, response, errorPage)) {
try {
response.finishResponse();
- } catch (IOException e) {
- container.getLogger().warn(sm.getString("standardHostValve.exception", errorPage), e);
+ } catch (IOException ioe) {
+ container.getLogger().warn(sm.getString("standardHostValve.exception", errorPage), ioe);
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/StandardPipeline.java tomcat10-10.1.52/java/org/apache/catalina/core/StandardPipeline.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/StandardPipeline.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/StandardPipeline.java 2026-01-23 19:33:36.000000000 +0000
@@ -43,8 +43,6 @@
* This implementation assumes that no calls to addValve() or removeValve are allowed while a
* request is currently being processed. Otherwise, the mechanism by which per-thread state is maintained will need to
* be modified.
- *
- * @author Craig R. McClanahan
*/
public class StandardPipeline extends LifecycleBase implements Pipeline {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/StandardServer.java tomcat10-10.1.52/java/org/apache/catalina/core/StandardServer.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/StandardServer.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/StandardServer.java 2026-01-23 19:33:36.000000000 +0000
@@ -62,8 +62,6 @@
/**
* Standard implementation of the Server interface, available for use (but not required) when deploying and
* starting Catalina.
- *
- * @author Craig R. McClanahan
*/
public final class StandardServer extends LifecycleMBeanBase implements Server {
@@ -491,14 +489,14 @@
awaitSocket = null;
try {
s.close();
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignored
}
}
t.interrupt();
try {
t.join(1000);
- } catch (InterruptedException e) {
+ } catch (InterruptedException ignore) {
// Ignored
}
}
@@ -531,9 +529,9 @@
// Set up a server socket to wait on
try {
awaitSocket = new ServerSocket(getPortWithOffset(), 1, InetAddress.getByName(address));
- } catch (IOException e) {
+ } catch (IOException ioe) {
log.error(sm.getString("standardServer.awaitSocket.fail", address, String.valueOf(getPortWithOffset()),
- String.valueOf(getPort()), String.valueOf(getPortOffset())), e);
+ String.valueOf(getPort()), String.valueOf(getPortOffset())), ioe);
return;
}
@@ -566,12 +564,12 @@
} catch (AccessControlException ace) {
log.warn(sm.getString("standardServer.accept.security"), ace);
continue;
- } catch (IOException e) {
+ } catch (IOException ioe) {
if (stopAwait) {
// Wait was aborted with socket.close()
break;
}
- log.error(sm.getString("standardServer.accept.error"), e);
+ log.error(sm.getString("standardServer.accept.error"), ioe);
break;
}
@@ -587,8 +585,8 @@
int ch;
try {
ch = stream.read();
- } catch (IOException e) {
- log.warn(sm.getString("standardServer.accept.readError"), e);
+ } catch (IOException ioe) {
+ log.warn(sm.getString("standardServer.accept.readError"), ioe);
ch = -1;
}
// Control character or EOF (-1) terminates loop
@@ -604,7 +602,7 @@
if (socket != null) {
socket.close();
}
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore
}
}
@@ -627,7 +625,7 @@
if (serverSocket != null) {
try {
serverSocket.close();
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/StandardService.java tomcat10-10.1.52/java/org/apache/catalina/core/StandardService.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/StandardService.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/StandardService.java 2026-01-23 19:33:36.000000000 +0000
@@ -46,8 +46,6 @@
/**
* Standard implementation of the Service interface. The associated Container is generally an instance of
* Engine, but this is not required.
- *
- * @author Craig R. McClanahan
*/
public class StandardService extends LifecycleMBeanBase implements Service {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/StandardWrapper.java tomcat10-10.1.52/java/org/apache/catalina/core/StandardWrapper.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/StandardWrapper.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/StandardWrapper.java 2026-01-23 19:33:36.000000000 +0000
@@ -65,9 +65,6 @@
/**
* Standard implementation of the Wrapper interface that represents an individual servlet definition. No child
* Containers are allowed, and the parent Container must be a Context.
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
public class StandardWrapper extends ContainerBase implements ServletConfig, Wrapper, NotificationEmitter {
@@ -585,9 +582,9 @@
countAllocated.incrementAndGet();
} catch (ServletException e) {
throw e;
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
- throw new ServletException(sm.getString("standardWrapper.allocate"), e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ throw new ServletException(sm.getString("standardWrapper.allocate"), t);
}
}
if (!instanceInitialized) {
@@ -722,8 +719,8 @@
try {
jspMonitorON = new ObjectName(oname.toString());
Registry.getRegistry(null).registerComponent(instance, jspMonitorON, null);
- } catch (Exception ex) {
- log.warn(sm.getString("standardWrapper.jspMonitorError", instance));
+ } catch (Exception e) {
+ log.warn(sm.getString("standardWrapper.jspMonitorError", instance), e);
}
}
}
@@ -766,8 +763,8 @@
unavailable(null);
// Restore the context ClassLoader
throw new ServletException(sm.getString("standardWrapper.notServlet", servletClass), e);
- } catch (Throwable e) {
- Throwable throwable = ExceptionUtils.unwrapInvocationTargetException(e);
+ } catch (Throwable t) {
+ Throwable throwable = ExceptionUtils.unwrapInvocationTargetException(t);
ExceptionUtils.handleThrowable(throwable);
unavailable(null);
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/StandardWrapperFacade.java tomcat10-10.1.52/java/org/apache/catalina/core/StandardWrapperFacade.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/StandardWrapperFacade.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/StandardWrapperFacade.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,8 +25,6 @@
/**
* Facade for the StandardWrapper object.
- *
- * @author Remy Maucherat
*/
public final class StandardWrapperFacade implements ServletConfig {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/StandardWrapperValve.java tomcat10-10.1.52/java/org/apache/catalina/core/StandardWrapperValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/StandardWrapperValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/StandardWrapperValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -44,8 +44,6 @@
/**
* Valve that implements the default basic behavior for the StandardWrapper container implementation.
- *
- * @author Craig R. McClanahan
*/
final class StandardWrapperValve extends ValveBase {
@@ -122,11 +120,11 @@
StandardWrapper.getRootCause(e));
throwable = e;
exception(request, response, e);
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
- container.getLogger().error(sm.getString("standardWrapper.allocateException", wrapper.getName()), e);
- throwable = e;
- exception(request, response, e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ container.getLogger().error(sm.getString("standardWrapper.allocateException", wrapper.getName()), t);
+ throwable = t;
+ exception(request, response, t);
// servlet = null; is set here
}
@@ -183,11 +181,11 @@
}
throwable = e;
exception(request, response, e);
- } catch (IOException e) {
+ } catch (IOException ioe) {
container.getLogger()
- .error(sm.getString("standardWrapper.serviceException", wrapper.getName(), context.getName()), e);
- throwable = e;
- exception(request, response, e);
+ .error(sm.getString("standardWrapper.serviceException", wrapper.getName(), context.getName()), ioe);
+ throwable = ioe;
+ exception(request, response, ioe);
} catch (UnavailableException e) {
container.getLogger()
.error(sm.getString("standardWrapper.serviceException", wrapper.getName(), context.getName()), e);
@@ -203,12 +201,12 @@
}
throwable = e;
exception(request, response, e);
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
container.getLogger()
- .error(sm.getString("standardWrapper.serviceException", wrapper.getName(), context.getName()), e);
- throwable = e;
- exception(request, response, e);
+ .error(sm.getString("standardWrapper.serviceException", wrapper.getName(), context.getName()), t);
+ throwable = t;
+ exception(request, response, t);
} finally {
// Release the filter chain (if any) for this request
if (filterChain != null) {
@@ -220,12 +218,12 @@
if (servlet != null) {
wrapper.deallocate(servlet);
}
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
- container.getLogger().error(sm.getString("standardWrapper.deallocateException", wrapper.getName()), e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ container.getLogger().error(sm.getString("standardWrapper.deallocateException", wrapper.getName()), t);
if (throwable == null) {
- throwable = e;
- exception(request, response, e);
+ throwable = t;
+ exception(request, response, t);
}
}
@@ -235,11 +233,11 @@
if ((servlet != null) && (wrapper.getAvailable() == Long.MAX_VALUE)) {
wrapper.unload();
}
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
- container.getLogger().error(sm.getString("standardWrapper.unloadException", wrapper.getName()), e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ container.getLogger().error(sm.getString("standardWrapper.unloadException", wrapper.getName()), t);
if (throwable == null) {
- exception(request, response, e);
+ exception(request, response, t);
}
}
long t2 = System.currentTimeMillis();
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/core/ThreadLocalLeakPreventionListener.java tomcat10-10.1.52/java/org/apache/catalina/core/ThreadLocalLeakPreventionListener.java
--- tomcat10-10.1.40/java/org/apache/catalina/core/ThreadLocalLeakPreventionListener.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/core/ThreadLocalLeakPreventionListener.java 2026-01-23 19:33:36.000000000 +0000
@@ -73,8 +73,7 @@
stopIdleThreads((Context) lifecycle);
}
} catch (Exception e) {
- String msg = sm.getString("threadLocalLeakPreventionListener.lifecycleEvent.error", event);
- log.error(msg, e);
+ log.error(sm.getString("threadLocalLeakPreventionListener.lifecycleEvent.error", event), e);
}
}
@@ -83,8 +82,7 @@
try {
super.containerEvent(event);
} catch (Exception e) {
- String msg = sm.getString("threadLocalLeakPreventionListener.containerEvent.error", event);
- log.error(msg, e);
+ log.error(sm.getString("threadLocalLeakPreventionListener.containerEvent.error", event), e);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/deploy/NamingResourcesImpl.java tomcat10-10.1.52/java/org/apache/catalina/deploy/NamingResourcesImpl.java
--- tomcat10-10.1.40/java/org/apache/catalina/deploy/NamingResourcesImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/deploy/NamingResourcesImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -61,8 +61,6 @@
/**
* Holds and manages the naming resources defined in the Jakarta EE Naming Context and their associated JNDI context.
- *
- * @author Remy Maucherat
*/
public class NamingResourcesImpl extends LifecycleMBeanBase implements Serializable, NamingResources {
@@ -513,8 +511,8 @@
/**
- * @return the array of defined environment entries for this web application. If none have been defined, a zero-length
- * array is returned.
+ * @return the array of defined environment entries for this web application. If none have been defined, a
+ * zero-length array is returned.
*/
public ContextEnvironment[] findEnvironments() {
@@ -649,8 +647,8 @@
/**
- * @return the array of resource environment reference names for this web application. If none have been specified, a
- * zero-length array is returned.
+ * @return the array of resource environment reference names for this web application. If none have been specified,
+ * a zero-length array is returned.
*/
public ContextResourceEnvRef[] findResourceEnvRefs() {
@@ -977,10 +975,10 @@
try {
m = resource.getClass().getMethod(closeMethod, (Class[]) null);
} catch (SecurityException e) {
- log.debug(sm.getString("namingResources.cleanupCloseSecurity", closeMethod, name, container));
+ log.debug(sm.getString("namingResources.cleanupCloseSecurity", closeMethod, name, container), e);
return;
} catch (NoSuchMethodException e) {
- log.debug(sm.getString("namingResources.cleanupNoClose", name, container, closeMethod));
+ log.debug(sm.getString("namingResources.cleanupNoClose", name, container, closeMethod), e);
return;
}
try {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/filters/Constants.java tomcat10-10.1.52/java/org/apache/catalina/filters/Constants.java
--- tomcat10-10.1.40/java/org/apache/catalina/filters/Constants.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/filters/Constants.java 2026-01-23 19:33:36.000000000 +0000
@@ -16,11 +16,10 @@
*/
package org.apache.catalina.filters;
+import org.apache.tomcat.util.http.Method;
/**
* Manifest constants for this Java package.
- *
- * @author Craig R. McClanahan
*/
public final class Constants {
@@ -44,7 +43,8 @@
*/
public static final String CSRF_NONCE_REQUEST_PARAM_NAME_KEY = "org.apache.catalina.filters.CSRF_NONCE_PARAM_NAME";
- public static final String METHOD_GET = "GET";
+ @Deprecated
+ public static final String METHOD_GET = Method.GET;
public static final String CSRF_REST_NONCE_HEADER_NAME = "X-CSRF-Token";
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/filters/CorsFilter.java tomcat10-10.1.52/java/org/apache/catalina/filters/CorsFilter.java
--- tomcat10-10.1.40/java/org/apache/catalina/filters/CorsFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/filters/CorsFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -36,6 +36,7 @@
import org.apache.catalina.Globals;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.http.Method;
import org.apache.tomcat.util.http.RequestUtil;
import org.apache.tomcat.util.http.ResponseUtil;
import org.apache.tomcat.util.http.parser.MediaType;
@@ -405,7 +406,7 @@
response.addHeader(RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS, exposedHeadersString);
}
- if ("OPTIONS".equals(method)) {
+ if (Method.OPTIONS.equals(method)) {
// For an OPTIONS request, the response will vary based on the
// value or absence of the following headers. Hence, they need to be
// included in the Vary header.
@@ -546,7 +547,7 @@
if (originHeader.isEmpty() || !RequestUtil.isValidOrigin(originHeader)) {
return CORSRequestType.INVALID_CORS;
}
- if(RequestUtil.isSameOrigin(request, originHeader)) {
+ if (RequestUtil.isSameOrigin(request, originHeader)) {
return CORSRequestType.NOT_CORS;
}
String method = request.getMethod();
@@ -554,8 +555,9 @@
return CORSRequestType.INVALID_CORS;
}
switch (method) {
- case "OPTIONS":
- String accessControlRequestMethodHeader = request.getHeader(REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD);
+ case Method.OPTIONS:
+ String accessControlRequestMethodHeader =
+ request.getHeader(REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD);
if (accessControlRequestMethodHeader != null) {
if (accessControlRequestMethodHeader.isEmpty()) {
return CORSRequestType.INVALID_CORS;
@@ -563,10 +565,10 @@
return CORSRequestType.PRE_FLIGHT;
}
return CORSRequestType.ACTUAL;
- case "GET":
- case "HEAD":
+ case Method.GET:
+ case Method.HEAD:
return CORSRequestType.SIMPLE;
- case "POST":
+ case Method.POST:
String mediaType = MediaType.parseMediaTypeOnly(request.getContentType());
if (mediaType == null || SIMPLE_HTTP_REQUEST_CONTENT_TYPE_VALUES.contains(mediaType)) {
return CORSRequestType.SIMPLE;
@@ -892,7 +894,7 @@
* @see http://www.w3.org/TR/cors/#terminology
*/
public static final Collection SIMPLE_HTTP_REQUEST_CONTENT_TYPE_VALUES =
- Set.of(Globals.CONTENT_TYPE_FORM_URL_ENCODING, "multipart/form-data", "text/plain");
+ Set.of(Globals.CONTENT_TYPE_FORM_URL_ENCODING, "multipart/form-data", "text/plain");
// ------------------------------------------------ Configuration Defaults
/**
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/filters/CsrfPreventionFilter.java tomcat10-10.1.52/java/org/apache/catalina/filters/CsrfPreventionFilter.java
--- tomcat10-10.1.40/java/org/apache/catalina/filters/CsrfPreventionFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/filters/CsrfPreventionFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -41,6 +41,7 @@
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.http.Method;
/**
* Provides basic CSRF protection for a web application. The filter assumes that:
@@ -446,7 +447,7 @@
}
protected boolean skipNonceCheck(HttpServletRequest request) {
- if (!Constants.METHOD_GET.equals(request.getMethod())) {
+ if (!Method.GET.equals(request.getMethod())) {
return false;
}
@@ -545,6 +546,8 @@
@Override
public String encodeRedirectURL(String url) {
+ url = removeQueryParameters(url, nonceRequestParameterName);
+
if (shouldAddNonce(url)) {
return addNonce(super.encodeRedirectURL(url));
} else {
@@ -554,6 +557,8 @@
@Override
public String encodeURL(String url) {
+ url = removeQueryParameters(url, nonceRequestParameterName);
+
if (shouldAddNonce(url)) {
return addNonce(super.encodeURL(url));
} else {
@@ -575,6 +580,85 @@
return true;
}
+ /**
+ * Removes zero or more query parameters from a URL. All instances of the query parameter and any associated
+ * values will be removed.
+ *
+ * @param url The URL whose query parameters should be removed.
+ * @param parameterName The name of the parameter to remove.
+ *
+ * @return The URL without any instances of the query parameter parameterName present.
+ */
+ public static String removeQueryParameters(String url, String parameterName) {
+ if (null != parameterName) {
+ // Check for query string
+ int q = url.indexOf('?');
+ if (q > -1) {
+
+ // Look for parameter end
+ int start = q + 1;
+ int pos = url.indexOf('&', start);
+
+ int iterations = 0;
+
+ while (-1 < pos) {
+ // Process all parameters
+ if (++iterations > 100000) {
+ // Just in case things get out of control
+ throw new IllegalStateException("Way too many loop iterations");
+ }
+
+ int eq = url.indexOf('=', start);
+ int paramNameEnd;
+ if (-1 == eq || eq > pos) {
+ paramNameEnd = pos;
+ // Found no equal sign at all or past next & ; Parameter is all name.
+ } else {
+ // Found this param's equal sign
+ paramNameEnd = eq;
+ }
+ if (parameterName.equals(url.substring(start, paramNameEnd))) {
+ // Remove the parameter
+ url = url.substring(0, start) + url.substring(pos + 1); // +1 to consume the &
+ } else {
+ start = pos + 1; // Go to next parameter
+ }
+ pos = url.indexOf('&', start);
+ }
+
+ // Check final parameter
+ String paramName;
+ pos = url.indexOf('=', start);
+
+ if (-1 < pos) {
+ paramName = url.substring(start, pos);
+ } else {
+ paramName = url.substring(start);
+ // No value
+ }
+ if (paramName.equals(parameterName)) {
+ // Remove this parameter
+
+ // Remove any trailing ? or & as well
+ char c = url.charAt(start - 1);
+ if ('?' == c || '&' == c) {
+ start--;
+ }
+
+ url = url.substring(0, start);
+ } else {
+ // Remove trailing ? if it's there. Is this worth it?
+ int length = url.length();
+ if (length == q + 1) {
+ url = url.substring(0, length - 1);
+ }
+ }
+ }
+ }
+
+ return url;
+ }
+
/*
* Return the specified URL with the nonce added to the query string.
*
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/filters/ExpiresFilter.java tomcat10-10.1.52/java/org/apache/catalina/filters/ExpiresFilter.java
--- tomcat10-10.1.40/java/org/apache/catalina/filters/ExpiresFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/filters/ExpiresFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -44,6 +44,7 @@
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.StringUtils;
+import org.apache.tomcat.util.http.Method;
/**
*
@@ -510,7 +511,7 @@
* ({@link StartingPoint#ACCESS_TIME}) or the last time the HTML-page/servlet-response was modified (
* {@link StartingPoint#LAST_MODIFICATION_TIME}).
*/
- public enum StartingPoint {
+ public enum StartingPoint {
ACCESS_TIME,
LAST_MODIFICATION_TIME
}
@@ -1403,7 +1404,7 @@
// Don't add cache headers unless the request is a GET or a HEAD request
String method = request.getMethod();
- if (!"GET".equals(method) && !"HEAD".equals(method)) {
+ if (!Method.GET.equals(method) && !Method.HEAD.equals(method)) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("expiresFilter.invalidMethod", request.getRequestURI(), method));
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/filters/RemoteAddrFilter.java tomcat10-10.1.52/java/org/apache/catalina/filters/RemoteAddrFilter.java
--- tomcat10-10.1.40/java/org/apache/catalina/filters/RemoteAddrFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/filters/RemoteAddrFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -30,8 +30,9 @@
* Concrete implementation of RequestFilter that filters based on the string representation of the remote
* client's IP address.
*
- * @author Craig R. McClanahan
+ * @deprecated This Filter will be removed in Tomcat 12 onwards. Use {@link RemoteCIDRFilter} instead.
*/
+@Deprecated
public final class RemoteAddrFilter extends RequestFilter {
// Log must be non-static as loggers are created per class-loader and this
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/filters/RemoteCIDRFilter.java tomcat10-10.1.52/java/org/apache/catalina/filters/RemoteCIDRFilter.java
--- tomcat10-10.1.40/java/org/apache/catalina/filters/RemoteCIDRFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/filters/RemoteCIDRFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
import java.io.PrintWriter;
import java.net.InetAddress;
import java.net.UnknownHostException;
-import java.util.ArrayList;
-import java.util.Collections;
import java.util.List;
import jakarta.servlet.FilterChain;
@@ -31,9 +29,9 @@
import jakarta.servlet.http.HttpServletResponse;
import org.apache.catalina.util.NetMask;
+import org.apache.catalina.util.NetMaskSet;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
-import org.apache.tomcat.util.buf.StringUtils;
public final class RemoteCIDRFilter extends FilterBase {
@@ -49,14 +47,14 @@
private final Log log = LogFactory.getLog(RemoteCIDRFilter.class); // must not be static
/**
- * The list of allowed {@link NetMask}s
+ * The allowed {@link NetMask}s.
*/
- private final List allow = new ArrayList<>();
+ private final NetMaskSet allow = new NetMaskSet();
/**
- * The list of denied {@link NetMask}s
+ * The denied {@link NetMask}s.
*/
- private final List deny = new ArrayList<>();
+ private final NetMaskSet deny = new NetMaskSet();
/**
@@ -77,7 +75,7 @@
* @throws IllegalArgumentException One or more netmasks are invalid
*/
public void setAllow(final String input) {
- final List messages = fillFromInput(input, allow);
+ final List messages = allow.addAll(input);
if (messages.isEmpty()) {
return;
@@ -109,7 +107,7 @@
* @throws IllegalArgumentException One or more netmasks are invalid
*/
public void setDeny(final String input) {
- final List messages = fillFromInput(input, deny);
+ final List messages = deny.addAll(input);
if (messages.isEmpty()) {
return;
@@ -174,22 +172,17 @@
return false;
}
- for (final NetMask nm : deny) {
- if (nm.matches(addr)) {
- return false;
- }
+ if (deny.contains(addr)) {
+ return false;
}
- for (final NetMask nm : allow) {
- if (nm.matches(addr)) {
- return true;
- }
+ if (allow.contains(addr)) {
+ return true;
}
// Allow if deny is specified but allow isn't
// Deny this request otherwise
return !deny.isEmpty() && allow.isEmpty();
-
}
@@ -199,35 +192,4 @@
writer.write(sm.getString("http.403"));
writer.flush();
}
-
-
- /**
- * Fill a {@link NetMask} list from a string input containing a comma-separated list of (hopefully valid)
- * {@link NetMask}s.
- *
- * @param input The input string
- * @param target The list to fill
- *
- * @return a string list of processing errors (empty when no errors)
- */
- private List fillFromInput(final String input, final List target) {
- target.clear();
- if (input == null || input.isEmpty()) {
- return Collections.emptyList();
- }
-
- final List messages = new ArrayList<>();
- NetMask nm;
-
- for (final String s : StringUtils.splitCommaSeparated(input)) {
- try {
- nm = new NetMask(s);
- target.add(nm);
- } catch (IllegalArgumentException e) {
- messages.add(s + ": " + e.getMessage());
- }
- }
-
- return Collections.unmodifiableList(messages);
- }
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/filters/RemoteHostFilter.java tomcat10-10.1.52/java/org/apache/catalina/filters/RemoteHostFilter.java
--- tomcat10-10.1.40/java/org/apache/catalina/filters/RemoteHostFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/filters/RemoteHostFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -28,8 +28,6 @@
/**
* Concrete implementation of RequestFilter that filters based on the remote client's host name.
- *
- * @author Craig R. McClanahan
*/
public final class RemoteHostFilter extends RequestFilter {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/filters/RemoteIpFilter.java tomcat10-10.1.52/java/org/apache/catalina/filters/RemoteIpFilter.java
--- tomcat10-10.1.40/java/org/apache/catalina/filters/RemoteIpFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/filters/RemoteIpFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -194,6 +194,7 @@
*
@@ -742,14 +750,13 @@
/**
* @see #setInternalProxies(String)
*/
- private Pattern internalProxies =
- Pattern.compile("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" + "192\\.168\\.\\d{1,3}\\.\\d{1,3}|" +
- "169\\.254\\.\\d{1,3}\\.\\d{1,3}|" + "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
- "100\\.6[4-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "100\\.[7-9]{1}\\d{1}\\.\\d{1,3}\\.\\d{1,3}|" +
- "100\\.1[0-1]{1}\\d{1}\\.\\d{1,3}\\.\\d{1,3}|" + "100\\.12[0-7]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
- "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
- "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "0:0:0:0:0:0:0:1|::1|" +
- "fe[89ab]\\p{XDigit}:.*|" + "f[cd]\\p{XDigit}{2}+:.*");
+ private Pattern internalProxies = Pattern.compile("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
+ "192\\.168\\.\\d{1,3}\\.\\d{1,3}|" + "169\\.254\\.\\d{1,3}\\.\\d{1,3}|" +
+ "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" + "100\\.6[4-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
+ "100\\.[7-9]{1}\\d{1}\\.\\d{1,3}\\.\\d{1,3}|" + "100\\.1[0-1]{1}\\d{1}\\.\\d{1,3}\\.\\d{1,3}|" +
+ "100\\.12[0-7]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
+ "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
+ "0:0:0:0:0:0:0:1|::1|" + "fe[89ab]\\p{XDigit}:.*|" + "f[cd]\\p{XDigit}{2}+:.*");
/**
* @see #setProtocolHeader(String)
@@ -898,7 +905,7 @@
}
} catch (IllegalArgumentException iae) {
- log.debug(sm.getString("remoteIpFilter.invalidHostHeader", hostHeaderValue, hostHeader));
+ log.debug(sm.getString("remoteIpFilter.invalidHostHeader", hostHeaderValue, hostHeader), iae);
}
}
}
@@ -960,7 +967,7 @@
try {
port = Integer.parseInt(portHeaderValue);
} catch (NumberFormatException nfe) {
- log.debug(sm.getString("remoteIpFilter.invalidPort", portHeaderValue, getPortHeader()));
+ log.debug(sm.getString("remoteIpFilter.invalidPort", portHeaderValue, getPortHeader()), nfe);
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/filters/RequestDumperFilter.java tomcat10-10.1.52/java/org/apache/catalina/filters/RequestDumperFilter.java
--- tomcat10-10.1.40/java/org/apache/catalina/filters/RequestDumperFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/filters/RequestDumperFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -46,8 +46,6 @@
* org.apache.catalina.filter.RequestDumperFilter logger is directed to a dedicated file and that the
* org.apache.juli.VerbatimFormatter is used.
*
- *
- * @author Craig R. McClanahan
*/
public class RequestDumperFilter extends GenericFilter {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ha/ClusterListener.java tomcat10-10.1.52/java/org/apache/catalina/ha/ClusterListener.java
--- tomcat10-10.1.40/java/org/apache/catalina/ha/ClusterListener.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ha/ClusterListener.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,8 +26,6 @@
/**
* Receive SessionID cluster change from other backup node after primary session node is failed.
- *
- * @author Peter Rossbach
*/
public abstract class ClusterListener implements ChannelListener {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ha/ClusterManager.java tomcat10-10.1.52/java/org/apache/catalina/ha/ClusterManager.java
--- tomcat10-10.1.40/java/org/apache/catalina/ha/ClusterManager.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ha/ClusterManager.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,8 +26,6 @@
/**
* The common interface used by all cluster manager. This is so that we can have a more pluggable way of swapping
* session managers for different algorithms.
- *
- * @author Peter Rossbach
*/
public interface ClusterManager extends Manager {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ha/ClusterRuleSet.java tomcat10-10.1.52/java/org/apache/catalina/ha/ClusterRuleSet.java
--- tomcat10-10.1.40/java/org/apache/catalina/ha/ClusterRuleSet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ha/ClusterRuleSet.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,11 +20,7 @@
import org.apache.tomcat.util.digester.RuleSet;
/**
- *
* RuleSet for processing the contents of a Cluster definition element.
- *
- *
- * @author Peter Rossbach
*/
public class ClusterRuleSet implements RuleSet {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ha/ClusterValve.java tomcat10-10.1.52/java/org/apache/catalina/ha/ClusterValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/ha/ClusterValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ha/ClusterValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,8 +21,6 @@
/**
* Cluster valves are a simple extension to the Tomcat valve architecture with a small addition of being able to
* reference the cluster component in the container it sits in.
- *
- * @author Peter Rossbach
*/
public interface ClusterValve extends Valve {
/**
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ha/authenticator/ClusterSingleSignOn.java tomcat10-10.1.52/java/org/apache/catalina/ha/authenticator/ClusterSingleSignOn.java
--- tomcat10-10.1.40/java/org/apache/catalina/ha/authenticator/ClusterSingleSignOn.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ha/authenticator/ClusterSingleSignOn.java 2026-01-23 19:33:36.000000000 +0000
@@ -46,8 +46,6 @@
*
The web applications themselves must use one of the standard Authenticators found in the
* org.apache.catalina.authenticator package.
* IMPLEMENTATION NOTE : Correct behavior of session storing and reloading depends upon external calls to the
* start() and stop() methods of this class at the correct times.
- *
- * @author Craig R. McClanahan
- * @author Peter Rossbach
*/
public class DeltaManager extends ClusterManagerBase {
@@ -76,6 +75,7 @@
private int stateTransferTimeout = 60;
private boolean sendAllSessions = true;
private int sendAllSessionsSize = 1000;
+ private boolean enableStatistics = true;
/**
* wait time between send session block (default 2 sec)
@@ -88,25 +88,25 @@
// -------------------------------------------------------- stats attributes
- private volatile long sessionReplaceCounter = 0;
- private volatile long counterReceive_EVT_GET_ALL_SESSIONS = 0;
- private volatile long counterReceive_EVT_ALL_SESSION_DATA = 0;
- private volatile long counterReceive_EVT_SESSION_CREATED = 0;
- private volatile long counterReceive_EVT_SESSION_EXPIRED = 0;
- private volatile long counterReceive_EVT_SESSION_ACCESSED = 0;
- private volatile long counterReceive_EVT_SESSION_DELTA = 0;
- private volatile int counterReceive_EVT_ALL_SESSION_TRANSFERCOMPLETE = 0;
- private volatile long counterReceive_EVT_CHANGE_SESSION_ID = 0;
- private volatile long counterReceive_EVT_ALL_SESSION_NOCONTEXTMANAGER = 0;
- private volatile long counterSend_EVT_GET_ALL_SESSIONS = 0;
- private volatile long counterSend_EVT_ALL_SESSION_DATA = 0;
- private volatile long counterSend_EVT_SESSION_CREATED = 0;
- private volatile long counterSend_EVT_SESSION_DELTA = 0;
- private volatile long counterSend_EVT_SESSION_ACCESSED = 0;
- private volatile long counterSend_EVT_SESSION_EXPIRED = 0;
- private volatile int counterSend_EVT_ALL_SESSION_TRANSFERCOMPLETE = 0;
- private volatile long counterSend_EVT_CHANGE_SESSION_ID = 0;
- private volatile int counterNoStateTransferred = 0;
+ private final AtomicLong sessionReplaceCounter = new AtomicLong(0);
+ private final AtomicLong counterReceive_EVT_GET_ALL_SESSIONS = new AtomicLong(0);
+ private final AtomicLong counterReceive_EVT_ALL_SESSION_DATA = new AtomicLong(0);
+ private final AtomicLong counterReceive_EVT_SESSION_CREATED = new AtomicLong(0);
+ private final AtomicLong counterReceive_EVT_SESSION_EXPIRED = new AtomicLong(0);
+ private final AtomicLong counterReceive_EVT_SESSION_ACCESSED = new AtomicLong(0);
+ private final AtomicLong counterReceive_EVT_SESSION_DELTA = new AtomicLong(0);
+ private final AtomicInteger counterReceive_EVT_ALL_SESSION_TRANSFERCOMPLETE = new AtomicInteger(0);
+ private final AtomicLong counterReceive_EVT_CHANGE_SESSION_ID = new AtomicLong(0);
+ private final AtomicLong counterReceive_EVT_ALL_SESSION_NOCONTEXTMANAGER = new AtomicLong(0);
+ private final AtomicLong counterSend_EVT_GET_ALL_SESSIONS = new AtomicLong(0);
+ private final AtomicLong counterSend_EVT_ALL_SESSION_DATA = new AtomicLong(0);
+ private final AtomicLong counterSend_EVT_SESSION_CREATED = new AtomicLong(0);
+ private final AtomicLong counterSend_EVT_SESSION_DELTA = new AtomicLong(0);
+ private final AtomicLong counterSend_EVT_SESSION_ACCESSED = new AtomicLong(0);
+ private final AtomicLong counterSend_EVT_SESSION_EXPIRED = new AtomicLong(0);
+ private final AtomicInteger counterSend_EVT_ALL_SESSION_TRANSFERCOMPLETE = new AtomicInteger(0);
+ private final AtomicLong counterSend_EVT_CHANGE_SESSION_ID = new AtomicLong(0);
+ private final AtomicInteger counterNoStateTransferred = new AtomicInteger(0);
// ------------------------------------------------------------- Constructor
@@ -130,98 +130,98 @@
* @return Returns the counterSend_EVT_GET_ALL_SESSIONS.
*/
public long getCounterSend_EVT_GET_ALL_SESSIONS() {
- return counterSend_EVT_GET_ALL_SESSIONS;
+ return counterSend_EVT_GET_ALL_SESSIONS.get();
}
/**
* @return Returns the counterSend_EVT_SESSION_ACCESSED.
*/
public long getCounterSend_EVT_SESSION_ACCESSED() {
- return counterSend_EVT_SESSION_ACCESSED;
+ return counterSend_EVT_SESSION_ACCESSED.get();
}
/**
* @return Returns the counterSend_EVT_SESSION_CREATED.
*/
public long getCounterSend_EVT_SESSION_CREATED() {
- return counterSend_EVT_SESSION_CREATED;
+ return counterSend_EVT_SESSION_CREATED.get();
}
/**
* @return Returns the counterSend_EVT_SESSION_DELTA.
*/
public long getCounterSend_EVT_SESSION_DELTA() {
- return counterSend_EVT_SESSION_DELTA;
+ return counterSend_EVT_SESSION_DELTA.get();
}
/**
* @return Returns the counterSend_EVT_SESSION_EXPIRED.
*/
public long getCounterSend_EVT_SESSION_EXPIRED() {
- return counterSend_EVT_SESSION_EXPIRED;
+ return counterSend_EVT_SESSION_EXPIRED.get();
}
/**
* @return Returns the counterSend_EVT_ALL_SESSION_DATA.
*/
public long getCounterSend_EVT_ALL_SESSION_DATA() {
- return counterSend_EVT_ALL_SESSION_DATA;
+ return counterSend_EVT_ALL_SESSION_DATA.get();
}
/**
* @return Returns the counterSend_EVT_ALL_SESSION_TRANSFERCOMPLETE.
*/
public int getCounterSend_EVT_ALL_SESSION_TRANSFERCOMPLETE() {
- return counterSend_EVT_ALL_SESSION_TRANSFERCOMPLETE;
+ return counterSend_EVT_ALL_SESSION_TRANSFERCOMPLETE.get();
}
/**
* @return Returns the counterSend_EVT_CHANGE_SESSION_ID.
*/
public long getCounterSend_EVT_CHANGE_SESSION_ID() {
- return counterSend_EVT_CHANGE_SESSION_ID;
+ return counterSend_EVT_CHANGE_SESSION_ID.get();
}
/**
* @return Returns the counterReceive_EVT_ALL_SESSION_DATA.
*/
public long getCounterReceive_EVT_ALL_SESSION_DATA() {
- return counterReceive_EVT_ALL_SESSION_DATA;
+ return counterReceive_EVT_ALL_SESSION_DATA.get();
}
/**
* @return Returns the counterReceive_EVT_GET_ALL_SESSIONS.
*/
public long getCounterReceive_EVT_GET_ALL_SESSIONS() {
- return counterReceive_EVT_GET_ALL_SESSIONS;
+ return counterReceive_EVT_GET_ALL_SESSIONS.get();
}
/**
* @return Returns the counterReceive_EVT_SESSION_ACCESSED.
*/
public long getCounterReceive_EVT_SESSION_ACCESSED() {
- return counterReceive_EVT_SESSION_ACCESSED;
+ return counterReceive_EVT_SESSION_ACCESSED.get();
}
/**
* @return Returns the counterReceive_EVT_SESSION_CREATED.
*/
public long getCounterReceive_EVT_SESSION_CREATED() {
- return counterReceive_EVT_SESSION_CREATED;
+ return counterReceive_EVT_SESSION_CREATED.get();
}
/**
* @return Returns the counterReceive_EVT_SESSION_DELTA.
*/
public long getCounterReceive_EVT_SESSION_DELTA() {
- return counterReceive_EVT_SESSION_DELTA;
+ return counterReceive_EVT_SESSION_DELTA.get();
}
/**
* @return Returns the counterReceive_EVT_SESSION_EXPIRED.
*/
public long getCounterReceive_EVT_SESSION_EXPIRED() {
- return counterReceive_EVT_SESSION_EXPIRED;
+ return counterReceive_EVT_SESSION_EXPIRED.get();
}
@@ -229,35 +229,35 @@
* @return Returns the counterReceive_EVT_ALL_SESSION_TRANSFERCOMPLETE.
*/
public int getCounterReceive_EVT_ALL_SESSION_TRANSFERCOMPLETE() {
- return counterReceive_EVT_ALL_SESSION_TRANSFERCOMPLETE;
+ return counterReceive_EVT_ALL_SESSION_TRANSFERCOMPLETE.get();
}
/**
* @return Returns the counterReceive_EVT_CHANGE_SESSION_ID.
*/
public long getCounterReceive_EVT_CHANGE_SESSION_ID() {
- return counterReceive_EVT_CHANGE_SESSION_ID;
+ return counterReceive_EVT_CHANGE_SESSION_ID.get();
}
/**
* @return Returns the counterReceive_EVT_ALL_SESSION_NOCONTEXTMANAGER.
*/
public long getCounterReceive_EVT_ALL_SESSION_NOCONTEXTMANAGER() {
- return counterReceive_EVT_ALL_SESSION_NOCONTEXTMANAGER;
+ return counterReceive_EVT_ALL_SESSION_NOCONTEXTMANAGER.get();
}
/**
* @return Returns the sessionReplaceCounter.
*/
public long getSessionReplaceCounter() {
- return sessionReplaceCounter;
+ return sessionReplaceCounter.get();
}
/**
* @return Returns the counterNoStateTransferred.
*/
public int getCounterNoStateTransferred() {
- return counterNoStateTransferred;
+ return counterNoStateTransferred.get();
}
public int getReceivedQueueSize() {
@@ -391,6 +391,19 @@
this.notifyContainerListenersOnReplication = notifyContainerListenersOnReplication;
}
+ /**
+ * @return the enableStatistics
+ */
+ public boolean getEnableStatistics() {
+ return this.enableStatistics;
+ }
+
+ /**
+ * @param enableStatistics the enableStatistics to set
+ */
+ public void setEnableStatistics(boolean enableStatistics) {
+ this.enableStatistics = enableStatistics;
+ }
// --------------------------------------------------------- Public Methods
@@ -433,7 +446,9 @@
log.trace(sm.getString("deltaManager.sendMessage.newSession", name, sessionId));
}
msg.setTimestamp(session.getCreationTime());
- counterSend_EVT_SESSION_CREATED++;
+ if (enableStatistics) {
+ counterSend_EVT_SESSION_CREATED.incrementAndGet();
+ }
send(msg);
}
}
@@ -495,10 +510,12 @@
SessionMessage msg = new SessionMessageImpl(getName(), SessionMessage.EVT_CHANGE_SESSION_ID, data,
orgSessionID, orgSessionID + "-" + System.currentTimeMillis());
msg.setTimestamp(System.currentTimeMillis());
- counterSend_EVT_CHANGE_SESSION_ID++;
+ if (enableStatistics) {
+ counterSend_EVT_CHANGE_SESSION_ID.incrementAndGet();
+ }
send(msg);
- } catch (IOException e) {
- log.error(sm.getString("deltaManager.unableSerializeSessionID", newSessionID), e);
+ } catch (IOException ioe) {
+ log.error(sm.getString("deltaManager.unableSerializeSessionID", newSessionID), ioe);
}
}
}
@@ -573,7 +590,9 @@
session.resetDeltaRequest();
// FIXME How inform other session id cache like SingleSignOn
if (findSession(session.getIdInternal()) != null) {
- sessionReplaceCounter++;
+ if (enableStatistics) {
+ sessionReplaceCounter.incrementAndGet();
+ }
// FIXME better is to grap this sessions again !
if (log.isWarnEnabled()) {
log.warn(sm.getString("deltaManager.loading.existing.session", session.getIdInternal()));
@@ -587,9 +606,9 @@
} catch (ClassNotFoundException e) {
log.error(sm.getString("deltaManager.loading.cnfe", e), e);
throw e;
- } catch (IOException e) {
- log.error(sm.getString("deltaManager.loading.ioe", e), e);
- throw e;
+ } catch (IOException ioe) {
+ log.error(sm.getString("deltaManager.loading.ioe", ioe), ioe);
+ throw ioe;
}
}
@@ -615,9 +634,9 @@
}
// Flush and close the output stream
oos.flush();
- } catch (IOException e) {
- log.error(sm.getString("deltaManager.unloading.ioe", e), e);
- throw e;
+ } catch (IOException ioe) {
+ log.error(sm.getString("deltaManager.unloading.ioe", ioe), ioe);
+ throw ioe;
}
// send object data as byte[]
@@ -684,7 +703,9 @@
// set reference time
stateTransferCreateSendTime = beforeSendTime;
// request session state
- counterSend_EVT_GET_ALL_SESSIONS++;
+ if (enableStatistics) {
+ counterSend_EVT_GET_ALL_SESSIONS.incrementAndGet();
+ }
stateTransferred = false;
// FIXME This send call block the deploy thread, when sender waitForAck is enabled
try {
@@ -764,8 +785,8 @@
do {
try {
Thread.sleep(100);
- } catch (Exception sleep) {
- //
+ } catch (Exception ignore) {
+ // Ignore
}
reqNow = System.currentTimeMillis();
isTimeout = ((reqNow - reqStart) > (1000L * getStateTransferTimeout()));
@@ -776,7 +797,7 @@
do {
try {
Thread.sleep(100);
- } catch (Exception sleep) {
+ } catch (Exception ignore) {
// Ignore
}
} while ((!getStateTransferred()) && (!isNoContextManagerReceived()));
@@ -784,7 +805,9 @@
}
}
if (isTimeout) {
- counterNoStateTransferred++;
+ if (enableStatistics) {
+ counterNoStateTransferred.incrementAndGet();
+ }
log.error(sm.getString("deltaManager.noSessionState", getName(), new Date(beforeSendTime),
Long.valueOf(reqNow - beforeSendTime)));
} else if (isNoContextManagerReceived()) {
@@ -894,17 +917,21 @@
return null;
}
if (session.isDirty()) {
- counterSend_EVT_SESSION_DELTA++;
+ if (enableStatistics) {
+ counterSend_EVT_SESSION_DELTA.incrementAndGet();
+ }
msg = new SessionMessageImpl(getName(), SessionMessage.EVT_SESSION_DELTA, session.getDiff(), sessionId,
sessionId + "-" + System.currentTimeMillis());
}
- } catch (IOException x) {
- log.error(sm.getString("deltaManager.createMessage.unableCreateDeltaRequest", sessionId), x);
+ } catch (IOException ioe) {
+ log.error(sm.getString("deltaManager.createMessage.unableCreateDeltaRequest", sessionId), ioe);
return null;
}
if (msg == null) {
if (!expires && !session.isPrimarySession()) {
- counterSend_EVT_SESSION_ACCESSED++;
+ if (enableStatistics) {
+ counterSend_EVT_SESSION_ACCESSED.incrementAndGet();
+ }
msg = new SessionMessageImpl(getName(), SessionMessage.EVT_SESSION_ACCESSED, null, sessionId,
sessionId + "-" + System.currentTimeMillis());
if (log.isDebugEnabled()) {
@@ -923,7 +950,9 @@
if (!expires && (msg == null)) {
long replDelta = System.currentTimeMillis() - session.getLastTimeReplicated();
if (session.getMaxInactiveInterval() >= 0 && replDelta > (session.getMaxInactiveInterval() * 1000L)) {
- counterSend_EVT_SESSION_ACCESSED++;
+ if (enableStatistics) {
+ counterSend_EVT_SESSION_ACCESSED.incrementAndGet();
+ }
msg = new SessionMessageImpl(getName(), SessionMessage.EVT_SESSION_ACCESSED, null, sessionId,
sessionId + "-" + System.currentTimeMillis());
if (log.isDebugEnabled()) {
@@ -959,25 +988,25 @@
}
}
rejectedSessions = 0;
- sessionReplaceCounter = 0;
- counterNoStateTransferred = 0;
+ sessionReplaceCounter.set(0);
+ counterNoStateTransferred.set(0);
setMaxActive(getActiveSessions());
- counterReceive_EVT_ALL_SESSION_DATA = 0;
- counterReceive_EVT_GET_ALL_SESSIONS = 0;
- counterReceive_EVT_SESSION_ACCESSED = 0;
- counterReceive_EVT_SESSION_CREATED = 0;
- counterReceive_EVT_SESSION_DELTA = 0;
- counterReceive_EVT_SESSION_EXPIRED = 0;
- counterReceive_EVT_ALL_SESSION_TRANSFERCOMPLETE = 0;
- counterReceive_EVT_CHANGE_SESSION_ID = 0;
- counterSend_EVT_ALL_SESSION_DATA = 0;
- counterSend_EVT_GET_ALL_SESSIONS = 0;
- counterSend_EVT_SESSION_ACCESSED = 0;
- counterSend_EVT_SESSION_CREATED = 0;
- counterSend_EVT_SESSION_DELTA = 0;
- counterSend_EVT_SESSION_EXPIRED = 0;
- counterSend_EVT_ALL_SESSION_TRANSFERCOMPLETE = 0;
- counterSend_EVT_CHANGE_SESSION_ID = 0;
+ counterReceive_EVT_ALL_SESSION_DATA.set(0);
+ counterReceive_EVT_GET_ALL_SESSIONS.set(0);
+ counterReceive_EVT_SESSION_ACCESSED.set(0);
+ counterReceive_EVT_SESSION_CREATED.set(0);
+ counterReceive_EVT_SESSION_DELTA.set(0);
+ counterReceive_EVT_SESSION_EXPIRED.set(0);
+ counterReceive_EVT_ALL_SESSION_TRANSFERCOMPLETE.set(0);
+ counterReceive_EVT_CHANGE_SESSION_ID.set(0);
+ counterSend_EVT_ALL_SESSION_DATA.set(0);
+ counterSend_EVT_GET_ALL_SESSIONS.set(0);
+ counterSend_EVT_SESSION_ACCESSED.set(0);
+ counterSend_EVT_SESSION_CREATED.set(0);
+ counterSend_EVT_SESSION_DELTA.set(0);
+ counterSend_EVT_SESSION_EXPIRED.set(0);
+ counterSend_EVT_ALL_SESSION_TRANSFERCOMPLETE.set(0);
+ counterSend_EVT_CHANGE_SESSION_ID.set(0);
}
@@ -990,7 +1019,9 @@
*/
protected void sessionExpired(String id) {
if (cluster.getMembers().length > 0) {
- counterSend_EVT_SESSION_EXPIRED++;
+ if (enableStatistics) {
+ counterSend_EVT_SESSION_EXPIRED.incrementAndGet();
+ }
SessionMessage msg = new SessionMessageImpl(getName(), SessionMessage.EVT_SESSION_EXPIRED, null, id,
id + "-EXPIRED-MSG");
msg.setTimestamp(System.currentTimeMillis());
@@ -1093,8 +1124,8 @@
// we didn't recognize the message type, do nothing
break;
} // switch
- } catch (Exception x) {
- log.error(sm.getString("deltaManager.receiveMessage.error", getName()), x);
+ } catch (Exception e) {
+ log.error(sm.getString("deltaManager.receiveMessage.error", getName()), e);
} finally {
currentThread.setContextClassLoader(contextLoader);
}
@@ -1110,7 +1141,9 @@
* @param sender Member which sent the message
*/
protected void handleALL_SESSION_TRANSFERCOMPLETE(SessionMessage msg, Member sender) {
- counterReceive_EVT_ALL_SESSION_TRANSFERCOMPLETE++;
+ if (enableStatistics) {
+ counterReceive_EVT_ALL_SESSION_TRANSFERCOMPLETE.incrementAndGet();
+ }
if (log.isDebugEnabled()) {
log.debug(sm.getString("deltaManager.receiveMessage.transfercomplete", getName(), sender.getHost(),
Integer.valueOf(sender.getPort())));
@@ -1129,7 +1162,9 @@
* @throws ClassNotFoundException Serialization error
*/
protected void handleSESSION_DELTA(SessionMessage msg, Member sender) throws IOException, ClassNotFoundException {
- counterReceive_EVT_SESSION_DELTA++;
+ if (enableStatistics) {
+ counterReceive_EVT_SESSION_DELTA.incrementAndGet();
+ }
byte[] delta = msg.getSession();
DeltaSession session = (DeltaSession) findSession(msg.getSessionID());
if (session == null) {
@@ -1154,7 +1189,9 @@
* @throws IOException Propagated IO error
*/
protected void handleSESSION_ACCESSED(SessionMessage msg, Member sender) throws IOException {
- counterReceive_EVT_SESSION_ACCESSED++;
+ if (enableStatistics) {
+ counterReceive_EVT_SESSION_ACCESSED.incrementAndGet();
+ }
DeltaSession session = (DeltaSession) findSession(msg.getSessionID());
if (session != null) {
if (log.isDebugEnabled()) {
@@ -1175,7 +1212,9 @@
* @throws IOException Propagated IO error
*/
protected void handleSESSION_EXPIRED(SessionMessage msg, Member sender) throws IOException {
- counterReceive_EVT_SESSION_EXPIRED++;
+ if (enableStatistics) {
+ counterReceive_EVT_SESSION_EXPIRED.incrementAndGet();
+ }
DeltaSession session = (DeltaSession) findSession(msg.getSessionID());
if (session != null) {
if (log.isDebugEnabled()) {
@@ -1192,7 +1231,9 @@
* @param sender Member which sent the message
*/
protected void handleSESSION_CREATED(SessionMessage msg, Member sender) {
- counterReceive_EVT_SESSION_CREATED++;
+ if (enableStatistics) {
+ counterReceive_EVT_SESSION_CREATED.incrementAndGet();
+ }
if (log.isDebugEnabled()) {
log.debug(sm.getString("deltaManager.receiveMessage.createNewSession", getName(), msg.getSessionID()));
}
@@ -1220,7 +1261,9 @@
*/
protected void handleALL_SESSION_DATA(SessionMessage msg, Member sender)
throws ClassNotFoundException, IOException {
- counterReceive_EVT_ALL_SESSION_DATA++;
+ if (enableStatistics) {
+ counterReceive_EVT_ALL_SESSION_DATA.incrementAndGet();
+ }
if (log.isDebugEnabled()) {
log.debug(sm.getString("deltaManager.receiveMessage.allSessionDataBegin", getName()));
}
@@ -1242,7 +1285,9 @@
* @throws IOException IO error sending messages
*/
protected void handleGET_ALL_SESSIONS(SessionMessage msg, Member sender) throws IOException {
- counterReceive_EVT_GET_ALL_SESSIONS++;
+ if (enableStatistics) {
+ counterReceive_EVT_GET_ALL_SESSIONS.incrementAndGet();
+ }
// get a list of all the session from this manager
if (log.isDebugEnabled()) {
log.debug(sm.getString("deltaManager.receiveMessage.unloadingBegin", getName()));
@@ -1266,7 +1311,7 @@
if (getSendAllSessionsWaitTime() > 0 && remain > 0) {
try {
Thread.sleep(getSendAllSessionsWaitTime());
- } catch (Exception sleep) {
+ } catch (Exception ignore) {
// Ignore
}
}
@@ -1279,7 +1324,9 @@
if (log.isDebugEnabled()) {
log.debug(sm.getString("deltaManager.createMessage.allSessionTransferred", getName()));
}
- counterSend_EVT_ALL_SESSION_TRANSFERCOMPLETE++;
+ if (enableStatistics) {
+ counterSend_EVT_ALL_SESSION_TRANSFERCOMPLETE.incrementAndGet();
+ }
cluster.send(newmsg, sender);
}
@@ -1292,7 +1339,9 @@
* @throws IOException IO error with serialization
*/
protected void handleCHANGE_SESSION_ID(SessionMessage msg, Member sender) throws IOException {
- counterReceive_EVT_CHANGE_SESSION_ID++;
+ if (enableStatistics) {
+ counterReceive_EVT_CHANGE_SESSION_ID.incrementAndGet();
+ }
DeltaSession session = (DeltaSession) findSession(msg.getSessionID());
if (session != null) {
String newSessionID = deserializeSessionId(msg.getSession());
@@ -1310,7 +1359,9 @@
* @param sender Member which sent the message
*/
protected void handleALL_SESSION_NOCONTEXTMANAGER(SessionMessage msg, Member sender) {
- counterReceive_EVT_ALL_SESSION_NOCONTEXTMANAGER++;
+ if (enableStatistics) {
+ counterReceive_EVT_ALL_SESSION_NOCONTEXTMANAGER.incrementAndGet();
+ }
if (log.isDebugEnabled()) {
log.debug(sm.getString("deltaManager.receiveMessage.noContextManager", getName(), sender.getHost(),
Integer.valueOf(sender.getPort())));
@@ -1338,7 +1389,9 @@
if (log.isDebugEnabled()) {
log.debug(sm.getString("deltaManager.createMessage.allSessionData", getName()));
}
- counterSend_EVT_ALL_SESSION_DATA++;
+ if (enableStatistics) {
+ counterSend_EVT_ALL_SESSION_DATA.incrementAndGet();
+ }
int sendOptions = Channel.SEND_OPTIONS_SYNCHRONIZED_ACK | Channel.SEND_OPTIONS_USE_ACK;
cluster.send(newmsg, sender, sendOptions);
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ha/session/DeltaRequest.java tomcat10-10.1.52/java/org/apache/catalina/ha/session/DeltaRequest.java
--- tomcat10-10.1.40/java/org/apache/catalina/ha/session/DeltaRequest.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ha/session/DeltaRequest.java 2026-01-23 19:33:36.000000000 +0000
@@ -147,8 +147,8 @@
if (!this.actionPool.isEmpty()) {
try {
info = actionPool.removeFirst();
- } catch (Exception x) {
- log.error(sm.getString("deltaRequest.removeUnable"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("deltaRequest.removeUnable"), e);
info = new AttributeInfo(type, action, name, value);
}
info.init(type, action, name, value);
@@ -251,8 +251,8 @@
AttributeInfo info = actions.removeFirst();
info.recycle();
actionPool.addLast(info);
- } catch (Exception x) {
- log.error(sm.getString("deltaRequest.removeUnable"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("deltaRequest.removeUnable"), e);
}
}
}
@@ -264,8 +264,8 @@
public void setSessionId(String sessionId) {
this.sessionId = sessionId;
if (sessionId == null) {
- Exception e = new Exception(sm.getString("deltaRequest.ssid.null"));
- log.error(sm.getString("deltaRequest.ssid.null"), e.fillInStackTrace());
+ String msg = sm.getString("deltaRequest.ssid.null");
+ log.error(msg, new Exception(msg));
}
}
@@ -293,8 +293,8 @@
if (!this.actionPool.isEmpty()) {
try {
info = actionPool.removeFirst();
- } catch (Exception x) {
- log.error(sm.getString("deltaRequest.removeUnable"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("deltaRequest.removeUnable"), e);
info = new AttributeInfo();
}
} else {
@@ -431,9 +431,8 @@
@Override
public String toString() {
- return "AttributeInfo[type=" + getType() + ", action=" + getAction() +
- ", name=" + getName() + ", value=" + getValue() +
- ", addr=" + super.toString() + ']';
+ return "AttributeInfo[type=" + getType() + ", action=" + getAction() + ", name=" + getName() + ", value=" +
+ getValue() + ", addr=" + super.toString() + ']';
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java tomcat10-10.1.52/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -58,8 +58,6 @@
* You can enable this mod_jk turnover mode via JMX before you drop a node to all backup nodes! Set enable true on all
* JvmRouteBinderValve backups, disable worker at mod_jk and then drop node and restart it! Then enable mod_jk worker
* and disable JvmRouteBinderValves again. This use case means that only requested sessions are migrated.
- *
- * @author Peter Rossbach
*/
public class JvmRouteBinderValve extends ValveBase implements ClusterValve {
@@ -258,8 +256,8 @@
Session catalinaSession = null;
try {
catalinaSession = getManager(request).findSession(sessionId);
- } catch (IOException e) {
- // Hups!
+ } catch (IOException ignore) {
+ // Error looking for session using old session ID. Treat it as not found.
}
String id = sessionId.substring(0, index);
String newSessionID = id + "." + localJvmRoute;
@@ -270,11 +268,11 @@
} else {
try {
catalinaSession = getManager(request).findSession(newSessionID);
- } catch (IOException e) {
- // Hups!
+ } catch (IOException ignore) {
+ // Error looking for session using new session ID. Treat it as not found.
}
if (catalinaSession != null) {
- // session is rewrite at other request, rewrite this also
+ // Session was rewritten in other, concurrent request. Rewrite this request also.
changeRequestSessionID(request, sessionId, newSessionID);
} else {
if (log.isDebugEnabled()) {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ha/session/LocalStrings_ja.properties tomcat10-10.1.52/java/org/apache/catalina/ha/session/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/org/apache/catalina/ha/session/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ha/session/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -82,7 +82,7 @@
jvmRoute.changeSession=セッションを [{0}] から [{1}] へ変更しました。
jvmRoute.failover=他の jvmRoute へのフェールオーバーを検出しました。元のルートは [{0}]、新しいルートは [{1}]、セッション ID は [{2}] です。
jvmRoute.foundManager=Cluster Manager [{0}] を [{1}] で発見しました
-jvmRoute.missingJvmRouteAttribute=jvmRoute 属性にエンジンが指定されていません。
+jvmRoute.missingJvmRouteAttribute=Engine に jvmRoute 属性が指定されていません!
jvmRoute.noCluster=JvmRouterBinderValveは設定されていますが、クラスタリングは使用されていません。 PersistentManagerが使用されている場合、フェールオーバーは引き続き機能します。
jvmRoute.notFoundManager=[{0}]でCluster Managerが見つかりません。
jvmRoute.set.originalsessionid=オリジナルSession idをリクエスト属性[{0}]の値:[{1}]で設定します。
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ha/session/SessionMessage.java tomcat10-10.1.52/java/org/apache/catalina/ha/session/SessionMessage.java
--- tomcat10-10.1.40/java/org/apache/catalina/ha/session/SessionMessage.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ha/session/SessionMessage.java 2026-01-23 19:33:36.000000000 +0000
@@ -47,8 +47,8 @@
int EVT_SESSION_EXPIRED = 2;
/**
- * Event type used when a session has been accessed (ie, last access time has been updated). This is used so that the
- * replicated sessions will not expire on the network
+ * Event type used when a session has been accessed (ie, last access time has been updated). This is used so that
+ * the replicated sessions will not expire on the network
*/
int EVT_SESSION_ACCESSED = 3;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ha/session/SessionMessageImpl.java tomcat10-10.1.52/java/org/apache/catalina/ha/session/SessionMessageImpl.java
--- tomcat10-10.1.40/java/org/apache/catalina/ha/session/SessionMessageImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ha/session/SessionMessageImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,9 +20,7 @@
import org.apache.catalina.ha.ClusterMessageBase;
/**
- * Session cluster message
- *
- * @author Peter Rossbach
+ * Session cluster message.
*/
public class SessionMessageImpl extends ClusterMessageBase implements SessionMessage {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ha/tcp/Constants.java tomcat10-10.1.52/java/org/apache/catalina/ha/tcp/Constants.java
--- tomcat10-10.1.40/java/org/apache/catalina/ha/tcp/Constants.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ha/tcp/Constants.java 2026-01-23 19:33:36.000000000 +0000
@@ -18,8 +18,6 @@
/**
* Manifest constants for the org.apache.catalina.ha.tcp package.
- *
- * @author Peter Rossbach
*/
public class Constants {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ha/tcp/ReplicationValve.java tomcat10-10.1.52/java/org/apache/catalina/ha/tcp/ReplicationValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/ha/tcp/ReplicationValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ha/tcp/ReplicationValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -47,21 +47,14 @@
import org.apache.tomcat.util.res.StringManager;
/**
- *
* Implementation of a Valve that logs interesting contents from the specified Request (before processing) and the
* corresponding Response (after processing). It is especially useful in debugging problems related to headers and
* cookies.
- *
*
* This Valve may be attached to any Container, depending on the granularity of the logging you wish to perform.
- *
*
* primaryIndicator=true, then the request attribute org.apache.catalina.ha.tcp.isPrimarySession. is set true,
* when request processing is at sessions primary node.
- *
- *
- * @author Craig R. McClanahan
- * @author Peter Rossbach
*/
public class ReplicationValve extends ValveBase implements ClusterValve {
@@ -377,9 +370,9 @@
if (isCrossContext) {
sendCrossContextSession();
}
- } catch (Exception x) {
+ } catch (Exception e) {
// FIXME we have a lot of sends, but the trouble with one node stops the correct replication to other nodes!
- log.error(sm.getString("ReplicationValve.send.failure"), x);
+ log.error(sm.getString("ReplicationValve.send.failure"), e);
} finally {
if (doStatistics()) {
updateStats(totalstart, start, isAsync);
@@ -506,8 +499,8 @@
for (String invalidId : invalidIds) {
try {
send(manager, invalidId);
- } catch (Exception x) {
- log.error(sm.getString("ReplicationValve.send.invalid.failure", invalidId), x);
+ } catch (Exception e) {
+ log.error(sm.getString("ReplicationValve.send.invalid.failure", invalidId), e);
}
}
}
@@ -545,8 +538,7 @@
Long.valueOf(totalSendTime.longValue() / nrOfRequests.longValue()),
Long.valueOf(nrOfRequests.longValue()), Long.valueOf(nrOfSendRequests.longValue()),
Long.valueOf(nrOfCrossContextSendRequests.longValue()),
- Long.valueOf(nrOfFilterRequests.longValue()),
- Long.valueOf(totalRequestTime.longValue()),
+ Long.valueOf(nrOfFilterRequests.longValue()), Long.valueOf(totalRequestTime.longValue()),
Long.valueOf(totalSendTime.longValue())));
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ha/tcp/SendMessageData.java tomcat10-10.1.52/java/org/apache/catalina/ha/tcp/SendMessageData.java
--- tomcat10-10.1.40/java/org/apache/catalina/ha/tcp/SendMessageData.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ha/tcp/SendMessageData.java 2026-01-23 19:33:36.000000000 +0000
@@ -18,9 +18,6 @@
import org.apache.catalina.tribes.Member;
-/**
- * @author Peter Rossbach
- */
public class SendMessageData {
private Object message;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/ha/tcp/SimpleTcpCluster.java tomcat10-10.1.52/java/org/apache/catalina/ha/tcp/SimpleTcpCluster.java
--- tomcat10-10.1.40/java/org/apache/catalina/ha/tcp/SimpleTcpCluster.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/ha/tcp/SimpleTcpCluster.java 2026-01-23 19:33:36.000000000 +0000
@@ -59,9 +59,6 @@
/**
* A Cluster implementation using simple multicast. Responsible for setting up a cluster and provides callers
* with a valid multicast receiver/sender.
- *
- * @author Remy Maucherat
- * @author Peter Rossbach
*/
public class SimpleTcpCluster extends LifecycleMBeanBase
implements CatalinaCluster, MembershipListener, ChannelListener {
@@ -345,8 +342,8 @@
try {
manager = managerTemplate.cloneFromTemplate();
manager.setName(name);
- } catch (Exception x) {
- log.error(sm.getString("simpleTcpCluster.clustermanager.cloneFailed"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("simpleTcpCluster.clustermanager.cloneFailed"), e);
manager = new DeltaManager();
} finally {
if (manager != null) {
@@ -470,9 +467,9 @@
clusterDeployer.start();
}
registerMember(channel.getLocalMember(false));
- } catch (Exception x) {
- log.error(sm.getString("simpleTcpCluster.startUnable"), x);
- throw new LifecycleException(x);
+ } catch (Exception e) {
+ log.error(sm.getString("simpleTcpCluster.startUnable"), e);
+ throw new LifecycleException(e);
}
setState(LifecycleState.STARTING);
@@ -560,8 +557,8 @@
channel.removeChannelListener(this);
channel.removeMembershipListener(this);
this.unregisterClusterValve();
- } catch (Exception x) {
- log.error(sm.getString("simpleTcpCluster.stopUnable"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("simpleTcpCluster.stopUnable"), e);
}
channel.setUtilityExecutor(null);
@@ -612,8 +609,8 @@
log.debug(sm.getString("simpleTcpCluster.noMembers", msg));
}
}
- } catch (Exception x) {
- log.error(sm.getString("simpleTcpCluster.sendFailed"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("simpleTcpCluster.sendFailed"), e);
}
}
@@ -631,8 +628,8 @@
// Notify our interested LifecycleListeners
fireLifecycleEvent(AFTER_MEMBERREGISTER_EVENT, member);
- } catch (Exception x) {
- log.error(sm.getString("simpleTcpCluster.member.addFailed"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("simpleTcpCluster.member.addFailed"), e);
}
}
@@ -651,8 +648,8 @@
// Notify our interested LifecycleListeners
fireLifecycleEvent(AFTER_MEMBERUNREGISTER_EVENT, member);
- } catch (Exception x) {
- log.error(sm.getString("simpleTcpCluster.member.removeFailed"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("simpleTcpCluster.member.removeFailed"), e);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/loader/LocalStrings.properties tomcat10-10.1.52/java/org/apache/catalina/loader/LocalStrings.properties
--- tomcat10-10.1.40/java/org/apache/catalina/loader/LocalStrings.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/loader/LocalStrings.properties 2026-01-23 19:33:36.000000000 +0000
@@ -50,7 +50,7 @@
webappClassLoader.restrictedPackage=Security violation, attempt to use restricted class [{0}]
webappClassLoader.securityException=Security exception trying to find class [{0}] in findClassInternal [{1}]
webappClassLoader.stackTrace=The web application [{0}] appears to have started a thread named [{1}] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:{2}
-webappClassLoader.stackTraceRequestThread=The web application [{0}] is still processing a request that has yet to finish. This is very likely to create a memory leak. You can control the time allowed for requests to finish by using the unloadDelay attribute of the standard Context implementation. Stack trace of request processing thread:[{2}]
+webappClassLoader.stackTraceRequestThread=The thread [{1}] of web application [{0}] is still processing a request that has yet to finish. This is very likely to create a memory leak. You can control the time allowed for requests to finish by using the unloadDelay attribute of the standard Context implementation. Stack trace of request processing thread:[{2}]
webappClassLoader.stopThreadFail=Failed to terminate thread named [{0}] for web application [{1}]
webappClassLoader.stopTimerThreadFail=Failed to terminate TimerThread named [{0}] for web application [{1}]
webappClassLoader.stopped=Illegal access: this web application instance has been stopped already. Could not load [{0}]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access.
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/loader/LocalStrings_fr.properties tomcat10-10.1.52/java/org/apache/catalina/loader/LocalStrings_fr.properties
--- tomcat10-10.1.40/java/org/apache/catalina/loader/LocalStrings_fr.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/loader/LocalStrings_fr.properties 2026-01-23 19:33:36.000000000 +0000
@@ -50,7 +50,7 @@
webappClassLoader.restrictedPackage=Violation de sécurité en essayant d''utiliser à une classe à accès restreint [{0}]
webappClassLoader.securityException=Exception de sécurité en essayant de trouver la classe [{0}] dans findClassInternal [{1}]
webappClassLoader.stackTrace=L''application web [{0}] semble avoir démarré un thread nommé [{1}] mais ne l''a pas arrêté, ce qui va probablement créer une fuite de mémoire ; la trace du thread est : {2}
-webappClassLoader.stackTraceRequestThread=Une requête de l''application web [{0}] est toujours en cours, ce qui causera certainement une fuite de mémoire, vous pouvez contrôler le temps alloué en utilisant l''attribut unloadDelay de l''implémentation standard de Context ; trace du fil d’exécution de la requête : [{2}]
+webappClassLoader.stackTraceRequestThread=Le thread [{1}] de l''application web [{0}] est toujours en cours, ce qui risque de causer une fuite de mémoire. Vous pouvez contrôler le temps alloué en utilisant l''attribut unloadDelay de l''implémentation standard de Context ; trace de la pile d''exécution de la requête : [{2}]
webappClassLoader.stopThreadFail=Impossible de terminer le thread nommé [{0}] pour l''application [{1}]
webappClassLoader.stopTimerThreadFail=Echec de l''arrêt du TimerThread nommé [{0}] pour l''application web [{1}]
webappClassLoader.stopped=Impossible de charger [{0}], ce chargeur de classes a déjà été arrêté
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/loader/LocalStrings_ja.properties tomcat10-10.1.52/java/org/apache/catalina/loader/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/org/apache/catalina/loader/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/loader/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -50,7 +50,7 @@
webappClassLoader.restrictedPackage=セキュリティー違反。制限されたクラス [{0}] を使おうとしました。
webappClassLoader.securityException=indClassInternal [{1}] でクラス [{0}] を検索中のセキュリティ例外です
webappClassLoader.stackTrace=Webアプリケーション [{0}] は [{1}] という名前のスレッドを開始したようですが、停止に失敗しました。これはメモリリークを引き起こす可能性が非常に高いです。スレッドのスタックトレース: {2}
-webappClassLoader.stackTraceRequestThread=Webアプリケーション[{0}]はまだ完了していないリクエストを処理しています。 これはメモリリークを引き起こす可能性が非常に高いです。 リクエストの終了時間は、StandardContext実装のunloadDelay属性を使用して制御できます。 リクエスト処理スレッドのスタックトレース:[{2}]
+webappClassLoader.stackTraceRequestThread=Webアプリケーション[{0}]のスレッド[{1}]はまだ完了していないリクエストを処理しています。 これはメモリリークを引き起こす可能性が非常に高いです。 リクエストの終了時間は、StandardContext実装のunloadDelay属性を使用して制御できます。 リクエスト処理スレッドのスタックトレース:[{2}]
webappClassLoader.stopThreadFail=Web アプリケーション [{1}] のスレッド [{0}] は終了できません。
webappClassLoader.stopTimerThreadFail=Webアプリケーション [{1}] の [{0}] という名前のTimerThreadを終了できませんでした
webappClassLoader.stopped=不正なアクセス: このWebアプリケーションのインスタンスは既に停止されています Could not load [{0}]. 不正なアクセスを引き起こしたスレッドを終了させ、投げられたエラーによりデバッグ用に次のスタックトレースが生成されましたが,機能に影響はありません
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/loader/LocalStrings_ko.properties tomcat10-10.1.52/java/org/apache/catalina/loader/LocalStrings_ko.properties
--- tomcat10-10.1.40/java/org/apache/catalina/loader/LocalStrings_ko.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/loader/LocalStrings_ko.properties 2026-01-23 19:33:36.000000000 +0000
@@ -50,7 +50,7 @@
webappClassLoader.restrictedPackage=보안 위반 행위: 제한된 클래스 [{0}]을(를) 사용하려 시도했습니다.
webappClassLoader.securityException=findClassInternal에서, 클래스 [{0}]을(를) 찾으려 시도 중 보안 예외 발생: [{1}]
webappClassLoader.stackTrace=웹 애플리케이션 [{0}]이(가) [{1}](이)라는 이름의 쓰레드를 시작시킨 것으로 보이지만, 해당 쓰레드를 중지시키지 못했습니다. 이는 메모리 누수를 유발할 가능성이 큽니다. 해당 쓰레드의 스택 트레이스:{2}
-webappClassLoader.stackTraceRequestThread=웹 애플리케이션 [{0}]이(가) 여전히 완료되지 않은 요청을 처리하고 있습니다. 이는 메모리 누수를 유발할 가능성이 높습니다. 표준 컨텍스트 구현의 unloadDelay 속성을 이용하여, 요청 완료 허용 시간을 통제할 수 있습니다. 요청 처리 쓰레드의 스택 트레이스:[{2}]
+webappClassLoader.stackTraceRequestThread=웹 애플리케이션 [{0}]의 쓰레드 [{1}]가 여전히 완료되지 않은 요청을 처리하고 있습니다. 이는 메모리 누수를 유발할 가능성이 높습니다. 표준 컨텍스트 구현의 unloadDelay 속성을 이용하여, 요청 완료 허용 시간을 통제할 수 있습니다. 요청 처리 쓰레드의 스택 트레이스:[{2}]
webappClassLoader.stopThreadFail=웹 애플리케이션 [{1}]을 위한, [{0}](이)라는 이름의 쓰레드를 종료시키지 못했습니다.
webappClassLoader.stopTimerThreadFail=웹 애플리케이션 [{1}]을(를) 위한, [{0}](이)라는 이름의 TimerThread를 종료시키지 못했습니다.
webappClassLoader.stopped=불허되는 접근: 이 웹 애플리케이션 인스턴스는 이미 중지되었습니다. [{0}]을(를) 로드할 수 없습니다. 디버그 목적 및 불허되는 접근을 발생시킨 해당 쓰레드를 종료시키기 위한 시도로서, 다음 스택 트레이스가 생성됩니다.
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/loader/LocalStrings_zh_CN.properties tomcat10-10.1.52/java/org/apache/catalina/loader/LocalStrings_zh_CN.properties
--- tomcat10-10.1.40/java/org/apache/catalina/loader/LocalStrings_zh_CN.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/loader/LocalStrings_zh_CN.properties 2026-01-23 19:33:36.000000000 +0000
@@ -50,7 +50,7 @@
webappClassLoader.restrictedPackage=安全冲突,尝试使用受限类[{0}]
webappClassLoader.securityException=尝试在findClassInternal[{1}]中查找类[{0}]时出现安全异常
webappClassLoader.stackTrace=Web应用程序[{0}]似乎启动了一个名为[{1}]的线程,但未能停止它。这很可能会造成内存泄漏。线程的堆栈跟踪:[{2}]
-webappClassLoader.stackTraceRequestThread=web应用程序[{0}]仍在处理一个尚未完成的请求。这很可能会造成内存泄漏。您可以使用标准上下文实现的unloadDelay属性来控制请求完成所允许的时间。请求处理线程的堆栈跟踪:[{2}]
+webappClassLoader.stackTraceRequestThread=web应用程序[{0}]中的线程[{1}]仍在处理一个尚未完成的请求。这很可能会造成内存泄漏。您可以使用标准上下文实现的unloadDelay属性来控制请求完成所允许的时间。请求处理线程的堆栈跟踪:[{2}]
webappClassLoader.stopThreadFail=为web应用程序[{1}]终止线程[{0}]失败
webappClassLoader.stopTimerThreadFail=无法终止名为[{0}]的TimerThread,web应用程序:[{1}]
webappClassLoader.stopped=非法访问:此Web应用程序实例已停止。无法加载[{0}]。为了调试以及终止导致非法访问的线程,将抛出以下堆栈跟踪。
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/loader/ResourceEntry.java tomcat10-10.1.52/java/org/apache/catalina/loader/ResourceEntry.java
--- tomcat10-10.1.40/java/org/apache/catalina/loader/ResourceEntry.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/loader/ResourceEntry.java 2026-01-23 19:33:36.000000000 +0000
@@ -18,8 +18,6 @@
/**
* Resource entry.
- *
- * @author Remy Maucherat
*/
public class ResourceEntry {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/loader/WebappClassLoaderBase.java tomcat10-10.1.52/java/org/apache/catalina/loader/WebappClassLoaderBase.java
--- tomcat10-10.1.40/java/org/apache/catalina/loader/WebappClassLoaderBase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/loader/WebappClassLoaderBase.java 2026-01-23 19:33:36.000000000 +0000
@@ -114,9 +114,6 @@
* IMPLEMENTATION NOTE - As of 8.0, this class loader implements {@link InstrumentableClassLoader},
* permitting web application classes to instrument other classes in the same web application. It does not permit
* instrumentation of system or container classes or classes in other web apps.
- *
- * @author Remy Maucherat
- * @author Craig R. McClanahan
*/
public abstract class WebappClassLoaderBase extends URLClassLoader
implements Lifecycle, InstrumentableClassLoader, WebappProperties, PermissionCheck {
@@ -1104,13 +1101,13 @@
while ((numRead = stream.read(buf)) >= 0) {
baos.write(buf, 0, numRead);
}
- } catch (IOException e) {
- log.error(sm.getString("webappClassLoader.transformError", name), e);
+ } catch (IOException ioe) {
+ log.error(sm.getString("webappClassLoader.transformError", name), ioe);
return null;
} finally {
try {
stream.close();
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore
}
}
@@ -1138,7 +1135,7 @@
stream = url.openStream();
}
}
- } catch (IOException e) {
+ } catch (IOException ioe) {
// Ignore
}
if (stream != null) {
@@ -1396,9 +1393,8 @@
// It is not permitted to load resources once the web application has
// been stopped.
if (!state.isAvailable()) {
- String msg = sm.getString("webappClassLoader.stopped", resource);
- IllegalStateException ise = new IllegalStateException(msg);
- log.info(msg, ise);
+ IllegalStateException ise = new IllegalStateException(sm.getString("webappClassLoader.stopped", resource));
+ log.info(ise.getMessage(), ise);
throw ise;
}
}
@@ -2344,7 +2340,11 @@
if (pkg != null) {
boolean sealCheck = true;
if (pkg.isSealed()) {
- sealCheck = pkg.isSealed(codeBase);
+ if (codeBase != null) {
+ sealCheck = pkg.isSealed(codeBase);
+ } else {
+ sealCheck = false;
+ }
} else {
sealCheck = manifest == null || !isPackageSealed(packageName, manifest);
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/loader/WebappLoader.java tomcat10-10.1.52/java/org/apache/catalina/loader/WebappLoader.java
--- tomcat10-10.1.40/java/org/apache/catalina/loader/WebappLoader.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/loader/WebappLoader.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,9 @@
import java.io.FilePermission;
import java.io.IOException;
import java.lang.reflect.Constructor;
+import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLClassLoader;
-import java.nio.charset.StandardCharsets;
import javax.management.ObjectName;
@@ -43,7 +43,6 @@
import org.apache.tomcat.jakartaee.EESpecProfile;
import org.apache.tomcat.jakartaee.EESpecProfiles;
import org.apache.tomcat.util.ExceptionUtils;
-import org.apache.tomcat.util.buf.UDecoder;
import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.modeler.Registry;
import org.apache.tomcat.util.res.StringManager;
@@ -56,9 +55,6 @@
* This class loader is configured via the Resources children of its Context prior to calling start(). When
* a new class is required, these Resources will be consulted first to locate the class. If it is not present, the
* system class loader will be used instead.
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
public class WebappLoader extends LifecycleMBeanBase implements Loader {
@@ -322,13 +318,13 @@
MigrationUtil.addJakartaEETransformer(classLoader, getJakartaConverter());
}
- // Configure our repositories
- setClassPath();
-
setPermissions();
classLoader.start();
+ // Configure our repositories
+ setClassPath();
+
String contextName = context.getName();
if (!contextName.startsWith("/")) {
contextName = "/" + contextName;
@@ -507,14 +503,19 @@
URL[] repositories = ((URLClassLoader) loader).getURLs();
for (URL url : repositories) {
String repository = url.toString();
- if (repository.startsWith("file://")) {
- repository = UDecoder.URLDecode(repository.substring(7), StandardCharsets.UTF_8);
- } else if (repository.startsWith("file:")) {
- repository = UDecoder.URLDecode(repository.substring(5), StandardCharsets.UTF_8);
- } else {
+ if (repository == null) {
continue;
}
- if (repository == null) {
+ if (repository.startsWith("file:")) {
+ // Let the JRE handle all the edge cases for URL to path conversion.
+ try {
+ File f = new File(url.toURI());
+ repository = f.getAbsolutePath();
+ } catch (URISyntaxException | IllegalArgumentException e) {
+ // Can't convert from URL to URI. Treat as non-file URL and skip.
+ continue;
+ }
+ } else {
continue;
}
if (classpath.length() > 0) {
@@ -523,8 +524,7 @@
classpath.append(repository);
}
} else if (loader == ClassLoader.getSystemClassLoader()) {
- // From Java 9 the internal class loaders no longer extend
- // URLCLassLoader
+ // From Java 9 the internal class loaders no longer extend URLCLassLoader
String cp = System.getProperty("java.class.path");
if (cp != null && !cp.isEmpty()) {
if (classpath.length() > 0) {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/manager/Constants.java tomcat10-10.1.52/java/org/apache/catalina/manager/Constants.java
--- tomcat10-10.1.40/java/org/apache/catalina/manager/Constants.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/manager/Constants.java 2026-01-23 19:33:36.000000000 +0000
@@ -36,6 +36,7 @@
HTML_HEADER_SECTION =
"\n" +
"\n" +
+ "\n" +
"\n";
BODY_HEADER_SECTION =
@@ -130,7 +131,7 @@
HTML_TAIL_SECTION =
"\n" +
"
\n" +
"\n" +
"\n" +
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java tomcat10-10.1.52/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
--- tomcat10-10.1.40/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java 2026-01-23 19:33:36.000000000 +0000
@@ -47,11 +47,6 @@
* However if you use a software that parses the output of HostManagerServlet you won't be able to upgrade
* to this Servlet since the output are not in the same format as from HostManagerServlet
*
- * @author Bip Thelin
- * @author Malcolm Edgar
- * @author Glenn L. Nielsen
- * @author Peter Rossbach
- *
* @see org.apache.catalina.manager.ManagerServlet
*/
public class HTMLHostManagerServlet extends HostManagerServlet {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/manager/host/HostManagerServlet.java tomcat10-10.1.52/java/org/apache/catalina/manager/host/HostManagerServlet.java
--- tomcat10-10.1.40/java/org/apache/catalina/manager/host/HostManagerServlet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/manager/host/HostManagerServlet.java 2026-01-23 19:33:36.000000000 +0000
@@ -76,9 +76,6 @@
*
debug - The debugging detail level that controls the amount of information that is logged by this servlet.
* Default is zero.
*
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
public class HostManagerServlet extends HttpServlet implements ContainerServlet {
@@ -331,7 +328,7 @@
}
try {
appBaseFile = file.getCanonicalFile();
- } catch (IOException e) {
+ } catch (IOException ioe) {
appBaseFile = file;
}
if (!appBaseFile.mkdirs() && !appBaseFile.isDirectory()) {
@@ -355,7 +352,7 @@
}
Path dest = new File(configBaseFile, "manager.xml").toPath();
Files.copy(is, dest);
- } catch (IOException e) {
+ } catch (IOException ioe) {
writer.println(smClient.getString("hostManagerServlet.managerXml"));
return;
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/manager/host/LocalStrings_ja.properties tomcat10-10.1.52/java/org/apache/catalina/manager/host/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/org/apache/catalina/manager/host/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/manager/host/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -18,7 +18,7 @@
hostManagerServlet.add=add: ホスト [{0}] を追加
hostManagerServlet.addFailed=FAIL - ホスト [{0}] を追加できません。
-hostManagerServlet.addSuccess=OK - ホスト [{0}] を追加しました
+hostManagerServlet.addSuccess=OK - ホスト [{0}] を追加しました
hostManagerServlet.alreadyHost=FAIL - ホスト名[{0}]のホストが既に存在します
hostManagerServlet.alreadyStarted=FAIL - ホスト [{0}] はすでに開始しています。
hostManagerServlet.alreadyStopped=FAIL - Host [{0}] はすでに停止しています。
@@ -42,7 +42,7 @@
hostManagerServlet.postCommand=FAIL - コマンド [{0}] をGETリクエストで使用しようとしましたが、POSTが必要です
hostManagerServlet.remove=remove: ホスト [{0}] を削除します。
hostManagerServlet.removeFailed=FAIL - Host [{0}] を削除できません。
-hostManagerServlet.removeSuccess=OK - ホスト [{0}] を削除しました
+hostManagerServlet.removeSuccess=OK - ホスト [{0}] を削除しました
hostManagerServlet.start=開始:名前[{0}]のホストを起動しています
hostManagerServlet.startFailed=FAIL - ホスト [{0}] の起動に失敗しました
hostManagerServlet.started=OK - ホスト [{0}] を開始しました
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/manager/host/LocalStrings_ru.properties tomcat10-10.1.52/java/org/apache/catalina/manager/host/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/org/apache/catalina/manager/host/LocalStrings_ru.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/manager/host/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -39,13 +39,13 @@
hostManagerServlet.persistFailed=Ошибка - Не удалось сохранить конфигурацию
hostManagerServlet.persisted=OK - Конфигурация сохранена
hostManagerServlet.postCommand=Ошибка - Команда [{0}] была подана при помощи запроса GET, но требуется POST
-hostManagerServlet.remove=remove: Удаление сервера [{0}]
+hostManagerServlet.remove=remove: Удаление хоста [{0}]
hostManagerServlet.removeFailed=Ошибка - Не удалось удалить сервер [{0}]
hostManagerServlet.removeSuccess=OK - Сервер удалён [{0}]
-hostManagerServlet.start=start: Запуск сервера с именем [{0}]
+hostManagerServlet.start=start: Запуск хоста с именем [{0}]
hostManagerServlet.startFailed=Ошибка - Не удалось запустить сервер [{0}]
hostManagerServlet.started=OK - Сервер [{0}] запущен
-hostManagerServlet.stop=stop: Остановка сервера с именем [{0}]
+hostManagerServlet.stop=stop: Остановка хоста с именем [{0}]
hostManagerServlet.stopFailed=Ошибка - Не удалось остановить сервер [{0}]
hostManagerServlet.stopped=OK - Сервер [{0}] остановлен
hostManagerServlet.unknownCommand=Ошибка - Неизвестная команда [{0}]
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/manager/host/LocalStrings_zh_CN.properties tomcat10-10.1.52/java/org/apache/catalina/manager/host/LocalStrings_zh_CN.properties
--- tomcat10-10.1.40/java/org/apache/catalina/manager/host/LocalStrings_zh_CN.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/manager/host/LocalStrings_zh_CN.properties 2026-01-23 19:33:36.000000000 +0000
@@ -18,7 +18,7 @@
hostManagerServlet.add=添加:添加主机[{0}]
hostManagerServlet.addFailed=失败 - 添加主机 [{0}] 失败
-hostManagerServlet.addSuccess=确定-添加主机[{0}]
+hostManagerServlet.addSuccess=OK - 确定-添加主机[{0}]
hostManagerServlet.alreadyHost=失败 - 主机名称[{0}]已经存在
hostManagerServlet.alreadyStarted=失败 - Host[{0}]已经启动。
hostManagerServlet.alreadyStopped=失败 - 主机[{0}]已经停止
@@ -42,12 +42,12 @@
hostManagerServlet.postCommand=失败 - 尝试通过GET请求使用命令[{0}],但是需要使用POST请求
hostManagerServlet.remove=移除:正在移除主机 [{0}]
hostManagerServlet.removeFailed=失败 - 无法移除主机 [{0}]
-hostManagerServlet.removeSuccess=确定-已删除主机[{0}]
+hostManagerServlet.removeSuccess=OK - 已删除主机[{0}]
hostManagerServlet.start=启动:启动主机[{0}]
hostManagerServlet.startFailed=失败 - 无法启动主机 [{0}]
hostManagerServlet.started=OK - 主机 [{0}] 已启动
hostManagerServlet.stop=停止:停止主机[{0}]
-hostManagerServlet.stopFailed=失败 - 无法停止主机 [{0}]
+hostManagerServlet.stopFailed=OK - 无法停止主机 [{0}]
hostManagerServlet.stopped=OK - 主机 [{0}] 已停止
hostManagerServlet.unknownCommand=失败 - 未知命令 [{0}]
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/manager/util/SessionUtils.java tomcat10-10.1.52/java/org/apache/catalina/manager/util/SessionUtils.java
--- tomcat10-10.1.40/java/org/apache/catalina/manager/util/SessionUtils.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/manager/util/SessionUtils.java 2026-01-23 19:33:36.000000000 +0000
@@ -32,8 +32,6 @@
/**
* Utility methods on HttpSessions.
- *
- * @author Cédrik LIME
*/
public class SessionUtils {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/mapper/LocalStrings_ru.properties tomcat10-10.1.52/java/org/apache/catalina/mapper/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/org/apache/catalina/mapper/LocalStrings_ru.properties 1970-01-01 00:00:00.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/mapper/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Do not edit this file directly.
+# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
+
+mapper.addHostAlias.success=Зарегистрирован псевдоним [{0}] для хоста [{1}]
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/mapper/Mapper.java tomcat10-10.1.52/java/org/apache/catalina/mapper/Mapper.java
--- tomcat10-10.1.40/java/org/apache/catalina/mapper/Mapper.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/mapper/Mapper.java 2026-01-23 19:33:36.000000000 +0000
@@ -41,8 +41,6 @@
/**
* Mapper, which implements the servlet API mapping rules (which are derived from the HTTP rules).
- *
- * @author Remy Maucherat
*/
public final class Mapper {
@@ -439,7 +437,7 @@
* @param resourceOnly true if this wrapper always expects a physical resource to be present (such as a JSP)
*/
private void addWrapper(ContextVersion context, String path, Wrapper wrapper, boolean jspWildCard,
- boolean resourceOnly) {
+ boolean resourceOnly) {
synchronized (context) {
if (path.endsWith("/*")) {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/mapper/MapperListener.java tomcat10-10.1.52/java/org/apache/catalina/mapper/MapperListener.java
--- tomcat10-10.1.40/java/org/apache/catalina/mapper/MapperListener.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/mapper/MapperListener.java 2026-01-23 19:33:36.000000000 +0000
@@ -40,9 +40,6 @@
/**
* Mapper listener.
- *
- * @author Remy Maucherat
- * @author Costin Manolache
*/
public class MapperListener extends LifecycleMBeanBase implements ContainerListener, LifecycleListener {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/mapper/MappingData.java tomcat10-10.1.52/java/org/apache/catalina/mapper/MappingData.java
--- tomcat10-10.1.40/java/org/apache/catalina/mapper/MappingData.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/mapper/MappingData.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,8 +25,6 @@
/**
* Mapping data.
- *
- * @author Remy Maucherat
*/
public class MappingData {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/mbeans/ClassNameMBean.java tomcat10-10.1.52/java/org/apache/catalina/mbeans/ClassNameMBean.java
--- tomcat10-10.1.40/java/org/apache/catalina/mbeans/ClassNameMBean.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/mbeans/ClassNameMBean.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,8 +26,6 @@
*
*
* @param The type that this bean represents.
- *
- * @author Craig R. McClanahan
*/
public class ClassNameMBean extends BaseCatalinaMBean {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/mbeans/ConnectorMBean.java tomcat10-10.1.52/java/org/apache/catalina/mbeans/ConnectorMBean.java
--- tomcat10-10.1.40/java/org/apache/catalina/mbeans/ConnectorMBean.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/mbeans/ConnectorMBean.java 2026-01-23 19:33:36.000000000 +0000
@@ -27,12 +27,8 @@
import org.apache.tomcat.util.res.StringManager;
/**
- *
* A ModelMBean implementation for the org.apache.coyote.tomcat5.CoyoteConnector
* component.
- *
* A ModelMBean implementation for the org.apache.catalina.Role component.
*
- *
- * @author Craig R. McClanahan
*/
public class RoleMBean extends BaseModelMBean {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/mbeans/SparseUserDatabaseMBean.java tomcat10-10.1.52/java/org/apache/catalina/mbeans/SparseUserDatabaseMBean.java
--- tomcat10-10.1.40/java/org/apache/catalina/mbeans/SparseUserDatabaseMBean.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/mbeans/SparseUserDatabaseMBean.java 2026-01-23 19:33:36.000000000 +0000
@@ -40,8 +40,6 @@
* register the corresponding user and make it available for management). All the MBeans created for users, groups and
* roles are then discarded when save is invoked.
*
- *
- * @author Craig R. McClanahan
*/
public class SparseUserDatabaseMBean extends BaseModelMBean {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/mbeans/UserMBean.java tomcat10-10.1.52/java/org/apache/catalina/mbeans/UserMBean.java
--- tomcat10-10.1.40/java/org/apache/catalina/mbeans/UserMBean.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/mbeans/UserMBean.java 2026-01-23 19:33:36.000000000 +0000
@@ -35,8 +35,6 @@
*
* A ModelMBean implementation for the org.apache.catalina.User component.
*
- *
- * @author Craig R. McClanahan
*/
public class UserMBean extends BaseModelMBean {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/realm/CombinedRealm.java tomcat10-10.1.52/java/org/apache/catalina/realm/CombinedRealm.java
--- tomcat10-10.1.40/java/org/apache/catalina/realm/CombinedRealm.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/realm/CombinedRealm.java 2026-01-23 19:33:36.000000000 +0000
@@ -359,7 +359,7 @@
// Stack trace will show where this was called from
UnsupportedOperationException uoe =
new UnsupportedOperationException(sm.getString("combinedRealm.getPassword"));
- log.error(sm.getString("combinedRealm.unexpectedMethod"), uoe);
+ log.error(uoe.getMessage(), uoe);
throw uoe;
}
@@ -369,7 +369,7 @@
// Stack trace will show where this was called from
UnsupportedOperationException uoe =
new UnsupportedOperationException(sm.getString("combinedRealm.getPrincipal"));
- log.error(sm.getString("combinedRealm.unexpectedMethod"), uoe);
+ log.error(uoe.getMessage(), uoe);
throw uoe;
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/realm/DataSourceRealm.java tomcat10-10.1.52/java/org/apache/catalina/realm/DataSourceRealm.java
--- tomcat10-10.1.40/java/org/apache/catalina/realm/DataSourceRealm.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/realm/DataSourceRealm.java 2026-01-23 19:33:36.000000000 +0000
@@ -34,11 +34,6 @@
/**
* Implementation of Realm that works with any JDBC JNDI DataSource. See the Realm How-To for more details on how
* to set up the database and for configuration options.
- *
- * @author Glenn L. Nielsen
- * @author Craig R. McClanahan
- * @author Carson McDonald
- * @author Ignacio Ortega
*/
public class DataSourceRealm extends RealmBase {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/realm/GenericPrincipal.java tomcat10-10.1.52/java/org/apache/catalina/realm/GenericPrincipal.java
--- tomcat10-10.1.40/java/org/apache/catalina/realm/GenericPrincipal.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/realm/GenericPrincipal.java 2026-01-23 19:33:36.000000000 +0000
@@ -33,8 +33,6 @@
/**
* Generic implementation of java.security.Principal that is available for use by Realm
* implementations.
- *
- * @author Craig R. McClanahan
*/
public class GenericPrincipal implements TomcatPrincipal, Serializable {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/realm/JAASCallbackHandler.java tomcat10-10.1.52/java/org/apache/catalina/realm/JAASCallbackHandler.java
--- tomcat10-10.1.40/java/org/apache/catalina/realm/JAASCallbackHandler.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/realm/JAASCallbackHandler.java 2026-01-23 19:33:36.000000000 +0000
@@ -29,22 +29,15 @@
import org.apache.tomcat.util.res.StringManager;
/**
- *
* Implementation of the JAAS CallbackHandler interface, used to negotiate delivery of the username and
* credentials that were specified to our constructor. No interaction with the user is required (or possible).
- *
*
* This CallbackHandler will pre-digest the supplied password, if required by the
* <Realm> element in server.xml.
- *
*
* At present, JAASCallbackHandler knows how to handle callbacks of type
* javax.security.auth.callback.NameCallback and
* javax.security.auth.callback.PasswordCallback.
- *
- *
- * @author Craig R. McClanahan
- * @author Andrew R. Jaquith
*/
public class JAASCallbackHandler implements CallbackHandler {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/realm/JAASMemoryLoginModule.java tomcat10-10.1.52/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
--- tomcat10-10.1.40/java/org/apache/catalina/realm/JAASMemoryLoginModule.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/realm/JAASMemoryLoginModule.java 2026-01-23 19:33:36.000000000 +0000
@@ -66,8 +66,6 @@
* requirements of the GenericPrincipal constructor. It does not actually perform the functionality
* required of a Realm implementation.
*
- *
- * @author Craig R. McClanahan
*/
public class JAASMemoryLoginModule extends MemoryRealm implements LoginModule {
// We need to extend MemoryRealm to avoid class cast
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/realm/JAASRealm.java tomcat10-10.1.52/java/org/apache/catalina/realm/JAASRealm.java
--- tomcat10-10.1.40/java/org/apache/catalina/realm/JAASRealm.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/realm/JAASRealm.java 2026-01-23 19:33:36.000000000 +0000
@@ -115,9 +115,6 @@
* JAASCallbackHandler will digest the password prior to passing it back to the
* LoginModule
*
- *
- * @author Craig R. McClanahan
- * @author Yoav Shapira
*/
public class JAASRealm extends RealmBase {
@@ -360,9 +357,9 @@
try {
Configuration config = getConfig();
loginContext = new LoginContext(appName, null, callbackHandler, config);
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
- log.error(sm.getString("jaasRealm.unexpectedError"), e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ log.error(sm.getString("jaasRealm.unexpectedError"), t);
// There is configuration issue with JAAS so mark the realm as
// unavailable
invocationSuccess = false;
@@ -395,7 +392,7 @@
}
} catch (AccountExpiredException e) {
if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.accountExpired", username));
+ log.debug(sm.getString("jaasRealm.accountExpired", username), e);
}
// JAAS checked LoginExceptions are successful authentication
// invocations so mark JAAS realm as available
@@ -403,7 +400,7 @@
return null;
} catch (CredentialExpiredException e) {
if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.credentialExpired", username));
+ log.debug(sm.getString("jaasRealm.credentialExpired", username), e);
}
// JAAS checked LoginExceptions are successful authentication
// invocations so mark JAAS realm as available
@@ -411,7 +408,7 @@
return null;
} catch (FailedLoginException e) {
if (log.isDebugEnabled()) {
- log.debug(sm.getString("jaasRealm.failedLogin", username));
+ log.debug(sm.getString("jaasRealm.failedLogin", username), e);
}
// JAAS checked LoginExceptions are successful authentication
// invocations so mark JAAS realm as available
@@ -423,9 +420,9 @@
// invocations so mark JAAS realm as available
invocationSuccess = true;
return null;
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
- log.error(sm.getString("jaasRealm.unexpectedError"), e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ log.error(sm.getString("jaasRealm.unexpectedError"), t);
// JAAS throws exception different from LoginException so mark the
// realm as unavailable
invocationSuccess = false;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/realm/JNDIRealm.java tomcat10-10.1.52/java/org/apache/catalina/realm/JNDIRealm.java
--- tomcat10-10.1.40/java/org/apache/catalina/realm/JNDIRealm.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/realm/JNDIRealm.java 2026-01-23 19:33:36.000000000 +0000
@@ -133,9 +133,6 @@
* descriptor allows applications to refer to roles programmatically by names other than those used in the directory
* server itself.
*
- *
- * @author John Holman
- * @author Craig R. McClanahan
*/
public class JNDIRealm extends RealmBase {
@@ -1156,9 +1153,9 @@
} catch (NullPointerException | NamingException e) {
/*
* BZ 61313 NamingException may or may not indicate an error that is recoverable via fail over.
- * Therefore, a decision needs to be made whether to fail over or not. Generally, attempting to fail over
- * when it is not appropriate is better than not failing over when it is appropriate so the code always
- * attempts to fail over for NamingExceptions.
+ * Therefore, a decision needs to be made whether to fail over or not. Generally, attempting to fail
+ * over when it is not appropriate is better than not failing over when it is appropriate so the code
+ * always attempts to fail over for NamingExceptions.
*/
/*
@@ -1832,7 +1829,7 @@
}
boolean validated = false;
- Hashtable preservedEnvironment = context.getEnvironment();
+ Hashtable preservedEnvironment = context.getEnvironment();
// Elicit an LDAP bind operation using the provided user credentials
try {
@@ -1848,7 +1845,7 @@
validated = true;
} catch (AuthenticationException e) {
if (containerLog.isTraceEnabled()) {
- containerLog.trace(" bind attempt failed");
+ containerLog.trace(" bind attempt failed", e);
}
} finally {
// Restore GSSAPI SASL if previously configured
@@ -2217,8 +2214,8 @@
if (tls != null) {
try {
tls.close();
- } catch (IOException e) {
- containerLog.error(sm.getString("jndiRealm.tlsClose"), e);
+ } catch (IOException ioe) {
+ containerLog.error(sm.getString("jndiRealm.tlsClose"), ioe);
}
}
// Close our opened connection
@@ -2570,7 +2567,7 @@
try {
Object o = constructInstance(className);
if (o instanceof SSLSocketFactory) {
- return sslSocketFactory;
+ return (SSLSocketFactory) o;
} else {
throw new IllegalArgumentException(sm.getString("jndiRealm.invalidSslSocketFactory", className));
}
@@ -2629,8 +2626,10 @@
try {
SSLSession negotiate = tls.negotiate(getSSLSocketFactory());
containerLog.debug(sm.getString("jndiRealm.negotiatedTls", negotiate.getProtocol()));
- } catch (IOException e) {
- throw new NamingException(e.getMessage());
+ } catch (IOException ioe) {
+ NamingException ne = new NamingException(ioe.getMessage());
+ ne.initCause(ioe);
+ throw ne;
}
} finally {
if (result != null) {
@@ -2763,8 +2762,8 @@
/**
* Given a string containing LDAP patterns for user locations (separated by parentheses in a pseudo-LDAP search
- * string format - "(location1)(location2)"), returns an array of those paths. Real LDAP search strings are supported
- * as well (though only the "|" "OR" type).
+ * string format - "(location1)(location2)"), returns an array of those paths. Real LDAP search strings are
+ * supported as well (though only the "|" "OR" type).
*
* @param userPatternString - a string LDAP search paths surrounded by parentheses
*
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/realm/LocalStrings_ru.properties tomcat10-10.1.52/java/org/apache/catalina/realm/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/org/apache/catalina/realm/LocalStrings_ru.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/realm/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -17,6 +17,7 @@
# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
dataSourceRealm.getPassword.exception=Исключение при получении пароля для [{0}]
+dataSourceRealm.getRoles.exception=Ошибка получения ролей для [{0}]
lockOutRealm.authLockedUser=Заблокированный пользователь [{0}] совершил попытку авторизоваться
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/realm/LockOutRealm.java tomcat10-10.1.52/java/org/apache/catalina/realm/LockOutRealm.java
--- tomcat10-10.1.40/java/org/apache/catalina/realm/LockOutRealm.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/realm/LockOutRealm.java 2026-01-23 19:33:36.000000000 +0000
@@ -218,7 +218,7 @@
// Check to see if user is locked
// Otherwise, user has not, yet, exceeded lock thresholds
return lockRecord.getFailures() >= failureCount &&
- (System.currentTimeMillis() - lockRecord.getLastFailureTime()) / 1000 < lockOutTime;
+ (System.currentTimeMillis() - lockRecord.getLastFailureTime()) / 1000 < lockOutTime;
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/realm/MemoryRealm.java tomcat10-10.1.52/java/org/apache/catalina/realm/MemoryRealm.java
--- tomcat10-10.1.40/java/org/apache/catalina/realm/MemoryRealm.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/realm/MemoryRealm.java 2026-01-23 19:33:36.000000000 +0000
@@ -38,8 +38,6 @@
* IMPLEMENTATION NOTE: It is assumed that the in-memory collection representing our defined users (and
* their roles) is initialized at application startup and never modified again. Therefore, no thread synchronization is
* performed around accesses to the principals collection.
- *
- * @author Craig R. McClanahan
*/
public class MemoryRealm extends RealmBase {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/realm/MemoryRuleSet.java tomcat10-10.1.52/java/org/apache/catalina/realm/MemoryRuleSet.java
--- tomcat10-10.1.40/java/org/apache/catalina/realm/MemoryRuleSet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/realm/MemoryRuleSet.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,8 +25,6 @@
*
* RuleSet for recognizing the users defined in the XML file processed by MemoryRealm.
*
- *
- * @author Craig R. McClanahan
*/
public class MemoryRuleSet implements RuleSet {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java tomcat10-10.1.52/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
--- tomcat10-10.1.40/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java 2026-01-23 19:33:36.000000000 +0000
@@ -58,6 +58,7 @@
private Charset encoding = StandardCharsets.UTF_8;
private String algorithm = null;
+ private boolean digestInRfc3112Order = false;
public String getEncoding() {
@@ -91,6 +92,16 @@
}
+ public boolean getDigestInRfc3112Order() {
+ return digestInRfc3112Order;
+ }
+
+
+ public void setDigestInRfc3112Order(boolean digestInRfc3112Order) {
+ this.digestInRfc3112Order = digestInRfc3112Order;
+ }
+
+
@Override
public boolean matches(String inputCredentials, String storedCredentials) {
if (inputCredentials == null || storedCredentials == null) {
@@ -162,7 +173,12 @@
if (salt == null) {
userDigest = ConcurrentMessageDigest.digest(algorithm, iterations, inputCredentialbytes);
} else {
- userDigest = ConcurrentMessageDigest.digest(algorithm, iterations, salt, inputCredentialbytes);
+ if (digestInRfc3112Order) {
+ // RFC 3112 states that the input order for the digest is credentials then salt
+ userDigest = ConcurrentMessageDigest.digest(algorithm, iterations, inputCredentialbytes, salt);
+ } else {
+ userDigest = ConcurrentMessageDigest.digest(algorithm, iterations, salt, inputCredentialbytes);
+ }
}
return HexUtils.toHexString(userDigest);
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/realm/NullRealm.java tomcat10-10.1.52/java/org/apache/catalina/realm/NullRealm.java
--- tomcat10-10.1.40/java/org/apache/catalina/realm/NullRealm.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/realm/NullRealm.java 2026-01-23 19:33:36.000000000 +0000
@@ -19,8 +19,8 @@
import java.security.Principal;
/**
- * Minimal Realm implementation that always returns null when an attempt is made to validate a username and password.
- * It is intended to be used as a default Realm implementation when no other Realm is specified.
+ * Minimal Realm implementation that always returns null when an attempt is made to validate a username and password. It
+ * is intended to be used as a default Realm implementation when no other Realm is specified.
*/
public class NullRealm extends RealmBase {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/realm/RealmBase.java tomcat10-10.1.52/java/org/apache/catalina/realm/RealmBase.java
--- tomcat10-10.1.40/java/org/apache/catalina/realm/RealmBase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/realm/RealmBase.java 2026-01-23 19:33:36.000000000 +0000
@@ -69,8 +69,6 @@
/**
* Simple implementation of Realm that reads an XML file to configure the valid users, passwords, and roles. The
* file format (and default file location) are identical to those currently supported by Tomcat 3.X.
- *
- * @author Craig R. McClanahan
*/
public abstract class RealmBase extends LifecycleMBeanBase implements Realm {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/realm/UserDatabaseRealm.java tomcat10-10.1.52/java/org/apache/catalina/realm/UserDatabaseRealm.java
--- tomcat10-10.1.40/java/org/apache/catalina/realm/UserDatabaseRealm.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/realm/UserDatabaseRealm.java 2026-01-23 19:33:36.000000000 +0000
@@ -39,8 +39,6 @@
* available through the JNDI resources configured for this instance of Catalina. Set the resourceName
* parameter to the JNDI resources name for the configured instance of UserDatabase that we should consult.
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public class UserDatabaseRealm extends RealmBase {
@@ -112,8 +110,7 @@
* Determines whether this Realm is configured to obtain the associated {@link UserDatabase} from the global JNDI
* context or a local (web application) JNDI context.
*
- * @return {@code true} if a local JNDI context will be used, {@code false} if the global JNDI context will be
- * used
+ * @return {@code true} if a local JNDI context will be used, {@code false} if the global JNDI context will be used
*/
public boolean getLocalJndiResource() {
return localJndiResource;
@@ -220,13 +217,13 @@
containerLog.error(sm.getString("userDatabaseRealm.noNamingContext"));
return null;
}
- context = getServer().getGlobalNamingContext();
+ context = server.getGlobalNamingContext();
}
database = (UserDatabase) context.lookup(resourceName);
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
if (containerLog != null) {
- containerLog.error(sm.getString("userDatabaseRealm.lookup", resourceName), e);
+ containerLog.error(sm.getString("userDatabaseRealm.lookup", resourceName), t);
}
database = null;
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/security/SecurityClassLoad.java tomcat10-10.1.52/java/org/apache/catalina/security/SecurityClassLoad.java
--- tomcat10-10.1.40/java/org/apache/catalina/security/SecurityClassLoad.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/security/SecurityClassLoad.java 2026-01-23 19:33:36.000000000 +0000
@@ -19,8 +19,6 @@
/**
* Static class used to preload java classes when using the Java SecurityManager so that the defineClassInPackage
* RuntimePermission does not trigger an AccessControlException.
- *
- * @author Glenn L. Nielsen
*/
public final class SecurityClassLoad {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/security/SecurityConfig.java tomcat10-10.1.52/java/org/apache/catalina/security/SecurityConfig.java
--- tomcat10-10.1.40/java/org/apache/catalina/security/SecurityConfig.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/security/SecurityConfig.java 2026-01-23 19:33:36.000000000 +0000
@@ -24,8 +24,6 @@
/**
* Util class to protect Catalina against package access and insertion. The code are been moved from Catalina.java
- *
- * @author the Catalina.java authors
*/
public final class SecurityConfig {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/security/SecurityListener.java tomcat10-10.1.52/java/org/apache/catalina/security/SecurityListener.java
--- tomcat10-10.1.40/java/org/apache/catalina/security/SecurityListener.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/security/SecurityListener.java 2026-01-23 19:33:36.000000000 +0000
@@ -221,8 +221,7 @@
if (allowedAgeDays >= 0) {
String buildDateString = ServerInfo.getServerBuiltISO();
- if (null == buildDateString || buildDateString.isEmpty() ||
- !Character.isDigit(buildDateString.charAt(0))) {
+ if (null == buildDateString || buildDateString.isEmpty() || !Character.isDigit(buildDateString.charAt(0))) {
log.warn(sm.getString("SecurityListener.buildDateUnreadable", buildDateString));
} else {
try {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/servlets/CGIServlet.java tomcat10-10.1.52/java/org/apache/catalina/servlets/CGIServlet.java
--- tomcat10-10.1.40/java/org/apache/catalina/servlets/CGIServlet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/servlets/CGIServlet.java 2026-01-23 19:33:36.000000000 +0000
@@ -43,16 +43,21 @@
import jakarta.servlet.ServletConfig;
import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletException;
+import jakarta.servlet.UnavailableException;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
+import org.apache.catalina.Globals;
+import org.apache.catalina.WebResource;
+import org.apache.catalina.WebResourceRoot;
import org.apache.catalina.util.IOTools;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.compat.JrePlatform;
+import org.apache.tomcat.util.http.Method;
import org.apache.tomcat.util.res.StringManager;
@@ -192,17 +197,12 @@
*
Confirm use of ServletInputStream.available() in CGIRunner.run() is not needed
*
[add more to this TODO list]
*
- *
- * @author Martin T Dengler [root@martindengler.com]
- * @author Amy Roh
*/
public final class CGIServlet extends HttpServlet {
private static final Log log = LogFactory.getLog(CGIServlet.class);
private static final StringManager sm = StringManager.getManager(CGIServlet.class);
- /* some vars below copied from Craig R. McClanahan's InvokerServlet */
-
private static final long serialVersionUID = 1L;
private static final Set DEFAULT_SUPER_METHODS = new HashSet<>();
@@ -210,9 +210,9 @@
private static final String ALLOW_ANY_PATTERN = ".*";
static {
- DEFAULT_SUPER_METHODS.add("HEAD");
- DEFAULT_SUPER_METHODS.add("OPTIONS");
- DEFAULT_SUPER_METHODS.add("TRACE");
+ DEFAULT_SUPER_METHODS.add(Method.HEAD);
+ DEFAULT_SUPER_METHODS.add(Method.OPTIONS);
+ DEFAULT_SUPER_METHODS.add(Method.TRACE);
if (JrePlatform.IS_WINDOWS) {
DEFAULT_CMD_LINE_ARGUMENTS_DECODED_PATTERN = Pattern.compile("[\\w\\Q-.\\/:\\E]+");
@@ -243,6 +243,8 @@
private final Set cgiMethods = new HashSet<>();
private boolean cgiMethodsAll = false;
+ private transient WebResourceRoot resources = null;
+
/**
* The time (in milliseconds) to wait for the reading of stderr to complete before terminating the CGI process.
@@ -283,9 +285,6 @@
/**
* Sets instance variables.
- *
- * Modified from Craig R. McClanahan's InvokerServlet
- *
*
* @param config a ServletConfig object containing the servlet's configuration and initialization
* parameters
@@ -362,8 +361,8 @@
}
}
} else {
- cgiMethods.add("GET");
- cgiMethods.add("POST");
+ cgiMethods.add(Method.GET);
+ cgiMethods.add(Method.POST);
}
if (getServletConfig().getInitParameter("cmdLineArgumentsEncoded") != null) {
@@ -378,14 +377,18 @@
} else if (value != null) {
cmdLineArgumentsDecodedPattern = Pattern.compile(value);
}
+
+ // Load the web resources
+ resources = (WebResourceRoot) getServletContext().getAttribute(Globals.RESOURCES_ATTR);
+
+ if (resources == null) {
+ throw new UnavailableException(sm.getString("cgiServlet.noResources"));
+ }
}
/**
* Logs important Servlet API and container information.
- *
- * Based on SnoopAllServlet by Craig R. McClanahan
- *
*
* @param req HttpServletRequest object used as source of information
*/
@@ -541,7 +544,7 @@
CGIRunner cgi = new CGIRunner(cgiEnv.getCommand(), cgiEnv.getEnvironment(), cgiEnv.getWorkingDirectory(),
cgiEnv.getParameters());
- if ("POST".equals(req.getMethod())) {
+ if (Method.POST.equals(req.getMethod())) {
cgi.setInput(req.getInputStream());
}
cgi.setResponse(res);
@@ -564,7 +567,7 @@
@Override
protected void doOptions(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
// Note: This method will never be called if cgiMethods is "*" so that
- // case does nto need to be handled here.
+ // case does not need to be handled here.
Set allowedMethods = new HashSet<>();
allowedMethods.addAll(cgiMethods);
allowedMethods.addAll(DEFAULT_SUPER_METHODS);
@@ -621,9 +624,6 @@
/** pathInfo for the current request */
private String pathInfo = null;
- /** real file system directory of the enclosing servlet's web app */
- private String webAppRootDir = null;
-
/** tempdir for context - used to expand scripts in unexpanded wars */
private File tmpDir = null;
@@ -677,7 +677,6 @@
*/
protected void setupFromContext(ServletContext context) {
this.context = context;
- this.webAppRootDir = context.getRealPath("/");
this.tmpDir = (File) context.getAttribute(ServletContext.TEMPDIR);
}
@@ -715,8 +714,8 @@
// does not contain an unencoded "=" this is an indexed query.
// The parsed query string becomes the command line parameters
// for the cgi command.
- if (enableCmdLineArguments && (req.getMethod().equals("GET") || req.getMethod().equals("POST") ||
- req.getMethod().equals("HEAD"))) {
+ if (enableCmdLineArguments && (Method.GET.equals(req.getMethod()) || Method.POST.equals(req.getMethod()) ||
+ Method.HEAD.equals(req.getMethod()))) {
String qs;
if (isIncluded) {
qs = (String) req.getAttribute(RequestDispatcher.INCLUDE_QUERY_STRING);
@@ -781,10 +780,9 @@
* cgiPathPrefix is defined by setting this servlet's cgiPathPrefix init parameter
*
*
- * @param pathInfo String from HttpServletRequest.getPathInfo()
- * @param webAppRootDir String from context.getRealPath("/")
* @param contextPath String as from HttpServletRequest.getContextPath()
* @param servletPath String as from HttpServletRequest.getServletPath()
+ * @param pathInfo String from HttpServletRequest.getPathInfo()
* @param cgiPathPrefix subdirectory of webAppRootDir below which the web app's CGIs may be stored; can be null.
* The CGI search path will start at webAppRootDir + File.separator + cgiPathPrefix (or
* webAppRootDir alone if cgiPathPrefix is null). cgiPathPrefix is defined by setting
@@ -801,59 +799,104 @@
* found
*
*/
- protected String[] findCGI(String pathInfo, String webAppRootDir, String contextPath, String servletPath,
- String cgiPathPrefix) {
- String path;
- String name;
- String scriptname;
-
- if (webAppRootDir.lastIndexOf(File.separator) == (webAppRootDir.length() - 1)) {
- // strip the trailing "/" from the webAppRootDir
- webAppRootDir = webAppRootDir.substring(0, (webAppRootDir.length() - 1));
- }
+ protected String[] findCGI(String contextPath, String servletPath, String pathInfo, String cgiPathPrefix) {
- if (cgiPathPrefix != null) {
- webAppRootDir = webAppRootDir + File.separator + cgiPathPrefix;
- }
+ StringBuilder cgiPath = new StringBuilder();
+ StringBuilder urlPath = new StringBuilder();
- if (log.isTraceEnabled()) {
- log.trace(sm.getString("cgiServlet.find.path", pathInfo, webAppRootDir));
- }
+ WebResource cgiScript = null;
- File currentLocation = new File(webAppRootDir);
- StringTokenizer dirWalker = new StringTokenizer(pathInfo, "/");
- if (log.isTraceEnabled()) {
- log.trace(sm.getString("cgiServlet.find.location", currentLocation.getAbsolutePath()));
+ if (cgiPathPrefix == null || cgiPathPrefix.isEmpty()) {
+ cgiPath.append(servletPath);
+ } else {
+ cgiPath.append('/');
+ cgiPath.append(cgiPathPrefix);
}
- StringBuilder cginameBuilder = new StringBuilder();
- while (!currentLocation.isFile() && dirWalker.hasMoreElements()) {
- String nextElement = (String) dirWalker.nextElement();
- currentLocation = new File(currentLocation, nextElement);
- cginameBuilder.append('/').append(nextElement);
+ urlPath.append(servletPath);
+
+ StringTokenizer pathWalker = new StringTokenizer(pathInfo, "/");
+
+ while (pathWalker.hasMoreElements() && (cgiScript == null || !cgiScript.isFile())) {
+ String urlSegment = pathWalker.nextToken();
+ cgiPath.append('/');
+ cgiPath.append(urlSegment);
+ urlPath.append('/');
+ urlPath.append(urlSegment);
if (log.isTraceEnabled()) {
- log.trace(sm.getString("cgiServlet.find.location", currentLocation.getAbsolutePath()));
+ log.trace(sm.getString("cgiServlet.find.location", cgiPath.toString()));
}
+ cgiScript = resources.getResource(cgiPath.toString());
}
- String cginame = cginameBuilder.toString();
- if (!currentLocation.isFile()) {
+
+ // No script was found
+ if (cgiScript == null || !cgiScript.isFile()) {
return new String[] { null, null, null, null };
}
- path = currentLocation.getAbsolutePath();
- name = currentLocation.getName();
+ // Set-up return values
+ String path = null;
+ String scriptName = null;
+ String cgiName = null;
+ String name = null;
- if (servletPath.startsWith(cginame)) {
- scriptname = contextPath + cginame;
- } else {
- scriptname = contextPath + servletPath + cginame;
+ path = cgiScript.getCanonicalPath();
+ if (path == null) {
+ /*
+ * The script doesn't exist directly on the file system. It might be located in an archive or similar.
+ * Such scripts are extracted to the web application's temporary file location.
+ */
+ File tmpCgiFile = new File(tmpDir + cgiPath.toString());
+ if (!tmpCgiFile.exists()) {
+
+ // Create directories
+ File parent = tmpCgiFile.getParentFile();
+ if (!parent.mkdirs() && !parent.isDirectory()) {
+ log.warn(sm.getString("cgiServlet.expandCreateDirFail", parent.getAbsolutePath()));
+ return new String[] { null, null, null, null };
+ }
+
+ try (InputStream is = cgiScript.getInputStream()) {
+ synchronized (expandFileLock) {
+ // Check if file was created by concurrent request
+ if (!tmpCgiFile.exists()) {
+ try {
+ Files.copy(is, tmpCgiFile.toPath());
+ } catch (IOException ioe) {
+ log.warn(sm.getString("cgiServlet.expandFail", cgiScript.getURL(),
+ tmpCgiFile.getAbsolutePath()), ioe);
+ if (tmpCgiFile.exists()) {
+ if (!tmpCgiFile.delete()) {
+ log.warn(sm.getString("cgiServlet.expandDeleteFail",
+ tmpCgiFile.getAbsolutePath()));
+ }
+ }
+ return new String[] { null, null, null, null };
+ }
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("cgiServlet.expandOk", cgiScript.getURL(),
+ tmpCgiFile.getAbsolutePath()));
+ }
+ }
+ }
+ } catch (IOException ioe) {
+ log.warn(sm.getString("cgiServlet.expandCloseFail", cgiScript.getURL()), ioe);
+ }
+ }
+ path = tmpCgiFile.getAbsolutePath();
}
+ scriptName = urlPath.toString();
+ cgiName = scriptName.substring(servletPath.length());
+ name = scriptName.substring(scriptName.lastIndexOf('/') + 1);
+
if (log.isTraceEnabled()) {
- log.trace(sm.getString("cgiServlet.find.found", name, path, scriptname, cginame));
+ log.trace(sm.getString("cgiServlet.find.found", name, path, scriptName, cgiName));
}
- return new String[] { path, scriptname, cginame, name };
+
+ return new String[] { path, scriptName, cgiName, name };
}
+
/**
* Constructs the CGI environment to be supplied to the invoked CGI script; relies heavily on Servlet API
* methods and findCGI
@@ -888,13 +931,7 @@
sPathInfoOrig = this.pathInfo;
sPathInfoOrig = sPathInfoOrig == null ? "" : sPathInfoOrig;
- if (webAppRootDir == null) {
- // The app has not been deployed in exploded form
- webAppRootDir = tmpDir.toString();
- expandCGIScript();
- }
-
- sCGINames = findCGI(sPathInfoOrig, webAppRootDir, contextPath, servletPath, cgiPathPrefix);
+ sCGINames = findCGI(contextPath, servletPath, sPathInfoOrig, cgiPathPrefix);
sCGIFullPath = sCGINames[0];
sCGIScriptName = sCGINames[1];
@@ -1021,93 +1058,6 @@
}
/**
- * Extracts requested resource from web app archive to context work directory to enable CGI script to be
- * executed.
- */
- protected void expandCGIScript() {
- StringBuilder srcPath = new StringBuilder();
- StringBuilder destPath = new StringBuilder();
- InputStream is = null;
-
- // paths depend on mapping
- if (cgiPathPrefix == null) {
- srcPath.append(pathInfo);
- is = context.getResourceAsStream(srcPath.toString());
- destPath.append(tmpDir);
- destPath.append(pathInfo);
- } else {
- // essentially same search algorithm as findCGI()
- srcPath.append(cgiPathPrefix);
- StringTokenizer pathWalker = new StringTokenizer(pathInfo, "/");
- // start with first element
- while (pathWalker.hasMoreElements() && (is == null)) {
- srcPath.append('/');
- srcPath.append(pathWalker.nextElement());
- is = context.getResourceAsStream(srcPath.toString());
- }
- destPath.append(tmpDir);
- destPath.append('/');
- destPath.append(srcPath);
- }
-
- if (is == null) {
- // didn't find anything, give up now
- log.warn(sm.getString("cgiServlet.expandNotFound", srcPath));
- return;
- }
-
- try {
- File f = new File(destPath.toString());
- if (f.exists()) {
- // Don't need to expand if it already exists
- return;
- }
-
- // create directories
- File dir = f.getParentFile();
- if (!dir.mkdirs() && !dir.isDirectory()) {
- log.warn(sm.getString("cgiServlet.expandCreateDirFail", dir.getAbsolutePath()));
- return;
- }
-
- try {
- synchronized (expandFileLock) {
- // make sure file doesn't exist
- if (f.exists()) {
- return;
- }
-
- // create file
- if (!f.createNewFile()) {
- return;
- }
-
- Files.copy(is, f.toPath());
-
- if (log.isDebugEnabled()) {
- log.debug(sm.getString("cgiServlet.expandOk", srcPath, destPath));
- }
- }
- } catch (IOException ioe) {
- log.warn(sm.getString("cgiServlet.expandFail", srcPath, destPath), ioe);
- // delete in case file is corrupted
- if (f.exists()) {
- if (!f.delete()) {
- log.warn(sm.getString("cgiServlet.expandDeleteFail", f.getAbsolutePath()));
- }
- }
- }
- } finally {
- try {
- is.close();
- } catch (IOException e) {
- log.warn(sm.getString("cgiServlet.expandCloseFail", srcPath), e);
- }
- }
- }
-
-
- /**
* Returns important CGI environment information in a multi-line text format.
*
* @return CGI environment info
@@ -1402,9 +1352,9 @@
*
Allowed characters in path segments: This implementation does not allow non-terminal NULL segments
* in the path -- IOExceptions may be thrown;
*
"." and ".." path segments: This implementation does not allow
- * "." and ".." in the path, and such characters will result in an IOException
- * being thrown (this should never happen since Tomcat normalises the requestURI before determining the
- * contextPath, servletPath and pathInfo);
+ * "." and ".." in the path, and such characters will result in an IOException being
+ * thrown (this should never happen since Tomcat normalises the requestURI before determining the contextPath,
+ * servletPath and pathInfo);
*
Implementation limitations: This implementation does not impose any limitations except as
* documented above. This implementation may be limited by the servlet container used to house this
* implementation. In particular, all the primary CGI variable values are derived either directly or indirectly
@@ -1435,14 +1385,10 @@
throw new IOException(sm.getString("cgiServlet.invalidCommand", command));
}
- /*
- * original content/structure of this section taken from
- * http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4216884 with major modifications by Martin Dengler
- */
Runtime rt;
BufferedReader cgiHeaderReader = null;
InputStream cgiOutput = null;
- BufferedReader commandsStdErr ;
+ BufferedReader commandsStdErr;
Thread errReaderThread = null;
BufferedOutputStream commandsStdIn;
Process proc = null;
@@ -1552,9 +1498,9 @@
}
} // replacement for Process.waitFor()
- } catch (IOException e) {
- log.warn(sm.getString("cgiServlet.runFail"), e);
- throw e;
+ } catch (IOException ioe) {
+ log.warn(sm.getString("cgiServlet.runFail"), ioe);
+ throw ioe;
} finally {
// Close the header reader
if (cgiHeaderReader != null) {
@@ -1577,7 +1523,7 @@
try {
errReaderThread.join(stderrTimeout);
} catch (InterruptedException e) {
- log.warn(sm.getString("cgiServlet.runReaderInterrupt"));
+ log.warn(sm.getString("cgiServlet.runReaderInterrupt"), e);
}
}
if (proc != null) {
@@ -1655,13 +1601,13 @@
log.warn(sm.getString("cgiServlet.runStdErr", line));
lineCount++;
}
- } catch (IOException e) {
- log.warn(sm.getString("cgiServlet.runStdErrFail"), e);
+ } catch (IOException ioe) {
+ log.warn(sm.getString("cgiServlet.runStdErrFail"), ioe);
} finally {
try {
rdr.close();
- } catch (IOException e) {
- log.warn(sm.getString("cgiServlet.runStdErrFail"), e);
+ } catch (IOException ioe) {
+ log.warn(sm.getString("cgiServlet.runStdErrFail"), ioe);
}
}
if (lineCount > 0) {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/servlets/DefaultServlet.java tomcat10-10.1.52/java/org/apache/catalina/servlets/DefaultServlet.java
--- tomcat10-10.1.40/java/org/apache/catalina/servlets/DefaultServlet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/servlets/DefaultServlet.java 2026-01-23 19:33:36.000000000 +0000
@@ -79,6 +79,7 @@
import org.apache.catalina.webresources.CachedResource;
import org.apache.tomcat.util.buf.B2CConverter;
import org.apache.tomcat.util.http.FastHttpDateFormat;
+import org.apache.tomcat.util.http.Method;
import org.apache.tomcat.util.http.ResponseUtil;
import org.apache.tomcat.util.http.parser.ContentRange;
import org.apache.tomcat.util.http.parser.EntityTag;
@@ -136,9 +137,6 @@
* Then a request to /context/static/images/tomcat.jpg will succeed while a request to
* /context/images/tomcat2.jpg will fail.
*
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
public class DefaultServlet extends HttpServlet {
@@ -687,8 +685,8 @@
}
} else {
try {
- resp.sendError(resourceInputStream != null ?
- HttpServletResponse.SC_CONFLICT : HttpServletResponse.SC_BAD_REQUEST);
+ resp.sendError(resourceInputStream != null ? HttpServletResponse.SC_CONFLICT :
+ HttpServletResponse.SC_BAD_REQUEST);
} catch (IllegalStateException e) {
// Already committed, ignore
}
@@ -697,7 +695,7 @@
if (resourceInputStream != null) {
try {
resourceInputStream.close();
- } catch (IOException ioe) {
+ } catch (IOException ignore) {
// Ignore
}
}
@@ -756,17 +754,18 @@
int numBytesRead;
byte[] transferBuffer = new byte[BUFFER_SIZE];
try (BufferedInputStream requestBufInStream = new BufferedInputStream(req.getInputStream(), BUFFER_SIZE)) {
+ long rangeBytes = range.getEnd() - range.getStart() + 1L;
while ((numBytesRead = requestBufInStream.read(transferBuffer)) != -1) {
received += numBytesRead;
- if (received > range.getEnd() - range.getStart()) {
+ if (received > rangeBytes) {
throw new IllegalStateException(sm.getString("defaultServlet.wrongByteCountForRange",
- String.valueOf(received), String.valueOf(range.getEnd() - range.getStart())));
+ String.valueOf(received), String.valueOf(rangeBytes)));
}
randAccessContentFile.write(transferBuffer, 0, numBytesRead);
}
- if (received < range.getEnd() - range.getStart()) {
+ if (received < rangeBytes) {
throw new IllegalStateException(sm.getString("defaultServlet.wrongByteCountForRange",
- String.valueOf(received), String.valueOf(range.getEnd() - range.getStart())));
+ String.valueOf(received), String.valueOf(rangeBytes)));
}
}
@@ -1096,7 +1095,7 @@
response.setContentType(contentType);
}
}
- if (resource.isFile() && contentLength >= 0 && (!serveContent || ostream != null)) {
+ if (resource.isFile() && contentLength >= 0 && (!serveContent || ostream != null || writer != null)) {
if (debug > 0) {
log("DefaultServlet.serveFile: contentLength=" + contentLength);
}
@@ -1110,8 +1109,8 @@
if (serveContent) {
try {
response.setBufferSize(output);
- } catch (IllegalStateException e) {
- // Silent catch
+ } catch (IllegalStateException ignore) {
+ // Content has already been written - this must be an include. Ignore the error and continue.
}
InputStream renderResult = null;
if (ostream == null) {
@@ -1224,8 +1223,8 @@
if (serveContent) {
try {
response.setBufferSize(output);
- } catch (IllegalStateException e) {
- // Silent catch
+ } catch (IllegalStateException ignore) {
+ // Content has already been written - this must be an include. Ignore the error and continue.
}
if (ostream != null) {
if (!checkSendfile(request, response, resource, contentLength, range)) {
@@ -1242,7 +1241,7 @@
try {
response.setBufferSize(output);
} catch (IllegalStateException e) {
- // Silent catch
+ // Content has already been written - this must be an include. Ignore the error and continue.
}
if (ostream != null) {
copy(resource, contentLength, ostream, ranges, contentType);
@@ -1572,7 +1571,7 @@
return FULL;
}
- if (!"GET".equals(request.getMethod()) || !isRangeRequestsSupported()) {
+ if (!Method.GET.equals(request.getMethod()) || !isRangeRequestsSupported()) {
// RFC 9110 - Section 14.2: GET is the only method for which range handling is defined.
// Otherwise MUST ignore a Range header field
return FULL;
@@ -2038,15 +2037,15 @@
}
IOException e = copyRange(reader, new PrintWriter(buffer));
if (debug > 10) {
- log("readme '" + readmeFile + "' output error: " + e.getMessage());
+ log("readme '" + readmeFile + "' output error: " + ((e != null) ? e.getMessage() : ""));
}
- } catch (IOException e) {
- log(sm.getString("defaultServlet.readerCloseFailed"), e);
+ } catch (IOException ioe) {
+ log(sm.getString("defaultServlet.readerCloseFailed"), ioe);
} finally {
if (reader != null) {
try {
reader.close();
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore
}
}
@@ -2312,7 +2311,7 @@
WebResource resource) {
String method = request.getMethod();
- if (!"GET".equals(method) && !"HEAD".equals(method)) {
+ if (!Method.GET.equals(method) && !Method.HEAD.equals(method)) {
return true;
}
@@ -2420,7 +2419,7 @@
// 304 Not Modified.
// For every other method, 412 Precondition Failed is sent
// back.
- if ("GET".equals(request.getMethod()) || "HEAD".equals(request.getMethod())) {
+ if (Method.GET.equals(request.getMethod()) || Method.HEAD.equals(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
response.setHeader("ETag", resourceETag);
} else {
@@ -2510,8 +2509,7 @@
if (headerValue.length() > 2 && (headerValue.charAt(0) == '"' || headerValue.charAt(2) == '"')) {
boolean weakETag = headerValue.startsWith("W/\"");
- if ((!weakETag && headerValue.charAt(0) != '"') ||
- headerValue.charAt(headerValue.length() - 1) != '"' ||
+ if ((!weakETag && headerValue.charAt(0) != '"') || headerValue.charAt(headerValue.length() - 1) != '"' ||
headerValue.indexOf('"', weakETag ? 3 : 1) != headerValue.length() - 1) {
// Not a single entity tag
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
@@ -2524,7 +2522,7 @@
long headerValueTime = -1L;
try {
headerValueTime = request.getDateHeader("If-Range");
- } catch (IllegalArgumentException e) {
+ } catch (IllegalArgumentException ignore) {
// Ignore
}
if (headerValueTime >= 0) {
@@ -2725,8 +2723,8 @@
break;
}
ostream.write(buffer, 0, len);
- } catch (IOException e) {
- exception = e;
+ } catch (IOException ioe) {
+ exception = ioe;
break;
}
}
@@ -2756,8 +2754,8 @@
break;
}
writer.write(buffer, 0, len);
- } catch (IOException e) {
- exception = e;
+ } catch (IOException ioe) {
+ exception = ioe;
break;
}
}
@@ -2786,8 +2784,8 @@
long skipped;
try {
skipped = istream.skip(start);
- } catch (IOException e) {
- return e;
+ } catch (IOException ioe) {
+ return ioe;
}
if (skipped < start) {
return new IOException(sm.getString("defaultServlet.skipfail", Long.valueOf(skipped), Long.valueOf(start)));
@@ -2808,8 +2806,8 @@
ostream.write(buffer, 0, (int) bytesToRead);
bytesToRead = 0;
}
- } catch (IOException e) {
- exception = e;
+ } catch (IOException ioe) {
+ exception = ioe;
len = -1;
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/servlets/LocalStrings.properties tomcat10-10.1.52/java/org/apache/catalina/servlets/LocalStrings.properties
--- tomcat10-10.1.40/java/org/apache/catalina/servlets/LocalStrings.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/servlets/LocalStrings.properties 2026-01-23 19:33:36.000000000 +0000
@@ -21,7 +21,6 @@
cgiServlet.expandCreateDirFail=Failed to create destination directory [{0}] for script expansion
cgiServlet.expandDeleteFail=Failed to delete file at [{0}] after IOException during expansion
cgiServlet.expandFail=Failed to expand script at path [{0}] to [{1}]
-cgiServlet.expandNotFound=Unable to expand [{0}] as it could not be found
cgiServlet.expandOk=Expanded script at path [{0}] to [{1}]
cgiServlet.find.found=Found CGI: name [{0}], path [{1}], script name [{2}] and CGI name [{3}]
cgiServlet.find.location=Looking for a file at [{0}]
@@ -29,6 +28,7 @@
cgiServlet.invalidArgumentDecoded=The decoded command line argument [{0}] did not match the configured cmdLineArgumentsDecoded pattern [{1}]
cgiServlet.invalidArgumentEncoded=The encoded command line argument [{0}] did not match the configured cmdLineArgumentsEncoded pattern [{1}]
cgiServlet.invalidCommand=Illegal Character in CGI command path ('.' or '..') detected, not running CGI [{0}]
+cgiServlet.noResources=No static resources were found
cgiServlet.notReady=CGI Servlet is not ready to run
cgiServlet.runBadHeader=Bad header line [{0}]
cgiServlet.runFail=I/O problems processing CGI
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/servlets/LocalStrings_fr.properties tomcat10-10.1.52/java/org/apache/catalina/servlets/LocalStrings_fr.properties
--- tomcat10-10.1.40/java/org/apache/catalina/servlets/LocalStrings_fr.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/servlets/LocalStrings_fr.properties 2026-01-23 19:33:36.000000000 +0000
@@ -21,7 +21,6 @@
cgiServlet.expandCreateDirFail=Echec de la création du répertoire de destination [{0}] pour la décompression du script
cgiServlet.expandDeleteFail=Impossible d''effacer le fichier [{0}] suite à une IOException pendant la décompression
cgiServlet.expandFail=Impossible de faire l''expansion du script au chemin [{0}] vers [{1}]
-cgiServlet.expandNotFound=Impossible de décompresser [{0}] car il n''a pas été trouvé
cgiServlet.expandOk=Extrait le script du chemin [{0}] vers [{1}]
cgiServlet.find.found=Trouvé le CGI : nom [{0}], chemin [{1}], nom de script [{2}] et nom du CGI [{3}]
cgiServlet.find.location=Recherche d''un fichier en [{0}]
@@ -29,6 +28,7 @@
cgiServlet.invalidArgumentDecoded=Les paramètres de ligne de commande décodés [{0}] ne correspondent pas au modèle cmdLineArgumentsDecoded configuré [{1}]
cgiServlet.invalidArgumentEncoded=Les paramètres de ligne de commande encodés [{0}] ne correspondent pas au modèle cmdLineArgumentsEncoded configuré [{1}]
cgiServlet.invalidCommand=Un caractère illégal (''.'' or ''..'') a été trouvé dans le chemin de commande CGI, le CGI [{0}] n''est pas exécuté
+cgiServlet.noResources=Pas de ressources statiques trouvées
cgiServlet.notReady=Le Servlet CGI n'est pas prêt à fonctionner
cgiServlet.runBadHeader=Mauvaise ligne d''en-tête [{0}]
cgiServlet.runFail=Problèmes d'IO lors de l'exécution du CGI
@@ -54,6 +54,7 @@
defaultServlet.resource.size=Taille
defaultServlet.skipfail=La lecture a échouée parce que seuls [{0}] octets étaient disponibles alors qu''il était nécessaire d''en sauter [{1}] pour atteindre le début de la plage demandée
defaultServlet.unknownBomConfig=La valeur [{0}] inconnue a été donnée pour le paramètre d’initialisation useBomIfPresent
+defaultServlet.wrongByteCountForRange=Une quantité invalide d''octets [{0}] a été reçue pour la range dont la longueur est [{1}]
defaultServlet.xslError=Erreur de transformation XSL
webdavservlet.dataSourceStore.error=Erreur [{0}] lors du traitement des prorpiétés pour le chemin [{1}]
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/servlets/LocalStrings_ja.properties tomcat10-10.1.52/java/org/apache/catalina/servlets/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/org/apache/catalina/servlets/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/servlets/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -21,7 +21,6 @@
cgiServlet.expandCreateDirFail=スクリプトの展開先ディレクトリ[{0}]の作成に失敗しました。
cgiServlet.expandDeleteFail=拡張中にIOExceptionの後に [{0}] でファイルを削除できませんでした
cgiServlet.expandFail=パス [{0}] のスクリプトを [{1}] に展開できませんでした
-cgiServlet.expandNotFound=見つけることができなかったため [{0}] を展開できません
cgiServlet.expandOk=パス [{0}] の [{1}] に展開されたスクリプト
cgiServlet.find.found=見つかったCGI: 名前 [{0}]、パス [{1}]、スクリプト名 [{2}]、CGI名 [{3}]
cgiServlet.find.location=ファイル [{0}] を探しています。
@@ -29,6 +28,7 @@
cgiServlet.invalidArgumentDecoded=デコードされたコマンドライン引数 [{0}] は、構成されたcmdLineArgumentsDecoded パターン [{1}] にマッチしません
cgiServlet.invalidArgumentEncoded=エンコードされたコマンドライン引数 [{0}] は、構成されたcmdLineArgumentsEncoded パターン [{1}] にマッチしません
cgiServlet.invalidCommand=CGI コマンド パスに不正な文字 (''.'' または ''..'') が検出されました。CGI [{0}] は実行されていません
+cgiServlet.noResources=静的リソースが見つかりませんでした
cgiServlet.notReady=CGI サーブレットは実行の準備ができていません
cgiServlet.runBadHeader=悪いヘッダライン [{0}]
cgiServlet.runFail=CGI処理中のIO問題
@@ -54,6 +54,7 @@
defaultServlet.resource.size=サイズ
defaultServlet.skipfail=[{1}]バイトをスキップして要求された範囲の先頭に到達する必要がありましたが、[{0}]バイトしか利用できなかったため読み取りに失敗しました。
defaultServlet.unknownBomConfig=useBomIfPresentの初期化パラメーターに提供された認識されない値 [{0}]
+defaultServlet.wrongByteCountForRange=長さ [{1}] の範囲に対して無効な [{0}] バイトを受信しました
defaultServlet.xslError=XSL変換エラー
webdavservlet.dataSourceStore.error=パス [{1}] の無効なプロパティで [{0}] を処理中にエラーが発生しました
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/servlets/LocalStrings_ko.properties tomcat10-10.1.52/java/org/apache/catalina/servlets/LocalStrings_ko.properties
--- tomcat10-10.1.40/java/org/apache/catalina/servlets/LocalStrings_ko.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/servlets/LocalStrings_ko.properties 2026-01-23 19:33:36.000000000 +0000
@@ -21,7 +21,6 @@
cgiServlet.expandCreateDirFail=스크립트를 압축해제 하기 위한 대상 디렉토리 [{0}]을(를) 생성하지 못했습니다.
cgiServlet.expandDeleteFail=압축해제 중 IOException이 발생한 후, [{0}]에 위치한 해당 파일을 삭제하지 못했습니다.
cgiServlet.expandFail=경로 [{0}]의 스크립트를 [{1}](으)로 압축해제 하지 못했습니다.
-cgiServlet.expandNotFound=[{0}]을(를) 찾을 수 없어서 압축해제 할 수 없습니다.
cgiServlet.expandOk=[{0}] 경로에 있는 스트립트가 [{1}](으)로 압축 해제되었습니다.
cgiServlet.find.found=CGI 발견: 이름 [{0}], 경로 [{1}], 스크립트 이름 [{2}], CGI 이름 [{3}]
cgiServlet.find.location=[{0}]에 위치한 파일을 찾는 중
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/servlets/LocalStrings_ru.properties tomcat10-10.1.52/java/org/apache/catalina/servlets/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/org/apache/catalina/servlets/LocalStrings_ru.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/servlets/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -17,6 +17,7 @@
# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
cgiServlet.expandFail=Невозможно развернуть скрипт [{0}] в [{1}]
+cgiServlet.find.location=Поиск файла в [{0}]
cgiServlet.runInvalidStatus=Неверный статус [{0}]
defaultServlet.skipfail=Чтение завершилось ошибкой, потому что только [{0}] байт было доступно, а требовалось пропустить [{1}] байт, чтобы достигнуть начала требуемоего диапазона
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/servlets/LocalStrings_zh_CN.properties tomcat10-10.1.52/java/org/apache/catalina/servlets/LocalStrings_zh_CN.properties
--- tomcat10-10.1.40/java/org/apache/catalina/servlets/LocalStrings_zh_CN.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/servlets/LocalStrings_zh_CN.properties 2026-01-23 19:33:36.000000000 +0000
@@ -21,7 +21,6 @@
cgiServlet.expandCreateDirFail=无法为脚本扩展创建目标目录[{0}]
cgiServlet.expandDeleteFail=扩展期间,发生IOException异常后删除文件[{0}]失败
cgiServlet.expandFail=在路径[{0}] 到[{1}] 展开脚本失败.
-cgiServlet.expandNotFound=无法展开[{0}],因为找不到它。
cgiServlet.expandOk=从路径[{0}]到[{1}]扩展脚本
cgiServlet.find.found=找到CGI:name[{0}]、path[{1}]、script name[{2}]和CGI name[{3}]
cgiServlet.find.location=在 [{0}] 查找文件
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/servlets/WebdavServlet.java tomcat10-10.1.52/java/org/apache/catalina/servlets/WebdavServlet.java
--- tomcat10-10.1.40/java/org/apache/catalina/servlets/WebdavServlet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/servlets/WebdavServlet.java 2026-01-23 19:33:36.000000000 +0000
@@ -63,6 +63,7 @@
import org.apache.tomcat.util.IntrospectionUtils;
import org.apache.tomcat.util.http.ConcurrentDateFormat;
import org.apache.tomcat.util.http.FastHttpDateFormat;
+import org.apache.tomcat.util.http.Method;
import org.apache.tomcat.util.http.RequestUtil;
import org.apache.tomcat.util.http.WebdavIfHeader;
import org.w3c.dom.Document;
@@ -98,6 +99,9 @@
* functionality. In particular, administrators should be aware that security constraints apply only to the request URL.
* Security constraints do not apply to any destination URL associated with the WebDAV operation (such as COPY or MOVE).
*
+ * If WebDAV functionality is included in a web application where legitimate users may access it via a browser, it is
+ * recommended that the application include CORS protection.
+ *
* To enable WebDAV for a context add the following to web.xml:
*
*
@@ -178,17 +182,6 @@
private static final long serialVersionUID = 1L;
- // -------------------------------------------------------------- Constants
-
- private static final String METHOD_PROPFIND = "PROPFIND";
- private static final String METHOD_PROPPATCH = "PROPPATCH";
- private static final String METHOD_MKCOL = "MKCOL";
- private static final String METHOD_COPY = "COPY";
- private static final String METHOD_MOVE = "MOVE";
- private static final String METHOD_LOCK = "LOCK";
- private static final String METHOD_UNLOCK = "UNLOCK";
-
-
/**
* Default lock timeout value.
*/
@@ -571,19 +564,19 @@
log("[" + method + "] " + path);
}
- if (method.equals(METHOD_PROPFIND)) {
+ if (Method.PROPFIND.equals(method)) {
doPropfind(req, resp);
- } else if (method.equals(METHOD_PROPPATCH)) {
+ } else if (Method.PROPPATCH.equals(method)) {
doProppatch(req, resp);
- } else if (method.equals(METHOD_MKCOL)) {
+ } else if (Method.MKCOL.equals(method)) {
doMkcol(req, resp);
- } else if (method.equals(METHOD_COPY)) {
+ } else if (Method.COPY.equals(method)) {
doCopy(req, resp);
- } else if (method.equals(METHOD_MOVE)) {
+ } else if (Method.MOVE.equals(method)) {
doMove(req, resp);
- } else if (method.equals(METHOD_LOCK)) {
+ } else if (Method.LOCK.equals(method)) {
doLock(req, resp);
- } else if (method.equals(METHOD_UNLOCK)) {
+ } else if (Method.UNLOCK.equals(method)) {
doUnlock(req, resp);
} else {
// DefaultServlet processing
@@ -685,6 +678,10 @@
if (hrefs.hasNext()) {
currentHref = hrefs.next();
currentPath = getPathFromHref(currentHref, request);
+ if (currentPath == null) {
+ // The path was invalid
+ return false;
+ }
currentWebResource = resources.getResource(currentPath);
} else {
break;
@@ -842,7 +839,7 @@
try (InputStream is = req.getInputStream(); ByteArrayOutputStream os = new ByteArrayOutputStream()) {
IOTools.flow(is, os);
body = os.toByteArray();
- } catch (IOException e) {
+ } catch (IOException ioe) {
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
return;
}
@@ -1043,7 +1040,7 @@
try (InputStream is = req.getInputStream(); ByteArrayOutputStream os = new ByteArrayOutputStream()) {
IOTools.flow(is, os);
body = os.toByteArray();
- } catch (IOException e) {
+ } catch (IOException ioe) {
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
return;
}
@@ -1241,7 +1238,11 @@
String path = getRelativePath(req);
- deleteResource(path, req, resp);
+ WebResource resource = resources.getResource(path);
+ if (!checkIfHeaders(req, resp, resource)) {
+ resp.setStatus(HttpServletResponse.SC_PRECONDITION_FAILED);
+ }
+ deleteResource(path, req, resp, true);
}
@@ -1397,7 +1398,7 @@
try (InputStream is = req.getInputStream(); ByteArrayOutputStream os = new ByteArrayOutputStream()) {
IOTools.flow(is, os);
body = os.toByteArray();
- } catch (IOException e) {
+ } catch (IOException ioe) {
resp.sendError(WebdavStatus.SC_BAD_REQUEST);
return;
}
@@ -1847,7 +1848,7 @@
if (!allowSpecialPaths) {
String upperCasePath = path.toUpperCase(Locale.ENGLISH);
return upperCasePath.startsWith("/WEB-INF/") || upperCasePath.startsWith("/META-INF/") ||
- upperCasePath.equals("/WEB-INF") || upperCasePath.equals("/META-INF");
+ upperCasePath.equals("/WEB-INF") || upperCasePath.equals("/META-INF");
}
return false;
}
@@ -1975,7 +1976,7 @@
if (parentPath == path || parentLock.depth > 0) {
if (parentLock.isExclusive()) {
return !ifHeader.contains(":" + parentLock.token + ">") ||
- (parentLock.principal != null && !parentLock.principal.equals(principal));
+ (parentLock.principal != null && !parentLock.principal.equals(principal));
} else {
for (String token : parentLock.sharedTokens) {
LockInfo lock = sharedLocks.get(token);
@@ -2260,8 +2261,8 @@
} else {
store.copy(source, dest);
}
- } catch (IOException e) {
- log(sm.getString("webdavservlet.inputstreamclosefail", source), e);
+ } catch (IOException ioe) {
+ log(sm.getString("webdavservlet.inputstreamclosefail", source), ioe);
}
} else {
errorList.put(source, Integer.valueOf(WebdavStatus.SC_INTERNAL_SERVER_ERROR));
@@ -2274,27 +2275,6 @@
/**
* Delete a resource.
*
- * @param path Path of the resource which is to be deleted
- * @param req Servlet request
- * @param resp Servlet response
- *
- * @return true if the delete is successful
- *
- * @throws IOException If an IO error occurs
- */
- private boolean deleteResource(String path, HttpServletRequest req, HttpServletResponse resp) throws IOException {
- WebResource resource = resources.getResource(path);
- if (!checkIfHeaders(req, resp, resource)) {
- resp.setStatus(HttpServletResponse.SC_PRECONDITION_FAILED);
- return false;
- }
- return deleteResource(path, req, resp, true);
- }
-
-
- /**
- * Delete a resource.
- *
* @param path Path of the resource which is to be deleted
* @param req Servlet request
* @param resp Servlet response
@@ -2752,8 +2732,8 @@
private static boolean propertyEquals(Node node1, Node node2) {
return node1.getLocalName().equals(node2.getLocalName()) &&
- ((node1.getNamespaceURI() == null && node2.getNamespaceURI() == null) ||
- (node1.getNamespaceURI() != null && node1.getNamespaceURI().equals(node2.getNamespaceURI())));
+ ((node1.getNamespaceURI() == null && node2.getNamespaceURI() == null) ||
+ (node1.getNamespaceURI() != null && node1.getNamespaceURI().equals(node2.getNamespaceURI())));
}
@@ -3045,8 +3025,6 @@
/**
* Wraps the HttpServletResponse class to abstract the specific protocol used. To support other protocols we would only
* need to modify this class and the WebDavRetCode classes.
- *
- * @author Marc Eaddy
*/
class WebdavStatus {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/session/Constants.java tomcat10-10.1.52/java/org/apache/catalina/session/Constants.java
--- tomcat10-10.1.40/java/org/apache/catalina/session/Constants.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/session/Constants.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,8 +23,6 @@
/**
* Manifest constants for the org.apache.catalina.session package.
- *
- * @author Craig R. McClanahan
*/
public class Constants {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/session/DataSourceStore.java tomcat10-10.1.52/java/org/apache/catalina/session/DataSourceStore.java
--- tomcat10-10.1.40/java/org/apache/catalina/session/DataSourceStore.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/session/DataSourceStore.java 2026-01-23 19:33:36.000000000 +0000
@@ -46,8 +46,6 @@
/**
* Implementation of the {@link org.apache.catalina.Store Store} interface that stores serialized session objects in a
* database. Sessions that are saved are still subject to being expired based on inactivity.
- *
- * @author Bip Thelin
*/
public class DataSourceStore extends StoreBase {
@@ -363,7 +361,7 @@
}
}
} catch (SQLException e) {
- manager.getContext().getLogger().error(sm.getString("dataSourceStore.SQLException", e));
+ manager.getContext().getLogger().error(sm.getString("dataSourceStore.SQLException"), e);
keys = new String[0];
// Close the connection so that it gets reopened next time
} finally {
@@ -397,7 +395,7 @@
numberOfTries = 0;
}
} catch (SQLException e) {
- manager.getContext().getLogger().error(sm.getString("dataSourceStore.SQLException", e));
+ manager.getContext().getLogger().error(sm.getString("dataSourceStore.SQLException"), e);
} finally {
release(_conn);
}
@@ -444,7 +442,7 @@
numberOfTries = 0;
}
} catch (SQLException e) {
- contextLog.error(sm.getString("dataSourceStore.SQLException", e));
+ contextLog.error(sm.getString("dataSourceStore.SQLException"), e);
} finally {
context.unbind(Globals.IS_SECURITY_ENABLED, oldThreadContextCL);
release(_conn);
@@ -470,7 +468,7 @@
// Break out after the finally block
numberOfTries = 0;
} catch (SQLException e) {
- manager.getContext().getLogger().error(sm.getString("dataSourceStore.SQLException", e));
+ manager.getContext().getLogger().error(sm.getString("dataSourceStore.SQLException"), e);
} finally {
release(_conn);
}
@@ -518,7 +516,7 @@
// Break out after the finally block
numberOfTries = 0;
} catch (SQLException e) {
- manager.getContext().getLogger().error(sm.getString("dataSourceStore.SQLException", e));
+ manager.getContext().getLogger().error(sm.getString("dataSourceStore.SQLException"), e);
} finally {
release(_conn);
}
@@ -564,8 +562,8 @@
numberOfTries = 0;
}
} catch (SQLException e) {
- manager.getContext().getLogger().error(sm.getString("dataSourceStore.SQLException", e));
- } catch (IOException e) {
+ manager.getContext().getLogger().error(sm.getString("dataSourceStore.SQLException"), e);
+ } catch (IOException ioe) {
// Ignore
} finally {
release(_conn);
@@ -601,7 +599,7 @@
}
}
} catch (SQLException ex) {
- manager.getContext().getLogger().error(sm.getString("dataSourceStore.checkConnectionSQLException", ex));
+ manager.getContext().getLogger().error(sm.getString("dataSourceStore.checkConnectionSQLException"), ex);
}
return conn;
@@ -686,7 +684,7 @@
try {
dbConnection.close();
} catch (SQLException e) {
- manager.getContext().getLogger().error(sm.getString("dataSourceStore.close", e));
+ manager.getContext().getLogger().error(sm.getString("dataSourceStore.close"), e);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/session/FileStore.java tomcat10-10.1.52/java/org/apache/catalina/session/FileStore.java
--- tomcat10-10.1.40/java/org/apache/catalina/session/FileStore.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/session/FileStore.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,6 +26,7 @@
import java.io.ObjectOutputStream;
import java.util.ArrayList;
import java.util.List;
+import java.util.concurrent.locks.Lock;
import jakarta.servlet.ServletContext;
@@ -34,13 +35,12 @@
import org.apache.catalina.Session;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.concurrent.KeyedReentrantReadWriteLock;
import org.apache.tomcat.util.res.StringManager;
/**
* Concrete implementation of the Store interface that utilizes a file per saved Session in a configured
* directory. Sessions that are saved are still subject to being expired based on inactivity.
- *
- * @author Craig R. McClanahan
*/
public final class FileStore extends StoreBase {
@@ -62,7 +62,7 @@
* The pathname of the directory in which Sessions are stored. This may be an absolute pathname, or a relative path
* that is resolved against the temporary work directory for this application.
*/
- private String directory = ".";
+ private volatile String directory = ".";
/**
@@ -70,6 +70,7 @@
*/
private File directoryFile = null;
+ private KeyedReentrantReadWriteLock sessionLocksById = new KeyedReentrantReadWriteLock();
/**
* Name to register for this Store, used for logging.
@@ -98,7 +99,7 @@
*
* @param path The new directory path
*/
- public void setDirectory(String path) {
+ public synchronized void setDirectory(String path) {
String oldDirectory = this.directory;
this.directory = path;
this.directoryFile = null;
@@ -183,7 +184,7 @@
public Session load(String id) throws ClassNotFoundException, IOException {
// Open an input stream to the specified pathname, if any
File file = file(id);
- if (file == null || !file.exists()) {
+ if (file == null) {
return null;
}
@@ -195,19 +196,28 @@
}
ClassLoader oldThreadContextCL = context.bind(Globals.IS_SECURITY_ENABLED, null);
-
- try (FileInputStream fis = new FileInputStream(file.getAbsolutePath());
- ObjectInputStream ois = getObjectInputStream(fis)) {
-
- StandardSession session = (StandardSession) manager.createEmptySession();
- session.readObjectData(ois);
- session.setManager(manager);
- return session;
- } catch (FileNotFoundException e) {
- if (contextLog.isDebugEnabled()) {
- contextLog.debug(sm.getString("fileStore.noFile", id, file.getAbsolutePath()));
+ try {
+ Lock readLock = sessionLocksById.getLock(id).readLock();
+ readLock.lock();
+ try {
+ if (!file.exists()) {
+ return null;
+ }
+ try (FileInputStream fis = new FileInputStream(file.getAbsolutePath());
+ ObjectInputStream ois = getObjectInputStream(fis)) {
+ StandardSession session = (StandardSession) manager.createEmptySession();
+ session.readObjectData(ois);
+ session.setManager(manager);
+ return session;
+ } catch (FileNotFoundException e) {
+ if (contextLog.isDebugEnabled()) {
+ contextLog.debug(sm.getString("fileStore.noFile", id, file.getAbsolutePath()), e);
+ }
+ return null;
+ }
+ } finally {
+ readLock.unlock();
}
- return null;
} finally {
context.unbind(Globals.IS_SECURITY_ENABLED, oldThreadContextCL);
}
@@ -225,8 +235,14 @@
.trace(sm.getString(getStoreName() + ".removing", id, file.getAbsolutePath()));
}
- if (file.exists() && !file.delete()) {
- throw new IOException(sm.getString("fileStore.deleteSessionFailed", file));
+ Lock writeLock = sessionLocksById.getLock(id).writeLock();
+ writeLock.lock();
+ try {
+ if (file.exists() && !file.delete()) {
+ throw new IOException(sm.getString("fileStore.deleteSessionFailed", file));
+ }
+ } finally {
+ writeLock.unlock();
}
}
@@ -243,9 +259,15 @@
.trace(sm.getString(getStoreName() + ".saving", session.getIdInternal(), file.getAbsolutePath()));
}
- try (FileOutputStream fos = new FileOutputStream(file.getAbsolutePath());
- ObjectOutputStream oos = new ObjectOutputStream(new BufferedOutputStream(fos))) {
- ((StandardSession) session).writeObjectData(oos);
+ Lock writeLock = sessionLocksById.getLock(session.getIdInternal()).writeLock();
+ writeLock.lock();
+ try {
+ try (FileOutputStream fos = new FileOutputStream(file.getAbsolutePath());
+ ObjectOutputStream oos = new ObjectOutputStream(new BufferedOutputStream(fos))) {
+ ((StandardSession) session).writeObjectData(oos);
+ }
+ } finally {
+ writeLock.unlock();
}
}
@@ -256,12 +278,12 @@
* Return a File object representing the pathname to our session persistence directory, if any. The directory will
* be created if it does not already exist.
*/
- private File directory() throws IOException {
+ private synchronized File directory() throws IOException {
+ // Synchronised to avoid concurrent attempts to create the directory.
if (this.directory == null) {
return null;
}
if (this.directoryFile != null) {
- // NOTE: Race condition is harmless, so do not synchronize
return this.directoryFile;
}
File file = new File(this.directory);
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/session/LocalStrings.properties tomcat10-10.1.52/java/org/apache/catalina/session/LocalStrings.properties
--- tomcat10-10.1.40/java/org/apache/catalina/session/LocalStrings.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/session/LocalStrings.properties 2026-01-23 19:33:36.000000000 +0000
@@ -16,11 +16,11 @@
# Do not edit this file directly.
# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
-dataSourceStore.SQLException=SQL Error [{0}]
+dataSourceStore.SQLException=SQL Error
dataSourceStore.checkConnectionDBClosed=The database connection is null or was found to be closed. Trying to re-open it.
dataSourceStore.checkConnectionDBReOpenFail=The re-open on the database failed. The database could be down.
-dataSourceStore.checkConnectionSQLException=A SQL exception occurred [{0}]
-dataSourceStore.close=Exception closing database connection [{0}]
+dataSourceStore.checkConnectionSQLException=A SQL exception occurred checking the connection
+dataSourceStore.close=Exception closing database connection
dataSourceStore.commitSQLException=SQLException committing connection before closing
dataSourceStore.loading=Loading Session [{0}] from database [{1}]
dataSourceStore.missingDataSource=No data source available
@@ -54,7 +54,7 @@
persistentManager.loading=Loading [{0}] persisted sessions
persistentManager.noStore=No Store configured, persistence disabled
persistentManager.removeError=Error removing session [{0}] from the store
-persistentManager.serializeError=Error serializing Session [{0}]: [{1}]
+persistentManager.serializeError=Error serializing Session [{0}]
persistentManager.storeClearError=Error clearning all sessions from the store
persistentManager.storeKeysException=Unable to determine the list of session IDs for sessions in the session store, assuming that the store is empty
persistentManager.storeLoadError=Error swapping in sessions from the store
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/session/LocalStrings_es.properties tomcat10-10.1.52/java/org/apache/catalina/session/LocalStrings_es.properties
--- tomcat10-10.1.40/java/org/apache/catalina/session/LocalStrings_es.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/session/LocalStrings_es.properties 2026-01-23 19:33:36.000000000 +0000
@@ -19,8 +19,8 @@
dataSourceStore.SQLException=Error SQL [{0}]
dataSourceStore.checkConnectionDBClosed=La conexióna a base de datos es nula o está cerrada. Intentando reabrirla.
dataSourceStore.checkConnectionDBReOpenFail=Falló la reapertura de la base de datos. Puede que la base de datos esté caída.
-dataSourceStore.checkConnectionSQLException=Ha tenido lugar una excepción SQL [{0}]
-dataSourceStore.close=Excepción cerrando conexión a base de datos [{0}]
+dataSourceStore.checkConnectionSQLException=Ha tenido lugar una excepción SQL
+dataSourceStore.close=Excepción cerrando conexión a base de datos
dataSourceStore.loading=Cargando Sesión [{0}] desde base de datos [{1}]
dataSourceStore.missingDataSourceName=No se proporcionó un nombre JNDI válido
dataSourceStore.removing=Quitando Sesión [{0}] en base de datos [{1}]
@@ -38,7 +38,7 @@
persistentManager.backupMaxIdle=Respaldando sesión [{0}] a Almacén, ociosa durante [{1}] segundos
persistentManager.deserializeError=Error des-serializando Sesión [{0}]: [{1}]
persistentManager.loading=Cargando [{0}] sesiones persistidas
-persistentManager.serializeError=Error serializando Sesión [{0}]: [{1}]
+persistentManager.serializeError=Error serializando Sesión [{0}]
persistentManager.storeKeysException=Imposible determinar la lista de IDs de sesiones en la tienda de sesiones, asumiendo que la tienda esta vacia
persistentManager.storeSizeException=No se puede determinar el numero de sesiones en el almacenamiento de sesiones, asumiendo que el almacenamiento esta vacío
persistentManager.swapIn=Intercambiando sesión [{0}] a dentro desde Almacén
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/session/LocalStrings_fr.properties tomcat10-10.1.52/java/org/apache/catalina/session/LocalStrings_fr.properties
--- tomcat10-10.1.40/java/org/apache/catalina/session/LocalStrings_fr.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/session/LocalStrings_fr.properties 2026-01-23 19:33:36.000000000 +0000
@@ -19,8 +19,8 @@
dataSourceStore.SQLException=Erreur SQL [{0}]
dataSourceStore.checkConnectionDBClosed=La connexion à la base de données est nulle ou a été trouvée fermée. Tentative de réouverture.
dataSourceStore.checkConnectionDBReOpenFail=La tentative de réouverture de la base de données a échoué. La base de données est peut-être arrêtée.
-dataSourceStore.checkConnectionSQLException=Une exception SQL s''est produite [{0}]
-dataSourceStore.close=Exception lors de la fermeture de la connection vers la base de donnée [{0}]
+dataSourceStore.checkConnectionSQLException=Une exception SQL s'est produite
+dataSourceStore.close=Exception lors de la fermeture de la connection vers la base de donnée
dataSourceStore.commitSQLException=Une SQLException a été retournée lors du commit de la connection avant sa fermeture
dataSourceStore.loading=Chargement de la Session [{0}] depuis la base de données [{1}]
dataSourceStore.missingDataSource=Aucune source de données n'est disponible
@@ -54,7 +54,7 @@
persistentManager.loading=Chargement de [{0}] sessions persistantes
persistentManager.noStore=Aucun stockage (Store) n'a été configuré, la persistence est désactivée
persistentManager.removeError=Erreur en enlevant la session [{0}] du stockage
-persistentManager.serializeError=Erreur lors de la sérialisation de la session [{0}] : [{1}]
+persistentManager.serializeError=Erreur lors de la sérialisation de la session [{0}]
persistentManager.storeClearError=Erreur en supprimant toutes les sessions du stockage
persistentManager.storeKeysException=Incapacité de déterminer la liste des ID de session, pour les sessions dans le magasin de sessions. Supposant le magasin vide.
persistentManager.storeLoadError=Erreur en déplaçant les sessions à partir du stockage
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/session/LocalStrings_ja.properties tomcat10-10.1.52/java/org/apache/catalina/session/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/org/apache/catalina/session/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/session/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -19,8 +19,8 @@
dataSourceStore.SQLException=SQLエラー [{0}]
dataSourceStore.checkConnectionDBClosed=データベース接続がnullであるか、クローズされているのが見つかりました。再オープンしてください。
dataSourceStore.checkConnectionDBReOpenFail=データベースの再オープンが失敗しました。データベースがダウンしているかもしれません。
-dataSourceStore.checkConnectionSQLException=SQL例外が発生しました [{0}]
-dataSourceStore.close=データベース接続 [{0}] をクローズ中の例外です
+dataSourceStore.checkConnectionSQLException=SQL例外が発生しました
+dataSourceStore.close=データベース接続 をクローズ中の例外です
dataSourceStore.commitSQLException=クローズ前のデータベース接続のコミット中にSQL例外が発生しました
dataSourceStore.loading=セッション [{0}] をデータベース [{1}] からロードします
dataSourceStore.missingDataSource=利用可能なデータソースがありません
@@ -54,7 +54,7 @@
persistentManager.loading=[{0}] の永続化セッションをロードします
persistentManager.noStore=ストアが構成されておらず、永続性が無効になっています
persistentManager.removeError=ストアからセッション[{0}]削除中のエラー
-persistentManager.serializeError=セッション [{0}] をシリアライズ中のエラーです: [{1}]
+persistentManager.serializeError=セッション [{0}] をシリアライズ中のエラーです
persistentManager.storeClearError=ストア上の全セッション消去中のエラー
persistentManager.storeKeysException=セッションストアからセッションIDのリストを取得できませんでした。セッションストアが空の可能性があります
persistentManager.storeLoadError=ストアからのセッションスワップイン中のエラー
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/session/LocalStrings_ko.properties tomcat10-10.1.52/java/org/apache/catalina/session/LocalStrings_ko.properties
--- tomcat10-10.1.40/java/org/apache/catalina/session/LocalStrings_ko.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/session/LocalStrings_ko.properties 2026-01-23 19:33:36.000000000 +0000
@@ -19,8 +19,8 @@
dataSourceStore.SQLException=SQL 오류 [{0}]
dataSourceStore.checkConnectionDBClosed=데이터베이스 연결이 널이거나 닫힌 상태입니다. 다시 열려고 시도합니다.
dataSourceStore.checkConnectionDBReOpenFail=데이터베이스에 대해 다시 연결을 맺지 못했습니다. 데이터베이스가 다운되었을 수 있습니다.
-dataSourceStore.checkConnectionSQLException=SQL 예외 발생 [{0}]
-dataSourceStore.close=데이터베이스 연결 [{0}]을(를) 닫는 동안 예외 발생
+dataSourceStore.checkConnectionSQLException=SQL 예외 발생
+dataSourceStore.close=데이터베이스 연결을(를) 닫는 동안 예외 발생
dataSourceStore.commitSQLException=데이터베이스 연결을 닫기 전, 커밋을 시도하는 중 SQLException 발생
dataSourceStore.loading=데이터베이스 [{1}](으)로부터 세션 [{0}]을(를) 로드합니다.
dataSourceStore.missingDataSource=DataSource를 사용할 수 없습니다.
@@ -51,7 +51,7 @@
persistentManager.isLoadedError=세션 [{0}]이(가) 메모리에 로드되었는지 점검 중 오류 발생
persistentManager.loading=[{0}]개의 저장된 세션들을 로드합니다.
persistentManager.removeError=세션 [{0}]을(를) 저장소로부터 제거하는 중 오류 발생
-persistentManager.serializeError=세션을 직렬화하는 중 오류 발생 [{0}]: [{1}]
+persistentManager.serializeError=세션을 직렬화하는 중 오류 발생 [{0}]
persistentManager.storeClearError=저장소로부터 모든 세션들을 해제하는 중 오류 발생
persistentManager.storeKeysException=세션 저장소에 있는 세션들의 ID 목록을 결정할 수 없습니다. 아마도 세션 저장소가 비어 있는 것 같습니다.
persistentManager.storeLoadError=저장소로부터 세션들을 메모리로 로드하는 중 오류 발생
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/session/LocalStrings_zh_CN.properties tomcat10-10.1.52/java/org/apache/catalina/session/LocalStrings_zh_CN.properties
--- tomcat10-10.1.40/java/org/apache/catalina/session/LocalStrings_zh_CN.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/session/LocalStrings_zh_CN.properties 2026-01-23 19:33:36.000000000 +0000
@@ -19,8 +19,8 @@
dataSourceStore.SQLException=SQL错误[{0}]
dataSourceStore.checkConnectionDBClosed=数据库连接为空或已关闭。正在尝试重新连接。
dataSourceStore.checkConnectionDBReOpenFail=重新打开数据库失败,数据库可能已经宕机。
-dataSourceStore.checkConnectionSQLException=发生 SQL 异常 [{0}]
-dataSourceStore.close=关闭数据库连接[{0}]时发生异常
+dataSourceStore.checkConnectionSQLException=发生 SQL 异常
+dataSourceStore.close=关闭数据库连接时发生异常
dataSourceStore.commitSQLException=关闭前提交连接的SQLException
dataSourceStore.loading=正在从数据库[{1}]加载会话[{0}]
dataSourceStore.missingDataSource=没有可用的数据源
@@ -51,7 +51,7 @@
persistentManager.isLoadedError=检查内存中是否加载了会话[{0}]时出错
persistentManager.loading=正在加载[{0}]持久化会话
persistentManager.removeError=从存储中删除会话[{0}]时出错
-persistentManager.serializeError=错误的序列化会话 [{0}]:[{1}]
+persistentManager.serializeError=错误的序列化会话 [{0}]
persistentManager.storeClearError=清除存储区中的所有会话时出错
persistentManager.storeKeysException=不能从 session存储中获取session ID 的列表,假设存储为空
persistentManager.storeLoadError=从存储区交换会话时出错
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/session/ManagerBase.java tomcat10-10.1.52/java/org/apache/catalina/session/ManagerBase.java
--- tomcat10-10.1.40/java/org/apache/catalina/session/ManagerBase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/session/ManagerBase.java 2026-01-23 19:33:36.000000000 +0000
@@ -55,8 +55,6 @@
/**
* Minimal implementation of the Manager interface that supports no session persistence or distributable
* capabilities. This class may be subclassed to create more sophisticated Manager implementations.
- *
- * @author Craig R. McClanahan
*/
public abstract class ManagerBase extends LifecycleMBeanBase implements Manager {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/session/PersistentManager.java tomcat10-10.1.52/java/org/apache/catalina/session/PersistentManager.java
--- tomcat10-10.1.40/java/org/apache/catalina/session/PersistentManager.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/session/PersistentManager.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,8 +26,6 @@
*
* If used with a load-balancer, the load-balancer must be configured to use sticky sessions for this manager to operate
* correctly.
- *
- * @author Kief Morris (kief@kief.com)
*/
public final class PersistentManager extends PersistentManagerBase {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/session/PersistentManagerBase.java tomcat10-10.1.52/java/org/apache/catalina/session/PersistentManagerBase.java
--- tomcat10-10.1.40/java/org/apache/catalina/session/PersistentManagerBase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/session/PersistentManagerBase.java 2026-01-23 19:33:36.000000000 +0000
@@ -42,8 +42,6 @@
*
ClassLoader instance that should become the parent of the new class loader.
*
- *
- * @author Craig R. McClanahan
*/
public final class ClassLoaderFactory {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/Constants.java tomcat10-10.1.52/java/org/apache/catalina/startup/Constants.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/Constants.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/Constants.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
* String constants for the startup package.
* Note that some values include a leading '/' and that some do not. This is intentional based on how the values are
* used.
- *
- * @author Craig R. McClanahan
*/
public final class Constants {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/ContextConfig.java tomcat10-10.1.52/java/org/apache/catalina/startup/ContextConfig.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/ContextConfig.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/ContextConfig.java 2026-01-23 19:33:36.000000000 +0000
@@ -118,8 +118,6 @@
/**
* Startup event listener for a Context that configures the properties of that Context, and the associated
* defined servlets.
- *
- * @author Craig R. McClanahan
*/
public class ContextConfig implements LifecycleListener {
@@ -604,8 +602,8 @@
}
} catch (MalformedURLException e) {
log.error(sm.getString("contextConfig.badUrl", defaultContextXml), e);
- } catch (IOException e) {
- // Not found
+ } catch (IOException ignore) {
+ // Ignore - Not found
}
}
@@ -646,8 +644,8 @@
}
} catch (MalformedURLException e) {
log.error(sm.getString("contextConfig.badUrl", hostContextFile), e);
- } catch (IOException e) {
- // Not found
+ } catch (IOException ignore) {
+ // Ignore - Not found
}
}
}
@@ -678,7 +676,7 @@
generateClassFooter(digester);
try (FileWriter writer = new FileWriter(contextXmlJavaSource)) {
writer.write(digester.getGeneratedCode().toString());
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore
}
digester.endGeneratingCode();
@@ -739,7 +737,8 @@
}
} catch (SAXParseException e) {
log.error(sm.getString("contextConfig.contextParse", context.getName()), e);
- log.error(sm.getString("contextConfig.defaultPosition", "" + e.getLineNumber(), "" + e.getColumnNumber()));
+ log.error(sm.getString("contextConfig.defaultPosition", Integer.toString(e.getLineNumber()),
+ Integer.toString(e.getColumnNumber())));
ok = false;
} catch (Exception e) {
log.error(sm.getString("contextConfig.contextParse", context.getName()), e);
@@ -749,8 +748,8 @@
if (stream != null) {
stream.close();
}
- } catch (IOException e) {
- log.error(sm.getString("contextConfig.contextClose"), e);
+ } catch (IOException ioe) {
+ log.error(sm.getString("contextConfig.contextClose"), ioe);
}
}
}
@@ -946,8 +945,8 @@
try {
fixDocBase();
- } catch (IOException e) {
- log.error(sm.getString("contextConfig.fixDocBase", context.getName()), e);
+ } catch (IOException ioe) {
+ log.error(sm.getString("contextConfig.fixDocBase", context.getName()), ioe);
}
antiLocking();
@@ -1621,8 +1620,8 @@
if (uc != null) {
try {
uc.getInputStream().close();
- } catch (IOException e) {
- ExceptionUtils.handleThrowable(e);
+ } catch (IOException ioe) {
+ ExceptionUtils.handleThrowable(ioe);
globalTimeStamp = -1;
}
}
@@ -1642,8 +1641,8 @@
if (uc != null) {
try {
uc.getInputStream().close();
- } catch (IOException e) {
- ExceptionUtils.handleThrowable(e);
+ } catch (IOException ioe) {
+ ExceptionUtils.handleThrowable(ioe);
hostTimeStamp = -1;
}
}
@@ -1764,8 +1763,8 @@
try {
WebappServiceLoader loader = new WebappServiceLoader<>(context);
detectedScis = loader.load(ServletContainerInitializer.class);
- } catch (IOException e) {
- log.error(sm.getString("contextConfig.servletContainerInitializerFail", context.getName()), e);
+ } catch (IOException ioe) {
+ log.error(sm.getString("contextConfig.servletContainerInitializerFail", context.getName()), ioe);
ok = false;
return;
}
@@ -1778,7 +1777,7 @@
ht = sci.getClass().getAnnotation(HandlesTypes.class);
} catch (Exception e) {
if (log.isDebugEnabled()) {
- log.info(sm.getString("contextConfig.sci.debug", sci.getClass().getName()), e);
+ log.debug(sm.getString("contextConfig.sci.debug", sci.getClass().getName()), e);
} else {
log.info(sm.getString("contextConfig.sci.info", sci.getClass().getName()));
}
@@ -1928,7 +1927,7 @@
if (source == null && stream != null) {
try {
stream.close();
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore
}
}
@@ -1979,7 +1978,7 @@
String hostWebXml = Container.getConfigPath(context, Constants.HostWebXml);
webXmlResource = ConfigFileLoader.getSource().getResource(hostWebXml);
}
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore if not found
return null;
}
@@ -1999,7 +1998,7 @@
if (source == null && stream != null) {
try {
stream.close();
- } catch (IOException e) {
+ } catch (IOException ioe) {
// Ignore
}
}
@@ -2198,8 +2197,8 @@
jar.nextEntry();
entryName = jar.getEntryName();
}
- } catch (IOException e) {
- log.error(sm.getString("contextConfig.jarFile", url), e);
+ } catch (IOException ioe) {
+ log.error(sm.getString("contextConfig.jarFile", url), ioe);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/ContextRuleSet.java tomcat10-10.1.52/java/org/apache/catalina/startup/ContextRuleSet.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/ContextRuleSet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/ContextRuleSet.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,8 +21,6 @@
/**
* RuleSet for processing the contents of a Context definition element.
- *
- * @author Craig R. McClanahan
*/
public class ContextRuleSet implements RuleSet {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/CopyParentClassLoaderRule.java tomcat10-10.1.52/java/org/apache/catalina/startup/CopyParentClassLoaderRule.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/CopyParentClassLoaderRule.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/CopyParentClassLoaderRule.java 2026-01-23 19:33:36.000000000 +0000
@@ -27,8 +27,6 @@
/**
* Rule that copies the parentClassLoader property from the next-to-top item on the stack (which must be a
* Container) to the top item on the stack (which must also be a Container).
- *
- * @author Craig R. McClanahan
*/
public class CopyParentClassLoaderRule extends Rule {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/EngineConfig.java tomcat10-10.1.52/java/org/apache/catalina/startup/EngineConfig.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/EngineConfig.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/EngineConfig.java 2026-01-23 19:33:36.000000000 +0000
@@ -29,8 +29,6 @@
/**
* Startup event listener for an Engine that configures the properties of that Engine, and the associated defined
* contexts.
- *
- * @author Craig R. McClanahan
*/
public class EngineConfig implements LifecycleListener {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/EngineRuleSet.java tomcat10-10.1.52/java/org/apache/catalina/startup/EngineRuleSet.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/EngineRuleSet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/EngineRuleSet.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,8 +22,6 @@
/**
* RuleSet for processing the contents of an Engine definition element. This RuleSet does
* NOT include any rules for nested Host elements, which should be added via instances of HostRuleSet.
- *
- * @author Craig R. McClanahan
*/
public class EngineRuleSet implements RuleSet {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/ExpandWar.java tomcat10-10.1.52/java/org/apache/catalina/startup/ExpandWar.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/ExpandWar.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/ExpandWar.java 2026-01-23 19:33:36.000000000 +0000
@@ -40,10 +40,6 @@
/**
* Expand out a WAR in a Host's appBase.
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
- * @author Glenn L. Nielsen
*/
public class ExpandWar {
@@ -262,8 +258,8 @@
throw new EOFException();
}
}
- } catch (IOException e) {
- log.error(sm.getString("expandWar.copy", fileSrc, fileDest), e);
+ } catch (IOException ioe) {
+ log.error(sm.getString("expandWar.copy", fileSrc, fileDest), ioe);
result = false;
}
}
@@ -273,8 +269,8 @@
/**
- * Delete the specified directory, including all of its contents and subdirectories recursively. Any failure will
- * be logged.
+ * Delete the specified directory, including all of its contents and subdirectories recursively. Any failure will be
+ * logged.
*
* @param dir File object representing the directory to be deleted
*
@@ -313,8 +309,8 @@
/**
- * Delete the specified directory, including all of its contents and subdirectories recursively. Any failure will
- * be logged.
+ * Delete the specified directory, including all of its contents and subdirectories recursively. Any failure will be
+ * logged.
*
* @param dir File object representing the directory to be deleted
*
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/FailedContext.java tomcat10-10.1.52/java/org/apache/catalina/startup/FailedContext.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/FailedContext.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/FailedContext.java 2026-01-23 19:33:36.000000000 +0000
@@ -1431,4 +1431,15 @@
public void setSuspendWrappedResponseAfterForward(boolean suspendWrappedResponseAfterForward) {
}
+ public long getStartTime() {
+ return -1;
+ }
+
+ public long getStartupTime() {
+ return -1;
+ }
+
+ public long getTldScanTime() {
+ return -1;
+ }
}
\ No newline at end of file
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/HomesUserDatabase.java tomcat10-10.1.52/java/org/apache/catalina/startup/HomesUserDatabase.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/HomesUserDatabase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/HomesUserDatabase.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,8 +25,6 @@
/**
* Concrete implementation of the UserDatabase interface considers all directories in a directory whose
* pathname is specified to our constructor to be "home" directories for those users.
- *
- * @author Craig R. McClanahan
*/
public final class HomesUserDatabase implements UserDatabase {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/HostConfig.java tomcat10-10.1.52/java/org/apache/catalina/startup/HostConfig.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/HostConfig.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/HostConfig.java 2026-01-23 19:33:36.000000000 +0000
@@ -77,9 +77,6 @@
/**
* Startup event listener for a Host that configures the properties of that Host, and the associated defined
* contexts.
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
public class HostConfig implements LifecycleListener {
@@ -389,7 +386,7 @@
}
try {
return file.getCanonicalFile();
- } catch (IOException e) {
+ } catch (IOException ioe) {
return file;
}
}
@@ -840,14 +837,15 @@
if (entry != null) {
xmlInWar = true;
}
- } catch (IOException e) {
- /* Ignore */
+ } catch (IOException ignore) {
+ // Ignore
}
// If there is an expanded directory then any xml in that directory
// should only be used if the directory is not out of date and
// unpackWARs is true. Note the code below may apply further limits
- boolean useXml = xml.exists() && unpackWARs && (!warTracker.exists() || warTracker.lastModified() == war.lastModified());
+ boolean useXml =
+ xml.exists() && unpackWARs && (!warTracker.exists() || warTracker.lastModified() == war.lastModified());
// If the xml file exists then expandedDir must exist so no need to
// test that here
@@ -924,8 +922,8 @@
OutputStream ostream = new FileOutputStream(xml)) {
IOTools.flow(istream, ostream);
}
- } catch (IOException e) {
- /* Ignore */
+ } catch (IOException ignore) {
+ // Ignore
}
}
}
@@ -1549,16 +1547,16 @@
String canonicalLocation;
try {
canonicalLocation = resource.getParentFile().getCanonicalPath();
- } catch (IOException e) {
- log.warn(sm.getString("hostConfig.canonicalizing", resource.getParentFile(), app.name), e);
+ } catch (IOException ioe) {
+ log.warn(sm.getString("hostConfig.canonicalizing", resource.getParentFile(), app.name), ioe);
return false;
}
String canonicalAppBase;
try {
canonicalAppBase = host.getAppBaseFile().getCanonicalPath();
- } catch (IOException e) {
- log.warn(sm.getString("hostConfig.canonicalizing", host.getAppBaseFile(), app.name), e);
+ } catch (IOException ioe) {
+ log.warn(sm.getString("hostConfig.canonicalizing", host.getAppBaseFile(), app.name), ioe);
return false;
}
@@ -1570,8 +1568,8 @@
String canonicalConfigBase;
try {
canonicalConfigBase = host.getConfigBaseFile().getCanonicalPath();
- } catch (IOException e) {
- log.warn(sm.getString("hostConfig.canonicalizing", host.getConfigBaseFile(), app.name), e);
+ } catch (IOException ioe) {
+ log.warn(sm.getString("hostConfig.canonicalizing", host.getConfigBaseFile(), app.name), ioe);
return false;
}
@@ -1955,14 +1953,14 @@
/*
- * The purpose of this class is to provide a way for HostConfig to get a Context to delete an expanded WAR after the
- * Context stops. This is to resolve this issue described in Bug 57772. The alternative solutions require either
- * duplicating a lot of the Context.reload() code in HostConfig or adding a new reload(boolean) method to Context
- * that allows the caller to optionally delete any expanded WAR.
- *
- * The LifecycleListener approach offers greater flexibility and enables the behaviour to be changed / extended /
- * removed in future without changing the Context API.
- */
+ * The purpose of this class is to provide a way for HostConfig to get a Context to delete an expanded WAR after the
+ * Context stops. This is to resolve this issue described in Bug 57772. The alternative solutions require either
+ * duplicating a lot of the Context.reload() code in HostConfig or adding a new reload(boolean) method to Context
+ * that allows the caller to optionally delete any expanded WAR.
+ *
+ * The LifecycleListener approach offers greater flexibility and enables the behaviour to be changed / extended /
+ * removed in future without changing the Context API.
+ */
private static class ExpandedDirectoryRemovalListener implements LifecycleListener {
private final File toDelete;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/HostRuleSet.java tomcat10-10.1.52/java/org/apache/catalina/startup/HostRuleSet.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/HostRuleSet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/HostRuleSet.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,8 +22,6 @@
/**
* RuleSet for processing the contents of a Host definition element. This RuleSet does NOT
* include any rules for nested Context which should be added via instances of ContextRuleSet.
- *
- * @author Craig R. McClanahan
*/
public class HostRuleSet implements RuleSet {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/ListenerCreateRule.java tomcat10-10.1.52/java/org/apache/catalina/startup/ListenerCreateRule.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/ListenerCreateRule.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/ListenerCreateRule.java 2026-01-23 19:33:36.000000000 +0000
@@ -49,7 +49,7 @@
} catch (Exception e) {
String className = getRealClassName(attributes);
if (log.isDebugEnabled()) {
- log.info(sm.getString("listener.createFailed", className), e);
+ log.debug(sm.getString("listener.createFailed", className), e);
} else {
log.info(sm.getString("listener.createFailed", className));
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/LocalStrings_ja.properties tomcat10-10.1.52/java/org/apache/catalina/startup/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/org/apache/catalina/startup/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -153,7 +153,7 @@
hostConfig.migrateError=マイグレーション失敗
hostConfig.reload=リロード中のコンテキスト [{0}]
hostConfig.resourceNotAbsolute=[{1}] は完全パスではないためコンテキスト [{0}] からリソースを削除できません
-hostConfig.start=HostConfig: 処理を停止します
+hostConfig.start=HostConfig: 処理を開始します
hostConfig.stop=HostConfig: 処理を停止します
hostConfig.undeploy=コンテキストパス [{0}] のWebアプリケーションの配備を解除します
hostConfig.undeployVersion=コンテキスト [{0}] について有効なセッションの存在しない古いバージョンの配備を解除します。
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/LocalStrings_ru.properties tomcat10-10.1.52/java/org/apache/catalina/startup/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/org/apache/catalina/startup/LocalStrings_ru.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -24,8 +24,12 @@
contextConfig.defaultMissing=Не обнаружен глобальный web.xml
contextConfig.defaultPosition=Произошло в строке [{0}] столбце [{1}]
contextConfig.inputStreamWebResource=Не возможно обработать веб ресурс [{0}] для аннотаций\n
+contextConfig.jspFile.error=JSP файл [{0}] должен начинаться с ''/''
+contextConfig.processAnnotationsDir.debug=Сканируется директория в поисках файлов классов с аннотациями [{0}]
contextConfig.tomcatWebXmlError=Ошибка обработки /WEB-INF/tomcat-web.xml
+expandWar.createFailed=Невозможно создать директорию [{0}]
+
hostConfig.deployDir=Установка веб приложения в папку [{0}]
hostConfig.deployWar.error=Ошибка при развертывании архива с веб-приложением [{0}]
hostConfig.docBaseUrlInvalid=Предоставленый docBase не может быть представлен в виде URL
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/LocalStrings_zh_CN.properties tomcat10-10.1.52/java/org/apache/catalina/startup/LocalStrings_zh_CN.properties
--- tomcat10-10.1.40/java/org/apache/catalina/startup/LocalStrings_zh_CN.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/LocalStrings_zh_CN.properties 2026-01-23 19:33:36.000000000 +0000
@@ -127,7 +127,7 @@
hostConfig.deployDir.finished=Web应用程序目录[{0}]的部署已在[{1}]毫秒内完成
hostConfig.deployDir.threaded.error=等待目录的多线程部署完成时出错
hostConfig.deployWar=正在部署web应用程序存档文件[{0}]
-hostConfig.deployWar.error=部署 Web 应用程序 archive [{0}] 时出错
+hostConfig.deployWar.error=部署 Web 应用程序存档 [{0}] 时出错
hostConfig.deployWar.finished=web应用程序存档文件[{0}]的部署已在[{1}]ms内完成
hostConfig.deployWar.hiddenDir=将忽略目录[{0}],因为WAR [{1}]优先,unpackWAR为false
hostConfig.deployWar.threaded.error=等待WAR文件的多线程部署完成时出错
@@ -163,7 +163,7 @@
tomcat.noContextClass=无法为主机[{1}]和url[{2}]实例化上下文类[{0}]
tomcat.noContextXml=不能找到web 应用的context.xml [{0}]
-userConfig.database=加载用户数据库异常
+userConfig.database=用户数据库加载异常
userConfig.deploy=正在为用户[{0}]部署web应用程序
userConfig.deploy.threaded.error=等待用户目录的多线程部署完成时出错
userConfig.deploying=正在部署用户 web 应用程序
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/MimeTypeMappings.properties tomcat10-10.1.52/java/org/apache/catalina/startup/MimeTypeMappings.properties
--- tomcat10-10.1.40/java/org/apache/catalina/startup/MimeTypeMappings.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/MimeTypeMappings.properties 2026-01-23 19:33:36.000000000 +0000
@@ -62,6 +62,7 @@
atx=application/vnd.antix.game-component
au=audio/basic
avi=video/x-msvideo
+avif=image/avif
avx=video/x-rad-screenplay
aw=application/applixware
axa=audio/annodex
@@ -388,6 +389,7 @@
json=application/json
jsonml=application/jsonml+json
jspf=text/plain
+jxl=image/jxl
kar=audio/midi
karbon=application/vnd.kde.karbon
kfo=application/vnd.kde.kformula
@@ -430,6 +432,8 @@
m1v=video/mpeg
m21=application/mp21
m2a=audio/mpeg
+m2t=video/mp2t
+m2ts=video/mp2t
m2v=video/mpeg
m3a=audio/mpeg
m3u=audio/x-mpegurl
@@ -522,7 +526,7 @@
msi=application/x-msdownload
msl=application/vnd.mobius.msl
msty=application/vnd.muvee.style
-mts=model/vnd.mts
+mts=video/mp2t
mus=application/vnd.musician
musicxml=application/vnd.recordare.musicxml+xml
mvb=application/x-msmediaview
@@ -777,6 +781,8 @@
spq=application/scvp-vp-request
spx=audio/ogg
sql=application/x-sql
+sqlite=application/vnd.sqlite3
+sqlite3=application/vnd.sqlite3
src=application/x-wais-source
srt=application/x-subrip
sru=application/sru+xml
@@ -839,6 +845,7 @@
tr=text/troff
tra=application/vnd.trueapp
trm=application/x-msterminal
+ts=video/mp2t
tsd=application/timestamped-data
tsv=text/tab-separated-values
ttc=font/collection
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/NamingRuleSet.java tomcat10-10.1.52/java/org/apache/catalina/startup/NamingRuleSet.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/NamingRuleSet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/NamingRuleSet.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,9 +21,6 @@
/**
* RuleSet for processing the JNDI Enterprise Naming Context resource declaration elements.
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
public class NamingRuleSet implements RuleSet {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/PasswdUserDatabase.java tomcat10-10.1.52/java/org/apache/catalina/startup/PasswdUserDatabase.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/PasswdUserDatabase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/PasswdUserDatabase.java 2026-01-23 19:33:36.000000000 +0000
@@ -30,8 +30,6 @@
/**
* Concrete implementation of the UserDatabase interface that processes the /etc/passwd file
* on a Unix system.
- *
- * @author Craig R. McClanahan
*/
public final class PasswdUserDatabase implements UserDatabase {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/Tomcat.java tomcat10-10.1.52/java/org/apache/catalina/startup/Tomcat.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/Tomcat.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/Tomcat.java 2026-01-23 19:33:36.000000000 +0000
@@ -132,8 +132,6 @@
*
* @see TestTomcat
- *
- * @author Costin Manolache
*/
public class Tomcat {
@@ -812,7 +810,7 @@
}
try {
baseFile = baseFile.getCanonicalFile();
- } catch (IOException e) {
+ } catch (IOException ioe) {
baseFile = baseFile.getAbsoluteFile();
}
server.setCatalinaBase(baseFile);
@@ -829,7 +827,7 @@
}
try {
homeFile = homeFile.getCanonicalFile();
- } catch (IOException e) {
+ } catch (IOException ioe) {
homeFile = homeFile.getAbsoluteFile();
}
server.setCatalinaHome(homeFile);
@@ -877,10 +875,10 @@
/**
- * By default, when calling addWebapp() to create a Context, the settings from the default web.xml are added to
- * the context. Calling this method with a false value prior to calling addWebapp() allows to opt out
- * of the default settings. In that event you will need to add the configurations yourself, either programmatically
- * or by using web.xml deployment descriptors.
+ * By default, when calling addWebapp() to create a Context, the settings from the default web.xml are added to the
+ * context. Calling this method with a false value prior to calling addWebapp() allows to opt out of
+ * the default settings. In that event you will need to add the configurations yourself, either programmatically or
+ * by using web.xml deployment descriptors.
*
* @param addDefaultWebXmlToWebapp false will prevent the class from automatically adding the default
* settings when calling addWebapp(). true will add the default
@@ -993,7 +991,6 @@
*
MIME mappings (subset of those in conf/web.xml)
*
Welcome files
*
- * TODO: Align the MIME mappings with conf/web.xml - possibly via a common file.
*
* @param contextPath The path of the context to set the defaults for
*/
@@ -1035,11 +1032,15 @@
ctx.addWelcomeFile("index.html");
ctx.addWelcomeFile("index.htm");
ctx.addWelcomeFile("index.jsp");
+ // Any application configured welcome files should override the defaults.
+ if (ctx instanceof StandardContext) {
+ ((StandardContext) ctx).setReplaceWelcomeFiles(true);
+ }
}
/**
- * Add the default MIME type mappings to the provide Context.
+ * Add the default MIME type mappings to the provided Context.
*
* @param context The web application to which the default MIME type mappings should be added.
*/
@@ -1050,8 +1051,8 @@
for (Map.Entry entry : defaultMimeMappings.entrySet()) {
context.addMimeMapping((String) entry.getKey(), (String) entry.getValue());
}
- } catch (IOException e) {
- throw new IllegalStateException(sm.getString("tomcat.defaultMimeTypeMappingsFail"), e);
+ } catch (IOException ioe) {
+ throw new IllegalStateException(sm.getString("tomcat.defaultMimeTypeMappingsFail"), ioe);
}
}
@@ -1183,9 +1184,9 @@
if (entry != null) {
result = UriUtil.buildJarUrl(docBase, Constants.ApplicationContextXml);
}
- } catch (IOException e) {
+ } catch (IOException ioe) {
Logger.getLogger(getLoggerName(getHost(), contextName)).log(Level.WARNING,
- sm.getString("tomcat.noContextXml", docBase), e);
+ sm.getString("tomcat.noContextXml", docBase), ioe);
}
return result;
}
@@ -1194,7 +1195,7 @@
// Graal native images don't load any configuration except the VM default
if (JreCompat.isGraalAvailable()) {
try (InputStream is = new FileInputStream(
- System.getProperty("java.util.logging.config.file", "conf/logging.properties"))) {
+ System.getProperty("java.util.logging.config.file", "conf/logging.properties"))) {
LogManager.getLogManager().readConfiguration(is);
} catch (SecurityException | IOException e) {
// Ignore, the VM default will be used
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/Tool.java tomcat10-10.1.52/java/org/apache/catalina/startup/Tool.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/Tool.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/Tool.java 2026-01-23 19:33:36.000000000 +0000
@@ -60,8 +60,6 @@
*
${arguments} - Command line arguments to be passed to the application's main()
* method.
*
- *
- * @author Craig R. McClanahan
*/
public final class Tool {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/UserConfig.java tomcat10-10.1.52/java/org/apache/catalina/startup/UserConfig.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/UserConfig.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/UserConfig.java 2026-01-23 19:33:36.000000000 +0000
@@ -40,8 +40,6 @@
* a web application in a directory with the specified name in their home directories. The context path of each deployed
* application will be set to ~xxxxx, where xxxxx is the username of the owning user for that web
* application
- *
- * @author Craig R. McClanahan
*/
public final class UserConfig implements LifecycleListener {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/startup/UserDatabase.java tomcat10-10.1.52/java/org/apache/catalina/startup/UserDatabase.java
--- tomcat10-10.1.40/java/org/apache/catalina/startup/UserDatabase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/startup/UserDatabase.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,8 +22,6 @@
/**
* Abstraction of the set of users defined by the operating system on the current server platform.
- *
- * @author Craig R. McClanahan
*/
public interface UserDatabase {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java tomcat10-10.1.52/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java
--- tomcat10-10.1.40/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/storeconfig/ConnectorStoreAppender.java 2026-01-23 19:33:36.000000000 +0000
@@ -254,7 +254,7 @@
File file = new File(System.getProperty(Globals.CATALINA_BASE_PROP));
try {
file = file.getCanonicalFile();
- } catch (IOException e) {
+ } catch (IOException ioe) {
// Ignore
}
return file;
@@ -269,7 +269,7 @@
}
try {
jkHomeBase = file.getCanonicalFile();
- } catch (IOException e) {
+ } catch (IOException ioe) {
jkHomeBase = file;
}
return jkHomeBase;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/storeconfig/LoaderSF.java tomcat10-10.1.52/java/org/apache/catalina/storeconfig/LoaderSF.java
--- tomcat10-10.1.40/java/org/apache/catalina/storeconfig/LoaderSF.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/storeconfig/LoaderSF.java 2026-01-23 19:33:36.000000000 +0000
@@ -44,9 +44,7 @@
}
} else {
if (log.isWarnEnabled()) {
- if (log.isWarnEnabled()) {
- log.warn(sm.getString("factory.storeNoDescriptor", aElement.getClass()));
- }
+ log.warn(sm.getString("factory.storeNoDescriptor", aElement.getClass()));
}
}
}
@@ -65,6 +63,6 @@
}
WebappLoader wloader = (WebappLoader) loader;
return (!wloader.getDelegate()) &&
- wloader.getLoaderClass().equals("org.apache.catalina.loader.WebappClassLoader");
+ wloader.getLoaderClass().equals("org.apache.catalina.loader.WebappClassLoader");
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/storeconfig/OpenSSLConfSF.java tomcat10-10.1.52/java/org/apache/catalina/storeconfig/OpenSSLConfSF.java
--- tomcat10-10.1.40/java/org/apache/catalina/storeconfig/OpenSSLConfSF.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/storeconfig/OpenSSLConfSF.java 2026-01-23 19:33:36.000000000 +0000
@@ -17,6 +17,7 @@
package org.apache.catalina.storeconfig;
import java.io.PrintWriter;
+import java.util.Set;
import org.apache.tomcat.util.net.openssl.OpenSSLConf;
import org.apache.tomcat.util.net.openssl.OpenSSLConfCmd;
@@ -26,6 +27,8 @@
*/
public class OpenSSLConfSF extends StoreFactoryBase {
+ private static final Set INTERNAL_COMMANDS = Set.of(OpenSSLConfCmd.NO_OCSP_CHECK);
+
/**
* Store nested OpenSSLConfCmd elements.
*
@@ -37,9 +40,13 @@
if (aOpenSSLConf instanceof OpenSSLConf) {
OpenSSLConf openSslConf = (OpenSSLConf) aOpenSSLConf;
// Store nested elements
- OpenSSLConfCmd[] openSSLConfCmds = openSslConf.getCommands().toArray(new OpenSSLConfCmd[0]);
- storeElementArray(aWriter, indent + 2, openSSLConfCmds);
+ for (OpenSSLConfCmd openSSLConfCmd : openSslConf.getCommands()) {
+ // Don't store the internal commands that are created from other SslHostConfig attributes.
+ if (INTERNAL_COMMANDS.contains(openSSLConfCmd.getName())) {
+ continue;
+ }
+ storeElement(aWriter, indent + 2, openSSLConfCmd);
+ }
}
}
-
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/storeconfig/StandardContextSF.java tomcat10-10.1.52/java/org/apache/catalina/storeconfig/StandardContextSF.java
--- tomcat10-10.1.40/java/org/apache/catalina/storeconfig/StandardContextSF.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/storeconfig/StandardContextSF.java 2026-01-23 19:33:36.000000000 +0000
@@ -288,8 +288,8 @@
file = new File(file, host.getName());
try {
file = file.getCanonicalFile();
- } catch (IOException e) {
- log.error(sm.getString("standardContextSF.canonicalPathError"), e);
+ } catch (IOException ioe) {
+ log.error(sm.getString("standardContextSF.canonicalPathError"), ioe);
}
}
return file;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/storeconfig/StoreAppender.java tomcat10-10.1.52/java/org/apache/catalina/storeconfig/StoreAppender.java
--- tomcat10-10.1.40/java/org/apache/catalina/storeconfig/StoreAppender.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/storeconfig/StoreAppender.java 2026-01-23 19:33:36.000000000 +0000
@@ -35,9 +35,9 @@
/**
* The set of classes that represent persistable properties.
*/
- private static final Class[] persistables = { String.class, Integer.class, Integer.TYPE, Boolean.class, Boolean.TYPE,
- Byte.class, Byte.TYPE, Character.class, Character.TYPE, Double.class, Double.TYPE, Float.class, Float.TYPE,
- Long.class, Long.TYPE, Short.class, Short.TYPE, InetAddress.class };
+ private static final Class[] persistables = { String.class, Integer.class, Integer.TYPE, Boolean.class,
+ Boolean.TYPE, Byte.class, Byte.TYPE, Character.class, Character.TYPE, Double.class, Double.TYPE,
+ Float.class, Float.TYPE, Long.class, Long.TYPE, Short.class, Short.TYPE, InetAddress.class };
private int pos = 0;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/storeconfig/StoreConfigLifecycleListener.java tomcat10-10.1.52/java/org/apache/catalina/storeconfig/StoreConfigLifecycleListener.java
--- tomcat10-10.1.40/java/org/apache/catalina/storeconfig/StoreConfigLifecycleListener.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/storeconfig/StoreConfigLifecycleListener.java 2026-01-23 19:33:36.000000000 +0000
@@ -97,8 +97,8 @@
// Note: Hard-coded domain used since this object is per Server/JVM
oname = new ObjectName("Catalina:type=StoreConfig");
registry.registerComponent(storeConfig, oname, "StoreConfig");
- } catch (Exception ex) {
- log.error(sm.getString("storeConfigListener.registerError"), ex);
+ } catch (Exception e) {
+ log.error(sm.getString("storeConfigListener.registerError"), e);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/storeconfig/StoreContextAppender.java tomcat10-10.1.52/java/org/apache/catalina/storeconfig/StoreContextAppender.java
--- tomcat10-10.1.40/java/org/apache/catalina/storeconfig/StoreContextAppender.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/storeconfig/StoreContextAppender.java 2026-01-23 19:33:36.000000000 +0000
@@ -92,7 +92,7 @@
}
try {
appBase = file.getCanonicalFile();
- } catch (IOException e) {
+ } catch (IOException ioe) {
appBase = file;
}
return appBase;
@@ -111,7 +111,7 @@
}
try {
docBase = file.getCanonicalFile();
- } catch (IOException e) {
+ } catch (IOException ioe) {
docBase = file;
}
return docBase;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/storeconfig/StoreFactoryBase.java tomcat10-10.1.52/java/org/apache/catalina/storeconfig/StoreFactoryBase.java
--- tomcat10-10.1.40/java/org/apache/catalina/storeconfig/StoreFactoryBase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/storeconfig/StoreFactoryBase.java 2026-01-23 19:33:36.000000000 +0000
@@ -160,9 +160,9 @@
for (Object element : elements) {
try {
storeElement(aWriter, indent, element);
- } catch (IOException ioe) {
- // ignore children report error them self!
- // see StandardContext.storeWithBackup()
+ } catch (IOException ignore) {
+ // Ignore. Children report error themselves.
+ // See StandardContext.storeWithBackup()
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/storeconfig/StoreLoader.java tomcat10-10.1.52/java/org/apache/catalina/storeconfig/StoreLoader.java
--- tomcat10-10.1.40/java/org/apache/catalina/storeconfig/StoreLoader.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/storeconfig/StoreLoader.java 2026-01-23 19:33:36.000000000 +0000
@@ -132,7 +132,7 @@
synchronized (digester) {
registry = (StoreRegistry) digester.parse(is);
}
- } catch (IOException e) {
+ } catch (IOException ioe) {
// Try default classloader location
try (InputStream is =
StoreLoader.class.getResourceAsStream("/org/apache/catalina/storeconfig/server-registry.xml")) {
@@ -143,7 +143,7 @@
registry = (StoreRegistry) digester.parse(is);
}
} else {
- throw e;
+ throw ioe;
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/Channel.java tomcat10-10.1.52/java/org/apache/catalina/tribes/Channel.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/Channel.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/Channel.java 2026-01-23 19:33:36.000000000 +0000
@@ -279,8 +279,8 @@
void start(int svc) throws ChannelException;
/**
- * Shuts down the channel. This can be called multiple times for individual services to shut down.
- * The svc parameter can be the logical or value of any constants
+ * Shuts down the channel. This can be called multiple times for individual services to shut down. The svc parameter
+ * can be the logical or value of any constants
*
* @param svc one of:
*
@@ -515,8 +515,10 @@
return Integer.parseInt(input);
} catch (NumberFormatException nfe) {
final Log log = LogFactory.getLog(Channel.class);
- log.trace(String.format("Failed to parse [%s] as integer, channelSendOptions possibly set by name(s)",
- input));
+ if (log.isTraceEnabled()) {
+ log.trace(String.format("Failed to parse [%s] as integer, channelSendOptions possibly set by name(s)",
+ input), nfe);
+ }
}
String[] options = input.split("\\s*,\\s*");
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/ChannelInterceptor.java tomcat10-10.1.52/java/org/apache/catalina/tribes/ChannelInterceptor.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/ChannelInterceptor.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/ChannelInterceptor.java 2026-01-23 19:33:36.000000000 +0000
@@ -182,8 +182,8 @@
void start(int svc) throws ChannelException;
/**
- * Shuts down the channel. This can be called multiple times for individual services to shut down.
- * The svc parameter can be the logical or value of any constants
+ * Shuts down the channel. This can be called multiple times for individual services to shut down. The svc parameter
+ * can be the logical or value of any constants
*
* @param svc one of:
*
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/ChannelCoordinator.java tomcat10-10.1.52/java/org/apache/catalina/tribes/group/ChannelCoordinator.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/ChannelCoordinator.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/ChannelCoordinator.java 2026-01-23 19:33:36.000000000 +0000
@@ -175,8 +175,8 @@
startLevel = (startLevel | svc);
} catch (ChannelException cx) {
throw cx;
- } catch (Exception x) {
- throw new ChannelException(x);
+ } catch (Exception e) {
+ throw new ChannelException(e);
}
}
@@ -231,8 +231,8 @@
startLevel = (startLevel & (~svc));
setChannel(null);
- } catch (Exception x) {
- throw new ChannelException(x);
+ } catch (Exception e) {
+ throw new ChannelException(e);
}
}
@@ -274,7 +274,10 @@
return membershipService;
}
- public void setClusterReceiver(ChannelReceiver clusterReceiver) {
+ public synchronized void setClusterReceiver(ChannelReceiver clusterReceiver) {
+ if (startLevel != 0) {
+ throw new IllegalStateException(sm.getString("channelCoordinator.invalidState.notStopped"));
+ }
if (clusterReceiver != null) {
this.clusterReceiver = clusterReceiver;
this.clusterReceiver.setMessageListener(this);
@@ -286,11 +289,17 @@
}
}
- public void setClusterSender(ChannelSender clusterSender) {
+ public synchronized void setClusterSender(ChannelSender clusterSender) {
+ if (startLevel != 0) {
+ throw new IllegalStateException(sm.getString("channelCoordinator.invalidState.notStopped"));
+ }
this.clusterSender = clusterSender;
}
- public void setMembershipService(MembershipService membershipService) {
+ public synchronized void setMembershipService(MembershipService membershipService) {
+ if (startLevel != 0) {
+ throw new IllegalStateException(sm.getString("channelCoordinator.invalidState.notStopped"));
+ }
this.membershipService = membershipService;
this.membershipService.setMembershipListener(this);
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/GroupChannel.java tomcat10-10.1.52/java/org/apache/catalina/tribes/group/GroupChannel.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/GroupChannel.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/GroupChannel.java 2026-01-23 19:33:36.000000000 +0000
@@ -278,8 +278,8 @@
} else {
try {
fwd = XByteBuffer.deserialize(msg.getMessage().getBytesDirect(), 0, msg.getMessage().getLength());
- } catch (Exception sx) {
- log.error(sm.getString("groupChannel.unable.deserialize", msg), sx);
+ } catch (Exception e) {
+ log.error(sm.getString("groupChannel.unable.deserialize", msg), e);
return;
}
}
@@ -311,13 +311,13 @@
Logs.MESSAGES.trace("GroupChannel delivered[" + delivered + "] id:" + new UniqueId(msg.getUniqueId()));
}
- } catch (Exception x) {
+ } catch (Exception e) {
// this could be the channel listener throwing an exception, we should log it
// as a warning.
if (log.isWarnEnabled()) {
- log.warn(sm.getString("groupChannel.receiving.error"), x);
+ log.warn(sm.getString("groupChannel.receiving.error"), e);
}
- throw new RemoteProcessException(sm.getString("groupChannel.receiving.error"), x);
+ throw new RemoteProcessException(sm.getString("groupChannel.receiving.error"), e);
}
}
@@ -337,8 +337,8 @@
}
RpcMessage.NoRpcChannelReply reply = new RpcMessage.NoRpcChannelReply(msg.rpcId, msg.uuid);
send(new Member[] { destination }, reply, SEND_OPTIONS_ASYNCHRONOUS);
- } catch (Exception x) {
- log.error(sm.getString("groupChannel.sendFail.noRpcChannelReply"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("groupChannel.sendFail.noRpcChannelReply"), e);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/LocalStrings.properties tomcat10-10.1.52/java/org/apache/catalina/tribes/group/LocalStrings.properties
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/LocalStrings.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/LocalStrings.properties 2026-01-23 19:33:36.000000000 +0000
@@ -18,6 +18,7 @@
channelCoordinator.alreadyStarted=Channel already started for level:[{0}]
channelCoordinator.invalid.startLevel=Invalid start level, valid levels are:SND_RX_SEQ,SND_TX_SEQ,MBR_TX_SEQ,MBR_RX_SEQ
+channelCoordinator.invalidState.notStopped=Configuration may not be changed until the channel has been fully stopped
groupChannel.listener.alreadyExist=Listener already exists:[{0}][{1}]
groupChannel.noDestination=No destination given
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/LocalStrings_fr.properties tomcat10-10.1.52/java/org/apache/catalina/tribes/group/LocalStrings_fr.properties
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/LocalStrings_fr.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/LocalStrings_fr.properties 2026-01-23 19:33:36.000000000 +0000
@@ -18,6 +18,7 @@
channelCoordinator.alreadyStarted=Canal déjà démarré pour le niveau : [{0}]
channelCoordinator.invalid.startLevel=Niveau de départ invalide, les niveaux valides sont : SND_RX_SEQ,SND_TX_SEQ,MBR_TX_SEQ,MBR_RX_SEQ
+channelCoordinator.invalidState.notStopped=La configuration ne peut pas être changée avant que ce canal (Channel) ne soit complètement arrêté
groupChannel.listener.alreadyExist=L''écouteur existe déjà : [{0}][{1}]
groupChannel.noDestination=Aucune destination donnée
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/LocalStrings_ja.properties tomcat10-10.1.52/java/org/apache/catalina/tribes/group/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -18,6 +18,7 @@
channelCoordinator.alreadyStarted=チャンネルは既にレベル:[{0}]で開始されました。
channelCoordinator.invalid.startLevel=無効な開始レベルです。有効なレベルは SND_RX_SEQ、SND_TX_SEQ、MBR_TX_SEQ、MBR_RX_SEQ です
+channelCoordinator.invalidState.notStopped=channel が完全に停止するまで設定を変更することはできません
groupChannel.listener.alreadyExist=チャンネルリスナー [{0}][{1}] はすでに存在します。
groupChannel.noDestination=宛先が指定されていません。
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/RpcChannel.java tomcat10-10.1.52/java/org/apache/catalina/tribes/group/RpcChannel.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/RpcChannel.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/RpcChannel.java 2026-01-23 19:33:36.000000000 +0000
@@ -100,7 +100,11 @@
RpcMessage rmsg = new RpcMessage(rpcId, key.id, message);
channel.send(destination, rmsg, sendOptions);
if (rpcOptions != NO_REPLY) {
- collector.wait(timeout);
+ long timeoutExpiry = System.nanoTime() + timeout * 1_000_000;
+ while (!collector.isComplete() && timeout > 0) {
+ collector.wait(timeout);
+ timeout = (timeoutExpiry - System.nanoTime()) / 1_000_000;
+ }
}
}
} catch (InterruptedException ix) {
@@ -175,11 +179,11 @@
replyMessageOptions & ~Channel.SEND_OPTIONS_SYNCHRONIZED_ACK);
}
finished = true;
- } catch (Exception x) {
+ } catch (Exception e) {
if (excallback != null && !asyncReply) {
- excallback.replyFailed(rmsg.message, reply, sender, x);
+ excallback.replyFailed(rmsg.message, reply, sender, e);
} else {
- log.error(sm.getString("rpcChannel.replyFailed"), x);
+ log.error(sm.getString("rpcChannel.replyFailed"), e);
}
}
if (finished && excallback != null && !asyncReply) {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/FragmentationInterceptor.java tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/FragmentationInterceptor.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/FragmentationInterceptor.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/FragmentationInterceptor.java 2026-01-23 19:33:36.000000000 +0000
@@ -148,9 +148,9 @@
removeFragCollection(key);
}
}
- } catch (Exception x) {
+ } catch (Exception e) {
if (log.isErrorEnabled()) {
- log.error(sm.getString("fragmentationInterceptor.heartbeat.failed"), x);
+ log.error(sm.getString("fragmentationInterceptor.heartbeat.failed"), e);
}
}
super.heartbeat();
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/GzipInterceptor.java tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/GzipInterceptor.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/GzipInterceptor.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/GzipInterceptor.java 2026-01-23 19:33:36.000000000 +0000
@@ -94,9 +94,9 @@
if (statsEnabled && interval > 0 && currentCount % interval == 0) {
report();
}
- } catch (IOException x) {
+ } catch (IOException ioe) {
log.error(sm.getString("gzipInterceptor.compress.failed"));
- throw new ChannelException(x);
+ throw new ChannelException(ioe);
}
}
@@ -129,8 +129,8 @@
if (statsEnabled && interval > 0 && currentCount % interval == 0) {
report();
}
- } catch (IOException x) {
- log.error(sm.getString("gzipInterceptor.decompress.failed"), x);
+ } catch (IOException ioe) {
+ log.error(sm.getString("gzipInterceptor.decompress.failed"), ioe);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/LocalStrings.properties tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/LocalStrings.properties
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/LocalStrings.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/LocalStrings.properties 2026-01-23 19:33:36.000000000 +0000
@@ -83,7 +83,7 @@
tcpFailureDetector.member.disappeared=Verification complete. Member disappeared[{0}]
tcpFailureDetector.memberDisappeared.verify=Received memberDisappeared[{0}] message. Will verify.
tcpFailureDetector.performBasicCheck.memberAdded=Member added, even though we weren''t notified:[{0}]
-tcpFailureDetector.recievedPacket=Received a failure detector packet [{0}]
+tcpFailureDetector.receivedPacket=Received a failure detector packet [{0}]
tcpFailureDetector.still.alive=Verification complete. Member still alive[{0}]
tcpFailureDetector.suspectMember.alive=Suspect member, confirmed alive.[{0}]
tcpFailureDetector.suspectMember.dead=Suspect member, confirmed dead.[{0}]
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/LocalStrings_fr.properties tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/LocalStrings_fr.properties
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/LocalStrings_fr.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/LocalStrings_fr.properties 2026-01-23 19:33:36.000000000 +0000
@@ -83,7 +83,7 @@
tcpFailureDetector.member.disappeared=La vérfication est complète, le membre a disparu [{0}]
tcpFailureDetector.memberDisappeared.verify=Reçu un message memberDisappeared[{0}], qui sera vérifié
tcpFailureDetector.performBasicCheck.memberAdded=Le membre a été ajouté bien qu''aucune notification n''ait été reçue : [{0}]
-tcpFailureDetector.recievedPacket=Réception d''un paquet de détection d''échec [{0}]
+tcpFailureDetector.receivedPacket=Réception d''un paquet de détection d''échec [{0}]
tcpFailureDetector.still.alive=Vérification terminée. Le membre [{0}] vit toujours
tcpFailureDetector.suspectMember.alive=Membre suspect, confirmé vivant.[{0}]
tcpFailureDetector.suspectMember.dead=Un membre suspect a été confirmé mort [{0}]
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/LocalStrings_ja.properties tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -83,7 +83,7 @@
tcpFailureDetector.member.disappeared=メンバ検証が完了しました。メンバーが消えました [{0}]
tcpFailureDetector.memberDisappeared.verify=memberDisappeared[{0}]メッセージを受信しました。メンバ検証します。
tcpFailureDetector.performBasicCheck.memberAdded=私たちに通知されなかったにもかかわらず、メンバーが追加されました:[{0}]
-tcpFailureDetector.recievedPacket=障害検出パケット [{0}] を受信しました
+tcpFailureDetector.receivedPacket=障害検出パケット [{0}] を受信しました
tcpFailureDetector.still.alive=故障検出チェックが完了しました。メンバー [{0}] は正常です。
tcpFailureDetector.suspectMember.alive=疑わしいクラスタメンバーの生存を確認しました。[{0}]
tcpFailureDetector.suspectMember.dead=疑義メンバが死亡したことが確認されました。[{0}]
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/LocalStrings_ru.properties tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/LocalStrings_ru.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -17,6 +17,7 @@
# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
domainFilterInterceptor.member.refused=Участнику [{0}] было отказано в присоединении к кластеру
+domainFilterInterceptor.message.refused=Сообщение полученое от кластера [{0}] было отклонено.
encryptInterceptor.decrypt.error.short-message=Невозможно расшифровать сообщение: слишком мало символов
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/MessageDispatchInterceptor.java tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/MessageDispatchInterceptor.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/MessageDispatchInterceptor.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/MessageDispatchInterceptor.java 2026-01-23 19:33:36.000000000 +0000
@@ -244,18 +244,18 @@
if (handler != null) {
handler.handleCompletion(new UniqueId(msg.getUniqueId()));
}
- } catch (Exception ex) {
- log.error(sm.getString("messageDispatchInterceptor.completeMessage.failed"), ex);
+ } catch (Exception e) {
+ log.error(sm.getString("messageDispatchInterceptor.completeMessage.failed"), e);
}
- } catch (Exception x) {
+ } catch (Exception e) {
ChannelException cx;
- if (x instanceof ChannelException) {
- cx = (ChannelException) x;
+ if (e instanceof ChannelException) {
+ cx = (ChannelException) e;
} else {
- cx = new ChannelException(x);
+ cx = new ChannelException(e);
}
if (log.isDebugEnabled()) {
- log.debug(sm.getString("messageDispatchInterceptor.AsyncMessage.failed"), x);
+ log.debug(sm.getString("messageDispatchInterceptor.AsyncMessage.failed"), e);
}
try {
if (handler != null) {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/NonBlockingCoordinator.java tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/NonBlockingCoordinator.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/NonBlockingCoordinator.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/NonBlockingCoordinator.java 2026-01-23 19:33:36.000000000 +0000
@@ -238,14 +238,24 @@
new CoordinationEvent(CoordinationEvent.EVT_PROCESS_ELECT, this, "Election, sending request"));
sendElectionMsg(local, others[0], msg);
} else {
- try {
- coordMsgReceived.set(false);
- fireInterceptorEvent(new CoordinationEvent(CoordinationEvent.EVT_WAIT_FOR_MSG, this,
- "Election, waiting for request"));
- electionMutex.wait(waitForCoordMsgTimeout);
- } catch (InterruptedException x) {
- Thread.currentThread().interrupt();
- }
+ coordMsgReceived.set(false);
+ fireInterceptorEvent(new CoordinationEvent(CoordinationEvent.EVT_WAIT_FOR_MSG, this,
+ "Election, waiting for request"));
+ long timeout = waitForCoordMsgTimeout;
+ long timeoutEndNanos = System.nanoTime() + timeout * 1_000_000;
+ do {
+ try {
+ electionMutex.wait(timeout);
+ } catch (InterruptedException x) {
+ Thread.currentThread().interrupt();
+ }
+ timeout = (timeoutEndNanos - System.nanoTime()) / 1_000_000;
+ /*
+ * Spurious wake-ups are possible. Keep waiting if a) the condition we were waiting for hasn't
+ * happened (i.e. notify() was not called) AND b) the timeout has not expired AND c) the thread was
+ * not interrupted.
+ */
+ } while (suggestedviewId == null && !coordMsgReceived.get() && timeout > 0 && !Thread.interrupted());
String msg;
if (suggestedviewId == null && !coordMsgReceived.get()) {
if (Thread.interrupted()) {
@@ -266,8 +276,8 @@
Arrays.fill(m, others);
Member[] mbrs = m.getMembers();
m.reset();
- return new CoordinationMessage(leader, local, mbrs,
- new UniqueId(UUIDGenerator.randomUUID(true)), COORD_REQUEST);
+ return new CoordinationMessage(leader, local, mbrs, new UniqueId(UUIDGenerator.randomUUID(true)),
+ COORD_REQUEST);
}
protected void sendElectionMsg(Member local, Member next, CoordinationMessage msg) throws ChannelException {
@@ -286,6 +296,7 @@
sendElectionMsg(local, msg.getMembers()[current], msg);
sent = true;
} catch (ChannelException x) {
+ // Exception is logged further up stack
log.warn(sm.getString("nonBlockingCoordinator.electionMessage.sendfailed", msg.getMembers()[current]));
current = Arrays.nextIndex(msg.getMembers()[current], msg.getMembers());
if (current == next) {
@@ -322,8 +333,8 @@
return true;
} catch (SocketTimeoutException | ConnectException x) {
// do nothing, we couldn't connect
- } catch (Exception x) {
- log.error(sm.getString("nonBlockingCoordinator.memberAlive.failed"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("nonBlockingCoordinator.memberAlive.failed"), e);
}
return false;
}
@@ -625,8 +636,8 @@
startElection(true);
}
}
- } catch (Exception x) {
- log.error(sm.getString("nonBlockingCoordinator.heartbeat.failed"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("nonBlockingCoordinator.heartbeat.failed"), e);
} finally {
super.heartbeat();
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/SimpleCoordinator.java tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/SimpleCoordinator.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/SimpleCoordinator.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/SimpleCoordinator.java 2026-01-23 19:33:36.000000000 +0000
@@ -27,8 +27,6 @@
/**
* A dinky coordinator, just uses a sorted version of the member array.
- *
- * @author rnewson
*/
public class SimpleCoordinator extends ChannelInterceptorBase {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/TcpFailureDetector.java tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/TcpFailureDetector.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/TcpFailureDetector.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/TcpFailureDetector.java 2026-01-23 19:33:36.000000000 +0000
@@ -111,7 +111,7 @@
if (process) {
super.messageReceived(msg);
} else if (log.isDebugEnabled()) {
- log.debug(sm.getString("tcpFailureDetector.recievedPacket", msg));
+ log.debug(sm.getString("tcpFailureDetector.receivedPacket", msg));
}
}// messageReceived
@@ -250,8 +250,8 @@
performForcedCheck();
}
}
- } catch (Exception x) {
- log.warn(sm.getString("tcpFailureDetector.heartbeat.failed"), x);
+ } catch (Exception e) {
+ log.warn(sm.getString("tcpFailureDetector.heartbeat.failed"), e);
}
}
@@ -383,8 +383,8 @@
return true;
} catch (SocketTimeoutException | ConnectException | NoRouteToHostException noop) {
// do nothing, we couldn't connect
- } catch (Exception x) {
- log.error(sm.getString("tcpFailureDetector.failureDetection.failed", mbr), x);
+ } catch (Exception e) {
+ log.error(sm.getString("tcpFailureDetector.failureDetection.failed", mbr), e);
}
return false;
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/TcpPingInterceptor.java tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/TcpPingInterceptor.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/TcpPingInterceptor.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/TcpPingInterceptor.java 2026-01-23 19:33:36.000000000 +0000
@@ -191,8 +191,8 @@
// Ignore. Probably triggered by a call to stop().
// In the highly unlikely event it was a different trigger,
// simply ignore it and continue.
- } catch (Exception x) {
- log.warn(sm.getString("tcpPingInterceptor.pingFailed.pingThread"), x);
+ } catch (Exception e) {
+ log.warn(sm.getString("tcpPingInterceptor.pingFailed.pingThread"), e);
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/TwoPhaseCommitInterceptor.java tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/TwoPhaseCommitInterceptor.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/group/interceptors/TwoPhaseCommitInterceptor.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/group/interceptors/TwoPhaseCommitInterceptor.java 2026-01-23 19:33:36.000000000 +0000
@@ -129,8 +129,8 @@
messages.remove(entry.id);
}
}
- } catch (Exception x) {
- log.warn(sm.getString("twoPhaseCommitInterceptor.heartbeat.failed"), x);
+ } catch (Exception e) {
+ log.warn(sm.getString("twoPhaseCommitInterceptor.heartbeat.failed"), e);
} finally {
super.heartbeat();
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/io/ChannelData.java tomcat10-10.1.52/java/org/apache/catalina/tribes/io/ChannelData.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/io/ChannelData.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/io/ChannelData.java 2026-01-23 19:33:36.000000000 +0000
@@ -29,8 +29,6 @@
* The ChannelData object is used to transfer a message through the channel interceptor stack and
* eventually out on a transport to be sent to another node. While the message is being processed by the different
* interceptors, the message data can be manipulated as each interceptor seems appropriate.
- *
- * @author Peter Rossbach
*/
public class ChannelData implements ChannelMessage {
private static final long serialVersionUID = 1L;
@@ -337,9 +335,7 @@
@Override
public String toString() {
- return "ClusterData[src=" +
- getAddress() + "; id=" +
- bToS(getUniqueId()) + "; sent=" +
+ return "ClusterData[src=" + getAddress() + "; id=" + bToS(getUniqueId()) + "; sent=" +
new Timestamp(this.getTimestamp()).toString() + ']';
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/io/LocalStrings_ru.properties tomcat10-10.1.52/java/org/apache/catalina/tribes/io/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/io/LocalStrings_ru.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/io/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -17,3 +17,5 @@
# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
replicationStream.conflict=конфликтующие непубличные загрузчики классов
+
+xByteBuffer.size.larger.buffer=Размер больше чем существующий буфер
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/io/ObjectReader.java tomcat10-10.1.52/java/org/apache/catalina/tribes/io/ObjectReader.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/io/ObjectReader.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/io/ObjectReader.java 2026-01-23 19:33:36.000000000 +0000
@@ -66,10 +66,10 @@
public ObjectReader(Socket socket) {
try {
this.buffer = new XByteBuffer(socket.getReceiveBufferSize(), true);
- } catch (IOException x) {
+ } catch (IOException ioe) {
// unable to get buffer size
log.warn(sm.getString("objectReader.retrieveFailed.socketReceiverBufferSize",
- Integer.toString(Constants.DEFAULT_CLUSTER_MSG_BUFFER_SIZE)));
+ Integer.toString(Constants.DEFAULT_CLUSTER_MSG_BUFFER_SIZE)), ioe);
this.buffer = new XByteBuffer(Constants.DEFAULT_CLUSTER_MSG_BUFFER_SIZE, true);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/io/ReplicationStream.java tomcat10-10.1.52/java/org/apache/catalina/tribes/io/ReplicationStream.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/io/ReplicationStream.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/io/ReplicationStream.java 2026-01-23 19:33:36.000000000 +0000
@@ -28,9 +28,6 @@
/**
* Custom subclass of ObjectInputStream that loads from the class loader for this web application. This
* allows classes defined only with the web application to be found correctly.
- *
- * @author Craig R. McClanahan
- * @author Bip Thelin
*/
public final class ReplicationStream extends ObjectInputStream {
@@ -83,7 +80,7 @@
} else {
return findExternalClass(name);
}
- } catch (Exception x) {
+ } catch (Exception e) {
if (tryRepFirst) {
return findExternalClass(name);
} else {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/jmx/LocalStrings_ru.properties tomcat10-10.1.52/java/org/apache/catalina/tribes/jmx/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/jmx/LocalStrings_ru.properties 1970-01-01 00:00:00.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/jmx/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Do not edit this file directly.
+# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
+
+jmxRegistry.registerJmx.failed=Невозможно зарегистрировать объект [{0}] с именем [{1}]
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/Constants.java tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/Constants.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/Constants.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/Constants.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
/**
* Manifest constants for the org.apache.catalina.tribes.membership package.
- *
- * @author Peter Rossbach
*/
public class Constants {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/LocalStrings.properties tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/LocalStrings.properties
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/LocalStrings.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/LocalStrings.properties 2026-01-23 19:33:36.000000000 +0000
@@ -30,6 +30,7 @@
mcastServiceImpl.bind.failed=Binding to multicast address, failed. Binding to port only.
mcastServiceImpl.error.receiving=Error receiving mcast package. Sleeping 500ms
mcastServiceImpl.error.receivingNoSleep=Error receiving multicast package
+mcastServiceImpl.error.stop=Error during stop of membership service
mcastServiceImpl.invalid.startLevel=Invalid start level. Only acceptable levels are Channel.MBR_RX_SEQ and Channel.MBR_TX_SEQ
mcastServiceImpl.invalid.stopLevel=Invalid stop level. Only acceptable levels are Channel.MBR_RX_SEQ and Channel.MBR_TX_SEQ
mcastServiceImpl.invalidMemberPackage=Invalid member multicast package
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/LocalStrings_fr.properties tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/LocalStrings_fr.properties
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/LocalStrings_fr.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/LocalStrings_fr.properties 2026-01-23 19:33:36.000000000 +0000
@@ -30,6 +30,7 @@
mcastServiceImpl.bind.failed=Echec de l'association à l’adresse multicast, association uniquement sur le port
mcastServiceImpl.error.receiving=Erreur en recevant un paquet multicast, attente de 500ms
mcastServiceImpl.error.receivingNoSleep=Erreur lors de la réception d'un paquet multicast
+mcastServiceImpl.error.stop=Erreur lors de l'arrêt du service de gestion des membres
mcastServiceImpl.invalid.startLevel=Niveau de départ invalide. Les seuls niveaux acceptables sont Channel.MBR_RX_SEQ et Channel.MBR_TX_SEQ
mcastServiceImpl.invalid.stopLevel=Niveau de stop invalide, les seuls niveaux valides sont Channel.MBR_RX_SEQ et Channel.MBR_TX_SEQ
mcastServiceImpl.invalidMemberPackage=Membre invalide dans le paquet multicast
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/LocalStrings_ja.properties tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -30,6 +30,7 @@
mcastServiceImpl.bind.failed=マルチキャストアドレスへのバインドに失敗しました。ポートのみにバインドします。
mcastServiceImpl.error.receiving=マルチキャストパッケージを受信中にエラーが発生しました。500msスリープします。
mcastServiceImpl.error.receivingNoSleep=マルチキャスト パッケージの受信エラー
+mcastServiceImpl.error.stop=membership サービス停止中にエラーが発生しました
mcastServiceImpl.invalid.startLevel=不正な開始レベルです。受け付けられるのは Channel.MBR_RX_SEQ と Channel.MBR_TX_SEQ です。
mcastServiceImpl.invalid.stopLevel=無効な停止レベルです。受け入れ可能なレベルはChannel.MBR_RX_SEQとChannel.MBR_TX_SEQのみです。
mcastServiceImpl.invalidMemberPackage=無効なメンバマルチキャストパッケージ
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/McastService.java tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/McastService.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/McastService.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/McastService.java 2026-01-23 19:33:36.000000000 +0000
@@ -147,8 +147,8 @@
localMember.setSecurePort(securePort);
localMember.setUdpPort(udpPort);
localMember.getData(true, true);
- } catch (IOException x) {
- throw new IllegalArgumentException(x);
+ } catch (IOException ioe) {
+ throw new IllegalArgumentException(ioe);
}
}
@@ -320,15 +320,15 @@
if (properties.getProperty("mcastTTL") != null) {
try {
ttl = Integer.parseInt(properties.getProperty("mcastTTL"));
- } catch (Exception x) {
- log.error(sm.getString("McastService.parseTTL", properties.getProperty("mcastTTL")), x);
+ } catch (Exception e) {
+ log.error(sm.getString("McastService.parseTTL", properties.getProperty("mcastTTL")), e);
}
}
if (properties.getProperty("mcastSoTimeout") != null) {
try {
soTimeout = Integer.parseInt(properties.getProperty("mcastSoTimeout"));
- } catch (Exception x) {
- log.error(sm.getString("McastService.parseSoTimeout", properties.getProperty("mcastSoTimeout")), x);
+ } catch (Exception e) {
+ log.error(sm.getString("McastService.parseSoTimeout", properties.getProperty("mcastSoTimeout")), e);
}
}
@@ -372,8 +372,8 @@
impl = null;
channel = null;
}
- } catch (Exception x) {
- log.error(sm.getString("McastService.stopFail", Integer.valueOf(svc)), x);
+ } catch (Exception e) {
+ log.error(sm.getString("McastService.stopFail", Integer.valueOf(svc)), e);
}
}
@@ -411,8 +411,8 @@
DatagramPacket packet = new DatagramPacket(data, 0, data.length);
try {
impl.send(false, packet);
- } catch (Exception x) {
- throw new ChannelException(x);
+ } catch (Exception e) {
+ throw new ChannelException(e);
}
}
@@ -454,8 +454,8 @@
if (impl != null) {
impl.send(false);
}
- } catch (Exception x) {
- log.error(sm.getString("McastService.payload"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("McastService.payload"), e);
}
}
}
@@ -469,8 +469,8 @@
if (impl != null) {
impl.send(false);
}
- } catch (Exception x) {
- log.error(sm.getString("McastService.domain"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("McastService.domain"), e);
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/McastServiceImpl.java tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/McastServiceImpl.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/McastServiceImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/McastServiceImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -202,7 +202,11 @@
* On some platforms (e.g. Linux) it is not possible to bind to the multicast address. In this case only
* bind to the port.
*/
- log.info(sm.getString("mcastServiceImpl.bind.failed"));
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("mcastServiceImpl.bind.failed"), e);
+ } else {
+ log.info(sm.getString("mcastServiceImpl.bind.failed"));
+ }
socket = new MulticastSocket(port);
}
} else {
@@ -289,6 +293,7 @@
try {
Thread.sleep(memberwait);
} catch (InterruptedException ignore) {
+ // Ignore
}
if (log.isInfoEnabled()) {
log.info(sm.getString("mcastServiceImpl.waitForMembers.done", Integer.toString(level)));
@@ -328,13 +333,19 @@
// leave mcast group
try {
socket.leaveGroup(new InetSocketAddress(address, 0), null);
- } catch (Exception ignore) {
- // NO-OP
+ } catch (Exception e) {
+ // Shutting down. Only log at debug.
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("mcastServiceImpl.error.stop"), e);
+ }
}
try {
socket.close();
- } catch (Exception ignore) {
- // NO-OP
+ } catch (Exception e) {
+ // Shutting down. Only log at debug.
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("mcastServiceImpl.error.stop"), e);
+ }
}
member.setServiceStartTime(-1);
}
@@ -360,10 +371,11 @@
memberBroadcastsReceived(data);
}
}
- } catch (SocketTimeoutException x) {
- // do nothing, this is normal, we don't want to block forever
- // since the receive thread is the same thread
- // that does membership expiration
+ } catch (SocketTimeoutException ignore) {
+ /*
+ * Do nothing. This is normal. We don't want to block forever since the receive thread is the same thread
+ * that does membership expiration.
+ */
}
checkExpired();
}
@@ -472,8 +484,8 @@
}
};
executor.execute(t);
- } catch (Exception x) {
- log.error(sm.getString("mcastServiceImpl.memberDisappeared.failed"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("mcastServiceImpl.memberDisappeared.failed"), e);
}
}
}
@@ -565,14 +577,14 @@
if (log.isDebugEnabled()) {
log.debug(sm.getString("mcastServiceImpl.invalidMemberPackage"), ax);
}
- } catch (Exception x) {
+ } catch (Exception e) {
if (errorCounter == 0 && doRunReceiver) {
- log.warn(sm.getString("mcastServiceImpl.error.receiving"), x);
+ log.warn(sm.getString("mcastServiceImpl.error.receiving"), e);
} else if (log.isDebugEnabled()) {
if (doRunReceiver) {
- log.debug(sm.getString("mcastServiceImpl.error.receiving"), x);
+ log.debug(sm.getString("mcastServiceImpl.error.receiving"), e);
} else {
- log.warn(sm.getString("mcastServiceImpl.error.receivingNoSleep"), x);
+ log.debug(sm.getString("mcastServiceImpl.error.receivingNoSleep"), e);
}
}
if (doRunReceiver) {
@@ -611,11 +623,11 @@
try {
send(true);
errorCounter = 0;
- } catch (Exception x) {
+ } catch (Exception e) {
if (errorCounter == 0) {
- log.warn(sm.getString("mcastServiceImpl.send.failed"), x);
+ log.warn(sm.getString("mcastServiceImpl.send.failed"), e);
} else {
- log.debug(sm.getString("mcastServiceImpl.send.failed"), x);
+ log.debug(sm.getString("mcastServiceImpl.send.failed"), e);
}
if ((++errorCounter) >= recoveryCounter) {
errorCounter = 0;
@@ -666,8 +678,8 @@
try {
parent.stop(Channel.MBR_RX_SEQ | Channel.MBR_TX_SEQ);
return true;
- } catch (Exception x) {
- log.warn(sm.getString("mcastServiceImpl.recovery.stopFailed"), x);
+ } catch (Exception e) {
+ log.warn(sm.getString("mcastServiceImpl.recovery.stopFailed"), e);
return false;
}
}
@@ -677,8 +689,8 @@
parent.init();
parent.start(Channel.MBR_RX_SEQ | Channel.MBR_TX_SEQ);
return true;
- } catch (Exception x) {
- log.warn(sm.getString("mcastServiceImpl.recovery.startFailed"), x);
+ } catch (Exception e) {
+ log.warn(sm.getString("mcastServiceImpl.recovery.startFailed"), e);
return false;
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/Membership.java tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/Membership.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/Membership.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/Membership.java 2026-01-23 19:33:36.000000000 +0000
@@ -27,8 +27,6 @@
* A membership implementation using simple multicast. This is the representation of a multicast membership. This
* class is responsible for maintaining a list of active cluster nodes in the cluster. If a node fails to send out a
* heartbeat, the node will be dismissed.
- *
- * @author Peter Rossbach
*/
public class Membership implements Cloneable {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/StaticMember.java tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/StaticMember.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/StaticMember.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/StaticMember.java 2026-01-23 19:33:36.000000000 +0000
@@ -46,8 +46,8 @@
} else {
try {
setHostname(host);
- } catch (IOException x) {
- throw new RuntimeException(x);
+ } catch (IOException ioe) {
+ throw new RuntimeException(ioe);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/StaticMembershipProvider.java tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/StaticMembershipProvider.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/StaticMembershipProvider.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/StaticMembershipProvider.java 2026-01-23 19:33:36.000000000 +0000
@@ -374,8 +374,8 @@
@Override
public String toString() {
- return "MemberMessage[" + "name=" + new String(membershipId) + "; type=" +
- getTypeDesc() + "; member=" + member + ']';
+ return "MemberMessage[" + "name=" + new String(membershipId) + "; type=" + getTypeDesc() + "; member=" +
+ member + ']';
}
protected String getTypeDesc() {
@@ -401,8 +401,8 @@
ping();
} catch (InterruptedException ix) {
// Ignore
- } catch (Exception x) {
- log.warn(sm.getString("staticMembershipProvider.pingThread.failed"), x);
+ } catch (Exception e) {
+ log.warn(sm.getString("staticMembershipProvider.pingThread.failed"), e);
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/StaticMembershipService.java tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/StaticMembershipService.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/StaticMembershipService.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/StaticMembershipService.java 2026-01-23 19:33:36.000000000 +0000
@@ -115,8 +115,8 @@
localMember.setSecurePort(securePort);
localMember.setUdpPort(udpPort);
localMember.getData(true, true);
- } catch (IOException x) {
- throw new IllegalArgumentException(x);
+ } catch (IOException ioe) {
+ throw new IllegalArgumentException(ioe);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java 2026-01-23 19:33:36.000000000 +0000
@@ -76,9 +76,9 @@
keyManagerFactory.init(keyStore, clientKeyPassword);
return keyManagerFactory.getKeyManagers();
- } catch (IOException e) {
+ } catch (IOException ioe) {
log.error(sm.getString("certificateStream.clientCertError", clientCertFile, clientKeyFile));
- throw e;
+ throw ioe;
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/cloud/CloudMembershipService.java 2026-01-23 19:33:36.000000000 +0000
@@ -200,8 +200,8 @@
localMember.setPayload(payload);
localMember.setDomain(domain);
localMember.getData(true, true);
- } catch (IOException e) {
- throw new IllegalArgumentException(e);
+ } catch (IOException ioe) {
+ throw new IllegalArgumentException(ioe);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/cloud/DNSMembershipProvider.java tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/cloud/DNSMembershipProvider.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/cloud/DNSMembershipProvider.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/cloud/DNSMembershipProvider.java 2026-01-23 19:33:36.000000000 +0000
@@ -165,8 +165,8 @@
MemberImpl member;
try {
member = new MemberImpl(ip, port, aliveTime);
- } catch (IOException e) {
- log.error(sm.getString("kubernetesMembershipProvider.memberError"), e);
+ } catch (IOException ioe) {
+ log.error(sm.getString("kubernetesMembershipProvider.memberError"), ioe);
continue;
}
member.setUniqueId(id);
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java 2026-01-23 19:33:36.000000000 +0000
@@ -91,8 +91,8 @@
byte[] bytes = Files.readAllBytes(saTokenPath);
streamProvider = new TokenStreamProvider(new String(bytes, StandardCharsets.US_ASCII), caCertFile);
saTokenLastModifiedTime = Files.getLastModifiedTime(saTokenPath);
- } catch (IOException e) {
- log.error(sm.getString("kubernetesMembershipProvider.streamError"), e);
+ } catch (IOException ioe) {
+ log.error(sm.getString("kubernetesMembershipProvider.streamError"), ioe);
}
} else {
if (protocol == null) {
@@ -155,8 +155,8 @@
try (InputStream stream = streamProvider.openStream(url, headers, connectionTimeout, readTimeout);
InputStreamReader reader = new InputStreamReader(stream, StandardCharsets.UTF_8)) {
parsePods(reader, members);
- } catch (IOException e) {
- log.error(sm.getString("kubernetesMembershipProvider.streamError"), e);
+ } catch (IOException ioe) {
+ log.error(sm.getString("kubernetesMembershipProvider.streamError"), ioe);
}
return members.toArray(new Member[0]);
@@ -179,10 +179,10 @@
// Use != to protect against clock issues
if (!saTokenLastModifiedTime.equals(oldSaTokenLastModifiedTime)) {
byte[] bytes = Files.readAllBytes(saTokenPath);
- ((TokenStreamProvider)streamProvider).setToken(new String(bytes, StandardCharsets.US_ASCII));
+ ((TokenStreamProvider) streamProvider).setToken(new String(bytes, StandardCharsets.US_ASCII));
}
- } catch (IOException e) {
- log.error(sm.getString("kubernetesMembershipProvider.streamError"), e);
+ } catch (IOException ioe) {
+ log.error(sm.getString("kubernetesMembershipProvider.streamError"), ioe);
}
}
@@ -263,10 +263,10 @@
MemberImpl member;
try {
member = new MemberImpl(podIP, port, aliveTime);
- } catch (IOException e) {
+ } catch (IOException ioe) {
// Shouldn't happen:
// an exception is thrown if hostname can't be resolved to IP, but we already provide an IP
- log.error(sm.getString("kubernetesMembershipProvider.memberError"), e);
+ log.error(sm.getString("kubernetesMembershipProvider.memberError"), ioe);
continue;
}
byte[] id = md5.digest(uid.getBytes(StandardCharsets.US_ASCII));
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/cloud/TokenStreamProvider.java tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/cloud/TokenStreamProvider.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/membership/cloud/TokenStreamProvider.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/membership/cloud/TokenStreamProvider.java 2026-01-23 19:33:36.000000000 +0000
@@ -59,9 +59,9 @@
}
try {
return super.openStream(url, headers, connectTimeout, readTimeout);
- } catch (IOException e) {
+ } catch (IOException ioe) {
// Add debug information
- throw new IOException(sm.getString("tokenStream.failedConnection", url, token), e);
+ throw new IOException(sm.getString("tokenStream.failedConnection", url, token), ioe);
}
}
}
\ No newline at end of file
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java tomcat10-10.1.52/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java 2026-01-23 19:33:36.000000000 +0000
@@ -170,7 +170,7 @@
* @param terminate - Flag for whether to terminate this map that failed to start.
*/
public AbstractReplicatedMap(MapOwner owner, Channel channel, long timeout, String mapContextName,
- int initialCapacity, float loadFactor, int channelSendOptions, ClassLoader[] cls, boolean terminate) {
+ int initialCapacity, float loadFactor, int channelSendOptions, ClassLoader[] cls, boolean terminate) {
innerMap = new ConcurrentHashMap<>(initialCapacity, loadFactor, 15);
init(owner, channel, mapContextName, timeout, channelSendOptions, cls, terminate);
@@ -204,7 +204,7 @@
* @param terminate - Flag for whether to terminate this map that failed to start.
*/
protected void init(MapOwner owner, Channel channel, String mapContextName, long timeout, int channelSendOptions,
- ClassLoader[] cls, boolean terminate) {
+ ClassLoader[] cls, boolean terminate) {
long start = System.currentTimeMillis();
if (log.isInfoEnabled()) {
log.info(sm.getString("abstractReplicatedMap.init.start", mapContextName));
@@ -238,10 +238,13 @@
// state is transferred, we are ready for messaging
broadcast(MapMessage.MSG_START, true);
} catch (ChannelException x) {
- log.warn(sm.getString("abstractReplicatedMap.unableSend.startMessage"));
if (terminate) {
+ // Exception is logged further up stack
+ log.warn(sm.getString("abstractReplicatedMap.unableSend.startMessage"));
breakdown();
throw new RuntimeException(sm.getString("abstractReplicatedMap.unableStart"), x);
+ } else {
+ log.warn(sm.getString("abstractReplicatedMap.unableSend.startMessage"), x);
}
}
this.state = State.INITIALIZED;
@@ -369,6 +372,7 @@
try {
broadcast(MapMessage.MSG_STOP, false);
} catch (Exception ignore) {
+ // Ignore
}
// cleanup
this.channel.removeChannelListener(this);
@@ -475,8 +479,8 @@
msg = new MapMessage(mapContextName, getReplicateMessageType(), true, (Serializable) entry.getKey(),
null, rentry.getDiff(), entry.getPrimary(), entry.getBackupNodes());
rentry.resetDiff();
- } catch (IOException x) {
- log.error(sm.getString("abstractReplicatedMap.unable.diffObject"), x);
+ } catch (IOException ioe) {
+ log.error(sm.getString("abstractReplicatedMap.unable.diffObject"), ioe);
} finally {
rentry.unlock();
}
@@ -715,8 +719,8 @@
diff.lock();
try {
diff.applyDiff(mapmsg.getDiffValue(), 0, mapmsg.getDiffValue().length);
- } catch (Exception x) {
- log.error(sm.getString("abstractReplicatedMap.unableApply.diff", entry.getKey()), x);
+ } catch (Exception e) {
+ log.error(sm.getString("abstractReplicatedMap.unableApply.diff", entry.getKey()), e);
} finally {
diff.unlock();
}
@@ -982,8 +986,8 @@
if (this.state.isAvailable()) {
ping(accessTimeout);
}
- } catch (Exception x) {
- log.error(sm.getString("abstractReplicatedMap.heartbeat.failed"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("abstractReplicatedMap.heartbeat.failed"), e);
}
}
@@ -1257,7 +1261,7 @@
int counter = 0;
for (Entry e : innerMap.entrySet()) {
if (e != null) {
- MapEntry entry = innerMap.get(e.getKey());
+ MapEntry entry = innerMap.get(e.getKey());
if (entry != null && entry.isActive() && entry.getValue() != null) {
counter++;
}
@@ -1431,11 +1435,8 @@
@Override
public String toString() {
- return "MapEntry[key:" + getKey() + "; " +
- "value:" + getValue() + "; " +
- "primary:" + isPrimary() + "; " +
- "backup:" + isBackup() + "; " +
- "proxy:" + isProxy() + ";]";
+ return "MapEntry[key:" + getKey() + "; " + "value:" + getValue() + "; " + "primary:" + isPrimary() + "; " +
+ "backup:" + isBackup() + "; " + "proxy:" + isProxy() + ";]";
}
}
@@ -1473,8 +1474,8 @@
@Override
public String toString() {
- return "MapMessage[context=" + new String(mapId) + "; type=" + getTypeDesc() +
- "; key=" + key + "; value=" + value + ']';
+ return "MapMessage[context=" + new String(mapId) + "; type=" + getTypeDesc() + "; key=" + key + "; value=" +
+ value + ']';
}
public String getTypeDesc() {
@@ -1511,7 +1512,7 @@
}
public MapMessage(byte[] mapId, int msgtype, boolean diff, Serializable key, Serializable value,
- byte[] diffvalue, Member primary, Member[] nodes) {
+ byte[] diffvalue, Member primary, Member[] nodes) {
this.mapId = mapId;
this.msgtype = msgtype;
this.diff = diff;
@@ -1540,8 +1541,8 @@
public Serializable getKey() {
try {
return key(null);
- } catch (Exception x) {
- throw new RuntimeException(sm.getString("mapMessage.deserialize.error.key"), x);
+ } catch (Exception e) {
+ throw new RuntimeException(sm.getString("mapMessage.deserialize.error.key"), e);
}
}
@@ -1564,8 +1565,8 @@
public Serializable getValue() {
try {
return value(null);
- } catch (Exception x) {
- throw new RuntimeException(sm.getString("mapMessage.deserialize.error.value"), x);
+ } catch (Exception e) {
+ throw new RuntimeException(sm.getString("mapMessage.deserialize.error.value"), e);
}
}
@@ -1611,8 +1612,8 @@
valuedata = XByteBuffer.serialize(value);
}
this.value = value;
- } catch (IOException x) {
- throw new RuntimeException(x);
+ } catch (IOException ioe) {
+ throw new RuntimeException(ioe);
}
}
@@ -1622,8 +1623,8 @@
keydata = XByteBuffer.serialize(key);
}
this.key = key;
- } catch (IOException x) {
- throw new RuntimeException(x);
+ } catch (IOException ioe) {
+ throw new RuntimeException(ioe);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/transport/Constants.java tomcat10-10.1.52/java/org/apache/catalina/tribes/transport/Constants.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/transport/Constants.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/transport/Constants.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
/**
* Manifest constants for the org.apache.catalina.tribes.transport package.
- *
- * @author Peter Rossbach
*/
public class Constants {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/transport/ReceiverBase.java tomcat10-10.1.52/java/org/apache/catalina/tribes/transport/ReceiverBase.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/transport/ReceiverBase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/transport/ReceiverBase.java 2026-01-23 19:33:36.000000000 +0000
@@ -200,11 +200,11 @@
setPort(port);
log.info(sm.getString("receiverBase.socket.bind", addr));
retries = 0;
- } catch (IOException x) {
+ } catch (IOException ioe) {
retries--;
if (retries <= 0) {
log.info(sm.getString("receiverBase.unable.bind", addr));
- throw x;
+ throw ioe;
}
port++;
}
@@ -232,11 +232,11 @@
setUdpPort(portstart);
log.info(sm.getString("receiverBase.udp.bind", addr));
return 0;
- } catch (IOException x) {
+ } catch (IOException ioe) {
retries--;
if (retries <= 0) {
log.info(sm.getString("receiverBase.unable.bind.udp", addr));
- throw x;
+ throw ioe;
}
portstart++;
try {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/transport/RxTaskPool.java tomcat10-10.1.52/java/org/apache/catalina/tribes/transport/RxTaskPool.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/transport/RxTaskPool.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/transport/RxTaskPool.java 2026-01-23 19:33:36.000000000 +0000
@@ -63,8 +63,8 @@
if (!idle.isEmpty()) {
try {
worker = idle.remove(0);
- } catch (java.util.NoSuchElementException x) {
- // this means that there are no available workers
+ } catch (java.util.NoSuchElementException ignore) {
+ // Should never happen as access to idle is always synchronized on mutex
}
} else if (used.size() < this.maxTasks && creator != null) {
worker = creator.createRxTask();
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/transport/nio/NioReceiver.java tomcat10-10.1.52/java/org/apache/catalina/tribes/transport/nio/NioReceiver.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/transport/nio/NioReceiver.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/transport/nio/NioReceiver.java 2026-01-23 19:33:36.000000000 +0000
@@ -72,12 +72,12 @@
super.start();
try {
setPool(new RxTaskPool(getMaxThreads(), getMinThreads(), this));
- } catch (Exception x) {
- log.fatal(sm.getString("nioReceiver.threadpool.fail"), x);
- if (x instanceof IOException) {
- throw (IOException) x;
+ } catch (Exception e) {
+ log.fatal(sm.getString("nioReceiver.threadpool.fail"), e);
+ if (e instanceof IOException) {
+ throw (IOException) e;
} else {
- throw new IOException(x.getMessage());
+ throw new IOException(e.getMessage());
}
}
try {
@@ -90,12 +90,12 @@
Thread t = new Thread(this, "NioReceiver" + channelName);
t.setDaemon(true);
t.start();
- } catch (Exception x) {
- log.fatal(sm.getString("nioReceiver.start.fail"), x);
- if (x instanceof IOException) {
- throw (IOException) x;
+ } catch (Exception e) {
+ log.fatal(sm.getString("nioReceiver.start.fail"), e);
+ if (e instanceof IOException) {
+ throw (IOException) e;
} else {
- throw new IOException(x.getMessage());
+ throw new IOException(e.getMessage());
}
}
}
@@ -128,13 +128,13 @@
// set up the datagram channel
if (this.getUdpPort() > 0) {
datagramChannel = DatagramChannel.open();
- configureDatagraChannel();
+ configureDatagramChannel();
// bind to the address to avoid security checks
bindUdp(datagramChannel.socket(), getUdpPort(), getAutoBind());
}
}
- private void configureDatagraChannel() throws IOException {
+ private void configureDatagramChannel() throws IOException {
datagramChannel.configureBlocking(false);
datagramChannel.socket().setSendBufferSize(getUdpTxBufSize());
datagramChannel.socket().setReceiveBufferSize(getUdpRxBufSize());
@@ -167,8 +167,8 @@
log.trace("Processing event in selector:" + r);
}
r.run();
- } catch (Exception x) {
- log.error(sm.getString("nioReceiver.eventsError"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("nioReceiver.eventsError"), e);
}
}
}
@@ -184,9 +184,9 @@
if (key.channel() instanceof SocketChannel) {
try {
((SocketChannel) key.channel()).socket().close();
- } catch (IOException e) {
+ } catch (IOException ioe) {
if (log.isDebugEnabled()) {
- log.debug(sm.getString("nioReceiver.closeError"), e);
+ log.debug(sm.getString("nioReceiver.closeError"), ioe);
}
}
}
@@ -201,9 +201,9 @@
}
try {
key.channel().close();
- } catch (IOException e) {
+ } catch (IOException ioe) {
if (log.isDebugEnabled()) {
- log.debug(sm.getString("nioReceiver.closeError"), e);
+ log.debug(sm.getString("nioReceiver.closeError"), ioe);
}
}
@@ -344,9 +344,9 @@
if (datagramChannel != null) {
try {
datagramChannel.close();
- } catch (Exception iox) {
+ } catch (Exception e) {
if (log.isDebugEnabled()) {
- log.debug(sm.getString("nioReceiver.closeError"), iox);
+ log.debug(sm.getString("nioReceiver.closeError"), e);
}
}
datagramChannel = null;
@@ -377,8 +377,8 @@
log.warn(sm.getString("nioReceiver.stop.threadRunning"));
}
closeSelector();
- } catch (Exception x) {
- log.error(sm.getString("nioReceiver.stop.fail"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("nioReceiver.stop.fail"), e);
} finally {
this.selector.set(null);
}
@@ -397,9 +397,9 @@
key.attach(null);
key.cancel();
}
- } catch (IOException e) {
+ } catch (IOException ioe) {
if (log.isWarnEnabled()) {
- log.warn(sm.getString("nioReceiver.cleanup.fail"), e);
+ log.warn(sm.getString("nioReceiver.cleanup.fail"), ioe);
}
} catch (ClosedSelectorException ignore) {
// Ignore
@@ -444,8 +444,8 @@
running = true;
try {
listen();
- } catch (Exception x) {
- log.error(sm.getString("nioReceiver.run.fail"), x);
+ } catch (Exception e) {
+ log.error(sm.getString("nioReceiver.run.fail"), e);
} finally {
running = false;
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/transport/nio/NioReplicationTask.java tomcat10-10.1.52/java/org/apache/catalina/tribes/transport/nio/NioReplicationTask.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/transport/nio/NioReplicationTask.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/transport/nio/NioReplicationTask.java 2026-01-23 19:33:36.000000000 +0000
@@ -214,7 +214,8 @@
try {
Logs.MESSAGES.trace("NioReplicationThread - Received msg:" + new UniqueId(msg.getUniqueId()) +
" at " + new java.sql.Timestamp(System.currentTimeMillis()));
- } catch (Throwable t) {
+ } catch (Throwable ignore) {
+ // Ignore
}
}
// process the message
@@ -228,7 +229,7 @@
}
} catch (RemoteProcessException e) {
if (log.isDebugEnabled()) {
- log.error(sm.getString("nioReplicationTask.process.clusterMsg.failed"), e);
+ log.debug(sm.getString("nioReplicationTask.process.clusterMsg.failed"), e);
}
if (ChannelData.sendAckSync(msg.getOptions())) {
sendAck(key, (WritableByteChannel) channel, Constants.FAIL_ACK_COMMAND, saddr);
@@ -280,8 +281,8 @@
log.trace("CKX Cancelling key:" + key);
}
- } catch (Exception x) {
- log.error(sm.getString("nioReplicationTask.error.register.key", key), x);
+ } catch (Exception e) {
+ log.error(sm.getString("nioReplicationTask.error.register.key", key), e);
}
};
receiver.addEvent(r);
@@ -339,8 +340,12 @@
((channel instanceof SocketChannel) ? ((SocketChannel) channel).socket().getInetAddress() :
((DatagramChannel) channel).socket().getInetAddress()));
}
- } catch (IOException x) {
- log.warn(sm.getString("nioReplicationTask.unable.ack", x.getMessage()));
+ } catch (IOException ioe) {
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("nioReplicationTask.unable.ack", ioe.getMessage()), ioe);
+ } else {
+ log.warn(sm.getString("nioReplicationTask.unable.ack", ioe.getMessage()));
+ }
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/transport/nio/NioSender.java tomcat10-10.1.52/java/org/apache/catalina/tribes/transport/nio/NioSender.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/transport/nio/NioSender.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/transport/nio/NioSender.java 2026-01-23 19:33:36.000000000 +0000
@@ -33,8 +33,8 @@
import org.apache.juli.logging.LogFactory;
/**
- * This class is NOT thread safe and should never be used with more than one thread at a time This is a state machine,
- * handled by the process method States are:
+ * This class is NOT thread safe and should never be used with more than one thread at a time. This is a state machine,
+ * handled by the process method. States are:
*
+ * Thread-safety / synchronisation is managed by ParallelNioSender
*/
public class NioSender extends AbstractSender {
@@ -220,7 +221,7 @@
}
@Override
- public synchronized void connect() throws IOException {
+ public void connect() throws IOException {
if (connecting || isConnected()) {
return;
}
@@ -276,13 +277,13 @@
try {
try {
socketChannel.socket().close();
- } catch (Exception x) {
+ } catch (Exception e) {
// Ignore
}
// error free close, all the way
try {
socketChannel.close();
- } catch (Exception x) {
+ } catch (Exception e) {
// Ignore
}
} finally {
@@ -293,23 +294,23 @@
try {
try {
dataChannel.socket().close();
- } catch (Exception x) {
+ } catch (Exception e) {
// Ignore
}
// error free close, all the way
try {
dataChannel.close();
- } catch (Exception x) {
+ } catch (Exception e) {
// Ignore
}
} finally {
dataChannel = null;
}
}
- } catch (Exception x) {
- log.error(sm.getString("nioSender.unable.disconnect", x.getMessage()));
+ } catch (Exception e) {
+ log.error(sm.getString("nioSender.unable.disconnect", e.getMessage()));
if (log.isDebugEnabled()) {
- log.debug(sm.getString("nioSender.unable.disconnect", x.getMessage()), x);
+ log.debug(sm.getString("nioSender.unable.disconnect", e.getMessage()), e);
}
}
}
@@ -357,28 +358,26 @@
public void setMessage(byte[] data, int offset, int length) throws IOException {
if (data != null) {
- synchronized (this) {
- current = data;
- remaining = length;
- ackbuf.clear();
- if (writebuf != null) {
- writebuf.clear();
- } else {
- writebuf = getBuffer(length);
- }
- if (writebuf.capacity() < length) {
- writebuf = getBuffer(length);
- }
+ current = data;
+ remaining = length;
+ ackbuf.clear();
+ if (writebuf != null) {
+ writebuf.clear();
+ } else {
+ writebuf = getBuffer(length);
+ }
+ if (writebuf.capacity() < length) {
+ writebuf = getBuffer(length);
+ }
- // TODO use ByteBuffer.wrap to avoid copying the data.
- writebuf.put(data, offset, length);
- writebuf.flip();
- if (isConnected()) {
- if (isUdpBased()) {
- dataChannel.register(getSelector(), SelectionKey.OP_WRITE, this);
- } else {
- socketChannel.register(getSelector(), SelectionKey.OP_WRITE, this);
- }
+ // TODO use ByteBuffer.wrap to avoid copying the data.
+ writebuf.put(data, offset, length);
+ writebuf.flip();
+ if (isConnected()) {
+ if (isUdpBased()) {
+ dataChannel.register(getSelector(), SelectionKey.OP_WRITE, this);
+ } else {
+ socketChannel.register(getSelector(), SelectionKey.OP_WRITE, this);
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/transport/nio/ParallelNioSender.java tomcat10-10.1.52/java/org/apache/catalina/tribes/transport/nio/ParallelNioSender.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/transport/nio/ParallelNioSender.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/transport/nio/ParallelNioSender.java 2026-01-23 19:33:36.000000000 +0000
@@ -88,20 +88,20 @@
cx.addFaultyMember(result.getFailed().getFaultyMembers());
}
}
- } catch (Exception x) {
+ } catch (Exception e) {
if (log.isTraceEnabled()) {
- log.trace("Error sending message", x);
+ log.trace("Error sending message", e);
}
if (cx == null) {
- if (x instanceof ChannelException) {
- cx = (ChannelException) x;
+ if (e instanceof ChannelException) {
+ cx = (ChannelException) e;
} else {
- cx = new ChannelException(sm.getString("parallelNioSender.send.failed"), x);
+ cx = new ChannelException(sm.getString("parallelNioSender.send.failed"), e);
}
}
for (NioSender sender : senders) {
if (!sender.isComplete()) {
- cx.addFaultyMember(sender.getDestination(), x);
+ cx.addFaultyMember(sender.getDestination(), e);
}
}
throw cx;
@@ -126,16 +126,16 @@
// there was an error
throw cx;
}
- } catch (Exception x) {
+ } catch (Exception e) {
try {
this.disconnect();
- } catch (Exception e) {
+ } catch (Exception ignore) {
// Ignore
}
- if (x instanceof ChannelException) {
- throw (ChannelException) x;
+ if (e instanceof ChannelException) {
+ throw (ChannelException) e;
} else {
- throw new ChannelException(x);
+ throw new ChannelException(e);
}
}
@@ -173,9 +173,9 @@
}
SenderState.getSenderState(sender.getDestination()).setReady();
} // end if
- } catch (Exception x) {
+ } catch (Exception e) {
if (log.isTraceEnabled()) {
- log.trace("Error while processing send to " + sender.getDestination().getName(), x);
+ log.trace("Error while processing send to " + sender.getDestination().getName(), e);
}
SenderState state = SenderState.getSenderState(sender.getDestination());
int attempt = sender.getAttempt() + 1;
@@ -192,7 +192,7 @@
log.warn(sm.getString("parallelNioSender.send.fail.retrying",
sender.getDestination().getName()));
} else {
- log.warn(sm.getString("parallelNioSender.send.fail", sender.getDestination().getName()), x);
+ log.warn(sm.getString("parallelNioSender.send.fail", sender.getDestination().getName()), e);
}
}
}
@@ -200,8 +200,8 @@
log.warn(sm.getString("parallelNioSender.sender.disconnected.notRetry",
sender.getDestination().getName()));
ChannelException cx =
- new ChannelException(sm.getString("parallelNioSender.sender.disconnected.sendFailed"), x);
- cx.addFaultyMember(sender.getDestination(), x);
+ new ChannelException(sm.getString("parallelNioSender.sender.disconnected.sendFailed"), e);
+ cx.addFaultyMember(sender.getDestination(), e);
result.failed(cx);
break;
}
@@ -218,8 +218,8 @@
}
} else {
ChannelException cx = new ChannelException(sm.getString("parallelNioSender.sendFailed.attempt",
- Integer.toString(sender.getAttempt()), Integer.toString(maxAttempts)), x);
- cx.addFaultyMember(sender.getDestination(), x);
+ Integer.toString(sender.getAttempt()), Integer.toString(maxAttempts)), e);
+ cx.addFaultyMember(sender.getDestination(), e);
result.failed(cx);
} // end if
}
@@ -366,7 +366,7 @@
setConnected(false);
try {
close();
- } catch (Exception x) {
+ } catch (Exception ignore) {
// Ignore
}
}
@@ -384,14 +384,14 @@
} else {
try {
sender.read();
- } catch (IOException x) {
+ } catch (IOException ioe) {
sender.disconnect();
sender.reset();
// nioSenders.remove(entry.getKey());
i.remove();
result = true;
- } catch (Exception x) {
- log.warn(sm.getString("parallelNioSender.error.keepalive", sender), x);
+ } catch (Exception e) {
+ log.warn(sm.getString("parallelNioSender.error.keepalive", sender), e);
}
}
}
@@ -399,8 +399,9 @@
if (result) {
try {
state.selector.selectNow();
- } catch (Exception e) {
- /* Ignore */}
+ } catch (Exception ignore) {
+ // Ignore
+ }
}
return result;
}
@@ -422,7 +423,7 @@
NioSender nioSender = iter.next();
try {
nioSender.disconnect();
- } catch (Exception e) {
+ } catch (Exception ignore) {
// Ignore
}
iter.remove();
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/transport/nio/PooledParallelSender.java tomcat10-10.1.52/java/org/apache/catalina/tribes/transport/nio/PooledParallelSender.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/transport/nio/PooledParallelSender.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/transport/nio/PooledParallelSender.java 2026-01-23 19:33:36.000000000 +0000
@@ -64,8 +64,8 @@
ParallelNioSender sender = new ParallelNioSender();
transferProperties(this, sender);
return sender;
- } catch (IOException x) {
- throw new RuntimeException(sm.getString("pooledParallelSender.unable.open"), x);
+ } catch (IOException ioe) {
+ throw new RuntimeException(sm.getString("pooledParallelSender.unable.open"), ioe);
}
}
}
\ No newline at end of file
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/util/LocalStrings_ru.properties tomcat10-10.1.52/java/org/apache/catalina/tribes/util/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/util/LocalStrings_ru.properties 1970-01-01 00:00:00.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/util/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Do not edit this file directly.
+# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
+
+arrays.length.outOfBounds=Недостаточно элементов данных в ключе, длина вне границ.
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/tribes/util/StringManager.java tomcat10-10.1.52/java/org/apache/catalina/tribes/util/StringManager.java
--- tomcat10-10.1.40/java/org/apache/catalina/tribes/util/StringManager.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/tribes/util/StringManager.java 2026-01-23 19:33:36.000000000 +0000
@@ -39,10 +39,6 @@
*
* Please see the documentation for java.util.ResourceBundle for more information.
*
- * @author James Duncan Davidson [duncan@eng.sun.com]
- * @author James Todd [gonzo@eng.sun.com]
- * @author Mel Martinez [mmartinez@g1440.com]
- *
* @see java.util.ResourceBundle
*/
public class StringManager {
@@ -68,14 +64,15 @@
try {
bnd = ResourceBundle.getBundle(bundleName, locale);
} catch (MissingResourceException ex) {
- // Try from the current loader (that's the case for trusted apps)
- // Should only be required if using a TC5 style classloader structure
- // where common != shared != server
+ /*
+ * Try from the current loader (that's the case for trusted apps). Should only be required if using a class
+ * loader structure where common != shared != server
+ */
ClassLoader cl = Thread.currentThread().getContextClassLoader();
if (cl != null) {
try {
bnd = ResourceBundle.getBundle(bundleName, locale, cl);
- } catch (MissingResourceException ex2) {
+ } catch (MissingResourceException ignore) {
// Ignore
}
}
@@ -106,8 +103,7 @@
*/
public String getString(String key) {
if (key == null) {
- String msg = "key may not have a null value";
- throw new IllegalArgumentException(msg);
+ throw new IllegalArgumentException("key may not have a null value");
}
String str = null;
@@ -117,7 +113,7 @@
if (bundle != null) {
str = bundle.getString(key);
}
- } catch (MissingResourceException mre) {
+ } catch (MissingResourceException ignore) {
// bad: shouldn't mask an exception the following way:
// str = "[cannot find message associated with key '" + key +
// "' due to " + mre + "]";
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/users/AbstractGroup.java tomcat10-10.1.52/java/org/apache/catalina/users/AbstractGroup.java
--- tomcat10-10.1.40/java/org/apache/catalina/users/AbstractGroup.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/users/AbstractGroup.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,8 +25,6 @@
* Convenience base class for {@link Group} implementations.
*
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public abstract class AbstractGroup implements Group {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/users/AbstractRole.java tomcat10-10.1.52/java/org/apache/catalina/users/AbstractRole.java
--- tomcat10-10.1.40/java/org/apache/catalina/users/AbstractRole.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/users/AbstractRole.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,8 +25,6 @@
* Convenience base class for {@link Role} implementations.
*
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public abstract class AbstractRole implements Role {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/users/AbstractUser.java tomcat10-10.1.52/java/org/apache/catalina/users/AbstractUser.java
--- tomcat10-10.1.40/java/org/apache/catalina/users/AbstractUser.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/users/AbstractUser.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,8 +25,6 @@
* Convenience base class for {@link User} implementations.
*
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public abstract class AbstractUser implements User {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/users/Constants.java tomcat10-10.1.52/java/org/apache/catalina/users/Constants.java
--- tomcat10-10.1.40/java/org/apache/catalina/users/Constants.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/users/Constants.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
/**
* Manifest constants for this Java package.
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public final class Constants {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java tomcat10-10.1.52/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java
--- tomcat10-10.1.40/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -40,8 +40,6 @@
*
dataSourceName - JNDI name of the DataSource, which must be located in the same Context
* environment as the UserDatabase
*
- *
- * @author Craig R. McClanahan
*/
public class DataSourceUserDatabaseFactory implements ObjectFactory {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/users/GenericGroup.java tomcat10-10.1.52/java/org/apache/catalina/users/GenericGroup.java
--- tomcat10-10.1.40/java/org/apache/catalina/users/GenericGroup.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/users/GenericGroup.java 2026-01-23 19:33:36.000000000 +0000
@@ -33,8 +33,6 @@
*
*
* @param The specific type of UserDase with which this group is associated
- *
- * @author Craig R. McClanahan
*/
public class GenericGroup extends AbstractGroup {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/users/GenericRole.java tomcat10-10.1.52/java/org/apache/catalina/users/GenericRole.java
--- tomcat10-10.1.40/java/org/apache/catalina/users/GenericRole.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/users/GenericRole.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,8 +26,6 @@
*
*
* @param The specific type of UserDase with which this role is associated
- *
- * @author Craig R. McClanahan
*/
public class GenericRole extends AbstractRole {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/users/GenericUser.java tomcat10-10.1.52/java/org/apache/catalina/users/GenericUser.java
--- tomcat10-10.1.40/java/org/apache/catalina/users/GenericUser.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/users/GenericUser.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,8 +31,6 @@
*
*
* @param The specific type of UserDase with which this role is associated
- *
- * @author Craig R. McClanahan
*/
public class GenericUser extends AbstractUser {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/users/MemoryGroup.java tomcat10-10.1.52/java/org/apache/catalina/users/MemoryGroup.java
--- tomcat10-10.1.40/java/org/apache/catalina/users/MemoryGroup.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/users/MemoryGroup.java 2026-01-23 19:33:36.000000000 +0000
@@ -27,8 +27,6 @@
* {@link UserDatabase}.
*
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*
* @deprecated Use {@link GenericGroup} instead.
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/users/MemoryRole.java tomcat10-10.1.52/java/org/apache/catalina/users/MemoryRole.java
--- tomcat10-10.1.40/java/org/apache/catalina/users/MemoryRole.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/users/MemoryRole.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,8 +26,6 @@
* {@link UserDatabase}.
*
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*
* @deprecated Use {@link GenericRole} instead.
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/users/MemoryUser.java tomcat10-10.1.52/java/org/apache/catalina/users/MemoryUser.java
--- tomcat10-10.1.40/java/org/apache/catalina/users/MemoryUser.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/users/MemoryUser.java 2026-01-23 19:33:36.000000000 +0000
@@ -27,8 +27,6 @@
* {@link UserDatabase}.
*
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*
* @deprecated Use {@link GenericUser} instead.
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/users/MemoryUserDatabase.java tomcat10-10.1.52/java/org/apache/catalina/users/MemoryUserDatabase.java
--- tomcat10-10.1.40/java/org/apache/catalina/users/MemoryUserDatabase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/users/MemoryUserDatabase.java 2026-01-23 19:33:36.000000000 +0000
@@ -57,8 +57,6 @@
* This class does not enforce what, in an RDBMS, would be called referential integrity. Concurrent modifications may
* result in inconsistent data such as a User retaining a reference to a Role that has been removed from the database.
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
/*
@@ -481,10 +479,8 @@
// Print the file prolog
writer.println("");
writer.println("");
// Print entries for each defined role, group, and user
@@ -562,11 +558,11 @@
if (writer.checkError()) {
throw new IOException(sm.getString("memoryUserDatabase.writeException", fileNew.getAbsolutePath()));
}
- } catch (IOException e) {
+ } catch (IOException ioe) {
if (fileNew.exists() && !fileNew.delete()) {
log.warn(sm.getString("memoryUserDatabase.fileDelete", fileNew));
}
- throw e;
+ throw ioe;
}
this.lastModified = fileNew.lastModified();
} finally {
@@ -632,8 +628,8 @@
writeLock.unlock();
}
}
- } catch (Exception ioe) {
- log.error(sm.getString("memoryUserDatabase.reloadError", id, uri), ioe);
+ } catch (Exception e) {
+ log.error(sm.getString("memoryUserDatabase.reloadError", id, uri), e);
} finally {
if (uConn != null) {
try {
@@ -654,8 +650,8 @@
@Override
public String toString() {
- return "MemoryUserDatabase[id=" + this.id + ",pathname=" + pathname + ",groupCount=" +
- this.groups.size() + ",roleCount=" + this.roles.size() + ",userCount=" + this.users.size() + ']';
+ return "MemoryUserDatabase[id=" + this.id + ",pathname=" + pathname + ",groupCount=" + this.groups.size() +
+ ",roleCount=" + this.roles.size() + ",userCount=" + this.users.size() + ']';
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java tomcat10-10.1.52/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java
--- tomcat10-10.1.40/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -41,8 +41,6 @@
* to which it is stored. [conf/tomcat-users.xml]
*
*
- * @author Craig R. McClanahan
- *
* @since 4.1
*/
public class MemoryUserDatabaseFactory implements ObjectFactory {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/util/CharsetMapper.java tomcat10-10.1.52/java/org/apache/catalina/util/CharsetMapper.java
--- tomcat10-10.1.40/java/org/apache/catalina/util/CharsetMapper.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/util/CharsetMapper.java 2026-01-23 19:33:36.000000000 +0000
@@ -30,8 +30,6 @@
* text (or generating output text) when the Content-Type header does not include one. You can customize the behavior of
* this class by modifying the mapping data it loads, or by subclassing it (to change the algorithm) and then using your
* own version for a particular web application.
- *
- * @author Craig R. McClanahan
*/
public class CharsetMapper {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/util/CustomObjectInputStream.java tomcat10-10.1.52/java/org/apache/catalina/util/CustomObjectInputStream.java
--- tomcat10-10.1.40/java/org/apache/catalina/util/CustomObjectInputStream.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/util/CustomObjectInputStream.java 2026-01-23 19:33:36.000000000 +0000
@@ -33,9 +33,6 @@
/**
* Custom subclass of ObjectInputStream that loads from the class loader for this web application. This
* allows classes defined only with the web application to be found correctly.
- *
- * @author Craig R. McClanahan
- * @author Bip Thelin
*/
public final class CustomObjectInputStream extends ObjectInputStream {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/util/FilterUtil.java tomcat10-10.1.52/java/org/apache/catalina/util/FilterUtil.java
--- tomcat10-10.1.40/java/org/apache/catalina/util/FilterUtil.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/util/FilterUtil.java 2026-01-23 19:33:36.000000000 +0000
@@ -79,6 +79,11 @@
return false;
}
+ /*
+ * Note: Order does not matter here in terms of specification compliance because this is Filter mapping. If any
+ * rule matches then this method returns true. Order would matter if this was Servlet mapping.
+ */
+
// Case 1 - Exact Match
if (testPath.equals(requestPath)) {
return true;
@@ -109,7 +114,12 @@
}
}
- // Case 4 - "Default" Match
+ // Case 4 - Context Root
+ if (testPath.isEmpty() && requestPath.equals("/")) {
+ return true;
+ }
+
+ // Case 5 - "Default" Match
return false; // NOTE - Not relevant for selecting filters
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/util/IOTools.java tomcat10-10.1.52/java/org/apache/catalina/util/IOTools.java
--- tomcat10-10.1.40/java/org/apache/catalina/util/IOTools.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/util/IOTools.java 2026-01-23 19:33:36.000000000 +0000
@@ -24,9 +24,7 @@
/**
- * Contains commonly needed I/O-related methods
- *
- * @author Dan Sandberg
+ * Contains commonly needed I/O-related methods.
*/
public class IOTools {
protected static final int DEFAULT_BUFFER_SIZE = 4 * 1024; // 4k
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/util/Introspection.java tomcat10-10.1.52/java/org/apache/catalina/util/Introspection.java
--- tomcat10-10.1.40/java/org/apache/catalina/util/Introspection.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/util/Introspection.java 2026-01-23 19:33:36.000000000 +0000
@@ -60,7 +60,7 @@
*/
public static boolean isValidSetter(Method method) {
return method.getName().startsWith("set") && method.getName().length() > 3 &&
- method.getParameterTypes().length == 1 && method.getReturnType().getName().equals("void");
+ method.getParameterTypes().length == 1 && method.getReturnType().getName().equals("void");
}
/**
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/util/LifecycleBase.java tomcat10-10.1.52/java/org/apache/catalina/util/LifecycleBase.java
--- tomcat10-10.1.40/java/org/apache/catalina/util/LifecycleBase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/util/LifecycleBase.java 2026-01-23 19:33:36.000000000 +0000
@@ -184,8 +184,8 @@
/**
* Subclasses must ensure that the state is changed to {@link LifecycleState#STARTING} during the execution of this
* method. Changing state will trigger the {@link Lifecycle#START_EVENT} event. If a component fails to start it may
- * either throw a {@link LifecycleException} which will cause it's parent to fail to start, or it can place itself in
- * the error state in which case {@link #stop()} will be called on the failed component but the parent component
+ * either throw a {@link LifecycleException} which will cause it's parent to fail to start, or it can place itself
+ * in the error state in which case {@link #stop()} will be called on the failed component but the parent component
* will continue to start normally.
*
* @throws LifecycleException Start error occurred
@@ -392,22 +392,20 @@
private void invalidTransition(String type) throws LifecycleException {
- String msg = sm.getString("lifecycleBase.invalidTransition", type, toString(), state);
- throw new LifecycleException(msg);
+ throw new LifecycleException(sm.getString("lifecycleBase.invalidTransition", type, toString(), state));
}
private void handleSubClassException(Throwable t, String key, Object... args) throws LifecycleException {
setStateInternal(LifecycleState.FAILED, null, false);
ExceptionUtils.handleThrowable(t);
- String msg = sm.getString(key, args);
if (getThrowOnFailure()) {
if (!(t instanceof LifecycleException)) {
- t = new LifecycleException(msg, t);
+ t = new LifecycleException(sm.getString(key, args), t);
}
throw (LifecycleException) t;
} else {
- log.error(msg, t);
+ log.error(sm.getString(key, args), t);
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/util/ParameterMap.java tomcat10-10.1.52/java/org/apache/catalina/util/ParameterMap.java
--- tomcat10-10.1.40/java/org/apache/catalina/util/ParameterMap.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/util/ParameterMap.java 2026-01-23 19:33:36.000000000 +0000
@@ -32,8 +32,6 @@
*
* @param The type of Key
* @param The type of Value
- *
- * @author Craig R. McClanahan
*/
public final class ParameterMap implements Map, Serializable {
@@ -82,7 +80,12 @@
* @param map Map whose contents are duplicated in the new map
*/
public ParameterMap(Map map) {
- delegatedMap = new LinkedHashMap<>(map);
+ // Unroll loop for performance - https://bz.apache.org/bugzilla/show_bug.cgi?id=69820
+ int mapSize = map.size();
+ delegatedMap = new LinkedHashMap<>((int) (mapSize * 1.5));
+ for (Map.Entry entry : map.entrySet()) {
+ delegatedMap.put(entry.getKey(), entry.getValue());
+ }
unmodifiableDelegatedMap = Collections.unmodifiableMap(delegatedMap);
}
@@ -95,7 +98,12 @@
* @param map Map whose contents are duplicated in the new map
*/
public ParameterMap(ParameterMap map) {
- delegatedMap = new LinkedHashMap<>(map.delegatedMap);
+ // Unroll loop for performance - https://bz.apache.org/bugzilla/show_bug.cgi?id=69820
+ int mapSize = map.size();
+ delegatedMap = new LinkedHashMap<>((int) (mapSize * 1.5));
+ for (Map.Entry entry : map.entrySet()) {
+ delegatedMap.put(entry.getKey(), entry.getValue());
+ }
unmodifiableDelegatedMap = Collections.unmodifiableMap(delegatedMap);
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/util/RateLimiterBase.java tomcat10-10.1.52/java/org/apache/catalina/util/RateLimiterBase.java
--- tomcat10-10.1.40/java/org/apache/catalina/util/RateLimiterBase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/util/RateLimiterBase.java 2026-01-23 19:33:36.000000000 +0000
@@ -48,8 +48,8 @@
private ScheduledThreadPoolExecutor internalExecutorService = null;
/**
- * If policy name has not been specified, the first call of {@link #getPolicyName()} returns an auto-generated policy
- * name using the default policy name as prefix and followed by auto-increase index.
+ * If policy name has not been specified, the first call of {@link #getPolicyName()} returns an auto-generated
+ * policy name using the default policy name as prefix and followed by auto-increase index.
*
* @return default policy name, as a prefix of auto-generated policy name.
*/
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/util/RequestUtil.java tomcat10-10.1.52/java/org/apache/catalina/util/RequestUtil.java
--- tomcat10-10.1.40/java/org/apache/catalina/util/RequestUtil.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/util/RequestUtil.java 2026-01-23 19:33:36.000000000 +0000
@@ -18,11 +18,10 @@
import jakarta.servlet.http.HttpServletRequest;
+import org.apache.catalina.connector.Request;
+
/**
* General purpose request parsing and encoding utility methods.
- *
- * @author Craig R. McClanahan
- * @author Tim Tye
*/
public final class RequestUtil {
@@ -54,4 +53,51 @@
return url;
}
+
+
+ /**
+ * Strip parameters for given path.
+ *
+ * @param input the input path
+ * @param request the request to add the parameters to
+ *
+ * @return the cleaned path
+ */
+ public static String stripPathParams(String input, Request request) {
+ // Shortcut
+ if (input.indexOf(';') < 0) {
+ return input;
+ }
+
+ StringBuilder sb = new StringBuilder(input.length());
+ int pos = 0;
+ int limit = input.length();
+ while (pos < limit) {
+ int nextSemiColon = input.indexOf(';', pos);
+ if (nextSemiColon < 0) {
+ nextSemiColon = limit;
+ }
+ sb.append(input, pos, nextSemiColon);
+ int followingSlash = input.indexOf('/', nextSemiColon);
+ if (followingSlash < 0) {
+ pos = limit;
+ } else {
+ pos = followingSlash;
+ }
+ if (request != null && nextSemiColon + 1 < pos) {
+ String pathVariablesString = input.substring(nextSemiColon + 1, pos);
+ String[] pathVariables = pathVariablesString.split(";");
+ for (String pathVariable : pathVariables) {
+ int equals = pathVariable.indexOf('=');
+ if (equals > -1 && equals + 1 < pathVariable.length()) {
+ String name = pathVariable.substring(0, equals);
+ String value = pathVariable.substring(equals + 1);
+ request.addPathParameter(name, value);
+ }
+ }
+ }
+ }
+
+ return sb.toString();
+ }
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/util/ResourceSet.java tomcat10-10.1.52/java/org/apache/catalina/util/ResourceSet.java
--- tomcat10-10.1.40/java/org/apache/catalina/util/ResourceSet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/util/ResourceSet.java 2026-01-23 19:33:36.000000000 +0000
@@ -29,8 +29,6 @@
* modifications. When first created, a ResourceMap is not locked.
*
* @param The type of elements in the Set
- *
- * @author Craig R. McClanahan
*/
public final class ResourceSet extends HashSet {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/util/ServerInfo.java tomcat10-10.1.52/java/org/apache/catalina/util/ServerInfo.java
--- tomcat10-10.1.40/java/org/apache/catalina/util/ServerInfo.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/util/ServerInfo.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,8 +25,6 @@
/**
* Simple utility module to make it easy to plug in the server identifier when integrating Tomcat.
- *
- * @author Craig R. McClanahan
*/
public class ServerInfo {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/util/Strftime.java tomcat10-10.1.52/java/org/apache/catalina/util/Strftime.java
--- tomcat10-10.1.40/java/org/apache/catalina/util/Strftime.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/util/Strftime.java 2026-01-23 19:33:36.000000000 +0000
@@ -34,9 +34,6 @@
*
The interface looks like a subset of DateFormat. Maybe someday someone will make this class extend
* DateFormat.
*
- *
- * @author Bip Thelin
- * @author Dan Sandberg
*/
public class Strftime {
protected static final Properties translate;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/util/TimeBucketCounterBase.java tomcat10-10.1.52/java/org/apache/catalina/util/TimeBucketCounterBase.java
--- tomcat10-10.1.40/java/org/apache/catalina/util/TimeBucketCounterBase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/util/TimeBucketCounterBase.java 2026-01-23 19:33:36.000000000 +0000
@@ -182,9 +182,9 @@
*/
public void periodicEvict() {
/*
- * The implementation of this method assumes that the time taken for eviction is less than 1 bucket duration.
- * It is possible that the eviction process starts in one bucket but finishes in another. Therefore, keys for
- * the current bucket and the next bucket when the eviction process starts are excluded from eviction.
+ * The implementation of this method assumes that the time taken for eviction is less than 1 bucket duration. It
+ * is possible that the eviction process starts in one bucket but finishes in another. Therefore, keys for the
+ * current bucket and the next bucket when the eviction process starts are excluded from eviction.
*/
long currentBucketIndex = getCurrentBucketPrefix();
String currentBucketPrefix = String.valueOf(currentBucketIndex);
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/util/URLEncoder.java tomcat10-10.1.52/java/org/apache/catalina/util/URLEncoder.java
--- tomcat10-10.1.40/java/org/apache/catalina/util/URLEncoder.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/util/URLEncoder.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,15 +20,13 @@
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.nio.charset.Charset;
+import java.nio.charset.CodingErrorAction;
import java.util.BitSet;
/**
* This class is very similar to the java.net.URLEncoder class. Unfortunately, with java.net.URLEncoder there is no way
* to specify to the java.net.URLEncoder which characters should NOT be encoded. This code was moved from
* DefaultServlet.java
- *
- * @author Craig R. McClanahan
- * @author Remy Maucherat
*/
public final class URLEncoder implements Cloneable {
@@ -149,7 +147,15 @@
int maxBytesPerChar = 10;
StringBuilder rewrittenPath = new StringBuilder(path.length());
ByteArrayOutputStream buf = new ByteArrayOutputStream(maxBytesPerChar);
- OutputStreamWriter writer = new OutputStreamWriter(buf, charset);
+ /*
+ * Most calls to this method use UTF-8 where malformed input and unmappable character issues are not expected to
+ * happen. The only Tomcat code that currently (January 2026) might call this method with something other than
+ * UTF-8 is the rewrite valve. In that case, the rewrite rules should be consistent with the configured URI
+ * encoding on the Connector. Given all of this, the IAE is only expected to be thrown as a result of
+ * configuration errors.
+ */
+ OutputStreamWriter writer = new OutputStreamWriter(buf, charset.newEncoder()
+ .onMalformedInput(CodingErrorAction.REPORT).onUnmappableCharacter(CodingErrorAction.REPORT));
for (int i = 0; i < path.length(); i++) {
int c = path.charAt(i);
@@ -162,9 +168,8 @@
try {
writer.write((char) c);
writer.flush();
- } catch (IOException e) {
- buf.reset();
- continue;
+ } catch (IOException ioe) {
+ throw new IllegalArgumentException(ioe);
}
byte[] ba = buf.toByteArray();
for (byte toEncode : ba) {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/util/XMLWriter.java tomcat10-10.1.52/java/org/apache/catalina/util/XMLWriter.java
--- tomcat10-10.1.40/java/org/apache/catalina/util/XMLWriter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/util/XMLWriter.java 2026-01-23 19:33:36.000000000 +0000
@@ -141,7 +141,7 @@
}
if (namespaceInfo != null) {
buffer.append("<").append(namespace).append(":").append(name).append(" xmlns:")
- .append(namespace).append("=\"").append(namespaceInfo).append("\">");
+ .append(namespace).append("=\"").append(namespaceInfo).append("\">");
} else {
buffer.append("<").append(namespace).append(":").append(name).append(">");
}
@@ -158,7 +158,7 @@
}
if (namespaceInfo != null) {
buffer.append("<").append(namespace).append(":").append(name).append(" xmlns:")
- .append(namespace).append("=\"").append(namespaceInfo).append("\"/>\n");
+ .append(namespace).append("=\"").append(namespaceInfo).append("\"/>\n");
} else {
buffer.append("<").append(namespace).append(":").append(name).append("/>\n");
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/AbstractAccessLogValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/AbstractAccessLogValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/AbstractAccessLogValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/AbstractAccessLogValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,6 +21,7 @@
import java.io.IOException;
import java.net.InetAddress;
import java.text.SimpleDateFormat;
+import java.time.Instant;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
@@ -56,15 +57,12 @@
/**
- *
* Abstract implementation of the Valve interface that generates a web server access log with the detailed line
* contents matching a configurable pattern. The syntax of the available patterns is similar to that supported by the
* Apache HTTP Servermod_log_config module.
- *
*
* Patterns for the logged message may include constant text or any of the following replacement strings, for which the
* corresponding information from the specified Response is substituted:
- *
*
*
%a - Remote IP address
*
%A - Local IP address
@@ -97,7 +95,6 @@
*
*
* In addition, the caller can specify one of the following aliases for commonly utilized patterns:
- *
*
*
common - %h %l %u %t "%r" %s %b
*
combined - %h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"
@@ -106,7 +103,6 @@
* There is also support to write information from the cookie, incoming header, the Session or something else in the
* ServletRequest.
* It is modeled after the Apache HTTP Server log configuration syntax:
- *
*
*
%{xxx}i for incoming headers
*
%{xxx}o for outgoing response headers
@@ -126,17 +122,9 @@
* non-null value, the logging will be skipped. If the value returned from ServletRequest.getAttribute(conditionIf)
* yields the null value, the logging will be skipped. The condition attribute is synonym for
* conditionUnless and is provided for backwards compatibility.
- *
*
* For extended attributes coming from a getAttribute() call, it is you responsibility to ensure there are no newline or
* control characters.
- *
- *
- * @author Craig R. McClanahan
- * @author Jason Brittain
- * @author Remy Maucherat
- * @author Takayuki Kaneko
- * @author Peter Rossbach
*/
public abstract class AbstractAccessLogValve extends ValveBase implements AccessLog {
@@ -675,16 +663,13 @@
return;
}
- // Date for access log should be the beginning of the request
- Date date = getDate(request.getCoyoteRequest().getStartTime());
-
CharArrayWriter result = charArrayWriters.pop();
if (result == null) {
result = new CharArrayWriter(128);
}
for (AccessLogElement logElement : logElements) {
- logElement.addElement(result, date, request, response, time);
+ logElement.addElement(result, request, response, time);
}
log(result);
@@ -747,9 +732,42 @@
/**
* AccessLogElement writes the partial message into the buffer.
+ *
+ * At least one method must be implemented else a loop will occur.
+ *
+ * When the deprecated method is removed in Tomcat 12, the default implementation for
+ * {@link #addElement(CharArrayWriter, Request, Response, long)} will also be removed.
*/
protected interface AccessLogElement {
- void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time);
+ /**
+ * Called to create an access log entry.
+ *
+ * @param buf The buffer to which the log element should be added
+ * @param date The time stamp for the start of the request
+ * @param request The request that triggered this access log entry
+ * @param response The response to the request that triggered this access log entry
+ * @param time The time taken in nanoseconds to process the request
+ *
+ * @deprecated Unused. Will be removed in Tomcat 12. Use
+ * {@link #addElement(CharArrayWriter, Request, Response, long)}
+ */
+ @Deprecated
+ default void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ addElement(buf, request, response, time);
+ }
+
+ /**
+ * Called to create an access log entry.
+ *
+ * @param buf The buffer to which the log element should be added
+ * @param request The request that triggered this access log entry
+ * @param response The response to the request that triggered this access log entry
+ * @param time The time taken in nanoseconds to process the request
+ */
+ default void addElement(CharArrayWriter buf, Request request, Response response, long time) {
+ Date date = getDate(request.getCoyoteRequest().getStartTime());
+ addElement(buf, date, request, response, time);
+ }
}
/**
@@ -768,7 +786,7 @@
*/
protected static class ThreadNameElement implements AccessLogElement {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
RequestInfo info = request.getCoyoteRequest().getRequestProcessor();
if (info != null) {
buf.append(info.getWorkerThreadName());
@@ -789,8 +807,8 @@
String init;
try {
init = InetAddress.getLocalHost().getHostAddress();
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
init = "127.0.0.1";
}
@@ -802,7 +820,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
buf.append(localAddrValue);
}
}
@@ -839,7 +857,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
String value = null;
if (remoteAddressType == RemoteAddressType.PEER) {
value = request.getPeerAddr();
@@ -879,7 +897,7 @@
*/
protected class HostElement implements AccessLogElement, CachedElement {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
String value = null;
if (requestAttributesEnabled) {
Object host = request.getAttribute(REMOTE_HOST_ATTRIBUTE);
@@ -913,7 +931,7 @@
*/
protected static class LogicalUserNameElement implements AccessLogElement {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
buf.append('-');
}
}
@@ -923,7 +941,7 @@
*/
protected class ProtocolElement implements AccessLogElement {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
if (requestAttributesEnabled) {
Object proto = request.getAttribute(PROTOCOL_ATTRIBUTE);
if (proto == null) {
@@ -942,7 +960,7 @@
*/
protected static class UserElement implements AccessLogElement {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
if (request != null) {
String value = request.getRemoteUser();
if (value != null) {
@@ -1085,11 +1103,11 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
- long timestamp = date.getTime();
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
+ Instant requestStartInstant = Instant.from(request.getCoyoteRequest().getStartInstant());
long frac;
if (!usesBegin) {
- timestamp += TimeUnit.NANOSECONDS.toMillis(time);
+ requestStartInstant = requestStartInstant.plusNanos(time);
}
/*
* Implementation note: This is deliberately not implemented using switch. If a switch is used the compiler
@@ -1099,13 +1117,13 @@
* pre-loading up to date as the name changes is error prone.
*/
if (type == FormatType.CLF) {
- buf.append(localDateCache.get().getFormat(timestamp));
+ buf.append(localDateCache.get().getFormat(requestStartInstant.toEpochMilli()));
} else if (type == FormatType.SEC) {
- buf.append(Long.toString(timestamp / 1000));
+ buf.append(Long.toString(requestStartInstant.getEpochSecond()));
} else if (type == FormatType.MSEC) {
- buf.append(Long.toString(timestamp));
+ buf.append(Long.toString(requestStartInstant.toEpochMilli()));
} else if (type == FormatType.MSEC_FRAC) {
- frac = timestamp % 1000;
+ frac = requestStartInstant.toEpochMilli() % 1000;
if (frac < 100) {
if (frac < 10) {
buf.append('0');
@@ -1117,12 +1135,13 @@
buf.append(Long.toString(frac));
} else {
// FormatType.SDF
+ long timestamp = requestStartInstant.toEpochMilli();
String temp = localDateCache.get().getFormat(format, locale, timestamp);
if (usesMsecs) {
frac = timestamp % 1000;
StringBuilder tripleMsec = new StringBuilder(4);
if (frac < 100) {
- buf.append('0');
+ tripleMsec.append('0');
if (frac < 10) {
tripleMsec.append('0');
}
@@ -1145,7 +1164,7 @@
*/
protected static class RequestElement implements AccessLogElement {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
if (request != null) {
String method = request.getMethod();
if (method == null) {
@@ -1173,7 +1192,7 @@
*/
protected static class HttpStatusCodeElement implements AccessLogElement {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
if (response != null) {
// This approach is used to reduce GC from toString conversion
int status = response.getStatus();
@@ -1222,7 +1241,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
if (requestAttributesEnabled && portType == PortType.LOCAL) {
Object port = request.getAttribute(SERVER_PORT_ATTRIBUTE);
if (port == null) {
@@ -1261,7 +1280,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
// Don't need to flush since trigger for log message is after the
// response has been committed
long length = response.getBytesWritten(false);
@@ -1289,7 +1308,7 @@
*/
protected static class MethodElement implements AccessLogElement {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
if (request != null) {
buf.append(request.getMethod());
}
@@ -1369,7 +1388,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
style.append(buf, time);
}
}
@@ -1379,7 +1398,7 @@
*/
protected static class FirstByteTimeElement implements AccessLogElement {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
long commitTime = response.getCoyoteResponse().getCommitTimeNanos();
if (commitTime == -1) {
buf.append('-');
@@ -1395,7 +1414,7 @@
*/
protected static class QueryElement implements AccessLogElement {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
String query = null;
if (request != null) {
query = request.getQueryString();
@@ -1412,7 +1431,7 @@
*/
protected static class SessionIdElement implements AccessLogElement {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
if (request == null) {
buf.append('-');
} else {
@@ -1431,7 +1450,7 @@
*/
protected static class RequestURIElement implements AccessLogElement {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
if (request != null) {
buf.append(request.getRequestURI());
} else {
@@ -1445,7 +1464,7 @@
*/
protected class LocalServerNameElement implements AccessLogElement {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
String value = null;
if (requestAttributesEnabled) {
Object serverName = request.getAttribute(SERVER_NAME_ATTRIBUTE);
@@ -1478,7 +1497,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
buf.append(str);
}
}
@@ -1494,7 +1513,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
Enumeration iter = request.getHeaders(header);
if (iter.hasMoreElements()) {
escapeAndAppend(iter.nextElement(), buf);
@@ -1519,7 +1538,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
StringBuilder value = null;
boolean first = true;
Cookie[] cookies = request.getCookies();
@@ -1557,7 +1576,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
if (null != response) {
Iterator iter = response.getHeaders(header).iterator();
if (iter.hasNext()) {
@@ -1584,7 +1603,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
Object value = null;
if (request != null) {
value = request.getAttribute(attribute);
@@ -1614,7 +1633,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
Object value = null;
if (null != request) {
HttpSession sess = request.getSession(false);
@@ -1641,7 +1660,7 @@
*/
protected static class ConnectionStatusElement implements AccessLogElement {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
if (response != null && request != null) {
boolean statusFound = false;
@@ -1679,7 +1698,6 @@
}
-
/**
* Write identifier element %{xxx}L
*/
@@ -1691,7 +1709,7 @@
private final IdentifierType identifierType;
public IdentifierElement() {
- this(null);
+ this("");
}
@@ -1708,8 +1726,8 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
- switch(identifierType) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
+ switch (identifierType) {
case CONNECTION:
buf.append(request.getServletConnection().getConnectionId());
break;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/AccessLogValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/AccessLogValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/AccessLogValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/AccessLogValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -446,9 +446,9 @@
close(false);
try {
holder.renameTo(new File(newFileName));
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
- log.error(sm.getString("accessLogValve.rotateFail"), e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ log.error(sm.getString("accessLogValve.rotateFail"), t);
}
/* Make sure date is correct */
@@ -515,9 +515,9 @@
if (!rotatedLogFile.renameTo(newLogFile)) {
log.error(sm.getString("accessLogValve.renameFail", rotatedLogFile, newLogFile));
}
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
- log.error(sm.getString("accessLogValve.renameFail", rotatedLogFile, newLogFile), e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ log.error(sm.getString("accessLogValve.renameFail", rotatedLogFile, newLogFile), t);
}
}
}
@@ -541,9 +541,9 @@
if (!currentLogFile.renameTo(newLogFile)) {
log.error(sm.getString("accessLogValve.renameFail", currentLogFile, newLogFile));
}
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
- log.error(sm.getString("accessLogValve.renameFail", currentLogFile, newLogFile), e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ log.error(sm.getString("accessLogValve.renameFail", currentLogFile, newLogFile), t);
}
} else {
log.error(sm.getString("accessLogValve.alreadyExists", currentLogFile, newLogFile));
@@ -566,9 +566,9 @@
if (currentLogFile != null && !currentLogFile.exists()) {
try {
close(false);
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
- log.info(sm.getString("accessLogValve.closeFail"), e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ log.info(sm.getString("accessLogValve.closeFail"), t);
}
/* Make sure date is correct */
@@ -622,10 +622,10 @@
false);
currentLogFile = pathname;
- } catch (IOException e) {
+ } catch (IOException ioe) {
writer = null;
currentLogFile = null;
- log.error(sm.getString("accessLogValve.openFail", pathname, System.getProperty("user.name")), e);
+ log.error(sm.getString("accessLogValve.openFail", pathname, System.getProperty("user.name")), ioe);
}
// Rotating a log file will always trigger a new file to be opened so
// when a new file is opened, check to see if any old files need to be
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/Constants.java tomcat10-10.1.52/java/org/apache/catalina/valves/Constants.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/Constants.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/Constants.java 2026-01-23 19:33:36.000000000 +0000
@@ -19,8 +19,6 @@
/**
* Manifest constants for the org.apache.catalina.valves package.
- *
- * @author Craig R. McClanahan
*/
public final class Constants {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/CrawlerSessionManagerValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/CrawlerSessionManagerValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/CrawlerSessionManagerValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/CrawlerSessionManagerValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,6 +21,7 @@
import java.util.Enumeration;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import java.util.function.Function;
import java.util.regex.Pattern;
import jakarta.servlet.ServletException;
@@ -59,6 +60,8 @@
private boolean isContextAware = true;
+ private Function clientIdentifierFunction = this::getClientIdentifier;
+
/**
* Specifies a default constructor so async support can be configured.
@@ -162,6 +165,15 @@
this.isContextAware = isContextAware;
}
+ /**
+ * Specify the clientIdentifier function that will be used to identify unique clients. The default is to use the
+ * client IP address, optionally combined with the host name and context name.
+ *
+ * @param clientIdentifierFunction The new function used to build identifiers for clients.
+ */
+ public void setClientIdentifierFunction(Function clientIdentifierFunction) {
+ this.clientIdentifierFunction = clientIdentifierFunction;
+ }
@Override
protected void initInternal() throws LifecycleException {
@@ -184,7 +196,7 @@
boolean isBot = false;
String sessionId = null;
String clientIp = request.getRemoteAddr();
- String clientIdentifier = getClientIdentifier(host, request.getContext(), clientIp);
+ String clientIdentifier = clientIdentifierFunction.apply(request);
if (log.isTraceEnabled()) {
log.trace(request.hashCode() + ": ClientIdentifier=" + clientIdentifier + ", RequestedSessionId=" +
@@ -262,12 +274,12 @@
}
}
-
- private String getClientIdentifier(Host host, Context context, String clientIp) {
- StringBuilder result = new StringBuilder(clientIp);
+ private String getClientIdentifier(Request request) {
+ StringBuilder result = new StringBuilder(request.getRemoteAddr());
if (isHostAware) {
- result.append('-').append(host.getName());
+ result.append('-').append(request.getHost().getName());
}
+ Context context = request.getContext();
if (isContextAware && context != null) {
result.append(context.getName());
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/ErrorReportValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/ErrorReportValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/ErrorReportValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/ErrorReportValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -42,21 +42,11 @@
import org.apache.tomcat.util.security.Escape;
/**
- *
* Implementation of a Valve that outputs HTML error pages.
- *
*
* This Valve should be attached at the Host level, although it will work if attached to a Context.
- *
*
* HTML code from the Cocoon 2 project.
- *
- *
- * @author Remy Maucherat
- * @author Craig R. McClanahan
- * @author Nicola Ken Barozzi Aisa
- * @author Stefano Mazzocchi
- * @author Yoav Shapira
*/
public class ErrorReportValve extends ValveBase {
@@ -389,11 +379,10 @@
response.setContentType("text/html");
response.setCharacterEncoding("UTF-8");
- try (OutputStream os = response.getOutputStream();
- InputStream is = new FileInputStream(file)) {
+ try (OutputStream os = response.getOutputStream(); InputStream is = new FileInputStream(file)) {
IOTools.flow(is, os);
- } catch (IOException e) {
- getContainer().getLogger().warn(sm.getString("errorReportValve.errorPageIOException", location), e);
+ } catch (IOException ioe) {
+ getContainer().getLogger().warn(sm.getString("errorReportValve.errorPageIOException", location), ioe);
return false;
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/ExtendedAccessLogValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/ExtendedAccessLogValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/ExtendedAccessLogValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -42,8 +42,8 @@
/**
* An implementation of the W3c Extended Log File Format. See
- * WD-logfile-960323
- * for more information about the format. The following fields are supported:
+ * WD-logfile-960323 for more information about the format. The
+ * following fields are supported:
*
*
c-dns: Client hostname (or ip address if enableLookups for the connector is false)
*
c-ip: Client ip address
@@ -82,8 +82,6 @@
*
x-H(scheme): getScheme
*
x-H(secure): isSecure
*
- *
- * @author Peter Rossbach
*/
public class ExtendedAccessLogValve extends AccessLogValve {
@@ -97,7 +95,7 @@
* toString() fails, '-' will be written to the buffer.
*
* @param value - The value to wrap
- * @param buf the buffer to write to
+ * @param buf the buffer to write to
*/
static void wrap(Object value, CharArrayWriter buf) {
String svalue;
@@ -108,8 +106,8 @@
try {
svalue = value.toString();
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
/* Log error */
buf.append('-');
return;
@@ -145,11 +143,12 @@
ThreadLocal.withInitial(() -> new ElementTimestampStruct("yyyy-MM-dd"));
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
ElementTimestampStruct eds = currentDate.get();
long millis = eds.currentTimestamp.getTime();
- if (date.getTime() > (millis + INTERVAL - 1) || date.getTime() < millis) {
- eds.currentTimestamp.setTime(date.getTime() - (date.getTime() % INTERVAL));
+ long epochMilli = request.getCoyoteRequest().getStartInstant().toEpochMilli();
+ if (epochMilli > (millis + INTERVAL - 1) || epochMilli < millis) {
+ eds.currentTimestamp.setTime(epochMilli - (epochMilli % INTERVAL));
eds.currentTimestampString = eds.currentTimestampFormat.format(eds.currentTimestamp);
}
buf.append(eds.currentTimestampString);
@@ -164,11 +163,12 @@
ThreadLocal.withInitial(() -> new ElementTimestampStruct("HH:mm:ss"));
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
ElementTimestampStruct eds = currentTime.get();
long millis = eds.currentTimestamp.getTime();
- if (date.getTime() > (millis + INTERVAL - 1) || date.getTime() < millis) {
- eds.currentTimestamp.setTime(date.getTime() - (date.getTime() % INTERVAL));
+ long epochMilli = request.getCoyoteRequest().getStartInstant().toEpochMilli();
+ if (epochMilli > (millis + INTERVAL - 1) || epochMilli < millis) {
+ eds.currentTimestamp.setTime(epochMilli - (epochMilli % INTERVAL));
eds.currentTimestampString = eds.currentTimestampFormat.format(eds.currentTimestamp);
}
buf.append(eds.currentTimestampString);
@@ -183,7 +183,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
wrap(request.getHeader(header), buf);
}
}
@@ -196,7 +196,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
wrap(response.getHeader(header), buf);
}
}
@@ -209,7 +209,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
wrap(request.getContext().getServletContext().getAttribute(attribute), buf);
}
}
@@ -222,7 +222,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
StringBuilder value = new StringBuilder();
boolean first = true;
Cookie[] c = request.getCookies();
@@ -255,7 +255,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
if (null != response) {
Iterator iter = response.getHeaders(header).iterator();
if (iter.hasNext()) {
@@ -287,7 +287,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
wrap(request.getAttribute(attribute), buf);
}
}
@@ -300,7 +300,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
HttpSession session = null;
if (request != null) {
session = request.getSession(false);
@@ -329,7 +329,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
String parameterValue;
try {
parameterValue = request.getParameter(parameter);
@@ -497,8 +497,8 @@
log.trace("finished decoding with element size of: " + list.size());
}
return list.toArray(new AccessLogElement[0]);
- } catch (IOException e) {
- log.error(sm.getString("extendedAccessLogValve.patternParseError", pattern), e);
+ } catch (IOException ioe) {
+ log.error(sm.getString("extendedAccessLogValve.patternParseError", pattern), ioe);
return null;
}
}
@@ -549,13 +549,13 @@
} else if ("dns".equals(nextToken)) {
return new AccessLogElement() {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response,
+ public void addElement(CharArrayWriter buf, Request request, Response response,
long time) {
String value;
try {
value = InetAddress.getLocalHost().getHostName();
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
value = "localhost";
}
buf.append(value);
@@ -588,7 +588,7 @@
} else if ("query".equals(token)) {
return new AccessLogElement() {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response,
+ public void addElement(CharArrayWriter buf, Request request, Response response,
long time) {
String query = request.getQueryString();
if (query != null) {
@@ -602,7 +602,7 @@
} else {
return new AccessLogElement() {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response,
+ public void addElement(CharArrayWriter buf, Request request, Response response,
long time) {
String query = request.getQueryString();
buf.append(request.getRequestURI());
@@ -700,84 +700,84 @@
if ("authType".equals(parameter)) {
return new AccessLogElement() {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
wrap(request.getAuthType(), buf);
}
};
} else if ("remoteUser".equals(parameter)) {
return new AccessLogElement() {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
wrap(request.getRemoteUser(), buf);
}
};
} else if ("requestedSessionId".equals(parameter)) {
return new AccessLogElement() {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
wrap(request.getRequestedSessionId(), buf);
}
};
} else if ("requestedSessionIdFromCookie".equals(parameter)) {
return new AccessLogElement() {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
wrap(String.valueOf(request.isRequestedSessionIdFromCookie()), buf);
}
};
} else if ("requestedSessionIdValid".equals(parameter)) {
return new AccessLogElement() {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
wrap(String.valueOf(request.isRequestedSessionIdValid()), buf);
}
};
} else if ("contentLength".equals(parameter)) {
return new AccessLogElement() {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
wrap(String.valueOf(request.getContentLengthLong()), buf);
}
};
} else if ("connectionId".equals(parameter)) {
return new AccessLogElement() {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
wrap(request.getServletConnection().getConnectionId(), buf);
}
};
} else if ("characterEncoding".equals(parameter)) {
return new AccessLogElement() {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
wrap(request.getCharacterEncoding(), buf);
}
};
} else if ("locale".equals(parameter)) {
return new AccessLogElement() {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
wrap(request.getLocale(), buf);
}
};
} else if ("protocol".equals(parameter)) {
return new AccessLogElement() {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
wrap(request.getProtocol(), buf);
}
};
} else if ("scheme".equals(parameter)) {
return new AccessLogElement() {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
buf.append(request.getScheme());
}
};
} else if ("secure".equals(parameter)) {
return new AccessLogElement() {
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
wrap(Boolean.valueOf(request.isSecure()), buf);
}
};
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/JDBCAccessLogValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/JDBCAccessLogValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/JDBCAccessLogValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/JDBCAccessLogValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -96,9 +96,6 @@
* remoteHost, user, timeStamp, query, status, bytes
*
*
- * @author Andre de Jesus
- * @author Peter Rossbach
- *
* @deprecated Non scalable design, and not documented. Will be removed in Tomcat 12.
*/
@Deprecated
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/JsonAccessLogValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/JsonAccessLogValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/JsonAccessLogValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/JsonAccessLogValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,7 +20,6 @@
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
-import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.ListIterator;
@@ -125,7 +124,7 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
buf.write(ch);
}
}
@@ -257,12 +256,12 @@
}
@Override
- public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) {
+ public void addElement(CharArrayWriter buf, Request request, Response response, long time) {
buf.append('"').append(attributeName).append('"').append(':');
if (quoteValue) {
buf.append('"');
}
- delegate.addElement(buf, date, request, response, time);
+ delegate.addElement(buf, request, response, time);
if (quoteValue) {
buf.append('"');
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/JsonErrorReportValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/JsonErrorReportValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/JsonErrorReportValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/JsonErrorReportValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -28,8 +28,8 @@
import org.apache.tomcat.util.res.StringManager;
/**
- * Implementation of a Valve that outputs error JSON.
- * This Valve should be attached at the Host level, although it will work if attached to a Context.
+ * Implementation of a Valve that outputs error JSON. This Valve should be attached at the Host level, although it will
+ * work if attached to a Context.
*/
public class JsonErrorReportValve extends ErrorReportValve {
@@ -112,7 +112,8 @@
}
for (int i = 0; i < pos; i++) {
if (!(elements[i].getClassName().startsWith("org.apache.catalina.core."))) {
- sb.append(',').append('\"').append(' ').append(JSONFilter.escape(elements[i].toString())).append('\"');
+ sb.append(',').append('\"').append(' ').append(JSONFilter.escape(elements[i].toString()))
+ .append('\"');
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/LocalStrings.properties tomcat10-10.1.52/java/org/apache/catalina/valves/LocalStrings.properties
--- tomcat10-10.1.40/java/org/apache/catalina/valves/LocalStrings.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/LocalStrings.properties 2026-01-23 19:33:36.000000000 +0000
@@ -135,6 +135,13 @@
loadBalancerDrainingValve.draining=Load-balancer is in DISABLED state, draining this node
loadBalancerDrainingValve.skip=Client is presenting a valid [{0}] cookie, re-balancing is being skipped
+parameterLimitValve.closeError=Error closing configuration
+parameterLimitValve.invalidLimits=Each limit configuration must contain either a single integer or three, comma-separated integers. Invalid limit string [{0}]
+parameterLimitValve.invalidLine=Each line must contain at least one '=' character. Invalid line [{0}]
+parameterLimitValve.noConfiguration=No configuration resource found [{0}]
+parameterLimitValve.readConfiguration=Read configuration from [/WEB-INF/{0}]
+parameterLimitValve.readError=Error reading configurationpatternTokenizer.unexpectedParenthesis=Unexpected ')' in pattern
+
patternTokenizer.unexpectedParenthesis=Unexpected ')' in pattern
persistentValve.acquireFailed=The request for [{0}] did not obtain the per session Semaphore as no permit was available
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/LocalStrings_fr.properties tomcat10-10.1.52/java/org/apache/catalina/valves/LocalStrings_fr.properties
--- tomcat10-10.1.40/java/org/apache/catalina/valves/LocalStrings_fr.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/LocalStrings_fr.properties 2026-01-23 19:33:36.000000000 +0000
@@ -135,6 +135,13 @@
loadBalancerDrainingValve.draining=Le balanceur de charge est dans l'étât DISABLED, le changement de répartition de la charge est sauté
loadBalancerDrainingValve.skip=Le client a envoyé un cookie [{0}] valide, le le changement de répartition de la charge est sauté
+parameterLimitValve.closeError=Erreur lors de la fermeture de la configuration
+parameterLimitValve.invalidLimits=Chaque configuration d''une limite doit contenir soit un seul nombre entier, soit trois, séparés par des virgules. Limite invalide [{0}]
+parameterLimitValve.invalidLine=Chaque ligne doit contenir au moins un caractère ''='', la ligne invalide est [{0}]
+parameterLimitValve.noConfiguration=La ressource de configuration [{0}] n''a pas été trouvée
+parameterLimitValve.readConfiguration=Lecture de la configuration à partir de [/WEB-INF/{0}]
+parameterLimitValve.readError=Erreur lors de la lecture de la configuration
+
patternTokenizer.unexpectedParenthesis=')' inattendu dans le modèle
persistentValve.acquireFailed=La requête pour [{0}] n''a pas obtenu le sémaphore associé à la session car aucun permis n''était disponible
@@ -163,6 +170,6 @@
sslValve.invalidProvider=Le fournisseur SSL spécifié pour le connecteur associé avec cette requête de [{0}] est invalide, le certificat n''a pas pu être traité
stuckThreadDetectionValve.interrupted=Le fil d'exécution a été interrompu après la fin de la requête, cela sera ignoré
-stuckThreadDetectionValve.notifyStuckThreadCompleted=Le Thread [{0}] (id=[{3}]) qui a été préalablement rapporté comme étant bloqué s''est terminé, il a été actif pendant approximativement [{1}] millisecondes, il y a [{2}] thread(s) au total qui sont surveillés par cette valve et qui pourraient être bloqués
+stuckThreadDetectionValve.notifyStuckThreadCompleted=Le Thread [{0}] (id=[{3}]) qui a été préalablement rapporté comme étant bloqué s''est terminé, il a été actif pendant approximativement [{1}] millisecondes. {2,choice,0#|0< Il y a [{2}] thread(s) au total qui sont surveillés par cette valve et qui pourraient être bloqués.}
stuckThreadDetectionValve.notifyStuckThreadDetected=Le Thread [{0}] (id=[{6}]) a été actif depuis [{1}] millisecondes (depuis [{2}]) pour traiter la même requête pour [{4}] et pourrait être bloqué (le seuil configurable est de [{5}] secondes pour cette StuckThreadDetectionValve), il y a [{3}] thread(s) au total qui sont surveillés par cette valve et qui pourraient être bloqués
stuckThreadDetectionValve.notifyStuckThreadInterrupted=Le Thread [{0}] (id=[{5}]) a été interrompu car il a été actif depuis [{1}] millisecondes (depuis [{2}]) pour traiter la même requête pour [{3}] et était probablement bloqué (le seuil configurable est de [{4}] secondes pour cette StuckThreadDetectionValve)
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/LocalStrings_ja.properties tomcat10-10.1.52/java/org/apache/catalina/valves/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/org/apache/catalina/valves/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -23,7 +23,7 @@
accessLogValve.invalidPortType=不正なポート種類 [{0}] の代わりにサーバーのローカルポートを使用します。
accessLogValve.invalidRemoteAddressType=リモート (非ピア) アドレスを使用している無効なリモートアドレスタイプ [{0}]
accessLogValve.openDirFail=アクセスログのディレクトリ[{0}]の作成に失敗しました
-accessLogValve.openFail=アクセスログファイル [{0}] を開けません。
+accessLogValve.openFail=アクセスログファイル [{0}] を開けません。注: ユーザー [{1}] として実行しています
accessLogValve.renameFail=[{0}]から[{1}]へのアクセスログの名前の変更に失敗しました。
accessLogValve.rotateFail=アクセスログのローテーションに失敗しました
accessLogValve.unsupportedEncoding=文字エンコーディングに [{0}] を指定できません。システムの既定値を使用します。
@@ -135,6 +135,13 @@
loadBalancerDrainingValve.draining=ロードバランサは DISABLED 状態にあり、このノードを使用していません
loadBalancerDrainingValve.skip=クライアントは有効な [{0}] Cookie を提示しているため、リバランスはスキップされています
+parameterLimitValve.closeError=設定をクローズする際のエラー
+parameterLimitValve.invalidLimits=各制限構成には、1 つの整数かコンマで区切られた 3 つの整数が含まれている必要があります。無効な制限文字列 [{0}]
+parameterLimitValve.invalidLine=各行には少なくとも 1 つの ''='' が含まれている必要があります。無効な行 [{0}]
+parameterLimitValve.noConfiguration=構成リソースが見つかりません [{0}]
+parameterLimitValve.readConfiguration=[/WEB-INF/{0}] から設定を読み取ります
+parameterLimitValve.readError=設定の読み込みエラー
+
patternTokenizer.unexpectedParenthesis=パターンに予期しない ')' があります
persistentValve.acquireFailed=リクエスト [{0}] は、利用可能な許可がなかったため、セッションごとのセマフォを取得できませんでした
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/LocalStrings_ru.properties tomcat10-10.1.52/java/org/apache/catalina/valves/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/org/apache/catalina/valves/LocalStrings_ru.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -16,6 +16,11 @@
# Do not edit this file directly.
# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
+accessLogValve.invalidLocale=Невозможно установить локаль [{0}]
+
+errorReportValve.description=Описание
+errorReportValve.rootCauseInLogs=Полная трассировка стека первопричины ошибки доступна в логах сервера.
+
http.401.reason=Не авторизовано
http.402.reason=Требуется оплата
http.403.desc=Сервер получил запрос, но отказался его авторизовать.
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/LocalStrings_zh_CN.properties tomcat10-10.1.52/java/org/apache/catalina/valves/LocalStrings_zh_CN.properties
--- tomcat10-10.1.40/java/org/apache/catalina/valves/LocalStrings_zh_CN.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/LocalStrings_zh_CN.properties 2026-01-23 19:33:36.000000000 +0000
@@ -149,6 +149,6 @@
sslValve.certError=无法处理证书字符串[{0}]以创建java.security.cert.X509Certificate对象
sslValve.invalidProvider=与此[{0}]请求关联的连接器上指定的SSL提供程序无效。 无法处理证书数据。
-stuckThreadDetectionValve.notifyStuckThreadCompleted=线程[{0}](id=[{3}])之前报告为卡住,但是已经完成。它活跃了大概[{1}]毫秒。{2,选择,0#|0< 仍有[{2}]个被Valve监控的线程可能卡住}
+stuckThreadDetectionValve.notifyStuckThreadCompleted=线程[{0}](id=[{3}])之前报告为卡住,但是已经完成。它活跃了大概[{1}]毫秒。{2,choice,0#|0< 仍有[{2}]个被Valve监控的线程可能卡住}
stuckThreadDetectionValve.notifyStuckThreadDetected=线程[{0}](id=[{6}])已处于活动状态[{1}]毫秒(自[{2}]起),以便为[{4}]提供相同的请求,并且可能被卡住(此StuckThreadDetectionValve的配置阈值为[{5}]秒)。总共有[{3}]个线程受此阀监视,可能被卡住。
stuckThreadDetectionValve.notifyStuckThreadInterrupted=线程[{0}](id=[{5}])已被中断,因为它在[{1}]毫秒(自[{2}]起)内处于活动状态,以便为[{3}]提供相同的请求,并且可能被卡住(此StuckThreadDetectionValve的配置中断阈值为[{4}]秒)。
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/ParameterLimitValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/ParameterLimitValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/ParameterLimitValve.java 1970-01-01 00:00:00.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/ParameterLimitValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -0,0 +1,282 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.valves;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.StringReader;
+import java.nio.charset.StandardCharsets;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.regex.Pattern;
+
+import jakarta.servlet.ServletException;
+
+import org.apache.catalina.Container;
+import org.apache.catalina.Context;
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.buf.UDecoder;
+import org.apache.tomcat.util.file.ConfigFileLoader;
+import org.apache.tomcat.util.file.ConfigurationSource;
+
+/**
+ * This is a concrete implementation of {@link ValveBase} that allows alternative values for the
+ * Connector attributes {@code maxParameterCount}, {@code maxPartCount} and {@code maxPartHeaderSize}
+ * to be applied to a request. The features of this implementation include:
+ *
+ *
URL-specific parameter limits that can be defined using regular expressions
+ *
Configurable through Tomcat's server.xml or context.xml
+ *
Requires a parameter_limit.config file containing the URL-specific parameter limits. It must be
+ * placed in the Host configuration folder or in the WEB-INF folder of the web application.
+ *
+ *
+ * The default limit, specified by Connector's value, applies to all requests unless a more specific URL pattern is
+ * matched. URL patterns and their corresponding limits can be configured via a regular expression mapping through the
+ * urlPatternLimits attribute.
+ *
+ * The Valve checks each incoming request and enforces the appropriate limit. If a request exceeds the allowed number of
+ * parameters, a 400 Bad Request response is returned.
+ *
+ * Example, configuration in context.xml:
+ *
+ *
+ * {@code
+ *
+ *
+ * }
+ * and in parameter_limit.config:
+ *
+ * The configuration allows for flexible control over different sections of your application, such as applying higher
+ * limits for API endpoints and stricter limits for admin areas.
+ *
+ * If a single integer is provided, it is used for {@code maxParameterCount}.
+ *
+ * If three integers are provided, they are applied to {@code maxParameterCount}, {@code maxPartCount} and
+ * {@code maxPartHeaderSize} respectively.
+ */
+
+public class ParameterLimitValve extends ValveBase {
+
+ /**
+ * Map for URL-specific limits.
+ */
+ private Map urlPatternLimits = new ConcurrentHashMap<>();
+
+ /**
+ * Relative path to the configuration file. Note: If the valve's container is a context, this will be relative to
+ * /WEB-INF/.
+ */
+ private String resourcePath = "parameter_limit.config";
+
+ /**
+ * Will be set to true if the valve is associated with a context.
+ */
+ private boolean context = false;
+
+ public ParameterLimitValve() {
+ super(true);
+ }
+
+ public String getResourcePath() {
+ return resourcePath;
+ }
+
+ public void setResourcePath(String resourcePath) {
+ this.resourcePath = resourcePath;
+ }
+
+ @Override
+ protected void initInternal() throws LifecycleException {
+ super.initInternal();
+ containerLog = LogFactory.getLog(getContainer().getLogName() + ".parameterLimit");
+ }
+
+ @Override
+ protected void startInternal() throws LifecycleException {
+
+ super.startInternal();
+
+ InputStream is = null;
+
+ // Process configuration file for this valve
+ if (getContainer() instanceof Context) {
+ context = true;
+ String webInfResourcePath = "/WEB-INF/" + resourcePath;
+ is = ((Context) getContainer()).getServletContext().getResourceAsStream(webInfResourcePath);
+ if (containerLog.isDebugEnabled()) {
+ if (is == null) {
+ containerLog.debug(sm.getString("parameterLimitValve.noConfiguration", webInfResourcePath));
+ } else {
+ containerLog.debug(sm.getString("parameterLimitValve.readConfiguration", webInfResourcePath));
+ }
+ }
+ } else {
+ String resourceName = Container.getConfigPath(getContainer(), resourcePath);
+ try {
+ ConfigurationSource.Resource resource = ConfigFileLoader.getSource().getResource(resourceName);
+ is = resource.getInputStream();
+ } catch (IOException ioe) {
+ if (containerLog.isDebugEnabled()) {
+ containerLog.debug(sm.getString("parameterLimitValve.noConfiguration", resourceName), ioe);
+ }
+ }
+ }
+
+ if (is == null) {
+ // Will use management operations to configure the valve dynamically
+ return;
+ }
+
+ try (InputStreamReader isr = new InputStreamReader(is, StandardCharsets.UTF_8);
+ BufferedReader reader = new BufferedReader(isr)) {
+ setUrlPatternLimits(reader);
+ } catch (IOException ioe) {
+ containerLog.error(sm.getString("parameterLimitValve.closeError"), ioe);
+ } finally {
+ try {
+ is.close();
+ } catch (IOException ioe) {
+ containerLog.error(sm.getString("parameterLimitValve.closeError"), ioe);
+ }
+ }
+
+ }
+
+ public void setUrlPatternLimits(String urlPatternConfig) {
+ urlPatternLimits.clear();
+ setUrlPatternLimits(new BufferedReader(new StringReader(urlPatternConfig)));
+ }
+
+ /**
+ * Set the mapping of URL patterns to their corresponding parameter limits. The input should be provided line by
+ * line, where each line contains a pattern and a limit, separated by the last '='.
+ *
+ * Example:
+ *
+ *
+ * /api/.*=50
+ * /api======/.*=150
+ * /urlEncoded%20api=2
+ * # This is a comment
+ *
+ *
+ * @param reader A BufferedReader containing URL pattern to parameter limit mappings, with each pair on a separate
+ * line.
+ */
+ public void setUrlPatternLimits(BufferedReader reader) {
+ if (containerLog == null && getContainer() != null) {
+ containerLog = LogFactory.getLog(getContainer().getLogName() + ".parameterLimit");
+ }
+ try {
+ String line;
+ while ((line = reader.readLine()) != null) {
+ // Trim whitespace from the line
+ line = line.trim();
+ if (line.isEmpty() || line.startsWith("#")) {
+ // Skip empty lines or comments
+ continue;
+ }
+
+ int lastEqualsIndex = line.lastIndexOf('=');
+ if (lastEqualsIndex == -1) {
+ throw new IllegalArgumentException(sm.getString("parameterLimitValve.invalidLine", line));
+ }
+
+ String patternString = line.substring(0, lastEqualsIndex).trim();
+ String limitsString = line.substring(lastEqualsIndex + 1).trim();
+
+ Pattern pattern = Pattern.compile(UDecoder.URLDecode(patternString, StandardCharsets.UTF_8));
+ String[] limits = limitsString.split(",");
+ if (limits.length == 1) {
+ urlPatternLimits.put(pattern, new Integer[] { Integer.valueOf(limits[0]), null, null });
+ } else if (limits.length == 3) {
+ urlPatternLimits.put(pattern, new Integer[] { Integer.valueOf(limits[0]),
+ Integer.valueOf(limits[1]), Integer.valueOf(limits[2]) });
+ } else {
+ throw new IllegalArgumentException(
+ sm.getString("parameterLimitValve.invalidLimitsString", limitsString));
+ }
+ if (containerLog != null && containerLog.isTraceEnabled()) {
+ containerLog.trace("Add pattern " + pattern + " and limit(s) " + limitsString);
+ }
+ }
+ } catch (IOException ioe) {
+ if (containerLog != null) {
+ containerLog.error(sm.getString("parameterLimitValve.readError"), ioe);
+ }
+ }
+ }
+
+ @Override
+ protected void stopInternal() throws LifecycleException {
+ super.stopInternal();
+ urlPatternLimits.clear();
+ }
+
+ /**
+ * Checks if any of the defined patterns matches the URI of the request and if it does, enforces the corresponding
+ * parameter limit for the request. Then invoke the next Valve in the sequence.
+ *
+ * @param request The servlet request to be processed
+ * @param response The servlet response to be created
+ *
+ * @exception IOException if an input/output error occurs
+ * @exception ServletException if a servlet error occurs
+ */
+ @Override
+ public void invoke(Request request, Response response) throws IOException, ServletException {
+
+ if (urlPatternLimits.isEmpty()) {
+ getNext().invoke(request, response);
+ return;
+ }
+
+ String requestURI = context ? request.getRequestPathMB().toString() : request.getDecodedRequestURI();
+
+ // Iterate over the URL patterns and apply corresponding limits
+ for (Map.Entry entry : urlPatternLimits.entrySet()) {
+ if (entry.getKey().matcher(requestURI).matches()) {
+ Integer[] limits = entry.getValue();
+ // maxParameterCount should always be present
+ request.setMaxParameterCount(limits[0].intValue());
+ if (limits[1] != null) {
+ request.setMaxPartCount(limits[1].intValue());
+ request.setMaxPartHeaderSize(limits[2].intValue());
+ }
+ break;
+ }
+ }
+
+ // Invoke the next valve to continue processing the request
+ getNext().invoke(request, response);
+ }
+}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/PersistentValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/PersistentValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/PersistentValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/PersistentValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -199,7 +199,7 @@
Session hsess;
try {
hsess = request.getSessionInternal(false);
- } catch (Exception ex) {
+ } catch (Exception e) {
hsess = null;
}
String newsessionId = null;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/ProxyErrorReportValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/ProxyErrorReportValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/ProxyErrorReportValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/ProxyErrorReportValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -193,7 +193,7 @@
}
try {
response.sendRedirect(urlString);
- } catch (IOException e) {
+ } catch (IOException ioe) {
// Ignore
}
} else {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/RemoteAddrValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/RemoteAddrValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/RemoteAddrValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/RemoteAddrValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,8 +31,9 @@
* Concrete implementation of RequestFilterValve that filters based on the string representation of the
* remote client's IP address optionally combined with the server connector port number.
*
- * @author Craig R. McClanahan
+ * @deprecated This Valve will be removed in Tomcat 12 onwards. Use {@link RemoteCIDRValve} instead.
*/
+@Deprecated
public final class RemoteAddrValve extends RequestFilterValve {
private static final Log log = LogFactory.getLog(RemoteAddrValve.class);
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/RemoteHostValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/RemoteHostValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/RemoteHostValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/RemoteHostValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -28,8 +28,6 @@
/**
* Concrete implementation of RequestFilterValve that filters based on the remote client's host name
* optionally combined with the server connector port number.
- *
- * @author Craig R. McClanahan
*/
public final class RemoteHostValve extends RequestFilterValve {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/RemoteIpValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/RemoteIpValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/RemoteIpValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/RemoteIpValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -397,14 +397,13 @@
/**
* @see #setInternalProxies(String)
*/
- private Pattern internalProxies =
- Pattern.compile("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" + "192\\.168\\.\\d{1,3}\\.\\d{1,3}|" +
- "169\\.254\\.\\d{1,3}\\.\\d{1,3}|" + "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
- "100\\.6[4-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "100\\.[7-9]{1}\\d{1}\\.\\d{1,3}\\.\\d{1,3}|" +
- "100\\.1[0-1]{1}\\d{1}\\.\\d{1,3}\\.\\d{1,3}|" + "100\\.12[0-7]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
- "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
- "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "0:0:0:0:0:0:0:1|::1|" +
- "fe[89ab]\\p{XDigit}:.*|" + "f[cd]\\p{XDigit}{2}+:.*");
+ private Pattern internalProxies = Pattern.compile("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
+ "192\\.168\\.\\d{1,3}\\.\\d{1,3}|" + "169\\.254\\.\\d{1,3}\\.\\d{1,3}|" +
+ "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" + "100\\.6[4-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
+ "100\\.[7-9]{1}\\d{1}\\.\\d{1,3}\\.\\d{1,3}|" + "100\\.1[0-1]{1}\\d{1}\\.\\d{1,3}\\.\\d{1,3}|" +
+ "100\\.12[0-7]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
+ "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
+ "0:0:0:0:0:0:0:1|::1|" + "fe[89ab]\\p{XDigit}:.*|" + "f[cd]\\p{XDigit}{2}+:.*");
/**
* @see #setProtocolHeader(String)
@@ -642,7 +641,9 @@
// We know we need a DNS look up so use getCanonicalHostName()
request.setRemoteHost(inetAddress.getCanonicalHostName());
} catch (UnknownHostException e) {
- log.debug(sm.getString("remoteIpValve.invalidRemoteAddress", remoteIp), e);
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("remoteIpValve.invalidRemoteAddress", remoteIp), e);
+ }
request.setRemoteHost(remoteIp);
}
} else {
@@ -697,7 +698,7 @@
}
} catch (IllegalArgumentException iae) {
- log.debug(sm.getString("remoteIpValve.invalidHostHeader", hostHeaderValue, hostHeader));
+ log.debug(sm.getString("remoteIpValve.invalidHostHeader", hostHeaderValue, hostHeader), iae);
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/RequestFilterValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/RequestFilterValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/RequestFilterValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/RequestFilterValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -53,8 +53,6 @@
* authentication instead of denial.
*
* This Valve may be attached to any Container, depending on the granularity of the filtering you wish to perform.
- *
- * @author Craig R. McClanahan
*/
public abstract class RequestFilterValve extends ValveBase {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/SemaphoreValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/SemaphoreValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/SemaphoreValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/SemaphoreValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -35,8 +35,6 @@
* perform. Note that internally, some async requests may require multiple serial requests to complete what - to the
* user - appears as a single request.
*
- *
- * @author Remy Maucherat
*/
public class SemaphoreValve extends ValveBase {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/StuckThreadDetectionValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/StuckThreadDetectionValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/StuckThreadDetectionValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/StuckThreadDetectionValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -322,7 +322,9 @@
// going out from here, maybe already serving a new request
this.interruptionSemaphore.acquire();
} catch (InterruptedException e) {
- log.debug(sm.getString("stuckThreadDetectionValve.interrupted"), e);
+ if (log.isDebugEnabled()) {
+ log.debug(sm.getString("stuckThreadDetectionValve.interrupted"), e);
+ }
}
// no need to release the semaphore, it will be GCed
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/ValveBase.java tomcat10-10.1.52/java/org/apache/catalina/valves/ValveBase.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/ValveBase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/ValveBase.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,8 +31,6 @@
* Convenience base class for implementations of the Valve interface. A subclass MUST implement
* an invoke() method to provide the required functionality, and MAY implement the
* Lifecycle interface to provide configuration management and lifecycle support.
- *
- * @author Craig R. McClanahan
*/
public abstract class ValveBase extends LifecycleMBeanBase implements Contained, Valve {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/rewrite/LocalStrings.properties tomcat10-10.1.52/java/org/apache/catalina/valves/rewrite/LocalStrings.properties
--- tomcat10-10.1.40/java/org/apache/catalina/valves/rewrite/LocalStrings.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/rewrite/LocalStrings.properties 2026-01-23 19:33:36.000000000 +0000
@@ -18,6 +18,8 @@
quotedStringTokenizer.tokenizeError=Error tokenizing text [{0}] after position [{1}] from mode [{2}]
+resolverImpl.tlsError=Unable to obtain TLS information
+
rewriteMap.tooManyParameters=Too many parameters for this map
rewriteMap.txtInvalidLine=Invalid line [{0}] in text file [{1}]
rewriteMap.txtReadError=Error reading text file [{0}]
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/rewrite/LocalStrings_fr.properties tomcat10-10.1.52/java/org/apache/catalina/valves/rewrite/LocalStrings_fr.properties
--- tomcat10-10.1.40/java/org/apache/catalina/valves/rewrite/LocalStrings_fr.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/rewrite/LocalStrings_fr.properties 2026-01-23 19:33:36.000000000 +0000
@@ -18,6 +18,8 @@
quotedStringTokenizer.tokenizeError=Erreur de découpage du texte [{0}] après la position [{1}] en utilisant le mode [{2}]
+resolverImpl.tlsError=Impossible d'obtenir l'information TLS
+
rewriteMap.tooManyParameters=Cette map ne supporte pas plusieurs paramètres
rewriteMap.txtInvalidLine=Ligne invalide [{0}] dans le fichier texte [{1}]
rewriteMap.txtReadError=Erreur en lisant le fichier texte [{0}]
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/rewrite/LocalStrings_ja.properties tomcat10-10.1.52/java/org/apache/catalina/valves/rewrite/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/org/apache/catalina/valves/rewrite/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/rewrite/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -18,6 +18,8 @@
quotedStringTokenizer.tokenizeError=モード [{2}] の位置 [{1}] の後のテキスト [{0}] のトークン化中にエラーが発生しました
+resolverImpl.tlsError=TLS情報を取得できません
+
rewriteMap.tooManyParameters=このマップのパラメータが多すぎます
rewriteMap.txtInvalidLine=テキスト ファイル [{1}] の行 [{0}] が無効です
rewriteMap.txtReadError=テキスト ファイル [{0}] の読み取り中のエラー
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/rewrite/QuotedStringTokenizer.java tomcat10-10.1.52/java/org/apache/catalina/valves/rewrite/QuotedStringTokenizer.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/rewrite/QuotedStringTokenizer.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/rewrite/QuotedStringTokenizer.java 2026-01-23 19:33:36.000000000 +0000
@@ -79,7 +79,7 @@
break;
default:
throw new IllegalStateException(sm.getString("quotedStringTokenizer.tokenizeError", inputText,
- Integer.valueOf(pos), currentMode));
+ Integer.valueOf(pos), currentMode));
}
pos++;
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/rewrite/RandomizedTextRewriteMap.java tomcat10-10.1.52/java/org/apache/catalina/valves/rewrite/RandomizedTextRewriteMap.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/rewrite/RandomizedTextRewriteMap.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/rewrite/RandomizedTextRewriteMap.java 2026-01-23 19:33:36.000000000 +0000
@@ -50,8 +50,11 @@
BufferedReader reader = new BufferedReader(new InputStreamReader(txtResource.getInputStream()))) {
while ((line = reader.readLine()) != null) {
if (line.startsWith("#") || line.isEmpty()) {
- // Ignore comment or empty lines
+ // Ignore comment line or empty lines
continue;
+ } else if (line.indexOf('#') > 0) {
+ // Ignore comment characters after '#'
+ line = line.substring(0, line.indexOf('#')).trim();
}
String[] keyValuePair = line.split(" ", 2);
if (keyValuePair.length > 1) {
@@ -69,8 +72,8 @@
throw new IllegalArgumentException(sm.getString("rewriteMap.txtInvalidLine", line, txtFilePath));
}
}
- } catch (IOException e) {
- throw new IllegalArgumentException(sm.getString("rewriteMap.txtReadError", txtFilePath), e);
+ } catch (IOException ioe) {
+ throw new IllegalArgumentException(sm.getString("rewriteMap.txtReadError", txtFilePath), ioe);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/rewrite/ResolverImpl.java tomcat10-10.1.52/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/rewrite/ResolverImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/rewrite/ResolverImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -34,21 +34,42 @@
import org.apache.catalina.WebResource;
import org.apache.catalina.WebResourceRoot;
import org.apache.catalina.connector.Request;
+import org.apache.juli.logging.Log;
import org.apache.tomcat.util.http.FastHttpDateFormat;
import org.apache.tomcat.util.net.SSLSupport;
import org.apache.tomcat.util.net.jsse.PEMFile;
import org.apache.tomcat.util.net.openssl.ciphers.Cipher;
import org.apache.tomcat.util.net.openssl.ciphers.EncryptionLevel;
import org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser;
+import org.apache.tomcat.util.res.StringManager;
public class ResolverImpl extends Resolver {
- protected Request request;
+ private static final StringManager sm = StringManager.getManager(ResolverImpl.class);
+ protected final Request request;
+ private final Log containerLog;
+
+
+ /**
+ * Create a resolver for the given request.
+ *
+ * @param request The request
+ *
+ * @deprecated Will be removed in Tomcat 12 onwards. Use {@link #ResolverImpl(Request, Log)}
+ */
+ @Deprecated
public ResolverImpl(Request request) {
+ this(request, request.getContext().getLogger());
+ }
+
+
+ public ResolverImpl(Request request, Log containerLog) {
this.request = request;
+ this.containerLog = containerLog;
}
+
/**
* The following are not implemented:
*
@@ -228,8 +249,11 @@
}
}
}
- } catch (IOException e) {
+ } catch (IOException ioe) {
// TLS access error
+ if (containerLog.isDebugEnabled()) {
+ containerLog.debug(sm.getString("resolverImpl.tlsError"), ioe);
+ }
}
return null;
}
@@ -275,14 +299,14 @@
} else if (key.equals("CERT")) {
try {
return PEMFile.toPEM(certificates[0]);
- } catch (CertificateEncodingException e) {
+ } catch (CertificateEncodingException ignore) {
// Ignore
}
} else if (key.startsWith("CERT_CHAIN_")) {
key = key.substring("CERT_CHAIN_".length());
try {
return PEMFile.toPEM(certificates[Integer.parseInt(key)]);
- } catch (NumberFormatException | ArrayIndexOutOfBoundsException | CertificateEncodingException e) {
+ } catch (NumberFormatException | ArrayIndexOutOfBoundsException | CertificateEncodingException ignore) {
// Ignore
}
}
@@ -317,7 +341,7 @@
return elements.get(n);
}
}
- } catch (NumberFormatException | ArrayIndexOutOfBoundsException | CertificateParsingException e) {
+ } catch (NumberFormatException | ArrayIndexOutOfBoundsException | CertificateParsingException ignore) {
// Ignore
}
return null;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/valves/rewrite/RewriteValve.java tomcat10-10.1.52/java/org/apache/catalina/valves/rewrite/RewriteValve.java
--- tomcat10-10.1.40/java/org/apache/catalina/valves/rewrite/RewriteValve.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/valves/rewrite/RewriteValve.java 2026-01-23 19:33:36.000000000 +0000
@@ -155,14 +155,17 @@
InputStream is = null;
// Process configuration file for this valve
+ // Process configuration file for this valve
if (getContainer() instanceof Context) {
context = true;
String webInfResourcePath = "/WEB-INF/" + resourcePath;
is = ((Context) getContainer()).getServletContext().getResourceAsStream(webInfResourcePath);
- if (containerLog.isDebugEnabled()) {
- if (is == null) {
- containerLog.debug(sm.getString("rewriteValve.noConfiguration", webInfResourcePath));
- } else {
+ if (is == null) {
+ if (containerLog.isInfoEnabled()) {
+ containerLog.info(sm.getString("rewriteValve.noConfiguration", webInfResourcePath));
+ }
+ } else {
+ if (containerLog.isDebugEnabled()) {
containerLog.debug(sm.getString("rewriteValve.readConfiguration", webInfResourcePath));
}
}
@@ -171,9 +174,9 @@
try {
ConfigurationSource.Resource resource = ConfigFileLoader.getSource().getResource(resourceName);
is = resource.getInputStream();
- } catch (IOException e) {
- if (containerLog.isDebugEnabled()) {
- containerLog.debug(sm.getString("rewriteValve.noConfiguration", resourceName), e);
+ } catch (IOException ioe) {
+ if (containerLog.isInfoEnabled()) {
+ containerLog.info(sm.getString("rewriteValve.noConfiguration", resourceName), ioe);
}
}
}
@@ -191,8 +194,8 @@
} finally {
try {
is.close();
- } catch (IOException e) {
- containerLog.error(sm.getString("rewriteValve.closeError"), e);
+ } catch (IOException ioe) {
+ containerLog.error(sm.getString("rewriteValve.closeError"), ioe);
}
}
@@ -202,6 +205,11 @@
if (containerLog == null) {
containerLog = LogFactory.getLog(getContainer().getLogName() + ".rewrite");
}
+ for (RewriteMap map : maps.values()) {
+ if (map instanceof Lifecycle) {
+ ((Lifecycle) map).stop();
+ }
+ }
maps.clear();
parse(new BufferedReader(new StringReader(configuration)));
}
@@ -226,6 +234,7 @@
protected void parse(BufferedReader reader) throws LifecycleException {
List rules = new ArrayList<>();
List conditions = new ArrayList<>();
+ ArrayList mapsConfiguration = new ArrayList<>();
while (true) {
try {
String line = reader.readLine();
@@ -247,7 +256,7 @@
for (RewriteCond condition : conditions) {
if (containerLog.isTraceEnabled()) {
containerLog.trace("Add condition " + condition.getCondPattern() + " test " +
- condition.getTestString() + " to rule with pattern " + rule.getPatternString() +
+ condition.getTestString() + " to rule with pattern " + rule.getPatternString() +
" and substitution " + rule.getSubstitutionString() +
(condition.isOrnext() ? " [OR]" : "") + (condition.isNocase() ? " [NC]" : ""));
}
@@ -268,16 +277,18 @@
((Lifecycle) map).start();
}
}
- } catch (IOException e) {
- containerLog.error(sm.getString("rewriteValve.readError"), e);
+ } catch (IOException ioe) {
+ containerLog.error(sm.getString("rewriteValve.readError"), ioe);
}
}
- this.rules = rules.toArray(new RewriteRule[0]);
+ this.mapsConfiguration = mapsConfiguration;
// Finish parsing the rules
- for (RewriteRule rule : this.rules) {
+ for (RewriteRule rule : rules) {
rule.parse(maps);
}
+
+ this.rules = rules.toArray(new RewriteRule[0]);
}
@Override
@@ -312,13 +323,13 @@
try {
- Resolver resolver = new ResolverImpl(request);
+ Resolver resolver = new ResolverImpl(request, containerLog);
invoked.set(Boolean.TRUE);
// As long as MB isn't a char sequence or affiliated, this has to be converted to a string
Charset uriCharset = request.getConnector().getURICharset();
- String originalQueryStringEncoded = request.getQueryString();
+ String queryStringOriginalEncoded = request.getQueryString();
MessageBytes urlMB = context ? request.getRequestPathMB() : request.getDecodedRequestURIMB();
urlMB.toChars();
CharSequence urlDecoded = urlMB.getCharChunk();
@@ -332,8 +343,6 @@
* without the two becoming confused. The re-write rules also need to be able to insert literal '%'
* characters without them being confused with %nn encoding.
*
- * The re-write rules cannot insert path parameters.
- *
* To meet these requirement, the URL is processed as follows.
*
* Step 1. The URL is partially re-encoded by encodeForRewrite(). This method encodes any literal '%', ';'
@@ -421,10 +430,10 @@
StringBuilder urlStringEncoded =
new StringBuilder(REWRITE_DEFAULT_ENCODER.encode(urlStringRewriteEncoded, uriCharset));
- if (!qsd && originalQueryStringEncoded != null && !originalQueryStringEncoded.isEmpty()) {
+ if (!qsd && queryStringOriginalEncoded != null && !queryStringOriginalEncoded.isEmpty()) {
if (rewrittenQueryStringRewriteEncoded == null) {
urlStringEncoded.append('?');
- urlStringEncoded.append(originalQueryStringEncoded);
+ urlStringEncoded.append(queryStringOriginalEncoded);
} else {
if (qsa) {
// if qsa is specified append the query
@@ -432,7 +441,7 @@
urlStringEncoded.append(
REWRITE_QUERY_ENCODER.encode(rewrittenQueryStringRewriteEncoded, uriCharset));
urlStringEncoded.append('&');
- urlStringEncoded.append(originalQueryStringEncoded);
+ urlStringEncoded.append(queryStringOriginalEncoded);
} else if (index == urlStringEncoded.length() - 1) {
// if the ? is the last character delete it, its only purpose was to
// prevent the rewrite module from appending the query string
@@ -456,11 +465,13 @@
if (context && urlStringEncoded.charAt(0) == '/' && !UriUtil.hasScheme(urlStringEncoded)) {
urlStringEncoded.insert(0, request.getContext().getEncodedPath());
}
+ String redirectPath;
if (rule.isNoescape()) {
- response.sendRedirect(UDecoder.URLDecode(urlStringEncoded.toString(), uriCharset));
+ redirectPath = UDecoder.URLDecode(urlStringEncoded.toString(), uriCharset);
} else {
- response.sendRedirect(urlStringEncoded.toString());
+ redirectPath = urlStringEncoded.toString();
}
+ response.sendRedirect(response.encodeRedirectURL(redirectPath));
response.setStatus(rule.getRedirectCode());
done = true;
break;
@@ -528,6 +539,9 @@
queryStringRewriteEncoded = urlStringRewriteEncoded.substring(queryIndex + 1);
urlStringRewriteEncoded = urlStringRewriteEncoded.substring(0, queryIndex);
}
+ // Parse path parameters from rewrite production and populate request path parameters
+ urlStringRewriteEncoded =
+ org.apache.catalina.util.RequestUtil.stripPathParams(urlStringRewriteEncoded, request);
// Save the current context path before re-writing starts
String contextPath = null;
if (context) {
@@ -543,24 +557,31 @@
// Step 3. Complete the 2nd stage to encoding.
chunk.append(REWRITE_DEFAULT_ENCODER.encode(urlStringRewriteEncoded, uriCharset));
- // Decoded and normalized URI
- // Rewriting may have denormalized the URL
- urlStringRewriteEncoded = RequestUtil.normalize(urlStringRewriteEncoded);
+ // Rewriting may have denormalized the URL and added encoded characters
+ // Decode then normalize
+ String urlStringRewriteDecoded = URLDecoder.decode(urlStringRewriteEncoded, uriCharset);
+ urlStringRewriteDecoded = RequestUtil.normalize(urlStringRewriteDecoded);
request.getCoyoteRequest().decodedURI().setChars(MessageBytes.EMPTY_CHAR_ARRAY, 0, 0);
chunk = request.getCoyoteRequest().decodedURI().getCharChunk();
if (context) {
// This is decoded and normalized
chunk.append(request.getServletContext().getContextPath());
}
- chunk.append(URLDecoder.decode(urlStringRewriteEncoded, uriCharset));
- // Set the new Query if there is one
- if (queryStringRewriteEncoded != null) {
+ chunk.append(urlStringRewriteDecoded);
+ // Set the new Query String
+ if (queryStringRewriteEncoded == null) {
+ // No new query string. Therefore the original is retained unless QSD is defined.
+ if (qsd) {
+ request.getCoyoteRequest().queryString().setChars(MessageBytes.EMPTY_CHAR_ARRAY, 0, 0);
+ }
+ } else {
+ // New query string. Therefore the original is dropped unless QSA is defined (and QSD is not).
request.getCoyoteRequest().queryString().setChars(MessageBytes.EMPTY_CHAR_ARRAY, 0, 0);
chunk = request.getCoyoteRequest().queryString().getCharChunk();
chunk.append(REWRITE_QUERY_ENCODER.encode(queryStringRewriteEncoded, uriCharset));
- if (qsa && originalQueryStringEncoded != null && !originalQueryStringEncoded.isEmpty()) {
+ if (qsa && queryStringOriginalEncoded != null && !queryStringOriginalEncoded.isEmpty()) {
chunk.append('&');
- chunk.append(originalQueryStringEncoded);
+ chunk.append(queryStringOriginalEncoded);
}
}
// Set the new host if it changed
@@ -570,6 +591,7 @@
chunk.append(host.toString());
}
request.getMappingData().recycle();
+ request.recycleSessionInfo();
// Reinvoke the whole request recursively
Connector connector = request.getConnector();
try {
@@ -654,6 +676,10 @@
while (flagsTokenizer.hasMoreElements()) {
parseRuleFlag(line, rule, flagsTokenizer.nextToken());
}
+ // If QSD and QSA are present, QSD always takes precedence
+ if (rule.isQsdiscard()) {
+ rule.setQsappend(false);
+ }
}
return rule;
} else if (token.equals("RewriteMap")) {
@@ -879,4 +905,6 @@
return input;
}
}
+
+
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/AbstractArchiveResourceSet.java tomcat10-10.1.52/java/org/apache/catalina/webresources/AbstractArchiveResourceSet.java
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/AbstractArchiveResourceSet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/AbstractArchiveResourceSet.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,17 +31,21 @@
import org.apache.catalina.WebResource;
import org.apache.catalina.WebResourceRoot;
import org.apache.catalina.util.ResourceSet;
+import org.apache.juli.logging.Log;
+import org.apache.juli.logging.LogFactory;
public abstract class AbstractArchiveResourceSet extends AbstractResourceSet {
+ private static final Log log = LogFactory.getLog(AbstractArchiveResourceSet.class);
+
private URL baseUrl;
private String baseUrlString;
- private JarFile archive = null;
+ protected JarFile archive = null;
protected Map archiveEntries = null;
protected final Object archiveLock = new Object();
- private long archiveUseCount = 0;
- private JarContents jarContents;
- private boolean retainBloomFilterForArchives = false;
+ protected long archiveUseCount = 0;
+ protected JarContents jarContents;
+ protected boolean retainBloomFilterForArchives = false;
protected final void setBaseUrl(URL baseUrl) {
this.baseUrl = baseUrl;
@@ -68,7 +72,7 @@
String webAppMount = getWebAppMount();
ArrayList result = new ArrayList<>();
- if (path.startsWith(webAppMount)) {
+ if (isPathMounted(path, webAppMount)) {
String pathInJar = getInternalPath() + path.substring(webAppMount.length());
// Always strip off the leading '/' to get the JAR path
if (!pathInJar.isEmpty() && pathInJar.charAt(0) == '/') {
@@ -108,13 +112,14 @@
return result.toArray(new String[0]);
}
+
@Override
public final Set listWebAppPaths(String path) {
checkPath(path);
String webAppMount = getWebAppMount();
ResourceSet result = new ResourceSet<>();
- if (path.startsWith(webAppMount)) {
+ if (isPathMounted(path, webAppMount)) {
String pathInJar = getInternalPath() + path.substring(webAppMount.length());
// Always strip off the leading '/' to get the JAR path and make
// sure it ends in '/'
@@ -225,7 +230,7 @@
// If the JAR has been mounted below the web application root, return
// an empty resource for requests outside of the mount point.
- if (path.startsWith(webAppMount)) {
+ if (isPathMounted(path, webAppMount)) {
String pathInJar = getInternalPath() + path.substring(webAppMount.length());
// Always strip off the leading '/' to get the JAR path
if (!pathInJar.isEmpty() && pathInJar.charAt(0) == '/') {
@@ -293,6 +298,25 @@
throw new IllegalArgumentException(sm.getString("abstractArchiveResourceSet.setReadOnlyFalse"));
}
+ /**
+ * {@inheritDoc}
+ *
+ * Calls to this method will be ignored as archives do not allow linking.
+ */
+ @Override
+ public void setAllowLinking(boolean allowLinking) {
+ }
+
+ /**
+ * {@inheritDoc}
+ *
+ * Calls to this method always return {@code false} as archives do not allow linking.
+ */
+ @Override
+ public boolean getAllowLinking() {
+ return false;
+ }
+
@SuppressWarnings("deprecation")
protected JarFile openJarFile() throws IOException {
synchronized (archiveLock) {
@@ -322,8 +346,8 @@
if (archive != null && archiveUseCount == 0) {
try {
archive.close();
- } catch (IOException e) {
- // Log at least WARN
+ } catch (IOException ioe) {
+ log.warn(sm.getString("abstractArchiveResourceSet.archiveCloseFailed"), ioe);
}
archive = null;
archiveEntries = null;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/AbstractFileResourceSet.java tomcat10-10.1.52/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/AbstractFileResourceSet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/AbstractFileResourceSet.java 2026-01-23 19:33:36.000000000 +0000
@@ -37,6 +37,7 @@
private String absoluteBase;
private String canonicalBase;
private boolean readOnly = false;
+ private Boolean allowLinking;
protected AbstractFileResourceSet(String internalPath) {
setInternalPath(internalPath);
@@ -56,6 +57,19 @@
return readOnly;
}
+ @Override
+ public void setAllowLinking(boolean allowLinking) {
+ this.allowLinking = Boolean.valueOf(allowLinking);
+ }
+
+ @Override
+ public boolean getAllowLinking() {
+ if (allowLinking == null) {
+ return getRoot().getAllowLinking();
+ }
+ return allowLinking.booleanValue();
+ }
+
protected final File file(String name, boolean mustExist) {
if (name.equals("/")) {
@@ -78,12 +92,12 @@
// If allow linking is enabled, files are not limited to being located
// under the fileBase so all further checks are disabled.
- if (getRoot().getAllowLinking()) {
+ if (getAllowLinking()) {
return file;
}
// Additional Windows specific checks to handle known problems with
- // File.getCanonicalPath()
+ // File.getCanonicalPath() and other issues
if (JrePlatform.IS_WINDOWS && isInvalidWindowsFilename(name)) {
return null;
}
@@ -92,7 +106,7 @@
String canPath = null;
try {
canPath = file.getCanonicalPath();
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore
}
if (canPath == null || !canPath.startsWith(canonicalBase)) {
@@ -150,38 +164,47 @@
protected void logIgnoredSymlink(String contextPath, String absPath, String canPath) {
- String msg = sm.getString("abstractFileResourceSet.canonicalfileCheckFailed", contextPath, absPath, canPath);
// Log issues with configuration files at a higher level
if (absPath.startsWith("/META-INF/") || absPath.startsWith("/WEB-INF/")) {
- log.error(msg);
+ log.error(sm.getString("abstractFileResourceSet.canonicalfileCheckFailed", contextPath, absPath, canPath));
} else {
- log.warn(msg);
+ log.warn(sm.getString("abstractFileResourceSet.canonicalfileCheckFailed", contextPath, absPath, canPath));
}
}
+
private boolean isInvalidWindowsFilename(String name) {
final int len = name.length();
if (len == 0) {
return false;
}
- // This consistently ~10 times faster than the equivalent regular
- // expression irrespective of input length.
+ // This is consistently ~10 times faster than the equivalent regular expression irrespective of input length.
for (int i = 0; i < len; i++) {
char c = name.charAt(i);
- if (c == '\"' || c == '<' || c == '>' || c == ':') {
- // These characters are disallowed in Windows file names and
- // there are known problems for file names with these characters
- // when using File#getCanonicalPath().
- // Note: There are additional characters that are disallowed in
- // Windows file names but these are not known to cause
- // problems when using File#getCanonicalPath().
+ /*
+ * '\"', ':', '<' and '>' are disallowed in Windows file names and there are known problems with these
+ * characters when using File#getCanonicalPath().
+ *
+ * Control characters (0x00-0x31) are not permitted and tend to be display strangely in log messages and
+ * similar.
+ *
+ * '*', '?' and '|' are also not allowed and, while they are not currently known to cause other
+ * difficulties, they are checked here rather than wasting cycles trying to find an invalid file later.
+ *
+ * The file separators ('/' and '\\') are not allowed in file names but are not excluded here as paths are
+ * passed to this method.
+ *
+ * Note: Characters are listed in ASCII order.
+ */
+ if (c < 32 || c == '\"' || c == '*' || c == ':' || c == '<' || c == '>' || c == '?' || c == '|') {
return true;
}
}
- // Windows does not allow file names to end in ' ' unless specific low
- // level APIs are used to create the files that bypass various checks.
- // File names that end in ' ' are known to cause problems when using
- // File#getCanonicalPath().
+ /*
+ * Windows does not allow file names to end in ' ' unless specific low-level APIs are used to create the files
+ * that bypass various checks. File names that end in ' ' are known to cause problems when using
+ * File#getCanonicalPath().
+ */
return name.charAt(len - 1) == ' ';
}
@@ -228,8 +251,8 @@
try {
this.canonicalBase = fileBase.getCanonicalPath();
- } catch (IOException e) {
- throw new IllegalArgumentException(e);
+ } catch (IOException ioe) {
+ throw new IllegalArgumentException(ioe);
}
// Need to handle mapping of the file system root as a special case
@@ -243,4 +266,4 @@
protected abstract void checkType(File file);
-}
+}
\ No newline at end of file
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/AbstractResource.java tomcat10-10.1.52/java/org/apache/catalina/webresources/AbstractResource.java
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/AbstractResource.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/AbstractResource.java 2026-01-23 19:33:36.000000000 +0000
@@ -90,7 +90,7 @@
if (contentLength <= 16 * 1024) {
byte[] buf = getContent();
if (buf != null) {
- buf = ConcurrentMessageDigest.digest("SHA-1", buf);
+ buf = ConcurrentMessageDigest.digestSHA256(buf);
strongETag = "\"" + HexUtils.toHexString(buf) + "\"";
} else {
strongETag = getETag();
@@ -98,7 +98,7 @@
} else {
byte[] buf = new byte[4096];
try (InputStream is = getInputStream()) {
- MessageDigest digest = MessageDigest.getInstance("SHA-1");
+ MessageDigest digest = MessageDigest.getInstance("SHA-256");
while (true) {
int n = is.read(buf);
if (n <= 0) {
@@ -128,6 +128,14 @@
@Override
public final String getMimeType() {
+ if (mimeType == null) {
+ String name = getName();
+ int extensionStart = name.lastIndexOf('.');
+ if (extensionStart > -1) {
+ String extension = name.substring(extensionStart + 1);
+ mimeType = root.getContext().findMimeMapping(extension);
+ }
+ }
return mimeType;
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/AbstractResourceSet.java tomcat10-10.1.52/java/org/apache/catalina/webresources/AbstractResourceSet.java
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/AbstractResourceSet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/AbstractResourceSet.java 2026-01-23 19:33:36.000000000 +0000
@@ -71,9 +71,13 @@
public final void setWebAppMount(String webAppMount) {
checkPath(webAppMount);
- // Optimise internal processing
- if (webAppMount.equals("/")) {
- this.webAppMount = "";
+ /*
+ * Originally, only "/" was changed to "" to allow some optimisations. The fix for CVE-2025-49125 means that
+ * mounted WebResourceSets will break if webAppMount ends in '/'. So now the trailing "/" is removed in all
+ * cases.
+ */
+ if (webAppMount.endsWith("/")) {
+ this.webAppMount = webAppMount.substring(0, webAppMount.length() - 1);
} else {
this.webAppMount = webAppMount;
}
@@ -83,6 +87,18 @@
return webAppMount;
}
+ protected boolean isPathMounted(String path, String webAppMount) {
+ // Doesn't call getWebAppMount() as value might have changed
+ if (path.startsWith(webAppMount)) {
+ if (path.length() != webAppMount.length() && path.charAt(webAppMount.length()) != '/') {
+ return false;
+ }
+ return true;
+ }
+ return false;
+ }
+
+
public final void setBase(String base) {
this.base = base;
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/AbstractSingleArchiveResource.java tomcat10-10.1.52/java/org/apache/catalina/webresources/AbstractSingleArchiveResource.java
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/AbstractSingleArchiveResource.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/AbstractSingleArchiveResource.java 2026-01-23 19:33:36.000000000 +0000
@@ -38,10 +38,10 @@
JarEntry jarEntry = jarFile.getJarEntry(getResource().getName());
InputStream is = jarFile.getInputStream(jarEntry);
return new JarInputStreamWrapper(jarEntry, is);
- } catch (IOException e) {
+ } catch (IOException ioe) {
if (getLog().isDebugEnabled()) {
getLog().debug(sm.getString("jarResource.getInputStreamFail", getResource().getName(), getBaseUrl()),
- e);
+ ioe);
}
if (jarFile != null) {
getArchiveResourceSet().closeJarFile();
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/Cache.java tomcat10-10.1.52/java/org/apache/catalina/webresources/Cache.java
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/Cache.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/Cache.java 2026-01-23 19:33:36.000000000 +0000
@@ -233,8 +233,9 @@
private boolean noCache(String path) {
// Don't cache classes. The class loader handles this.
// Don't cache JARs. The ResourceSet handles this.
- return (path.endsWith(".class") && (path.startsWith("/WEB-INF/classes/") || path.startsWith("/WEB-INF/lib/"))) ||
- (path.startsWith("/WEB-INF/lib/") && path.endsWith(".jar"));
+ return (path.endsWith(".class") &&
+ (path.startsWith("/WEB-INF/classes/") || path.startsWith("/WEB-INF/lib/"))) ||
+ (path.startsWith("/WEB-INF/lib/") && path.endsWith(".jar"));
}
private long evict(long targetSize, Iterator iter) {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/CachedResource.java tomcat10-10.1.52/java/org/apache/catalina/webresources/CachedResource.java
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/CachedResource.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/CachedResource.java 2026-01-23 19:33:36.000000000 +0000
@@ -296,7 +296,7 @@
if (cachedStrongETag == null) {
byte[] buf = getContent();
if (buf != null) {
- buf = ConcurrentMessageDigest.digest("SHA-1", buf);
+ buf = ConcurrentMessageDigest.digestSHA256(buf);
cachedStrongETag = "\"" + HexUtils.toHexString(buf) + "\"";
} else {
cachedStrongETag = webResource.getStrongETag();
@@ -660,5 +660,10 @@
return ((JarURLConnection) resourceURL.openConnection()).getJarFile();
}
+ @Override
+ public String getContentType() {
+ // "content/unknown" is the value used by sun.net.www.URLConnection. It is used here for consistency.
+ return Objects.requireNonNullElse(getResource().getMimeType(), "content/unknown");
+ }
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/DirResourceSet.java tomcat10-10.1.52/java/org/apache/catalina/webresources/DirResourceSet.java
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/DirResourceSet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/DirResourceSet.java 2026-01-23 19:33:36.000000000 +0000
@@ -103,7 +103,7 @@
String webAppMount = getWebAppMount();
WebResourceRoot root = getRoot();
boolean readOnly = isReadOnly();
- if (path.startsWith(webAppMount)) {
+ if (isPathMounted(path, webAppMount)) {
/*
* Lock the path for reading until the WebResource has been constructed. The lock prevents concurrent reads
* and writes (e.g. HTTP GET and PUT / DELETE) for the same path causing corruption of the FileResource
@@ -137,7 +137,7 @@
public String[] list(String path) {
checkPath(path);
String webAppMount = getWebAppMount();
- if (path.startsWith(webAppMount)) {
+ if (isPathMounted(path, webAppMount)) {
File f = file(path.substring(webAppMount.length()), true);
if (f == null) {
return EMPTY_STRING_ARRAY;
@@ -165,15 +165,16 @@
checkPath(path);
String webAppMount = getWebAppMount();
ResourceSet result = new ResourceSet<>();
- if (path.startsWith(webAppMount)) {
+ if (isPathMounted(path, webAppMount)) {
File f = file(path.substring(webAppMount.length()), true);
if (f != null) {
File[] list = f.listFiles();
if (list != null) {
+ String fCanPath = null;
for (File entry : list) {
// f has already been validated so the following checks
// can be much simpler than those in file()
- if (!getRoot().getAllowLinking()) {
+ if (!getAllowLinking()) {
// allow linking is disabled so need to check for
// symlinks
boolean symlink = true;
@@ -187,7 +188,9 @@
// that what is left does not contain a symlink.
absPath = entry.getAbsolutePath().substring(f.getAbsolutePath().length());
String entryCanPath = entry.getCanonicalPath();
- String fCanPath = f.getCanonicalPath();
+ if (fCanPath == null) {
+ fCanPath = f.getCanonicalPath();
+ }
if (entryCanPath.length() >= fCanPath.length()) {
canPath = entryCanPath.substring(fCanPath.length());
if (absPath.equals(canPath)) {
@@ -239,7 +242,7 @@
return false;
}
String webAppMount = getWebAppMount();
- if (path.startsWith(webAppMount)) {
+ if (isPathMounted(path, webAppMount)) {
File f = file(path.substring(webAppMount.length()), false);
if (f == null) {
return false;
@@ -269,7 +272,7 @@
}
String webAppMount = getWebAppMount();
- if (!path.startsWith(webAppMount)) {
+ if (!isPathMounted(path, webAppMount)) {
return false;
}
@@ -325,8 +328,8 @@
if (mf != null && mf.isFile()) {
try (FileInputStream fis = new FileInputStream(mf)) {
setManifest(new Manifest(fis));
- } catch (IOException e) {
- log.warn(sm.getString("dirResourceSet.manifestFail", mf.getAbsolutePath()), e);
+ } catch (IOException ioe) {
+ log.warn(sm.getString("dirResourceSet.manifestFail", mf.getAbsolutePath()), ioe);
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/EmptyResource.java tomcat10-10.1.52/java/org/apache/catalina/webresources/EmptyResource.java
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/EmptyResource.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/EmptyResource.java 2026-01-23 19:33:36.000000000 +0000
@@ -99,7 +99,7 @@
} else {
try {
return file.getCanonicalPath();
- } catch (IOException e) {
+ } catch (IOException ioe) {
return null;
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/EmptyResourceSet.java tomcat10-10.1.52/java/org/apache/catalina/webresources/EmptyResourceSet.java
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/EmptyResourceSet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/EmptyResourceSet.java 2026-01-23 19:33:36.000000000 +0000
@@ -143,6 +143,25 @@
/**
* {@inheritDoc}
*
+ * Calls to this method will be ignored as this implementation does not allow linking.
+ */
+ @Override
+ public void setAllowLinking(boolean allowLinking) {
+ }
+
+ /**
+ * {@inheritDoc}
+ *
+ * Calls to this method always return {@code false} as this implementation does not allow linking.
+ */
+ @Override
+ public boolean getAllowLinking() {
+ return false;
+ }
+
+ /**
+ * {@inheritDoc}
+ *
* This implementation always returns true.
*/
@Override
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/FileResource.java tomcat10-10.1.52/java/org/apache/catalina/webresources/FileResource.java
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/FileResource.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/FileResource.java 2026-01-23 19:33:36.000000000 +0000
@@ -267,9 +267,9 @@
try {
BasicFileAttributes attrs = Files.readAttributes(resource.toPath(), BasicFileAttributes.class);
return attrs.creationTime().toMillis();
- } catch (IOException e) {
+ } catch (IOException ioe) {
if (log.isDebugEnabled()) {
- log.debug(sm.getString("fileResource.getCreationFail", resource.getPath()), e);
+ log.debug(sm.getString("fileResource.getCreationFail", resource.getPath()), ioe);
}
return 0;
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/JarContents.java tomcat10-10.1.52/java/org/apache/catalina/webresources/JarContents.java
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/JarContents.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/JarContents.java 2026-01-23 19:33:36.000000000 +0000
@@ -17,6 +17,7 @@
package org.apache.catalina.webresources;
import java.util.BitSet;
+import java.util.Collection;
import java.util.Enumeration;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
@@ -27,8 +28,7 @@
* from the beginning of the key. The hash methods are simple but good enough for this purpose.
*/
public final class JarContents {
- private final BitSet bits1;
- private final BitSet bits2;
+
/**
* Constant used by a typical hashing method.
*/
@@ -44,6 +44,10 @@
*/
private static final int TABLE_SIZE = 2048;
+ private final BitSet bits1 = new BitSet(TABLE_SIZE);
+ private final BitSet bits2 = new BitSet(TABLE_SIZE);
+
+
/**
* Parses the passed-in jar and populates the bit array.
*
@@ -51,52 +55,66 @@
*/
public JarContents(JarFile jar) {
Enumeration entries = jar.entries();
- bits1 = new BitSet(TABLE_SIZE);
- bits2 = new BitSet(TABLE_SIZE);
-
while (entries.hasMoreElements()) {
JarEntry entry = entries.nextElement();
- String name = entry.getName();
- int startPos = 0;
+ processEntry(entry);
+ }
+ }
- // If the path starts with a slash, that's not useful information.
- // Skipping it increases the significance of our key by
- // removing an insignificant character.
- boolean precedingSlash = name.charAt(0) == '/';
- if (precedingSlash) {
- startPos = 1;
- }
- // Versioned entries should be added to the table according to their real name
- if (name.startsWith("META-INF/versions/", startPos)) {
- int i = name.indexOf('/', 18 + startPos);
- if (i > 0) {
- int version = Integer.parseInt(name.substring(18 + startPos, i));
- if (version <= Runtime.version().feature()) {
- startPos = i + 1;
- }
- }
- if (startPos == name.length()) {
- continue;
+ /**
+ * Populates the bit array from the provided set of JAR entries.
+ *
+ * @param entries The set of entries for the JAR file being processed
+ */
+ public JarContents(Collection entries) {
+ for (JarEntry entry : entries) {
+ processEntry(entry);
+ }
+ }
+
+
+ private void processEntry(JarEntry entry) {
+ String name = entry.getName();
+ int startPos = 0;
+
+ // If the path starts with a slash, that's not useful information.
+ // Skipping it increases the significance of our key by
+ // removing an insignificant character.
+ boolean precedingSlash = name.charAt(0) == '/';
+ if (precedingSlash) {
+ startPos = 1;
+ }
+
+ // Versioned entries should be added to the table according to their real name
+ if (name.startsWith("META-INF/versions/", startPos)) {
+ int i = name.indexOf('/', 18 + startPos);
+ if (i > 0) {
+ int version = Integer.parseInt(name.substring(18 + startPos, i));
+ if (version <= Runtime.version().feature()) {
+ startPos = i + 1;
}
}
+ if (startPos == name.length()) {
+ return;
+ }
+ }
- // Find the correct table slot
- int pathHash1 = hashcode(name, startPos, HASH_PRIME_1);
- int pathHash2 = hashcode(name, startPos, HASH_PRIME_2);
+ // Find the correct table slot
+ int pathHash1 = hashcode(name, startPos, HASH_PRIME_1);
+ int pathHash2 = hashcode(name, startPos, HASH_PRIME_2);
+
+ bits1.set(pathHash1 % TABLE_SIZE);
+ bits2.set(pathHash2 % TABLE_SIZE);
+
+ // While directory entry names always end in "/", application code
+ // may look them up without the trailing "/". Add this second form.
+ if (entry.isDirectory()) {
+ pathHash1 = hashcode(name, startPos, name.length() - 1, HASH_PRIME_1);
+ pathHash2 = hashcode(name, startPos, name.length() - 1, HASH_PRIME_2);
bits1.set(pathHash1 % TABLE_SIZE);
bits2.set(pathHash2 % TABLE_SIZE);
-
- // While directory entry names always end in "/", application code
- // may look them up without the trailing "/". Add this second form.
- if (entry.isDirectory()) {
- pathHash1 = hashcode(name, startPos, name.length() - 1, HASH_PRIME_1);
- pathHash2 = hashcode(name, startPos, name.length() - 1, HASH_PRIME_2);
-
- bits1.set(pathHash1 % TABLE_SIZE);
- bits2.set(pathHash2 % TABLE_SIZE);
- }
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/JarWarResource.java tomcat10-10.1.52/java/org/apache/catalina/webresources/JarWarResource.java
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/JarWarResource.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/JarWarResource.java 2026-01-23 19:33:36.000000000 +0000
@@ -63,9 +63,9 @@
}
return new JarInputStreamWrapper(entry, jarIs);
- } catch (IOException e) {
+ } catch (IOException ioe) {
if (log.isDebugEnabled()) {
- log.debug(sm.getString("jarResource.getInputStreamFail", getResource().getName(), getBaseUrl()), e);
+ log.debug(sm.getString("jarResource.getInputStreamFail", getResource().getName(), getBaseUrl()), ioe);
}
// Ensure jarIs is closed if there is an exception
entry = null;
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/JarWarResourceSet.java tomcat10-10.1.52/java/org/apache/catalina/webresources/JarWarResourceSet.java
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/JarWarResourceSet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/JarWarResourceSet.java 2026-01-23 19:33:36.000000000 +0000
@@ -28,6 +28,7 @@
import java.util.jar.JarFile;
import java.util.jar.JarInputStream;
import java.util.jar.Manifest;
+import java.util.zip.ZipFile;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.WebResource;
@@ -141,16 +142,39 @@
if (jarFileIs != null) {
try {
jarFileIs.close();
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore
}
}
}
}
+ WebResourceRoot root = getRoot();
+ if (root.getArchiveIndexStrategyEnum().getUsesBloom()) {
+ jarContents = new JarContents(archiveEntries.values());
+ retainBloomFilterForArchives = root.getArchiveIndexStrategyEnum().getRetain();
+ }
return archiveEntries;
}
}
+
+ /**
+ * {@inheritDoc}
+ *
+ * JarWar needs to generate jarContents for the inner JAR, not the outer WAR.
+ */
+ @Override
+ protected JarFile openJarFile() throws IOException {
+ synchronized (archiveLock) {
+ if (archive == null) {
+ archive = new JarFile(new File(getBase()), true, ZipFile.OPEN_READ, Runtime.version());
+ // Don't populate JarContents here. Populate at the end of getArchiveEntries()
+ }
+ archiveUseCount++;
+ return archive;
+ }
+ }
+
protected void processArchivesEntriesForMultiRelease() {
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/LocalStrings.properties tomcat10-10.1.52/java/org/apache/catalina/webresources/LocalStrings.properties
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/LocalStrings.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/LocalStrings.properties 2026-01-23 19:33:36.000000000 +0000
@@ -16,6 +16,7 @@
# Do not edit this file directly.
# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
+abstractArchiveResourceSet.archiveCloseFailed=Error closing archive. Archive may still be open.
abstractArchiveResourceSet.setReadOnlyFalse=Archive based WebResourceSets such as those based on JARs are hard-coded to be read-only and may not be configured to be read-write
abstractFileResourceSet.canonicalfileCheckFailed=Resource for web application [{0}] at path [{1}] was not loaded as the canonical path [{2}] did not match. Use of symlinks is one possible cause.
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/LocalStrings_fr.properties tomcat10-10.1.52/java/org/apache/catalina/webresources/LocalStrings_fr.properties
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/LocalStrings_fr.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/LocalStrings_fr.properties 2026-01-23 19:33:36.000000000 +0000
@@ -16,6 +16,7 @@
# Do not edit this file directly.
# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
+abstractArchiveResourceSet.archiveCloseFailed=Erreur lors de la fermeture de l'archive, elle pourrait toujours être ouverte
abstractArchiveResourceSet.setReadOnlyFalse=Les archives basées sur WebResourceSets telles que celles des JARs sont fixées comme étant en lecture seule et ne peuvent être configurées en lecture écriture
abstractFileResourceSet.canonicalfileCheckFailed=La ressource de l''application web [{0}] du chemin [{1}] n''a pas été chargée car le chemin canonique [{2}] ne correspond pas; l''utilisation de liens symboliques peut être une cause possible
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/LocalStrings_ja.properties tomcat10-10.1.52/java/org/apache/catalina/webresources/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -16,6 +16,7 @@
# Do not edit this file directly.
# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
+abstractArchiveResourceSet.archiveCloseFailed=アーカイブを閉じる際にエラーが発生しました。アーカイブがまだ開いている可能性があります。
abstractArchiveResourceSet.setReadOnlyFalse=JAR に基づく WebResourceSet などのアーカイブ ベースの WebResourceSet は、読み取り専用にハードコードされており、読み取り/書き込み可能に構成されていない可能性があります
abstractFileResourceSet.canonicalfileCheckFailed=正規パス [{2}] が一致しなかったため、パス [{1}] のWebアプリケーション [{0}] のリソースが読み込まれませんでした。 シンボリックリンクの使用は、考えられる原因の1つです。
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/LocalStrings_ru.properties tomcat10-10.1.52/java/org/apache/catalina/webresources/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/LocalStrings_ru.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -16,6 +16,8 @@
# Do not edit this file directly.
# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
+dirResourceSet.notDirectory=Директория указанная по основному и внутреннему пути [{0}]{1}[{2}] не существует.
+
extractingRoot.targetFailed=Ошибка создания директории [{0}] для распакованных JAR файлов
standardRoot.createUnknownType=Невозможно создать WebResourceSet неизвестного типа [{0}]
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/StandardRoot.java tomcat10-10.1.52/java/org/apache/catalina/webresources/StandardRoot.java
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/StandardRoot.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/StandardRoot.java 2026-01-23 19:33:36.000000000 +0000
@@ -790,7 +790,7 @@
trackedResource.getCreatedBy());
try {
trackedResource.close();
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/catalina/webresources/TomcatJarInputStream.java tomcat10-10.1.52/java/org/apache/catalina/webresources/TomcatJarInputStream.java
--- tomcat10-10.1.40/java/org/apache/catalina/webresources/TomcatJarInputStream.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/catalina/webresources/TomcatJarInputStream.java 2026-01-23 19:33:36.000000000 +0000
@@ -42,7 +42,7 @@
ZipEntry ze = super.createZipEntry(name);
if (metaInfEntry == null && "META-INF/".equals(name)) {
metaInfEntry = (JarEntry) ze;
- } else if (manifestEntry == null && "META-INF/MANIFESR.MF".equals(name)) {
+ } else if (manifestEntry == null && "META-INF/MANIFEST.MF".equals(name)) {
manifestEntry = (JarEntry) ze;
}
return ze;
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/AbstractProcessor.java tomcat10-10.1.52/java/org/apache/coyote/AbstractProcessor.java
--- tomcat10-10.1.40/java/org/apache/coyote/AbstractProcessor.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/AbstractProcessor.java 2026-01-23 19:33:36.000000000 +0000
@@ -375,8 +375,8 @@
try {
// Validate and write response headers
prepareResponse();
- } catch (IOException e) {
- handleIOException(e);
+ } catch (IOException ioe) {
+ handleIOException(ioe);
}
}
break;
@@ -385,8 +385,8 @@
action(ActionCode.COMMIT, null);
try {
finishResponse();
- } catch (IOException e) {
- handleIOException(e);
+ } catch (IOException ioe) {
+ handleIOException(ioe);
}
break;
}
@@ -397,8 +397,8 @@
case EARLY_HINTS: {
try {
earlyHints();
- } catch (IOException e) {
- handleIOException(e);
+ } catch (IOException ioe) {
+ handleIOException(ioe);
}
break;
}
@@ -406,9 +406,9 @@
action(ActionCode.COMMIT, null);
try {
flush();
- } catch (IOException e) {
- handleIOException(e);
- response.setErrorException(e);
+ } catch (IOException ioe) {
+ handleIOException(ioe);
+ response.setErrorException(ioe);
}
break;
}
@@ -1075,7 +1075,7 @@
// information (e.g. client IP)
setSocketWrapper(socketWrapper);
// Set up the minimal request information
- request.setStartTimeNanos(System.nanoTime());
+ request.markStartTime();
// Set up the minimal response information
response.setStatus(400);
response.setError();
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/AbstractProtocol.java tomcat10-10.1.52/java/org/apache/coyote/AbstractProtocol.java
--- tomcat10-10.1.40/java/org/apache/coyote/AbstractProtocol.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/AbstractProtocol.java 2026-01-23 19:33:36.000000000 +0000
@@ -1017,9 +1017,9 @@
} finally {
try {
instanceManager.destroyInstance(httpUpgradeHandler);
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
- getLog().error(sm.getString("abstractConnectionHandler.error"), e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ getLog().error(sm.getString("abstractConnectionHandler.error"), t);
}
upgradeToken.getContextBind().unbind(false, oldCL);
}
@@ -1036,14 +1036,19 @@
return state;
} catch (SocketException e) {
// SocketExceptions are normal
- getLog().debug(sm.getString("abstractConnectionHandler.socketexception.debug"), e);
- } catch (IOException e) {
+ if (getLog().isDebugEnabled()) {
+ getLog().debug(sm.getString("abstractConnectionHandler.socketexception.debug"), e);
+ }
+ } catch (IOException ioe) {
// IOExceptions are normal
- getLog().debug(sm.getString("abstractConnectionHandler.ioexception.debug"), e);
+ if (getLog().isDebugEnabled()) {
+ getLog().debug(sm.getString("abstractConnectionHandler.ioexception.debug"), ioe);
+ }
} catch (ProtocolException e) {
- // Protocol exceptions normally mean the client sent invalid or
- // incomplete data.
- getLog().debug(sm.getString("abstractConnectionHandler.protocolexception.debug"), e);
+ // Protocol exceptions normally mean the client sent invalid or incomplete data.
+ if (getLog().isDebugEnabled()) {
+ getLog().debug(sm.getString("abstractConnectionHandler.protocolexception.debug"), e);
+ }
}
// Future developers: if you discover any other
// rare-but-nonfatal exceptions, catch them here, and log as
@@ -1054,12 +1059,12 @@
// Worst case, it isn't recoverable and the attempt at logging
// will trigger another OOME.
getLog().error(sm.getString("abstractConnectionHandler.oome"), oome);
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
// any other exception or error is odd. Here we log it
// with "ERROR" level, so it will show up even on
// less-than-verbose logs.
- getLog().error(sm.getString("abstractConnectionHandler.error"), e);
+ getLog().error(sm.getString("abstractConnectionHandler.error"), t);
}
// Make sure socket/processor is removed from the list of current
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/ActionCode.java tomcat10-10.1.52/java/org/apache/coyote/ActionCode.java
--- tomcat10-10.1.40/java/org/apache/coyote/ActionCode.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/ActionCode.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,8 +22,6 @@
*
* @see ProtocolHandler
* @see ActionHook
- *
- * @author Remy Maucherat
*/
public enum ActionCode {
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/ActionHook.java tomcat10-10.1.52/java/org/apache/coyote/ActionHook.java
--- tomcat10-10.1.40/java/org/apache/coyote/ActionHook.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/ActionHook.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,8 +22,6 @@
* coyote connectors. Some standard actions are defined in ActionCode, however custom actions are permitted. The param
* object can be used to pass and return information related with the action. This interface is typically implemented by
* ProtocolHandlers, and the param is usually a Request or Response object.
- *
- * @author Remy Maucherat
*/
public interface ActionHook {
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/Adapter.java tomcat10-10.1.52/java/org/apache/coyote/Adapter.java
--- tomcat10-10.1.40/java/org/apache/coyote/Adapter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/Adapter.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,8 +21,6 @@
/**
* Adapter. This represents the entry point in a coyote-based servlet container.
*
- * @author Remy Maucherat
- *
* @see ProtocolHandler
*/
public interface Adapter {
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/CompressionConfig.java tomcat10-10.1.52/java/org/apache/coyote/CompressionConfig.java
--- tomcat10-10.1.40/java/org/apache/coyote/CompressionConfig.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/CompressionConfig.java 2026-01-23 19:33:36.000000000 +0000
@@ -206,18 +206,18 @@
Set tokens = new HashSet<>();
try {
TokenList.parseTokenList(responseHeaders.values("Content-Encoding"), tokens);
- } catch (IOException e) {
+ } catch (IOException ioe) {
// Because we are using StringReader, any exception here is a
// Tomcat bug.
- log.warn(sm.getString("compressionConfig.ContentEncodingParseFail"), e);
+ log.warn(sm.getString("compressionConfig.ContentEncodingParseFail"), ioe);
return false;
}
if (tokens.contains("identity")) {
// If identity, do not do content modifications
useContentEncoding = false;
- } else if (tokens.contains("br") || tokens.contains("compress") || tokens.contains("dcb")
- || tokens.contains("dcz") || tokens.contains("deflate") || tokens.contains("gzip")
- || tokens.contains("pack200-gzip") || tokens.contains("zstd")) {
+ } else if (tokens.contains("br") || tokens.contains("compress") || tokens.contains("dcb") ||
+ tokens.contains("dcz") || tokens.contains("deflate") || tokens.contains("gzip") ||
+ tokens.contains("pack200-gzip") || tokens.contains("zstd")) {
// Content should not be compressed twice
return false;
}
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/Constants.java tomcat10-10.1.52/java/org/apache/coyote/Constants.java
--- tomcat10-10.1.40/java/org/apache/coyote/Constants.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/Constants.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,8 +21,6 @@
/**
* Constants.
- *
- * @author Remy Maucherat
*/
public final class Constants {
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/OutputBuffer.java tomcat10-10.1.52/java/org/apache/coyote/OutputBuffer.java
--- tomcat10-10.1.40/java/org/apache/coyote/OutputBuffer.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/OutputBuffer.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,8 +22,6 @@
/**
* Output buffer. This class is used internally by the protocol implementation. All writes from higher level code should
* happen via Response.doWrite().
- *
- * @author Remy Maucherat
*/
public interface OutputBuffer {
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/ProtocolHandler.java tomcat10-10.1.52/java/org/apache/coyote/ProtocolHandler.java
--- tomcat10-10.1.40/java/org/apache/coyote/ProtocolHandler.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/ProtocolHandler.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,9 +26,6 @@
* Abstract the protocol implementation, including threading, etc. This is the main interface to be implemented by a
* coyote protocol. Adapter is the main interface to be implemented by a coyote servlet container.
*
- * @author Remy Maucherat
- * @author Costin Manolache
- *
* @see Adapter
*/
public interface ProtocolHandler {
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/Request.java tomcat10-10.1.52/java/org/apache/coyote/Request.java
--- tomcat10-10.1.40/java/org/apache/coyote/Request.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/Request.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,6 +20,7 @@
import java.io.StringReader;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
+import java.time.Instant;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
@@ -34,6 +35,7 @@
import org.apache.tomcat.util.buf.B2CConverter;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.buf.UDecoder;
+import org.apache.tomcat.util.http.Method;
import org.apache.tomcat.util.http.MimeHeaders;
import org.apache.tomcat.util.http.Parameters;
import org.apache.tomcat.util.http.ServerCookies;
@@ -50,15 +52,6 @@
*
*
"org.apache.tomcat.request" - allows access to the low-level request object in trusted applications
*
- *
- * @author James Duncan Davidson [duncan@eng.sun.com]
- * @author James Todd [gonzo@eng.sun.com]
- * @author Jason Hunter [jch@eng.sun.com]
- * @author Harish Prabandham
- * @author Alex Cruikshank [alex@epitonic.com]
- * @author Hans Bergsten [hans@gefionsoftware.com]
- * @author Costin Manolache
- * @author Remy Maucherat
*/
public final class Request {
@@ -72,8 +65,8 @@
* another 3,000,000 years before it gets back to zero).
*
* Local testing shows that 5, 10, 50, 500 or 1000 threads can obtain 60,000,000+ IDs a second from a single
- * AtomicLong. That is about 17ns per request. It does not appear that the introduction of this counter will
- * cause a bottleneck for request processing.
+ * AtomicLong. That is about 17ns per request. It does not appear that the introduction of this counter will cause a
+ * bottleneck for request processing.
*/
private static final AtomicLong requestIdGenerator = new AtomicLong(0);
@@ -165,6 +158,7 @@
private long bytesRead = 0;
// Time of the request - useful to avoid repeated calls to System.currentTime
private long startTimeNanos = -1;
+ private Instant startInstant = null;
private long threadId = 0;
private int available = 0;
@@ -317,10 +311,36 @@
return schemeMB;
}
+ /**
+ * Get a MessageBytes instance that holds the current request's HTTP method.
+ *
+ * @return a MessageBytes instance that holds the current request's HTTP method.
+ *
+ * @deprecated Use {@link #getMethod()}, {@link Request#setMethod(String)} and {@link #setMethod(byte[], int, int)}
+ */
+ @Deprecated
public MessageBytes method() {
return methodMB;
}
+ public void setMethod(String method) {
+ methodMB.setString(method);
+ }
+
+ public void setMethod(byte[] buf, int start, int len) {
+ String method = Method.bytesToString(buf, start, len);
+ if (method == null) {
+ methodMB.setBytes(buf, start, len);
+ method = methodMB.toStringType();
+ } else {
+ methodMB.setString(method);
+ }
+ }
+
+ public String getMethod() {
+ return methodMB.toStringType();
+ }
+
public MessageBytes requestURI() {
return uriMB;
}
@@ -698,21 +718,41 @@
return System.currentTimeMillis() - TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - startTimeNanos);
}
+ public long getStartTimeNanos() {
+ return startTimeNanos;
+ }
+
/**
* @param startTime time
*
- * @deprecated This setter will be removed in Tomcat 11
+ * @deprecated This setter will be removed in Tomcat 11. Use {@link #markStartTime()}.
*/
@Deprecated
public void setStartTime(long startTime) {
+ startTimeNanos = System.nanoTime() + TimeUnit.MILLISECONDS.toNanos(startTime - System.currentTimeMillis());
+ startInstant = Instant.now();
}
- public long getStartTimeNanos() {
- return startTimeNanos;
- }
-
+ /**
+ * Set the start time using the value provided by {@code System.nanoTime()}.
+ *
+ * @param startTimeNanos The value returned from {@code System.nanoTime()} at the point the requests started.
+ *
+ * @deprecated Unused. Will be removed in Tomcat 12 onwards. Use {@link #markStartTime()}.
+ */
+ @Deprecated
public void setStartTimeNanos(long startTimeNanos) {
this.startTimeNanos = startTimeNanos;
+ startInstant = Instant.now();
+ }
+
+ public void markStartTime() {
+ startTimeNanos = System.nanoTime();
+ startInstant = Instant.now();
+ }
+
+ public Instant getStartInstant() {
+ return startInstant;
}
public long getThreadId() {
@@ -822,6 +862,7 @@
allDataReadEventSent.set(false);
startTimeNanos = -1;
+ startInstant = null;
threadId = 0;
if (hook instanceof NonPipeliningProcessor) {
@@ -866,7 +907,7 @@
MediaType mediaType = null;
try {
mediaType = MediaType.parseMediaType(new StringReader(contentType));
- } catch (IOException e) {
+ } catch (IOException ioe) {
// Ignore - null test below handles this
}
if (mediaType != null) {
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/RequestInfo.java tomcat10-10.1.52/java/org/apache/coyote/RequestInfo.java
--- tomcat10-10.1.40/java/org/apache/coyote/RequestInfo.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/RequestInfo.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,9 +25,7 @@
* Structure holding the Request and Response objects. It also holds statistical information about request processing
* and provide management information about the requests being processed. Each thread uses a Request/Response pair that
* is recycled on each request. This object provides a place to collect global low-level statistics - without having to
- * deal with synchronization ( since each thread will have its own RequestProcessorMX ).
- *
- * @author Costin Manolache
+ * deal with synchronization (since each thread will have its own RequestProcessorMX).
*/
public class RequestInfo {
private RequestGroupInfo global = null;
@@ -65,7 +63,7 @@
// This is useful for long-running requests only
public String getMethod() {
- return req.method().toString();
+ return req.getMethod();
}
public String getCurrentUri() {
@@ -261,4 +259,18 @@
public void setLastRequestProcessingTime(long lastRequestProcessingTime) {
this.lastRequestProcessingTime = lastRequestProcessingTime;
}
+
+ public void recycleStatistcs() {
+ this.bytesSent = 0;
+ this.bytesReceived = 0;
+
+ this.processingTime = 0;
+ this.maxTime = 0;
+ this.maxRequestUri = null;
+
+ this.requestCount = 0;
+ this.errorCount = 0;
+
+ this.lastRequestProcessingTime = 0;
+ }
}
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/Response.java tomcat10-10.1.52/java/org/apache/coyote/Response.java
--- tomcat10-10.1.40/java/org/apache/coyote/Response.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/Response.java 2026-01-23 19:33:36.000000000 +0000
@@ -41,13 +41,6 @@
/**
* Response object.
- *
- * @author James Duncan Davidson [duncan@eng.sun.com]
- * @author Jason Hunter [jch@eng.sun.com]
- * @author James Todd [gonzo@eng.sun.com]
- * @author Harish Prabandham
- * @author Hans Bergsten [hans@gefionsoftware.com]
- * @author Remy Maucherat
*/
public final class Response {
@@ -552,7 +545,7 @@
MediaType m = null;
try {
m = MediaType.parseMediaType(new StringReader(type));
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore - null test below handles this
}
if (m == null) {
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/ajp/AjpMessage.java tomcat10-10.1.52/java/org/apache/coyote/ajp/AjpMessage.java
--- tomcat10-10.1.40/java/org/apache/coyote/ajp/AjpMessage.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/ajp/AjpMessage.java 2026-01-23 19:33:36.000000000 +0000
@@ -29,16 +29,9 @@
* A single packet for communication between the web server and the container. Designed to be reused many times with no
* creation of garbage. Understands the format of data types for these packets. Can be used (somewhat confusingly) for
* both incoming and outgoing packets.
- *
- * @author Henri Gomez
- * @author Dan Milstein
- * @author Keith Wannamaker
- * @author Kevin Seguin
- * @author Costin Manolache
*/
public class AjpMessage {
-
private static final Log log = LogFactory.getLog(AjpMessage.class);
/**
@@ -47,17 +40,11 @@
protected static final StringManager sm = StringManager.getManager(AjpMessage.class);
- // ------------------------------------------------------------ Constructor
-
-
public AjpMessage(int packetSize) {
buf = new byte[packetSize];
}
- // ----------------------------------------------------- Instance Variables
-
-
/**
* Fixed size buffer.
*/
@@ -78,9 +65,6 @@
protected int len;
- // --------------------------------------------------------- Public Methods
-
-
/**
* Prepare this packet for accumulating a message from the container to the web server. Set the write position to
* just after the header (but leave the length unwritten, because it is as yet unknown).
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/ajp/AjpProcessor.java tomcat10-10.1.52/java/org/apache/coyote/ajp/AjpProcessor.java
--- tomcat10-10.1.40/java/org/apache/coyote/ajp/AjpProcessor.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/ajp/AjpProcessor.java 2026-01-23 19:33:36.000000000 +0000
@@ -48,6 +48,7 @@
import org.apache.tomcat.util.ExceptionUtils;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
+import org.apache.tomcat.util.http.Method;
import org.apache.tomcat.util.http.MimeHeaders;
import org.apache.tomcat.util.net.AbstractEndpoint.Handler.SocketState;
import org.apache.tomcat.util.net.ApplicationBufferHandler;
@@ -128,19 +129,17 @@
System.arraycopy(pongMessage.getBuffer(), 0, pongMessageArray, 0, pongMessage.getLen());
// Build Map of Java Servlet to Jakarta Servlet attribute names
- jakartaAttributeMapping = Map.of(
- "jakarta.servlet.request.cipher_suite", "jakarta.servlet.request.cipher_suite",
- "jakarta.servlet.request.key_size", "jakarta.servlet.request.key_size",
- "jakarta.servlet.request.ssl_session", "jakarta.servlet.request.ssl_session",
- "jakarta.servlet.request.X509Certificate", "jakarta.servlet.request.X509Certificate",
- "javax.servlet.request.cipher_suite", "jakarta.servlet.request.cipher_suite",
- "javax.servlet.request.key_size", "jakarta.servlet.request.key_size",
- "javax.servlet.request.ssl_session", "jakarta.servlet.request.ssl_session",
- "javax.servlet.request.X509Certificate", "jakarta.servlet.request.X509Certificate");
-
- iisTlsAttributes = Set.of(
- "CERT_ISSUER", "CERT_SUBJECT", "CERT_COOKIE", "HTTPS_SERVER_SUBJECT", "CERT_FLAGS", "HTTPS_SECRETKEYSIZE",
- "CERT_SERIALNUMBER", "HTTPS_SERVER_ISSUER", "HTTPS_KEYSIZE");
+ jakartaAttributeMapping = Map.of("jakarta.servlet.request.cipher_suite", "jakarta.servlet.request.cipher_suite",
+ "jakarta.servlet.request.key_size", "jakarta.servlet.request.key_size",
+ "jakarta.servlet.request.ssl_session", "jakarta.servlet.request.ssl_session",
+ "jakarta.servlet.request.X509Certificate", "jakarta.servlet.request.X509Certificate",
+ "javax.servlet.request.cipher_suite", "jakarta.servlet.request.cipher_suite",
+ "javax.servlet.request.key_size", "jakarta.servlet.request.key_size",
+ "javax.servlet.request.ssl_session", "jakarta.servlet.request.ssl_session",
+ "javax.servlet.request.X509Certificate", "jakarta.servlet.request.X509Certificate");
+
+ iisTlsAttributes = Set.of("CERT_ISSUER", "CERT_SUBJECT", "CERT_COOKIE", "HTTPS_SERVER_SUBJECT", "CERT_FLAGS",
+ "HTTPS_SECRETKEYSIZE", "CERT_SERIALNUMBER", "HTTPS_SERVER_ISSUER", "HTTPS_KEYSIZE");
}
@@ -362,11 +361,11 @@
try {
socketWrapper.write(true, pongMessageArray, 0, pongMessageArray.length);
socketWrapper.flush(true);
- } catch (IOException e) {
+ } catch (IOException ioe) {
if (getLog().isDebugEnabled()) {
- getLog().debug(sm.getString("ajpprocessor.pongFail"), e);
+ getLog().debug(sm.getString("ajpprocessor.pongFail"), ioe);
}
- setErrorState(ErrorState.CLOSE_CONNECTION_NOW, e);
+ setErrorState(ErrorState.CLOSE_CONNECTION_NOW, ioe);
}
recycle();
continue;
@@ -379,13 +378,15 @@
setErrorState(ErrorState.CLOSE_CONNECTION_NOW, null);
break;
}
- request.setStartTimeNanos(System.nanoTime());
- } catch (IOException e) {
- setErrorState(ErrorState.CLOSE_CONNECTION_NOW, e);
+ request.markStartTime();
+ } catch (IOException ioe) {
+ setErrorState(ErrorState.CLOSE_CONNECTION_NOW, ioe);
break;
} catch (Throwable t) {
ExceptionUtils.handleThrowable(t);
- getLog().debug(sm.getString("ajpprocessor.header.error"), t);
+ if (getLog().isDebugEnabled()) {
+ getLog().debug(sm.getString("ajpprocessor.header.error"), t);
+ }
// 400 - Bad Request
response.setStatus(400);
setErrorState(ErrorState.CLOSE_CLEAN, t);
@@ -398,7 +399,9 @@
prepareRequest();
} catch (Throwable t) {
ExceptionUtils.handleThrowable(t);
- getLog().debug(sm.getString("ajpprocessor.request.prepare"), t);
+ if (getLog().isDebugEnabled()) {
+ getLog().debug(sm.getString("ajpprocessor.request.prepare"), t);
+ }
// 500 - Internal Server Error
response.setStatus(500);
setErrorState(ErrorState.CLOSE_CLEAN, t);
@@ -564,7 +567,7 @@
// Zero length message.
return true;
} else {
- if (messageLength > message.getBuffer().length) {
+ if (messageLength > (buf.length - Constants.H_SIZE)) {
// Message too long for the buffer
// Need to trigger a 400 response
String msg = sm.getString("ajpprocessor.header.tooLong", Integer.valueOf(messageLength),
@@ -637,7 +640,7 @@
byte methodCode = requestHeaderMessage.getByte();
if (methodCode != Constants.SC_M_JK_STORED) {
String methodName = Constants.getMethodForCode(methodCode - 1);
- request.method().setString(methodName);
+ request.setMethod(methodName);
}
requestHeaderMessage.getBytes(request.protocol());
@@ -765,12 +768,12 @@
case Constants.SC_A_CONTEXT:
requestHeaderMessage.getBytes(tmpMB);
- // nothing
+ // nothing
break;
case Constants.SC_A_SERVLET_PATH:
requestHeaderMessage.getBytes(tmpMB);
- // nothing
+ // nothing
break;
case Constants.SC_A_REMOTE_USER:
@@ -801,7 +804,7 @@
case Constants.SC_A_JVM_ROUTE:
requestHeaderMessage.getBytes(tmpMB);
- // nothing
+ // nothing
break;
case Constants.SC_A_SSL_CERT:
@@ -824,7 +827,9 @@
break;
case Constants.SC_A_STORED_METHOD:
- requestHeaderMessage.getBytes(request.method());
+ requestHeaderMessage.getBytes(tmpMB);
+ ByteChunk tmpBC = tmpMB.getByteChunk();
+ request.setMethod(tmpBC.getBytes(), tmpBC.getStart(), tmpBC.getLength());
break;
case Constants.SC_A_SECRET:
@@ -839,7 +844,7 @@
break;
default:
- // Ignore unknown attribute for backward compatibility
+ // Ignore unknown attribute for backward compatibility
break;
}
@@ -892,9 +897,9 @@
protected void populateHost() {
try {
request.serverName().duplicate(request.localName());
- } catch (IOException e) {
+ } catch (IOException ioe) {
response.setStatus(400);
- setErrorState(ErrorState.CLOSE_CLEAN, e);
+ setErrorState(ErrorState.CLOSE_CLEAN, ioe);
}
}
@@ -922,7 +927,7 @@
// Responses with certain status codes and/or methods are not permitted to include a response body.
int statusCode = response.getStatus();
if (statusCode < 200 || statusCode == 204 || statusCode == 205 || statusCode == 304 ||
- request.method().equals("HEAD")) {
+ Method.HEAD.equals(request.getMethod())) {
// No entity body
swallowResponse = true;
}
@@ -1055,10 +1060,12 @@
if (empty && doRead) {
try {
refillReadBuffer(false);
- } catch (IOException timeout) {
- // Not ideal. This will indicate that data is available
- // which should trigger a read which in turn will trigger
- // another IOException and that one can be thrown.
+ } catch (IOException ioe) {
+ /*
+ * Probably a timeout. This approach isn't ideal but it works. Returning 1 will indicate that data is
+ * available which should trigger a read which in turn will trigger another IOException and that one can
+ * be thrown.
+ */
return 1;
}
}
@@ -1300,8 +1307,8 @@
// Validate and write response headers
try {
prepareResponse();
- } catch (IOException e) {
- setErrorState(ErrorState.CLOSE_CONNECTION_NOW, e);
+ } catch (IOException ioe) {
+ setErrorState(ErrorState.CLOSE_CONNECTION_NOW, ioe);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/ajp/Constants.java tomcat10-10.1.52/java/org/apache/coyote/ajp/Constants.java
--- tomcat10-10.1.40/java/org/apache/coyote/ajp/Constants.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/ajp/Constants.java 2026-01-23 19:33:36.000000000 +0000
@@ -19,10 +19,10 @@
import java.util.HashMap;
import java.util.Map;
+import org.apache.tomcat.util.http.Method;
+
/**
* Constants.
- *
- * @author Remy Maucherat
*/
public final class Constants {
@@ -104,10 +104,10 @@
public static final int MAX_SEND_SIZE = MAX_PACKET_SIZE - SEND_HEAD_LEN;
// Translates integer codes to names of HTTP methods
- private static final String[] methodTransArray =
- { "OPTIONS", "GET", "HEAD", "POST", "PUT", "DELETE", "TRACE", "PROPFIND", "PROPPATCH", "MKCOL", "COPY",
- "MOVE", "LOCK", "UNLOCK", "ACL", "REPORT", "VERSION-CONTROL", "CHECKIN", "CHECKOUT", "UNCHECKOUT",
- "SEARCH", "MKWORKSPACE", "UPDATE", "LABEL", "MERGE", "BASELINE-CONTROL", "MKACTIVITY" };
+ private static final String[] methodTransArray = { Method.OPTIONS, Method.GET, Method.HEAD, Method.POST, Method.PUT,
+ Method.DELETE, Method.TRACE, Method.PROPFIND, Method.PROPPATCH, Method.MKCOL, Method.COPY, Method.MOVE,
+ Method.LOCK, Method.UNLOCK, "ACL", "REPORT", "VERSION-CONTROL", "CHECKIN", "CHECKOUT", "UNCHECKOUT",
+ "SEARCH", "MKWORKSPACE", "UPDATE", "LABEL", "MERGE", "BASELINE-CONTROL", "MKACTIVITY" };
/**
* Converts an AJP coded HTTP method to the method name.
@@ -172,12 +172,8 @@
private static final Map responseTransMap = new HashMap<>(20);
static {
- try {
- for (int i = 0; i < SC_RESP_AJP13_MAX; i++) {
- responseTransMap.put(getResponseHeaderForCode(i), Integer.valueOf(0xA001 + i));
- }
- } catch (Exception e) {
- // Do nothing
+ for (int i = 0; i < SC_RESP_AJP13_MAX; i++) {
+ responseTransMap.put(getResponseHeaderForCode(i), Integer.valueOf(0xA001 + i));
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http11/AbstractHttp11Protocol.java tomcat10-10.1.52/java/org/apache/coyote/http11/AbstractHttp11Protocol.java
--- tomcat10-10.1.40/java/org/apache/coyote/http11/AbstractHttp11Protocol.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http11/AbstractHttp11Protocol.java 2026-01-23 19:33:36.000000000 +0000
@@ -562,7 +562,7 @@
}
public boolean isTrailerHeaderAllowed(String headerName) {
- return allowedTrailerHeaders.contains(headerName);
+ return allowedTrailerHeaders.contains(headerName.trim().toLowerCase(Locale.ENGLISH));
}
public String getAllowedTrailerHeaders() {
@@ -792,6 +792,10 @@
}
+ public boolean checkSni(String sniHostName, String protocolHostName) {
+ return getEndpoint().checkSni(sniHostName, protocolHostName);
+ }
+
// ------------------------------------------------------------- Common code
@Override
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http11/Constants.java tomcat10-10.1.52/java/org/apache/coyote/http11/Constants.java
--- tomcat10-10.1.40/java/org/apache/coyote/http11/Constants.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http11/Constants.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
/**
* Constants.
- *
- * @author Remy Maucherat
*/
public final class Constants {
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http11/Http11InputBuffer.java tomcat10-10.1.52/java/org/apache/coyote/http11/Http11InputBuffer.java
--- tomcat10-10.1.40/java/org/apache/coyote/http11/Http11InputBuffer.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http11/Http11InputBuffer.java 2026-01-23 19:33:36.000000000 +0000
@@ -366,7 +366,7 @@
// just skipping blank lines)
if (parsingRequestLinePhase == 0) {
parsingRequestLinePhase = 1;
- request.setStartTimeNanos(System.nanoTime());
+ request.markStartTime();
}
chr = byteBuffer.get();
} while (chr == Constants.CR || chr == Constants.LF);
@@ -394,8 +394,7 @@
chr = byteBuffer.get();
if (chr == Constants.SP || chr == Constants.HT) {
space = true;
- request.method().setBytes(byteBuffer.array(), parsingRequestLineStart,
- pos - parsingRequestLineStart);
+ request.setMethod(byteBuffer.array(), parsingRequestLineStart, pos - parsingRequestLineStart);
} else if (!HttpParser.isToken(chr)) {
// Avoid unknown protocol triggering an additional error
request.protocol().setString(Constants.HTTP_11);
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http11/Http11Processor.java tomcat10-10.1.52/java/org/apache/coyote/http11/Http11Processor.java
--- tomcat10-10.1.40/java/org/apache/coyote/http11/Http11Processor.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http11/Http11Processor.java 2026-01-23 19:33:36.000000000 +0000
@@ -55,6 +55,7 @@
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.http.FastHttpDateFormat;
+import org.apache.tomcat.util.http.Method;
import org.apache.tomcat.util.http.MimeHeaders;
import org.apache.tomcat.util.http.parser.HttpParser;
import org.apache.tomcat.util.http.parser.TokenList;
@@ -302,11 +303,11 @@
socketWrapper.setReadTimeout(protocol.getConnectionUploadTimeout());
}
}
- } catch (IOException e) {
+ } catch (IOException ioe) {
if (log.isDebugEnabled()) {
- log.debug(sm.getString("http11processor.header.parse"), e);
+ log.debug(sm.getString("http11processor.header.parse"), ioe);
}
- setErrorState(ErrorState.CLOSE_CONNECTION_NOW, e);
+ setErrorState(ErrorState.CLOSE_CONNECTION_NOW, ioe);
break;
} catch (Throwable t) {
ExceptionUtils.handleThrowable(t);
@@ -503,7 +504,7 @@
// Transfer the minimal information required for the copy of the Request
// that is passed to the HTTP upgrade process
dest.decodedURI().duplicate(source.decodedURI());
- dest.method().duplicate(source.method());
+ dest.setMethod(source.getMethod());
dest.getMimeHeaders().duplicate(source.getMimeHeaders());
dest.requestURI().duplicate(source.requestURI());
dest.queryString().duplicate(source.queryString());
@@ -576,7 +577,7 @@
long contentLength = -1;
try {
contentLength = request.getContentLengthLong();
- } catch (Exception e) {
+ } catch (Exception ignore) {
// Ignore, an error here is already processed in prepareRequest
// but is done again since the content length is still -1
}
@@ -608,6 +609,11 @@
http09 = true;
http11 = false;
keepAlive = false;
+ if (!Method.GET.equals(request.getMethod())) {
+ // Send 400, GET is the only allowed method for HTTP/0.9
+ response.setStatus(400);
+ setErrorState(ErrorState.CLOSE_CLEAN, null);
+ }
} else {
// Unsupported protocol
http09 = false;
@@ -758,7 +764,7 @@
try {
hostValueMB = headers.setValue("host");
hostValueMB.setBytes(uriB, uriBCStart + pos, slashPos - pos);
- } catch (IllegalStateException e) {
+ } catch (IllegalStateException ignore) {
// Edge case
// If the request has too many headers it won't be
// possible to create the host header. Ignore this as
@@ -786,6 +792,11 @@
// Validate host name and extract port if present
parseHost(hostValueMB);
+ // Match host name with SNI if required
+ if (!protocol.checkSni(socketWrapper.getSniHostName(), request.serverName().toString())) {
+ badRequest("http11processor.request.sni");
+ }
+
if (!getErrorState().isIoAllowed()) {
getAdapter().log(request, response, 0);
}
@@ -902,8 +913,7 @@
}
}
- MessageBytes methodMB = request.method();
- boolean head = methodMB.equals("HEAD");
+ boolean head = Method.HEAD.equals(request.getMethod());
if (head) {
// Any entity body, if present, should not be sent
outputBuffer.addActiveFilter(outputFilters[Constants.VOID_FILTER]);
@@ -1163,6 +1173,8 @@
endRequest();
inputBuffer.nextRequest();
outputBuffer.nextRequest();
+ // Set keep alive timeout for next request
+ socketWrapper.setReadTimeout(protocol.getKeepAliveTimeout());
if (socketWrapper.isReadPending()) {
return SocketState.LONG;
} else {
@@ -1205,8 +1217,8 @@
if (getErrorState().isIoAllowed()) {
try {
inputBuffer.endRequest();
- } catch (IOException e) {
- setErrorState(ErrorState.CLOSE_CONNECTION_NOW, e);
+ } catch (IOException ioe) {
+ setErrorState(ErrorState.CLOSE_CONNECTION_NOW, ioe);
} catch (Throwable t) {
ExceptionUtils.handleThrowable(t);
// 500 - Internal Server Error
@@ -1221,8 +1233,8 @@
try {
action(ActionCode.COMMIT, null);
outputBuffer.end();
- } catch (IOException e) {
- setErrorState(ErrorState.CLOSE_CONNECTION_NOW, e);
+ } catch (IOException ioe) {
+ setErrorState(ErrorState.CLOSE_CONNECTION_NOW, ioe);
} catch (Throwable t) {
ExceptionUtils.handleThrowable(t);
setErrorState(ErrorState.CLOSE_NOW, t);
@@ -1250,8 +1262,8 @@
if (!response.isCommitted() && request.hasExpectation()) {
try {
outputBuffer.sendAck();
- } catch (IOException e) {
- setErrorState(ErrorState.CLOSE_CONNECTION_NOW, e);
+ } catch (IOException ioe) {
+ setErrorState(ErrorState.CLOSE_CONNECTION_NOW, ioe);
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http11/InputFilter.java tomcat10-10.1.52/java/org/apache/coyote/http11/InputFilter.java
--- tomcat10-10.1.40/java/org/apache/coyote/http11/InputFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http11/InputFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -24,8 +24,6 @@
/**
* Input filter interface.
- *
- * @author Remy Maucherat
*/
public interface InputFilter extends InputBuffer {
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http11/LocalStrings.properties tomcat10-10.1.52/java/org/apache/coyote/http11/LocalStrings.properties
--- tomcat10-10.1.40/java/org/apache/coyote/http11/LocalStrings.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http11/LocalStrings.properties 2026-01-23 19:33:36.000000000 +0000
@@ -39,6 +39,7 @@
http11processor.request.nonNumericContentLength=The request contained a content-length header with a non-numeric value
http11processor.request.prepare=Error preparing request
http11processor.request.process=Error processing request
+http11processor.request.sni=The host header does not match the SNI host
http11processor.request.unsupportedEncoding=Error preparing request, unsupported transfer encoding [{0}]
http11processor.request.unsupportedVersion=Error preparing request, unsupported HTTP version [{0}]
http11processor.response.finish=Error finishing response
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http11/OutputFilter.java tomcat10-10.1.52/java/org/apache/coyote/http11/OutputFilter.java
--- tomcat10-10.1.40/java/org/apache/coyote/http11/OutputFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http11/OutputFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
/**
* Output filter.
- *
- * @author Remy Maucherat
*/
public interface OutputFilter extends HttpOutputBuffer {
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java tomcat10-10.1.52/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
--- tomcat10-10.1.40/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,6 +20,7 @@
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.Set;
+import java.util.concurrent.atomic.AtomicLong;
import org.apache.coyote.ActionCode;
import org.apache.coyote.BadRequestException;
@@ -38,8 +39,6 @@
/**
* Chunked input filter. Parses chunked data according to http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.6.1
- *
- * @author Remy Maucherat
*/
public class ChunkedInputFilter implements InputFilter, ApplicationBufferHandler, HeaderDataSource {
@@ -108,7 +107,7 @@
private volatile boolean crFound = false;
private volatile int chunkSizeDigitsRead = 0;
private volatile boolean parsingExtension = false;
- private volatile long extensionSize;
+ private final AtomicLong extensionSize = new AtomicLong(0);
private final HttpHeaderParser httpHeaderParser;
// ----------------------------------------------------------- Constructors
@@ -253,7 +252,7 @@
crFound = false;
chunkSizeDigitsRead = 0;
parsingExtension = false;
- extensionSize = 0;
+ extensionSize.set(0);
httpHeaderParser.recycle();
}
@@ -367,7 +366,7 @@
// semicolons may appear to separate multiple chunk-extensions.
// These need to be processed as part of parsing the extensions.
parsingExtension = true;
- extensionSize++;
+ extensionSize.incrementAndGet();
} else if (!parsingExtension) {
int charValue = HexUtils.getDec(chr);
if (charValue != -1 && chunkSizeDigitsRead < 8) {
@@ -381,8 +380,8 @@
// Extension 'parsing'
// Note that the chunk-extension is neither parsed nor
// validated. Currently it is simply ignored.
- extensionSize++;
- if (maxExtensionSize > -1 && extensionSize > maxExtensionSize) {
+ long extSize = extensionSize.incrementAndGet();
+ if (maxExtensionSize > -1 && extSize > maxExtensionSize) {
throwBadRequestException(sm.getString("chunkedInputFilter.maxExtension"));
}
}
@@ -430,7 +429,7 @@
// semicolons may appear to separate multiple chunk-extensions.
// These need to be processed as part of parsing the extensions.
parsingExtension = true;
- extensionSize++;
+ extensionSize.incrementAndGet();
} else if (!parsingExtension) {
int charValue = HexUtils.getDec(chr);
if (charValue != -1 && chunkSizeDigitsRead < 8) {
@@ -444,8 +443,8 @@
// Extension 'parsing'
// Note that the chunk-extension is neither parsed nor
// validated. Currently it is simply ignored.
- extensionSize++;
- if (maxExtensionSize > -1 && extensionSize > maxExtensionSize) {
+ long extSize = extensionSize.incrementAndGet();
+ if (maxExtensionSize > -1 && extSize > maxExtensionSize) {
return false;
}
}
@@ -505,7 +504,7 @@
/**
* Parse CRLF at end of chunk.
*
- * @return {@code true} if the read is complete or {@code false if incomplete}. In complete reads can only happen
+ * @return {@code true} if the read is complete or {@code false if incomplete}. Incomplete reads can only happen
* with non-blocking I/O.
*
* @throws IOException An error occurred parsing CRLF
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http11/filters/ChunkedOutputFilter.java tomcat10-10.1.52/java/org/apache/coyote/http11/filters/ChunkedOutputFilter.java
--- tomcat10-10.1.40/java/org/apache/coyote/http11/filters/ChunkedOutputFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http11/filters/ChunkedOutputFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -34,8 +34,6 @@
/**
* Chunked output filter.
- *
- * @author Remy Maucherat
*/
public class ChunkedOutputFilter implements OutputFilter {
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http11/filters/GzipOutputFilter.java tomcat10-10.1.52/java/org/apache/coyote/http11/filters/GzipOutputFilter.java
--- tomcat10-10.1.40/java/org/apache/coyote/http11/filters/GzipOutputFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http11/filters/GzipOutputFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -30,8 +30,6 @@
/**
* Gzip output filter.
- *
- * @author Remy Maucherat
*/
public class GzipOutputFilter implements OutputFilter {
@@ -98,9 +96,9 @@
log.trace("Flushing the compression stream!");
}
compressionStream.flush();
- } catch (IOException e) {
+ } catch (IOException ioe) {
if (log.isDebugEnabled()) {
- log.debug(sm.getString("gzipOutputFilter.flushFail"), e);
+ log.debug(sm.getString("gzipOutputFilter.flushFail"), ioe);
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http11/filters/IdentityInputFilter.java tomcat10-10.1.52/java/org/apache/coyote/http11/filters/IdentityInputFilter.java
--- tomcat10-10.1.40/java/org/apache/coyote/http11/filters/IdentityInputFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http11/filters/IdentityInputFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -29,8 +29,6 @@
/**
* Identity input filter.
- *
- * @author Remy Maucherat
*/
public class IdentityInputFilter implements InputFilter, ApplicationBufferHandler {
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http11/filters/IdentityOutputFilter.java tomcat10-10.1.52/java/org/apache/coyote/http11/filters/IdentityOutputFilter.java
--- tomcat10-10.1.40/java/org/apache/coyote/http11/filters/IdentityOutputFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http11/filters/IdentityOutputFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,8 +25,6 @@
/**
* Identity output filter.
- *
- * @author Remy Maucherat
*/
public class IdentityOutputFilter implements OutputFilter {
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http11/filters/SavedRequestInputFilter.java tomcat10-10.1.52/java/org/apache/coyote/http11/filters/SavedRequestInputFilter.java
--- tomcat10-10.1.40/java/org/apache/coyote/http11/filters/SavedRequestInputFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http11/filters/SavedRequestInputFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -49,11 +49,10 @@
return -1;
}
- ByteBuffer byteBuffer = handler.getByteBuffer();
- byteBuffer.position(byteBuffer.limit()).limit(byteBuffer.capacity());
- input.subtract(byteBuffer);
-
- return byteBuffer.remaining();
+ int len = input.getLength();
+ handler.setByteBuffer(ByteBuffer.wrap(input.getBytes(), input.getStart(), len));
+ input.setStart(input.getEnd());
+ return len;
}
/**
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http11/filters/VoidInputFilter.java tomcat10-10.1.52/java/org/apache/coyote/http11/filters/VoidInputFilter.java
--- tomcat10-10.1.40/java/org/apache/coyote/http11/filters/VoidInputFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http11/filters/VoidInputFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -27,8 +27,6 @@
/**
* Void input filter, which returns -1 when attempting a read. Used with a GET, HEAD, or a similar request.
- *
- * @author Remy Maucherat
*/
public class VoidInputFilter implements InputFilter {
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http11/filters/VoidOutputFilter.java tomcat10-10.1.52/java/org/apache/coyote/http11/filters/VoidOutputFilter.java
--- tomcat10-10.1.40/java/org/apache/coyote/http11/filters/VoidOutputFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http11/filters/VoidOutputFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,8 +25,6 @@
/**
* Void output filter, which silently swallows bytes written. Used with a 204 status (no content) or a HEAD request.
- *
- * @author Remy Maucherat
*/
public class VoidOutputFilter implements OutputFilter {
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http11/upgrade/UpgradeServletInputStream.java tomcat10-10.1.52/java/org/apache/coyote/http11/upgrade/UpgradeServletInputStream.java
--- tomcat10-10.1.40/java/org/apache/coyote/http11/upgrade/UpgradeServletInputStream.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http11/upgrade/UpgradeServletInputStream.java 2026-01-23 19:33:36.000000000 +0000
@@ -79,8 +79,8 @@
try {
ready = Boolean.valueOf(socketWrapper.isReadyForRead());
- } catch (IOException e) {
- onError(e);
+ } catch (IOException ioe) {
+ onError(ioe);
}
return ready.booleanValue();
}
@@ -213,8 +213,8 @@
if (listener == null || !socketWrapper.isReadyForRead()) {
return;
}
- } catch (IOException e) {
- onError(e);
+ } catch (IOException ioe) {
+ onError(ioe);
}
ready = Boolean.TRUE;
ClassLoader oldCL = processor.getUpgradeToken().getContextBind().bind(false, null);
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http2/AbstractNonZeroStream.java tomcat10-10.1.52/java/org/apache/coyote/http2/AbstractNonZeroStream.java
--- tomcat10-10.1.40/java/org/apache/coyote/http2/AbstractNonZeroStream.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http2/AbstractNonZeroStream.java 2026-01-23 19:33:36.000000000 +0000
@@ -85,9 +85,9 @@
/**
* Notify that some data has been received.
*
- * @param payloadSize the byte count
+ * @param dataLength the byte count
*
* @throws Http2Exception if an error is detected
*/
- abstract void receivedData(int payloadSize) throws Http2Exception;
+ abstract void receivedData(int dataLength) throws Http2Exception;
}
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http2/ConnectionSettingsBase.java tomcat10-10.1.52/java/org/apache/coyote/http2/ConnectionSettingsBase.java
--- tomcat10-10.1.40/java/org/apache/coyote/http2/ConnectionSettingsBase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http2/ConnectionSettingsBase.java 2026-01-23 19:33:36.000000000 +0000
@@ -66,6 +66,11 @@
final void set(Setting setting, long value) throws T {
+ set(setting, value, false);
+ }
+
+
+ final void set(Setting setting, long value, boolean force) throws T {
if (log.isTraceEnabled()) {
log.trace(sm.getString("connectionSettings.debug", connectionId, getEndpointName(), setting,
Long.toString(value)));
@@ -102,11 +107,21 @@
return;
}
- set(setting, Long.valueOf(value));
+ set(setting, Long.valueOf(value), force);
}
- synchronized void set(Setting setting, Long value) {
+ /**
+ * Specify a new value for setting with the option to force the change to take effect immediately rather than
+ * waiting until an {@code ACK} is received.
+ *
+ * @param setting The setting to update
+ * @param value The new value for the setting
+ * @param force {@code false} if an {@code ACK} must be received before the setting takes effect or {@code true}
+ * if the setting to take effect immediately. Even if the setting takes effect immediately, it
+ * will still be included in the next {@code SETTINGS} frame and an {@code ACK} will be expected.
+ */
+ synchronized void set(Setting setting, Long value, boolean force) {
current.put(setting, value);
}
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http2/ConnectionSettingsLocal.java tomcat10-10.1.52/java/org/apache/coyote/http2/ConnectionSettingsLocal.java
--- tomcat10-10.1.40/java/org/apache/coyote/http2/ConnectionSettingsLocal.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http2/ConnectionSettingsLocal.java 2026-01-23 19:33:36.000000000 +0000
@@ -40,12 +40,15 @@
@Override
- final synchronized void set(Setting setting, Long value) {
+ final synchronized void set(Setting setting, Long value, boolean force) {
checkSend();
if (current.get(setting).longValue() == value.longValue()) {
pending.remove(setting);
} else {
pending.put(setting, value);
+ if (force) {
+ current.put(setting, value);
+ }
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http2/Hpack.java tomcat10-10.1.52/java/org/apache/coyote/http2/Hpack.java
--- tomcat10-10.1.40/java/org/apache/coyote/http2/Hpack.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http2/Hpack.java 2026-01-23 19:33:36.000000000 +0000
@@ -18,6 +18,7 @@
import java.nio.ByteBuffer;
+import org.apache.tomcat.util.http.Method;
import org.apache.tomcat.util.res.StringManager;
final class Hpack {
@@ -26,8 +27,16 @@
private static final byte LOWER_DIFF = 'a' - 'A';
static final int DEFAULT_TABLE_SIZE = 4096;
- private static final int MAX_INTEGER_OCTETS = 8; // not sure what a good value for this is, but the spec says we
- // need to provide an upper bound
+ /*
+ * The HPack specification says there SHOULD be an upper bound on this.
+ *
+ * Tomcat has opted to limit values to INTEGER.MAX_VALUE. Give that there is the prefix byte and then each octet
+ * provides up to 7-bits, a total a 5 octets plus the prefix may be required.
+ *
+ * Note: The maximum value represented by 5 octets is greater than INTEGER.MAX_VALUE.
+ *
+ */
+ private static final int MAX_INTEGER_OCTETS = 5;
/**
* table that contains powers of two, used as both bitmask and to quickly calculate 2^n
@@ -52,8 +61,8 @@
HeaderField[] fields = new HeaderField[62];
// note that zero is not used
fields[1] = new HeaderField(":authority", null);
- fields[2] = new HeaderField(":method", "GET");
- fields[3] = new HeaderField(":method", "POST");
+ fields[2] = new HeaderField(":method", Method.GET);
+ fields[3] = new HeaderField(":method", Method.POST);
fields[4] = new HeaderField(":path", "/");
fields[5] = new HeaderField(":path", "/index.html");
fields[6] = new HeaderField(":scheme", "http");
@@ -151,10 +160,12 @@
int sp = source.position();
int mask = PREFIX_TABLE[n];
- int i = mask & source.get();
+ // Use long internally as the value may exceed Integer.MAX_VALUE
+ long result = mask & source.get();
int b;
- if (i < PREFIX_TABLE[n]) {
- return i;
+ if (result < PREFIX_TABLE[n]) {
+ // Casting is safe as result must be less than 255 at this point.
+ return (int) result;
} else {
int m = 0;
do {
@@ -169,11 +180,15 @@
return -1;
}
b = source.get();
- i = i + (b & 127) * (PREFIX_TABLE[m] + 1);
+ result = result + (b & 127) * (PREFIX_TABLE[m] + 1L);
+ if (result > Integer.MAX_VALUE) {
+ throw new HpackException(sm.getString("hpack.integerEncodedTooBig"));
+ }
m += 7;
} while ((b & 128) == 128);
}
- return i;
+ // Casting is safe as result must be less than Integer.MAX_VALUE at this point
+ return (int) result;
}
/**
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http2/HpackDecoder.java tomcat10-10.1.52/java/org/apache/coyote/http2/HpackDecoder.java
--- tomcat10-10.1.40/java/org/apache/coyote/http2/HpackDecoder.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http2/HpackDecoder.java 2026-01-23 19:33:36.000000000 +0000
@@ -380,10 +380,9 @@
/**
* Are the headers pass to the recipient so far valid? The decoder needs to process all the headers to maintain
- * state even if there is a problem. In addition, it is easy for the intended recipient to track if the
- * complete set of headers is valid since to do that state needs to be maintained between the parsing of the
- * initial headers and the parsing of any trailer headers. The recipient is the best place to maintain that
- * state.
+ * state even if there is a problem. In addition, it is easy for the intended recipient to track if the complete
+ * set of headers is valid since to do that state needs to be maintained between the parsing of the initial
+ * headers and the parsing of any trailer headers. The recipient is the best place to maintain that state.
*
* @throws StreamException If the headers received to date are not valid
*/
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http2/Http2AsyncUpgradeHandler.java tomcat10-10.1.52/java/org/apache/coyote/http2/Http2AsyncUpgradeHandler.java
--- tomcat10-10.1.40/java/org/apache/coyote/http2/Http2AsyncUpgradeHandler.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http2/Http2AsyncUpgradeHandler.java 2026-01-23 19:33:36.000000000 +0000
@@ -132,6 +132,10 @@
log.trace(sm.getString("upgradeHandler.rst.debug", connectionId, Integer.toString(se.getStreamId()),
se.getError(), se.getMessage()));
}
+
+ // Treat a sent reset like a received reset and increment the overhead count
+ increaseOverheadCount(FrameType.RST, getProtocol().getOverheadResetFactor());
+
// Write a RST frame
byte[] rstFrame = new byte[13];
// Length
@@ -335,7 +339,7 @@
(int) (sendfile.end - sendfile.pos);
sendfile.streamReservation = sendfile.stream.reserveWindowSize(reservation, true);
sendfile.connectionReservation = reserveWindowSize(sendfile.stream, sendfile.streamReservation, true);
- } catch (IOException e) {
+ } catch (IOException ioe) {
return SendfileState.ERROR;
}
@@ -372,7 +376,7 @@
ByteBuffer.wrap(header), sendfile.mappedBuffer);
try {
handleAsyncException();
- } catch (IOException e) {
+ } catch (IOException ioe) {
return SendfileState.ERROR;
}
}
@@ -397,8 +401,8 @@
if (sendfile.left == 0) {
try {
sendfile.stream.getOutputBuffer().end();
- } catch (IOException e) {
- failed(e, sendfile);
+ } catch (IOException ioe) {
+ failed(ioe, sendfile);
}
return;
}
@@ -415,8 +419,8 @@
sendfile.connectionReservation =
reserveWindowSize(sendfile.stream, sendfile.streamReservation, true);
}
- } catch (IOException e) {
- failed(e, sendfile);
+ } catch (IOException ioe) {
+ failed(ioe, sendfile);
return;
}
@@ -457,8 +461,8 @@
ByteBuffer.wrap(header), sendfile.mappedBuffer);
try {
handleAsyncException();
- } catch (IOException e) {
- failed(e, sendfile);
+ } catch (IOException ioe) {
+ failed(ioe, sendfile);
return;
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http2/Http2Parser.java tomcat10-10.1.52/java/org/apache/coyote/http2/Http2Parser.java
--- tomcat10-10.1.40/java/org/apache/coyote/http2/Http2Parser.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http2/Http2Parser.java 2026-01-23 19:33:36.000000000 +0000
@@ -188,7 +188,7 @@
Integer.toString(dataLength), padding));
}
- ByteBuffer dest = output.startRequestBodyFrame(streamId, payloadSize, endOfStream);
+ ByteBuffer dest = output.startRequestBodyFrame(streamId, dataLength, endOfStream);
if (dest == null) {
swallowPayload(streamId, FrameType.DATA.getId(), dataLength, false, buffer);
// Process padding before sending any notifications in case padding
@@ -201,7 +201,7 @@
}
} else {
synchronized (dest) {
- if (dest.remaining() < payloadSize) {
+ if (dest.remaining() < dataLength) {
// Client has sent more data than permitted by Window size
swallowPayload(streamId, FrameType.DATA.getId(), dataLength, false, buffer);
if (Flags.hasPadding(flags)) {
@@ -298,7 +298,7 @@
// RFC 7450 priority frames are ignored. Still need to treat as overhead.
try {
swallowPayload(streamId, FrameType.PRIORITY.getId(), 5, false, buffer);
- } catch (ConnectionException e) {
+ } catch (ConnectionException ignore) {
// Will never happen because swallowPayload() is called with isPadding set
// to false
}
@@ -785,7 +785,7 @@
HpackDecoder getHpackDecoder();
// Data frames
- ByteBuffer startRequestBodyFrame(int streamId, int payloadSize, boolean endOfStream) throws Http2Exception;
+ ByteBuffer startRequestBodyFrame(int streamId, int dataLength, boolean endOfStream) throws Http2Exception;
void endRequestBodyFrame(int streamId, int dataLength) throws Http2Exception, IOException;
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http2/Http2Protocol.java tomcat10-10.1.52/java/org/apache/coyote/http2/Http2Protocol.java
--- tomcat10-10.1.40/java/org/apache/coyote/http2/Http2Protocol.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http2/Http2Protocol.java 2026-01-23 19:33:36.000000000 +0000
@@ -133,9 +133,8 @@
@Override
public Processor getProcessor(SocketWrapperBase socketWrapper, Adapter adapter) {
- return new UpgradeProcessorInternal(socketWrapper,
- new UpgradeToken(getInternalUpgradeHandler(socketWrapper, adapter, null), null,
- null, getUpgradeProtocolName()),null);
+ return new UpgradeProcessorInternal(socketWrapper, new UpgradeToken(
+ getInternalUpgradeHandler(socketWrapper, adapter, null), null, null, getUpgradeProtocolName()), null);
}
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http2/Http2UpgradeHandler.java tomcat10-10.1.52/java/org/apache/coyote/http2/Http2UpgradeHandler.java
--- tomcat10-10.1.40/java/org/apache/coyote/http2/Http2UpgradeHandler.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http2/Http2UpgradeHandler.java 2026-01-23 19:33:36.000000000 +0000
@@ -164,8 +164,12 @@
remoteSettings = new ConnectionSettingsRemote(connectionId);
localSettings = new ConnectionSettingsLocal(connectionId);
- localSettings.set(Setting.MAX_CONCURRENT_STREAMS, protocol.getMaxConcurrentStreams());
- localSettings.set(Setting.INITIAL_WINDOW_SIZE, protocol.getInitialWindowSize());
+ /*
+ * Force set these initial limits. A well-behaved client should ACK the settings and adhere to them before it
+ * reaches the limits anyway.
+ */
+ localSettings.set(Setting.MAX_CONCURRENT_STREAMS, protocol.getMaxConcurrentStreams(), true);
+ localSettings.set(Setting.INITIAL_WINDOW_SIZE, protocol.getInitialWindowSize(), true);
pingManager.initiateDisabled = protocol.getInitiatePingDisabled();
@@ -522,7 +526,7 @@
try {
writeGoAwayFrame((1 << 31) - 1, Http2Error.NO_ERROR.getCode(), null);
- } catch (IOException ioe) {
+ } catch (IOException ignore) {
// This is fatal for the connection. Ignore it here. There will be
// further attempts at I/O in upgradeDispatch() and it can better
// handle the IO errors.
@@ -581,6 +585,9 @@
se.getError(), se.getMessage()));
}
+ // Treat a sent reset like a received reset and increment the overhead count
+ increaseOverheadCount(FrameType.RST, getProtocol().getOverheadResetFactor());
+
// Write a RST frame
byte[] rstFrame = new byte[13];
// Length
@@ -629,7 +636,7 @@
}
try {
writeGoAwayFrame(maxProcessedStreamId, code, msg);
- } catch (IOException ioe) {
+ } catch (IOException ignore) {
// Ignore. GOAWAY is sent on a best efforts basis and the original
// error has already been logged.
}
@@ -653,6 +660,7 @@
}
socketWrapper.flush(true);
} catch (IOException ioe) {
+ // Exception is logged further up stack
String msg = sm.getString("upgradeHandler.sendPrefaceFail", connectionId);
if (log.isDebugEnabled()) {
log.debug(msg);
@@ -964,8 +972,8 @@
} else if (windowSize < 1) {
/*
* The connection window has no capacity. If the stream has not been granted an allocation, and the
- * stream was not already added to the backlog due to a partial reservation (see next else if
- * block) add it to the backlog so it can obtain an allocation when capacity is available.
+ * stream was not already added to the backlog due to a partial reservation (see next else if block)
+ * add it to the backlog so it can obtain an allocation when capacity is available.
*/
if (stream.getConnectionAllocationMade() == 0 && stream.getConnectionAllocationRequested() == 0) {
stream.setConnectionAllocationRequested(reservation);
@@ -1410,39 +1418,59 @@
void reduceOverheadCount(FrameType frameType) {
- // A non-overhead frame reduces the overhead count by
- // Http2Protocol.DEFAULT_OVERHEAD_REDUCTION_FACTOR. A simple browser
- // request is likely to have one non-overhead frame (HEADERS) and one
- // overhead frame (REPRIORITISE). With the default settings the overhead
- // count will reduce by 10 for each simple request.
- // Requests and responses with bodies will create additional
- // non-overhead frames, further reducing the overhead count.
+ /*
+ * A non-overhead frame reduces the overhead count by {@code Http2Protocol.DEFAULT_OVERHEAD_REDUCTION_FACTOR}.
+ *
+ * A simple browser request is likely to have one non-overhead frame (HEADERS) that results in a response with
+ * one further non-overhead frame (DATA). With the default settings, the overhead count will reduce by 40 for
+ * each simple request.
+ *
+ * Requests and responses with bodies will create additional non-overhead frames, further reducing the overhead
+ * count.
+ */
updateOverheadCount(frameType, Http2Protocol.DEFAULT_OVERHEAD_REDUCTION_FACTOR);
}
@Override
public void increaseOverheadCount(FrameType frameType) {
- // An overhead frame increases the overhead count by
- // overheadCountFactor. By default, this means an overhead frame
- // increases the overhead count by 10. A simple browser request is
- // likely to have one non-overhead frame (HEADERS) and one overhead
- // frame (REPRIORITISE). With the default settings the overhead count
- // will reduce by 10 for each simple request.
+ /*
+ * An overhead frame (SETTINGS, PRIORITY, PING) increases the overhead count by overheadCountFactor. By default,
+ * this means an overhead frame increases the overhead count by 10.
+ *
+ * If the client ignores maxConcurrentStreams then any HEADERS frame received will also increase the overhead
+ * count by overheadCountFactor.
+ *
+ * A simple browser request should not trigger any overhead frames.
+ */
updateOverheadCount(frameType, getProtocol().getOverheadCountFactor());
}
- private void increaseOverheadCount(FrameType frameType, int increment) {
- // Overhead frames that indicate inefficient (and potentially malicious)
- // use of small frames trigger an increase that is inversely
- // proportional to size. The default threshold for all three potential
- // areas for abuse (HEADERS, DATA, WINDOW_UPDATE) is 1024 bytes. Frames
- // with sizes smaller than this will trigger an increase of
- // threshold/size.
- // DATA and WINDOW_UPDATE take an average over the last two non-final
- // frames to allow for client buffering schemes that can result in some
- // small DATA payloads.
+ /**
+ * Used to increase the overhead for frames that don't use the {@code overheadCountFactor} ({@code CONTINUATION},
+ * {@code DATA}, {@code WINDOW_UPDATE} and {@code RESET}).
+ *
+ * @param frameType The frame type triggering the overhead increase
+ * @param increment The amount by which the overhead is increased
+ */
+ protected void increaseOverheadCount(FrameType frameType, int increment) {
+ /*
+ * Three types of frame are susceptible to inefficient (and potentially malicious) use of small frames. These
+ * trigger an increase in overhead that is inversely proportional to size. The default threshold for all three
+ * potential areas for abuse (CONTINUATION, DATA, WINDOW_UPDATE) is 1024 bytes. Frames with sizes smaller than
+ * this will trigger an increase of threshold/size.
+ *
+ * The check for DATA and WINDOW_UPDATE frames takes an average over the last two frames to allow for client
+ * buffering schemes that can result in some small DATA payloads.
+ *
+ * The CONTINUATION and DATA frames checks are skipped for end of headers (CONTINUATION) and end of stream
+ * (DATA) as those frames may be small for legitimate reasons.
+ *
+ * RESET frames (received or sent) trigger an increase of overheadResetFactor.
+ *
+ * In all cases, the calling method determines the extent to which the overhead count is increased.
+ */
updateOverheadCount(frameType, increment);
}
@@ -1523,7 +1551,7 @@
@Override
- public ByteBuffer startRequestBodyFrame(int streamId, int payloadSize, boolean endOfStream) throws Http2Exception {
+ public ByteBuffer startRequestBodyFrame(int streamId, int dataLength, boolean endOfStream) throws Http2Exception {
// DATA frames reduce the overhead count ...
reduceOverheadCount(FrameType.DATA);
@@ -1537,8 +1565,8 @@
// average over two frames to avoid false positives.
if (!endOfStream) {
int overheadThreshold = protocol.getOverheadDataThreshold();
- int average = (lastNonFinalDataPayload >> 1) + (payloadSize >> 1);
- lastNonFinalDataPayload = payloadSize;
+ int average = (lastNonFinalDataPayload >> 1) + (dataLength >> 1);
+ lastNonFinalDataPayload = dataLength;
// Avoid division by zero
if (average == 0) {
average = 1;
@@ -1550,7 +1578,7 @@
AbstractNonZeroStream abstractNonZeroStream = getAbstractNonZeroStream(streamId, true);
abstractNonZeroStream.checkState(FrameType.DATA);
- abstractNonZeroStream.receivedData(payloadSize);
+ abstractNonZeroStream.receivedData(dataLength);
ByteBuffer result = abstractNonZeroStream.getInputByteBuffer(true);
if (log.isTraceEnabled()) {
@@ -1651,9 +1679,9 @@
if (payloadSize < overheadThreshold) {
if (payloadSize == 0) {
// Avoid division by zero
- increaseOverheadCount(FrameType.HEADERS, overheadThreshold);
+ increaseOverheadCount(FrameType.CONTINUATION, overheadThreshold);
} else {
- increaseOverheadCount(FrameType.HEADERS, overheadThreshold / payloadSize);
+ increaseOverheadCount(FrameType.CONTINUATION, overheadThreshold / payloadSize);
}
}
}
@@ -1914,6 +1942,10 @@
}
}
+ String getSniHostName() {
+ return socketWrapper.getSniHostName();
+ }
+
protected class PingManager {
protected boolean initiateDisabled = false;
@@ -1921,7 +1953,7 @@
// 10 seconds
protected final long pingIntervalNano = 10000000000L;
- protected int sequence = 0;
+ protected volatile int sequence = 0;
protected long lastPingNanoTime = Long.MIN_VALUE;
protected Queue inflightPings = new ConcurrentLinkedQueue<>();
@@ -1942,18 +1974,13 @@
if (force || now - lastPingNanoTime > pingIntervalNano) {
lastPingNanoTime = now;
byte[] payload = new byte[8];
- socketWrapper.getLock().lock();
- try {
- int sentSequence = ++sequence;
- PingRecord pingRecord = new PingRecord(sentSequence, now);
- inflightPings.add(pingRecord);
- ByteUtil.set31Bits(payload, 4, sentSequence);
- socketWrapper.write(true, PING, 0, PING.length);
- socketWrapper.write(true, payload, 0, payload.length);
- socketWrapper.flush(true);
- } finally {
- socketWrapper.getLock().unlock();
- }
+ int sentSequence = ++sequence;
+ PingRecord pingRecord = new PingRecord(sentSequence, now);
+ inflightPings.add(pingRecord);
+ ByteUtil.set31Bits(payload, 4, sentSequence);
+ socketWrapper.write(true, PING, 0, PING.length);
+ socketWrapper.write(true, payload, 0, payload.length);
+ socketWrapper.flush(true);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http2/LocalStrings.properties tomcat10-10.1.52/java/org/apache/coyote/http2/LocalStrings.properties
--- tomcat10-10.1.40/java/org/apache/coyote/http2/LocalStrings.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http2/LocalStrings.properties 2026-01-23 19:33:36.000000000 +0000
@@ -37,6 +37,7 @@
frameType.checkStream=Invalid frame type [{0}]
hpack.integerEncodedOverTooManyOctets=HPACK variable length integer encoded over too many octets, max is [{0}]
+hpack.integerEncodedTooBig=The maximum permitted value of an HPACK encoded variable length integer is Integer.MAX_VALUE
hpack.invalidCharacter=The Unicode character [{0}] at code point [{1}] cannot be encoded as it is outside the permitted range of 0 to 255.
hpackEncoder.encodeHeader=Encoding header [{0}] with value [{1}]
@@ -104,6 +105,7 @@
stream.header.unexpectedPseudoHeader=Connection [{0}], Stream [{1}], Pseudo header [{2}] received after a regular header
stream.header.unknownPseudoHeader=Connection [{0}], Stream [{1}], Unknown pseudo header [{2}] received
stream.host.inconsistent=Connection [{0}], Stream [{1}], The header host header [{2}] is inconsistent with previously provided values for host [{3}] and/or port [{4}]
+stream.host.sni=Connection [{0}], Stream [{1}], The host header [{2}] does not match the SNI host [{3}]
stream.inputBuffer.copy=Copying [{0}] bytes from inBuffer to outBuffer
stream.inputBuffer.dispatch=Data added to inBuffer when read interest is registered. Triggering a read dispatch
stream.inputBuffer.empty=The Stream input buffer is empty. Waiting for more data
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http2/LocalStrings_fr.properties tomcat10-10.1.52/java/org/apache/coyote/http2/LocalStrings_fr.properties
--- tomcat10-10.1.40/java/org/apache/coyote/http2/LocalStrings_fr.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http2/LocalStrings_fr.properties 2026-01-23 19:33:36.000000000 +0000
@@ -37,6 +37,7 @@
frameType.checkStream=Type de trame invalide [{0}]
hpack.integerEncodedOverTooManyOctets=Un entier de taille variable de HPACK a été encodé sur trop d''octets, le maximum est de [{0}]
+hpack.integerEncodedTooBig=La valeur maximale permise pour un entier de longueur variable encodé par HPACK est Integer.MAX_VALUE
hpack.invalidCharacter=Le caractère Unicode [{0}] ayant le code point [{1}] ne peut être encodé, parce qu''il est en-dehors de l''éventail permis 0-255.
hpackEncoder.encodeHeader=Encodage de l''en-tête [{0}] avec la valeur [{1}]
@@ -77,6 +78,7 @@
http2Parser.processFrameHeaders.decodingFailed=Une erreur de décodage HPACK des en-têtes HTTP s'est produite
http2Parser.processFrameHeaders.payload=Connection [{0}], Flux [{1}], Traitement des en-têtes avec une taille de données de [{2}]
http2Parser.processFramePriorityUpdate.debug=Connection [{0}], Stream [{1}], Urgency [{2}], Incremental [{3}]
+http2Parser.processFramePriorityUpdate.invalid=Connection [{0}], Stream [{1}], La trame Priority Update a une valeur de champ de priorité invalide
http2Parser.processFramePriorityUpdate.streamZero=Connection [{0}], La trame de mise à jour de priorité a été recue pour le flux zéro
http2Parser.processFramePushPromise=Connexion [{0}], Flux (Stream) [{1}], les trames de promesse d''envoi ("Push promise frames") ne doivent pas être envoyées par le client.
http2Parser.processFrameSettings.ackWithNonZeroPayload=La trame de paramètres a été reçue avec un indicateur ACK activé et des données présentes
@@ -165,6 +167,7 @@
upgradeHandler.stream.even=Un nouvel ID de flux distant (remote stream) [{0}] a été requis, mais tous les flux distants doivent utiliser ID impairs
upgradeHandler.stream.notWritable=Connection [{0}], Flux [{1}], Impossible d''écrire sur ce flux
upgradeHandler.stream.old=Un nouveau flux distant avec l''ID [{0}] a été demandé mais le flux le plus récent est [{1}]
+upgradeHandler.throwable=Connection [{0}]
upgradeHandler.tooManyRemoteStreams=Le client a essayé d''utiliser plus de [{0}] flux actifs
upgradeHandler.tooMuchOverhead=Connection [{0}], Le traitement est trop coûteux donc la connection sera fermée
upgradeHandler.unexpectedAck=Connection [{0}], Flux [{1}], Une notification de réception de paramètres a été reçue alors qu''aucune n''était attendue
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http2/LocalStrings_ja.properties tomcat10-10.1.52/java/org/apache/coyote/http2/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/org/apache/coyote/http2/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http2/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -37,6 +37,7 @@
frameType.checkStream=無効なフレームタイプ [{0}]
hpack.integerEncodedOverTooManyOctets=エンコードされたHPACK可変長整数は多くのオクテットを超過。最大値は [{0}]
+hpack.integerEncodedTooBig=HPACKエンコードされた可変長整数の最大許容値はInteger.MAX_VALUEです
hpack.invalidCharacter=コードポイント [{1}] のユニコード文字 [{0}] は有効範囲 0 から 255 の範囲外のため、エンコードできません。
hpackEncoder.encodeHeader=ヘッダー[{0}]を値[{1}]でエンコードしています
@@ -77,6 +78,7 @@
http2Parser.processFrameHeaders.decodingFailed=HTTP ヘッダーの HPACK 復号化中にエラーが発生しました。
http2Parser.processFrameHeaders.payload=コネクション [{0}]、ストリーム [{1}]、サイズ [{2}] のヘッダーペイロードを処理中
http2Parser.processFramePriorityUpdate.debug=接続 [{0}]、ストリーム [{1}]、緊急度 [{2}]、増分 [{3}]
+http2Parser.processFramePriorityUpdate.invalid=コネクション [{0}]、ストリーム [{1}]、優先度フィールド値が無効な優先度更新フレーム
http2Parser.processFramePriorityUpdate.streamZero=接続 [{0}] は、ストリーム 0 を優先するための優先更新フレームを受信しました
http2Parser.processFramePushPromise=コネクション [{0}]、ストリーム [{1}]、クライアントから PUSH_PROMISE フレームを送信するべきではありません
http2Parser.processFrameSettings.ackWithNonZeroPayload=ACKフラグがセットされ、ペイロードが存在する状態で受信されたSettingsフレーム
@@ -165,6 +167,7 @@
upgradeHandler.stream.even=新しいリモートストリーム ID [{0}] を要求されましたがリモートストリームの ID は奇数でなければなりません。
upgradeHandler.stream.notWritable=コネクション [{0}]、ストリーム [{1}]、このストリームは書き込み可能ではありません
upgradeHandler.stream.old=新しいリモートストリーム ID [{0}] を要求されましたが、最新のストリームは [{1}] です。
+upgradeHandler.throwable=コネクション[{0}]
upgradeHandler.tooManyRemoteStreams=クライアントは [{0}] 以上のアクティブなストリームを使用しようとしました
upgradeHandler.tooMuchOverhead=コネクション [{0}]、オーバーヘッドが多すぎるため、接続が閉じられます。
upgradeHandler.unexpectedAck=コネクション [{0}]、ストリーム [{1}]、予期しないときにsettings ackを受信しました
@@ -177,7 +180,7 @@
upgradeHandler.windowUpdateConnection=コネクション [{0}]、ウィンドウの更新をクライアントに送信し、ウィンドウを[{1}]バイト増やします
upgradeHandler.windowUpdateStream=コネクション [{0}]、ストリーム [{1}]、ウィンドウの更新をクライアントに送信し、ウィンドウを [{2}] バイト増やします
upgradeHandler.writeBody=コネクション [{0}]、ストリーム [{1}]、データ長 [{2}]
-upgradeHandler.writeHeaders=コネクション [{0}], ストリーム [{1}]
+upgradeHandler.writeHeaders=コネクション [{0}], ストリーム [{1}], ヘッダの書き込み, EndOfStream [{2}]
upgradeHandler.writePushHeaders=コネクション [{0}]、ストリーム [{1}]、プッシュされたストリーム [{2}]、EndOfStream [{3}]
windowAllocationManager.dispatched=コネクション [{0}]、ストリーム [{1}]、ディスパッチされました
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http2/RecycledStream.java tomcat10-10.1.52/java/org/apache/coyote/http2/RecycledStream.java
--- tomcat10-10.1.40/java/org/apache/coyote/http2/RecycledStream.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http2/RecycledStream.java 2026-01-23 19:33:36.000000000 +0000
@@ -47,8 +47,8 @@
@Override
- void receivedData(int payloadSize) throws ConnectionException {
- remainingFlowControlWindow -= payloadSize;
+ void receivedData(int dataLength) throws ConnectionException {
+ remainingFlowControlWindow -= dataLength;
}
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http2/Stream.java tomcat10-10.1.52/java/org/apache/coyote/http2/Stream.java
--- tomcat10-10.1.40/java/org/apache/coyote/http2/Stream.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http2/Stream.java 2026-01-23 19:33:36.000000000 +0000
@@ -49,6 +49,7 @@
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;
+import org.apache.tomcat.util.http.Method;
import org.apache.tomcat.util.http.MimeHeaders;
import org.apache.tomcat.util.http.parser.Host;
import org.apache.tomcat.util.http.parser.Priority;
@@ -164,7 +165,7 @@
this.coyoteResponse.setOutputBuffer(http2OutputBuffer);
this.coyoteRequest.setResponse(coyoteResponse);
this.coyoteRequest.protocol().setString("HTTP/2.0");
- this.coyoteRequest.setStartTimeNanos(System.nanoTime());
+ this.coyoteRequest.markStartTime();
}
@@ -368,9 +369,9 @@
switch (name) {
case ":method": {
- if (coyoteRequest.method().isNull()) {
- coyoteRequest.method().setString(value);
- if ("HEAD".equals(value)) {
+ if (coyoteRequest.getMethod() == null) {
+ coyoteRequest.setMethod(value);
+ if (Method.HEAD.equals(value)) {
configureVoidOutputFilter();
}
} else {
@@ -510,6 +511,12 @@
} else {
coyoteRequest.serverName().setString(value);
}
+ // Match host name with SNI if required
+ if (!handler.getProtocol().getHttp11Protocol().checkSni(handler.getSniHostName(),
+ coyoteRequest.serverName().getString())) {
+ throw new HpackException(sm.getString("stream.host.sni", getConnectionId(), getIdAsString(), value,
+ handler.getSniHostName()));
+ }
}
@@ -552,8 +559,8 @@
final boolean receivedEndOfHeaders() throws ConnectionException {
- if (coyoteRequest.method().isNull() || coyoteRequest.scheme().isNull() ||
- !coyoteRequest.method().equals("CONNECT") && coyoteRequest.requestURI().isNull()) {
+ if (coyoteRequest.getMethod() == null || coyoteRequest.scheme().isNull() ||
+ !Method.CONNECT.equals(coyoteRequest.getMethod()) && coyoteRequest.requestURI().isNull()) {
throw new ConnectionException(sm.getString("stream.header.required", getConnectionId(), getIdAsString()),
Http2Error.PROTOCOL_ERROR);
}
@@ -676,8 +683,8 @@
@Override
- final void receivedData(int payloadSize) throws Http2Exception {
- contentLengthReceived += payloadSize;
+ final void receivedData(int dataLength) throws Http2Exception {
+ contentLengthReceived += dataLength;
long contentLengthHeader = coyoteRequest.getContentLengthLong();
if (contentLengthHeader > -1 && contentLengthReceived > contentLengthHeader) {
throw new ConnectionException(
@@ -862,7 +869,7 @@
return;
}
// Set the special HTTP/2 headers
- request.getMimeHeaders().addValue(":method").duplicate(request.method());
+ request.getMimeHeaders().addValue(":method").setString(request.getMethod());
request.getMimeHeaders().addValue(":scheme").duplicate(request.scheme());
StringBuilder path = new StringBuilder(request.requestURI().toString());
if (!request.queryString().isNull()) {
@@ -1149,7 +1156,7 @@
// Only want to return false if the window size is zero AND we are
// already waiting for an allocation.
return (getWindowSize() <= 0 || !allocationManager.isWaitingForStream()) &&
- (handler.getWindowSize() <= 0 || !allocationManager.isWaitingForConnection()) && !dataLeft;
+ (handler.getWindowSize() <= 0 || !allocationManager.isWaitingForConnection()) && !dataLeft;
} finally {
writeLock.unlock();
}
diff -Nru tomcat10-10.1.40/java/org/apache/coyote/http2/StreamProcessor.java tomcat10-10.1.52/java/org/apache/coyote/http2/StreamProcessor.java
--- tomcat10-10.1.40/java/org/apache/coyote/http2/StreamProcessor.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/coyote/http2/StreamProcessor.java 2026-01-23 19:33:36.000000000 +0000
@@ -147,8 +147,14 @@
state = SocketState.CLOSED;
} finally {
if (state == SocketState.CLOSED) {
- stream.recycle();
+ /*
+ * Recycle this processor before the stream is recycled as recycling the stream will add the
+ * request and the response to the pool for re-use (if re-use is enabled) and the request
+ * statistics updating in StreamProcessor.recycle() needs to happen before the request and
+ * response are added to the pool to avoid concurrency issues corrupting the statistics.
+ */
recycle();
+ stream.recycle();
}
}
} finally {
@@ -308,7 +314,7 @@
stream.getInputBuffer().insertReplayedBody(body);
try {
stream.receivedEndOfStream();
- } catch (ConnectionException e) {
+ } catch (ConnectionException ignore) {
// Exception will not be thrown in this case
}
}
@@ -433,6 +439,12 @@
global.removeRequestProcessor(request.getRequestProcessor());
}
+ /*
+ * Clear the statistics ready for re-use of the request. If we don't clear the statistics, the statistics for
+ * the current request will be included in the statistics for all future requests.
+ */
+ request.getRequestProcessor().recycleStatistcs();
+
// Clear fields that can be cleared to aid GC and trigger NPEs if this
// is reused
setSocketWrapper(null);
@@ -510,8 +522,7 @@
HttpParser httpParser = handler.getProtocol().getHttp11Protocol().getHttpParser();
// Method name must be a token
- String method = request.method().toString();
- if (!HttpParser.isToken(method)) {
+ if (!HttpParser.isToken(request.getMethod())) {
return false;
}
diff -Nru tomcat10-10.1.40/java/org/apache/el/ExpressionFactoryImpl.java tomcat10-10.1.52/java/org/apache/el/ExpressionFactoryImpl.java
--- tomcat10-10.1.40/java/org/apache/el/ExpressionFactoryImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/ExpressionFactoryImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -28,11 +28,8 @@
import org.apache.el.util.ExceptionUtils;
import org.apache.el.util.MessageFactory;
-
/**
* @see jakarta.el.ExpressionFactory
- *
- * @author Jacob Hookom [jacob@hookom.net]
*/
@aQute.bnd.annotation.spi.ServiceProvider(value = ExpressionFactory.class)
public class ExpressionFactoryImpl extends ExpressionFactory {
diff -Nru tomcat10-10.1.40/java/org/apache/el/MethodExpressionImpl.java tomcat10-10.1.52/java/org/apache/el/MethodExpressionImpl.java
--- tomcat10-10.1.40/java/org/apache/el/MethodExpressionImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/MethodExpressionImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -63,8 +63,6 @@
* @see jakarta.el.Expression
* @see jakarta.el.ExpressionFactory
* @see jakarta.el.MethodExpression
- *
- * @author Jacob Hookom [jacob@hookom.net]
*/
public final class MethodExpressionImpl extends MethodExpression implements Externalizable {
diff -Nru tomcat10-10.1.40/java/org/apache/el/ValueExpressionImpl.java tomcat10-10.1.52/java/org/apache/el/ValueExpressionImpl.java
--- tomcat10-10.1.40/java/org/apache/el/ValueExpressionImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/ValueExpressionImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -70,8 +70,6 @@
* @see jakarta.el.Expression
* @see jakarta.el.ExpressionFactory
* @see jakarta.el.ValueExpression
- *
- * @author Jacob Hookom [jacob@hookom.net]
*/
public final class ValueExpressionImpl extends ValueExpression implements Externalizable {
diff -Nru tomcat10-10.1.40/java/org/apache/el/lang/ELArithmetic.java tomcat10-10.1.52/java/org/apache/el/lang/ELArithmetic.java
--- tomcat10-10.1.40/java/org/apache/el/lang/ELArithmetic.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/lang/ELArithmetic.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,9 +26,7 @@
/**
- * A helper class of Arithmetic defined by the EL Specification
- *
- * @author Jacob Hookom [jacob@hookom.net]
+ * A helper class of Arithmetic defined by the EL Specification.
*/
public abstract class ELArithmetic {
diff -Nru tomcat10-10.1.40/java/org/apache/el/lang/ELSupport.java tomcat10-10.1.52/java/org/apache/el/lang/ELSupport.java
--- tomcat10-10.1.40/java/org/apache/el/lang/ELSupport.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/lang/ELSupport.java 2026-01-23 19:33:36.000000000 +0000
@@ -40,9 +40,7 @@
/**
- * A helper class that implements the EL Specification
- *
- * @author Jacob Hookom [jacob@hookom.net]
+ * A helper class that implements the EL Specification.
*/
public class ELSupport {
@@ -190,8 +188,8 @@
}
/*
- * Going to have some casts /raw types somewhere so doing it here keeps them all in one place. There might
- * be a neater / better solution, but I couldn't find it.
+ * Going to have some casts /raw types somewhere so doing it here keeps them all in one place. There might be a
+ * neater / better solution, but I couldn't find it.
*/
@SuppressWarnings("unchecked")
public static Enum coerceToEnum(final ELContext ctx, final Object obj,
@@ -240,8 +238,7 @@
*
* @throws ELException if object is not Boolean or String
*/
- public static Boolean coerceToBoolean(final ELContext ctx, final Object obj, boolean primitive)
- throws ELException {
+ public static Boolean coerceToBoolean(final ELContext ctx, final Object obj, boolean primitive) throws ELException {
if (ctx != null) {
boolean originalIsPropertyResolved = ctx.isPropertyResolved();
@@ -349,8 +346,7 @@
throw new ELException(MessageFactory.get("error.convert", number, number.getClass(), type));
}
- public static Number coerceToNumber(final ELContext ctx, final Object obj, final Class type)
- throws ELException {
+ public static Number coerceToNumber(final ELContext ctx, final Object obj, final Class type) throws ELException {
if (ctx != null) {
boolean originalIsPropertyResolved = ctx.isPropertyResolved();
@@ -489,8 +485,7 @@
}
}
- public static T coerceToType(final ELContext ctx, final Object obj, final Class type)
- throws ELException {
+ public static T coerceToType(final ELContext ctx, final Object obj, final Class type) throws ELException {
if (ctx != null) {
boolean originalIsPropertyResolved = ctx.isPropertyResolved();
diff -Nru tomcat10-10.1.40/java/org/apache/el/lang/ExpressionBuilder.java tomcat10-10.1.52/java/org/apache/el/lang/ExpressionBuilder.java
--- tomcat10-10.1.40/java/org/apache/el/lang/ExpressionBuilder.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/lang/ExpressionBuilder.java 2026-01-23 19:33:36.000000000 +0000
@@ -44,9 +44,6 @@
import org.apache.el.util.ExceptionUtils;
import org.apache.el.util.MessageFactory;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class ExpressionBuilder implements NodeVisitor {
private static final SynchronizedStack parserCache = new SynchronizedStack<>();
diff -Nru tomcat10-10.1.40/java/org/apache/el/lang/FunctionMapperFactory.java tomcat10-10.1.52/java/org/apache/el/lang/FunctionMapperFactory.java
--- tomcat10-10.1.40/java/org/apache/el/lang/FunctionMapperFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/lang/FunctionMapperFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import org.apache.el.util.MessageFactory;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public class FunctionMapperFactory extends FunctionMapper {
protected FunctionMapperImpl memento = null;
diff -Nru tomcat10-10.1.40/java/org/apache/el/lang/FunctionMapperImpl.java tomcat10-10.1.52/java/org/apache/el/lang/FunctionMapperImpl.java
--- tomcat10-10.1.40/java/org/apache/el/lang/FunctionMapperImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/lang/FunctionMapperImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -29,10 +29,6 @@
import org.apache.el.util.MessageFactory;
import org.apache.el.util.ReflectionUtil;
-
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public class FunctionMapperImpl extends FunctionMapper implements Externalizable {
private static final long serialVersionUID = 1L;
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/ArithmeticNode.java tomcat10-10.1.52/java/org/apache/el/parser/ArithmeticNode.java
--- tomcat10-10.1.40/java/org/apache/el/parser/ArithmeticNode.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/ArithmeticNode.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,9 +20,6 @@
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public abstract class ArithmeticNode extends SimpleNode {
public ArithmeticNode(int i) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstAnd.java tomcat10-10.1.52/java/org/apache/el/parser/AstAnd.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstAnd.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstAnd.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import org.apache.el.lang.ELSupport;
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstAnd extends BooleanNode {
public AstAnd(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstBracketSuffix.java tomcat10-10.1.52/java/org/apache/el/parser/AstBracketSuffix.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstBracketSuffix.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstBracketSuffix.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,9 +21,6 @@
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstBracketSuffix extends SimpleNode {
public AstBracketSuffix(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstChoice.java tomcat10-10.1.52/java/org/apache/el/parser/AstChoice.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstChoice.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstChoice.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import org.apache.el.lang.ELSupport;
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstChoice extends SimpleNode {
public AstChoice(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstCompositeExpression.java tomcat10-10.1.52/java/org/apache/el/parser/AstCompositeExpression.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstCompositeExpression.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstCompositeExpression.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import org.apache.el.lang.ELSupport;
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstCompositeExpression extends SimpleNode {
public AstCompositeExpression(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstDeferredExpression.java tomcat10-10.1.52/java/org/apache/el/parser/AstDeferredExpression.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstDeferredExpression.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstDeferredExpression.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,9 +21,6 @@
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstDeferredExpression extends SimpleNode {
public AstDeferredExpression(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstDiv.java tomcat10-10.1.52/java/org/apache/el/parser/AstDiv.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstDiv.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstDiv.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import org.apache.el.lang.ELArithmetic;
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstDiv extends ArithmeticNode {
public AstDiv(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstDotSuffix.java tomcat10-10.1.52/java/org/apache/el/parser/AstDotSuffix.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstDotSuffix.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstDotSuffix.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,9 +23,6 @@
import org.apache.el.util.MessageFactory;
import org.apache.el.util.Validation;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstDotSuffix extends SimpleNode {
public AstDotSuffix(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstDynamicExpression.java tomcat10-10.1.52/java/org/apache/el/parser/AstDynamicExpression.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstDynamicExpression.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstDynamicExpression.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,9 +21,6 @@
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstDynamicExpression extends SimpleNode {
public AstDynamicExpression(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstEqual.java tomcat10-10.1.52/java/org/apache/el/parser/AstEqual.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstEqual.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstEqual.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import org.apache.el.lang.ELSupport;
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstEqual extends BooleanNode {
public AstEqual(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstFalse.java tomcat10-10.1.52/java/org/apache/el/parser/AstFalse.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstFalse.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstFalse.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,9 +21,6 @@
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstFalse extends BooleanNode {
public AstFalse(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstFloatingPoint.java tomcat10-10.1.52/java/org/apache/el/parser/AstFloatingPoint.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstFloatingPoint.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstFloatingPoint.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,9 +23,6 @@
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstFloatingPoint extends SimpleNode {
public AstFloatingPoint(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstFunction.java tomcat10-10.1.52/java/org/apache/el/parser/AstFunction.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstFunction.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstFunction.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,9 +31,6 @@
import org.apache.el.lang.EvaluationContext;
import org.apache.el.util.MessageFactory;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstFunction extends SimpleNode {
private String localName = "";
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstGreaterThan.java tomcat10-10.1.52/java/org/apache/el/parser/AstGreaterThan.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstGreaterThan.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstGreaterThan.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import org.apache.el.lang.ELSupport;
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstGreaterThan extends BooleanNode {
public AstGreaterThan(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstGreaterThanEqual.java tomcat10-10.1.52/java/org/apache/el/parser/AstGreaterThanEqual.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstGreaterThanEqual.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstGreaterThanEqual.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import org.apache.el.lang.ELSupport;
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstGreaterThanEqual extends BooleanNode {
public AstGreaterThanEqual(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstIdentifier.java tomcat10-10.1.52/java/org/apache/el/parser/AstIdentifier.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstIdentifier.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstIdentifier.java 2026-01-23 19:33:36.000000000 +0000
@@ -32,9 +32,6 @@
import org.apache.el.util.MessageFactory;
import org.apache.el.util.Validation;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstIdentifier extends SimpleNode {
public AstIdentifier(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstInteger.java tomcat10-10.1.52/java/org/apache/el/parser/AstInteger.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstInteger.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstInteger.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,9 +23,6 @@
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstInteger extends SimpleNode {
public AstInteger(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstLessThan.java tomcat10-10.1.52/java/org/apache/el/parser/AstLessThan.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstLessThan.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstLessThan.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import org.apache.el.lang.ELSupport;
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstLessThan extends BooleanNode {
public AstLessThan(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstLessThanEqual.java tomcat10-10.1.52/java/org/apache/el/parser/AstLessThanEqual.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstLessThanEqual.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstLessThanEqual.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import org.apache.el.lang.ELSupport;
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstLessThanEqual extends BooleanNode {
public AstLessThanEqual(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstLiteralExpression.java tomcat10-10.1.52/java/org/apache/el/parser/AstLiteralExpression.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstLiteralExpression.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstLiteralExpression.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,9 +21,6 @@
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstLiteralExpression extends SimpleNode {
public AstLiteralExpression(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstMinus.java tomcat10-10.1.52/java/org/apache/el/parser/AstMinus.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstMinus.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstMinus.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import org.apache.el.lang.ELArithmetic;
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstMinus extends ArithmeticNode {
public AstMinus(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstMod.java tomcat10-10.1.52/java/org/apache/el/parser/AstMod.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstMod.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstMod.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import org.apache.el.lang.ELArithmetic;
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstMod extends ArithmeticNode {
public AstMod(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstMult.java tomcat10-10.1.52/java/org/apache/el/parser/AstMult.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstMult.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstMult.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import org.apache.el.lang.ELArithmetic;
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstMult extends ArithmeticNode {
public AstMult(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstNegative.java tomcat10-10.1.52/java/org/apache/el/parser/AstNegative.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstNegative.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstNegative.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,9 +25,6 @@
import org.apache.el.lang.ELSupport;
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstNegative extends SimpleNode {
public AstNegative(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstNot.java tomcat10-10.1.52/java/org/apache/el/parser/AstNot.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstNot.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstNot.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import org.apache.el.lang.ELSupport;
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstNot extends SimpleNode {
public AstNot(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstNotEqual.java tomcat10-10.1.52/java/org/apache/el/parser/AstNotEqual.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstNotEqual.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstNotEqual.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import org.apache.el.lang.ELSupport;
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstNotEqual extends BooleanNode {
public AstNotEqual(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstNull.java tomcat10-10.1.52/java/org/apache/el/parser/AstNull.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstNull.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstNull.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,9 +21,6 @@
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstNull extends SimpleNode {
public AstNull(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstOr.java tomcat10-10.1.52/java/org/apache/el/parser/AstOr.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstOr.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstOr.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import org.apache.el.lang.ELSupport;
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstOr extends BooleanNode {
public AstOr(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstPlus.java tomcat10-10.1.52/java/org/apache/el/parser/AstPlus.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstPlus.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstPlus.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import org.apache.el.lang.ELArithmetic;
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstPlus extends ArithmeticNode {
public AstPlus(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstString.java tomcat10-10.1.52/java/org/apache/el/parser/AstString.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstString.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstString.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,9 +21,6 @@
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstString extends SimpleNode {
public AstString(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstTrue.java tomcat10-10.1.52/java/org/apache/el/parser/AstTrue.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstTrue.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstTrue.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,9 +21,6 @@
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstTrue extends BooleanNode {
public AstTrue(int id) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/AstValue.java tomcat10-10.1.52/java/org/apache/el/parser/AstValue.java
--- tomcat10-10.1.40/java/org/apache/el/parser/AstValue.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/AstValue.java 2026-01-23 19:33:36.000000000 +0000
@@ -35,9 +35,6 @@
import org.apache.el.util.MessageFactory;
import org.apache.el.util.ReflectionUtil;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class AstValue extends SimpleNode {
private static final Object[] EMPTY_ARRAY = new Object[0];
@@ -284,8 +281,8 @@
int paramCount = types.length;
- if (m.isVarArgs() && paramCount > 1 && (src == null || paramCount > src.length) || !m.isVarArgs() &&
- (src == null || src.length != paramCount)) {
+ if (m.isVarArgs() && paramCount > 1 && (src == null || paramCount > src.length) ||
+ !m.isVarArgs() && (src == null || src.length != paramCount)) {
String srcCount = null;
if (src != null) {
srcCount = Integer.toString(src.length);
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/BooleanNode.java tomcat10-10.1.52/java/org/apache/el/parser/BooleanNode.java
--- tomcat10-10.1.40/java/org/apache/el/parser/BooleanNode.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/BooleanNode.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,9 +20,6 @@
import org.apache.el.lang.EvaluationContext;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public abstract class BooleanNode extends SimpleNode {
public BooleanNode(int i) {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/ELParser.java tomcat10-10.1.52/java/org/apache/el/parser/ELParser.java
--- tomcat10-10.1.40/java/org/apache/el/parser/ELParser.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/ELParser.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,7 +26,8 @@
boolean jjtc000 = true;
jjtree.openNodeScope(jjtn000);
try {
- label_1: while (true) {
+ label_1:
+ while (true) {
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case LITERAL_EXPRESSION:
case START_DYNAMIC_EXPRESSION:
@@ -219,7 +220,8 @@
*/
final public void Semicolon() throws ParseException {
Assignment();
- label_2: while (true) {
+ label_2:
+ while (true) {
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case SEMICOLON: {
;
@@ -292,7 +294,8 @@
case MINUS:
case IDENTIFIER: {
Choice();
- label_3: while (true) {
+ label_3:
+ while (true) {
if (jj_2_1(2)) {
;
} else {
@@ -434,7 +437,8 @@
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case IDENTIFIER: {
Identifier();
- label_4: while (true) {
+ label_4:
+ while (true) {
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case COMMA: {
;
@@ -534,7 +538,8 @@
}
}
jj_consume_token(RPAREN);
- label_5: while (true) {
+ label_5:
+ while (true) {
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case LPAREN: {
;
@@ -584,7 +589,8 @@
*/
final public void Choice() throws ParseException {
Or();
- label_6: while (true) {
+ label_6:
+ while (true) {
if (jj_2_5(3)) {
;
} else {
@@ -644,7 +650,8 @@
boolean jjtc001 = true;
jjtree.openNodeScope(jjtn001);
try {
- label_7: while (true) {
+ label_7:
+ while (true) {
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case OR0: {
jj_consume_token(OR0);
@@ -722,7 +729,8 @@
boolean jjtc001 = true;
jjtree.openNodeScope(jjtn001);
try {
- label_8: while (true) {
+ label_8:
+ while (true) {
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case AND0: {
jj_consume_token(AND0);
@@ -793,7 +801,8 @@
*/
final public void Equality() throws ParseException {
Compare();
- label_9: while (true) {
+ label_9:
+ while (true) {
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case EQ0:
case EQ1:
@@ -928,7 +937,8 @@
*/
final public void Compare() throws ParseException {
Concatenation();
- label_10: while (true) {
+ label_10:
+ while (true) {
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case GT0:
case GT1:
@@ -1176,7 +1186,8 @@
*/
final public void Concatenation() throws ParseException {
Math();
- label_11: while (true) {
+ label_11:
+ while (true) {
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case CONCAT: {
;
@@ -1231,7 +1242,8 @@
*/
final public void Math() throws ParseException {
Multiplication();
- label_12: while (true) {
+ label_12:
+ while (true) {
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case PLUS:
case MINUS: {
@@ -1336,7 +1348,8 @@
*/
final public void Multiplication() throws ParseException {
Unary();
- label_13: while (true) {
+ label_13:
+ while (true) {
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case MULT:
case DIV0:
@@ -1733,7 +1746,8 @@
jjtree.openNodeScope(jjtn001);
try {
ValuePrefix();
- label_14: while (true) {
+ label_14:
+ while (true) {
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case DOT:
case LBRACK: {
@@ -1926,7 +1940,8 @@
case MINUS:
case IDENTIFIER: {
Expression();
- label_15: while (true) {
+ label_15:
+ while (true) {
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case COMMA: {
;
@@ -2055,7 +2070,8 @@
case MINUS:
case IDENTIFIER: {
Expression();
- label_16: while (true) {
+ label_16:
+ while (true) {
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case COMMA: {
;
@@ -2130,7 +2146,8 @@
case MINUS:
case IDENTIFIER: {
Expression();
- label_17: while (true) {
+ label_17:
+ while (true) {
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case COMMA: {
;
@@ -2209,7 +2226,8 @@
case MINUS:
case IDENTIFIER: {
MapEntry();
- label_18: while (true) {
+ label_18:
+ while (true) {
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case COMMA: {
;
@@ -2350,7 +2368,8 @@
} else {
jjtn000.setLocalName(t0.image);
}
- label_19: while (true) {
+ label_19:
+ while (true) {
MethodParameters();
switch ((jj_ntk == -1) ? jj_ntk_f() : jj_ntk) {
case LPAREN: {
@@ -3417,9 +3436,9 @@
private boolean jj_3R_Multiplication_247_9_71() {
Token xsp;
xsp = jj_scanpos;
- if (jj_scan_token(51)) {
+ if (jj_scan_token(50)) {
jj_scanpos = xsp;
- if (jj_scan_token(52)) {
+ if (jj_scan_token(51)) {
return true;
}
}
@@ -3432,9 +3451,9 @@
private boolean jj_3R_Multiplication_245_9_70() {
Token xsp;
xsp = jj_scanpos;
- if (jj_scan_token(49)) {
+ if (jj_scan_token(48)) {
jj_scanpos = xsp;
- if (jj_scan_token(50)) {
+ if (jj_scan_token(49)) {
return true;
}
}
@@ -3891,11 +3910,10 @@
}
private static void jj_la1_init_1() {
- jj_la1_1 = new int[] { 0x0, 0x0, 0x0, 0x1008860, 0x1008860, 0x0, 0x1000000, 0x1000000, 0x1008860, 0x0, 0x600,
- 0x600, 0x600, 0x180, 0x180, 0x180, 0x1e, 0x6, 0x18, 0x1e, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x200000,
- 0xc000, 0xc000, 0x1e2000, 0x60000, 0x180000, 0x1e2000, 0x60, 0x60, 0x8000, 0x1000860, 0x0, 0x1000000,
- 0x0, 0x0, 0x0, 0x1008860, 0x0, 0x1000000, 0x0, 0x0, 0x1008860, 0x0, 0x1008860, 0x0, 0x1008860, 0x0, 0x0,
- 0x0, 0x0, };
+ jj_la1_1 = new int[] { 0x0, 0x0, 0x0, 0x804860, 0x804860, 0x0, 0x800000, 0x800000, 0x804860, 0x0, 0x600, 0x600,
+ 0x600, 0x180, 0x180, 0x180, 0x1e, 0x6, 0x18, 0x1e, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x100000, 0x6000,
+ 0x6000, 0xf1000, 0x30000, 0xc0000, 0xf1000, 0x60, 0x60, 0x4000, 0x800860, 0x0, 0x800000, 0x0, 0x0, 0x0,
+ 0x804860, 0x0, 0x800000, 0x0, 0x0, 0x804860, 0x0, 0x804860, 0x0, 0x804860, 0x0, 0x0, 0x0, 0x0, };
}
final private JJCalls[] jj_2_rtns = new JJCalls[9];
@@ -4170,7 +4188,7 @@
/** Generate ParseException. */
public ParseException generateParseException() {
jj_expentries.clear();
- boolean[] la1tokens = new boolean[62];
+ boolean[] la1tokens = new boolean[59];
if (jj_kind >= 0) {
la1tokens[jj_kind] = true;
jj_kind = -1;
@@ -4187,7 +4205,7 @@
}
}
}
- for (int i = 0; i < 62; i++) {
+ for (int i = 0; i < 59; i++) {
if (la1tokens[i]) {
jj_expentry = new int[1];
jj_expentry[0] = i;
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/ELParser.jjt tomcat10-10.1.52/java/org/apache/el/parser/ELParser.jjt
--- tomcat10-10.1.40/java/org/apache/el/parser/ELParser.jjt 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/ELParser.jjt 2026-01-23 19:33:36.000000000 +0000
@@ -15,11 +15,6 @@
* limitations under the License.
*/
-/*
- Author: Jacob Hookom
- Email: jacob at hookom.net
-*/
-
/* == Option Declaration == */
options
{
@@ -535,7 +530,6 @@
| < OR0 : "||" >
| < OR1 : "or" >
| < EMPTY : "empty" >
-| < INSTANCEOF : "instanceof" >
| < MULT : "*" >
| < PLUS : "+" >
| < MINUS : "-" >
@@ -547,9 +541,7 @@
| < CONCAT : "+=" >
| < ASSIGN : "=" >
| < ARROW : "->" >
-| < IDENTIFIER : (|) (|)* >
-| < FUNCTIONSUFFIX : () >
-| < #IMPL_OBJ_START: "#" >
+| < IDENTIFIER : (|)* >
| < #JAVALETTER:
[
"\u0024",
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/ELParserConstants.java tomcat10-10.1.52/java/org/apache/el/parser/ELParserConstants.java
--- tomcat10-10.1.40/java/org/apache/el/parser/ELParserConstants.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/ELParserConstants.java 2026-01-23 19:33:36.000000000 +0000
@@ -88,41 +88,35 @@
/** RegularExpression Id. */
int EMPTY = 43;
/** RegularExpression Id. */
- int INSTANCEOF = 44;
+ int MULT = 44;
/** RegularExpression Id. */
- int MULT = 45;
+ int PLUS = 45;
/** RegularExpression Id. */
- int PLUS = 46;
+ int MINUS = 46;
/** RegularExpression Id. */
- int MINUS = 47;
+ int QUESTIONMARK = 47;
/** RegularExpression Id. */
- int QUESTIONMARK = 48;
+ int DIV0 = 48;
/** RegularExpression Id. */
- int DIV0 = 49;
+ int DIV1 = 49;
/** RegularExpression Id. */
- int DIV1 = 50;
+ int MOD0 = 50;
/** RegularExpression Id. */
- int MOD0 = 51;
+ int MOD1 = 51;
/** RegularExpression Id. */
- int MOD1 = 52;
+ int CONCAT = 52;
/** RegularExpression Id. */
- int CONCAT = 53;
+ int ASSIGN = 53;
/** RegularExpression Id. */
- int ASSIGN = 54;
+ int ARROW = 54;
/** RegularExpression Id. */
- int ARROW = 55;
+ int IDENTIFIER = 55;
/** RegularExpression Id. */
- int IDENTIFIER = 56;
+ int JAVALETTER = 56;
/** RegularExpression Id. */
- int FUNCTIONSUFFIX = 57;
+ int JAVADIGIT = 57;
/** RegularExpression Id. */
- int IMPL_OBJ_START = 58;
- /** RegularExpression Id. */
- int JAVALETTER = 59;
- /** RegularExpression Id. */
- int JAVADIGIT = 60;
- /** RegularExpression Id. */
- int ILLEGAL_CHARACTER = 61;
+ int ILLEGAL_CHARACTER = 58;
/** Lexical state. */
int DEFAULT = 0;
@@ -137,8 +131,7 @@
"", "\"true\"", "\"false\"", "\"null\"", "\".\"", "\"(\"", "\")\"", "\"[\"", "\"]\"",
"\":\"", "\";\"", "\",\"", "\">\"", "\"gt\"", "\"<\"", "\"lt\"", "\">=\"", "\"ge\"", "\"<=\"", "\"le\"",
"\"==\"", "\"eq\"", "\"!=\"", "\"ne\"", "\"!\"", "\"not\"", "\"&&\"", "\"and\"", "\"||\"", "\"or\"",
- "\"empty\"", "\"instanceof\"", "\"*\"", "\"+\"", "\"-\"", "\"?\"", "\"/\"", "\"div\"", "\"%\"", "\"mod\"",
- "\"+=\"", "\"=\"", "\"->\"", "", "", "\"#\"", "", "",
- "", };
+ "\"empty\"", "\"*\"", "\"+\"", "\"-\"", "\"?\"", "\"/\"", "\"div\"", "\"%\"", "\"mod\"", "\"+=\"", "\"=\"",
+ "\"->\"", "", "", "", "", };
}
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/ELParserTokenManager.java tomcat10-10.1.52/java/org/apache/el/parser/ELParserTokenManager.java
--- tomcat10-10.1.40/java/org/apache/el/parser/ELParserTokenManager.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/ELParserTokenManager.java 2026-01-23 19:33:36.000000000 +0000
@@ -301,77 +301,39 @@
if ((active0 & 0x20000L) != 0L) {
return 1;
}
- if ((active0 & 0x141d555401c000L) != 0L) {
- jjmatchedKind = 56;
- return 30;
+ if ((active0 & 0xa0d555401c000L) != 0L) {
+ jjmatchedKind = 55;
+ return 16;
}
return -1;
case 1:
- if ((active0 & 0x41554000000L) != 0L) {
- return 30;
- }
- if ((active0 & 0x1419400001c000L) != 0L) {
- jjmatchedKind = 56;
+ if ((active0 & 0xa09400001c000L) != 0L) {
+ jjmatchedKind = 55;
jjmatchedPos = 1;
- return 30;
+ return 16;
+ }
+ if ((active0 & 0x41554000000L) != 0L) {
+ return 16;
}
return -1;
case 2:
- if ((active0 & 0x14014000000000L) != 0L) {
- return 30;
+ if ((active0 & 0xa014000000000L) != 0L) {
+ return 16;
}
- if ((active0 & 0x18000001c000L) != 0L) {
- jjmatchedKind = 56;
+ if ((active0 & 0x8000001c000L) != 0L) {
+ jjmatchedKind = 55;
jjmatchedPos = 2;
- return 30;
+ return 16;
}
return -1;
case 3:
if ((active0 & 0x14000L) != 0L) {
- return 30;
+ return 16;
}
- if ((active0 & 0x180000008000L) != 0L) {
- jjmatchedKind = 56;
- jjmatchedPos = 3;
- return 30;
- }
- return -1;
- case 4:
if ((active0 & 0x80000008000L) != 0L) {
- return 30;
- }
- if ((active0 & 0x100000000000L) != 0L) {
- jjmatchedKind = 56;
- jjmatchedPos = 4;
- return 30;
- }
- return -1;
- case 5:
- if ((active0 & 0x100000000000L) != 0L) {
- jjmatchedKind = 56;
- jjmatchedPos = 5;
- return 30;
- }
- return -1;
- case 6:
- if ((active0 & 0x100000000000L) != 0L) {
- jjmatchedKind = 56;
- jjmatchedPos = 6;
- return 30;
- }
- return -1;
- case 7:
- if ((active0 & 0x100000000000L) != 0L) {
- jjmatchedKind = 56;
- jjmatchedPos = 7;
- return 30;
- }
- return -1;
- case 8:
- if ((active0 & 0x100000000000L) != 0L) {
- jjmatchedKind = 56;
- jjmatchedPos = 8;
- return 30;
+ jjmatchedKind = 55;
+ jjmatchedPos = 3;
+ return 16;
}
return -1;
default:
@@ -389,7 +351,7 @@
jjmatchedKind = 37;
return jjMoveStringLiteralDfa1_2(0x800000000L);
case 37:
- return jjStopAtPos(0, 51);
+ return jjStopAtPos(0, 50);
case 38:
return jjMoveStringLiteralDfa1_2(0x8000000000L);
case 40:
@@ -397,19 +359,19 @@
case 41:
return jjStopAtPos(0, 19);
case 42:
- return jjStopAtPos(0, 45);
+ return jjStopAtPos(0, 44);
case 43:
- jjmatchedKind = 46;
- return jjMoveStringLiteralDfa1_2(0x20000000000000L);
+ jjmatchedKind = 45;
+ return jjMoveStringLiteralDfa1_2(0x10000000000000L);
case 44:
return jjStopAtPos(0, 24);
case 45:
- jjmatchedKind = 47;
- return jjMoveStringLiteralDfa1_2(0x80000000000000L);
+ jjmatchedKind = 46;
+ return jjMoveStringLiteralDfa1_2(0x40000000000000L);
case 46:
return jjStartNfaWithStates_2(0, 17, 1);
case 47:
- return jjStopAtPos(0, 49);
+ return jjStopAtPos(0, 48);
case 58:
return jjStopAtPos(0, 22);
case 59:
@@ -418,13 +380,13 @@
jjmatchedKind = 27;
return jjMoveStringLiteralDfa1_2(0x80000000L);
case 61:
- jjmatchedKind = 54;
+ jjmatchedKind = 53;
return jjMoveStringLiteralDfa1_2(0x200000000L);
case 62:
jjmatchedKind = 25;
return jjMoveStringLiteralDfa1_2(0x20000000L);
case 63:
- return jjStopAtPos(0, 48);
+ return jjStopAtPos(0, 47);
case 91:
return jjStopAtPos(0, 20);
case 93:
@@ -432,19 +394,17 @@
case 97:
return jjMoveStringLiteralDfa1_2(0x10000000000L);
case 100:
- return jjMoveStringLiteralDfa1_2(0x4000000000000L);
+ return jjMoveStringLiteralDfa1_2(0x2000000000000L);
case 101:
return jjMoveStringLiteralDfa1_2(0x80400000000L);
case 102:
return jjMoveStringLiteralDfa1_2(0x8000L);
case 103:
return jjMoveStringLiteralDfa1_2(0x44000000L);
- case 105:
- return jjMoveStringLiteralDfa1_2(0x100000000000L);
case 108:
return jjMoveStringLiteralDfa1_2(0x110000000L);
case 109:
- return jjMoveStringLiteralDfa1_2(0x10000000000000L);
+ return jjMoveStringLiteralDfa1_2(0x8000000000000L);
case 110:
return jjMoveStringLiteralDfa1_2(0x5000010000L);
case 111:
@@ -484,49 +444,49 @@
return jjStopAtPos(1, 33);
} else if ((active0 & 0x800000000L) != 0L) {
return jjStopAtPos(1, 35);
- } else if ((active0 & 0x20000000000000L) != 0L) {
- return jjStopAtPos(1, 53);
+ } else if ((active0 & 0x10000000000000L) != 0L) {
+ return jjStopAtPos(1, 52);
}
break;
case 62:
- if ((active0 & 0x80000000000000L) != 0L) {
- return jjStopAtPos(1, 55);
+ if ((active0 & 0x40000000000000L) != 0L) {
+ return jjStopAtPos(1, 54);
}
break;
case 97:
return jjMoveStringLiteralDfa2_2(active0, 0x8000L);
case 101:
if ((active0 & 0x40000000L) != 0L) {
- return jjStartNfaWithStates_2(1, 30, 30);
+ return jjStartNfaWithStates_2(1, 30, 16);
} else if ((active0 & 0x100000000L) != 0L) {
- return jjStartNfaWithStates_2(1, 32, 30);
+ return jjStartNfaWithStates_2(1, 32, 16);
} else if ((active0 & 0x1000000000L) != 0L) {
- return jjStartNfaWithStates_2(1, 36, 30);
+ return jjStartNfaWithStates_2(1, 36, 16);
}
break;
case 105:
- return jjMoveStringLiteralDfa2_2(active0, 0x4000000000000L);
+ return jjMoveStringLiteralDfa2_2(active0, 0x2000000000000L);
case 109:
return jjMoveStringLiteralDfa2_2(active0, 0x80000000000L);
case 110:
- return jjMoveStringLiteralDfa2_2(active0, 0x110000000000L);
+ return jjMoveStringLiteralDfa2_2(active0, 0x10000000000L);
case 111:
- return jjMoveStringLiteralDfa2_2(active0, 0x10004000000000L);
+ return jjMoveStringLiteralDfa2_2(active0, 0x8004000000000L);
case 113:
if ((active0 & 0x400000000L) != 0L) {
- return jjStartNfaWithStates_2(1, 34, 30);
+ return jjStartNfaWithStates_2(1, 34, 16);
}
break;
case 114:
if ((active0 & 0x40000000000L) != 0L) {
- return jjStartNfaWithStates_2(1, 42, 30);
+ return jjStartNfaWithStates_2(1, 42, 16);
}
return jjMoveStringLiteralDfa2_2(active0, 0x4000L);
case 116:
if ((active0 & 0x4000000L) != 0L) {
- return jjStartNfaWithStates_2(1, 26, 30);
+ return jjStartNfaWithStates_2(1, 26, 16);
} else if ((active0 & 0x10000000L) != 0L) {
- return jjStartNfaWithStates_2(1, 28, 30);
+ return jjStartNfaWithStates_2(1, 28, 16);
}
break;
case 117:
@@ -555,27 +515,25 @@
switch (curChar) {
case 100:
if ((active0 & 0x10000000000L) != 0L) {
- return jjStartNfaWithStates_2(2, 40, 30);
- } else if ((active0 & 0x10000000000000L) != 0L) {
- return jjStartNfaWithStates_2(2, 52, 30);
+ return jjStartNfaWithStates_2(2, 40, 16);
+ } else if ((active0 & 0x8000000000000L) != 0L) {
+ return jjStartNfaWithStates_2(2, 51, 16);
}
break;
case 108:
return jjMoveStringLiteralDfa3_2(active0, 0x18000L);
case 112:
return jjMoveStringLiteralDfa3_2(active0, 0x80000000000L);
- case 115:
- return jjMoveStringLiteralDfa3_2(active0, 0x100000000000L);
case 116:
if ((active0 & 0x4000000000L) != 0L) {
- return jjStartNfaWithStates_2(2, 38, 30);
+ return jjStartNfaWithStates_2(2, 38, 16);
}
break;
case 117:
return jjMoveStringLiteralDfa3_2(active0, 0x4000L);
case 118:
- if ((active0 & 0x4000000000000L) != 0L) {
- return jjStartNfaWithStates_2(2, 50, 30);
+ if ((active0 & 0x2000000000000L) != 0L) {
+ return jjStartNfaWithStates_2(2, 49, 16);
}
break;
default:
@@ -597,18 +555,18 @@
switch (curChar) {
case 101:
if ((active0 & 0x4000L) != 0L) {
- return jjStartNfaWithStates_2(3, 14, 30);
+ return jjStartNfaWithStates_2(3, 14, 16);
}
break;
case 108:
if ((active0 & 0x10000L) != 0L) {
- return jjStartNfaWithStates_2(3, 16, 30);
+ return jjStartNfaWithStates_2(3, 16, 16);
}
break;
case 115:
return jjMoveStringLiteralDfa4_2(active0, 0x8000L);
case 116:
- return jjMoveStringLiteralDfa4_2(active0, 0x180000000000L);
+ return jjMoveStringLiteralDfa4_2(active0, 0x80000000000L);
default:
break;
}
@@ -626,16 +584,14 @@
return 4;
}
switch (curChar) {
- case 97:
- return jjMoveStringLiteralDfa5_2(active0, 0x100000000000L);
case 101:
if ((active0 & 0x8000L) != 0L) {
- return jjStartNfaWithStates_2(4, 15, 30);
+ return jjStartNfaWithStates_2(4, 15, 16);
}
break;
case 121:
if ((active0 & 0x80000000000L) != 0L) {
- return jjStartNfaWithStates_2(4, 43, 30);
+ return jjStartNfaWithStates_2(4, 43, 16);
}
break;
default:
@@ -644,104 +600,6 @@
return jjStartNfa_2(3, active0);
}
- private int jjMoveStringLiteralDfa5_2(long old0, long active0) {
- if (((active0 &= old0)) == 0L) {
- return jjStartNfa_2(3, old0);
- }
- try {
- curChar = input_stream.readChar();
- } catch (java.io.IOException e) {
- jjStopStringLiteralDfa_2(4, active0);
- return 5;
- }
- switch (curChar) {
- case 110:
- return jjMoveStringLiteralDfa6_2(active0, 0x100000000000L);
- default:
- break;
- }
- return jjStartNfa_2(4, active0);
- }
-
- private int jjMoveStringLiteralDfa6_2(long old0, long active0) {
- if (((active0 &= old0)) == 0L) {
- return jjStartNfa_2(4, old0);
- }
- try {
- curChar = input_stream.readChar();
- } catch (java.io.IOException e) {
- jjStopStringLiteralDfa_2(5, active0);
- return 6;
- }
- switch (curChar) {
- case 99:
- return jjMoveStringLiteralDfa7_2(active0, 0x100000000000L);
- default:
- break;
- }
- return jjStartNfa_2(5, active0);
- }
-
- private int jjMoveStringLiteralDfa7_2(long old0, long active0) {
- if (((active0 &= old0)) == 0L) {
- return jjStartNfa_2(5, old0);
- }
- try {
- curChar = input_stream.readChar();
- } catch (java.io.IOException e) {
- jjStopStringLiteralDfa_2(6, active0);
- return 7;
- }
- switch (curChar) {
- case 101:
- return jjMoveStringLiteralDfa8_2(active0, 0x100000000000L);
- default:
- break;
- }
- return jjStartNfa_2(6, active0);
- }
-
- private int jjMoveStringLiteralDfa8_2(long old0, long active0) {
- if (((active0 &= old0)) == 0L) {
- return jjStartNfa_2(6, old0);
- }
- try {
- curChar = input_stream.readChar();
- } catch (java.io.IOException e) {
- jjStopStringLiteralDfa_2(7, active0);
- return 8;
- }
- switch (curChar) {
- case 111:
- return jjMoveStringLiteralDfa9_2(active0, 0x100000000000L);
- default:
- break;
- }
- return jjStartNfa_2(7, active0);
- }
-
- private int jjMoveStringLiteralDfa9_2(long old0, long active0) {
- if (((active0 &= old0)) == 0L) {
- return jjStartNfa_2(7, old0);
- }
- try {
- curChar = input_stream.readChar();
- } catch (java.io.IOException e) {
- jjStopStringLiteralDfa_2(8, active0);
- return 9;
- }
- switch (curChar) {
- case 102:
- if ((active0 & 0x100000000000L) != 0L) {
- return jjStartNfaWithStates_2(9, 44, 30);
- }
- break;
- default:
- break;
- }
- return jjStartNfa_2(8, active0);
- }
-
private int jjStartNfaWithStates_2(int pos, int kind, int state) {
jjmatchedKind = kind;
jjmatchedPos = pos;
@@ -876,7 +734,7 @@
private int jjMoveNfa_2(int startState, int curPos) {
int startsAt = 0;
- jjnewStateCnt = 30;
+ jjnewStateCnt = 29;
int i = 1;
jjstateSet[0] = startState;
int kind = 0x7fffffff;
@@ -896,12 +754,12 @@
{
jjCheckNAddStates(18, 22);
}
- } else if ((0x1800000000L & l) != 0L) {
- if (kind > 56) {
- kind = 56;
+ } else if (curChar == 36) {
+ if (kind > 55) {
+ kind = 55;
}
{
- jjCheckNAddTwoStates(28, 29);
+ jjCheckNAdd(16);
}
} else if (curChar == 39) {
jjCheckNAddStates(23, 25);
@@ -911,24 +769,6 @@
jjCheckNAdd(1);
}
break;
- case 30:
- if ((0x3ff00100fffc1ffL & l) != 0L) {
- if (kind > 57) {
- kind = 57;
- }
- {
- jjCheckNAdd(29);
- }
- }
- if ((0x3ff00100fffc1ffL & l) != 0L) {
- if (kind > 56) {
- kind = 56;
- }
- {
- jjCheckNAdd(28);
- }
- }
- break;
case 1:
if ((0x3ff000000000000L & l) == 0L) {
break;
@@ -995,6 +835,26 @@
}
break;
case 15:
+ if (curChar != 36) {
+ break;
+ }
+ if (kind > 55) {
+ kind = 55;
+ } {
+ jjCheckNAdd(16);
+ }
+ break;
+ case 16:
+ if ((0x3ff00100fffc1ffL & l) == 0L) {
+ break;
+ }
+ if (kind > 55) {
+ kind = 55;
+ } {
+ jjCheckNAdd(16);
+ }
+ break;
+ case 17:
if ((0x3ff000000000000L & l) == 0L) {
break;
}
@@ -1004,106 +864,76 @@
jjCheckNAddStates(18, 22);
}
break;
- case 16:
+ case 18:
if ((0x3ff000000000000L & l) == 0L) {
break;
}
if (kind > 10) {
kind = 10;
} {
- jjCheckNAdd(16);
+ jjCheckNAdd(18);
}
break;
- case 17:
+ case 19:
if ((0x3ff000000000000L & l) != 0L) {
- jjCheckNAddTwoStates(17, 18);
+ jjCheckNAddTwoStates(19, 20);
}
break;
- case 18:
+ case 20:
if (curChar != 46) {
break;
}
if (kind > 11) {
kind = 11;
} {
- jjCheckNAddTwoStates(19, 20);
+ jjCheckNAddTwoStates(21, 22);
}
break;
- case 19:
+ case 21:
if ((0x3ff000000000000L & l) == 0L) {
break;
}
if (kind > 11) {
kind = 11;
} {
- jjCheckNAddTwoStates(19, 20);
+ jjCheckNAddTwoStates(21, 22);
}
break;
- case 21:
+ case 23:
if ((0x280000000000L & l) != 0L) {
- jjCheckNAdd(22);
+ jjCheckNAdd(24);
}
break;
- case 22:
+ case 24:
if ((0x3ff000000000000L & l) == 0L) {
break;
}
if (kind > 11) {
kind = 11;
} {
- jjCheckNAdd(22);
+ jjCheckNAdd(24);
}
break;
- case 23:
+ case 25:
if ((0x3ff000000000000L & l) != 0L) {
- jjCheckNAddTwoStates(23, 24);
+ jjCheckNAddTwoStates(25, 26);
}
break;
- case 25:
+ case 27:
if ((0x280000000000L & l) != 0L) {
- jjCheckNAdd(26);
+ jjCheckNAdd(28);
}
break;
- case 26:
+ case 28:
if ((0x3ff000000000000L & l) == 0L) {
break;
}
if (kind > 11) {
kind = 11;
} {
- jjCheckNAdd(26);
- }
- break;
- case 27:
- if ((0x1800000000L & l) == 0L) {
- break;
- }
- if (kind > 56) {
- kind = 56;
- } {
- jjCheckNAddTwoStates(28, 29);
- }
- break;
- case 28:
- if ((0x3ff00100fffc1ffL & l) == 0L) {
- break;
- }
- if (kind > 56) {
- kind = 56;
- } {
jjCheckNAdd(28);
}
break;
- case 29:
- if ((0x3ff00100fffc1ffL & l) == 0L) {
- break;
- }
- if (kind > 57) {
- kind = 57;
- } {
- jjCheckNAdd(29);
- }
- break;
default:
break;
}
@@ -1116,30 +946,12 @@
if ((0x7fffffe87fffffeL & l) == 0L) {
break;
}
- if (kind > 56) {
- kind = 56;
+ if (kind > 55) {
+ kind = 55;
} {
- jjCheckNAddTwoStates(28, 29);
+ jjCheckNAdd(16);
}
break;
- case 30:
- if ((0x87fffffe87fffffeL & l) != 0L) {
- if (kind > 57) {
- kind = 57;
- }
- {
- jjCheckNAdd(29);
- }
- }
- if ((0x87fffffe87fffffeL & l) != 0L) {
- if (kind > 56) {
- kind = 56;
- }
- {
- jjCheckNAdd(28);
- }
- }
- break;
case 2:
if ((0x2000000020L & l) != 0L) {
jjAddStates(29, 30);
@@ -1175,35 +987,25 @@
jjCheckNAddStates(23, 25);
}
break;
- case 20:
- if ((0x2000000020L & l) != 0L) {
- jjAddStates(31, 32);
- }
- break;
- case 24:
- if ((0x2000000020L & l) != 0L) {
- jjAddStates(33, 34);
- }
- break;
- case 28:
+ case 16:
if ((0x87fffffe87fffffeL & l) == 0L) {
break;
}
- if (kind > 56) {
- kind = 56;
+ if (kind > 55) {
+ kind = 55;
} {
- jjCheckNAdd(28);
+ jjCheckNAdd(16);
}
break;
- case 29:
- if ((0x87fffffe87fffffeL & l) == 0L) {
- break;
+ case 22:
+ if ((0x2000000020L & l) != 0L) {
+ jjAddStates(31, 32);
+ }
+ break;
+ case 26:
+ if ((0x2000000020L & l) != 0L) {
+ jjAddStates(33, 34);
}
- if (kind > 57) {
- kind = 57;
- } {
- jjCheckNAdd(29);
- }
break;
default:
break;
@@ -1221,30 +1023,12 @@
if (!jjCanMove_1(hiByte, i1, i2, l1, l2)) {
break;
}
- if (kind > 56) {
- kind = 56;
+ if (kind > 55) {
+ kind = 55;
} {
- jjCheckNAddTwoStates(28, 29);
+ jjCheckNAdd(16);
}
break;
- case 30:
- if (jjCanMove_2(hiByte, i1, i2, l1, l2)) {
- if (kind > 56) {
- kind = 56;
- }
- {
- jjCheckNAdd(28);
- }
- }
- if (jjCanMove_2(hiByte, i1, i2, l1, l2)) {
- if (kind > 57) {
- kind = 57;
- }
- {
- jjCheckNAdd(29);
- }
- }
- break;
case 6:
if (jjCanMove_0(hiByte, i1, i2, l1, l2)) {
jjAddStates(26, 28);
@@ -1255,24 +1039,14 @@
jjAddStates(23, 25);
}
break;
- case 28:
- if (!jjCanMove_2(hiByte, i1, i2, l1, l2)) {
- break;
- }
- if (kind > 56) {
- kind = 56;
- } {
- jjCheckNAdd(28);
- }
- break;
- case 29:
+ case 16:
if (!jjCanMove_2(hiByte, i1, i2, l1, l2)) {
break;
}
- if (kind > 57) {
- kind = 57;
+ if (kind > 55) {
+ kind = 55;
} {
- jjCheckNAdd(29);
+ jjCheckNAdd(16);
}
break;
default:
@@ -1290,7 +1064,7 @@
kind = 0x7fffffff;
}
++curPos;
- if ((i = jjnewStateCnt) == (startsAt = 30 - (jjnewStateCnt = startsAt))) {
+ if ((i = jjnewStateCnt) == (startsAt = 29 - (jjnewStateCnt = startsAt))) {
return curPos;
}
try {
@@ -1307,77 +1081,39 @@
if ((active0 & 0x20000L) != 0L) {
return 1;
}
- if ((active0 & 0x141d555401c000L) != 0L) {
- jjmatchedKind = 56;
- return 30;
+ if ((active0 & 0xa0d555401c000L) != 0L) {
+ jjmatchedKind = 55;
+ return 16;
}
return -1;
case 1:
- if ((active0 & 0x41554000000L) != 0L) {
- return 30;
- }
- if ((active0 & 0x1419400001c000L) != 0L) {
- jjmatchedKind = 56;
+ if ((active0 & 0xa09400001c000L) != 0L) {
+ jjmatchedKind = 55;
jjmatchedPos = 1;
- return 30;
+ return 16;
+ }
+ if ((active0 & 0x41554000000L) != 0L) {
+ return 16;
}
return -1;
case 2:
- if ((active0 & 0x14014000000000L) != 0L) {
- return 30;
+ if ((active0 & 0xa014000000000L) != 0L) {
+ return 16;
}
- if ((active0 & 0x18000001c000L) != 0L) {
- jjmatchedKind = 56;
+ if ((active0 & 0x8000001c000L) != 0L) {
+ jjmatchedKind = 55;
jjmatchedPos = 2;
- return 30;
+ return 16;
}
return -1;
case 3:
if ((active0 & 0x14000L) != 0L) {
- return 30;
+ return 16;
}
- if ((active0 & 0x180000008000L) != 0L) {
- jjmatchedKind = 56;
- jjmatchedPos = 3;
- return 30;
- }
- return -1;
- case 4:
if ((active0 & 0x80000008000L) != 0L) {
- return 30;
- }
- if ((active0 & 0x100000000000L) != 0L) {
- jjmatchedKind = 56;
- jjmatchedPos = 4;
- return 30;
- }
- return -1;
- case 5:
- if ((active0 & 0x100000000000L) != 0L) {
- jjmatchedKind = 56;
- jjmatchedPos = 5;
- return 30;
- }
- return -1;
- case 6:
- if ((active0 & 0x100000000000L) != 0L) {
- jjmatchedKind = 56;
- jjmatchedPos = 6;
- return 30;
- }
- return -1;
- case 7:
- if ((active0 & 0x100000000000L) != 0L) {
- jjmatchedKind = 56;
- jjmatchedPos = 7;
- return 30;
- }
- return -1;
- case 8:
- if ((active0 & 0x100000000000L) != 0L) {
- jjmatchedKind = 56;
- jjmatchedPos = 8;
- return 30;
+ jjmatchedKind = 55;
+ jjmatchedPos = 3;
+ return 16;
}
return -1;
default:
@@ -1395,7 +1131,7 @@
jjmatchedKind = 37;
return jjMoveStringLiteralDfa1_1(0x800000000L);
case 37:
- return jjStopAtPos(0, 51);
+ return jjStopAtPos(0, 50);
case 38:
return jjMoveStringLiteralDfa1_1(0x8000000000L);
case 40:
@@ -1403,19 +1139,19 @@
case 41:
return jjStopAtPos(0, 19);
case 42:
- return jjStopAtPos(0, 45);
+ return jjStopAtPos(0, 44);
case 43:
- jjmatchedKind = 46;
- return jjMoveStringLiteralDfa1_1(0x20000000000000L);
+ jjmatchedKind = 45;
+ return jjMoveStringLiteralDfa1_1(0x10000000000000L);
case 44:
return jjStopAtPos(0, 24);
case 45:
- jjmatchedKind = 47;
- return jjMoveStringLiteralDfa1_1(0x80000000000000L);
+ jjmatchedKind = 46;
+ return jjMoveStringLiteralDfa1_1(0x40000000000000L);
case 46:
return jjStartNfaWithStates_1(0, 17, 1);
case 47:
- return jjStopAtPos(0, 49);
+ return jjStopAtPos(0, 48);
case 58:
return jjStopAtPos(0, 22);
case 59:
@@ -1424,13 +1160,13 @@
jjmatchedKind = 27;
return jjMoveStringLiteralDfa1_1(0x80000000L);
case 61:
- jjmatchedKind = 54;
+ jjmatchedKind = 53;
return jjMoveStringLiteralDfa1_1(0x200000000L);
case 62:
jjmatchedKind = 25;
return jjMoveStringLiteralDfa1_1(0x20000000L);
case 63:
- return jjStopAtPos(0, 48);
+ return jjStopAtPos(0, 47);
case 91:
return jjStopAtPos(0, 20);
case 93:
@@ -1438,19 +1174,17 @@
case 97:
return jjMoveStringLiteralDfa1_1(0x10000000000L);
case 100:
- return jjMoveStringLiteralDfa1_1(0x4000000000000L);
+ return jjMoveStringLiteralDfa1_1(0x2000000000000L);
case 101:
return jjMoveStringLiteralDfa1_1(0x80400000000L);
case 102:
return jjMoveStringLiteralDfa1_1(0x8000L);
case 103:
return jjMoveStringLiteralDfa1_1(0x44000000L);
- case 105:
- return jjMoveStringLiteralDfa1_1(0x100000000000L);
case 108:
return jjMoveStringLiteralDfa1_1(0x110000000L);
case 109:
- return jjMoveStringLiteralDfa1_1(0x10000000000000L);
+ return jjMoveStringLiteralDfa1_1(0x8000000000000L);
case 110:
return jjMoveStringLiteralDfa1_1(0x5000010000L);
case 111:
@@ -1490,49 +1224,49 @@
return jjStopAtPos(1, 33);
} else if ((active0 & 0x800000000L) != 0L) {
return jjStopAtPos(1, 35);
- } else if ((active0 & 0x20000000000000L) != 0L) {
- return jjStopAtPos(1, 53);
+ } else if ((active0 & 0x10000000000000L) != 0L) {
+ return jjStopAtPos(1, 52);
}
break;
case 62:
- if ((active0 & 0x80000000000000L) != 0L) {
- return jjStopAtPos(1, 55);
+ if ((active0 & 0x40000000000000L) != 0L) {
+ return jjStopAtPos(1, 54);
}
break;
case 97:
return jjMoveStringLiteralDfa2_1(active0, 0x8000L);
case 101:
if ((active0 & 0x40000000L) != 0L) {
- return jjStartNfaWithStates_1(1, 30, 30);
+ return jjStartNfaWithStates_1(1, 30, 16);
} else if ((active0 & 0x100000000L) != 0L) {
- return jjStartNfaWithStates_1(1, 32, 30);
+ return jjStartNfaWithStates_1(1, 32, 16);
} else if ((active0 & 0x1000000000L) != 0L) {
- return jjStartNfaWithStates_1(1, 36, 30);
+ return jjStartNfaWithStates_1(1, 36, 16);
}
break;
case 105:
- return jjMoveStringLiteralDfa2_1(active0, 0x4000000000000L);
+ return jjMoveStringLiteralDfa2_1(active0, 0x2000000000000L);
case 109:
return jjMoveStringLiteralDfa2_1(active0, 0x80000000000L);
case 110:
- return jjMoveStringLiteralDfa2_1(active0, 0x110000000000L);
+ return jjMoveStringLiteralDfa2_1(active0, 0x10000000000L);
case 111:
- return jjMoveStringLiteralDfa2_1(active0, 0x10004000000000L);
+ return jjMoveStringLiteralDfa2_1(active0, 0x8004000000000L);
case 113:
if ((active0 & 0x400000000L) != 0L) {
- return jjStartNfaWithStates_1(1, 34, 30);
+ return jjStartNfaWithStates_1(1, 34, 16);
}
break;
case 114:
if ((active0 & 0x40000000000L) != 0L) {
- return jjStartNfaWithStates_1(1, 42, 30);
+ return jjStartNfaWithStates_1(1, 42, 16);
}
return jjMoveStringLiteralDfa2_1(active0, 0x4000L);
case 116:
if ((active0 & 0x4000000L) != 0L) {
- return jjStartNfaWithStates_1(1, 26, 30);
+ return jjStartNfaWithStates_1(1, 26, 16);
} else if ((active0 & 0x10000000L) != 0L) {
- return jjStartNfaWithStates_1(1, 28, 30);
+ return jjStartNfaWithStates_1(1, 28, 16);
}
break;
case 117:
@@ -1561,27 +1295,25 @@
switch (curChar) {
case 100:
if ((active0 & 0x10000000000L) != 0L) {
- return jjStartNfaWithStates_1(2, 40, 30);
- } else if ((active0 & 0x10000000000000L) != 0L) {
- return jjStartNfaWithStates_1(2, 52, 30);
+ return jjStartNfaWithStates_1(2, 40, 16);
+ } else if ((active0 & 0x8000000000000L) != 0L) {
+ return jjStartNfaWithStates_1(2, 51, 16);
}
break;
case 108:
return jjMoveStringLiteralDfa3_1(active0, 0x18000L);
case 112:
return jjMoveStringLiteralDfa3_1(active0, 0x80000000000L);
- case 115:
- return jjMoveStringLiteralDfa3_1(active0, 0x100000000000L);
case 116:
if ((active0 & 0x4000000000L) != 0L) {
- return jjStartNfaWithStates_1(2, 38, 30);
+ return jjStartNfaWithStates_1(2, 38, 16);
}
break;
case 117:
return jjMoveStringLiteralDfa3_1(active0, 0x4000L);
case 118:
- if ((active0 & 0x4000000000000L) != 0L) {
- return jjStartNfaWithStates_1(2, 50, 30);
+ if ((active0 & 0x2000000000000L) != 0L) {
+ return jjStartNfaWithStates_1(2, 49, 16);
}
break;
default:
@@ -1603,18 +1335,18 @@
switch (curChar) {
case 101:
if ((active0 & 0x4000L) != 0L) {
- return jjStartNfaWithStates_1(3, 14, 30);
+ return jjStartNfaWithStates_1(3, 14, 16);
}
break;
case 108:
if ((active0 & 0x10000L) != 0L) {
- return jjStartNfaWithStates_1(3, 16, 30);
+ return jjStartNfaWithStates_1(3, 16, 16);
}
break;
case 115:
return jjMoveStringLiteralDfa4_1(active0, 0x8000L);
case 116:
- return jjMoveStringLiteralDfa4_1(active0, 0x180000000000L);
+ return jjMoveStringLiteralDfa4_1(active0, 0x80000000000L);
default:
break;
}
@@ -1632,16 +1364,14 @@
return 4;
}
switch (curChar) {
- case 97:
- return jjMoveStringLiteralDfa5_1(active0, 0x100000000000L);
case 101:
if ((active0 & 0x8000L) != 0L) {
- return jjStartNfaWithStates_1(4, 15, 30);
+ return jjStartNfaWithStates_1(4, 15, 16);
}
break;
case 121:
if ((active0 & 0x80000000000L) != 0L) {
- return jjStartNfaWithStates_1(4, 43, 30);
+ return jjStartNfaWithStates_1(4, 43, 16);
}
break;
default:
@@ -1650,104 +1380,6 @@
return jjStartNfa_1(3, active0);
}
- private int jjMoveStringLiteralDfa5_1(long old0, long active0) {
- if (((active0 &= old0)) == 0L) {
- return jjStartNfa_1(3, old0);
- }
- try {
- curChar = input_stream.readChar();
- } catch (java.io.IOException e) {
- jjStopStringLiteralDfa_1(4, active0);
- return 5;
- }
- switch (curChar) {
- case 110:
- return jjMoveStringLiteralDfa6_1(active0, 0x100000000000L);
- default:
- break;
- }
- return jjStartNfa_1(4, active0);
- }
-
- private int jjMoveStringLiteralDfa6_1(long old0, long active0) {
- if (((active0 &= old0)) == 0L) {
- return jjStartNfa_1(4, old0);
- }
- try {
- curChar = input_stream.readChar();
- } catch (java.io.IOException e) {
- jjStopStringLiteralDfa_1(5, active0);
- return 6;
- }
- switch (curChar) {
- case 99:
- return jjMoveStringLiteralDfa7_1(active0, 0x100000000000L);
- default:
- break;
- }
- return jjStartNfa_1(5, active0);
- }
-
- private int jjMoveStringLiteralDfa7_1(long old0, long active0) {
- if (((active0 &= old0)) == 0L) {
- return jjStartNfa_1(5, old0);
- }
- try {
- curChar = input_stream.readChar();
- } catch (java.io.IOException e) {
- jjStopStringLiteralDfa_1(6, active0);
- return 7;
- }
- switch (curChar) {
- case 101:
- return jjMoveStringLiteralDfa8_1(active0, 0x100000000000L);
- default:
- break;
- }
- return jjStartNfa_1(6, active0);
- }
-
- private int jjMoveStringLiteralDfa8_1(long old0, long active0) {
- if (((active0 &= old0)) == 0L) {
- return jjStartNfa_1(6, old0);
- }
- try {
- curChar = input_stream.readChar();
- } catch (java.io.IOException e) {
- jjStopStringLiteralDfa_1(7, active0);
- return 8;
- }
- switch (curChar) {
- case 111:
- return jjMoveStringLiteralDfa9_1(active0, 0x100000000000L);
- default:
- break;
- }
- return jjStartNfa_1(7, active0);
- }
-
- private int jjMoveStringLiteralDfa9_1(long old0, long active0) {
- if (((active0 &= old0)) == 0L) {
- return jjStartNfa_1(7, old0);
- }
- try {
- curChar = input_stream.readChar();
- } catch (java.io.IOException e) {
- jjStopStringLiteralDfa_1(8, active0);
- return 9;
- }
- switch (curChar) {
- case 102:
- if ((active0 & 0x100000000000L) != 0L) {
- return jjStartNfaWithStates_1(9, 44, 30);
- }
- break;
- default:
- break;
- }
- return jjStartNfa_1(8, active0);
- }
-
private int jjStartNfaWithStates_1(int pos, int kind, int state) {
jjmatchedKind = kind;
jjmatchedPos = pos;
@@ -1761,7 +1393,7 @@
private int jjMoveNfa_1(int startState, int curPos) {
int startsAt = 0;
- jjnewStateCnt = 30;
+ jjnewStateCnt = 29;
int i = 1;
jjstateSet[0] = startState;
int kind = 0x7fffffff;
@@ -1781,12 +1413,12 @@
{
jjCheckNAddStates(18, 22);
}
- } else if ((0x1800000000L & l) != 0L) {
- if (kind > 56) {
- kind = 56;
+ } else if (curChar == 36) {
+ if (kind > 55) {
+ kind = 55;
}
{
- jjCheckNAddTwoStates(28, 29);
+ jjCheckNAdd(16);
}
} else if (curChar == 39) {
jjCheckNAddStates(23, 25);
@@ -1796,24 +1428,6 @@
jjCheckNAdd(1);
}
break;
- case 30:
- if ((0x3ff00100fffc1ffL & l) != 0L) {
- if (kind > 57) {
- kind = 57;
- }
- {
- jjCheckNAdd(29);
- }
- }
- if ((0x3ff00100fffc1ffL & l) != 0L) {
- if (kind > 56) {
- kind = 56;
- }
- {
- jjCheckNAdd(28);
- }
- }
- break;
case 1:
if ((0x3ff000000000000L & l) == 0L) {
break;
@@ -1880,6 +1494,26 @@
}
break;
case 15:
+ if (curChar != 36) {
+ break;
+ }
+ if (kind > 55) {
+ kind = 55;
+ } {
+ jjCheckNAdd(16);
+ }
+ break;
+ case 16:
+ if ((0x3ff00100fffc1ffL & l) == 0L) {
+ break;
+ }
+ if (kind > 55) {
+ kind = 55;
+ } {
+ jjCheckNAdd(16);
+ }
+ break;
+ case 17:
if ((0x3ff000000000000L & l) == 0L) {
break;
}
@@ -1889,106 +1523,76 @@
jjCheckNAddStates(18, 22);
}
break;
- case 16:
+ case 18:
if ((0x3ff000000000000L & l) == 0L) {
break;
}
if (kind > 10) {
kind = 10;
} {
- jjCheckNAdd(16);
+ jjCheckNAdd(18);
}
break;
- case 17:
+ case 19:
if ((0x3ff000000000000L & l) != 0L) {
- jjCheckNAddTwoStates(17, 18);
+ jjCheckNAddTwoStates(19, 20);
}
break;
- case 18:
+ case 20:
if (curChar != 46) {
break;
}
if (kind > 11) {
kind = 11;
} {
- jjCheckNAddTwoStates(19, 20);
+ jjCheckNAddTwoStates(21, 22);
}
break;
- case 19:
+ case 21:
if ((0x3ff000000000000L & l) == 0L) {
break;
}
if (kind > 11) {
kind = 11;
} {
- jjCheckNAddTwoStates(19, 20);
+ jjCheckNAddTwoStates(21, 22);
}
break;
- case 21:
+ case 23:
if ((0x280000000000L & l) != 0L) {
- jjCheckNAdd(22);
+ jjCheckNAdd(24);
}
break;
- case 22:
+ case 24:
if ((0x3ff000000000000L & l) == 0L) {
break;
}
if (kind > 11) {
kind = 11;
} {
- jjCheckNAdd(22);
+ jjCheckNAdd(24);
}
break;
- case 23:
+ case 25:
if ((0x3ff000000000000L & l) != 0L) {
- jjCheckNAddTwoStates(23, 24);
+ jjCheckNAddTwoStates(25, 26);
}
break;
- case 25:
+ case 27:
if ((0x280000000000L & l) != 0L) {
- jjCheckNAdd(26);
+ jjCheckNAdd(28);
}
break;
- case 26:
+ case 28:
if ((0x3ff000000000000L & l) == 0L) {
break;
}
if (kind > 11) {
kind = 11;
} {
- jjCheckNAdd(26);
- }
- break;
- case 27:
- if ((0x1800000000L & l) == 0L) {
- break;
- }
- if (kind > 56) {
- kind = 56;
- } {
- jjCheckNAddTwoStates(28, 29);
- }
- break;
- case 28:
- if ((0x3ff00100fffc1ffL & l) == 0L) {
- break;
- }
- if (kind > 56) {
- kind = 56;
- } {
jjCheckNAdd(28);
}
break;
- case 29:
- if ((0x3ff00100fffc1ffL & l) == 0L) {
- break;
- }
- if (kind > 57) {
- kind = 57;
- } {
- jjCheckNAdd(29);
- }
- break;
default:
break;
}
@@ -2001,30 +1605,12 @@
if ((0x7fffffe87fffffeL & l) == 0L) {
break;
}
- if (kind > 56) {
- kind = 56;
+ if (kind > 55) {
+ kind = 55;
} {
- jjCheckNAddTwoStates(28, 29);
+ jjCheckNAdd(16);
}
break;
- case 30:
- if ((0x87fffffe87fffffeL & l) != 0L) {
- if (kind > 57) {
- kind = 57;
- }
- {
- jjCheckNAdd(29);
- }
- }
- if ((0x87fffffe87fffffeL & l) != 0L) {
- if (kind > 56) {
- kind = 56;
- }
- {
- jjCheckNAdd(28);
- }
- }
- break;
case 2:
if ((0x2000000020L & l) != 0L) {
jjAddStates(29, 30);
@@ -2060,35 +1646,25 @@
jjCheckNAddStates(23, 25);
}
break;
- case 20:
- if ((0x2000000020L & l) != 0L) {
- jjAddStates(31, 32);
- }
- break;
- case 24:
- if ((0x2000000020L & l) != 0L) {
- jjAddStates(33, 34);
- }
- break;
- case 28:
+ case 16:
if ((0x87fffffe87fffffeL & l) == 0L) {
break;
}
- if (kind > 56) {
- kind = 56;
+ if (kind > 55) {
+ kind = 55;
} {
- jjCheckNAdd(28);
+ jjCheckNAdd(16);
}
break;
- case 29:
- if ((0x87fffffe87fffffeL & l) == 0L) {
- break;
+ case 22:
+ if ((0x2000000020L & l) != 0L) {
+ jjAddStates(31, 32);
+ }
+ break;
+ case 26:
+ if ((0x2000000020L & l) != 0L) {
+ jjAddStates(33, 34);
}
- if (kind > 57) {
- kind = 57;
- } {
- jjCheckNAdd(29);
- }
break;
default:
break;
@@ -2106,30 +1682,12 @@
if (!jjCanMove_1(hiByte, i1, i2, l1, l2)) {
break;
}
- if (kind > 56) {
- kind = 56;
+ if (kind > 55) {
+ kind = 55;
} {
- jjCheckNAddTwoStates(28, 29);
+ jjCheckNAdd(16);
}
break;
- case 30:
- if (jjCanMove_2(hiByte, i1, i2, l1, l2)) {
- if (kind > 56) {
- kind = 56;
- }
- {
- jjCheckNAdd(28);
- }
- }
- if (jjCanMove_2(hiByte, i1, i2, l1, l2)) {
- if (kind > 57) {
- kind = 57;
- }
- {
- jjCheckNAdd(29);
- }
- }
- break;
case 6:
if (jjCanMove_0(hiByte, i1, i2, l1, l2)) {
jjAddStates(26, 28);
@@ -2140,24 +1698,14 @@
jjAddStates(23, 25);
}
break;
- case 28:
- if (!jjCanMove_2(hiByte, i1, i2, l1, l2)) {
- break;
- }
- if (kind > 56) {
- kind = 56;
- } {
- jjCheckNAdd(28);
- }
- break;
- case 29:
+ case 16:
if (!jjCanMove_2(hiByte, i1, i2, l1, l2)) {
break;
}
- if (kind > 57) {
- kind = 57;
+ if (kind > 55) {
+ kind = 55;
} {
- jjCheckNAdd(29);
+ jjCheckNAdd(16);
}
break;
default:
@@ -2175,7 +1723,7 @@
kind = 0x7fffffff;
}
++curPos;
- if ((i = jjnewStateCnt) == (startsAt = 30 - (jjnewStateCnt = startsAt))) {
+ if ((i = jjnewStateCnt) == (startsAt = 29 - (jjnewStateCnt = startsAt))) {
return curPos;
}
try {
@@ -2191,9 +1739,8 @@
"\175", null, null, null, null, "\164\162\165\145", "\146\141\154\163\145", "\156\165\154\154", "\56",
"\50", "\51", "\133", "\135", "\72", "\73", "\54", "\76", "\147\164", "\74", "\154\164", "\76\75",
"\147\145", "\74\75", "\154\145", "\75\75", "\145\161", "\41\75", "\156\145", "\41", "\156\157\164",
- "\46\46", "\141\156\144", "\174\174", "\157\162", "\145\155\160\164\171",
- "\151\156\163\164\141\156\143\145\157\146", "\52", "\53", "\55", "\77", "\57", "\144\151\166", "\45",
- "\155\157\144", "\53\75", "\75", "\55\76", null, null, null, null, null, null, };
+ "\46\46", "\141\156\144", "\174\174", "\157\162", "\145\155\160\164\171", "\52", "\53", "\55", "\77", "\57",
+ "\144\151\166", "\45", "\155\157\144", "\53\75", "\75", "\55\76", null, null, null, null, };
protected Token jjFillToken() {
final Token t;
@@ -2218,8 +1765,8 @@
return t;
}
- static final int[] jjnextStates = { 0, 1, 3, 4, 2, 0, 1, 4, 2, 0, 1, 4, 5, 2, 0, 1, 2, 6, 16, 17, 18, 23, 24, 11,
- 12, 14, 6, 7, 9, 3, 4, 21, 22, 25, 26, };
+ static final int[] jjnextStates = { 0, 1, 3, 4, 2, 0, 1, 4, 2, 0, 1, 4, 5, 2, 0, 1, 2, 6, 18, 19, 20, 25, 26, 11,
+ 12, 14, 6, 7, 9, 3, 4, 23, 24, 27, 28, };
private static final boolean jjCanMove_0(int hiByte, int i1, int i2, long l1, long l2) {
switch (hiByte) {
@@ -2465,7 +2012,8 @@
Token matchedToken;
int curPos = 0;
- EOFLoop: for (;;) {
+ EOFLoop:
+ for (;;) {
try {
curChar = input_stream.BeginToken();
} catch (Exception e) {
@@ -2496,8 +2044,8 @@
jjmatchedKind = 0x7fffffff;
jjmatchedPos = 0;
curPos = jjMoveStringLiteralDfa0_1();
- if (jjmatchedPos == 0 && jjmatchedKind > 61) {
- jjmatchedKind = 61;
+ if (jjmatchedPos == 0 && jjmatchedKind > 58) {
+ jjmatchedKind = 58;
}
break;
case 2:
@@ -2512,8 +2060,8 @@
jjmatchedKind = 0x7fffffff;
jjmatchedPos = 0;
curPos = jjMoveStringLiteralDfa0_2();
- if (jjmatchedPos == 0 && jjmatchedKind > 61) {
- jjmatchedKind = 61;
+ if (jjmatchedPos == 0 && jjmatchedKind > 58) {
+ jjmatchedKind = 58;
}
break;
}
@@ -2657,7 +2205,7 @@
private void ReInitRounds() {
int i;
jjround = 0x80000001;
- for (i = 30; i-- > 0;) {
+ for (i = 29; i-- > 0;) {
jjrounds[i] = 0x80000000;
}
}
@@ -2687,15 +2235,15 @@
/** Lex State array. */
public static final int[] jjnewLexState = { -1, -1, 1, 1, -1, -1, -1, -1, 2, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, };
- static final long[] jjtoToken = { 0x23ffffffffffef0fL, };
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, };
+ static final long[] jjtoToken = { 0x4ffffffffffef0fL, };
static final long[] jjtoSkip = { 0xf0L, };
static final long[] jjtoSpecial = { 0x0L, };
static final long[] jjtoMore = { 0x0L, };
protected SimpleCharStream input_stream;
- private final int[] jjrounds = new int[30];
- private final int[] jjstateSet = new int[2 * 30];
+ private final int[] jjrounds = new int[29];
+ private final int[] jjstateSet = new int[2 * 29];
private final StringBuilder jjimage = new StringBuilder();
private StringBuilder image = jjimage;
private int jjimageLen;
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/Node.java tomcat10-10.1.52/java/org/apache/el/parser/Node.java
--- tomcat10-10.1.40/java/org/apache/el/parser/Node.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/Node.java 2026-01-23 19:33:36.000000000 +0000
@@ -28,10 +28,6 @@
/* All AST nodes must implement this interface. It provides basic
machinery for constructing the parent and child relationships
between nodes. */
-
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
@SuppressWarnings("all") // Ignore warnings in generated code
public interface Node {
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/NodeVisitor.java tomcat10-10.1.52/java/org/apache/el/parser/NodeVisitor.java
--- tomcat10-10.1.40/java/org/apache/el/parser/NodeVisitor.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/NodeVisitor.java 2026-01-23 19:33:36.000000000 +0000
@@ -16,9 +16,6 @@
*/
package org.apache.el.parser;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public interface NodeVisitor {
void visit(Node node) throws Exception;
diff -Nru tomcat10-10.1.40/java/org/apache/el/parser/SimpleNode.java tomcat10-10.1.52/java/org/apache/el/parser/SimpleNode.java
--- tomcat10-10.1.40/java/org/apache/el/parser/SimpleNode.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/parser/SimpleNode.java 2026-01-23 19:33:36.000000000 +0000
@@ -28,9 +28,6 @@
import org.apache.el.lang.EvaluationContext;
import org.apache.el.util.MessageFactory;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public abstract class SimpleNode implements Node {
/*
diff -Nru tomcat10-10.1.40/java/org/apache/el/util/MessageFactory.java tomcat10-10.1.52/java/org/apache/el/util/MessageFactory.java
--- tomcat10-10.1.40/java/org/apache/el/util/MessageFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/util/MessageFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,9 +22,6 @@
import java.util.MissingResourceException;
import java.util.ResourceBundle;
-/**
- * @author Jacob Hookom [jacob@hookom.net]
- */
public final class MessageFactory {
private static final ResourceBundle DEFAULT_BUNDLE = ResourceBundle.getBundle("org.apache.el.LocalStrings");
diff -Nru tomcat10-10.1.40/java/org/apache/el/util/ReflectionUtil.java tomcat10-10.1.52/java/org/apache/el/util/ReflectionUtil.java
--- tomcat10-10.1.40/java/org/apache/el/util/ReflectionUtil.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/el/util/ReflectionUtil.java 2026-01-23 19:33:36.000000000 +0000
@@ -32,11 +32,8 @@
import org.apache.el.lang.ELSupport;
import org.apache.el.lang.EvaluationContext;
-
/**
- * Utilities for Managing Serialization and Reflection
- *
- * @author Jacob Hookom [jacob@hookom.net]
+ * Utilities for Managing Serialization and Reflection.
*/
public class ReflectionUtil {
@@ -155,12 +152,20 @@
// Fast path: when no arguments exist, there can only be one matching method and no need for coercion.
if (paramCount == 0) {
+ Method result = null;
+ Throwable t = null;
try {
Method method = clazz.getMethod(methodName, paramTypes);
- return getMethod(clazz, base, method);
+ result = getMethod(clazz, base, method);
} catch (NoSuchMethodException | SecurityException e) {
- // Fall through to broader, slower logic
+ // Fall through
+ t = e;
+ }
+ if (result == null) {
+ throw new MethodNotFoundException(
+ MessageFactory.get("error.method.notfound", base, property, paramString(paramTypes)), t);
}
+ return result;
}
Method[] methods = clazz.getMethods();
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/Constants.java tomcat10-10.1.52/java/org/apache/jasper/Constants.java
--- tomcat10-10.1.40/java/org/apache/jasper/Constants.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/Constants.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,11 +20,6 @@
/**
* Some constants and other global data that are used by the compiler and the runtime.
- *
- * @author Anil K. Vijendran
- * @author Harish Prabandham
- * @author Shawn Bayern
- * @author Mark Roth
*/
public class Constants {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/EmbeddedServletOptions.java tomcat10-10.1.52/java/org/apache/jasper/EmbeddedServletOptions.java
--- tomcat10-10.1.40/java/org/apache/jasper/EmbeddedServletOptions.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/EmbeddedServletOptions.java 2026-01-23 19:33:36.000000000 +0000
@@ -35,10 +35,6 @@
/**
* A class to hold all init parameters specific to the JSP engine.
- *
- * @author Anil K. Vijendran
- * @author Hans Bergsten
- * @author Pierre Delisle
*/
public final class EmbeddedServletOptions implements Options {
@@ -223,6 +219,8 @@
private boolean useInstanceManagerForTags = false;
+ private String useNonstandardTagOptimizations;
+
public String getProperty(String name) {
return settings.getProperty(name);
}
@@ -470,6 +468,11 @@
return useInstanceManagerForTags;
}
+ @Override
+ public String getUseNonstandardTagOptimizations() {
+ return useNonstandardTagOptimizations;
+ }
+
/**
* Create an EmbeddedServletOptions object using data available from ServletConfig and ServletContext.
*
@@ -652,6 +655,11 @@
this.classpath = classpath;
}
+ String useNonstandardTagOptimizations = config.getInitParameter("useNonstandardTagOptimizations");
+ if (useNonstandardTagOptimizations != null) {
+ this.useNonstandardTagOptimizations = useNonstandardTagOptimizations;
+ }
+
/*
* scratchdir
*/
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/JasperException.java tomcat10-10.1.52/java/org/apache/jasper/JasperException.java
--- tomcat10-10.1.40/java/org/apache/jasper/JasperException.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/JasperException.java 2026-01-23 19:33:36.000000000 +0000
@@ -18,8 +18,6 @@
/**
* Base class for all exceptions generated by the JSP engine. Makes it convenient to catch just this at the top-level.
- *
- * @author Anil K. Vijendran
*/
public class JasperException extends jakarta.servlet.ServletException {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/JspC.java tomcat10-10.1.52/java/org/apache/jasper/JspC.java
--- tomcat10-10.1.40/java/org/apache/jasper/JspC.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/JspC.java 2026-01-23 19:33:36.000000000 +0000
@@ -86,11 +86,6 @@
* webXmlFragment="${build.dir}/generated_web.xml"
* outputDir="${webapp.dir}/${webapp.name}/WEB-INF/src/my/package" />
*
- *
- * @author Danno Ferrin
- * @author Pierre Delisle
- * @author Costin Manolache
- * @author Yoav Shapira
*/
public class JspC extends Task implements Options {
@@ -268,6 +263,8 @@
protected boolean fullstop = false;
protected String[] args;
+ protected String useNonstandardTagOptimizations;
+
public static void main(String[] arg) {
if (arg.length == 0) {
System.out.println(Localizer.getMessage("jspc.usage"));
@@ -787,7 +784,7 @@
}
try {
uriRoot = resolveFile(s).getCanonicalPath();
- } catch (Exception ex) {
+ } catch (Exception e) {
uriRoot = s;
}
}
@@ -996,6 +993,15 @@
}
/**
+ * Sets the set of custom tags to use nonstandard optimizations.
+ *
+ * @param useNonstandardTagOptimizations which tags to override
+ */
+ public void setUseNonstandardTagOptimizations(String useNonstandardTagOptimizations) {
+ this.useNonstandardTagOptimizations = useNonstandardTagOptimizations;
+ }
+
+ /**
* @return true if an exception will be thrown in case of a compilation error.
*/
public boolean getFailOnError() {
@@ -1403,7 +1409,7 @@
errorCount++;
log.error(Localizer.getMessage("jspc.error.compilation"), e);
}
- } catch (InterruptedException e) {
+ } catch (InterruptedException ignore) {
// Ignore
}
}
@@ -1507,8 +1513,8 @@
mapout.write(Localizer.getMessage("jspc.webinc.footer"));
}
mapout.close();
- } catch (IOException ioe) {
- // nothing to do if it fails since we are done with it
+ } catch (IOException ignore) {
+ // Nothing to do if it fails since we are done with it.
}
}
}
@@ -1680,7 +1686,7 @@
uriRoot = froot.getCanonicalPath();
}
}
- } catch (IOException ioe) {
+ } catch (IOException ignore) {
// Missing uriRoot will be handled in the caller.
}
}
@@ -1706,9 +1712,9 @@
FileInputStream fis = new FileInputStream(file);
try {
return webxmlEncoding != null ? new InputStreamReader(fis, webxmlEncoding) : new InputStreamReader(fis);
- } catch (IOException ex) {
+ } catch (IOException ioe) {
fis.close();
- throw ex;
+ throw ioe;
}
}
@@ -1716,12 +1722,17 @@
FileOutputStream fos = new FileOutputStream(file);
try {
return webxmlEncoding != null ? new OutputStreamWriter(fos, webxmlEncoding) : new OutputStreamWriter(fos);
- } catch (IOException ex) {
+ } catch (IOException ioe) {
fos.close();
- throw ex;
+ throw ioe;
}
}
+ @Override
+ public String getUseNonstandardTagOptimizations() {
+ return useNonstandardTagOptimizations;
+ }
+
private class ProcessFile implements Callable {
private final String file;
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/JspCompilationContext.java tomcat10-10.1.52/java/org/apache/jasper/JspCompilationContext.java
--- tomcat10-10.1.40/java/org/apache/jasper/JspCompilationContext.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/JspCompilationContext.java 2026-01-23 19:33:36.000000000 +0000
@@ -46,12 +46,6 @@
* A placeholder for various things that are used throughout the JSP engine. This is a per-request/per-context data
* structure. Some of the instance variables are set at different points. Most of the path-related stuff is here -
* mangling names, versions, dirs, loading resources and dealing with uris.
- *
- * @author Anil K. Vijendran
- * @author Harish Prabandham
- * @author Pierre Delisle
- * @author Costin Manolache
- * @author Kin-man Chung
*/
public class JspCompilationContext {
@@ -392,17 +386,17 @@
result = uc.getLastModified();
}
}
- } catch (IOException e) {
+ } catch (IOException ioe) {
if (log.isDebugEnabled()) {
- log.debug(Localizer.getMessage("jsp.error.lastModified", getJspFile()), e);
+ log.debug(Localizer.getMessage("jsp.error.lastModified", getJspFile()), ioe);
}
} finally {
if (uc != null) {
try {
uc.getInputStream().close();
- } catch (IOException e) {
+ } catch (IOException ioe) {
if (log.isDebugEnabled()) {
- log.debug(Localizer.getMessage("jsp.error.lastModified", getJspFile()), e);
+ log.debug(Localizer.getMessage("jsp.error.lastModified", getJspFile()), ioe);
}
result = -1;
}
@@ -590,7 +584,6 @@
jspCompiler.removeGeneratedFiles();
jspLoader = null;
jspCompiler.compile();
- jsw.setReload(true);
jsw.setCompilationException(null);
} catch (JasperException ex) {
// Cache compilation exception
@@ -603,11 +596,13 @@
} catch (FileNotFoundException fnfe) {
// Re-throw to let caller handle this - will result in a 404
throw fnfe;
- } catch (Exception ex) {
- JasperException je = new JasperException(Localizer.getMessage("jsp.error.unable.compile"), ex);
+ } catch (Exception e) {
+ JasperException je = new JasperException(Localizer.getMessage("jsp.error.unable.compile"), e);
// Cache compilation exception
jsw.setCompilationException(je);
throw je;
+ } finally {
+ jsw.setReload(true);
}
}
}
@@ -622,8 +617,8 @@
servletClass = jspLoader.loadClass(name);
} catch (ClassNotFoundException cex) {
throw new JasperException(Localizer.getMessage("jsp.error.unable.load"), cex);
- } catch (Exception ex) {
- throw new JasperException(Localizer.getMessage("jsp.error.unable.compile"), ex);
+ } catch (Exception e) {
+ throw new JasperException(Localizer.getMessage("jsp.error.unable.compile"), e);
}
removed = false;
return servletClass;
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/Options.java tomcat10-10.1.52/java/org/apache/jasper/Options.java
--- tomcat10-10.1.40/java/org/apache/jasper/Options.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/Options.java 2026-01-23 19:33:36.000000000 +0000
@@ -27,10 +27,6 @@
/**
* A class to hold all init parameters specific to the JSP engine.
- *
- * @author Anil K. Vijendran
- * @author Hans Bergsten
- * @author Pierre Delisle
*/
public interface Options {
@@ -342,4 +338,12 @@
default boolean getGeneratedJavaAddTimestamp() {
return true;
}
+
+ /**
+ * A string containing a comma-separated list of names to which custom tag implementations should be applied.
+ * Unknown or unused tag entries are harmless. Generally defined via an init parameter on the JspServlet.
+ *
+ * @return which tags to use
+ */
+ String getUseNonstandardTagOptimizations();
}
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/AntCompiler.java tomcat10-10.1.52/java/org/apache/jasper/compiler/AntCompiler.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/AntCompiler.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/AntCompiler.java 2026-01-23 19:33:36.000000000 +0000
@@ -37,13 +37,6 @@
/**
* Main JSP compiler class. This class uses Ant for compiling.
- *
- * @author Anil K. Vijendran
- * @author Mandar Raje
- * @author Pierre Delisle
- * @author Kin-man Chung
- * @author Remy Maucherat
- * @author Mark Roth
*/
public class AntCompiler extends Compiler {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/BeanRepository.java tomcat10-10.1.52/java/org/apache/jasper/compiler/BeanRepository.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/BeanRepository.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/BeanRepository.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,9 +23,6 @@
/**
* Repository of {page, request, session, application}-scoped beans
- *
- * @author Mandar Raje
- * @author Remy Maucherat
*/
public class BeanRepository {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/Collector.java tomcat10-10.1.52/java/org/apache/jasper/compiler/Collector.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/Collector.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/Collector.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,11 +20,7 @@
/**
* Collect info about the page and nodes, and make them available through the PageInfo object.
- *
- * @author Kin-man Chung
- * @author Mark Roth
*/
-
class Collector {
/**
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/Compiler.java tomcat10-10.1.52/java/org/apache/jasper/compiler/Compiler.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/Compiler.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/Compiler.java 2026-01-23 19:33:36.000000000 +0000
@@ -41,13 +41,6 @@
/**
* Main JSP compiler class. This class uses Ant for compiling.
- *
- * @author Anil K. Vijendran
- * @author Mandar Raje
- * @author Pierre Delisle
- * @author Kin-man Chung
- * @author Remy Maucherat
- * @author Mark Roth
*/
public abstract class Compiler {
@@ -427,8 +420,8 @@
if (jsw != null && (ctxt.getOptions().getModificationTestInterval() > 0)) {
- if (jsw.getLastModificationTest() +
- (ctxt.getOptions().getModificationTestInterval() * 1000L) > System.currentTimeMillis()) {
+ if (jsw.getLastModificationTest() + (ctxt.getOptions().getModificationTestInterval() * 1000L) > System
+ .currentTimeMillis()) {
return false;
}
jsw.setLastModificationTest(System.currentTimeMillis());
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/DefaultErrorHandler.java tomcat10-10.1.52/java/org/apache/jasper/compiler/DefaultErrorHandler.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/DefaultErrorHandler.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/DefaultErrorHandler.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
/**
* Default implementation of ErrorHandler interface.
- *
- * @author Jan Luehe
*/
class DefaultErrorHandler implements ErrorHandler {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/ELFunctionMapper.java tomcat10-10.1.52/java/org/apache/jasper/compiler/ELFunctionMapper.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/ELFunctionMapper.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/ELFunctionMapper.java 2026-01-23 19:33:36.000000000 +0000
@@ -34,8 +34,6 @@
/**
* This class generates functions mappers for the EL expressions in the page. Instead of a global mapper, a mapper is
* used for each call to EL evaluator, thus avoiding the prefix overlapping and redefinition issues.
- *
- * @author Kin-man Chung
*/
public class ELFunctionMapper {
@@ -198,7 +196,8 @@
// Generate declaration for the map statically
decName = getMapName();
- ss.append("private static org.apache.jasper.runtime.ProtectedFunctionMapper ").append(decName).append(";\n");
+ ss.append("private static org.apache.jasper.runtime.ProtectedFunctionMapper ").append(decName)
+ .append(";\n");
ds.append(" ").append(decName).append("= ");
ds.append("org.apache.jasper.runtime.ProtectedFunctionMapper");
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/ELNode.java tomcat10-10.1.52/java/org/apache/jasper/compiler/ELNode.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/ELNode.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/ELNode.java 2026-01-23 19:33:36.000000000 +0000
@@ -27,10 +27,7 @@
/**
* This class defines internal representation for an EL Expression. It currently only defines functions. It can be
* expanded to define all the components of an EL expression, if need to.
- *
- * @author Kin-man Chung
*/
-
public abstract class ELNode {
public abstract void accept(Visitor v) throws JasperException;
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/ELParser.java tomcat10-10.1.52/java/org/apache/jasper/compiler/ELParser.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/ELParser.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/ELParser.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,10 +25,7 @@
/**
* This class implements a parser for EL expressions. It takes strings of the form xxx${..}yyy${..}zzz etc, and turn it
* into a ELNode.Nodes. Currently, it only handles text outside ${..} and functions in ${ ..}.
- *
- * @author Kin-man Chung
*/
-
public class ELParser {
private Token curToken; // current token
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/ErrorDispatcher.java tomcat10-10.1.52/java/org/apache/jasper/compiler/ErrorDispatcher.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/ErrorDispatcher.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/ErrorDispatcher.java 2026-01-23 19:33:36.000000000 +0000
@@ -36,9 +36,6 @@
*
* In the case of a Java compilation error, the compiler error message is parsed into an array of JavacErrorDetail
* instances, which is passed on to the configured error handler.
- *
- * @author Jan Luehe
- * @author Kin-man Chung
*/
public class ErrorDispatcher {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/ErrorHandler.java tomcat10-10.1.52/java/org/apache/jasper/compiler/ErrorHandler.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/ErrorHandler.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/ErrorHandler.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,14 +22,14 @@
* Interface for handling JSP parse and javac compilation errors. An implementation of this interface may be registered
* with the ErrorDispatcher by setting the XXX initialization parameter in the JSP page compiler and execution servlet
* in Catalina's web.xml file to the implementation's fully qualified class name.
- *
- * @author Jan Luehe
- * @author Kin-man Chung
*/
public interface ErrorHandler {
/**
* Processes the given JSP parse error.
+ *
+ * It is expected (and Jasper is coded based on this) that calls to this method will always result in a
+ * {@code JasperException} being thrown.
*
* @param fname Name of the JSP file in which the parse error occurred
* @param line Parse error line number
@@ -43,6 +43,9 @@
/**
* Processes the given JSP parse error.
+ *
+ * It is expected (and Jasper is coded based on this) that calls to this method will always result in a
+ * {@code JasperException} being thrown.
*
* @param msg Parse error message
* @param exception Parse exception
@@ -53,6 +56,9 @@
/**
* Processes the given javac compilation errors.
+ *
+ * It is expected (and Jasper is coded based on this) that calls to this method will always result in a
+ * {@code JasperException} being thrown.
*
* @param details Array of JavacErrorDetail instances corresponding to the compilation errors
*
@@ -62,6 +68,9 @@
/**
* Processes the given javac error report and exception.
+ *
+ * It is expected (and Jasper is coded based on this) that calls to this method will always result in a
+ * {@code JasperException} being thrown.
*
* @param errorReport Compilation error report
* @param exception Compilation exception
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/Generator.java tomcat10-10.1.52/java/org/apache/jasper/compiler/Generator.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/Generator.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/Generator.java 2026-01-23 19:33:36.000000000 +0000
@@ -51,6 +51,7 @@
import org.apache.jasper.JspCompilationContext;
import org.apache.jasper.TrimSpacesOption;
import org.apache.jasper.compiler.Node.ChildInfoBase;
+import org.apache.jasper.compiler.Node.JspAttribute;
import org.apache.jasper.compiler.Node.NamedAttribute;
import org.apache.jasper.runtime.JspRuntimeLibrary;
import org.apache.juli.logging.Log;
@@ -58,11 +59,7 @@
import org.xml.sax.Attributes;
/**
- * Generate Java source from Nodes
- *
- * @author Anil K. Vijendran, Danno Ferrin, Mandar Raje, Rajiv Mordani, Pierre Delisle
- * @author Tomcat 4.1.x and Tomcat 5: Kin-man Chung, Jan Luehe, Shawn Bayern, Mark Roth, Denis Benoit
- * @author Tomcat 6.x: Jacob Hookom, Remy Maucherat
+ * Generate Java source from Nodes.
*/
class Generator {
@@ -74,6 +71,8 @@
private static final Pattern BLANK_LINE_PATTERN = Pattern.compile("(\\s*(\\n|\\r)+\\s*)");
+ private static final String CORE_LIBS_URI = "http://java.sun.com/jsp/jstl/core";
+
private final ServletWriter out;
private final ArrayList methodsBuffered;
@@ -106,6 +105,8 @@
private final ELInterpreter elInterpreter;
+ private final Set nonstandardCustomTagNames;
+
private final StringInterpreter stringInterpreter;
/**
@@ -1499,6 +1500,9 @@
@Override
public void visit(Node.CustomTag n) throws JasperException {
+ if (visitPotentiallyNonstandardCustomTag(n)) {
+ return;
+ }
// Use plugin to generate more efficient code if there is one.
if (n.useTagPlugin()) {
@@ -1755,7 +1759,7 @@
nvp = " + \" " + jspAttribute.getName() + "=\\\"\" + " + value + " + \"\\\"\"";
} else {
nvp = " + (java.lang.Boolean.valueOf(" + omit + ")?\"\":\" " + jspAttribute.getName() +
- "=\\\"\" + " + value + " + \"\\\"\")";
+ "=\\\"\" + " + value + " + \"\\\"\")";
}
} else {
value = attributeValue(jspAttribute, false, Object.class);
@@ -2106,6 +2110,10 @@
writeNewInstance(tagHandlerVar, tagHandlerClass);
}
+ // Wrap use of tag in try/finally to ensure clean-up takes place
+ out.printil("try {");
+ out.pushIndent();
+
// includes setting the context
generateSetters(n, tagHandlerVar, handlerInfo, false);
@@ -2285,13 +2293,15 @@
out.pushIndent();
out.printin(tagHandlerVar);
out.println(".doFinally();");
- }
-
- if (n.implementsTryCatchFinally()) {
out.popIndent();
out.printil("}");
}
+ // Ensure clean-up takes place
+ out.popIndent();
+ out.printil("} finally {");
+ out.pushIndent();
+
if (usePooling(n)) {
// Print tag reuse
out.printin(n.getTagHandlerPoolName());
@@ -2304,6 +2314,8 @@
out.print(tagHandlerVar);
out.println(", _jsp_getInstanceManager());");
}
+ out.popIndent();
+ out.printil("}");
// Declare and synchronize AT_END scripting variables (must do this
// outside the try/catch/finally block)
@@ -3048,6 +3060,216 @@
return varName;
}
+
+ /**
+ * Determines whether a tag should be handled via nonstandard code (typically faster). Considers both
+ * configuration and level of support within Tomcat.
+ *
+ * Note that Tomcat is free to ignore any case it cannot handle, as long as it reports it accurately to the
+ * caller by returning false. For example, the initial implementation for c:set excludes support for body
+ * content. c:set tags with body content will be generated with the standard code and tags without body content
+ * will be generated via non-standard code.
+ *
+ * @param n tag
+ * @param jspAttributes jsp attributes
+ *
+ * @return whether code was generated
+ *
+ * @throws JasperException unexpected error
+ */
+ private boolean visitPotentiallyNonstandardCustomTag(Node.CustomTag n) throws JasperException {
+ if (!nonstandardCustomTagNames.contains(n.getQName())) {
+ // tag is not configured, move along
+ return false;
+ }
+
+ // collect the attributes into one Map for further checks
+ Map jspAttributes = new HashMap<>();
+ if (n.getJspAttributes() != null) {
+ for (JspAttribute jspAttr : n.getJspAttributes()) {
+ jspAttributes.put(jspAttr.getLocalName(), jspAttr);
+ }
+ }
+ switch (n.qName) {
+ case "c:set":
+ // requires var and value, scope is optional, body is prohibited, value cannot be deferred
+ if (n.hasEmptyBody() && jspAttributes.containsKey("var") && jspAttributes.containsKey("value") &&
+ CORE_LIBS_URI.equals(n.getURI())) {
+ // verify value is not a deferred expression
+ String valueText = jspAttributes.get("value").getValue();
+ if (valueText.startsWith("#")) {
+ return false;
+ } else if (jspAttributes.size() == 2 ||
+ (jspAttributes.size() == 3 && jspAttributes.containsKey("scope"))) {
+ generateNonstandardSetLogic(n, jspAttributes);
+ return true;
+ }
+ }
+ break;
+ case "c:remove":
+ // requires var, scope is optional, body is prohibited
+ if (n.hasEmptyBody() && jspAttributes.containsKey("var") && CORE_LIBS_URI.equals(n.getURI()) &&
+ (jspAttributes.size() == 1 ||
+ (jspAttributes.size() == 2 && jspAttributes.containsKey("scope")))) {
+ generateNonstandardRemoveLogic(n, jspAttributes);
+ return true;
+
+ }
+ break;
+ default:
+ // This indicates someone configured a tag with no non-standard implementation.
+ // Harmless, fall back to the standard implementation.
+ }
+ return false;
+ }
+
+ private void generateNonstandardSetLogic(Node.CustomTag n, Map jspAttributes)
+ throws JasperException {
+ String baseVar = createTagVarName(n.getQName(), n.getPrefix(), n.getLocalName());
+ String tagMethod = "_jspx_meth_" + baseVar;
+ ServletWriter outSave = out;
+
+ // generate method call
+ out.printin(tagMethod);
+ out.print("(");
+ out.print("_jspx_page_context");
+ out.println(");");
+ GenBuffer genBuffer = new GenBuffer(n, n.getBody());
+ methodsBuffered.add(genBuffer);
+ out = genBuffer.getOut();
+
+ // Generate code for method declaration
+ methodNesting++;
+ out.println();
+ out.pushIndent();
+ out.printin("private void ");
+ out.print(tagMethod);
+ out.println("(jakarta.servlet.jsp.PageContext _jspx_page_context)");
+ out.printil(" throws java.lang.Throwable {");
+ out.pushIndent();
+ // Generated body of method
+ out.printil("// " + n.getQName());
+
+ JspAttribute varAttribute = jspAttributes.get("var");
+ Mark m = n.getStart();
+ out.printil("// " + m.getFile() + "(" + m.getLineNumber() + "," + m.getColumnNumber() + ") " +
+ varAttribute.getTagAttributeInfo());
+
+ JspAttribute valueAttribute = jspAttributes.get("value");
+ m = n.getStart();
+ out.printil("// " + m.getFile() + "(" + m.getLineNumber() + "," + m.getColumnNumber() + ") " +
+ valueAttribute.getTagAttributeInfo());
+
+ String varValue = varAttribute.getValue();
+
+ // get the scope constant at compile-time, where blank means page
+ String scopeValue = translateScopeToConstant(jspAttributes);
+
+ // translates the specified value attributes into EL-interpretation code using standard logic
+ String evaluatedAttribute = evaluateAttribute(getTagHandlerInfo(n), valueAttribute, n, null);
+
+ // call the multi-line logic equivalent of SetTag
+ out.printil("org.apache.jasper.runtime.JspRuntimeLibrary.nonstandardSetTag(_jspx_page_context, \"" +
+ varValue + "\", " + evaluatedAttribute + ", " + scopeValue + ");");
+
+ // Generate end of method
+ out.popIndent();
+ out.printil("}");
+ out.popIndent();
+
+ methodNesting--;
+ // restore previous writer
+ out = outSave;
+ }
+
+ /**
+ * Compile-time translation of the scope variable into the constant equivalent. Avoids runtime evaluation as
+ * performed by SetTag. Unspecified scope means page.
+ *
+ * @param jspAttributes attributes
+ *
+ * @return equivalent constant from PageContext
+ */
+ private String translateScopeToConstant(Map jspAttributes) {
+ String scopeValue;
+ JspAttribute scopeAttribute = jspAttributes.get("scope");
+ if (scopeAttribute == null) {
+ scopeValue = "jakarta.servlet.jsp.PageContext.PAGE_SCOPE";
+ } else {
+ switch (scopeAttribute.getValue()) {
+ case "":
+ case "page":
+ scopeValue = "jakarta.servlet.jsp.PageContext.PAGE_SCOPE";
+ break;
+ case "request":
+ scopeValue = "jakarta.servlet.jsp.PageContext.REQUEST_SCOPE";
+ break;
+ case "session":
+ scopeValue = "jakarta.servlet.jsp.PageContext.SESSION_SCOPE";
+ break;
+ case "application":
+ scopeValue = "jakarta.servlet.jsp.PageContext.APPLICATION_SCOPE";
+ break;
+ default:
+ throw new IllegalArgumentException(Localizer.getMessage("jsp.error.page.invalid.scope"));
+ }
+ }
+ return scopeValue;
+ }
+
+ /**
+ * Generates the code for a non-standard remove. Note that removes w/o a specified scope will remove from all
+ * scopes.
+ *
+ * @param n tag
+ * @param jspAttributes attributes
+ *
+ * @throws JasperException unspecified error
+ */
+ private void generateNonstandardRemoveLogic(Node.CustomTag n, Map jspAttributes)
+ throws JasperException {
+ String baseVar = createTagVarName(n.getQName(), n.getPrefix(), n.getLocalName());
+ String tagMethod = "_jspx_meth_" + baseVar;
+ ServletWriter outSave = out;
+
+ // generate method call
+ out.printin(tagMethod);
+ out.print("(");
+ out.print("_jspx_page_context");
+ out.println(");");
+ GenBuffer genBuffer = new GenBuffer(n, n.getBody());
+ methodsBuffered.add(genBuffer);
+ out = genBuffer.getOut();
+
+ // Generate code for method declaration
+ methodNesting++;
+ out.println();
+ out.pushIndent();
+ out.printin("private void ");
+ out.print(tagMethod);
+ out.println("(jakarta.servlet.jsp.PageContext pageContext)");
+ out.printil(" throws java.lang.Throwable {");
+ out.pushIndent();
+ // Generated body of method
+ String varValue = jspAttributes.get("var").getValue();
+ JspAttribute scope = jspAttributes.get("scope");
+ if (scope == null) {
+ // c:remove without a scope means remove from all scopes
+ out.printil("pageContext.removeAttribute(\"" + varValue + "\");");
+ } else {
+ // c:remove with a scope means remove only from the specified scope
+ String scopeValue = translateScopeToConstant(jspAttributes);
+ out.printil("pageContext.removeAttribute(\"" + varValue + "\", " + scopeValue + ");");
+ }
+ // Generate end of method
+ out.popIndent();
+ out.printil("}");
+ out.popIndent();
+
+ methodNesting--;
+ // restore previous writer
+ out = outSave;
+ }
}
private static void generateLocalVariables(ServletWriter out, ChildInfoBase n) {
@@ -3190,6 +3412,12 @@
}
timestampFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
timestampFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
+ String nonstandardOptionsList = ctxt.getOptions().getUseNonstandardTagOptimizations();
+ if (nonstandardOptionsList == null) {
+ nonstandardCustomTagNames = Collections.emptySet();
+ } else {
+ nonstandardCustomTagNames = new HashSet<>(Arrays.asList(nonstandardOptionsList.split(",")));
+ }
}
/**
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java tomcat10-10.1.52/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/ImplicitTagLibraryInfo.java 2026-01-23 19:33:36.000000000 +0000
@@ -44,8 +44,6 @@
/**
* Class responsible for generating an implicit tag library containing tag handlers corresponding to the tag files in
* "/WEB-INF/tags/" or a subdirectory of it.
- *
- * @author Jan Luehe
*/
class ImplicitTagLibraryInfo extends TagLibraryInfo {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/JDTCompiler.java tomcat10-10.1.52/java/org/apache/jasper/compiler/JDTCompiler.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/JDTCompiler.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/JDTCompiler.java 2026-01-23 19:33:36.000000000 +0000
@@ -35,6 +35,7 @@
import java.util.StringTokenizer;
import org.apache.jasper.JasperException;
+import org.apache.jasper.runtime.ExceptionUtils;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.eclipse.jdt.core.compiler.IProblem;
@@ -58,8 +59,6 @@
/**
* JDT class compiler. This compiler will load source dependencies from the context classloader, reducing dramatically
* disk access during the compilation process. Based on code from Cocoon2.
- *
- * @author Remy Maucherat
*/
public class JDTCompiler extends org.apache.jasper.compiler.Compiler {
@@ -113,8 +112,8 @@
}
result = new char[buf.length()];
buf.getChars(0, result.length, result, 0);
- } catch (IOException e) {
- log.error(Localizer.getMessage("jsp.error.compilation.source", sourceFile), e);
+ } catch (IOException ioe) {
+ log.error(Localizer.getMessage("jsp.error.compilation.source", sourceFile), ioe);
}
return result;
}
@@ -220,13 +219,20 @@
if (result.equals(targetClassName) || result.startsWith(targetClassName + '$')) {
return false;
}
- String resourceName = result.replace('.', '/') + ".class";
- try (InputStream is = classLoader.getResourceAsStream(resourceName)) {
- return is == null;
- } catch (IOException e) {
- // we are here, since close on is failed. That means it was not null
- return false;
+ /*
+ * This might look heavy-weight but, with only the ClassLoader API available, trying to load the
+ * resource as a class is the only reliable way found so far to differentiate between a class and a
+ * package. Other options, such as getResource(), fail for some edge cases on case insensitive file
+ * systems. As this code is only called at compile time, the performance impact is not a significant
+ * concern.
+ */
+ try {
+ classLoader.loadClass(result);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ return true;
}
+ return false;
}
@Override
@@ -500,8 +506,8 @@
}
}
}
- } catch (IOException exc) {
- log.error(Localizer.getMessage("jsp.error.compilation.jdt"), exc);
+ } catch (IOException ioe) {
+ log.error(Localizer.getMessage("jsp.error.compilation.jdt"), ioe);
}
}
};
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/JavaCompiler.java tomcat10-10.1.52/java/org/apache/jasper/compiler/JavaCompiler.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/JavaCompiler.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/JavaCompiler.java 2026-01-23 19:33:36.000000000 +0000
@@ -42,7 +42,7 @@
private final Log log = LogFactory.getLog(JavaCompiler.class); // must not be static
@Override
- protected void generateClass(Map smaps) throws JasperException, IOException {
+ protected void generateClass(Map smaps) throws JasperException, IOException {
long t1 = 0;
if (log.isDebugEnabled()) {
@@ -51,14 +51,13 @@
javax.tools.JavaCompiler compiler = ToolProvider.getSystemJavaCompiler();
DiagnosticCollector diagnostics = new DiagnosticCollector<>();
- StandardJavaFileManager fileManager =
- compiler.getStandardFileManager(diagnostics, null, Charset.forName(ctxt.getOptions().getJavaEncoding()));
+ StandardJavaFileManager fileManager = compiler.getStandardFileManager(diagnostics, null,
+ Charset.forName(ctxt.getOptions().getJavaEncoding()));
Iterable compilationUnits =
fileManager.getJavaFileObjectsFromFiles(List.of(new File(ctxt.getServletJavaFileName())));
// Perform Java compilation using the appropriate options
- List compilerOptions =
- List.of("-classpath", ctxt.getClassPath(), "-source", ctxt.getOptions().getCompilerSourceVM(),
- "-target", ctxt.getOptions().getCompilerTargetVM());
+ List compilerOptions = List.of("-classpath", ctxt.getClassPath(), "-source",
+ ctxt.getOptions().getCompilerSourceVM(), "-target", ctxt.getOptions().getCompilerTargetVM());
Boolean result =
compiler.getTask(null, fileManager, diagnostics, compilerOptions, null, compilationUnits).call();
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/JavacErrorDetail.java tomcat10-10.1.52/java/org/apache/jasper/compiler/JavacErrorDetail.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/JavacErrorDetail.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/JavacErrorDetail.java 2026-01-23 19:33:36.000000000 +0000
@@ -29,9 +29,6 @@
/**
* Class providing details about a javac compilation error.
- *
- * @author Jan Luehe
- * @author Kin-man Chung
*/
public class JavacErrorDetail {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/JspConfig.java tomcat10-10.1.52/java/org/apache/jasper/compiler/JspConfig.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/JspConfig.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/JspConfig.java 2026-01-23 19:33:36.000000000 +0000
@@ -30,11 +30,7 @@
/**
* Handles the jsp-config element in WEB_INF/web.xml. This is used for specifying the JSP configuration information on a
* JSP page
- *
- * @author Kin-man Chung
- * @author Remy Maucherat
*/
-
public class JspConfig {
// Logger
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/JspDocumentParser.java tomcat10-10.1.52/java/org/apache/jasper/compiler/JspDocumentParser.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/JspDocumentParser.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/JspDocumentParser.java 2026-01-23 19:33:36.000000000 +0000
@@ -50,11 +50,7 @@
/**
* Class implementing a parser for a JSP document, that is, a JSP page in XML syntax.
- *
- * @author Jan Luehe
- * @author Kin-man Chung
*/
-
class JspDocumentParser extends DefaultHandler2 implements TagConstants {
private static final String LEXICAL_HANDLER_PROPERTY = "http://xml.org/sax/properties/lexical-handler";
@@ -171,7 +167,7 @@
jspDocParser.isValidating = true;
try {
source.getByteStream().close();
- } catch (IOException e2) {
+ } catch (IOException ioe) {
// ignore
}
source = JspUtil.getInputSource(path, jar, jspDocParser.ctxt);
@@ -179,7 +175,7 @@
} finally {
try {
source.getByteStream().close();
- } catch (IOException e) {
+ } catch (IOException ioe) {
// ignore
}
}
@@ -364,8 +360,8 @@
*
* The SAX does not call this method with all of the template text, but may invoke this method with chunks of it.
* This is a problem when we try to determine if the text contains only whitespaces, or when we are looking for an
- * EL expression string. Therefore, it is necessary to buffer and concatenate the chunks and process the concatenated
- * text later (at beginTag and endTag)
+ * EL expression string. Therefore, it is necessary to buffer and concatenate the chunks and process the
+ * concatenated text later (at beginTag and endTag)
*
* @param buf The characters
*
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/JspReader.java tomcat10-10.1.52/java/org/apache/jasper/compiler/JspReader.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/JspReader.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/JspReader.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,18 +31,7 @@
/**
* JspReader is an input buffer for the JSP parser. It should allow unlimited lookahead and pushback. It also has a
* bunch of parsing utility methods for understanding html style content.
- *
- * @author Anil K. Vijendran
- * @author Anselm Baird-Smith
- * @author Harish Prabandham
- * @author Rajiv Mordani
- * @author Mandar Raje
- * @author Danno Ferrin
- * @author Kin-man Chung
- * @author Shawn Bayern
- * @author Mark Roth
*/
-
class JspReader {
/**
@@ -116,9 +105,9 @@
if (reader != null) {
try {
reader.close();
- } catch (Exception any) {
+ } catch (Exception e) {
if (log.isDebugEnabled()) {
- log.debug(Localizer.getMessage("jsp.error.file.close"), any);
+ log.debug(Localizer.getMessage("jsp.error.file.close"), e);
}
}
}
@@ -405,7 +394,8 @@
Boolean result;
Mark restart = null;
- skip: while ((result = indexOf(firstChar, ret)) != null) {
+ skip:
+ while ((result = indexOf(firstChar, ret)) != null) {
if (result.booleanValue()) {
if (restart != null) {
restart.init(current, true);
@@ -442,7 +432,8 @@
int ch;
int prev = 'x'; // Doesn't matter
char firstChar = limit.charAt(0);
- skip: for (ch = nextChar(ret); ch != -1; prev = ch, ch = nextChar(ret)) {
+ skip:
+ for (ch = nextChar(ret); ch != -1; prev = ch, ch = nextChar(ret)) {
if (ch == '\\' && prev == '\\') {
ch = 0; // Double \ is not an escape char anymore
} else if (prev == '\\') {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/JspRuntimeContext.java tomcat10-10.1.52/java/org/apache/jasper/compiler/JspRuntimeContext.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/JspRuntimeContext.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/JspRuntimeContext.java 2026-01-23 19:33:36.000000000 +0000
@@ -50,8 +50,6 @@
* Class for tracking JSP compile time file dependencies when the >%@include file="..."%< directive is used. A
* background thread periodically checks the files a JSP page is dependent upon. If a dependent file changes the JSP
* page which included it is recompiled. Only used if a web application context is a directory.
- *
- * @author Glenn L. Nielsen
*/
public final class JspRuntimeContext {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/JspUtil.java tomcat10-10.1.52/java/org/apache/jasper/compiler/JspUtil.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/JspUtil.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/JspUtil.java 2026-01-23 19:33:36.000000000 +0000
@@ -33,13 +33,6 @@
/**
* This class has all the utility method(s). Ideally should move all the bean containers here.
- *
- * @author Mandar Raje.
- * @author Rajiv Mordani.
- * @author Danno Ferrin
- * @author Pierre Delisle
- * @author Shawn Bayern
- * @author Mark Roth
*/
public class JspUtil {
@@ -803,7 +796,7 @@
} catch (IOException ioe) {
try {
in.close();
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore
}
throw ioe;
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/Localizer.java tomcat10-10.1.52/java/org/apache/jasper/compiler/Localizer.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/Localizer.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/Localizer.java 2026-01-23 19:33:36.000000000 +0000
@@ -24,8 +24,6 @@
/**
* Class responsible for converting error codes to corresponding localized error messages.
- *
- * @author Jan Luehe
*/
public class Localizer {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/Mark.java tomcat10-10.1.52/java/org/apache/jasper/compiler/Mark.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/Mark.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/Mark.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,8 +23,6 @@
/**
* Mark represents a point in the JSP input.
- *
- * @author Anil K. Vijendran
*/
public final class Mark {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/Node.java tomcat10-10.1.52/java/org/apache/jasper/compiler/Node.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/Node.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/Node.java 2026-01-23 19:33:36.000000000 +0000
@@ -42,13 +42,7 @@
/**
* An internal data representation of a JSP page or a JSP document (XML). Also included here is a visitor class for
* traversing nodes.
- *
- * @author Kin-man Chung
- * @author Jan Luehe
- * @author Shawn Bayern
- * @author Mark Roth
*/
-
public abstract class Node implements TagConstants {
private static final VariableInfo[] ZERO_VARIABLE_INFO = {};
@@ -346,8 +340,8 @@
}
/**
- * Selects and invokes a method in the visitor class based on the node type. This is abstract and should be overridden
- * by the extending classes.
+ * Selects and invokes a method in the visitor class based on the node type. This is abstract and should be
+ * overridden by the extending classes.
*
* @param v The visitor class
*/
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/PageDataImpl.java tomcat10-10.1.52/java/org/apache/jasper/compiler/PageDataImpl.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/PageDataImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/PageDataImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -36,8 +36,6 @@
* the XML view. This pass ignores any nodes other than JspRoot and TaglibDirective. During the second pass, the
* SecondPassVisitor produces the XML view, using the combined jsp:root attributes determined in the first pass and any
* remaining pages nodes (this pass ignores any JspRoot and TaglibDirective nodes).
- *
- * @author Jan Luehe
*/
class PageDataImpl extends PageData implements TagConstants {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/PageInfo.java tomcat10-10.1.52/java/org/apache/jasper/compiler/PageInfo.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/PageInfo.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/PageInfo.java 2026-01-23 19:33:36.000000000 +0000
@@ -35,10 +35,7 @@
/**
* A repository for various info about the translation unit under compilation.
- *
- * @author Kin-man Chung
*/
-
public class PageInfo {
private final List imports;
@@ -530,8 +527,7 @@
/*
* isThreadSafe
*/
- public void setIsThreadSafe(String value, Node n, ErrorDispatcher err)
- throws JasperException {
+ public void setIsThreadSafe(String value, Node n, ErrorDispatcher err) throws JasperException {
if ("true".equalsIgnoreCase(value)) {
isThreadSafe = true;
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/Parser.java tomcat10-10.1.52/java/org/apache/jasper/compiler/Parser.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/Parser.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/Parser.java 2026-01-23 19:33:36.000000000 +0000
@@ -36,12 +36,7 @@
/**
* This class implements a parser for a JSP page (non-xml view). JSP page grammar is included here for reference. The
* token '#' that appears in the production indicates the current input token location in the production.
- *
- * @author Kin-man Chung
- * @author Shawn Bayern
- * @author Mark Roth
*/
-
class Parser implements TagConstants {
private final ParserController parserController;
@@ -247,8 +242,8 @@
buf.append(ch);
reader.nextChar();
ch = (char) reader.peekChar();
- } while (Character.isLetter(ch) || Character.isDigit(ch) ||
- ch == '.' || ch == '_' || ch == '-' || ch == ':');
+ } while (Character.isLetter(ch) || Character.isDigit(ch) || ch == '.' || ch == '_' || ch == '-' ||
+ ch == ':');
return buf.toString();
}
return null;
@@ -330,8 +325,8 @@
}
} catch (FileNotFoundException ex) {
err.jspError(start, "jsp.error.file.not.found", file);
- } catch (Exception ex) {
- err.jspError(start, ex.getMessage());
+ } catch (Exception e) {
+ err.jspError(start, e.getMessage());
}
}
@@ -907,11 +902,8 @@
}
/*
- * <<<<<<< HEAD Parses OptionalBody, but also reused to parse bodies for plugin and param since the syntax is
- * identical (the only thing that differs substantially is how to process the body, and thus we accept the body type
- * as a parameter). ======= Parses OptionalBody, but also reused to parse bodies for param since the syntax is
- * identical (the only thing that differs substantially is how to process the body, and thus we accept the body type
- * as a parameter). >>>>>>> 76d2ad0a5d (Code clean-up. Formatting. No functional change.)
+ * Parses OptionalBody, but also reused to parse bodies for plugin and param since the syntax is identical (the only
+ * thing that differs substantially is how to process the body, and thus we accept the body type as a parameter).
*
* OptionalBody ::= EmptyBody | ActionBody
*
@@ -987,8 +979,8 @@
}
/*
- * <<<<<<< HEAD Params ::= `>' S? ( ( `' ( ( S? Param+ S? `' ) | ) ) |
- * Param+ ) ''
+ * Params ::= `>' S? ( ( `' ( ( S? Param+ S? `' ) | ) ) | Param+ )
+ * ''
*/
private void parseJspParams(Node parent) throws JasperException {
Node jspParamsNode = new Node.ParamsAction(start, parent);
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/ParserController.java tomcat10-10.1.52/java/org/apache/jasper/compiler/ParserController.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/ParserController.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/ParserController.java 2026-01-23 19:33:36.000000000 +0000
@@ -36,9 +36,6 @@
* The same ParserController instance is used for a JSP page and any JSP segments included by it (via an include
* directive), where each segment may be provided in standard or XML syntax. This class selects and invokes the
* appropriate parser for the JSP page and its included segments.
- *
- * @author Pierre Delisle
- * @author Jan Luehe
*/
public class ParserController implements TagConstants {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/ScriptingVariabler.java tomcat10-10.1.52/java/org/apache/jasper/compiler/ScriptingVariabler.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/ScriptingVariabler.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/ScriptingVariabler.java 2026-01-23 19:33:36.000000000 +0000
@@ -28,8 +28,6 @@
/**
* Class responsible for determining the scripting variables that every custom action needs to declare.
- *
- * @author Jan Luehe
*/
class ScriptingVariabler {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/ServletWriter.java tomcat10-10.1.52/java/org/apache/jasper/compiler/ServletWriter.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/ServletWriter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/ServletWriter.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,9 +20,6 @@
/**
* This is what is used to generate servlets.
- *
- * @author Anil K. Vijendran
- * @author Kin-man Chung
*/
public class ServletWriter implements AutoCloseable {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/SmapStratum.java tomcat10-10.1.52/java/org/apache/jasper/compiler/SmapStratum.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/SmapStratum.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/SmapStratum.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,9 +21,6 @@
/**
* Represents the line and file mappings associated with a JSR-045 "stratum".
- *
- * @author Jayson Falkner
- * @author Shawn Bayern
*/
public class SmapStratum {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/SmapUtil.java tomcat10-10.1.52/java/org/apache/jasper/compiler/SmapUtil.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/SmapUtil.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/SmapUtil.java 2026-01-23 19:33:36.000000000 +0000
@@ -39,12 +39,6 @@
/**
* Contains static utilities for generating SMAP data based on the current version of Jasper.
- *
- * @author Jayson Falkner
- * @author Shawn Bayern
- * @author Robert Field (inner SDEInstaller class)
- * @author Mark Roth
- * @author Kin-man Chung
*/
public class SmapUtil {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/TagFileProcessor.java tomcat10-10.1.52/java/org/apache/jasper/compiler/TagFileProcessor.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/TagFileProcessor.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/TagFileProcessor.java 2026-01-23 19:33:36.000000000 +0000
@@ -42,10 +42,7 @@
/**
* 1. Processes and extracts the directive info in a tag file. 2. Compiles and loads tag files used in a JSP file.
- *
- * @author Kin-man Chung
*/
-
public class TagFileProcessor {
private List tempVector;
@@ -441,7 +438,7 @@
Node.Nodes page = null;
try {
page = pc.parseTagFileDirectives(path, jar);
- } catch (IOException e) {
+ } catch (IOException ioe) {
err.jspError("jsp.error.file.not.found", path);
}
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java tomcat10-10.1.52/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -55,12 +55,6 @@
/**
* Implementation of the TagLibraryInfo class from the JSP spec.
- *
- * @author Anil K. Vijendran
- * @author Mandar Raje
- * @author Pierre Delisle
- * @author Kin-man Chung
- * @author Jan Luehe
*/
class TagLibraryInfoImpl extends TagLibraryInfo implements TagConstants {
@@ -152,7 +146,7 @@
if (urlConn != null) {
try {
urlConn.getInputStream().close();
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore
}
}
@@ -275,8 +269,8 @@
if (url.getProtocol().equals("war") && uri.endsWith(".jar")) {
url = UriUtil.warToJar(url);
}
- } catch (Exception ex) {
- err.jspError("jsp.error.tld.unable_to_get_jar", uri, ex.toString());
+ } catch (Exception e) {
+ err.jspError("jsp.error.tld.unable_to_get_jar", uri, e.toString());
}
if (uri.endsWith(".jar")) {
if (url == null) {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/TagPluginManager.java tomcat10-10.1.52/java/org/apache/jasper/compiler/TagPluginManager.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/TagPluginManager.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/TagPluginManager.java 2026-01-23 19:33:36.000000000 +0000
@@ -36,8 +36,6 @@
/**
* Manages tag plugin optimizations.
- *
- * @author Kin-man Chung
*/
public class TagPluginManager {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/TldCache.java tomcat10-10.1.52/java/org/apache/jasper/compiler/TldCache.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/TldCache.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/TldCache.java 2026-01-23 19:33:36.000000000 +0000
@@ -138,7 +138,7 @@
result[1] = jar.getLastModified(tldResourcePath.getEntryName());
}
}
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore (shouldn't happen)
}
return result;
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/Validator.java tomcat10-10.1.52/java/org/apache/jasper/compiler/Validator.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/Validator.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/Validator.java 2026-01-23 19:33:36.000000000 +0000
@@ -50,11 +50,6 @@
/**
* Performs validation on the page elements. Attributes are checked for mandatory presence, entry value validity, and
* consistency. As a side effect, some page global value (such as those from page directives) are stored, for later use.
- *
- * @author Kin-man Chung
- * @author Jan Luehe
- * @author Shawn Bayern
- * @author Mark Roth
*/
class Validator {
@@ -1025,7 +1020,7 @@
}
for (int j = 0; tldAttrs != null && j < tldAttrs.length; j++) {
if (attrs.getLocalName(i).equals(tldAttrs[j].getName()) && (attrs.getURI(i) == null ||
- attrs.getURI(i).isEmpty() || attrs.getURI(i).equals(n.getURI()))) {
+ attrs.getURI(i).isEmpty() || attrs.getURI(i).equals(n.getURI()))) {
TagAttributeInfo tldAttr = tldAttrs[j];
if (tldAttr.canBeRequestTime() || tldAttr.isDeferredMethod() || tldAttr.isDeferredValue()) { // JSP
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/compiler/tagplugin/TagPluginContext.java tomcat10-10.1.52/java/org/apache/jasper/compiler/tagplugin/TagPluginContext.java
--- tomcat10-10.1.40/java/org/apache/jasper/compiler/tagplugin/TagPluginContext.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/compiler/tagplugin/TagPluginContext.java 2026-01-23 19:33:36.000000000 +0000
@@ -81,8 +81,8 @@
String getConstantAttribute(String attribute);
/**
- * Generate codes to evaluate value of an attribute in the custom tag The codes is a Java expression. NOTE: Currently
- * cannot handle attributes that are fragments.
+ * Generate codes to evaluate value of an attribute in the custom tag The codes is a Java expression. NOTE:
+ * Currently cannot handle attributes that are fragments.
*
* @param attribute The specified attribute
*/
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/el/ELContextImpl.java tomcat10-10.1.52/java/org/apache/jasper/el/ELContextImpl.java
--- tomcat10-10.1.40/java/org/apache/jasper/el/ELContextImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/el/ELContextImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -38,9 +38,7 @@
import org.apache.jasper.Constants;
/**
- * Implementation of ELContext
- *
- * @author Jacob Hookom
+ * Implementation of ELContext.
*/
public class ELContextImpl extends ELContext {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/el/ELContextWrapper.java tomcat10-10.1.52/java/org/apache/jasper/el/ELContextWrapper.java
--- tomcat10-10.1.40/java/org/apache/jasper/el/ELContextWrapper.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/el/ELContextWrapper.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,8 +25,6 @@
/**
* Simple ELContextWrapper for runtime evaluation of EL w/ dynamic FunctionMappers
- *
- * @author jhook
*/
public final class ELContextWrapper extends ELContext {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/el/JasperELResolver.java tomcat10-10.1.52/java/org/apache/jasper/el/JasperELResolver.java
--- tomcat10-10.1.40/java/org/apache/jasper/el/JasperELResolver.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/el/JasperELResolver.java 2026-01-23 19:33:36.000000000 +0000
@@ -203,8 +203,8 @@
try {
method.setAccessible(true);
value = method.invoke(base, (Object[]) null);
- } catch (Exception ex) {
- Throwable thr = ExceptionUtils.unwrapInvocationTargetException(ex);
+ } catch (Exception e) {
+ Throwable thr = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(thr);
}
}
@@ -222,8 +222,8 @@
context.setPropertyResolved(base, property);
try {
method.invoke(base, value);
- } catch (Exception ex) {
- Throwable thr = ExceptionUtils.unwrapInvocationTargetException(ex);
+ } catch (Exception e) {
+ Throwable thr = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(thr);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/el/JspValueExpression.java tomcat10-10.1.52/java/org/apache/jasper/el/JspValueExpression.java
--- tomcat10-10.1.40/java/org/apache/jasper/el/JspValueExpression.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/el/JspValueExpression.java 2026-01-23 19:33:36.000000000 +0000
@@ -28,9 +28,7 @@
import jakarta.el.ValueExpression;
/**
- * Wrapper for providing context to ValueExpressions
- *
- * @author Jacob Hookom
+ * Wrapper for providing context to ValueExpressions.
*/
public final class JspValueExpression extends ValueExpression implements Externalizable {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/optimizations/ELInterpreterTagSetters.java tomcat10-10.1.52/java/org/apache/jasper/optimizations/ELInterpreterTagSetters.java
--- tomcat10-10.1.40/java/org/apache/jasper/optimizations/ELInterpreterTagSetters.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/optimizations/ELInterpreterTagSetters.java 2026-01-23 19:33:36.000000000 +0000
@@ -110,7 +110,9 @@
BigDecimal unused = new BigDecimal(m.group(2));
result = "new java.math.BigDecimal(\"" + m.group(2) + "\")";
} catch (NumberFormatException e) {
- log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2), "BigDecimal"), e);
+ if (log.isDebugEnabled()) {
+ log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2), "BigDecimal"), e);
+ }
// Continue and resolve the value at runtime
}
}
@@ -128,7 +130,9 @@
result = "Long.valueOf(\"" + m.group(2) + "\")";
}
} catch (NumberFormatException e) {
- log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2), "Long"), e);
+ if (log.isDebugEnabled()) {
+ log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2), "Long"), e);
+ }
// Continue and resolve the value at runtime
}
}
@@ -145,7 +149,9 @@
result = "Integer.valueOf(\"" + m.group(2) + "\")";
}
} catch (NumberFormatException e) {
- log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2), "Integer"), e);
+ if (log.isDebugEnabled()) {
+ log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2), "Integer"), e);
+ }
// Continue and resolve the value at runtime
}
}
@@ -163,7 +169,9 @@
result = "Short.valueOf(\"" + m.group(2) + "\")";
}
} catch (NumberFormatException e) {
- log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2), "Short"), e);
+ if (log.isDebugEnabled()) {
+ log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2), "Short"), e);
+ }
// Continue and resolve the value at runtime
}
}
@@ -181,7 +189,9 @@
result = "Byte.valueOf(\"" + m.group(2) + "\")";
}
} catch (NumberFormatException e) {
- log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2), "Byte"), e);
+ if (log.isDebugEnabled()) {
+ log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2), "Byte"), e);
+ }
// Continue and resolve the value at runtime
}
}
@@ -198,7 +208,9 @@
result = "Double.valueOf(\"" + m.group(2) + "\")";
}
} catch (NumberFormatException e) {
- log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2), "Double"), e);
+ if (log.isDebugEnabled()) {
+ log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2), "Double"), e);
+ }
// Continue and resolve the value at runtime
}
}
@@ -216,7 +228,9 @@
result = "Float.valueOf(\"" + m.group(2) + "\")";
}
} catch (NumberFormatException e) {
- log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2), "Float"), e);
+ if (log.isDebugEnabled()) {
+ log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2), "Float"), e);
+ }
// Continue and resolve the value at runtime
}
}
@@ -229,7 +243,9 @@
BigInteger unused = new BigInteger(m.group(2));
result = "new java.math.BigInteger(\"" + m.group(2) + "\")";
} catch (NumberFormatException e) {
- log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2), "BigInteger"), e);
+ if (log.isDebugEnabled()) {
+ log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2), "BigInteger"), e);
+ }
// Continue and resolve the value at runtime
}
}
@@ -242,8 +258,10 @@
Enum enumValue = Enum.valueOf((Class) expectedType, m.group(2));
result = expectedType.getName() + "." + enumValue.name();
} catch (IllegalArgumentException iae) {
- log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2),
- "Enum[" + expectedType.getName() + "]"), iae);
+ if (log.isDebugEnabled()) {
+ log.debug(Localizer.getMessage("jsp.error.typeConversion", m.group(2),
+ "Enum[" + expectedType.getName() + "]"), iae);
+ }
// Continue and resolve the value at runtime
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/optimizations/StringInterpreterEnum.java tomcat10-10.1.52/java/org/apache/jasper/optimizations/StringInterpreterEnum.java
--- tomcat10-10.1.40/java/org/apache/jasper/optimizations/StringInterpreterEnum.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/optimizations/StringInterpreterEnum.java 2026-01-23 19:33:36.000000000 +0000
@@ -37,7 +37,9 @@
Enum enumValue = Enum.valueOf((Class) c, s);
return c.getName() + "." + enumValue.name();
} catch (IllegalArgumentException iae) {
- log.debug(Localizer.getMessage("jsp.error.typeConversion", s, "Enum[" + c.getName() + "]"), iae);
+ if (log.isDebugEnabled()) {
+ log.debug(Localizer.getMessage("jsp.error.typeConversion", s, "Enum[" + c.getName() + "]"), iae);
+ }
// Continue and resolve the value at runtime
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/runtime/BodyContentImpl.java tomcat10-10.1.52/java/org/apache/jasper/runtime/BodyContentImpl.java
--- tomcat10-10.1.40/java/org/apache/jasper/runtime/BodyContentImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/runtime/BodyContentImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -27,11 +27,8 @@
import org.apache.jasper.compiler.Localizer;
/**
- * Write text to a character-output stream, buffering characters to provide efficient writing of single
- * characters, arrays, and strings. Provide support for discarding the output that has been buffered.
- *
- * @author Rajiv Mordani
- * @author Jan Luehe
+ * Write text to a character-output stream, buffering characters to provide efficient writing of single characters,
+ * arrays, and strings. Provide support for discarding the output that has been buffered.
*/
public class BodyContentImpl extends BodyContent {
@@ -370,7 +367,7 @@
this.writer = null;
try {
this.clear();
- } catch (IOException ex) {
+ } catch (IOException ignore) {
// ignore
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/runtime/HttpJspBase.java tomcat10-10.1.52/java/org/apache/jasper/runtime/HttpJspBase.java
--- tomcat10-10.1.40/java/org/apache/jasper/runtime/HttpJspBase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/runtime/HttpJspBase.java 2026-01-23 19:33:36.000000000 +0000
@@ -30,8 +30,6 @@
/**
* This is the super class of all JSP-generated servlets.
- *
- * @author Anil K. Vijendran
*/
public abstract class HttpJspBase extends HttpServlet implements HttpJspPage {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/runtime/JspApplicationContextImpl.java tomcat10-10.1.52/java/org/apache/jasper/runtime/JspApplicationContextImpl.java
--- tomcat10-10.1.40/java/org/apache/jasper/runtime/JspApplicationContextImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/runtime/JspApplicationContextImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -36,9 +36,7 @@
import org.apache.jasper.el.JasperELResolver;
/**
- * Implementation of JspApplicationContext
- *
- * @author Jacob Hookom
+ * Implementation of JspApplicationContext.
*/
public class JspApplicationContextImpl implements JspApplicationContext {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/runtime/JspContextWrapper.java tomcat10-10.1.52/java/org/apache/jasper/runtime/JspContextWrapper.java
--- tomcat10-10.1.40/java/org/apache/jasper/runtime/JspContextWrapper.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/runtime/JspContextWrapper.java 2026-01-23 19:33:36.000000000 +0000
@@ -60,10 +60,6 @@
* Implementation of a JSP Context Wrapper. The JSP Context Wrapper is a JspContext created and maintained by a tag
* handler implementation. It wraps the Invoking JSP Context, that is, the JspContext instance passed to the tag handler
* by the invoking page via setJspContext().
- *
- * @author Kin-man Chung
- * @author Jan Luehe
- * @author Jacob Hookom
*/
@SuppressWarnings("deprecation") // Have to support old JSP EL API
public class JspContextWrapper extends PageContext implements VariableResolver {
@@ -193,7 +189,7 @@
if (getSession() != null) {
try {
o = rootJspCtxt.getAttribute(name, SESSION_SCOPE);
- } catch (IllegalStateException ise) {
+ } catch (IllegalStateException ignore) {
// Session has been invalidated.
// Ignore and fall through to application scope.
}
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/runtime/JspFactoryImpl.java tomcat10-10.1.52/java/org/apache/jasper/runtime/JspFactoryImpl.java
--- tomcat10-10.1.40/java/org/apache/jasper/runtime/JspFactoryImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/runtime/JspFactoryImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -33,8 +33,6 @@
/**
* Implementation of JspFactory.
- *
- * @author Anil K. Vijendran
*/
public class JspFactoryImpl extends JspFactory {
@@ -102,7 +100,7 @@
try {
pc.initialize(servlet, request, response, errorPageURL, needsSession, bufferSize, autoflush);
- } catch (IOException ioe) {
+ } catch (IOException ignore) {
// Implementation never throws IOE but can't change the signature
// since it is part of the JSP API
}
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/runtime/JspFragmentHelper.java tomcat10-10.1.52/java/org/apache/jasper/runtime/JspFragmentHelper.java
--- tomcat10-10.1.40/java/org/apache/jasper/runtime/JspFragmentHelper.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/runtime/JspFragmentHelper.java 2026-01-23 19:33:36.000000000 +0000
@@ -27,8 +27,6 @@
* JspFragments in a single page.
*
* The class also provides various utility methods for JspFragment implementations.
- *
- * @author Mark Roth
*/
public abstract class JspFragmentHelper extends JspFragment {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/runtime/JspRuntimeLibrary.java tomcat10-10.1.52/java/org/apache/jasper/runtime/JspRuntimeLibrary.java
--- tomcat10-10.1.40/java/org/apache/jasper/runtime/JspRuntimeLibrary.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/runtime/JspRuntimeLibrary.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,6 +25,7 @@
import java.nio.charset.StandardCharsets;
import java.util.Enumeration;
+import jakarta.el.VariableMapper;
import jakarta.servlet.RequestDispatcher;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
@@ -45,9 +46,6 @@
/**
* Bunch of util methods that are used by code generated for useBean, getProperty and setProperty.
- *
- * @author Mandar Raje
- * @author Shawn Bayern
*/
public class JspRuntimeLibrary {
@@ -280,8 +278,8 @@
} else {
return getValueFromPropertyEditorManager(t, propertyName, s);
}
- } catch (Exception ex) {
- throw new JasperException(ex);
+ } catch (Exception e) {
+ throw new JasperException(e);
}
}
@@ -347,10 +345,10 @@
}
}
}
- } catch (Exception ex) {
- Throwable thr = ExceptionUtils.unwrapInvocationTargetException(ex);
+ } catch (Exception e) {
+ Throwable thr = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(thr);
- throw new JasperException(ex);
+ throw new JasperException(e);
}
if (!ignoreMethodNF && (method == null)) {
if (type == null) {
@@ -573,10 +571,10 @@
try {
Method method = getReadMethod(o.getClass(), prop);
value = method.invoke(o, (Object[]) null);
- } catch (Exception ex) {
- Throwable thr = ExceptionUtils.unwrapInvocationTargetException(ex);
+ } catch (Exception e) {
+ Throwable thr = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(thr);
- throw new JasperException(ex);
+ throw new JasperException(e);
}
return value;
}
@@ -586,12 +584,12 @@
ProtectedFunctionMapper functionMapper) throws JasperException {
try {
Method method = getWriteMethod(bean.getClass(), prop);
- method.invoke(bean, PageContextImpl.proprietaryEvaluate(expression,
- method.getParameterTypes()[0], pageContext, functionMapper));
- } catch (Exception ex) {
- Throwable thr = ExceptionUtils.unwrapInvocationTargetException(ex);
+ method.invoke(bean, PageContextImpl.proprietaryEvaluate(expression, method.getParameterTypes()[0],
+ pageContext, functionMapper));
+ } catch (Exception e) {
+ Throwable thr = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(thr);
- throw new JasperException(ex);
+ throw new JasperException(e);
}
}
@@ -599,10 +597,10 @@
try {
Method method = getWriteMethod(bean.getClass(), prop);
method.invoke(bean, value);
- } catch (Exception ex) {
- Throwable thr = ExceptionUtils.unwrapInvocationTargetException(ex);
+ } catch (Exception e) {
+ Throwable thr = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(thr);
- throw new JasperException(ex);
+ throw new JasperException(e);
}
}
@@ -610,10 +608,10 @@
try {
Method method = getWriteMethod(bean.getClass(), prop);
method.invoke(bean, Integer.valueOf(value));
- } catch (Exception ex) {
- Throwable thr = ExceptionUtils.unwrapInvocationTargetException(ex);
+ } catch (Exception e) {
+ Throwable thr = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(thr);
- throw new JasperException(ex);
+ throw new JasperException(e);
}
}
@@ -621,10 +619,10 @@
try {
Method method = getWriteMethod(bean.getClass(), prop);
method.invoke(bean, Short.valueOf(value));
- } catch (Exception ex) {
- Throwable thr = ExceptionUtils.unwrapInvocationTargetException(ex);
+ } catch (Exception e) {
+ Throwable thr = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(thr);
- throw new JasperException(ex);
+ throw new JasperException(e);
}
}
@@ -632,10 +630,10 @@
try {
Method method = getWriteMethod(bean.getClass(), prop);
method.invoke(bean, Long.valueOf(value));
- } catch (Exception ex) {
- Throwable thr = ExceptionUtils.unwrapInvocationTargetException(ex);
+ } catch (Exception e) {
+ Throwable thr = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(thr);
- throw new JasperException(ex);
+ throw new JasperException(e);
}
}
@@ -643,10 +641,10 @@
try {
Method method = getWriteMethod(bean.getClass(), prop);
method.invoke(bean, Double.valueOf(value));
- } catch (Exception ex) {
- Throwable thr = ExceptionUtils.unwrapInvocationTargetException(ex);
+ } catch (Exception e) {
+ Throwable thr = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(thr);
- throw new JasperException(ex);
+ throw new JasperException(e);
}
}
@@ -654,10 +652,10 @@
try {
Method method = getWriteMethod(bean.getClass(), prop);
method.invoke(bean, Float.valueOf(value));
- } catch (Exception ex) {
- Throwable thr = ExceptionUtils.unwrapInvocationTargetException(ex);
+ } catch (Exception e) {
+ Throwable thr = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(thr);
- throw new JasperException(ex);
+ throw new JasperException(e);
}
}
@@ -665,10 +663,10 @@
try {
Method method = getWriteMethod(bean.getClass(), prop);
method.invoke(bean, Character.valueOf(value));
- } catch (Exception ex) {
- Throwable thr = ExceptionUtils.unwrapInvocationTargetException(ex);
+ } catch (Exception e) {
+ Throwable thr = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(thr);
- throw new JasperException(ex);
+ throw new JasperException(e);
}
}
@@ -676,10 +674,10 @@
try {
Method method = getWriteMethod(bean.getClass(), prop);
method.invoke(bean, Byte.valueOf(value));
- } catch (Exception ex) {
- Throwable thr = ExceptionUtils.unwrapInvocationTargetException(ex);
+ } catch (Exception e) {
+ Throwable thr = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(thr);
- throw new JasperException(ex);
+ throw new JasperException(e);
}
}
@@ -687,10 +685,10 @@
try {
Method method = getWriteMethod(bean.getClass(), prop);
method.invoke(bean, Boolean.valueOf(value));
- } catch (Exception ex) {
- Throwable thr = ExceptionUtils.unwrapInvocationTargetException(ex);
+ } catch (Exception e) {
+ Throwable thr = ExceptionUtils.unwrapInvocationTargetException(e);
ExceptionUtils.handleThrowable(thr);
- throw new JasperException(ex);
+ throw new JasperException(e);
}
}
@@ -732,8 +730,8 @@
break;
}
}
- } catch (Exception ex) {
- throw new JasperException(ex);
+ } catch (Exception e) {
+ throw new JasperException(e);
}
}
if (result == null) {
@@ -770,8 +768,8 @@
break;
}
}
- } catch (Exception ex) {
- throw new JasperException(ex);
+ } catch (Exception e) {
+ throw new JasperException(e);
}
}
if (result == null) {
@@ -794,12 +792,12 @@
PropertyEditor pe = (PropertyEditor) propertyEditorClass.getConstructor().newInstance();
pe.setAsText(attrValue);
return pe.getValue();
- } catch (Exception ex) {
+ } catch (Exception e) {
if (attrValue.isEmpty()) {
return null;
} else {
throw new JasperException(Localizer.getMessage("jsp.error.beans.property.conversion", attrValue,
- attrClass.getName(), attrName, ex.getMessage()));
+ attrClass.getName(), attrName, e.getMessage()));
}
}
}
@@ -964,4 +962,30 @@
}
}
+
+ /**
+ * This method parallels the logic of {@code SetSupport.doEndTag()}.
+ *
+ * @param pageContext pageContext
+ * @param var name of the variable
+ * @param value value to store
+ * @param scope scope
+ */
+ public static void nonstandardSetTag(jakarta.servlet.jsp.PageContext pageContext, String var, Object value,
+ int scope) {
+ if (value == null) {
+ // matches SetTag and removes the key from the specified scope
+ pageContext.removeAttribute(var, scope);
+ } else {
+ if (scope == PageContext.PAGE_SCOPE) {
+ // matches SetTag and cleans up the VariableMapper
+ VariableMapper vm = pageContext.getELContext().getVariableMapper();
+ if (vm != null) {
+ vm.setVariable(var, null);
+ }
+ }
+ // does the all-important set of the correct scope
+ pageContext.setAttribute(var, value, scope);
+ }
+ }
}
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/runtime/JspWriterImpl.java tomcat10-10.1.52/java/org/apache/jasper/runtime/JspWriterImpl.java
--- tomcat10-10.1.40/java/org/apache/jasper/runtime/JspWriterImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/runtime/JspWriterImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -27,11 +27,9 @@
import org.apache.jasper.compiler.Localizer;
/**
- * Write text to a character-output stream, buffering characters to provide efficient writing of single
- * characters, arrays, and strings. Provide support for discarding the output that has been buffered. This needs
- * revisiting when the buffering problems in the JSP spec are fixed -akv
- *
- * @author Anil K. Vijendran
+ * Write text to a character-output stream, buffering characters to provide efficient writing of single characters,
+ * arrays, and strings. Provide support for discarding the output that has been buffered. This needs revisiting when the
+ * buffering problems in the JSP spec are fixed -akv.
*/
public class JspWriterImpl extends JspWriter {
@@ -54,7 +52,7 @@
* @param autoFlush true to automatically flush on buffer full, false to throw an overflow
* exception in that case
*
- * @exception IllegalArgumentException If sz is <= 0
+ * @exception IllegalArgumentException If sz is < 0
*/
public JspWriterImpl(ServletResponse response, int sz, boolean autoFlush) {
super(sz, autoFlush);
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/runtime/PageContextImpl.java tomcat10-10.1.52/java/org/apache/jasper/runtime/PageContextImpl.java
--- tomcat10-10.1.40/java/org/apache/jasper/runtime/PageContextImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/runtime/PageContextImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -53,14 +53,6 @@
/**
* Implementation of the PageContext class from the JSP spec. Also doubles as a VariableResolver for the EL.
- *
- * @author Anil K. Vijendran
- * @author Larry Cable
- * @author Hans Bergsten
- * @author Pierre Delisle
- * @author Mark Roth
- * @author Jan Luehe
- * @author Jacob Hookom
*/
public class PageContextImpl extends PageContext {
@@ -172,8 +164,8 @@
out = baseOut;
try {
((JspWriterImpl) out).flushBuffer();
- } catch (IOException ex) {
- throw new IllegalStateException(Localizer.getMessage("jsp.error.flush"), ex);
+ } catch (IOException ioe) {
+ throw new IllegalStateException(Localizer.getMessage("jsp.error.flush"), ioe);
} finally {
servlet = null;
config = null;
@@ -319,7 +311,7 @@
if (session.getAttribute(name) != null) {
return SESSION_SCOPE;
}
- } catch (IllegalStateException ise) {
+ } catch (IllegalStateException ignore) {
// Session has been invalidated.
// Ignore and fall through to application scope.
}
@@ -351,7 +343,7 @@
if (session != null) {
try {
o = session.getAttribute(name);
- } catch (IllegalStateException ise) {
+ } catch (IllegalStateException ignore) {
// Session has been invalidated.
// Ignore and fall through to application scope.
}
@@ -398,7 +390,7 @@
if (session != null) {
try {
removeAttribute(name, SESSION_SCOPE);
- } catch (IllegalStateException ise) {
+ } catch (IllegalStateException ignore) {
// Session has been invalidated.
// Ignore and fall throw to application scope.
}
@@ -497,8 +489,8 @@
try {
out.clear();
baseOut.clear();
- } catch (IOException ex) {
- throw new IllegalStateException(Localizer.getMessage("jsp.error.attempt_to_clear_flushed_buffer"), ex);
+ } catch (IOException ioe) {
+ throw new IllegalStateException(Localizer.getMessage("jsp.error.attempt_to_clear_flushed_buffer"), ioe);
}
// Make sure that the response object is not the wrapper for include
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/runtime/ProtectedFunctionMapper.java tomcat10-10.1.52/java/org/apache/jasper/runtime/ProtectedFunctionMapper.java
--- tomcat10-10.1.40/java/org/apache/jasper/runtime/ProtectedFunctionMapper.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/runtime/ProtectedFunctionMapper.java 2026-01-23 19:33:36.000000000 +0000
@@ -24,9 +24,6 @@
/**
* Maps EL functions to their Java method counterparts. Keeps the actual Method objects protected so that JSP pages
* can't indirectly do reflection.
- *
- * @author Mark Roth
- * @author Kin-man Chung
*/
@SuppressWarnings("deprecation") // Have to support old JSP EL API
public final class ProtectedFunctionMapper extends jakarta.el.FunctionMapper implements FunctionMapper {
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/runtime/ServletResponseWrapperInclude.java tomcat10-10.1.52/java/org/apache/jasper/runtime/ServletResponseWrapperInclude.java
--- tomcat10-10.1.40/java/org/apache/jasper/runtime/ServletResponseWrapperInclude.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/runtime/ServletResponseWrapperInclude.java 2026-01-23 19:33:36.000000000 +0000
@@ -28,10 +28,7 @@
/**
* ServletResponseWrapper used by the JSP 'include' action. This wrapper response object is passed to
* RequestDispatcher.include(), so that the output of the included resource is appended to that of the including page.
- *
- * @author Pierre Delisle
*/
-
public class ServletResponseWrapperInclude extends HttpServletResponseWrapper {
/**
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/runtime/TagHandlerPool.java tomcat10-10.1.52/java/org/apache/jasper/runtime/TagHandlerPool.java
--- tomcat10-10.1.40/java/org/apache/jasper/runtime/TagHandlerPool.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/runtime/TagHandlerPool.java 2026-01-23 19:33:36.000000000 +0000
@@ -27,8 +27,6 @@
/**
* Pool of tag handlers that can be reused.
- *
- * @author Jan Luehe
*/
public class TagHandlerPool {
@@ -69,7 +67,7 @@
if (maxSizeS != null) {
try {
maxSize = Integer.parseInt(maxSizeS);
- } catch (Exception ex) {
+ } catch (Exception e) {
// Ignore
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/servlet/JasperLoader.java tomcat10-10.1.52/java/org/apache/jasper/servlet/JasperLoader.java
--- tomcat10-10.1.40/java/org/apache/jasper/servlet/JasperLoader.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/servlet/JasperLoader.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,9 +26,6 @@
/**
* Class loader for loading servlet class files (corresponding to JSP files) and tag handler class files (corresponding
* to tag files).
- *
- * @author Anil K. Vijendran
- * @author Harish Prabandham
*/
public class JasperLoader extends URLClassLoader {
@@ -133,7 +130,7 @@
if (url != null) {
try {
is = url.openStream();
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/servlet/JspCServletContext.java tomcat10-10.1.52/java/org/apache/jasper/servlet/JspCServletContext.java
--- tomcat10-10.1.40/java/org/apache/jasper/servlet/JspCServletContext.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/servlet/JspCServletContext.java 2026-01-23 19:33:36.000000000 +0000
@@ -66,10 +66,7 @@
/**
* Simple ServletContext implementation without HTTP-specific methods.
- *
- * @author Peter Rossbach (pr@webapp.de)
*/
-
public class JspCServletContext implements ServletContext {
@@ -154,8 +151,8 @@
if (!webXmlParser.parseWebXml(url, webXml, false)) {
throw new JasperException(Localizer.getMessage("jspc.error.invalidWebXml"));
}
- } catch (IOException e) {
- throw new JasperException(e);
+ } catch (IOException ioe) {
+ throw new JasperException(ioe);
}
// if the application is metadata-complete then we can skip fragment processing
@@ -410,8 +407,8 @@
}
}
}
- } catch (IOException e) {
- log(e.getMessage(), e);
+ } catch (IOException ioe) {
+ log(ioe.getMessage(), ioe);
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/servlet/JspServlet.java tomcat10-10.1.52/java/org/apache/jasper/servlet/JspServlet.java
--- tomcat10-10.1.40/java/org/apache/jasper/servlet/JspServlet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/servlet/JspServlet.java 2026-01-23 19:33:36.000000000 +0000
@@ -45,16 +45,9 @@
import org.apache.tomcat.util.security.Escape;
/**
- * The Jasper JSP engine. The servlet container is responsible for providing a URLClassLoader for the web
- * application context Jasper is being used in. Jasper will try to get the Tomcat ServletContext attribute for its
- * ServletContext class loader, if that fails, it uses the parent class loader. In either case, it must be a
- * URLClassLoader.
- *
- * @author Anil K. Vijendran
- * @author Harish Prabandham
- * @author Remy Maucherat
- * @author Kin-man Chung
- * @author Glenn Nielsen
+ * The Jasper JSP engine. The servlet container is responsible for providing a URLClassLoader for the web application
+ * context Jasper is being used in. Jasper will try to get the Tomcat ServletContext attribute for its ServletContext
+ * class loader, if that fails, it uses the parent class loader. In either case, it must be a URLClassLoader.
*/
public class JspServlet extends HttpServlet implements PeriodicEventListener {
@@ -95,8 +88,8 @@
Constructor ctor = engineOptionsClass.getConstructor(ctorSig);
Object[] args = { config, context };
options = (Options) ctor.newInstance(args);
- } catch (Throwable e) {
- Throwable throwable = ExceptionUtils.unwrapInvocationTargetException(e);
+ } catch (Throwable t) {
+ Throwable throwable = ExceptionUtils.unwrapInvocationTargetException(t);
ExceptionUtils.handleThrowable(throwable);
// Need to localize this.
log.warn(Localizer.getMessage("jsp.warning.engineOptionsClass", engineOptionsName), throwable);
@@ -126,8 +119,8 @@
} else {
serviceJspFile(null, null, jspFile, true);
}
- } catch (IOException e) {
- throw new ServletException(Localizer.getMessage("jsp.error.precompilation", jspFile), e);
+ } catch (IOException ioe) {
+ throw new ServletException(Localizer.getMessage("jsp.error.precompilation", jspFile), ioe);
} catch (PrivilegedActionException e) {
Throwable t = e.getCause();
if (t instanceof ServletException) {
@@ -308,9 +301,9 @@
serviceJspFile(request, response, jspUri, precompile);
} catch (RuntimeException | IOException | ServletException e) {
throw e;
- } catch (Throwable e) {
- ExceptionUtils.handleThrowable(e);
- throw new ServletException(e);
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ throw new ServletException(t);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/servlet/JspServletWrapper.java tomcat10-10.1.52/java/org/apache/jasper/servlet/JspServletWrapper.java
--- tomcat10-10.1.40/java/org/apache/jasper/servlet/JspServletWrapper.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/servlet/JspServletWrapper.java 2026-01-23 19:33:36.000000000 +0000
@@ -49,17 +49,9 @@
import org.apache.tomcat.Jar;
/**
- * The Jasper JSP engine. The servlet container is responsible for providing a URLClassLoader for the web
- * application context Jasper is being used in. Jasper will try to get the Tomcat ServletContext attribute for its
- * ServletContext class loader, if that fails, it uses the parent class loader. In either case, it must be a
- * URLClassLoader.
- *
- * @author Anil K. Vijendran
- * @author Harish Prabandham
- * @author Remy Maucherat
- * @author Kin-man Chung
- * @author Glenn Nielsen
- * @author Tim Fennell
+ * The Jasper JSP engine. The servlet container is responsible for providing a URLClassLoader for the web application
+ * context Jasper is being used in. Jasper will try to get the Tomcat ServletContext attribute for its ServletContext
+ * class loader, if that fails, it uses the parent class loader. In either case, it must be a URLClassLoader.
*/
public class JspServletWrapper {
@@ -402,11 +394,11 @@
throw handleJspException(ex);
}
throw ex;
- } catch (Exception ex) {
+ } catch (Exception e) {
if (options.getDevelopment()) {
- throw handleJspException(ex);
+ throw handleJspException(e);
}
- throw new JasperException(ex);
+ throw new JasperException(e);
}
try {
@@ -454,16 +446,16 @@
throw handleJspException(ex);
}
throw ex;
- } catch (IOException ex) {
+ } catch (IOException ioe) {
if (options.getDevelopment()) {
- throw new IOException(handleJspException(ex).getMessage(), ex);
+ throw new IOException(handleJspException(ioe).getMessage(), ioe);
}
- throw ex;
- } catch (Exception ex) {
+ throw ioe;
+ } catch (Exception e) {
if (options.getDevelopment()) {
- throw handleJspException(ex);
+ throw handleJspException(e);
}
- throw new JasperException(ex);
+ throw new JasperException(e);
}
}
@@ -513,7 +505,8 @@
* Attempts to construct a JasperException that contains helpful information about what went wrong. Uses the JSP
* compiler system to translate the line number in the generated servlet that originated the exception to a line
* number in the JSP. Then constructs an exception containing that information, and a snippet of the JSP to help
- * debugging. Please see BZ 37062 for more details.
+ * debugging. Please see BZ 37062 for more
+ * details.
*
*
* @param ex the exception that was the cause of the problem.
@@ -523,8 +516,12 @@
protected JasperException handleJspException(Exception ex) {
try {
Throwable realException = ex;
+ // Unwrap Servlet exception once
if (ex instanceof ServletException) {
- realException = ((ServletException) ex).getRootCause();
+ Throwable rootCause = ((ServletException) ex).getRootCause();
+ if (rootCause != null) {
+ realException = rootCause;
+ }
}
// Find the first stack frame that represents code generated by
@@ -577,7 +574,7 @@
return new JasperException(
Localizer.getMessage("jsp.exception", detail.getJspFileName(), "" + source.getLineNumber()), ex);
- } catch (Exception je) {
+ } catch (Exception e) {
// If anything goes wrong, just revert to the original behaviour
if (ex instanceof JasperException) {
return (JasperException) ex;
diff -Nru tomcat10-10.1.40/java/org/apache/jasper/tagplugins/jstl/core/Import.java tomcat10-10.1.52/java/org/apache/jasper/tagplugins/jstl/core/Import.java
--- tomcat10-10.1.40/java/org/apache/jasper/tagplugins/jstl/core/Import.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/jasper/tagplugins/jstl/core/Import.java 2026-01-23 19:33:36.000000000 +0000
@@ -158,7 +158,7 @@
ctxt.generateJavaSource(" try{");
ctxt.generateJavaSource(" " + tempReaderName + " = new java.io.InputStreamReader(" +
inputStreamName + ", " + charSetName + ");");
- ctxt.generateJavaSource(" }catch(Exception ex){");
+ ctxt.generateJavaSource(" }catch(Exception e){");
ctxt.generateJavaSource(" " + tempReaderName + " = new java.io.InputStreamReader(" +
inputStreamName + ", org.apache.jasper.tagplugins.jstl.Util.DEFAULT_ENCODING);");
ctxt.generateJavaSource(" }");
@@ -306,8 +306,7 @@
ctxt.generateJavaSource(" try{");
ctxt.generateJavaSource(" " + tempReaderName + " = new java.io.InputStreamReader(" +
inputStreamName + "," + charSetName + ");");
- ctxt.generateJavaSource(" }catch(Exception ex){");
- // ctxt.generateJavaSource(" throw new JspTagException(ex.toString());");
+ ctxt.generateJavaSource(" }catch(Exception e){");
ctxt.generateJavaSource(" " + tempReaderName + " = new java.io.InputStreamReader(" +
inputStreamName + ",org.apache.jasper.tagplugins.jstl.Util.DEFAULT_ENCODING);");
ctxt.generateJavaSource(" }");
diff -Nru tomcat10-10.1.40/java/org/apache/juli/AsyncFileHandler.java tomcat10-10.1.52/java/org/apache/juli/AsyncFileHandler.java
--- tomcat10-10.1.40/java/org/apache/juli/AsyncFileHandler.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/juli/AsyncFileHandler.java 2026-01-23 19:33:36.000000000 +0000
@@ -55,8 +55,8 @@
public static final int MAX_RECORDS = Integer
.parseInt(System.getProperty("org.apache.juli.AsyncMaxRecordCount", Integer.toString(DEFAULT_MAX_RECORDS)));
- private static final LoggerExecutorService LOGGER_SERVICE = new LoggerExecutorService(OVERFLOW_DROP_TYPE,
- MAX_RECORDS);
+ private static final LoggerExecutorService LOGGER_SERVICE =
+ new LoggerExecutorService(OVERFLOW_DROP_TYPE, MAX_RECORDS);
private final Object closeLock = new Object();
protected volatile boolean closed = false;
@@ -121,8 +121,8 @@
record.getSourceMethodName();
loggerService.execute(() -> {
/*
- * During Tomcat shutdown, the Handlers are closed before the executor queue is flushed therefore the
- * closed flag is ignored if the executor is shutting down.
+ * During Tomcat shutdown, the Handlers are closed before the executor queue is flushed therefore the closed
+ * flag is ignored if the executor is shutting down.
*/
if (!closed || loggerService.isTerminating()) {
publishInternal(record);
diff -Nru tomcat10-10.1.40/java/org/apache/juli/ClassLoaderLogManager.java tomcat10-10.1.52/java/org/apache/juli/ClassLoaderLogManager.java
--- tomcat10-10.1.40/java/org/apache/juli/ClassLoaderLogManager.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/juli/ClassLoaderLogManager.java 2026-01-23 19:33:36.000000000 +0000
@@ -83,7 +83,7 @@
* Map containing the classloader information, keyed per classloader. A weak hashmap is used to ensure no
* classloader reference is leaked from application redeployment.
*/
- protected final Map classLoaderLoggers = new WeakHashMap<>(); // Guarded by this
+ protected final Map classLoaderLoggers = new WeakHashMap<>(); // Guarded by this
/**
@@ -352,7 +352,7 @@
for (Handler handler : clLogInfo.handlers.values()) {
try {
handler.close();
- } catch (Exception e) {
+ } catch (Exception ignore) {
// Ignore
}
}
@@ -381,7 +381,7 @@
AccessController.doPrivileged((PrivilegedAction) () -> {
try {
readConfiguration(classLoaderParam);
- } catch (IOException e) {
+ } catch (IOException ignore) {
// Ignore
}
return null;
@@ -450,9 +450,9 @@
if (configFileStr != null) {
try {
is = new FileInputStream(replace(configFileStr));
- } catch (IOException e) {
+ } catch (IOException ioe) {
System.err.println("Configuration error");
- e.printStackTrace();
+ ioe.printStackTrace();
}
}
// Try the default JVM configuration
@@ -460,9 +460,9 @@
File defaultFile = new File(new File(System.getProperty("java.home"), "conf"), "logging.properties");
try {
is = new FileInputStream(defaultFile);
- } catch (IOException e) {
+ } catch (IOException ioe) {
System.err.println("Configuration error");
- e.printStackTrace();
+ ioe.printStackTrace();
}
}
}
@@ -515,10 +515,10 @@
try (is) {
info.props.load(is);
- } catch (IOException e) {
+ } catch (IOException ioe) {
// Report error
System.err.println("Configuration error");
- e.printStackTrace();
+ ioe.printStackTrace();
}
// Ignore
@@ -663,7 +663,7 @@
protected static final class LogNode {
Logger logger;
- final Map children = new HashMap<>();
+ final Map children = new HashMap<>();
final LogNode parent;
@@ -729,8 +729,8 @@
protected static final class ClassLoaderLogInfo {
final LogNode rootNode;
- final Map loggers = new ConcurrentHashMap<>();
- final Map handlers = new HashMap<>();
+ final Map loggers = new ConcurrentHashMap<>();
+ final Map handlers = new HashMap<>();
final Properties props = new Properties();
ClassLoaderLogInfo(final LogNode rootNode) {
diff -Nru tomcat10-10.1.40/java/org/apache/juli/FileHandler.java tomcat10-10.1.52/java/org/apache/juli/FileHandler.java
--- tomcat10-10.1.40/java/org/apache/juli/FileHandler.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/juli/FileHandler.java 2026-01-23 19:33:36.000000000 +0000
@@ -86,8 +86,8 @@
public static final int DEFAULT_BUFFER_SIZE = -1;
- private static final ExecutorService DELETE_FILES_SERVICE = Executors
- .newSingleThreadExecutor(new ThreadFactory("FileHandlerLogFilesCleaner-"));
+ private static final ExecutorService DELETE_FILES_SERVICE =
+ Executors.newSingleThreadExecutor(new ThreadFactory("FileHandlerLogFilesCleaner-"));
// ------------------------------------------------------------ Constructor
@@ -366,7 +366,7 @@
if (encoding != null && !encoding.isEmpty()) {
try {
setEncoding(encoding);
- } catch (UnsupportedEncodingException ex) {
+ } catch (UnsupportedEncodingException ignore) {
// Ignore
}
}
@@ -379,7 +379,7 @@
if (filterName != null) {
try {
setFilter((Filter) cl.loadClass(filterName).getConstructor().newInstance());
- } catch (Exception e) {
+ } catch (Exception ignore) {
// Ignore
}
}
@@ -389,7 +389,7 @@
if (formatterName != null) {
try {
setFormatter((Formatter) cl.loadClass(formatterName).getConstructor().newInstance());
- } catch (Exception e) {
+ } catch (Exception ignore) {
// Ignore and fallback to defaults
setFormatter(new OneLineFormatter());
}
@@ -454,14 +454,14 @@
if (fos != null) {
try {
fos.close();
- } catch (IOException e1) {
+ } catch (IOException ignore) {
// Ignore
}
}
if (os != null) {
try {
os.close();
- } catch (IOException e1) {
+ } catch (IOException ignore) {
// Ignore
}
}
@@ -479,7 +479,7 @@
for (Path file : files) {
Files.delete(file);
}
- } catch (IOException e) {
+ } catch (IOException ioe) {
reportError("Unable to delete log files older than [" + maxDays + "] days", null,
ErrorManager.GENERIC_FAILURE);
}
@@ -495,8 +495,8 @@
try {
LocalDate dateFromFile = LocalDate.from(DateTimeFormatter.ISO_LOCAL_DATE.parse(date));
result = dateFromFile.isBefore(maxDaysOffset);
- } catch (DateTimeException e) {
- // no-op
+ } catch (DateTimeException ignore) {
+ // Unable to determine date from path. File will not be included.
}
}
return result;
diff -Nru tomcat10-10.1.40/java/org/apache/juli/JdkLoggerFormatter.java tomcat10-10.1.52/java/org/apache/juli/JdkLoggerFormatter.java
--- tomcat10-10.1.40/java/org/apache/juli/JdkLoggerFormatter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/juli/JdkLoggerFormatter.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,8 +31,6 @@
*
*
* Example: 1130122891846 Http11BaseProtocol I Initializing Coyote HTTP/1.1 on http-8800
- *
- * @author Costin Manolache
*/
public class JdkLoggerFormatter extends Formatter {
@@ -96,7 +94,7 @@
buf.append(" ".repeat(Math.max(0, 8 - buf.length())));
// Append the message
- buf.append(message);
+ buf.append(LogUtil.escape(message));
// Append stack trace if not null
if (t != null) {
@@ -106,7 +104,7 @@
java.io.PrintWriter pw = new java.io.PrintWriter(sw);
t.printStackTrace(pw);
pw.close();
- buf.append(sw);
+ buf.append(LogUtil.escape(sw.toString()));
}
buf.append(System.lineSeparator());
diff -Nru tomcat10-10.1.40/java/org/apache/juli/JsonFormatter.java tomcat10-10.1.52/java/org/apache/juli/JsonFormatter.java
--- tomcat10-10.1.40/java/org/apache/juli/JsonFormatter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/juli/JsonFormatter.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,9 +20,8 @@
import java.util.logging.LogRecord;
/**
- * Provides the same information as the one line format but using JSON formatting.
- * All the information of the LogRecord is included as a one line JSON document,
- * including the full stack trace of the associated exception if any.
+ * Provides the same information as the one line format but using JSON formatting. All the information of the LogRecord
+ * is included as a one line JSON document, including the full stack trace of the associated exception if any.
*
* The LogRecord is mapped as attributes:
*
@@ -32,9 +31,9 @@
*
class: the class from which the log originated
*
method: the method from which the log originated
*
message: the log message
- *
throwable: the full stack trace from an exception, if present, represented as an array of string
- * (the message first, then one string per stack trace element prefixed by a whitespace,
- * then moving on to the cause exception if any)
+ *
throwable: the full stack trace from an exception, if present, represented as an array of string (the message
+ * first, then one string per stack trace element prefixed by a whitespace, then moving on to the cause exception if
+ * any)
*
*/
public class JsonFormatter extends OneLineFormatter {
@@ -66,14 +65,7 @@
// Thread
sb.append("\"thread\": \"");
- final String threadName = Thread.currentThread().getName();
- if (threadName != null && threadName.startsWith(AsyncFileHandler.THREAD_PREFIX)) {
- // If using the async handler can't get the thread name from the
- // current thread.
- sb.append(getThreadName(record.getThreadID()));
- } else {
- sb.append(threadName);
- }
+ sb.append(resolveThreadName(record));
sb.append("\", ");
// Source
@@ -121,15 +113,16 @@
/**
- * Provides escaping of values so they can be included in a JSON document.
- * Escaping is based on the definition of JSON found in
- * RFC 8259.
+ * Provides escaping of values so they can be included in a JSON document. Escaping is based on the definition of
+ * JSON found in RFC 8259.
*/
public static class JSONFilter {
/**
* Escape the given string.
+ *
* @param input the string
+ *
* @return the escaped string
*/
public static String escape(String input) {
@@ -138,16 +131,17 @@
/**
* Escape the given char sequence.
- * @param input the char sequence
- * @param off the offset on which escaping will start
+ *
+ * @param input the char sequence
+ * @param off the offset on which escaping will start
* @param length the length which should be escaped
+ *
* @return the escaped char sequence corresponding to the specified range
*/
public static CharSequence escape(CharSequence input, int off, int length) {
/*
- * While any character MAY be escaped, only U+0000 to U+001F (control
- * characters), U+0022 (quotation mark) and U+005C (reverse solidus)
- * MUST be escaped.
+ * While any character MAY be escaped, only U+0000 to U+001F (control characters), U+0022 (quotation mark)
+ * and U+005C (reverse solidus) MUST be escaped.
*/
StringBuilder escaped = null;
int lastUnescapedStart = off;
diff -Nru tomcat10-10.1.40/java/org/apache/juli/LogUtil.java tomcat10-10.1.52/java/org/apache/juli/LogUtil.java
--- tomcat10-10.1.40/java/org/apache/juli/LogUtil.java 1970-01-01 00:00:00.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/juli/LogUtil.java 2026-01-23 19:33:36.000000000 +0000
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.juli;
+
+public class LogUtil {
+
+ private LogUtil() {
+ // Utility class. Hide default constructor
+ }
+
+
+ /**
+ * Escape a string so it can be displayed in a readable format. Characters that may not be printable in some/all of
+ * the contexts in which log messages will be viewed will be escaped using Java \\uNNNN escaping.
+ *
+ * All control characters are escaped apart from horizontal tab (\\u0009), new line (\\u000a) and carriage return
+ * (\\u000d).
+ *
+ * @param input The string to escape
+ *
+ * @return The escaped form of the input string
+ */
+ @SuppressWarnings("null") // sb is not null when used
+ public static String escape(final String input) {
+ final int len = input.length();
+ int i = 0;
+ int lastControl = -1;
+ StringBuilder sb = null;
+ while (i < len) {
+ char c = input.charAt(i);
+ if (Character.getType(c) == Character.CONTROL) {
+ if (!(c == '\t' || c == '\n' || c == '\r')) {
+ if (lastControl == -1) {
+ sb = new StringBuilder(len + 20);
+ }
+ sb.append(input.substring(lastControl + 1, i));
+ sb.append(String.format("\\u%1$04x", Integer.valueOf(c)));
+ lastControl = i;
+ }
+ }
+ i++;
+ }
+ if (lastControl == -1) {
+ return input;
+ } else {
+ sb.append(input.substring(lastControl + 1, len));
+ return sb.toString();
+ }
+ }
+}
diff -Nru tomcat10-10.1.40/java/org/apache/juli/OneLineFormatter.java tomcat10-10.1.52/java/org/apache/juli/OneLineFormatter.java
--- tomcat10-10.1.40/java/org/apache/juli/OneLineFormatter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/juli/OneLineFormatter.java 2026-01-23 19:33:36.000000000 +0000
@@ -42,8 +42,8 @@
private static final Object threadMxBeanLock = new Object();
private static volatile ThreadMXBean threadMxBean = null;
private static final int THREAD_NAME_CACHE_SIZE = 10000;
- private static final ThreadLocal threadNameCache = ThreadLocal
- .withInitial(() -> new ThreadNameCache(THREAD_NAME_CACHE_SIZE));
+ private static final ThreadLocal threadNameCache =
+ ThreadLocal.withInitial(() -> new ThreadNameCache(THREAD_NAME_CACHE_SIZE));
/* Timestamp format */
private static final String DEFAULT_TIME_FORMAT = "dd-MMM-yyyy HH:mm:ss.SSS";
@@ -51,12 +51,12 @@
/**
* The size of our global date format cache
*/
- private static final int globalCacheSize = 30;
+ private static final int GLOBAL_CACHE_SIZE = 30;
/**
* The size of our thread local date format cache
*/
- private static final int localCacheSize = 5;
+ private static final int LOCAL_CACHE_SIZE = 5;
/**
* Thread local date format cache.
@@ -100,9 +100,9 @@
cachedTimeFormat = timeFormat;
}
- final DateFormatCache globalDateCache = new DateFormatCache(globalCacheSize, cachedTimeFormat, null);
- localDateCache = ThreadLocal
- .withInitial(() -> new DateFormatCache(localCacheSize, cachedTimeFormat, globalDateCache));
+ final DateFormatCache globalDateCache = new DateFormatCache(GLOBAL_CACHE_SIZE, cachedTimeFormat, null);
+ localDateCache =
+ ThreadLocal.withInitial(() -> new DateFormatCache(LOCAL_CACHE_SIZE, cachedTimeFormat, globalDateCache));
}
@@ -130,14 +130,7 @@
// Thread
sb.append(' ');
sb.append('[');
- final String threadName = Thread.currentThread().getName();
- if (threadName != null && threadName.startsWith(AsyncFileHandler.THREAD_PREFIX)) {
- // If using the async handler can't get the thread name from the
- // current thread.
- sb.append(getThreadName(record.getThreadID()));
- } else {
- sb.append(threadName);
- }
+ sb.append(resolveThreadName(record));
sb.append(']');
// Source
@@ -148,7 +141,7 @@
// Message
sb.append(' ');
- sb.append(formatMessage(record));
+ sb.append(LogUtil.escape(formatMessage(record)));
// New line for next record
sb.append(System.lineSeparator());
@@ -159,12 +152,23 @@
PrintWriter pw = new IndentingPrintWriter(sw);
record.getThrown().printStackTrace(pw);
pw.close();
- sb.append(sw.getBuffer());
+ sb.append(LogUtil.escape(sw.toString()));
}
return sb.toString();
}
+ protected String resolveThreadName(LogRecord record) {
+ final String threadName = Thread.currentThread().getName();
+ if (threadName != null && threadName.startsWith(AsyncFileHandler.THREAD_PREFIX)) {
+ // If using the async handler can't get the thread name from the
+ // current thread.
+ return getThreadName(record.getThreadID());
+ } else {
+ return threadName;
+ }
+ }
+
protected void addTimestamp(StringBuilder buf, long timestamp) {
String cachedTimeStamp = localDateCache.get().getFormat(timestamp);
if (millisHandling == MillisHandling.NONE) {
@@ -216,10 +220,11 @@
* resulting mess that follows.
*
* @param logRecordThreadId the thread id
+ *
* @return the thread name
*/
protected static String getThreadName(int logRecordThreadId) {
- Map cache = threadNameCache.get();
+ Map cache = threadNameCache.get();
String result = cache.get(Integer.valueOf(logRecordThreadId));
if (result != null) {
@@ -253,7 +258,7 @@
/*
* This is an LRU cache.
*/
- private static class ThreadNameCache extends LinkedHashMap {
+ private static class ThreadNameCache extends LinkedHashMap {
private static final long serialVersionUID = 1L;
@@ -265,7 +270,7 @@
}
@Override
- protected boolean removeEldestEntry(Entry eldest) {
+ protected boolean removeEldestEntry(Entry eldest) {
return (size() > cacheSize);
}
}
@@ -290,6 +295,10 @@
private enum MillisHandling {
- NONE, APPEND, REPLACE_S, REPLACE_SS, REPLACE_SSS,
+ NONE,
+ APPEND,
+ REPLACE_S,
+ REPLACE_SS,
+ REPLACE_SSS,
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/juli/VerbatimFormatter.java tomcat10-10.1.52/java/org/apache/juli/VerbatimFormatter.java
--- tomcat10-10.1.40/java/org/apache/juli/VerbatimFormatter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/juli/VerbatimFormatter.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,9 +20,9 @@
import java.util.logging.LogRecord;
/**
- * Outputs just the log message with no additional elements. Stack traces are not logged. Log messages are separated
- * by System.lineSeparator(). This is intended for use by access logs and the like that need complete
- * control over the output format.
+ * Outputs just the log message with no additional elements and no escaping. Stack traces are not logged. Log messages
+ * are separated by System.lineSeparator(). This is intended for use by access logs and the like that need
+ * complete control over the output format.
*/
public class VerbatimFormatter extends Formatter {
@@ -31,5 +31,4 @@
// Timestamp + New line for next record
return record.getMessage() + System.lineSeparator();
}
-
}
diff -Nru tomcat10-10.1.40/java/org/apache/juli/logging/Log.java tomcat10-10.1.52/java/org/apache/juli/logging/Log.java
--- tomcat10-10.1.40/java/org/apache/juli/logging/Log.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/juli/logging/Log.java 2026-01-23 19:33:36.000000000 +0000
@@ -17,14 +17,11 @@
package org.apache.juli.logging;
/**
- *
* A simple logging interface abstracting logging APIs. In order to be instantiated successfully by {@link LogFactory},
* classes that implement this interface must have a constructor that takes a single String parameter representing the
* "name" of this Log.
- *
*
* The six logging levels used by Log are (in order):
- *
*
*
trace (the least serious)
*
debug
@@ -36,11 +33,9 @@
*
* The mapping of these log levels to the concepts used by the underlying logging system is implementation dependent.
* The implementation should ensure, though, that this ordering behaves as expected.
- *
*
* Performance is often a logging concern. By examining the appropriate property, a component can avoid expensive
* operations (producing information to be logged).
- *
*
* For example,
* if (log.isDebugEnabled()) {
@@ -48,21 +43,12 @@
* log.debug(theResult);
* }
*
- *
*
* Configuration of the underlying logging system will generally be done external to the Logging APIs, through whatever
* mechanism is supported by that system.
- *
- *
- * @author Scott Sanders
- * @author Rod Waldhoff
*/
public interface Log {
-
- // ----------------------------------------------------- Logging Properties
-
-
/**
*
* Is debug logging currently enabled?
diff -Nru tomcat10-10.1.40/java/org/apache/juli/logging/LogConfigurationException.java tomcat10-10.1.52/java/org/apache/juli/logging/LogConfigurationException.java
--- tomcat10-10.1.40/java/org/apache/juli/logging/LogConfigurationException.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/juli/logging/LogConfigurationException.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,8 +22,6 @@
* An exception that is thrown only if a suitable LogFactory or Log instance cannot be created
* by the corresponding factory methods.
*
* Factory for creating {@link Log} instances, with discovery and configuration features similar to that employed by
* standard Java APIs such as JAXP.
- *
*
* IMPLEMENTATION NOTE - This implementation is heavily based on the SAXParserFactory and
* DocumentBuilderFactory implementations (corresponding to the JAXP pluggability APIs) found in Apache Xerces.
- *
- *
- * @author Craig R. McClanahan
- * @author Costin Manolache
- * @author Richard A. Sitze
*/
@ServiceConsumer(value = Log.class)
public class LogFactory {
diff -Nru tomcat10-10.1.40/java/org/apache/naming/ContextAccessController.java tomcat10-10.1.52/java/org/apache/naming/ContextAccessController.java
--- tomcat10-10.1.40/java/org/apache/naming/ContextAccessController.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/ContextAccessController.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,8 +21,6 @@
/**
* Handles the access control on the JNDI contexts.
- *
- * @author Remy Maucherat
*/
public class ContextAccessController {
@@ -45,15 +43,13 @@
/**
* Set a security token for a Catalina context. Can be set only once.
*
- * @param name Name of the Catalina context
+ * @param name Name of the Catalina context
* @param token Security token
*/
public static void setSecurityToken(Object name, Object token) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- sm.checkPermission(new RuntimePermission(
- ContextAccessController.class.getName()
- + ".setSecurityToken"));
+ sm.checkPermission(new RuntimePermission(ContextAccessController.class.getName() + ".setSecurityToken"));
}
if ((!securityTokens.containsKey(name)) && (token != null)) {
securityTokens.put(name, token);
@@ -64,7 +60,7 @@
/**
* Remove a security token for a context.
*
- * @param name Name of the Catalina context
+ * @param name Name of the Catalina context
* @param token Security token
*/
public static void unsetSecurityToken(Object name, Object token) {
@@ -77,15 +73,13 @@
/**
* Check a submitted security token.
*
- * @param name Name of the Catalina context
+ * @param name Name of the Catalina context
* @param token Submitted security token
*
- * @return true if the submitted token is equal to the token
- * in the repository or if no token is present in the repository.
- * Otherwise, false
+ * @return true if the submitted token is equal to the token in the repository or if no token is
+ * present in the repository. Otherwise, false
*/
- public static boolean checkSecurityToken
- (Object name, Object token) {
+ public static boolean checkSecurityToken(Object name, Object token) {
Object refToken = securityTokens.get(name);
return (refToken == null || refToken.equals(token));
}
@@ -94,7 +88,7 @@
/**
* Allow writing to a context.
*
- * @param name Name of the Catalina context
+ * @param name Name of the Catalina context
* @param token Security token
*/
public static void setWritable(Object name, Object token) {
diff -Nru tomcat10-10.1.40/java/org/apache/naming/ContextBindings.java tomcat10-10.1.52/java/org/apache/naming/ContextBindings.java
--- tomcat10-10.1.40/java/org/apache/naming/ContextBindings.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/ContextBindings.java 2026-01-23 19:33:36.000000000 +0000
@@ -29,12 +29,9 @@
*
Calling thread with a NamingContext
*
Calling thread with object bound to the same naming context
*
Thread context class loader with a NamingContext
- *
Thread context class loader with object bound to the same
- * NamingContext
+ *
Thread context class loader with object bound to the same NamingContext
*
* The objects are typically Catalina Server or Context objects.
- *
- * @author Remy Maucherat
*/
public class ContextBindings {
@@ -81,8 +78,8 @@
/**
* Binds an object and a naming context.
*
- * @param obj Object to bind with naming context
- * @param context Associated naming context instance
+ * @param obj Object to bind with naming context
+ * @param context Associated naming context instance
*/
public static void bindContext(Object obj, Context context) {
bindContext(obj, context, null);
@@ -92,9 +89,9 @@
/**
* Binds an object and a naming context.
*
- * @param obj Object to bind with naming context
- * @param context Associated naming context instance
- * @param token Security token
+ * @param obj Object to bind with naming context
+ * @param context Associated naming context instance
+ * @param token Security token
*/
public static void bindContext(Object obj, Context context, Object token) {
if (ContextAccessController.checkSecurityToken(obj, token)) {
@@ -119,7 +116,7 @@
/**
* Retrieve a naming context.
*
- * @param obj Object bound to the required naming context
+ * @param obj Object bound to the required naming context
*/
static Context getContext(Object obj) {
return objectBindings.get(obj);
@@ -132,15 +129,13 @@
* @param obj Object bound to the required naming context
* @param token Security token
*
- * @throws NamingException If no naming context is bound to the provided
- * object
+ * @throws NamingException If no naming context is bound to the provided object
*/
public static void bindThread(Object obj, Object token) throws NamingException {
if (ContextAccessController.checkSecurityToken(obj, token)) {
Context context = objectBindings.get(obj);
if (context == null) {
- throw new NamingException(
- sm.getString("contextBindings.unknownContext", obj));
+ throw new NamingException(sm.getString("contextBindings.unknownContext", obj));
}
Thread currentThread = Thread.currentThread();
threadBindings.put(currentThread, context);
@@ -169,28 +164,24 @@
*
* @return The naming context bound to the current thread.
*
- * @throws NamingException If no naming context is bound to the current
- * thread
+ * @throws NamingException If no naming context is bound to the current thread
*/
public static Context getThread() throws NamingException {
Context context = threadBindings.get(Thread.currentThread());
if (context == null) {
- throw new NamingException
- (sm.getString("contextBindings.noContextBoundToThread"));
+ throw new NamingException(sm.getString("contextBindings.noContextBoundToThread"));
}
return context;
}
/**
- * Retrieves the name of the object bound to the naming context that is also
- * bound to the current thread.
+ * Retrieves the name of the object bound to the naming context that is also bound to the current thread.
*/
static String getThreadName() throws NamingException {
Object obj = threadObjectBindings.get(Thread.currentThread());
if (obj == null) {
- throw new NamingException
- (sm.getString("contextBindings.noContextBoundToThread"));
+ throw new NamingException(sm.getString("contextBindings.noContextBoundToThread"));
}
return obj.toString();
}
@@ -199,8 +190,7 @@
/**
* Tests if current thread is bound to a naming context.
*
- * @return true if the current thread is bound to a naming
- * context, otherwise false
+ * @return true if the current thread is bound to a naming context, otherwise false
*/
public static boolean isThreadBound() {
return threadBindings.containsKey(Thread.currentThread());
@@ -210,20 +200,17 @@
/**
* Binds a naming context to a class loader.
*
- * @param obj Object bound to the required naming context
- * @param token Security token
- * @param classLoader The class loader to bind to the naming context
+ * @param obj Object bound to the required naming context
+ * @param token Security token
+ * @param classLoader The class loader to bind to the naming context
*
- * @throws NamingException If no naming context is bound to the provided
- * object
+ * @throws NamingException If no naming context is bound to the provided object
*/
- public static void bindClassLoader(Object obj, Object token,
- ClassLoader classLoader) throws NamingException {
+ public static void bindClassLoader(Object obj, Object token, ClassLoader classLoader) throws NamingException {
if (ContextAccessController.checkSecurityToken(obj, token)) {
Context context = objectBindings.get(obj);
if (context == null) {
- throw new NamingException
- (sm.getString("contextBindings.unknownContext", obj));
+ throw new NamingException(sm.getString("contextBindings.unknownContext", obj));
}
clBindings.put(classLoader, context);
clObjectBindings.put(classLoader, obj);
@@ -234,12 +221,11 @@
/**
* Unbinds a naming context and a class loader.
*
- * @param obj Object bound to the required naming context
- * @param token Security token
- * @param classLoader The class loader bound to the naming context
+ * @param obj Object bound to the required naming context
+ * @param token Security token
+ * @param classLoader The class loader bound to the naming context
*/
- public static void unbindClassLoader(Object obj, Object token,
- ClassLoader classLoader) {
+ public static void unbindClassLoader(Object obj, Object token, ClassLoader classLoader) {
if (ContextAccessController.checkSecurityToken(obj, token)) {
Object o = clObjectBindings.get(classLoader);
if (o == null || !o.equals(obj)) {
@@ -254,8 +240,7 @@
/**
* Retrieves the naming context bound to a class loader.
*
- * @return the naming context bound to current class loader or one of its
- * parents
+ * @return the naming context bound to current class loader or one of its parents
*
* @throws NamingException If no naming context was bound
*/
@@ -273,8 +258,8 @@
/**
- * Retrieves the name of the object bound to the naming context that is also
- * bound to the thread context class loader.
+ * Retrieves the name of the object bound to the naming context that is also bound to the thread context class
+ * loader.
*/
static String getClassLoaderName() throws NamingException {
ClassLoader cl = Thread.currentThread().getContextClassLoader();
@@ -285,16 +270,15 @@
return obj.toString();
}
} while ((cl = cl.getParent()) != null);
- throw new NamingException (sm.getString("contextBindings.noContextBoundToCL"));
+ throw new NamingException(sm.getString("contextBindings.noContextBoundToCL"));
}
/**
* Tests if the thread context class loader is bound to a context.
*
- * @return true if the thread context class loader or one of
- * its parents is bound to a naming context, otherwise
- * false
+ * @return true if the thread context class loader or one of its parents is bound to a naming context,
+ * otherwise false
*/
public static boolean isClassLoaderBound() {
ClassLoader cl = Thread.currentThread().getContextClassLoader();
diff -Nru tomcat10-10.1.40/java/org/apache/naming/EjbRef.java tomcat10-10.1.52/java/org/apache/naming/EjbRef.java
--- tomcat10-10.1.40/java/org/apache/naming/EjbRef.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/EjbRef.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
/**
* Represents a reference address to an EJB.
- *
- * @author Remy Maucherat
*/
public class EjbRef extends AbstractRef {
@@ -31,8 +29,7 @@
/**
* Default factory for this reference.
*/
- public static final String DEFAULT_FACTORY =
- org.apache.naming.factory.Constants.DEFAULT_EJB_FACTORY;
+ public static final String DEFAULT_FACTORY = org.apache.naming.factory.Constants.DEFAULT_EJB_FACTORY;
/**
@@ -57,9 +54,9 @@
* EJB Reference.
*
* @param ejbType EJB type
- * @param home Home interface classname
- * @param remote Remote interface classname
- * @param link EJB link
+ * @param home Home interface classname
+ * @param remote Remote interface classname
+ * @param link EJB link
*/
public EjbRef(String ejbType, String home, String remote, String link) {
this(ejbType, home, remote, link, null, null);
@@ -69,16 +66,14 @@
/**
* EJB Reference.
*
- * @param ejbType EJB type
- * @param home Home interface classname
- * @param remote Remote interface classname
- * @param link EJB link
- * @param factory The possibly null class name of the object's factory.
- * @param factoryLocation The possibly null location from which to load
- * the factory (e.g. URL)
+ * @param ejbType EJB type
+ * @param home Home interface classname
+ * @param remote Remote interface classname
+ * @param link EJB link
+ * @param factory The possibly null class name of the object's factory.
+ * @param factoryLocation The possibly null location from which to load the factory (e.g. URL)
*/
- public EjbRef(String ejbType, String home, String remote, String link,
- String factory, String factoryLocation) {
+ public EjbRef(String ejbType, String home, String remote, String link, String factory, String factoryLocation) {
super(home, factory, factoryLocation);
StringRefAddr refAddr;
if (ejbType != null) {
diff -Nru tomcat10-10.1.40/java/org/apache/naming/HandlerRef.java tomcat10-10.1.52/java/org/apache/naming/HandlerRef.java
--- tomcat10-10.1.40/java/org/apache/naming/HandlerRef.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/HandlerRef.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
/**
* Represents a reference handler for a web service.
- *
- * @author Fabien Carrion
*/
public class HandlerRef extends AbstractRef {
@@ -31,56 +29,55 @@
/**
* Default factory for this reference.
*/
- public static final String DEFAULT_FACTORY =
- org.apache.naming.factory.Constants.DEFAULT_HANDLER_FACTORY;
+ public static final String DEFAULT_FACTORY = org.apache.naming.factory.Constants.DEFAULT_HANDLER_FACTORY;
/**
* HandlerName address type.
*/
- public static final String HANDLER_NAME = "handlername";
+ public static final String HANDLER_NAME = "handlername";
/**
* Handler Classname address type.
*/
- public static final String HANDLER_CLASS = "handlerclass";
+ public static final String HANDLER_CLASS = "handlerclass";
/**
* Handler Classname address type.
*/
- public static final String HANDLER_LOCALPART = "handlerlocalpart";
+ public static final String HANDLER_LOCALPART = "handlerlocalpart";
/**
* Handler Classname address type.
*/
- public static final String HANDLER_NAMESPACE = "handlernamespace";
+ public static final String HANDLER_NAMESPACE = "handlernamespace";
/**
* Handler Classname address type.
*/
- public static final String HANDLER_PARAMNAME = "handlerparamname";
+ public static final String HANDLER_PARAMNAME = "handlerparamname";
/**
* Handler Classname address type.
*/
- public static final String HANDLER_PARAMVALUE = "handlerparamvalue";
+ public static final String HANDLER_PARAMVALUE = "handlerparamvalue";
/**
* Handler SoapRole address type.
*/
- public static final String HANDLER_SOAPROLE = "handlersoaprole";
+ public static final String HANDLER_SOAPROLE = "handlersoaprole";
/**
* Handler PortName address type.
*/
- public static final String HANDLER_PORTNAME = "handlerportname";
+ public static final String HANDLER_PORTNAME = "handlerportname";
public HandlerRef(String refname, String handlerClass) {
@@ -88,8 +85,7 @@
}
- public HandlerRef(String refname, String handlerClass,
- String factory, String factoryLocation) {
+ public HandlerRef(String refname, String handlerClass, String factory, String factoryLocation) {
super(refname, factory, factoryLocation);
StringRefAddr refAddr;
if (refname != null) {
diff -Nru tomcat10-10.1.40/java/org/apache/naming/LocalStrings.properties tomcat10-10.1.52/java/org/apache/naming/LocalStrings.properties
--- tomcat10-10.1.40/java/org/apache/naming/LocalStrings.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/LocalStrings.properties 2026-01-23 19:33:36.000000000 +0000
@@ -21,8 +21,8 @@
contextBindings.unknownContext=Unknown context name : [{0}]
namingContext.alreadyBound=Name [{0}] is already bound in this Context
-namingContext.contextExpected=Name is not bound to a Context
-namingContext.failResolvingReference=Unexpected exception resolving reference
+namingContext.contextExpected=Name [{0}] is not bound to a Context
+namingContext.failResolvingReference=Unexpected exception resolving reference with name [{0}]
namingContext.invalidName=Name is not valid
namingContext.nameNotBound=Name [{0}] is not bound in this Context. Unable to find [{1}].
namingContext.noAbsoluteName=Cannot generate an absolute name for this namespace
diff -Nru tomcat10-10.1.40/java/org/apache/naming/LocalStrings_cs.properties tomcat10-10.1.52/java/org/apache/naming/LocalStrings_cs.properties
--- tomcat10-10.1.40/java/org/apache/naming/LocalStrings_cs.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/LocalStrings_cs.properties 2026-01-23 19:33:36.000000000 +0000
@@ -16,4 +16,3 @@
# Do not edit this file directly.
# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
-namingContext.contextExpected=Jméno není svázáno s kontextem
diff -Nru tomcat10-10.1.40/java/org/apache/naming/LocalStrings_de.properties tomcat10-10.1.52/java/org/apache/naming/LocalStrings_de.properties
--- tomcat10-10.1.40/java/org/apache/naming/LocalStrings_de.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/LocalStrings_de.properties 2026-01-23 19:33:36.000000000 +0000
@@ -18,7 +18,5 @@
contextBindings.unknownContext=Unbekannter Kontext-Name: [{0}]
-namingContext.contextExpected=Ein Name ist nicht an den Context gebunden
-
selectorContext.methodUsingName=Aufruf der Methode [{0}] mit Namen [{1}]
selectorContext.noJavaUrl=Auf diesen Kontext muss durch eine java:-URL zugegriffen werden
diff -Nru tomcat10-10.1.40/java/org/apache/naming/LocalStrings_es.properties tomcat10-10.1.52/java/org/apache/naming/LocalStrings_es.properties
--- tomcat10-10.1.40/java/org/apache/naming/LocalStrings_es.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/LocalStrings_es.properties 2026-01-23 19:33:36.000000000 +0000
@@ -21,8 +21,7 @@
contextBindings.unknownContext=Contexto [{0}] desconocido
namingContext.alreadyBound=El nombre [{0}] este ya asociado en este Contexto
-namingContext.contextExpected=El nombre no esta asociado a ningun Contexto
-namingContext.failResolvingReference=Excepción inesperada resolviendo referencia
+namingContext.contextExpected=El nombre [{0}] no está vinculado a un Contexto
namingContext.invalidName=Nombre no valido
namingContext.nameNotBound=El nombre [{0}] no este asociado a este contexto
namingContext.noAbsoluteName=No se puede generar un nombre absoluto para este espacio de nombres
diff -Nru tomcat10-10.1.40/java/org/apache/naming/LocalStrings_fr.properties tomcat10-10.1.52/java/org/apache/naming/LocalStrings_fr.properties
--- tomcat10-10.1.40/java/org/apache/naming/LocalStrings_fr.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/LocalStrings_fr.properties 2026-01-23 19:33:36.000000000 +0000
@@ -21,8 +21,8 @@
contextBindings.unknownContext=Nom de Contexte inconnu : [{0}]
namingContext.alreadyBound=Le Nom [{0}] est déjà lié à ce Contexte
-namingContext.contextExpected=Le Nom n'est pas lié à un Contexte
-namingContext.failResolvingReference=Une erreur s est produite durant la résolution de la référence
+namingContext.contextExpected=Le nom [{0}] n''est pas associé à un Context
+namingContext.failResolvingReference=Erreur inattendue lors de la résolution de la référence avec le nom [{0}]
namingContext.invalidName=Le Nom est invalide
namingContext.nameNotBound=Le Nom [{0}] n''est pas lié à ce Contexte
namingContext.noAbsoluteName=Impossible de générer un nom absolu pour cet espace de nommage (namespace)
diff -Nru tomcat10-10.1.40/java/org/apache/naming/LocalStrings_ja.properties tomcat10-10.1.52/java/org/apache/naming/LocalStrings_ja.properties
--- tomcat10-10.1.40/java/org/apache/naming/LocalStrings_ja.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/LocalStrings_ja.properties 2026-01-23 19:33:36.000000000 +0000
@@ -21,8 +21,8 @@
contextBindings.unknownContext=未知のコンテキスト名です: [{0}]
namingContext.alreadyBound=名前 [{0}] は既にこのコンテキストにバインドされています
-namingContext.contextExpected=名前がコンテキストにバインドされていません
-namingContext.failResolvingReference=参照の解決中に予測しない例外が発生しました
+namingContext.contextExpected=名前 [{0}] はコンテキストにバインドされていません
+namingContext.failResolvingReference=名前 [{0}] の参照を解決中に予期しない例外が発生しました
namingContext.invalidName=名前は無効です
namingContext.nameNotBound=名前 [{0}] はこのコンテキストにバインドされていません
namingContext.noAbsoluteName=この名前空間に絶対名を生成できません
diff -Nru tomcat10-10.1.40/java/org/apache/naming/LocalStrings_ko.properties tomcat10-10.1.52/java/org/apache/naming/LocalStrings_ko.properties
--- tomcat10-10.1.40/java/org/apache/naming/LocalStrings_ko.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/LocalStrings_ko.properties 2026-01-23 19:33:36.000000000 +0000
@@ -21,8 +21,6 @@
contextBindings.unknownContext=알 수 없는 컨텍스트 이름: [{0}]
namingContext.alreadyBound=Name [{0}]이(가) 이미 이 컨텍스트에 바인딩 되어 있습니다.
-namingContext.contextExpected=Name이 컨텍스트에 바인딩 되지 않았습니다.
-namingContext.failResolvingReference=참조를 결정하는 중 예기치 않은 예외 발생
namingContext.invalidName=Name이 유효하지 않습니다.
namingContext.nameNotBound=Name [{0}]은(는) 이 컨텍스트에 바인딩되지 않았습니다. [{1}]을(를) 찾을 수 없습니다.
namingContext.noAbsoluteName=이 네임스페이스를 위한 절대 이름을 생성할 수 없습니다.
diff -Nru tomcat10-10.1.40/java/org/apache/naming/LocalStrings_ru.properties tomcat10-10.1.52/java/org/apache/naming/LocalStrings_ru.properties
--- tomcat10-10.1.40/java/org/apache/naming/LocalStrings_ru.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/LocalStrings_ru.properties 2026-01-23 19:33:36.000000000 +0000
@@ -16,7 +16,5 @@
# Do not edit this file directly.
# To edit translations see: https://tomcat.apache.org/getinvolved.html#Translations
-namingContext.contextExpected=Имя не привязано к контексту
-
selectorContext.methodUsingName=Вызов метода [{0}] с именем [{1}]
selectorContext.methodUsingString=Вызов метода [{0}] для строки [{1}]
diff -Nru tomcat10-10.1.40/java/org/apache/naming/LocalStrings_zh_CN.properties tomcat10-10.1.52/java/org/apache/naming/LocalStrings_zh_CN.properties
--- tomcat10-10.1.40/java/org/apache/naming/LocalStrings_zh_CN.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/LocalStrings_zh_CN.properties 2026-01-23 19:33:36.000000000 +0000
@@ -21,8 +21,7 @@
contextBindings.unknownContext=未知.上下文名:[{0}]
namingContext.alreadyBound=名称[{0}]已在此上下文中绑定
-namingContext.contextExpected=上下文Context未绑定名称name
-namingContext.failResolvingReference=解析引用时意外异常
+namingContext.contextExpected=名称 [{0}] 未被绑定到一个域
namingContext.invalidName=名称无效
namingContext.nameNotBound=名称[{0}]未在此上下文中绑定。找不到[{1}]。
namingContext.noAbsoluteName=无法为此命名空间生成绝对名称
diff -Nru tomcat10-10.1.40/java/org/apache/naming/NameParserImpl.java tomcat10-10.1.52/java/org/apache/naming/NameParserImpl.java
--- tomcat10-10.1.40/java/org/apache/naming/NameParserImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/NameParserImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,19 +23,15 @@
/**
* Parses names.
- *
- * @author Remy Maucherat
*/
-public class NameParserImpl
- implements NameParser {
+public class NameParserImpl implements NameParser {
// ----------------------------------------------------- NameParser Methods
@Override
- public Name parse(String name)
- throws NamingException {
+ public Name parse(String name) throws NamingException {
return new CompositeName(name);
}
diff -Nru tomcat10-10.1.40/java/org/apache/naming/NamingContext.java tomcat10-10.1.52/java/org/apache/naming/NamingContext.java
--- tomcat10-10.1.40/java/org/apache/naming/NamingContext.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/NamingContext.java 2026-01-23 19:33:36.000000000 +0000
@@ -44,8 +44,6 @@
/**
* Catalina JNDI Context implementation.
- *
- * @author Remy Maucherat
*/
public class NamingContext implements Context {
@@ -68,7 +66,7 @@
/**
* Builds a naming context.
*
- * @param env The environment to use to construct the naming context
+ * @param env The environment to use to construct the naming context
* @param name The name of the associated Catalina Context
*/
public NamingContext(Hashtable env, String name) {
@@ -79,17 +77,16 @@
/**
* Builds a naming context.
*
- * @param env The environment to use to construct the naming context
- * @param name The name of the associated Catalina Context
+ * @param env The environment to use to construct the naming context
+ * @param name The name of the associated Catalina Context
* @param bindings The initial bindings for the naming context
*/
- public NamingContext(Hashtable env, String name,
- HashMap bindings) {
+ public NamingContext(Hashtable env, String name, HashMap bindings) {
this.env = new Hashtable<>();
this.name = name;
// Populating the environment hashtable
- if (env != null ) {
+ if (env != null) {
Enumeration envEntries = env.keys();
while (envEntries.hasMoreElements()) {
String entryName = envEntries.nextElement();
@@ -128,13 +125,14 @@
/**
- * Determines if an attempt to write to a read-only context results in an
- * exception or if the request is ignored.
+ * Determines if an attempt to write to a read-only context results in an exception or if the request is ignored.
*/
private boolean exceptionOnFailedWrite = true;
+
public boolean getExceptionOnFailedWrite() {
return exceptionOnFailedWrite;
}
+
public void setExceptionOnFailedWrite(boolean exceptionOnFailedWrite) {
this.exceptionOnFailedWrite = exceptionOnFailedWrite;
}
@@ -143,43 +141,37 @@
// -------------------------------------------------------- Context Methods
@Override
- public Object lookup(Name name)
- throws NamingException {
+ public Object lookup(Name name) throws NamingException {
return lookup(name, true);
}
@Override
- public Object lookup(String name)
- throws NamingException {
+ public Object lookup(String name) throws NamingException {
return lookup(new CompositeName(name), true);
}
@Override
- public void bind(Name name, Object obj)
- throws NamingException {
+ public void bind(Name name, Object obj) throws NamingException {
bind(name, obj, false);
}
@Override
- public void bind(String name, Object obj)
- throws NamingException {
+ public void bind(String name, Object obj) throws NamingException {
bind(new CompositeName(name), obj);
}
@Override
- public void rebind(Name name, Object obj)
- throws NamingException {
+ public void rebind(Name name, Object obj) throws NamingException {
bind(name, obj, true);
}
@Override
- public void rebind(String name, Object obj)
- throws NamingException {
+ public void rebind(String name, Object obj) throws NamingException {
rebind(new CompositeName(name), obj);
}
@@ -195,23 +187,20 @@
name = name.getSuffix(1);
}
if (name.isEmpty()) {
- throw new NamingException
- (sm.getString("namingContext.invalidName"));
+ throw new NamingException(sm.getString("namingContext.invalidName"));
}
NamingEntry entry = bindings.get(name.get(0));
if (entry == null) {
- throw new NameNotFoundException
- (sm.getString("namingContext.nameNotBound", name, name.get(0)));
+ throw new NameNotFoundException(sm.getString("namingContext.nameNotBound", name, name.get(0)));
}
if (name.size() > 1) {
if (entry.type == NamingEntry.CONTEXT) {
((Context) entry.value).unbind(name.getSuffix(1));
} else {
- throw new NamingException
- (sm.getString("namingContext.contextExpected"));
+ throw new NamingException(sm.getString("namingContext.contextExpected", name.get(0)));
}
} else {
bindings.remove(name.get(0));
@@ -221,15 +210,13 @@
@Override
- public void unbind(String name)
- throws NamingException {
+ public void unbind(String name) throws NamingException {
unbind(new CompositeName(name));
}
@Override
- public void rename(Name oldName, Name newName)
- throws NamingException {
+ public void rename(Name oldName, Name newName) throws NamingException {
Object value = lookup(oldName);
bind(newName, value);
unbind(oldName);
@@ -237,15 +224,13 @@
@Override
- public void rename(String oldName, String newName)
- throws NamingException {
+ public void rename(String oldName, String newName) throws NamingException {
rename(new CompositeName(oldName), new CompositeName(newName));
}
@Override
- public NamingEnumeration list(Name name)
- throws NamingException {
+ public NamingEnumeration list(Name name) throws NamingException {
// Removing empty parts
while ((!name.isEmpty()) && (name.get(0).isEmpty())) {
name = name.getSuffix(1);
@@ -257,28 +242,24 @@
NamingEntry entry = bindings.get(name.get(0));
if (entry == null) {
- throw new NameNotFoundException
- (sm.getString("namingContext.nameNotBound", name, name.get(0)));
+ throw new NameNotFoundException(sm.getString("namingContext.nameNotBound", name, name.get(0)));
}
if (entry.type != NamingEntry.CONTEXT) {
- throw new NamingException
- (sm.getString("namingContext.contextExpected"));
+ throw new NamingException(sm.getString("namingContext.contextExpected", name.get(0)));
}
return ((Context) entry.value).list(name.getSuffix(1));
}
@Override
- public NamingEnumeration list(String name)
- throws NamingException {
+ public NamingEnumeration list(String name) throws NamingException {
return list(new CompositeName(name));
}
@Override
- public NamingEnumeration listBindings(Name name)
- throws NamingException {
+ public NamingEnumeration listBindings(Name name) throws NamingException {
// Removing empty parts
while ((!name.isEmpty()) && (name.get(0).isEmpty())) {
name = name.getSuffix(1);
@@ -290,21 +271,18 @@
NamingEntry entry = bindings.get(name.get(0));
if (entry == null) {
- throw new NameNotFoundException
- (sm.getString("namingContext.nameNotBound", name, name.get(0)));
+ throw new NameNotFoundException(sm.getString("namingContext.nameNotBound", name, name.get(0)));
}
if (entry.type != NamingEntry.CONTEXT) {
- throw new NamingException
- (sm.getString("namingContext.contextExpected"));
+ throw new NamingException(sm.getString("namingContext.contextExpected", name.get(0)));
}
return ((Context) entry.value).listBindings(name.getSuffix(1));
}
@Override
- public NamingEnumeration listBindings(String name)
- throws NamingException {
+ public NamingEnumeration listBindings(String name) throws NamingException {
return listBindings(new CompositeName(name));
}
@@ -320,31 +298,27 @@
name = name.getSuffix(1);
}
if (name.isEmpty()) {
- throw new NamingException
- (sm.getString("namingContext.invalidName"));
+ throw new NamingException(sm.getString("namingContext.invalidName"));
}
NamingEntry entry = bindings.get(name.get(0));
if (entry == null) {
- throw new NameNotFoundException
- (sm.getString("namingContext.nameNotBound", name, name.get(0)));
+ throw new NameNotFoundException(sm.getString("namingContext.nameNotBound", name, name.get(0)));
}
if (name.size() > 1) {
if (entry.type == NamingEntry.CONTEXT) {
((Context) entry.value).destroySubcontext(name.getSuffix(1));
} else {
- throw new NamingException
- (sm.getString("namingContext.contextExpected"));
+ throw new NamingException(sm.getString("namingContext.contextExpected", name.get(0)));
}
} else {
if (entry.type == NamingEntry.CONTEXT) {
((Context) entry.value).close();
bindings.remove(name.get(0));
} else {
- throw new NotContextException
- (sm.getString("namingContext.contextExpected"));
+ throw new NotContextException(sm.getString("namingContext.contextExpected", name.get(0)));
}
}
@@ -352,8 +326,7 @@
@Override
- public void destroySubcontext(String name)
- throws NamingException {
+ public void destroySubcontext(String name) throws NamingException {
destroySubcontext(new CompositeName(name));
}
@@ -374,29 +347,25 @@
@Override
- public Context createSubcontext(String name)
- throws NamingException {
+ public Context createSubcontext(String name) throws NamingException {
return createSubcontext(new CompositeName(name));
}
@Override
- public Object lookupLink(Name name)
- throws NamingException {
+ public Object lookupLink(Name name) throws NamingException {
return lookup(name, false);
}
@Override
- public Object lookupLink(String name)
- throws NamingException {
+ public Object lookupLink(String name) throws NamingException {
return lookup(new CompositeName(name), false);
}
@Override
- public NameParser getNameParser(Name name)
- throws NamingException {
+ public NameParser getNameParser(Name name) throws NamingException {
while ((!name.isEmpty()) && (name.get(0).isEmpty())) {
name = name.getSuffix(1);
@@ -410,8 +379,7 @@
if (obj instanceof Context) {
return ((Context) obj).getNameParser(name.getSuffix(1));
} else {
- throw new NotContextException
- (sm.getString("namingContext.contextExpected"));
+ throw new NotContextException(sm.getString("namingContext.contextExpected", name.get(0)));
}
}
@@ -421,8 +389,7 @@
@Override
- public NameParser getNameParser(String name)
- throws NamingException {
+ public NameParser getNameParser(String name) throws NamingException {
return getNameParser(new CompositeName(name));
}
@@ -447,7 +414,7 @@
@Override
- public Object removeFromEnvironment(String propName){
+ public Object removeFromEnvironment(String propName) {
return env.remove(propName);
}
@@ -468,10 +435,8 @@
@Override
- public String getNameInNamespace()
- throws NamingException {
- throw new OperationNotSupportedException
- (sm.getString("namingContext.noAbsoluteName"));
+ public String getNameInNamespace() throws NamingException {
+ throw new OperationNotSupportedException(sm.getString("namingContext.noAbsoluteName"));
}
@@ -496,13 +461,14 @@
/**
* Retrieves the named object.
*
- * @param name the name of the object to look up
+ * @param name the name of the object to look up
* @param resolveLinks If true, the links will be resolved
+ *
* @return the object bound to name
+ *
* @exception NamingException if a naming exception is encountered
*/
- protected Object lookup(Name name, boolean resolveLinks)
- throws NamingException {
+ protected Object lookup(Name name, boolean resolveLinks) throws NamingException {
// Removing empty parts
while ((!name.isEmpty()) && (name.get(0).isEmpty())) {
@@ -516,16 +482,14 @@
NamingEntry entry = bindings.get(name.get(0));
if (entry == null) {
- throw new NameNotFoundException
- (sm.getString("namingContext.nameNotBound", name, name.get(0)));
+ throw new NameNotFoundException(sm.getString("namingContext.nameNotBound", name, name.get(0)));
}
if (name.size() > 1) {
// If the size of the name is greater than 1, then we go through a
// number of sub contexts.
if (entry.type != NamingEntry.CONTEXT) {
- throw new NamingException
- (sm.getString("namingContext.contextExpected"));
+ throw new NamingException(sm.getString("namingContext.contextExpected", name.get(0)));
}
return ((Context) entry.value).lookup(name.getSuffix(1));
} else {
@@ -556,21 +520,20 @@
}
if (entry.value instanceof ResourceRef) {
boolean singleton = Boolean.parseBoolean(
- (String) ((ResourceRef) entry.value).get(
- ResourceRef.SINGLETON).getContent());
+ (String) ((ResourceRef) entry.value).get(ResourceRef.SINGLETON).getContent());
if (singleton) {
entry.type = NamingEntry.ENTRY;
entry.value = obj;
}
}
if (obj == null) {
- throw new NamingException(sm.getString("namingContext.failResolvingReference"));
+ throw new NamingException(sm.getString("namingContext.failResolvingReference", name));
}
return obj;
} catch (NamingException e) {
throw e;
} catch (Exception e) {
- String msg = sm.getString("namingContext.failResolvingReference");
+ String msg = sm.getString("namingContext.failResolvingReference", name);
log.warn(msg, e);
NamingException ne = new NamingException(msg);
ne.initCause(e);
@@ -585,20 +548,18 @@
/**
- * Binds a name to an object. All intermediate contexts and the target
- * context (that named by all but terminal atomic component of the name)
- * must already exist.
+ * Binds a name to an object. All intermediate contexts and the target context (that named by all but terminal
+ * atomic component of the name) must already exist.
*
- * @param name the name to bind; may not be empty
- * @param obj the object to bind; possibly null
+ * @param name the name to bind; may not be empty
+ * @param obj the object to bind; possibly null
* @param rebind if true, then perform a rebind (ie, overwrite)
- * @exception NameAlreadyBoundException if name is already bound
- * @exception javax.naming.directory.InvalidAttributesException if object
- * did not supply all mandatory attributes
- * @exception NamingException if a naming exception is encountered
+ *
+ * @exception NameAlreadyBoundException if name is already bound
+ * @exception javax.naming.directory.InvalidAttributesException if object did not supply all mandatory attributes
+ * @exception NamingException if a naming exception is encountered
*/
- protected void bind(Name name, Object obj, boolean rebind)
- throws NamingException {
+ protected void bind(Name name, Object obj, boolean rebind) throws NamingException {
if (!checkWritable()) {
return;
@@ -608,16 +569,14 @@
name = name.getSuffix(1);
}
if (name.isEmpty()) {
- throw new NamingException
- (sm.getString("namingContext.invalidName"));
+ throw new NamingException(sm.getString("namingContext.invalidName"));
}
NamingEntry entry = bindings.get(name.get(0));
if (name.size() > 1) {
if (entry == null) {
- throw new NameNotFoundException(sm.getString(
- "namingContext.nameNotBound", name, name.get(0)));
+ throw new NameNotFoundException(sm.getString("namingContext.nameNotBound", name, name.get(0)));
}
if (entry.type == NamingEntry.CONTEXT) {
if (rebind) {
@@ -626,34 +585,26 @@
((Context) entry.value).bind(name.getSuffix(1), obj);
}
} else {
- throw new NamingException
- (sm.getString("namingContext.contextExpected"));
+ throw new NamingException(sm.getString("namingContext.contextExpected", name.get(0)));
}
} else {
if ((!rebind) && (entry != null)) {
- throw new NameAlreadyBoundException
- (sm.getString("namingContext.alreadyBound", name.get(0)));
+ throw new NameAlreadyBoundException(sm.getString("namingContext.alreadyBound", name.get(0)));
} else {
// Getting the type of the object and wrapping it within a new
// NamingEntry
- Object toBind =
- NamingManager.getStateToBind(obj, name, this, env);
+ Object toBind = NamingManager.getStateToBind(obj, name, this, env);
if (toBind instanceof Context) {
- entry = new NamingEntry(name.get(0), toBind,
- NamingEntry.CONTEXT);
+ entry = new NamingEntry(name.get(0), toBind, NamingEntry.CONTEXT);
} else if (toBind instanceof LinkRef) {
- entry = new NamingEntry(name.get(0), toBind,
- NamingEntry.LINK_REF);
+ entry = new NamingEntry(name.get(0), toBind, NamingEntry.LINK_REF);
} else if (toBind instanceof Reference) {
- entry = new NamingEntry(name.get(0), toBind,
- NamingEntry.REFERENCE);
+ entry = new NamingEntry(name.get(0), toBind, NamingEntry.REFERENCE);
} else if (toBind instanceof Referenceable) {
toBind = ((Referenceable) toBind).getReference();
- entry = new NamingEntry(name.get(0), toBind,
- NamingEntry.REFERENCE);
+ entry = new NamingEntry(name.get(0), toBind, NamingEntry.REFERENCE);
} else {
- entry = new NamingEntry(name.get(0), toBind,
- NamingEntry.ENTRY);
+ entry = new NamingEntry(name.get(0), toBind, NamingEntry.ENTRY);
}
bindings.put(name.get(0), entry);
}
@@ -672,9 +623,11 @@
/**
* Throws a naming exception is Context is not writable.
+ *
* @return true if the Context is writable
- * @throws NamingException if the Context is not writable and
- * exceptionOnFailedWrite is true
+ *
+ * @throws NamingException if the Context is not writable and exceptionOnFailedWrite is
+ * true
*/
protected boolean checkWritable() throws NamingException {
if (isWritable()) {
diff -Nru tomcat10-10.1.40/java/org/apache/naming/NamingContextBindingsEnumeration.java tomcat10-10.1.52/java/org/apache/naming/NamingContextBindingsEnumeration.java
--- tomcat10-10.1.40/java/org/apache/naming/NamingContextBindingsEnumeration.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/NamingContextBindingsEnumeration.java 2026-01-23 19:33:36.000000000 +0000
@@ -26,18 +26,14 @@
/**
* Naming enumeration implementation.
- *
- * @author Remy Maucherat
*/
-public class NamingContextBindingsEnumeration
- implements NamingEnumeration {
+public class NamingContextBindingsEnumeration implements NamingEnumeration {
// ----------------------------------------------------------- Constructors
- public NamingContextBindingsEnumeration(Iterator entries,
- Context ctx) {
+ public NamingContextBindingsEnumeration(Iterator entries, Context ctx) {
iterator = entries;
this.ctx = ctx;
}
@@ -61,22 +57,19 @@
@Override
- public Binding next()
- throws NamingException {
+ public Binding next() throws NamingException {
return nextElementInternal();
}
@Override
- public boolean hasMore()
- throws NamingException {
+ public boolean hasMore() throws NamingException {
return iterator.hasNext();
}
@Override
- public void close()
- throws NamingException {
+ public void close() throws NamingException {
}
@@ -100,8 +93,7 @@
Object value;
// If the entry is a reference, resolve it
- if (entry.type == NamingEntry.REFERENCE
- || entry.type == NamingEntry.LINK_REF) {
+ if (entry.type == NamingEntry.REFERENCE || entry.type == NamingEntry.LINK_REF) {
try {
value = ctx.lookup(new CompositeName(entry.name));
} catch (NamingException e) {
diff -Nru tomcat10-10.1.40/java/org/apache/naming/NamingContextEnumeration.java tomcat10-10.1.52/java/org/apache/naming/NamingContextEnumeration.java
--- tomcat10-10.1.40/java/org/apache/naming/NamingContextEnumeration.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/NamingContextEnumeration.java 2026-01-23 19:33:36.000000000 +0000
@@ -24,11 +24,8 @@
/**
* Naming enumeration implementation.
- *
- * @author Remy Maucherat
*/
-public class NamingContextEnumeration
- implements NamingEnumeration {
+public class NamingContextEnumeration implements NamingEnumeration {
// ----------------------------------------------------------- Constructors
@@ -52,22 +49,19 @@
@Override
- public NameClassPair next()
- throws NamingException {
+ public NameClassPair next() throws NamingException {
return nextElement();
}
@Override
- public boolean hasMore()
- throws NamingException {
+ public boolean hasMore() throws NamingException {
return iterator.hasNext();
}
@Override
- public void close()
- throws NamingException {
+ public void close() throws NamingException {
}
diff -Nru tomcat10-10.1.40/java/org/apache/naming/NamingEntry.java tomcat10-10.1.52/java/org/apache/naming/NamingEntry.java
--- tomcat10-10.1.40/java/org/apache/naming/NamingEntry.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/NamingEntry.java 2026-01-23 19:33:36.000000000 +0000
@@ -19,8 +19,6 @@
/**
* Represents a binding in a NamingContext.
- *
- * @author Remy Maucherat
*/
public class NamingEntry {
@@ -38,8 +36,7 @@
/**
- * The type instance variable is used to avoid using RTTI when doing
- * lookups.
+ * The type instance variable is used to avoid using RTTI when doing lookups.
*/
public int type;
public final String name;
diff -Nru tomcat10-10.1.40/java/org/apache/naming/ResourceEnvRef.java tomcat10-10.1.52/java/org/apache/naming/ResourceEnvRef.java
--- tomcat10-10.1.40/java/org/apache/naming/ResourceEnvRef.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/ResourceEnvRef.java 2026-01-23 19:33:36.000000000 +0000
@@ -18,8 +18,6 @@
/**
* Represents a reference address to a resource environment.
- *
- * @author Remy Maucherat
*/
public class ResourceEnvRef extends AbstractRef {
@@ -29,8 +27,7 @@
/**
* Default factory for this reference.
*/
- public static final String DEFAULT_FACTORY =
- org.apache.naming.factory.Constants.DEFAULT_RESOURCE_ENV_FACTORY;
+ public static final String DEFAULT_FACTORY = org.apache.naming.factory.Constants.DEFAULT_RESOURCE_ENV_FACTORY;
/**
diff -Nru tomcat10-10.1.40/java/org/apache/naming/ResourceLinkRef.java tomcat10-10.1.52/java/org/apache/naming/ResourceLinkRef.java
--- tomcat10-10.1.40/java/org/apache/naming/ResourceLinkRef.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/ResourceLinkRef.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
/**
* Represents a reference address to a resource.
- *
- * @author Remy Maucherat
*/
public class ResourceLinkRef extends AbstractRef {
@@ -31,8 +29,7 @@
/**
* Default factory for this reference.
*/
- public static final String DEFAULT_FACTORY =
- org.apache.naming.factory.Constants.DEFAULT_RESOURCE_LINK_FACTORY;
+ public static final String DEFAULT_FACTORY = org.apache.naming.factory.Constants.DEFAULT_RESOURCE_LINK_FACTORY;
/**
@@ -44,14 +41,12 @@
/**
* ResourceLink Reference.
*
- * @param resourceClass Resource class
- * @param globalName Global name
- * @param factory The possibly null class name of the object's factory.
- * @param factoryLocation The possibly null location from which to load the
- * factory (e.g. URL)
+ * @param resourceClass Resource class
+ * @param globalName Global name
+ * @param factory The possibly null class name of the object's factory.
+ * @param factoryLocation The possibly null location from which to load the factory (e.g. URL)
*/
- public ResourceLinkRef(String resourceClass, String globalName,
- String factory, String factoryLocation) {
+ public ResourceLinkRef(String resourceClass, String globalName, String factory, String factoryLocation) {
super(resourceClass, factory, factoryLocation);
if (globalName != null) {
add(new StringRefAddr(GLOBALNAME, globalName));
diff -Nru tomcat10-10.1.40/java/org/apache/naming/ResourceRef.java tomcat10-10.1.52/java/org/apache/naming/ResourceRef.java
--- tomcat10-10.1.40/java/org/apache/naming/ResourceRef.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/ResourceRef.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,8 +20,6 @@
/**
* Represents a reference address to a resource.
- *
- * @author Remy Maucherat
*/
public class ResourceRef extends AbstractRef {
@@ -31,8 +29,7 @@
/**
* Default factory for this reference.
*/
- public static final String DEFAULT_FACTORY =
- org.apache.naming.factory.Constants.DEFAULT_RESOURCE_FACTORY;
+ public static final String DEFAULT_FACTORY = org.apache.naming.factory.Constants.DEFAULT_RESOURCE_FACTORY;
/**
@@ -63,14 +60,13 @@
* Resource Reference.
*
* @param resourceClass Resource class
- * @param description Description of the resource
- * @param scope Resource scope
- * @param auth Resource authentication
- * @param singleton Is this resource a singleton (every lookup should return
- * the same instance rather than a new instance)?
+ * @param description Description of the resource
+ * @param scope Resource scope
+ * @param auth Resource authentication
+ * @param singleton Is this resource a singleton (every lookup should return the same instance rather than a new
+ * instance)?
*/
- public ResourceRef(String resourceClass, String description,
- String scope, String auth, boolean singleton) {
+ public ResourceRef(String resourceClass, String description, String scope, String auth, boolean singleton) {
this(resourceClass, description, scope, auth, singleton, null, null);
}
@@ -78,19 +74,17 @@
/**
* Resource Reference.
*
- * @param resourceClass Resource class
- * @param description Description of the resource
- * @param scope Resource scope
- * @param auth Resource authentication
- * @param singleton Is this resource a singleton (every lookup should return
- * the same instance rather than a new instance)?
- * @param factory The possibly null class name of the object's factory.
- * @param factoryLocation The possibly null location from which to load the
- * factory (e.g. URL)
- */
- public ResourceRef(String resourceClass, String description,
- String scope, String auth, boolean singleton,
- String factory, String factoryLocation) {
+ * @param resourceClass Resource class
+ * @param description Description of the resource
+ * @param scope Resource scope
+ * @param auth Resource authentication
+ * @param singleton Is this resource a singleton (every lookup should return the same instance rather than a
+ * new instance)?
+ * @param factory The possibly null class name of the object's factory.
+ * @param factoryLocation The possibly null location from which to load the factory (e.g. URL)
+ */
+ public ResourceRef(String resourceClass, String description, String scope, String auth, boolean singleton,
+ String factory, String factoryLocation) {
super(resourceClass, factory, factoryLocation);
StringRefAddr refAddr;
if (description != null) {
diff -Nru tomcat10-10.1.40/java/org/apache/naming/SelectorContext.java tomcat10-10.1.52/java/org/apache/naming/SelectorContext.java
--- tomcat10-10.1.40/java/org/apache/naming/SelectorContext.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/SelectorContext.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,8 +31,6 @@
/**
* Catalina JNDI Context implementation.
- *
- * @author Remy Maucherat
*/
public class SelectorContext implements Context {
@@ -65,6 +63,7 @@
/**
* Builds a Catalina selector context using the given environment.
+ *
* @param env The environment
*/
public SelectorContext(Hashtable env) {
@@ -75,12 +74,11 @@
/**
* Builds a Catalina selector context using the given environment.
- * @param env The environment
- * @param initialContext true if this is the main
- * initial context
+ *
+ * @param env The environment
+ * @param initialContext true if this is the main initial context
*/
- public SelectorContext(Hashtable env,
- boolean initialContext) {
+ public SelectorContext(Hashtable env, boolean initialContext) {
this.env = env;
this.initialContext = initialContext;
}
@@ -114,12 +112,10 @@
@Override
- public Object lookup(Name name)
- throws NamingException {
+ public Object lookup(Name name) throws NamingException {
if (log.isTraceEnabled()) {
- log.trace(sm.getString("selectorContext.methodUsingName", "lookup",
- name));
+ log.trace(sm.getString("selectorContext.methodUsingName", "lookup", name));
}
// Strip the URL header
@@ -130,12 +126,10 @@
@Override
- public Object lookup(String name)
- throws NamingException {
+ public Object lookup(String name) throws NamingException {
if (log.isTraceEnabled()) {
- log.trace(sm.getString("selectorContext.methodUsingString", "lookup",
- name));
+ log.trace(sm.getString("selectorContext.methodUsingString", "lookup", name));
}
// Strip the URL header
@@ -146,68 +140,58 @@
@Override
- public void bind(Name name, Object obj)
- throws NamingException {
+ public void bind(Name name, Object obj) throws NamingException {
getBoundContext().bind(parseName(name), obj);
}
@Override
- public void bind(String name, Object obj)
- throws NamingException {
+ public void bind(String name, Object obj) throws NamingException {
getBoundContext().bind(parseName(name), obj);
}
@Override
- public void rebind(Name name, Object obj)
- throws NamingException {
+ public void rebind(Name name, Object obj) throws NamingException {
getBoundContext().rebind(parseName(name), obj);
}
@Override
- public void rebind(String name, Object obj)
- throws NamingException {
+ public void rebind(String name, Object obj) throws NamingException {
getBoundContext().rebind(parseName(name), obj);
}
@Override
- public void unbind(Name name)
- throws NamingException {
+ public void unbind(Name name) throws NamingException {
getBoundContext().unbind(parseName(name));
}
@Override
- public void unbind(String name)
- throws NamingException {
+ public void unbind(String name) throws NamingException {
getBoundContext().unbind(parseName(name));
}
@Override
- public void rename(Name oldName, Name newName)
- throws NamingException {
+ public void rename(Name oldName, Name newName) throws NamingException {
getBoundContext().rename(parseName(oldName), parseName(newName));
}
@Override
- public void rename(String oldName, String newName)
- throws NamingException {
+ public void rename(String oldName, String newName) throws NamingException {
getBoundContext().rename(parseName(oldName), parseName(newName));
}
@Override
- public NamingEnumeration list(Name name)
- throws NamingException {
+ public NamingEnumeration list(Name name) throws NamingException {
if (log.isTraceEnabled()) {
- log.trace(sm.getString("selectorContext.methodUsingName", "list",
- name));
+ log.trace(sm.getString("selectorContext.methodUsingName", "list", name));
}
return getBoundContext().list(parseName(name));
@@ -215,12 +199,10 @@
@Override
- public NamingEnumeration list(String name)
- throws NamingException {
+ public NamingEnumeration list(String name) throws NamingException {
if (log.isTraceEnabled()) {
- log.trace(sm.getString("selectorContext.methodUsingString", "list",
- name));
+ log.trace(sm.getString("selectorContext.methodUsingString", "list", name));
}
return getBoundContext().list(parseName(name));
@@ -228,12 +210,10 @@
@Override
- public NamingEnumeration listBindings(Name name)
- throws NamingException {
+ public NamingEnumeration listBindings(Name name) throws NamingException {
if (log.isTraceEnabled()) {
- log.trace(sm.getString("selectorContext.methodUsingName",
- "listBindings", name));
+ log.trace(sm.getString("selectorContext.methodUsingName", "listBindings", name));
}
return getBoundContext().listBindings(parseName(name));
@@ -241,12 +221,10 @@
@Override
- public NamingEnumeration listBindings(String name)
- throws NamingException {
+ public NamingEnumeration listBindings(String name) throws NamingException {
if (log.isTraceEnabled()) {
- log.trace(sm.getString("selectorContext.methodUsingString",
- "listBindings", name));
+ log.trace(sm.getString("selectorContext.methodUsingString", "listBindings", name));
}
return getBoundContext().listBindings(parseName(name));
@@ -254,40 +232,34 @@
@Override
- public void destroySubcontext(Name name)
- throws NamingException {
+ public void destroySubcontext(Name name) throws NamingException {
getBoundContext().destroySubcontext(parseName(name));
}
@Override
- public void destroySubcontext(String name)
- throws NamingException {
+ public void destroySubcontext(String name) throws NamingException {
getBoundContext().destroySubcontext(parseName(name));
}
@Override
- public Context createSubcontext(Name name)
- throws NamingException {
+ public Context createSubcontext(Name name) throws NamingException {
return getBoundContext().createSubcontext(parseName(name));
}
@Override
- public Context createSubcontext(String name)
- throws NamingException {
+ public Context createSubcontext(String name) throws NamingException {
return getBoundContext().createSubcontext(parseName(name));
}
@Override
- public Object lookupLink(Name name)
- throws NamingException {
+ public Object lookupLink(Name name) throws NamingException {
if (log.isTraceEnabled()) {
- log.trace(sm.getString("selectorContext.methodUsingName",
- "lookupLink", name));
+ log.trace(sm.getString("selectorContext.methodUsingName", "lookupLink", name));
}
return getBoundContext().lookupLink(parseName(name));
@@ -295,12 +267,10 @@
@Override
- public Object lookupLink(String name)
- throws NamingException {
+ public Object lookupLink(String name) throws NamingException {
if (log.isTraceEnabled()) {
- log.trace(sm.getString("selectorContext.methodUsingString",
- "lookupLink", name));
+ log.trace(sm.getString("selectorContext.methodUsingString", "lookupLink", name));
}
return getBoundContext().lookupLink(parseName(name));
@@ -308,65 +278,56 @@
@Override
- public NameParser getNameParser(Name name)
- throws NamingException {
+ public NameParser getNameParser(Name name) throws NamingException {
return getBoundContext().getNameParser(parseName(name));
}
@Override
- public NameParser getNameParser(String name)
- throws NamingException {
+ public NameParser getNameParser(String name) throws NamingException {
return getBoundContext().getNameParser(parseName(name));
}
@Override
- public Name composeName(Name name, Name prefix)
- throws NamingException {
+ public Name composeName(Name name, Name prefix) throws NamingException {
Name prefixClone = (Name) prefix.clone();
return prefixClone.addAll(name);
}
@Override
- public String composeName(String name, String prefix)
- throws NamingException {
+ public String composeName(String name, String prefix) throws NamingException {
return prefix + "/" + name;
}
@Override
- public Object addToEnvironment(String propName, Object propVal)
- throws NamingException {
+ public Object addToEnvironment(String propName, Object propVal) throws NamingException {
return getBoundContext().addToEnvironment(propName, propVal);
}
@Override
- public Object removeFromEnvironment(String propName)
- throws NamingException {
+ public Object removeFromEnvironment(String propName) throws NamingException {
return getBoundContext().removeFromEnvironment(propName);
}
@Override
- public Hashtable getEnvironment()
- throws NamingException {
+ public Hashtable getEnvironment() throws NamingException {
return getBoundContext().getEnvironment();
}
@Override
- public void close()
- throws NamingException {
+ public void close() throws NamingException {
getBoundContext().close();
}
@Override
- public String getNameInNamespace()
- throws NamingException {
+ public String getNameInNamespace() throws NamingException {
return prefix;
}
@@ -376,12 +337,12 @@
/**
* Get the bound context.
- * @return the Context bound with either the current thread or
- * the current classloader
+ *
+ * @return the Context bound with either the current thread or the current classloader
+ *
* @throws NamingException Bindings exception
*/
- protected Context getBoundContext()
- throws NamingException {
+ protected Context getBoundContext() throws NamingException {
if (initialContext) {
String ICName = IC_PREFIX;
@@ -411,13 +372,14 @@
/**
* Strips the URL header.
+ *
* @param name The name
+ *
* @return the parsed name
- * @throws NamingException if there is no "java:" header or if no
- * naming context has been bound to this thread
+ *
+ * @throws NamingException if there is no "java:" header or if no naming context has been bound to this thread
*/
- protected String parseName(String name)
- throws NamingException {
+ protected String parseName(String name) throws NamingException {
if ((!initialContext) && (name.startsWith(prefix))) {
return name.substring(prefixLength);
@@ -425,8 +387,7 @@
if (initialContext) {
return name;
} else {
- throw new NamingException
- (sm.getString("selectorContext.noJavaUrl"));
+ throw new NamingException(sm.getString("selectorContext.noJavaUrl"));
}
}
@@ -435,16 +396,16 @@
/**
* Strips the URL header.
+ *
* @param name The name
+ *
* @return the parsed name
- * @throws NamingException if there is no "java:" header or if no
- * naming context has been bound to this thread
+ *
+ * @throws NamingException if there is no "java:" header or if no naming context has been bound to this thread
*/
- protected Name parseName(Name name)
- throws NamingException {
+ protected Name parseName(Name name) throws NamingException {
- if (!initialContext && !name.isEmpty() &&
- name.get(0).startsWith(prefix)) {
+ if (!initialContext && !name.isEmpty() && name.get(0).startsWith(prefix)) {
if (name.get(0).equals(prefix)) {
return name.getSuffix(1);
} else {
@@ -456,8 +417,7 @@
if (initialContext) {
return name;
} else {
- throw new NamingException(
- sm.getString("selectorContext.noJavaUrl"));
+ throw new NamingException(sm.getString("selectorContext.noJavaUrl"));
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/naming/ServiceRef.java tomcat10-10.1.52/java/org/apache/naming/ServiceRef.java
--- tomcat10-10.1.40/java/org/apache/naming/ServiceRef.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/ServiceRef.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,8 +23,6 @@
/**
* Represents a reference web service.
- *
- * @author Fabien Carrion
*/
public class ServiceRef extends AbstractRef {
@@ -34,20 +32,19 @@
/**
* Default factory for this reference.
*/
- public static final String DEFAULT_FACTORY =
- org.apache.naming.factory.Constants.DEFAULT_SERVICE_FACTORY;
+ public static final String DEFAULT_FACTORY = org.apache.naming.factory.Constants.DEFAULT_SERVICE_FACTORY;
/**
* Service Classname address type.
*/
- public static final String SERVICE_INTERFACE = "serviceInterface";
+ public static final String SERVICE_INTERFACE = "serviceInterface";
/**
* ServiceQname address type.
*/
- public static final String SERVICE_NAMESPACE = "service namespace";
+ public static final String SERVICE_NAMESPACE = "service namespace";
public static final String SERVICE_LOCAL_PART = "service local part";
@@ -76,23 +73,19 @@
/**
- * The list to save the handler Reference objects, because they can't be
- * saved in the addrs vector.
+ * The list to save the handler Reference objects, because they can't be saved in the addrs vector.
*/
private final List handlers = new CopyOnWriteArrayList<>();
- public ServiceRef(String refname, String serviceInterface, String[] serviceQname,
- String wsdl, String jaxrpcmapping) {
- this(refname, serviceInterface, serviceQname, wsdl, jaxrpcmapping,
- null, null);
+ public ServiceRef(String refname, String serviceInterface, String[] serviceQname, String wsdl,
+ String jaxrpcmapping) {
+ this(refname, serviceInterface, serviceQname, wsdl, jaxrpcmapping, null, null);
}
- public ServiceRef(@SuppressWarnings("unused") String refname,
- String serviceInterface, String[] serviceQname,
- String wsdl, String jaxrpcmapping,
- String factory, String factoryLocation) {
+ public ServiceRef(@SuppressWarnings("unused") String refname, String serviceInterface, String[] serviceQname,
+ String wsdl, String jaxrpcmapping, String factory, String factoryLocation) {
super(serviceInterface, factory, factoryLocation);
StringRefAddr refAddr;
if (serviceInterface != null) {
@@ -120,6 +113,7 @@
/**
* Add and Get Handlers classes.
+ *
* @return the handler
*/
public HandlerRef getHandler() {
diff -Nru tomcat10-10.1.40/java/org/apache/naming/StringManager.java tomcat10-10.1.52/java/org/apache/naming/StringManager.java
--- tomcat10-10.1.40/java/org/apache/naming/StringManager.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/StringManager.java 2026-01-23 19:33:36.000000000 +0000
@@ -24,27 +24,18 @@
import java.util.ResourceBundle;
/**
- * An internationalization / localization helper class which reduces
- * the bother of handling ResourceBundles and takes care of the
- * common cases of message formatting which otherwise require the
- * creation of Object arrays and such.
+ * An internationalization / localization helper class which reduces the bother of handling ResourceBundles and takes
+ * care of the common cases of message formatting which otherwise require the creation of Object arrays and such.
+ *
+ * The StringManager operates on a package basis. One StringManager per package can be created and accessed via the
+ * getManager method call.
+ *
+ * The StringManager will look for a ResourceBundle named by the package name given plus the suffix of "LocalStrings".
+ * In practice, this means that the localized information will be contained in a LocalStrings.properties file located in
+ * the package directory of the classpath.
+ *
+ * Please see the documentation for java.util.ResourceBundle for more information.
*
- *
The StringManager operates on a package basis. One StringManager
- * per package can be created and accessed via the getManager method
- * call.
- *
- *
The StringManager will look for a ResourceBundle named by
- * the package name given plus the suffix of "LocalStrings". In
- * practice, this means that the localized information will be contained
- * in a LocalStrings.properties file located in the package
- * directory of the classpath.
- *
- *
Please see the documentation for java.util.ResourceBundle for
- * more information.
- *
- * @author James Duncan Davidson [duncan@eng.sun.com]
- * @author James Todd [gonzo@eng.sun.com]
- * @author Mel Martinez [mmartinez@g1440.com]
* @see java.util.ResourceBundle
*/
public class StringManager {
@@ -56,10 +47,8 @@
private final Locale locale;
/**
- * Creates a new StringManager for a given package. This is a
- * private method and all access to it is arbitrated by the
- * static getManager method call so that only one StringManager
- * per package will be created.
+ * Creates a new StringManager for a given package. This is a private method and all access to it is arbitrated by
+ * the static getManager method call so that only one StringManager per package will be created.
*
* @param packageName Name of package to create StringManager for.
*/
@@ -75,9 +64,8 @@
ClassLoader cl = Thread.currentThread().getContextClassLoader();
if (cl != null) {
try {
- tempBundle = ResourceBundle.getBundle(
- bundleName, Locale.getDefault(), cl);
- } catch (MissingResourceException ex2) {
+ tempBundle = ResourceBundle.getBundle(bundleName, Locale.getDefault(), cl);
+ } catch (MissingResourceException ignore) {
// Ignore
}
}
@@ -92,19 +80,17 @@
}
/**
- * Get a string from the underlying resource bundle or return
- * null if the String is not found.
+ * Get a string from the underlying resource bundle or return null if the String is not found.
*
- * @param key to desired resource String
- * @return resource String matching key from underlying
- * bundle or null if not found.
- * @throws IllegalArgumentException if key is null.
+ * @param key to desired resource String
+ *
+ * @return resource String matching key from underlying bundle or null if not found.
+ *
+ * @throws IllegalArgumentException if key is null.
*/
public String getString(String key) {
if (key == null) {
- String msg = "key may not have a null value";
-
- throw new IllegalArgumentException(msg);
+ throw new IllegalArgumentException("key may not have a null value");
}
String str = null;
@@ -114,17 +100,17 @@
if (bundle != null) {
str = bundle.getString(key);
}
- } catch (MissingResourceException mre) {
- //bad: shouldn't mask an exception the following way:
- // str = "[cannot find message associated with key '" + key + "' due to " + mre + "]";
- // because it hides the fact that the String was missing
- // from the calling code.
- //good: could just throw the exception (or wrap it in another)
- // but that would probably cause much havoc on existing
- // code.
- //better: consistent with container pattern to
- // simply return null. Calling code can then do
- // a null check.
+ } catch (MissingResourceException ignore) {
+ // bad: shouldn't mask an exception the following way:
+ // str = "[cannot find message associated with key '" + key + "' due to " + mre + "]";
+ // because it hides the fact that the String was missing
+ // from the calling code.
+ // good: could just throw the exception (or wrap it in another)
+ // but that would probably cause much havoc on existing
+ // code.
+ // better: consistent with container pattern to
+ // simply return null. Calling code can then do
+ // a null check.
// str is already set to null
}
@@ -132,14 +118,12 @@
}
/**
- * Get a string from the underlying resource bundle and format
- * it with the given set of arguments.
+ * Get a string from the underlying resource bundle and format it with the given set of arguments.
*
* @param key The key for the required message
* @param args The values to insert into the message
*
- * @return The request string formatted with the provided arguments or the
- * key if the key was not found.
+ * @return The request string formatted with the provided arguments or the key if the key was not found.
*/
public String getString(final String key, final Object... args) {
String value = getString(key);
@@ -156,12 +140,11 @@
// STATIC SUPPORT METHODS
// --------------------------------------------------------------
- private static final Map managers = new HashMap<>();
+ private static final Map managers = new HashMap<>();
/**
- * Get the StringManager for a particular package. If a manager for
- * a package already exists, it will be reused, else a new
- * StringManager will be created and returned.
+ * Get the StringManager for a particular package. If a manager for a package already exists, it will be reused,
+ * else a new StringManager will be created and returned.
*
* @param packageName The package name
*
diff -Nru tomcat10-10.1.40/java/org/apache/naming/TransactionRef.java tomcat10-10.1.52/java/org/apache/naming/TransactionRef.java
--- tomcat10-10.1.40/java/org/apache/naming/TransactionRef.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/TransactionRef.java 2026-01-23 19:33:36.000000000 +0000
@@ -18,8 +18,6 @@
/**
* Represents a reference address to a transaction.
- *
- * @author Remy Maucherat
*/
public class TransactionRef extends AbstractRef {
@@ -29,8 +27,7 @@
/**
* Default factory for this reference.
*/
- public static final String DEFAULT_FACTORY =
- org.apache.naming.factory.Constants.DEFAULT_TRANSACTION_FACTORY;
+ public static final String DEFAULT_FACTORY = org.apache.naming.factory.Constants.DEFAULT_TRANSACTION_FACTORY;
/**
@@ -44,7 +41,7 @@
/**
* Resource Reference.
*
- * @param factory The factory class
+ * @param factory The factory class
* @param factoryLocation The factory location
*/
public TransactionRef(String factory, String factoryLocation) {
diff -Nru tomcat10-10.1.40/java/org/apache/naming/factory/BeanFactory.java tomcat10-10.1.52/java/org/apache/naming/factory/BeanFactory.java
--- tomcat10-10.1.40/java/org/apache/naming/factory/BeanFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/factory/BeanFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -37,10 +37,11 @@
/**
* Object factory for any Resource conforming to the JavaBean spec.
+ *
+ * This factory can be configured in a <Context> element in your conf/server.xml
+ * configuration file. An example of factory configuration is:
+ *
*
- *
This factory can be configured in a <Context> element
- * in your conf/server.xml
- * configuration file. An example of factory configuration is:
- *
- * @author Aner Perez [aner at ncstech.com]
*/
public class BeanFactory implements ObjectFactory {
@@ -68,11 +67,13 @@
/**
* Create a new Bean instance.
*
- * @param obj The reference object describing the Bean
- * @param name the bound name
- * @param nameCtx unused
+ * @param obj The reference object describing the Bean
+ * @param name the bound name
+ * @param nameCtx unused
* @param environment unused
+ *
* @return the object instance
+ *
* @throws NamingException if an error occur creating the instance
*/
@Override
@@ -92,7 +93,7 @@
} else {
beanClass = Class.forName(beanClassName);
}
- } catch(ClassNotFoundException cnfe) {
+ } catch (ClassNotFoundException cnfe) {
NamingException ne = new NamingException(sm.getString("beanFactory.classNotFound", beanClassName));
ne.initCause(cnfe);
throw ne;
@@ -117,14 +118,12 @@
ra = e.nextElement();
String propName = ra.getType();
- if (propName.equals(Constants.FACTORY) ||
- propName.equals("scope") || propName.equals("auth") ||
- propName.equals("forceString") ||
- propName.equals("singleton")) {
+ if (propName.equals(Constants.FACTORY) || propName.equals("scope") || propName.equals("auth") ||
+ propName.equals("forceString") || propName.equals("singleton")) {
continue;
}
- value = (String)ra.getContent();
+ value = (String) ra.getContent();
Object[] valueArray = new Object[1];
@@ -162,12 +161,12 @@
setProp = bean.getClass().getMethod(setterName, String.class);
valueArray[0] = value;
} catch (NoSuchMethodException nsme) {
- throw new NamingException(sm.getString(
- "beanFactory.noStringConversion", propName, propType.getName()));
+ throw new NamingException(sm.getString("beanFactory.noStringConversion", propName,
+ propType.getName()));
}
} else {
- throw new NamingException(sm.getString(
- "beanFactory.noStringConversion", propName, propType.getName()));
+ throw new NamingException(
+ sm.getString("beanFactory.noStringConversion", propName, propType.getName()));
}
if (setProp != null) {
diff -Nru tomcat10-10.1.40/java/org/apache/naming/factory/Constants.java tomcat10-10.1.52/java/org/apache/naming/factory/Constants.java
--- tomcat10-10.1.40/java/org/apache/naming/factory/Constants.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/factory/Constants.java 2026-01-23 19:33:36.000000000 +0000
@@ -37,8 +37,7 @@
public static final String DEFAULT_HANDLER_FACTORY = Package + ".HandlerFactory";
- public static final String DBCP_DATASOURCE_FACTORY =
- "org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory";
+ public static final String DBCP_DATASOURCE_FACTORY = "org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory";
public static final String OPENEJB_EJB_FACTORY = Package + ".OpenEjbFactory";
diff -Nru tomcat10-10.1.40/java/org/apache/naming/factory/DataSourceLinkFactory.java tomcat10-10.1.52/java/org/apache/naming/factory/DataSourceLinkFactory.java
--- tomcat10-10.1.40/java/org/apache/naming/factory/DataSourceLinkFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/factory/DataSourceLinkFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,10 +31,10 @@
import javax.sql.DataSource;
-
/**
- *
Object factory for resource links for shared data sources.
- *
+ *
+ * Object factory for resource links for shared data sources.
+ *
*/
public class DataSourceLinkFactory extends ResourceLinkFactory {
@@ -46,14 +46,15 @@
@Override
public Object getObjectInstance(Object obj, Name name, Context nameCtx, Hashtable environment)
- throws NamingException {
+ throws NamingException {
Object result = super.getObjectInstance(obj, name, nameCtx, environment);
// Can we process this request?
- if (result!=null) {
+ if (result != null) {
Reference ref = (Reference) obj;
RefAddr userAttr = ref.get("username");
RefAddr passAttr = ref.get("password");
- if (userAttr != null && passAttr != null && userAttr.getContent() != null && passAttr.getContent() != null) {
+ if (userAttr != null && passAttr != null && userAttr.getContent() != null &&
+ passAttr.getContent() != null) {
result = wrapDataSource(result, userAttr.getContent().toString(), passAttr.getContent().toString());
}
}
@@ -62,13 +63,12 @@
protected Object wrapDataSource(Object datasource, String username, String password) throws NamingException {
try {
- DataSourceHandler handler =
- new DataSourceHandler((DataSource)datasource, username, password);
- return Proxy.newProxyInstance(datasource.getClass().getClassLoader(),
- datasource.getClass().getInterfaces(), handler);
- }catch (Exception x) {
- if (x instanceof InvocationTargetException) {
- Throwable cause = x.getCause();
+ DataSourceHandler handler = new DataSourceHandler((DataSource) datasource, username, password);
+ return Proxy.newProxyInstance(datasource.getClass().getClassLoader(), datasource.getClass().getInterfaces(),
+ handler);
+ } catch (Exception e) {
+ if (e instanceof InvocationTargetException) {
+ Throwable cause = e.getCause();
if (cause instanceof ThreadDeath) {
throw (ThreadDeath) cause;
}
@@ -76,22 +76,22 @@
throw (VirtualMachineError) cause;
}
if (cause instanceof Exception) {
- x = (Exception) cause;
+ e = (Exception) cause;
}
}
- if (x instanceof NamingException) {
- throw (NamingException)x;
+ if (e instanceof NamingException) {
+ throw (NamingException) e;
} else {
- NamingException nx = new NamingException(x.getMessage());
- nx.initCause(x);
+ NamingException nx = new NamingException(e.getMessage());
+ nx.initCause(e);
throw nx;
}
}
}
/**
- * Simple wrapper class that will allow a user to configure a ResourceLink for a data source
- * so that when {@link javax.sql.DataSource#getConnection()} is called, it will invoke
+ * Simple wrapper class that will allow a user to configure a ResourceLink for a data source so that when
+ * {@link javax.sql.DataSource#getConnection()} is called, it will invoke
* {@link javax.sql.DataSource#getConnection(String, String)} with the preconfigured username and password.
*/
public static class DataSourceHandler implements InvocationHandler {
@@ -99,6 +99,7 @@
private final String username;
private final String password;
private final Method getConnection;
+
public DataSourceHandler(DataSource ds, String username, String password) throws Exception {
this.ds = ds;
this.username = username;
@@ -109,17 +110,16 @@
@Override
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
- if ("getConnection".equals(method.getName()) && (args==null || args.length==0)) {
- args = new String[] {username,password};
+ if ("getConnection".equals(method.getName()) && (args == null || args.length == 0)) {
+ args = new String[] { username, password };
method = getConnection;
} else if ("unwrap".equals(method.getName())) {
- return unwrap((Class)args[0]);
+ return unwrap((Class) args[0]);
}
try {
- return method.invoke(ds,args);
- }catch (Throwable t) {
- if (t instanceof InvocationTargetException
- && t.getCause() != null) {
+ return method.invoke(ds, args);
+ } catch (Throwable t) {
+ if (t instanceof InvocationTargetException && t.getCause() != null) {
throw t.getCause();
} else {
throw t;
@@ -138,7 +138,5 @@
}
-
-
}
diff -Nru tomcat10-10.1.40/java/org/apache/naming/factory/EjbFactory.java tomcat10-10.1.52/java/org/apache/naming/factory/EjbFactory.java
--- tomcat10-10.1.40/java/org/apache/naming/factory/EjbFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/factory/EjbFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -27,8 +27,6 @@
/**
* Object factory for EJBs.
- *
- * @author Remy Maucherat
*/
public class EjbFactory extends FactoryBase {
@@ -43,12 +41,10 @@
protected ObjectFactory getDefaultFactory(Reference ref) throws NamingException {
ObjectFactory factory;
- String javaxEjbFactoryClassName = System.getProperty(
- "jakarta.ejb.Factory", Constants.OPENEJB_EJB_FACTORY);
+ String javaxEjbFactoryClassName = System.getProperty("jakarta.ejb.Factory", Constants.OPENEJB_EJB_FACTORY);
try {
- factory = (ObjectFactory)
- Class.forName(javaxEjbFactoryClassName).getConstructor().newInstance();
- } catch(Throwable t) {
+ factory = (ObjectFactory) Class.forName(javaxEjbFactoryClassName).getConstructor().newInstance();
+ } catch (Throwable t) {
if (t instanceof NamingException) {
throw (NamingException) t;
}
diff -Nru tomcat10-10.1.40/java/org/apache/naming/factory/FactoryBase.java tomcat10-10.1.52/java/org/apache/naming/factory/FactoryBase.java
--- tomcat10-10.1.40/java/org/apache/naming/factory/FactoryBase.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/factory/FactoryBase.java 2026-01-23 19:33:36.000000000 +0000
@@ -28,16 +28,16 @@
import org.apache.naming.StringManager;
/**
- * Abstract base class that provides common functionality required by
- * subclasses. This class exists primarily to reduce code duplication.
+ * Abstract base class that provides common functionality required by subclasses. This class exists primarily to reduce
+ * code duplication.
*/
public abstract class FactoryBase implements ObjectFactory {
private static final StringManager sm = StringManager.getManager(FactoryBase.class);
@Override
- public final Object getObjectInstance(Object obj, Name name, Context nameCtx,
- Hashtable environment) throws Exception {
+ public final Object getObjectInstance(Object obj, Name name, Context nameCtx, Hashtable environment)
+ throws Exception {
if (isReferenceTypeSupported(obj)) {
Reference ref = (Reference) obj;
@@ -61,14 +61,14 @@
} else {
factoryClass = Class.forName(factoryClassName);
}
- } catch(ClassNotFoundException e) {
+ } catch (ClassNotFoundException e) {
NamingException ex = new NamingException(sm.getString("factoryBase.factoryClassError"));
ex.initCause(e);
throw ex;
}
try {
factory = (ObjectFactory) factoryClass.getConstructor().newInstance();
- } catch(Throwable t) {
+ } catch (Throwable t) {
if (t instanceof NamingException) {
throw (NamingException) t;
}
@@ -99,37 +99,33 @@
/**
- * Determines if this factory supports processing the provided reference
- * object.
+ * Determines if this factory supports processing the provided reference object.
*
- * @param obj The object to be processed
+ * @param obj The object to be processed
*
- * @return true if this factory can process the object,
- * otherwise false
+ * @return true if this factory can process the object, otherwise false
*/
protected abstract boolean isReferenceTypeSupported(Object obj);
/**
- * If a default factory is available for the given reference type, create
- * the default factory.
+ * If a default factory is available for the given reference type, create the default factory.
*
- * @param ref The reference object to be processed
+ * @param ref The reference object to be processed
*
- * @return The default factory for the given reference object or
- * null if no default factory exists.
+ * @return The default factory for the given reference object or null if no default factory exists.
*
- * @throws NamingException If the default factory cannot be created
+ * @throws NamingException If the default factory cannot be created
*/
- protected abstract ObjectFactory getDefaultFactory(Reference ref)
- throws NamingException;
+ protected abstract ObjectFactory getDefaultFactory(Reference ref) throws NamingException;
/**
* If this reference is a link to another JNDI object, obtain that object.
*
- * @param ref The reference object to be processed
+ * @param ref The reference object to be processed
+ *
+ * @return The linked object or null if linked objects are not supported by or not configured for this
+ * reference object
*
- * @return The linked object or null if linked objects are
- * not supported by or not configured for this reference object
* @throws NamingException Error accessing linked object
*/
protected abstract Object getLinked(Reference ref) throws NamingException;
diff -Nru tomcat10-10.1.40/java/org/apache/naming/factory/LookupFactory.java tomcat10-10.1.52/java/org/apache/naming/factory/LookupFactory.java
--- tomcat10-10.1.40/java/org/apache/naming/factory/LookupFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/factory/LookupFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,7 +25,6 @@
import javax.naming.Name;
import javax.naming.NamingException;
import javax.naming.RefAddr;
-import javax.naming.Reference;
import javax.naming.spi.ObjectFactory;
import org.apache.juli.logging.Log;
@@ -46,22 +45,24 @@
/**
* Create a new Resource env instance.
*
- * @param obj The reference object describing the DataSource
- * @param name the bound name
- * @param nameCtx unused
+ * @param obj The reference object describing the DataSource
+ * @param name the bound name
+ * @param nameCtx unused
* @param environment unused
+ *
* @return the object instance
+ *
* @throws Exception if an error occur creating the instance
*/
@Override
- public Object getObjectInstance(Object obj, Name name, Context nameCtx,
- Hashtable environment) throws Exception {
+ public Object getObjectInstance(Object obj, Name name, Context nameCtx, Hashtable environment)
+ throws Exception {
String lookupName = null;
Object result = null;
if (obj instanceof LookupRef) {
- Reference ref = (Reference) obj;
+ LookupRef ref = (LookupRef) obj;
ObjectFactory factory = null;
RefAddr lookupNameRefAddr = ref.get(LookupRef.LOOKUP_NAME);
if (lookupNameRefAddr != null) {
@@ -88,8 +89,7 @@
try {
factoryClass = tcl.loadClass(factoryClassName);
} catch (ClassNotFoundException e) {
- NamingException ex = new NamingException(
- sm.getString("lookupFactory.loadFailed"));
+ NamingException ex = new NamingException(sm.getString("lookupFactory.loadFailed"));
ex.initCause(e);
throw ex;
}
@@ -97,8 +97,7 @@
try {
factoryClass = Class.forName(factoryClassName);
} catch (ClassNotFoundException e) {
- NamingException ex = new NamingException(
- sm.getString("lookupFactory.loadFailed"));
+ NamingException ex = new NamingException(sm.getString("lookupFactory.loadFailed"));
ex.initCause(e);
throw ex;
}
@@ -107,8 +106,7 @@
try {
factory = (ObjectFactory) factoryClass.getConstructor().newInstance();
} catch (Throwable t) {
- NamingException ex = new NamingException(
- sm.getString("lookupFactory.createFailed"));
+ NamingException ex = new NamingException(sm.getString("lookupFactory.createFailed"));
ex.initCause(t);
throw ex;
}
@@ -127,8 +125,8 @@
Class clazz = Class.forName(ref.getClassName());
if (result != null && !clazz.isAssignableFrom(result.getClass())) {
- String msg = sm.getString("lookupFactory.typeMismatch",
- name, ref.getClassName(), lookupName, result.getClass().getName());
+ String msg = sm.getString("lookupFactory.typeMismatch", name, ref.getClassName(), lookupName,
+ result.getClass().getName());
NamingException ne = new NamingException(msg);
log.warn(msg, ne);
// Close the resource we no longer need if we know how to do so
diff -Nru tomcat10-10.1.40/java/org/apache/naming/factory/MailSessionFactory.java tomcat10-10.1.52/java/org/apache/naming/factory/MailSessionFactory.java
--- tomcat10-10.1.40/java/org/apache/naming/factory/MailSessionFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/factory/MailSessionFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -33,19 +33,20 @@
import jakarta.mail.Session;
/**
- *
Factory class that creates a JNDI named JavaMail Session factory,
- * which can be used for managing inbound and outbound electronic mail
- * messages via JavaMail APIs. All messaging environment properties
- * described in the JavaMail Specification may be passed to the Session
- * factory; however the following properties are the most commonly used:
+ *
+ * Factory class that creates a JNDI named JavaMail Session factory, which can be used for managing inbound and outbound
+ * electronic mail messages via JavaMail APIs. All messaging environment properties described in the JavaMail
+ * Specification may be passed to the Session factory; however the following properties are the most commonly used:
+ *
*
- *
mail.smtp.host - Hostname for outbound transport
- * connections. Defaults to localhost if not specified.
+ *
mail.smtp.host - Hostname for outbound transport connections. Defaults to localhost
+ * if not specified.
*
+ *
+ * This factory can be configured in a <Context> element in your conf/server.xml
+ * configuration file. An example of factory configuration is:
+ *
*
- *
This factory can be configured in a
- * <Context> element in your conf/server.xml
- * configuration file. An example of factory configuration is:
- *
- * @author Craig R. McClanahan
*/
public class MailSessionFactory implements ObjectFactory {
@@ -66,8 +65,7 @@
@Override
- public Object getObjectInstance(Object refObj, Name name, Context context,
- Hashtable env) throws Exception {
+ public Object getObjectInstance(Object refObj, Name name, Context context, Hashtable env) throws Exception {
// Return null if we cannot create an object of the requested type
final Reference ref = (Reference) refObj;
@@ -107,25 +105,23 @@
Authenticator auth = null;
if (password != null) {
String user = props.getProperty("mail.smtp.user");
- if(user == null) {
+ if (user == null) {
user = props.getProperty("mail.user");
}
- if(user != null) {
+ if (user != null) {
final PasswordAuthentication pa = new PasswordAuthentication(user, password);
auth = new Authenticator() {
- @Override
- protected PasswordAuthentication getPasswordAuthentication() {
- return pa;
- }
- };
+ @Override
+ protected PasswordAuthentication getPasswordAuthentication() {
+ return pa;
+ }
+ };
}
}
// Create and return the new Session object
- Session session = Session.getInstance(props, auth);
- return session;
-
+ return Session.getInstance(props, auth);
});
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/naming/factory/OpenEjbFactory.java tomcat10-10.1.52/java/org/apache/naming/factory/OpenEjbFactory.java
--- tomcat10-10.1.40/java/org/apache/naming/factory/OpenEjbFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/factory/OpenEjbFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,50 +23,37 @@
import javax.naming.InitialContext;
import javax.naming.Name;
import javax.naming.RefAddr;
-import javax.naming.Reference;
import javax.naming.spi.ObjectFactory;
import org.apache.naming.EjbRef;
/**
* Object factory for EJBs.
- *
- * @author Jacek Laskowski
- * @author Remy Maucherat
*/
public class OpenEjbFactory implements ObjectFactory {
-
- // -------------------------------------------------------------- Constants
-
-
- protected static final String DEFAULT_OPENEJB_FACTORY =
- "org.openejb.client.LocalInitialContextFactory";
-
-
- // -------------------------------------------------- ObjectFactory Methods
-
+ protected static final String DEFAULT_OPENEJB_FACTORY = "org.openejb.client.LocalInitialContextFactory";
/**
* Create a new EJB instance using OpenEJB.
*
- * @param obj The reference object describing the DataSource
- * @param name the bound name
- * @param nameCtx unused
+ * @param obj The reference object describing the DataSource
+ * @param name the bound name
+ * @param nameCtx unused
* @param environment unused
+ *
* @return the object instance
+ *
* @throws Exception if an error occur creating the instance
*/
@Override
- public Object getObjectInstance(Object obj, Name name, Context nameCtx,
- Hashtable environment)
- throws Exception {
+ public Object getObjectInstance(Object obj, Name name, Context nameCtx, Hashtable environment)
+ throws Exception {
Object beanObj = null;
if (obj instanceof EjbRef) {
-
- Reference ref = (Reference) obj;
+ EjbRef ref = (EjbRef) obj;
String factory = DEFAULT_OPENEJB_FACTORY;
RefAddr factoryRefAddr = ref.get("openejb.factory");
@@ -83,12 +70,8 @@
String ejbLink = linkRefAddr.getContent().toString();
beanObj = (new InitialContext(env)).lookup(ejbLink);
}
-
}
return beanObj;
-
}
-
-
}
diff -Nru tomcat10-10.1.40/java/org/apache/naming/factory/ResourceEnvFactory.java tomcat10-10.1.52/java/org/apache/naming/factory/ResourceEnvFactory.java
--- tomcat10-10.1.40/java/org/apache/naming/factory/ResourceEnvFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/factory/ResourceEnvFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,8 +23,6 @@
/**
* Object factory for Resources env.
- *
- * @author Remy Maucherat
*/
public class ResourceEnvFactory extends FactoryBase {
diff -Nru tomcat10-10.1.40/java/org/apache/naming/factory/ResourceFactory.java tomcat10-10.1.52/java/org/apache/naming/factory/ResourceFactory.java
--- tomcat10-10.1.40/java/org/apache/naming/factory/ResourceFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/factory/ResourceFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,8 +25,6 @@
/**
* Object factory for Resources.
- *
- * @author Remy Maucherat
*/
public class ResourceFactory extends FactoryBase {
@@ -44,11 +42,10 @@
if (ref.getClassName().equals("javax.sql.DataSource")) {
String javaxSqlDataSourceFactoryClassName =
- System.getProperty("javax.sql.DataSource.Factory",
- Constants.DBCP_DATASOURCE_FACTORY);
+ System.getProperty("javax.sql.DataSource.Factory", Constants.DBCP_DATASOURCE_FACTORY);
try {
- factory = (ObjectFactory) Class.forName(
- javaxSqlDataSourceFactoryClassName).getConstructor().newInstance();
+ factory = (ObjectFactory) Class.forName(javaxSqlDataSourceFactoryClassName).getConstructor()
+ .newInstance();
} catch (Exception e) {
NamingException ex = new NamingException(sm.getString("resourceFactory.factoryCreationError"));
ex.initCause(e);
@@ -56,12 +53,11 @@
}
} else if (ref.getClassName().equals("jakarta.mail.Session")) {
String javaxMailSessionFactoryClassName =
- System.getProperty("jakarta.mail.Session.Factory",
- "org.apache.naming.factory.MailSessionFactory");
+ System.getProperty("jakarta.mail.Session.Factory", "org.apache.naming.factory.MailSessionFactory");
try {
- factory = (ObjectFactory) Class.forName(
- javaxMailSessionFactoryClassName).getConstructor().newInstance();
- } catch(Throwable t) {
+ factory =
+ (ObjectFactory) Class.forName(javaxMailSessionFactoryClassName).getConstructor().newInstance();
+ } catch (Throwable t) {
if (t instanceof NamingException) {
throw (NamingException) t;
}
diff -Nru tomcat10-10.1.40/java/org/apache/naming/factory/ResourceLinkFactory.java tomcat10-10.1.52/java/org/apache/naming/factory/ResourceLinkFactory.java
--- tomcat10-10.1.40/java/org/apache/naming/factory/ResourceLinkFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/factory/ResourceLinkFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,16 +25,15 @@
import javax.naming.Name;
import javax.naming.NamingException;
import javax.naming.RefAddr;
-import javax.naming.Reference;
import javax.naming.spi.ObjectFactory;
import org.apache.naming.ResourceLinkRef;
import org.apache.naming.StringManager;
/**
- *
Object factory for resource links.
- *
- * @author Remy Maucherat
+ *
+ * Object factory for resource links.
+ *
*/
public class ResourceLinkFactory implements ObjectFactory {
@@ -47,8 +46,7 @@
*/
private static Context globalContext = null;
- private static final Map> globalResourceRegistrations =
- new ConcurrentHashMap<>();
+ private static final Map> globalResourceRegistrations = new ConcurrentHashMap<>();
// --------------------------------------------------------- Public Methods
@@ -60,15 +58,13 @@
public static void setGlobalContext(Context newGlobalContext) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- sm.checkPermission(new RuntimePermission(
- ResourceLinkFactory.class.getName() + ".setGlobalContext"));
+ sm.checkPermission(new RuntimePermission(ResourceLinkFactory.class.getName() + ".setGlobalContext"));
}
globalContext = newGlobalContext;
}
- public static void registerGlobalResourceAccess(Context globalContext, String localName,
- String globalName) {
+ public static void registerGlobalResourceAccess(Context globalContext, String localName, String globalName) {
validateGlobalContext(globalContext);
ClassLoader cl = Thread.currentThread().getContextClassLoader();
// Web application initialization is single threaded so this is
@@ -95,8 +91,7 @@
private static void validateGlobalContext(Context globalContext) {
- if (ResourceLinkFactory.globalContext != null &&
- ResourceLinkFactory.globalContext != globalContext) {
+ if (ResourceLinkFactory.globalContext != null && ResourceLinkFactory.globalContext != globalContext) {
throw new SecurityException(sm.getString("resourceLinkFactory.invalidGlobalContext"));
}
}
@@ -120,22 +115,24 @@
/**
* Create a new resource instance.
*
- * @param name the bound name
- * @param nameCtx unused
+ * @param name the bound name
+ * @param nameCtx unused
* @param environment unused
+ *
* @return the object instance
+ *
* @throws NamingException if an error occur creating the instance
*/
@Override
- public Object getObjectInstance(Object obj, Name name, Context nameCtx,
- Hashtable environment) throws NamingException {
+ public Object getObjectInstance(Object obj, Name name, Context nameCtx, Hashtable environment)
+ throws NamingException {
if (!(obj instanceof ResourceLinkRef)) {
return null;
}
// Can we process this request?
- Reference ref = (Reference) obj;
+ ResourceLinkRef ref = (ResourceLinkRef) obj;
// Read the global ref addr
String globalName;
@@ -151,19 +148,18 @@
// Check the expected type
String expectedClassName = ref.getClassName();
if (expectedClassName == null) {
- throw new IllegalArgumentException(
- sm.getString("resourceLinkFactory.nullType", name, globalName));
+ throw new IllegalArgumentException(sm.getString("resourceLinkFactory.nullType", name, globalName));
}
try {
- Class expectedClazz = Class.forName(
- expectedClassName, true, Thread.currentThread().getContextClassLoader());
+ Class expectedClazz =
+ Class.forName(expectedClassName, true, Thread.currentThread().getContextClassLoader());
if (!expectedClazz.isAssignableFrom(result.getClass())) {
- throw new IllegalArgumentException(sm.getString("resourceLinkFactory.wrongType",
- name, globalName, expectedClassName, result.getClass().getName()));
+ throw new IllegalArgumentException(sm.getString("resourceLinkFactory.wrongType", name, globalName,
+ expectedClassName, result.getClass().getName()));
}
} catch (ClassNotFoundException e) {
- throw new IllegalArgumentException(sm.getString("resourceLinkFactory.unknownType",
- name, globalName, expectedClassName), e);
+ throw new IllegalArgumentException(
+ sm.getString("resourceLinkFactory.unknownType", name, globalName, expectedClassName), e);
}
return result;
}
diff -Nru tomcat10-10.1.40/java/org/apache/naming/factory/SendMailFactory.java tomcat10-10.1.52/java/org/apache/naming/factory/SendMailFactory.java
--- tomcat10-10.1.40/java/org/apache/naming/factory/SendMailFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/factory/SendMailFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -33,14 +33,16 @@
import jakarta.mail.internet.MimeMessage;
import jakarta.mail.internet.MimePartDataSource;
+import org.apache.tomcat.util.ExceptionUtils;
+
/**
- * Factory class that creates a JNDI named javamail MimePartDataSource
- * object which can be used for sending email using SMTP.
+ * Factory class that creates a JNDI named javamail MimePartDataSource object which can be used for sending email using
+ * SMTP.
*
- * Can be configured in the Context scope
- * of your server.xml configuration file.
+ * Can be configured in the Context scope of your server.xml configuration file.
*
- *
- * @author Glenn Nielsen Rich Catlett
*/
-
-public class SendMailFactory implements ObjectFactory
-{
+public class SendMailFactory implements ObjectFactory {
// The class name for the javamail MimeMessageDataSource
- protected static final String DataSourceClassName =
- "jakarta.mail.internet.MimePartDataSource";
+ protected static final String DataSourceClassName = "jakarta.mail.internet.MimePartDataSource";
@Override
- public Object getObjectInstance(Object refObj, Name name, Context ctx,
- Hashtable env) throws Exception {
- final Reference ref = (Reference)refObj;
+ public Object getObjectInstance(Object refObj, Name name, Context ctx, Hashtable env) throws Exception {
+ final Reference ref = (Reference) refObj;
// Creation of the DataSource is wrapped inside a doPrivileged
// so that javamail can read its default properties without
// throwing Security Exceptions
if (ref.getClassName().equals(DataSourceClassName)) {
- return AccessController.doPrivileged(
- (PrivilegedAction) () -> {
- // set up the smtp session that will send the message
- Properties props = new Properties();
- // enumeration of all refaddr
- Enumeration list = ref.getAll();
- // current refaddr to be set
- RefAddr refaddr;
- // set transport to smtp
- props.put("mail.transport.protocol", "smtp");
-
- while (list.hasMoreElements()) {
- refaddr = list.nextElement();
-
- // set property
- props.put(refaddr.getType(), refaddr.getContent());
- }
- MimeMessage message = new MimeMessage(
- Session.getInstance(props));
- try {
- RefAddr fromAddr = ref.get("mail.from");
- String from = null;
- if (fromAddr != null) {
- from = (String) fromAddr.getContent();
- }
- if (from != null) {
- message.setFrom(new InternetAddress(from));
- }
- message.setSubject("");
- } catch (Exception e) {/*Ignore*/}
- MimePartDataSource mds = new MimePartDataSource(message);
- return mds;
- });
+ return AccessController.doPrivileged((PrivilegedAction) () -> {
+ // set up the smtp session that will send the message
+ Properties props = new Properties();
+ // enumeration of all refaddr
+ Enumeration list = ref.getAll();
+ // current refaddr to be set
+ RefAddr refaddr;
+ // set transport to smtp
+ props.put("mail.transport.protocol", "smtp");
+
+ while (list.hasMoreElements()) {
+ refaddr = list.nextElement();
+
+ // set property
+ props.put(refaddr.getType(), refaddr.getContent());
+ }
+ MimeMessage message = new MimeMessage(Session.getInstance(props));
+ try {
+ RefAddr fromAddr = ref.get("mail.from");
+ String from = null;
+ if (fromAddr != null) {
+ from = (String) fromAddr.getContent();
+ }
+ if (from != null) {
+ message.setFrom(new InternetAddress(from));
+ }
+ message.setSubject("");
+ } catch (Throwable t) {
+ ExceptionUtils.handleThrowable(t);
+ // Otherwise ignore
+ }
+ return new MimePartDataSource(message);
+ });
} else { // We can't create an instance of the DataSource
return null;
}
diff -Nru tomcat10-10.1.40/java/org/apache/naming/factory/TransactionFactory.java tomcat10-10.1.52/java/org/apache/naming/factory/TransactionFactory.java
--- tomcat10-10.1.40/java/org/apache/naming/factory/TransactionFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/factory/TransactionFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,8 +23,6 @@
/**
* Object factory for User transactions.
- *
- * @author Remy Maucherat
*/
public class TransactionFactory extends FactoryBase {
diff -Nru tomcat10-10.1.40/java/org/apache/naming/factory/webservices/ServiceProxy.java tomcat10-10.1.52/java/org/apache/naming/factory/webservices/ServiceProxy.java
--- tomcat10-10.1.40/java/org/apache/naming/factory/webservices/ServiceProxy.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/factory/webservices/ServiceProxy.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,16 +31,13 @@
/**
* Object proxy for Web Services.
- *
- * @author Fabien Carrion
*/
public class ServiceProxy implements InvocationHandler {
private static final StringManager sm = StringManager.getManager(ServiceProxy.class);
/**
- * Service object.
- * used for delegation
+ * Service object. used for delegation
*/
private final Service service;
@@ -61,14 +58,16 @@
/**
* Constructs a new ServiceProxy wrapping given Service instance.
+ *
* @param service the wrapped Service instance
+ *
* @throws ServiceException should be never thrown
*/
public ServiceProxy(Service service) throws ServiceException {
this.service = service;
try {
- portQNameClass = Service.class.getDeclaredMethod("getPort", new Class[]{QName.class, Class.class});
- portClass = Service.class.getDeclaredMethod("getPort", new Class[]{Class.class});
+ portQNameClass = Service.class.getDeclaredMethod("getPort", new Class[] { QName.class, Class.class });
+ portClass = Service.class.getDeclaredMethod("getPort", new Class[] { Class.class });
} catch (Exception e) {
throw new ServiceException(e);
}
@@ -78,8 +77,7 @@
* @see InvocationHandler#invoke(Object, Method, Object[])
*/
@Override
- public Object invoke(Object proxy, Method method, Object[] args)
- throws Throwable {
+ public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
if (portQNameClass.equals(method)) {
return getProxyPortQNameClass(args);
@@ -98,7 +96,9 @@
/**
* @param args Method call arguments
+ *
* @return Returns the correct Port
+ *
* @throws ServiceException if port's QName is an unknown Port (not defined in WSDL).
*/
private Object getProxyPortQNameClass(Object[] args) throws ServiceException {
@@ -106,7 +106,8 @@
String nameString = name.getLocalPart();
Class serviceendpointClass = (Class) args[1];
- for (@SuppressWarnings("unchecked") Iterator ports = service.getPorts(); ports.hasNext();) {
+ for (@SuppressWarnings("unchecked")
+ Iterator ports = service.getPorts(); ports.hasNext();) {
QName portName = ports.next();
String portnameString = portName.getLocalPart();
if (portnameString.equals(nameString)) {
@@ -127,7 +128,9 @@
/**
* @param args Method call arguments
+ *
* @return Returns the correct Port
+ *
* @throws ServiceException if port's QName is an unknown Port
*/
private Remote getProxyPortClass(Object[] args) throws ServiceException {
diff -Nru tomcat10-10.1.40/java/org/apache/naming/factory/webservices/ServiceRefFactory.java tomcat10-10.1.52/java/org/apache/naming/factory/webservices/ServiceRefFactory.java
--- tomcat10-10.1.40/java/org/apache/naming/factory/webservices/ServiceRefFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/factory/webservices/ServiceRefFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -53,8 +53,6 @@
/**
* Object factory for Web Services.
- *
- * @author Fabien Carrion
*/
public class ServiceRefFactory implements ObjectFactory {
@@ -117,7 +115,7 @@
}
try {
if (wsdlRefAddr == null) {
- service = factory.createService( serviceQname );
+ service = factory.createService(serviceQname);
} else {
service = factory.createService(new URI(wsdlRefAddr).toURL(), serviceQname);
}
@@ -130,7 +128,7 @@
// Loading service Interface
try {
serviceInterfaceClass = tcl.loadClass(serviceInterface);
- } catch(ClassNotFoundException e) {
+ } catch (ClassNotFoundException e) {
NamingException ex = new NamingException("Could not load service Interface");
ex.initCause(e);
throw ex;
@@ -145,8 +143,8 @@
}
service = factory.loadService(serviceInterfaceClass);
} else {
- service = factory.loadService(
- new URI(wsdlRefAddr).toURL(), serviceInterfaceClass, new Properties());
+ service = factory.loadService(new URI(wsdlRefAddr).toURL(), serviceInterfaceClass,
+ new Properties());
}
} catch (Exception e) {
NamingException ex = new NamingException("Could not create service");
@@ -174,7 +172,7 @@
for (String portName : ports.keySet()) {
Port port = wsdlservice.getPort(portName);
String endpoint = getSOAPLocation(port);
- m.invoke(service, new Object[]{port.getName(), endpoint});
+ m.invoke(service, new Object[] { port.getName(), endpoint });
portComponentRef.put(endpoint, new QName(port.getName()));
}
} catch (Exception e) {
@@ -242,7 +240,7 @@
Class handlerClass = null;
try {
handlerClass = tcl.loadClass((String) tmp.getContent());
- } catch(ClassNotFoundException e) {
+ } catch (ClassNotFoundException e) {
break;
}
@@ -289,12 +287,11 @@
if (!portNames.isEmpty()) {
for (String portName : portNames) {
- initHandlerChain(new QName(portName), handlerRegistry,
- handlerInfo, soaproles);
+ initHandlerChain(new QName(portName), handlerRegistry, handlerInfo, soaproles);
}
} else {
Enumeration e = portComponentRef.elements();
- while(e.hasMoreElements()) {
+ while (e.hasMoreElements()) {
initHandlerChain(e.nextElement(), handlerRegistry, handlerInfo, soaproles);
}
}
@@ -311,6 +308,7 @@
/**
* @param port analyzed port
+ *
* @return Returns the endpoint URL of the given Port
*/
private String getSOAPLocation(Port port) {
@@ -327,8 +325,8 @@
}
- private void initHandlerChain(QName portName, HandlerRegistry handlerRegistry,
- HandlerInfo handlerInfo, List soaprolesToAdd) {
+ private void initHandlerChain(QName portName, HandlerRegistry handlerRegistry, HandlerInfo handlerInfo,
+ List soaprolesToAdd) {
HandlerChain handlerChain = (HandlerChain) handlerRegistry.getHandlerChain(portName);
@SuppressWarnings("unchecked") // Can't change the API
Iterator iter = handlerChain.iterator();
@@ -337,13 +335,13 @@
handler.init(handlerInfo);
}
String[] soaprolesRegistered = handlerChain.getRoles();
- String [] soaproles = new String[soaprolesRegistered.length + soaprolesToAdd.size()];
+ String[] soaproles = new String[soaprolesRegistered.length + soaprolesToAdd.size()];
int i;
- for (i = 0;i < soaprolesRegistered.length; i++) {
+ for (i = 0; i < soaprolesRegistered.length; i++) {
soaproles[i] = soaprolesRegistered[i];
}
for (int j = 0; j < soaprolesToAdd.size(); j++) {
- soaproles[i+j] = soaprolesToAdd.get(j);
+ soaproles[i + j] = soaprolesToAdd.get(j);
}
handlerChain.setRoles(soaproles);
handlerRegistry.setHandlerChain(portName, handlerChain);
diff -Nru tomcat10-10.1.40/java/org/apache/naming/java/javaURLContextFactory.java tomcat10-10.1.52/java/org/apache/naming/java/javaURLContextFactory.java
--- tomcat10-10.1.40/java/org/apache/naming/java/javaURLContextFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/naming/java/javaURLContextFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,22 +31,15 @@
/**
* Context factory for the "java:" namespace.
*
- * Important note : This factory MUST be associated with the "java" URL
- * prefix, which can be done by either :
+ * Important note : This factory MUST be associated with the "java" URL prefix, which can be done by either :
*
- *
Adding a
- * java.naming.factory.url.pkgs=org.apache.naming property
- * to the JNDI properties file
- *
Setting an environment variable named Context.URL_PKG_PREFIXES with
- * its value including the org.apache.naming package name.
- * More detail about this can be found in the JNDI documentation :
+ *
Adding a java.naming.factory.url.pkgs=org.apache.naming property to the JNDI properties file
+ *
Setting an environment variable named Context.URL_PKG_PREFIXES with its value including the org.apache.naming
+ * package name. More detail about this can be found in the JNDI documentation :
* {@link javax.naming.spi.NamingManager#getURLContext(String, java.util.Hashtable)}.
*
- *
- * @author Remy Maucherat
*/
-public class javaURLContextFactory
- implements ObjectFactory, InitialContextFactory {
+public class javaURLContextFactory implements ObjectFactory, InitialContextFactory {
// ----------------------------------------------------------- Constructors
@@ -75,22 +68,22 @@
/**
* Create a new Context's instance.
- * @param obj unused
- * @param name unused
- * @param nameCtx unused
+ *
+ * @param obj unused
+ * @param name unused
+ * @param nameCtx unused
* @param environment the environment used
- * @return a selector context if the thread or classloader are bound, and
- * null otherwise
+ *
+ * @return a selector context if the thread or classloader are bound, and null otherwise
+ *
* @throws NamingException not thrown by this implementationm
*/
@SuppressWarnings("unchecked")
@Override
- public Object getObjectInstance(Object obj, Name name, Context nameCtx,
- Hashtable environment)
- throws NamingException {
- if ((ContextBindings.isThreadBound()) ||
- (ContextBindings.isClassLoaderBound())) {
- return new SelectorContext((Hashtable)environment);
+ public Object getObjectInstance(Object obj, Name name, Context nameCtx, Hashtable environment)
+ throws NamingException {
+ if ((ContextBindings.isThreadBound()) || (ContextBindings.isClassLoaderBound())) {
+ return new SelectorContext((Hashtable) environment);
}
return null;
}
@@ -98,28 +91,26 @@
/**
* Get a new (writable) initial context.
+ *
* @param environment the environment used
- * @return a selector context if the thread or classloader are bound, and
- * a shared writable context otherwise
+ *
+ * @return a selector context if the thread or classloader are bound, and a shared writable context otherwise
+ *
* @throws NamingException not thrown by this implementationm
*/
@SuppressWarnings("unchecked")
@Override
- public Context getInitialContext(Hashtable environment)
- throws NamingException {
- if (ContextBindings.isThreadBound() ||
- (ContextBindings.isClassLoaderBound())) {
+ public Context getInitialContext(Hashtable environment) throws NamingException {
+ if (ContextBindings.isThreadBound() || (ContextBindings.isClassLoaderBound())) {
// Redirect the request to the bound initial context
- return new SelectorContext(
- (Hashtable)environment, true);
+ return new SelectorContext((Hashtable) environment, true);
}
// If the thread is not bound, return a shared writable context
if (initialContext == null) {
- synchronized(javaURLContextFactory.class) {
+ synchronized (javaURLContextFactory.class) {
if (initialContext == null) {
- initialContext = new NamingContext(
- (Hashtable)environment, MAIN);
+ initialContext = new NamingContext((Hashtable) environment, MAIN);
}
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/ContextBind.java tomcat10-10.1.52/java/org/apache/tomcat/ContextBind.java
--- tomcat10-10.1.40/java/org/apache/tomcat/ContextBind.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/ContextBind.java 2026-01-23 19:33:36.000000000 +0000
@@ -19,42 +19,30 @@
public interface ContextBind {
/**
- * Change the current thread context class loader to the web application
- * class loader. If no web application class loader is defined, or if the
- * current thread is already using the web application class loader then no
- * change will be made. If the class loader is changed and a
- * {@link org.apache.catalina.ThreadBindingListener} is configured then
- * {@link org.apache.catalina.ThreadBindingListener#bind()} will be called
- * after the change has been made.
+ * Change the current thread context class loader to the web application class loader. If no web application class
+ * loader is defined, or if the current thread is already using the web application class loader then no change will
+ * be made. If the class loader is changed and a {@link org.apache.catalina.ThreadBindingListener} is configured
+ * then {@link org.apache.catalina.ThreadBindingListener#bind()} will be called after the change has been made.
*
- * @param usePrivilegedAction
- * Should a {@link java.security.PrivilegedAction} be used when
- * obtaining the current thread context class loader and setting
- * the new one?
- * @param originalClassLoader
- * The current class loader if known to save this method having to
- * look it up
+ * @param usePrivilegedAction Should a {@link java.security.PrivilegedAction} be used when obtaining the current
+ * thread context class loader and setting the new one?
+ * @param originalClassLoader The current class loader if known to save this method having to look it up
*
- * @return If the class loader has been changed by the method it will return
- * the thread context class loader in use when the method was
- * called. If no change was made then this method returns null.
+ * @return If the class loader has been changed by the method it will return the thread context class loader in use
+ * when the method was called. If no change was made then this method returns null.
*/
ClassLoader bind(boolean usePrivilegedAction, ClassLoader originalClassLoader);
/**
- * Restore the current thread context class loader to the original class
- * loader in used before {@link #bind(boolean, ClassLoader)} was called. If
- * no original class loader is passed to this method then no change will be
- * made. If the class loader is changed and a
- * {@link org.apache.catalina.ThreadBindingListener} is configured then
- * {@link org.apache.catalina.ThreadBindingListener#unbind()} will be called
- * before the change is made.
+ * Restore the current thread context class loader to the original class loader in used before
+ * {@link #bind(boolean, ClassLoader)} was called. If no original class loader is passed to this method then no
+ * change will be made. If the class loader is changed and a {@link org.apache.catalina.ThreadBindingListener} is
+ * configured then {@link org.apache.catalina.ThreadBindingListener#unbind()} will be called before the change is
+ * made.
*
- * @param usePrivilegedAction
- * Should a {@link java.security.PrivilegedAction} be used when
- * setting the current thread context class loader?
- * @param originalClassLoader
- * The class loader to restore as the thread context class loader
+ * @param usePrivilegedAction Should a {@link java.security.PrivilegedAction} be used when setting the current
+ * thread context class loader?
+ * @param originalClassLoader The class loader to restore as the thread context class loader
*/
void unbind(boolean usePrivilegedAction, ClassLoader originalClassLoader);
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/InstanceManager.java tomcat10-10.1.52/java/org/apache/tomcat/InstanceManager.java
--- tomcat10-10.1.40/java/org/apache/tomcat/InstanceManager.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/InstanceManager.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,28 +22,24 @@
public interface InstanceManager {
- Object newInstance(Class clazz) throws IllegalAccessException, InvocationTargetException,
- NamingException, InstantiationException, IllegalArgumentException,
- NoSuchMethodException, SecurityException;
-
- Object newInstance(String className) throws IllegalAccessException, InvocationTargetException,
- NamingException, InstantiationException, ClassNotFoundException,
- IllegalArgumentException, NoSuchMethodException, SecurityException;
-
- Object newInstance(String fqcn, ClassLoader classLoader) throws IllegalAccessException,
- InvocationTargetException, NamingException, InstantiationException,
- ClassNotFoundException, IllegalArgumentException, NoSuchMethodException,
- SecurityException;
+ Object newInstance(Class clazz) throws IllegalAccessException, InvocationTargetException, NamingException,
+ InstantiationException, IllegalArgumentException, NoSuchMethodException, SecurityException;
- void newInstance(Object o)
- throws IllegalAccessException, InvocationTargetException, NamingException;
+ Object newInstance(String className)
+ throws IllegalAccessException, InvocationTargetException, NamingException, InstantiationException,
+ ClassNotFoundException, IllegalArgumentException, NoSuchMethodException, SecurityException;
+
+ Object newInstance(String fqcn, ClassLoader classLoader)
+ throws IllegalAccessException, InvocationTargetException, NamingException, InstantiationException,
+ ClassNotFoundException, IllegalArgumentException, NoSuchMethodException, SecurityException;
+
+ void newInstance(Object o) throws IllegalAccessException, InvocationTargetException, NamingException;
void destroyInstance(Object o) throws IllegalAccessException, InvocationTargetException;
/**
- * Called by the component using the InstanceManager periodically to perform
- * any regular maintenance that might be required. By default, this method
- * is a NO-OP.
+ * Called by the component using the InstanceManager periodically to perform any regular maintenance that might be
+ * required. By default, this method is a NO-OP.
*/
default void backgroundProcess() {
// NO-OP by default
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/InstanceManagerBindings.java tomcat10-10.1.52/java/org/apache/tomcat/InstanceManagerBindings.java
--- tomcat10-10.1.40/java/org/apache/tomcat/InstanceManagerBindings.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/InstanceManagerBindings.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,14 +21,16 @@
public final class InstanceManagerBindings {
- private static final Map bindings = new ConcurrentHashMap<>();
+ private static final Map bindings = new ConcurrentHashMap<>();
public static void bind(ClassLoader classLoader, InstanceManager instanceManager) {
bindings.put(classLoader, instanceManager);
}
+
public static void unbind(ClassLoader classLoader) {
bindings.remove(classLoader);
}
+
public static InstanceManager get(ClassLoader classLoader) {
return bindings.get(classLoader);
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/InstrumentableClassLoader.java tomcat10-10.1.52/java/org/apache/tomcat/InstrumentableClassLoader.java
--- tomcat10-10.1.40/java/org/apache/tomcat/InstrumentableClassLoader.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/InstrumentableClassLoader.java 2026-01-23 19:33:36.000000000 +0000
@@ -19,58 +19,46 @@
import java.lang.instrument.ClassFileTransformer;
/**
- * Specifies a class loader capable of being decorated with
- * {@link ClassFileTransformer}s. These transformers can instrument
- * (or weave) the byte code of classes loaded through this class loader
- * to alter their behavior. Currently only
- * {@link org.apache.catalina.loader.WebappClassLoaderBase} implements this
- * interface. This allows web application frameworks or JPA providers
- * bundled with a web application to instrument web application classes
- * as necessary.
+ * Specifies a class loader capable of being decorated with {@link ClassFileTransformer}s. These transformers can
+ * instrument (or weave) the byte code of classes loaded through this class loader to alter their behavior. Currently
+ * only {@link org.apache.catalina.loader.WebappClassLoaderBase} implements this interface. This allows web application
+ * frameworks or JPA providers bundled with a web application to instrument web application classes as necessary.
*
- * You should always program against the methods of this interface
- * (whether using reflection or otherwise). The methods in
- * {@code WebappClassLoaderBase} are protected by the default security
- * manager if one is in use.
+ * You should always program against the methods of this interface (whether using reflection or otherwise). The methods
+ * in {@code WebappClassLoaderBase} are protected by the default security manager if one is in use.
*
* @since 8.0, 7.0.64
*/
public interface InstrumentableClassLoader {
/**
- * Adds the specified class file transformer to this class loader. The
- * transformer will then be able to instrument the bytecode of any
- * classes loaded by this class loader after the invocation of this
- * method.
+ * Adds the specified class file transformer to this class loader. The transformer will then be able to instrument
+ * the bytecode of any classes loaded by this class loader after the invocation of this method.
*
* @param transformer The transformer to add to the class loader
+ *
* @throws IllegalArgumentException if the {@literal transformer} is null.
*/
void addTransformer(ClassFileTransformer transformer);
/**
- * Removes the specified class file transformer from this class loader.
- * It will no longer be able to instrument the byte code of any classes
- * loaded by the class loader after the invocation of this method.
- * However, any classes already instrumented by this transformer before
- * this method call will remain in their instrumented state.
+ * Removes the specified class file transformer from this class loader. It will no longer be able to instrument the
+ * byte code of any classes loaded by the class loader after the invocation of this method. However, any classes
+ * already instrumented by this transformer before this method call will remain in their instrumented state.
*
* @param transformer The transformer to remove
*/
void removeTransformer(ClassFileTransformer transformer);
/**
- * Returns a copy of this class loader without any class file
- * transformers. This is a tool often used by Java Persistence API
- * providers to inspect entity classes in the absence of any
- * instrumentation, something that can't be guaranteed within the
- * context of a {@link ClassFileTransformer}'s
- * {@link ClassFileTransformer#transform(ClassLoader, String, Class,
- * java.security.ProtectionDomain, byte[]) transform} method.
+ * Returns a copy of this class loader without any class file transformers. This is a tool often used by Java
+ * Persistence API providers to inspect entity classes in the absence of any instrumentation, something that can't
+ * be guaranteed within the context of a {@link ClassFileTransformer}'s
+ * {@link ClassFileTransformer#transform(ClassLoader, String, Class, java.security.ProtectionDomain, byte[])
+ * transform} method.
*
- * The returned class loader's resource cache will have been cleared
- * so that classes already instrumented will not be retained or
- * returned.
+ * The returned class loader's resource cache will have been cleared so that classes already instrumented will not
+ * be retained or returned.
*
* @return the transformer-free copy of this class loader.
*/
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/Jar.java tomcat10-10.1.52/java/org/apache/tomcat/Jar.java
--- tomcat10-10.1.40/java/org/apache/tomcat/Jar.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/Jar.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,15 +22,12 @@
import java.util.jar.Manifest;
/**
- * Provides an abstraction for use by the various classes that need to scan
- * JARs. The classes provided by the JRE for accessing JARs
- * ({@link java.util.jar.JarFile} and {@link java.util.jar.JarInputStream}) have
- * significantly different performance characteristics depending on the form of
- * the URL used to access the JAR. For file based JAR {@link java.net.URL}s,
- * {@link java.util.jar.JarFile} is faster but for non-file based
- * {@link java.net.URL}s, {@link java.util.jar.JarFile} creates a copy of the
- * JAR in the temporary directory so {@link java.util.jar.JarInputStream} is
- * faster.
+ * Provides an abstraction for use by the various classes that need to scan JARs. The classes provided by the JRE for
+ * accessing JARs ({@link java.util.jar.JarFile} and {@link java.util.jar.JarInputStream}) have significantly different
+ * performance characteristics depending on the form of the URL used to access the JAR. For file based JAR
+ * {@link java.net.URL}s, {@link java.util.jar.JarFile} is faster but for non-file based {@link java.net.URL}s,
+ * {@link java.util.jar.JarFile} creates a copy of the JAR in the temporary directory so
+ * {@link java.util.jar.JarInputStream} is faster.
*/
public interface Jar extends AutoCloseable {
@@ -40,12 +37,11 @@
URL getJarFileURL();
/**
- * Obtain an {@link InputStream} for a given entry in a JAR. The caller is
- * responsible for closing the stream.
+ * Obtain an {@link InputStream} for a given entry in a JAR. The caller is responsible for closing the stream.
*
- * @param name Entry to obtain an {@link InputStream} for
- * @return An {@link InputStream} for the specified entry or null if
- * the entry does not exist
+ * @param name Entry to obtain an {@link InputStream} for
+ *
+ * @return An {@link InputStream} for the specified entry or null if the entry does not exist
*
* @throws IOException if an I/O error occurs while processing the JAR file
*/
@@ -54,11 +50,10 @@
/**
* Obtain the last modified time for the given resource in the JAR.
*
- * @param name Entry to obtain the modification time for
+ * @param name Entry to obtain the modification time for
*
- * @return The time (in the same format as
- * {@link System#currentTimeMillis()}) that the resource was last
- * modified. Returns -1 if the entry does not exist
+ * @return The time (in the same format as {@link System#currentTimeMillis()}) that the resource was last modified.
+ * Returns -1 if the entry does not exist
*
* @throws IOException if an I/O error occurs while processing the JAR file
*/
@@ -67,10 +62,9 @@
/**
* Determine if the given resource in present in the JAR.
*
- * @param name Entry to look for
+ * @param name Entry to look for
*
- * @return {@code true} if the entry is present in the JAR, otherwise
- * {@code false}
+ * @return {@code true} if the entry is present in the JAR, otherwise {@code false}
*
* @throws IOException if an I/O error occurs while processing the JAR file
*/
@@ -90,26 +84,24 @@
/**
* Obtains the name of the current entry.
*
- * @return The entry name
+ * @return The entry name
*/
String getEntryName();
/**
* Obtains the input stream for the current entry.
*
- * @return The input stream
- * @throws IOException If the stream cannot be obtained
+ * @return The input stream
+ *
+ * @throws IOException If the stream cannot be obtained
*/
InputStream getEntryInputStream() throws IOException;
/**
- * Obtain, in String form, the URL for an entry in this JAR. Note that for
- * JARs nested in WAR files, the Tomcat specific war:file:... form will not
- * be used, rather the jar:jar:file:... form (that the JRE does not
- * understand will be used). Note that this means that any code using these
- * URLs will need to understand the jar:jar:file:... form and use the
- * {@link org.apache.tomcat.util.scan.JarFactory} to ensure resources are
- * accessed correctly.
+ * Obtain, in String form, the URL for an entry in this JAR. Note that for JARs nested in WAR files, the Tomcat
+ * specific war:file:... form will not be used, rather the jar:jar:file:... form (that the JRE does not understand
+ * will be used). Note that this means that any code using these URLs will need to understand the jar:jar:file:...
+ * form and use the {@link org.apache.tomcat.util.scan.JarFactory} to ensure resources are accessed correctly.
*
* @param entry The entry to generate the URL for
*
@@ -127,10 +119,9 @@
Manifest getManifest() throws IOException;
/**
- * Resets the internal pointer used to track JAR entries to the beginning of
- * the JAR.
+ * Resets the internal pointer used to track JAR entries to the beginning of the JAR.
*
- * @throws IOException If the pointer cannot be reset
+ * @throws IOException If the pointer cannot be reset
*/
void reset() throws IOException;
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/JarScanFilter.java tomcat10-10.1.52/java/org/apache/tomcat/JarScanFilter.java
--- tomcat10-10.1.40/java/org/apache/tomcat/JarScanFilter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/JarScanFilter.java 2026-01-23 19:33:36.000000000 +0000
@@ -19,18 +19,18 @@
public interface JarScanFilter {
/**
- * @param jarScanType The type of JAR scan currently being performed
- * @param jarName The name of the JAR file (without any path
- * information) to be checked to see if it should
- * be included in the results or not
- * @return true if the JAR should be returned in the results,
- * false if it should be excluded
+ * @param jarScanType The type of JAR scan currently being performed
+ * @param jarName The name of the JAR file (without any path information) to be checked to see if it should be
+ * included in the results or not
+ *
+ * @return true if the JAR should be returned in the results, false if it should be
+ * excluded
*/
boolean check(JarScanType jarScanType, String jarName);
/**
- * @return true if all of the scans should be skipped which
- * can improve startup performance. The default is false.
+ * @return true if all of the scans should be skipped which can improve startup performance. The
+ * default is false.
*/
default boolean isSkipAll() {
return false;
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/JarScanner.java tomcat10-10.1.52/java/org/apache/tomcat/JarScanner.java
--- tomcat10-10.1.40/java/org/apache/tomcat/JarScanner.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/JarScanner.java 2026-01-23 19:33:36.000000000 +0000
@@ -19,25 +19,21 @@
import jakarta.servlet.ServletContext;
/**
- * Scans a web application and classloader hierarchy for JAR files. Uses
- * include TLD scanning and web-fragment.xml scanning. Uses a call-back
- * mechanism so the caller can process each JAR found.
+ * Scans a web application and classloader hierarchy for JAR files. Uses include TLD scanning and web-fragment.xml
+ * scanning. Uses a call-back mechanism so the caller can process each JAR found.
*/
public interface JarScanner {
/**
- * Scan the provided ServletContext and classloader for JAR files. Each JAR
- * file found will be passed to the callback handler to be processed.
+ * Scan the provided ServletContext and classloader for JAR files. Each JAR file found will be passed to the
+ * callback handler to be processed.
*
- * @param scanType The type of JAR scan to perform. This is passed to
- * the filter which uses it to determine how to
- * filter the results
- * @param context The ServletContext - used to locate and access
- * WEB-INF/lib
- * @param callback The handler to process any JARs found
+ * @param scanType The type of JAR scan to perform. This is passed to the filter which uses it to determine how to
+ * filter the results
+ * @param context The ServletContext - used to locate and access WEB-INF/lib
+ * @param callback The handler to process any JARs found
*/
- void scan(JarScanType scanType, ServletContext context,
- JarScannerCallback callback);
+ void scan(JarScanType scanType, ServletContext context, JarScannerCallback callback);
JarScanFilter getJarScanFilter();
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/JarScannerCallback.java tomcat10-10.1.52/java/org/apache/tomcat/JarScannerCallback.java
--- tomcat10-10.1.40/java/org/apache/tomcat/JarScannerCallback.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/JarScannerCallback.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,35 +20,31 @@
import java.io.IOException;
/**
- * This interface is implemented by clients of the {@link JarScanner} to enable
- * them to receive notification of a discovered JAR.
+ * This interface is implemented by clients of the {@link JarScanner} to enable them to receive notification of a
+ * discovered JAR.
*/
public interface JarScannerCallback {
/**
- * A JAR was found and may be accessed for further processing via the
- * provided URL connection. The caller is responsible for closing the JAR.
+ * A JAR was found and may be accessed for further processing via the provided URL connection. The caller is
+ * responsible for closing the JAR.
*
* @param jar The JAR to process
* @param webappPath The path, if any, to the JAR within the web application
- * @param isWebapp Indicates if the JAR was found within a web
- * application. If false the JAR should
+ * @param isWebapp Indicates if the JAR was found within a web application. If false the JAR should
* be treated as being provided by the container
*
* @throws IOException if an I/O error occurs while scanning the JAR
*/
- void scan(Jar jar, String webappPath, boolean isWebapp)
- throws IOException;
+ void scan(Jar jar, String webappPath, boolean isWebapp) throws IOException;
/**
- * A directory was found that is to be treated as an unpacked JAR. The
- * directory may be accessed for further processing via the provided file.
+ * A directory was found that is to be treated as an unpacked JAR. The directory may be accessed for further
+ * processing via the provided file.
*
* @param file The directory containing the unpacked JAR.
- * @param webappPath The path, if any, to the file within the web
- * application
- * @param isWebapp Indicates if the JAR was found within a web
- * application. If false the JAR should
+ * @param webappPath The path, if any, to the file within the web application
+ * @param isWebapp Indicates if the JAR was found within a web application. If false the JAR should
* be treated as being provided by the container
*
* @throws IOException if an I/O error occurs while scanning the JAR
@@ -56,10 +52,9 @@
void scan(File file, String webappPath, boolean isWebapp) throws IOException;
/**
- * A directory structure was found within the web application at
- * /WEB-INF/classes that should be handled as an unpacked JAR. Note that all
- * resource access must be via the ServletContext to ensure that any
- * additional resources are visible.
+ * A directory structure was found within the web application at /WEB-INF/classes that should be handled as an
+ * unpacked JAR. Note that all resource access must be via the ServletContext to ensure that any additional
+ * resources are visible.
*
* @throws IOException if an I/O error occurs while scanning WEB-INF/classes
*/
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/SimpleInstanceManager.java tomcat10-10.1.52/java/org/apache/tomcat/SimpleInstanceManager.java
--- tomcat10-10.1.40/java/org/apache/tomcat/SimpleInstanceManager.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/SimpleInstanceManager.java 2026-01-23 19:33:36.000000000 +0000
@@ -29,30 +29,28 @@
}
@Override
- public Object newInstance(Class clazz) throws IllegalAccessException,
- InvocationTargetException, NamingException, InstantiationException, NoSuchMethodException {
+ public Object newInstance(Class clazz) throws IllegalAccessException, InvocationTargetException, NamingException,
+ InstantiationException, NoSuchMethodException {
return prepareInstance(clazz.getConstructor().newInstance());
}
@Override
- public Object newInstance(String className) throws IllegalAccessException,
- InvocationTargetException, NamingException, InstantiationException,
- ClassNotFoundException, NoSuchMethodException {
+ public Object newInstance(String className) throws IllegalAccessException, InvocationTargetException,
+ NamingException, InstantiationException, ClassNotFoundException, NoSuchMethodException {
Class clazz = Thread.currentThread().getContextClassLoader().loadClass(className);
return prepareInstance(clazz.getConstructor().newInstance());
}
@Override
- public Object newInstance(String fqcn, ClassLoader classLoader) throws IllegalAccessException,
- InvocationTargetException, NamingException, InstantiationException,
- ClassNotFoundException, NoSuchMethodException {
+ public Object newInstance(String fqcn, ClassLoader classLoader)
+ throws IllegalAccessException, InvocationTargetException, NamingException, InstantiationException,
+ ClassNotFoundException, NoSuchMethodException {
Class clazz = classLoader.loadClass(fqcn);
return prepareInstance(clazz.getConstructor().newInstance());
}
@Override
- public void newInstance(Object o) throws IllegalAccessException, InvocationTargetException,
- NamingException {
+ public void newInstance(Object o) throws IllegalAccessException, InvocationTargetException, NamingException {
// NO-OP
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/buildutil/CheckEol.java tomcat10-10.1.52/java/org/apache/tomcat/buildutil/CheckEol.java
--- tomcat10-10.1.40/java/org/apache/tomcat/buildutil/CheckEol.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/buildutil/CheckEol.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,13 +31,10 @@
import org.apache.tools.ant.types.FileSet;
/**
- * Ant task that checks that all the files in the given fileset have end-of-line
- * delimiters that are appropriate.
- *
+ * Ant task that checks that all the files in the given fileset have end-of-line delimiters that are appropriate.
*
- * The goal is to check whether we have problems with Subversion's svn:eol-style
- * property or Git's autocrlf setting when files are committed on one OS and then
- * checked on another one.
+ * The goal is to check whether we have problems with Subversion's svn:eol-style property or Git's autocrlf setting when
+ * files are committed on one OS and then checked on another one.
*/
public class CheckEol extends Task {
@@ -52,8 +49,8 @@
*
* @param fs The fileset to be checked.
*/
- public void addFileset( FileSet fs ) {
- filesets.add( fs );
+ public void addFileset(FileSet fs) {
+ filesets.add(fs);
}
/**
@@ -61,12 +58,12 @@
*
* @param mode The line ending mode (either LF or CRLF)
*/
- public void setMode( String mode ) {
- this.mode = Mode.valueOf( mode.toUpperCase(Locale.ENGLISH) );
+ public void setMode(String mode) {
+ this.mode = Mode.valueOf(mode.toUpperCase(Locale.ENGLISH));
}
private Mode getMode() {
- if ( mode != null ) {
+ if (mode != null) {
return mode;
} else {
if ("\n".equals(System.lineSeparator())) {
@@ -82,14 +79,13 @@
/**
* Perform the check
*
- * @throws BuildException if an error occurs during execution of
- * this task.
+ * @throws BuildException if an error occurs during execution of this task.
*/
@Override
public void execute() throws BuildException {
Mode mode = getMode();
- if ( mode == null ) {
+ if (mode == null) {
log("Line ends check skipped, because OS line ends setting is neither LF nor CRLF.", Project.MSG_VERBOSE);
return;
}
@@ -107,25 +103,21 @@
log("Checking line ends in " + files.length + " file(s)");
for (String filename : files) {
File file = new File(basedir, filename);
- log("Checking file '" + file + "' for correct line ends",
- Project.MSG_DEBUG);
+ log("Checking file '" + file + "' for correct line ends", Project.MSG_DEBUG);
try {
check(file, errors, mode);
- } catch (IOException e) {
- throw new BuildException("Could not check file '"
- + file.getAbsolutePath() + "'", e);
+ } catch (IOException ioe) {
+ throw new BuildException("Could not check file '" + file.getAbsolutePath() + "'", ioe);
}
count++;
}
}
}
if (count > 0) {
- log("Done line ends check in " + count + " file(s), "
- + errors.size() + " error(s) found.");
+ log("Done line ends check in " + count + " file(s), " + errors.size() + " error(s) found.");
}
if (!errors.isEmpty()) {
- String message = "The following files have wrong line ends: "
- + errors;
+ String message = "The following files have wrong line ends: " + errors;
// We need to explicitly write the message to the log, because
// long BuildException messages may be trimmed. E.g. I observed
// this problem with Eclipse IDE 3.7.
@@ -135,7 +127,8 @@
}
private enum Mode {
- LF, CRLF
+ LF,
+ CRLF
}
private static class CheckFailure {
@@ -156,8 +149,7 @@
}
private void check(File file, List errors, Mode mode) throws IOException {
- try (FileInputStream fis = new FileInputStream(file);
- BufferedInputStream is = new BufferedInputStream(fis)) {
+ try (FileInputStream fis = new FileInputStream(file); BufferedInputStream is = new BufferedInputStream(fis)) {
int line = 1;
int prev = -1;
int ch;
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/buildutil/MimeTypeMappings.java tomcat10-10.1.52/java/org/apache/tomcat/buildutil/MimeTypeMappings.java
--- tomcat10-10.1.40/java/org/apache/tomcat/buildutil/MimeTypeMappings.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/buildutil/MimeTypeMappings.java 2026-01-23 19:33:36.000000000 +0000
@@ -49,7 +49,7 @@
digester.parse(globalWebXml);
Map webXmlMimeMappings = webXmlDefaultFragment.getMimeMappings();
- SortedMap sortedWebXmlMimeMappings = new TreeMap<>(webXmlMimeMappings);
+ SortedMap sortedWebXmlMimeMappings = new TreeMap<>(webXmlMimeMappings);
File f = new File("java/org/apache/catalina/startup/MimeTypeMappings.properties");
try (FileOutputStream fos = new FileOutputStream(f);
@@ -59,7 +59,7 @@
w.write(System.lineSeparator());
- for (Map.Entry mapping : sortedWebXmlMimeMappings.entrySet()) {
+ for (Map.Entry mapping : sortedWebXmlMimeMappings.entrySet()) {
w.write(mapping.getKey());
w.write("=");
w.write(mapping.getValue());
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/buildutil/RepeatableArchive.java tomcat10-10.1.52/java/org/apache/tomcat/buildutil/RepeatableArchive.java
--- tomcat10-10.1.40/java/org/apache/tomcat/buildutil/RepeatableArchive.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/buildutil/RepeatableArchive.java 2026-01-23 19:33:36.000000000 +0000
@@ -41,11 +41,9 @@
/**
* Ant task to assist with repeatable builds.
*
- * While originally written to address an issue with Javadoc output, this task
- * takes a generic approach that could be used with any archive. The task takes
- * a set of zip (or jar, war etc) files as its input and sets the last modified
- * time of every file in the archive to be the same as the last modified time
- * of the archive.
+ * While originally written to address an issue with Javadoc output, this task takes a generic approach that could be
+ * used with any archive. The task takes a set of zip (or jar, war etc) files as its input and sets the last modified
+ * time of every file in the archive to be the same as the last modified time of the archive.
*/
public class RepeatableArchive extends Task {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/buildutil/Txt2Html.java tomcat10-10.1.52/java/org/apache/tomcat/buildutil/Txt2Html.java
--- tomcat10-10.1.40/java/org/apache/tomcat/buildutil/Txt2Html.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/buildutil/Txt2Html.java 2026-01-23 19:33:36.000000000 +0000
@@ -34,17 +34,12 @@
import org.apache.tools.ant.types.FileSet;
/**
- * Ant task to convert a given set of files from Text to HTML.
- * Inserts an HTML header including pre tags and replaces special characters
- * with their HTML escaped equivalents.
- *
- *
This task is currently used by the ant script to build our examples
- *
- * @author Mark Roth
+ * Ant task to convert a given set of files from Text to HTML. Inserts an HTML header including pre tags and replaces
+ * special characters with their HTML escaped equivalents.
+ *
+ * This task is currently used by the ant script to build our examples
*/
-public class Txt2Html
- extends Task
-{
+public class Txt2Html extends Task {
/** The directory to contain the resulting files */
private File todir;
@@ -53,14 +48,13 @@
private final List filesets = new ArrayList<>();
/**
- * The encoding of the source files (.java and .jsp). Once they use
- * UTF-8, this will need to be updated.
+ * The encoding of the source files (.java and .jsp). Once they use UTF-8, this will need to be updated.
*/
private static final String SOURCE_ENCODING = "ISO-8859-1";
/**
- * Line terminator to be used for separating lines of the generated
- * HTML page, to be independent of the "line.separator" system property.
+ * Line terminator to be used for separating lines of the generated HTML page, to be independent of the
+ * "line.separator" system property.
*/
private static final String LINE_SEPARATOR = "\r\n";
@@ -69,7 +63,7 @@
*
* @param todir The directory
*/
- public void setTodir( File todir ) {
+ public void setTodir(File todir) {
this.todir = todir;
}
@@ -78,20 +72,17 @@
*
* @param fs The fileset to be converted.
*/
- public void addFileset( FileSet fs ) {
- filesets.add( fs );
+ public void addFileset(FileSet fs) {
+ filesets.add(fs);
}
/**
* Perform the conversion
*
- * @throws BuildException if an error occurs during execution of
- * this task.
+ * @throws BuildException if an error occurs during execution of this task.
*/
@Override
- public void execute()
- throws BuildException
- {
+ public void execute() throws BuildException {
int count = 0;
// Step through each file and convert.
@@ -102,23 +93,21 @@
for (String file : files) {
File from = new File(basedir, file);
File to = new File(todir, file + ".html");
- if (!to.exists() ||
- (from.lastModified() > to.lastModified())) {
- log("Converting file '" + from.getAbsolutePath() +
- "' to '" + to.getAbsolutePath(), Project.MSG_VERBOSE);
+ if (!to.exists() || (from.lastModified() > to.lastModified())) {
+ log("Converting file '" + from.getAbsolutePath() + "' to '" + to.getAbsolutePath(),
+ Project.MSG_VERBOSE);
try {
convert(from, to);
- } catch (IOException e) {
- throw new BuildException("Could not convert '" +
- from.getAbsolutePath() + "' to '" +
- to.getAbsolutePath() + "'", e);
+ } catch (IOException ioe) {
+ throw new BuildException(
+ "Could not convert '" + from.getAbsolutePath() + "' to '" + to.getAbsolutePath() + "'",
+ ioe);
}
count++;
}
}
- if( count > 0 ) {
- log( "Converted " + count + " file" + (count > 1 ? "s" : "") +
- " to " + todir.getAbsolutePath() );
+ if (count > 0) {
+ log("Converted " + count + " file" + (count > 1 ? "s" : "") + " to " + todir.getAbsolutePath());
}
}
}
@@ -127,45 +116,43 @@
* Perform the actual copy and conversion
*
* @param from The input file
- * @param to The output file
+ * @param to The output file
+ *
* @throws IOException Thrown if an error occurs during the conversion
*/
- private void convert( File from, File to )
- throws IOException
- {
+ private void convert(File from, File to) throws IOException {
// Open files:
- try (BufferedReader in = new BufferedReader(new InputStreamReader(
- new FileInputStream(from), SOURCE_ENCODING))) {
- try (PrintWriter out = new PrintWriter(new OutputStreamWriter(
- new FileOutputStream(to), "UTF-8"))) {
+ try (BufferedReader in =
+ new BufferedReader(new InputStreamReader(new FileInputStream(from), SOURCE_ENCODING))) {
+ try (PrintWriter out = new PrintWriter(new OutputStreamWriter(new FileOutputStream(to), "UTF-8"))) {
// Output header:
- out.print(""
- + "Source Code
" );
+ out.print("" +
+ "Source Code
");
// Convert, line-by-line:
String line;
- while( (line = in.readLine()) != null ) {
+ while ((line = in.readLine()) != null) {
StringBuilder result = new StringBuilder();
int len = line.length();
- for( int i = 0; i < len; i++ ) {
- char c = line.charAt( i );
- switch( c ) {
+ for (int i = 0; i < len; i++) {
+ char c = line.charAt(i);
+ switch (c) {
case '&':
- result.append( "&" );
+ result.append("&");
break;
case '<':
- result.append( "<" );
+ result.append("<");
break;
default:
- result.append( c );
+ result.append(c);
}
}
- out.print( result.toString() + LINE_SEPARATOR );
+ out.print(result.toString() + LINE_SEPARATOR);
}
// Output footer:
- out.print( "
" );
+ out.print("
");
}
}
@@ -173,4 +160,3 @@
}
-
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/buildutil/translate/BackportEnglish.java tomcat10-10.1.52/java/org/apache/tomcat/buildutil/translate/BackportEnglish.java
--- tomcat10-10.1.40/java/org/apache/tomcat/buildutil/translate/BackportEnglish.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/buildutil/translate/BackportEnglish.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,11 +21,9 @@
import java.util.Set;
/**
- * Generates a set of English property files to back-port updates to a previous
- * version. Where a key exists in the source and target versions the value is
- * copied from the source to the target, overwriting the value in the target.
- * The expectation is that the changes will be manually reviewed before
- * committing them.
+ * Generates a set of English property files to back-port updates to a previous version. Where a key exists in the
+ * source and target versions the value is copied from the source to the target, overwriting the value in the target.
+ * The expectation is that the changes will be manually reviewed before committing them.
*/
public class BackportEnglish extends BackportBase {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/buildutil/translate/BackportTranslations.java tomcat10-10.1.52/java/org/apache/tomcat/buildutil/translate/BackportTranslations.java
--- tomcat10-10.1.40/java/org/apache/tomcat/buildutil/translate/BackportTranslations.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/buildutil/translate/BackportTranslations.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,10 +20,8 @@
import java.util.Properties;
/**
- * Generates a set of translated property files to back-port updates to a
- * previous version. If the source and target use the same value for the English
- * key then any translated value for that key is copied from the source to the
- * target.
+ * Generates a set of translated property files to back-port updates to a previous version. If the source and target use
+ * the same value for the English key then any translated value for that key is copied from the source to the target.
*/
public class BackportTranslations extends BackportBase {
@@ -53,8 +51,7 @@
}
for (Object key : targetEnglish.keySet()) {
- if (sourceTranslated.containsKey(key) &&
- targetEnglish.get(key).equals(sourceEnglish.get(key))) {
+ if (sourceTranslated.containsKey(key) && targetEnglish.get(key).equals(sourceEnglish.get(key))) {
targetTranslated.put(key, sourceTranslated.get(key));
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/buildutil/translate/Import.java tomcat10-10.1.52/java/org/apache/tomcat/buildutil/translate/Import.java
--- tomcat10-10.1.40/java/org/apache/tomcat/buildutil/translate/Import.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/buildutil/translate/Import.java 2026-01-23 19:33:36.000000000 +0000
@@ -68,7 +68,8 @@
if (w != null) {
w.close();
}
- File outFile = new File(currentPkg.replace('.', File.separatorChar), Constants.L10N_PREFIX + language + Constants.L10N_SUFFIX);
+ File outFile = new File(currentPkg.replace('.', File.separatorChar),
+ Constants.L10N_PREFIX + language + Constants.L10N_SUFFIX);
FileOutputStream fos = new FileOutputStream(outFile);
w = new OutputStreamWriter(fos, StandardCharsets.UTF_8);
org.apache.tomcat.buildutil.Utils.insertLicense(w);
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/buildutil/translate/Utils.java tomcat10-10.1.52/java/org/apache/tomcat/buildutil/translate/Utils.java
--- tomcat10-10.1.40/java/org/apache/tomcat/buildutil/translate/Utils.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/buildutil/translate/Utils.java 2026-01-23 19:33:36.000000000 +0000
@@ -64,13 +64,21 @@
try (FileInputStream fis = new FileInputStream(f);
Reader r = new InputStreamReader(fis, StandardCharsets.UTF_8)) {
props.load(r);
- } catch (IOException e) {
- e.printStackTrace();
+ } catch (IOException ioe) {
+ ioe.printStackTrace();
}
return props;
}
+ /*
+ * This is the formatting applied when exporting values from Tomcat to POE.
+ *
+ * The values have been read from Tomcat's property files (so the input is the actual value with none of the
+ * escaping required to represent that value in a property file) and are being written back out in a single file to
+ * be imported into POEditor. The padding for blank lines needs to be added followed by the common formatting
+ * required to convert a property value to the representation of that value in a file.
+ */
static String formatValueExport(String in) {
String result;
@@ -84,6 +92,14 @@
}
+ /*
+ * This is the formatting applied when importing values to Tomcat from POE.
+ *
+ * The values have been read from POE's property files (so the input is the actual value with none of the
+ * escaping required to represent that value in a property file) and are being written back out to individual files
+ * in Tomcat. The padding for blank lines needs to be removed followed by the common formatting required to convert
+ * a property value to the representation of that value in a file.
+ */
static String formatValueImport(String in) {
String result;
@@ -98,9 +114,8 @@
/*
- * Values containing "[{n}]" and "'" need to have the "'" escaped as "''".
- * POEditor attempts to do this automatically but does it for any value
- * containing "{" or "}" leading to some unnecessary escaping. This method
+ * Values containing "[{n}]" and "'" need to have the "'" escaped as "''". POEditor attempts to do this
+ * automatically but does it for any value containing "{" or "}" leading to some unnecessary escaping. This method
* undoes the unnecessary escaping.
*/
static String fixUnnecessaryEscaping(String key, String value) {
@@ -112,8 +127,13 @@
/*
- * Common formatting to convert a String for storage as a value in a
- * property file.
+ * Common formatting to convert a String value for storage as a value in a property file. Values that contain
+ * line-breaks need the line-break in the value to be replaced with the correct representation of a line-break in a
+ * property file. Leading space needs to be escaped with a '\' and horizontal tabs need to be converted to "\t".
+ *
+ * Note that a single '\' needs to be escaped both in a Java string and in a property file so if a property value
+ * needs to contain a single `\` (e.g. to escape white space at the start of a line) that will appear as "\\\\" in
+ * the Java code.
*/
static String formatValueCommon(String in) {
String result = in.replace("\n", "\\n\\\n");
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/AbandonedTrace.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/AbandonedTrace.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/AbandonedTrace.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/AbandonedTrace.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -131,12 +131,12 @@
* @return List of objects.
*/
protected List getTrace() {
- final int size = traceList.size();
- if (size == 0) {
- return Collections.emptyList();
- }
- final ArrayList result = new ArrayList<>(size);
synchronized (this.traceList) {
+ final int size = traceList.size();
+ if (size == 0) {
+ return Collections.emptyList();
+ }
+ final ArrayList result = new ArrayList<>(size);
final Iterator> iter = traceList.iterator();
while (iter.hasNext()) {
final AbandonedTrace trace = iter.next().get();
@@ -147,8 +147,8 @@
result.add(trace);
}
}
+ return result;
}
- return result;
}
/**
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSource.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -72,8 +72,8 @@
private static final Log log = LogFactory.getLog(BasicDataSource.class);
static {
- // Attempt to prevent deadlocks - see DBCP - 272
- DriverManager.getDrivers();
+ // Attempt to prevent deadlocks - see DBCP-272
+ DriverManager.getDrivers(); // NOPMD
try {
// Load classes now to prevent AccessControlExceptions later
// A number of classes are loaded when getConnection() is called
@@ -153,7 +153,7 @@
* The property that controls if the pooled connections cache some state rather than query the database for current
* state to improve performance.
*/
- private boolean cacheState = true;
+ private volatile boolean cacheState = true;
/**
* The instance of the JDBC Driver to use.
@@ -219,7 +219,7 @@
*/
private boolean poolPreparedStatements;
- private boolean clearStatementPoolOnReturn;
+ private volatile boolean clearStatementPoolOnReturn;
/**
*
@@ -330,19 +330,19 @@
/**
* Controls access to the underlying connection.
*/
- private boolean accessToUnderlyingConnectionAllowed;
+ private volatile boolean accessToUnderlyingConnectionAllowed;
private Duration maxConnDuration = Duration.ofMillis(-1);
- private boolean logExpiredConnections = true;
+ private volatile boolean logExpiredConnections = true;
private String jmxName;
- private boolean registerConnectionMBean = true;
+ private volatile boolean registerConnectionMBean = true;
- private boolean autoCommitOnReturn = true;
+ private volatile boolean autoCommitOnReturn = true;
- private boolean rollbackOnReturn = true;
+ private volatile boolean rollbackOnReturn = true;
private volatile Set disconnectionSqlCodes;
@@ -353,7 +353,7 @@
*/
private volatile Set disconnectionIgnoreSqlCodes;
- private boolean fastFailValidation;
+ private volatile boolean fastFailValidation;
/**
* The object pool that internally manages our connections.
@@ -389,6 +389,13 @@
private ObjectNameWrapper registeredJmxObjectName;
/**
+ * Constructs a new instance.
+ */
+ public BasicDataSource() {
+ // empty
+ }
+
+ /**
* Adds a custom connection property to the set that will be passed to our JDBC driver. This MUST
* be called before the first connection is retrieved (along with all the other configuration property setters).
* Calls to this method after the connection pool has been initialized have no effect.
@@ -458,7 +465,7 @@
* with the specified {@link ClassLoader}.
*
If {code driverClassName} is specified and the previous attempt fails, the class is loaded using the
* context class loader of the current thread.
- *
If a driver still isn't loaded one is loaded via the {@link DriverManager} using the specified {code connectionString}.
+ *
If a driver still isn't loaded one is loaded via the {@link DriverManager} using the specified {code connectionString}.
*
*
* This method exists so subclasses can replace the implementation class.
@@ -2021,8 +2028,8 @@
*
*
* @param disconnectionSqlCodes SQL State codes considered to signal fatal conditions
- * @since 2.1
* @throws IllegalArgumentException if any SQL state codes overlap with those in {@link #disconnectionIgnoreSqlCodes}.
+ * @since 2.1
*/
public void setDisconnectionSqlCodes(final Collection disconnectionSqlCodes) {
Utils.checkSqlCodes(disconnectionSqlCodes, this.disconnectionIgnoreSqlCodes);
@@ -2110,8 +2117,10 @@
}
/**
+ * Sets whether connections created by this factory will fast fail validation.
+ *
+ * @param fastFailValidation true means connections created by this factory will fast fail validation.
* @see #getFastFailValidation()
- * @param fastFailValidation true means connections created by this factory will fast fail validation
* @since 2.1
*/
public void setFastFailValidation(final boolean fastFailValidation) {
@@ -2155,6 +2164,8 @@
}
/**
+ * Sets whether to log abandoned resources.
+ *
* @param logAbandoned new logAbandoned property value
*/
public void setLogAbandoned(final boolean logAbandoned) {
@@ -2392,8 +2403,9 @@
}
/**
- * @param removeAbandonedOnBorrow true means abandoned connections may be removed when connections are borrowed from
- * the pool.
+ * Sets abandoned connections may be removed when connections are borrowed from the pool.
+ *
+ * @param removeAbandonedOnBorrow true means abandoned connections may be removed when connections are borrowed from the pool.
* @see #getRemoveAbandonedOnBorrow()
*/
public void setRemoveAbandonedOnBorrow(final boolean removeAbandonedOnBorrow) {
@@ -2401,6 +2413,8 @@
}
/**
+ * Sets whether abandoned connections may be removed on pool maintenance.
+ *
* @param removeAbandonedOnMaintenance true means abandoned connections may be removed on pool maintenance.
* @see #getRemoveAbandonedOnMaintenance()
*/
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -49,12 +49,12 @@
import org.apache.tomcat.dbcp.pool2.impl.GenericObjectPoolConfig;
/**
- * JNDI object factory that creates an instance of {@code BasicDataSource} that has been configured based on the
- * {@code RefAddr} values of the specified {@code Reference}, which must match the names and data types of the
- * {@code BasicDataSource} bean properties with the following exceptions:
+ * JNDI object factory that creates an instance of {@link BasicDataSource} that has been configured based on the
+ * {@link RefAddr} values of the specified {@code Reference}, which must match the names and data types of the
+ * {@link BasicDataSource} bean properties with the following exceptions:
*
*
{@code connectionInitSqls} must be passed to this factory as a single String using semicolon to delimit the
- * statements whereas {@code BasicDataSource} requires a collection of Strings.
+ * statements whereas {@link BasicDataSource} requires a collection of Strings.
*
*
* @since 2.0
@@ -131,7 +131,6 @@
*/
private static final String PROP_DISCONNECTION_IGNORE_SQL_CODES = "disconnectionIgnoreSqlCodes";
-
/*
* Block with obsolete properties from DBCP 1.x. Warn users that these are ignored and they should use the 2.x
* properties.
@@ -175,11 +174,11 @@
"Property " + NUPROP_MAX_ACTIVE + " is not used in DBCP2, use " + PROP_MAX_TOTAL + " instead. "
+ PROP_MAX_TOTAL + " default value is " + GenericObjectPoolConfig.DEFAULT_MAX_TOTAL + ".");
NUPROP_WARNTEXT.put(NUPROP_REMOVE_ABANDONED,
- "Property " + NUPROP_REMOVE_ABANDONED + " is not used in DBCP2," + " use one or both of "
+ "Property " + NUPROP_REMOVE_ABANDONED + " is not used in DBCP2, use one or both of "
+ PROP_REMOVE_ABANDONED_ON_BORROW + " or " + PROP_REMOVE_ABANDONED_ON_MAINTENANCE + " instead. "
+ "Both have default value set to false.");
NUPROP_WARNTEXT.put(NUPROP_MAXWAIT,
- "Property " + NUPROP_MAXWAIT + " is not used in DBCP2" + " , use " + PROP_MAX_WAIT_MILLIS + " instead. "
+ "Property " + NUPROP_MAXWAIT + " is not used in DBCP2 , use " + PROP_MAX_WAIT_MILLIS + " instead. "
+ PROP_MAX_WAIT_MILLIS + " default value is " + BaseObjectPoolConfig.DEFAULT_MAX_WAIT
+ ".");
}
@@ -240,31 +239,31 @@
value = value.toUpperCase(Locale.ROOT);
int level = PoolableConnectionFactory.UNKNOWN_TRANSACTION_ISOLATION;
switch (value) {
- case "NONE":
- level = Connection.TRANSACTION_NONE;
- break;
- case "READ_COMMITTED":
- level = Connection.TRANSACTION_READ_COMMITTED;
- break;
- case "READ_UNCOMMITTED":
- level = Connection.TRANSACTION_READ_UNCOMMITTED;
- break;
- case "REPEATABLE_READ":
- level = Connection.TRANSACTION_REPEATABLE_READ;
- break;
- case "SERIALIZABLE":
- level = Connection.TRANSACTION_SERIALIZABLE;
- break;
- default:
- try {
- level = Integer.parseInt(value);
- } catch (final NumberFormatException e) {
- System.err.println("Could not parse defaultTransactionIsolation: " + value);
- System.err.println("WARNING: defaultTransactionIsolation not set");
- System.err.println("using default value of database driver");
- level = PoolableConnectionFactory.UNKNOWN_TRANSACTION_ISOLATION;
- }
- break;
+ case "NONE":
+ level = Connection.TRANSACTION_NONE;
+ break;
+ case "READ_COMMITTED":
+ level = Connection.TRANSACTION_READ_COMMITTED;
+ break;
+ case "READ_UNCOMMITTED":
+ level = Connection.TRANSACTION_READ_UNCOMMITTED;
+ break;
+ case "REPEATABLE_READ":
+ level = Connection.TRANSACTION_REPEATABLE_READ;
+ break;
+ case "SERIALIZABLE":
+ level = Connection.TRANSACTION_SERIALIZABLE;
+ break;
+ default:
+ try {
+ level = Integer.parseInt(value);
+ } catch (final NumberFormatException e) {
+ System.err.println("Could not parse defaultTransactionIsolation: " + value);
+ System.err.println("WARNING: defaultTransactionIsolation not set");
+ System.err.println("using default value of database driver");
+ level = PoolableConnectionFactory.UNKNOWN_TRANSACTION_ISOLATION;
+ }
+ break;
}
dataSource.setDefaultTransactionIsolation(level);
});
@@ -306,9 +305,10 @@
final String value = properties.getProperty(PROP_CONNECTION_PROPERTIES);
if (value != null) {
- for (final Object key : getProperties(value).keySet()) {
- final String propertyName = Objects.toString(key, null);
- dataSource.addConnectionProperty(propertyName, getProperties(value).getProperty(propertyName));
+ final Properties connectionProperties = getProperties(value);
+ for (final Object key : connectionProperties.keySet()) {
+ final String propertyName = Objects.toString(key);
+ dataSource.addConnectionProperty(propertyName, connectionProperties.getProperty(propertyName));
}
}
@@ -376,7 +376,14 @@
}
/**
- * Creates and return a new {@code BasicDataSource} instance. If no instance can be created, return
+ * Constructs a new instance.
+ */
+ public BasicDataSourceFactory() {
+ // empty
+ }
+
+ /**
+ * Creates and return a new {@link BasicDataSource} instance. If no instance can be created, return
* {@code null} instead.
*
* @param obj
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceMXBean.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceMXBean.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceMXBean.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceMXBean.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/ConnectionFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/ConnectionFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/ConnectionFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/ConnectionFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -20,15 +20,15 @@
import java.sql.SQLException;
/**
- * Abstract factory interface for creating {@link java.sql.Connection}s.
+ * Abstract factory interface for creating {@link Connection}s.
*
* @since 2.0
*/
public interface ConnectionFactory {
/**
- * Create a new {@link java.sql.Connection} in an implementation specific fashion.
+ * Create a new {@link Connection} in an implementation specific fashion.
*
- * @return a new {@link java.sql.Connection}
+ * @return a new {@link Connection}
* @throws SQLException
* if a database error occurs creating the connection
*/
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/ConnectionFactoryFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/ConnectionFactoryFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/ConnectionFactoryFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/ConnectionFactoryFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/Constants.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/Constants.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/Constants.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/Constants.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -61,4 +61,14 @@
* @since 2.9.0
*/
public static final String KEY_USER = "user";
+
+ /**
+ * Deprecated, only contains static methods.
+ *
+ * @deprecated Will be private in the next major version.
+ */
+ @Deprecated
+ public Constants() {
+ // empty
+ }
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DataSourceConnectionFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DataSourceConnectionFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DataSourceConnectionFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DataSourceConnectionFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -86,6 +86,8 @@
}
/**
+ * Gets the data source..
+ *
* @return The data source.
* @since 2.6.0
*/
@@ -94,7 +96,9 @@
}
/**
- * @return The user name.
+ * Gets the user name, may be null.
+ *
+ * @return The user name, may be null.
* @since 2.6.0
*/
public String getUserName() {
@@ -102,7 +106,9 @@
}
/**
- * @return The user password.
+ * Gets the user password, may be null.
+ *
+ * @return The user password, may be null.
* @since 2.6.0
*/
public char[] getUserPassword() {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DataSourceMXBean.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DataSourceMXBean.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DataSourceMXBean.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DataSourceMXBean.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DelegatingCallableStatement.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DelegatingCallableStatement.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DelegatingCallableStatement.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DelegatingCallableStatement.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DelegatingConnection.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DelegatingConnection.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DelegatingConnection.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DelegatingConnection.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -69,8 +69,7 @@
private volatile C connection;
private volatile boolean closed;
-
- private boolean cacheState = true;
+ private volatile boolean cacheState = true;
private Boolean cachedAutoCommit;
private Boolean cachedReadOnly;
private String cachedCatalog;
@@ -167,6 +166,11 @@
}
}
+ /**
+ * Closes the underlying connection for {@link #close()}.
+ *
+ * @throws SQLException SQLException if a database access error occurs.
+ */
protected final void closeInternal() throws SQLException {
try {
passivate();
@@ -284,7 +288,7 @@
@Override
public Statement createStatement(final int resultSetType, final int resultSetConcurrency,
- final int resultSetHoldability) throws SQLException {
+ final int resultSetHoldability) throws SQLException {
checkOpen();
try {
return init(new DelegatingStatement(this,
@@ -426,14 +430,14 @@
}
/**
- * If my underlying {@link Connection} is not a {@code DelegatingConnection}, returns it, otherwise recursively
+ * If my underlying {@link Connection} is not a {@link DelegatingConnection}, returns it, otherwise recursively
* invokes this method on my delegate.
*
- * Hence this method will return the first delegate that is not a {@code DelegatingConnection}, or {@code null} when
- * no non-{@code DelegatingConnection} delegate can be found by traversing this chain.
+ * Hence this method will return the first delegate that is not a {@link DelegatingConnection}, or {@code null} when
+ * no non-{@link DelegatingConnection} delegate can be found by traversing this chain.
*
*
- * This method is useful when you may have nested {@code DelegatingConnection}s, and you want to make sure to obtain
+ * This method is useful when you may have nested {@link DelegatingConnection}s, and you want to make sure to obtain
* a "genuine" {@link Connection}.
*
*
@@ -541,11 +545,11 @@
}
/**
- * Handles the given {@code SQLException}.
+ * Handles the given {@link SQLException}.
*
* @param The throwable type.
* @param e The SQLException
- * @return the given {@code SQLException}
+ * @return the given {@link SQLException}
* @since 2.7.0
*/
protected T handleExceptionNoThrow(final T e) {
@@ -643,10 +647,7 @@
@Override
public boolean isWrapperFor(final Class iface) throws SQLException {
- if (iface.isAssignableFrom(getClass())) {
- return true;
- }
- if (iface.isAssignableFrom(connection.getClass())) {
+ if (iface.isAssignableFrom(getClass()) || iface.isAssignableFrom(connection.getClass())) {
return true;
}
return connection.isWrapperFor(iface);
@@ -710,7 +711,7 @@
@Override
public CallableStatement prepareCall(final String sql, final int resultSetType, final int resultSetConcurrency,
- final int resultSetHoldability) throws SQLException {
+ final int resultSetHoldability) throws SQLException {
checkOpen();
try {
return init(new DelegatingCallableStatement(this,
@@ -758,7 +759,7 @@
@Override
public PreparedStatement prepareStatement(final String sql, final int resultSetType, final int resultSetConcurrency,
- final int resultSetHoldability) throws SQLException {
+ final int resultSetHoldability) throws SQLException {
checkOpen();
try {
return init(new DelegatingPreparedStatement(this,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DelegatingDatabaseMetaData.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DelegatingDatabaseMetaData.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DelegatingDatabaseMetaData.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DelegatingDatabaseMetaData.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -264,13 +264,13 @@
}
/**
- * If my underlying {@link ResultSet} is not a {@code DelegatingResultSet}, returns it, otherwise recursively invokes this method on my delegate.
+ * If my underlying {@link ResultSet} is not a {@link DelegatingResultSet}, returns it, otherwise recursively invokes this method on my delegate.
*
- * Hence this method will return the first delegate that is not a {@code DelegatingResultSet}, or {@code null} when no non-{@code DelegatingResultSet}
+ * Hence this method will return the first delegate that is not a {@link DelegatingResultSet}, or {@code null} when no non-{@link DelegatingResultSet}
* delegate can be found by traversing this chain.
*
*
- * This method is useful when you may have nested {@code DelegatingResultSet}s, and you want to make sure to obtain a "genuine" {@link ResultSet}.
+ * This method is useful when you may have nested {@link DelegatingResultSet}s, and you want to make sure to obtain a "genuine" {@link ResultSet}.
*
*
* @return the innermost database meta data.
@@ -580,10 +580,7 @@
@Override
public boolean isWrapperFor(final Class iface) throws SQLException {
- if (iface.isAssignableFrom(getClass())) {
- return true;
- }
- if (iface.isAssignableFrom(databaseMetaData.getClass())) {
+ if (iface.isAssignableFrom(getClass()) || iface.isAssignableFrom(databaseMetaData.getClass())) {
return true;
}
return databaseMetaData.isWrapperFor(iface);
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DelegatingPreparedStatement.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DelegatingPreparedStatement.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DelegatingPreparedStatement.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DelegatingPreparedStatement.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -167,10 +167,14 @@
}
}
+ /**
+ * Prepares internal states before calling {@link #passivate()}.
+ *
+ * @throws SQLException Thrown closing a traced resource or calling {@link #passivate()}.
+ */
protected void prepareToReturn() throws SQLException {
setClosedInternal(true);
removeThisTrace(getConnectionInternal());
-
// The JDBC spec requires that a statement close any open
// ResultSet's when it is closed.
// FIXME The PreparedStatement we're wrapping should handle this for us.
@@ -184,7 +188,6 @@
throw new SQLExceptionList(thrownList);
}
}
-
super.passivate();
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DelegatingResultSet.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DelegatingResultSet.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DelegatingResultSet.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DelegatingResultSet.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -595,14 +595,14 @@
}
/**
- * If my underlying {@link ResultSet} is not a {@code DelegatingResultSet}, returns it, otherwise recursively
+ * If my underlying {@link ResultSet} is not a {@link DelegatingResultSet}, returns it, otherwise recursively
* invokes this method on my delegate.
*
- * Hence this method will return the first delegate that is not a {@code DelegatingResultSet}, or {@code null} when
- * no non-{@code DelegatingResultSet} delegate can be found by traversing this chain.
+ * Hence this method will return the first delegate that is not a {@link DelegatingResultSet}, or {@code null} when
+ * no non-{@link DelegatingResultSet} delegate can be found by traversing this chain.
*
*
- * This method is useful when you may have nested {@code DelegatingResultSet}s, and you want to make sure to obtain
+ * This method is useful when you may have nested {@link DelegatingResultSet}s, and you want to make sure to obtain
* a "genuine" {@link ResultSet}.
*
*
@@ -1052,6 +1052,12 @@
}
}
+ /**
+ * Handles a SQL exception by delegating to a DelegatingStatement or DelegatingConnection.
+ *
+ * @param e The exception to handle.
+ * @throws SQLException Throws the given exception if not handled.
+ */
protected void handleException(final SQLException e) throws SQLException {
if (statement instanceof DelegatingStatement) {
((DelegatingStatement) statement).handleException(e);
@@ -1123,10 +1129,7 @@
@Override
public boolean isWrapperFor(final Class iface) throws SQLException {
- if (iface.isAssignableFrom(getClass())) {
- return true;
- }
- if (iface.isAssignableFrom(resultSet.getClass())) {
+ if (iface.isAssignableFrom(getClass()) || iface.isAssignableFrom(resultSet.getClass())) {
return true;
}
return resultSet.isWrapperFor(iface);
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DelegatingStatement.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DelegatingStatement.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DelegatingStatement.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DelegatingStatement.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -44,7 +44,7 @@
/** The connection that created me. **/
private DelegatingConnection connection;
- private boolean closed;
+ private volatile boolean closed;
/**
* Create a wrapper for the Statement which traces this Statement to the Connection which created it and the code
@@ -62,6 +62,8 @@
}
/**
+ * Activates this instance by delegating to the underlying statement.
+ *
* @throws SQLException
* thrown by the delegating statement.
* @since 2.4.0 made public, was protected in 2.3.0.
@@ -92,6 +94,11 @@
}
}
+ /**
+ * Checks whether this instance is closed and throws an exception if it is.
+ *
+ * @throws SQLException Thrown if this instance is closed.
+ */
protected void checkOpen() throws SQLException {
if (isClosed()) {
throw new SQLException(this.getClass().getName() + " with address: \"" + toString() + "\" is closed.");
@@ -390,6 +397,11 @@
return getConnectionInternal(); // return the delegating connection that created this
}
+ /**
+ * Gets the internal connection.
+ *
+ * @return the internal connection.
+ */
protected DelegatingConnection getConnectionInternal() {
return connection;
}
@@ -438,14 +450,14 @@
}
/**
- * If my underlying {@link Statement} is not a {@code DelegatingStatement}, returns it, otherwise recursively
+ * If my underlying {@link Statement} is not a {@link DelegatingStatement}, returns it, otherwise recursively
* invokes this method on my delegate.
*
- * Hence this method will return the first delegate that is not a {@code DelegatingStatement} or {@code null} when
- * no non-{@code DelegatingStatement} delegate can be found by traversing this chain.
+ * Hence this method will return the first delegate that is not a {@link DelegatingStatement} or {@code null} when
+ * no non-{@link DelegatingStatement} delegate can be found by traversing this chain.
*
*
- * This method is useful when you may have nested {@code DelegatingStatement}s, and you want to make sure to obtain
+ * This method is useful when you may have nested {@link DelegatingStatement}s, and you want to make sure to obtain
* a "genuine" {@link Statement}.
*
*
@@ -612,6 +624,12 @@
}
}
+ /**
+ * Delegates the exception to the internal connection if set, otherwise rethrows it.
+ *
+ * @param e The exception to handle.
+ * @throws SQLException The given exception if not handled.
+ */
protected void handleException(final SQLException e) throws SQLException {
if (connection == null) {
throw e;
@@ -627,6 +645,11 @@
return closed;
}
+ /**
+ * Tests whether this instance is closed.
+ *
+ * @return whether this instance is closed.
+ */
protected boolean isClosedInternal() {
return closed;
}
@@ -655,16 +678,15 @@
@Override
public boolean isWrapperFor(final Class iface) throws SQLException {
- if (iface.isAssignableFrom(getClass())) {
- return true;
- }
- if (iface.isAssignableFrom(statement.getClass())) {
+ if (iface.isAssignableFrom(getClass()) || iface.isAssignableFrom(statement.getClass())) {
return true;
}
return statement.isWrapperFor(iface);
}
/**
+ * Passivates this instance by delegating to the underlying statement.
+ *
* @throws SQLException
* thrown by the delegating statement.
* @since 2.4.0 made public, was protected in 2.3.0.
@@ -675,6 +697,11 @@
}
}
+ /**
+ * Sets the closed internal state.
+ *
+ * @param closed whether the instance is now closed.
+ */
protected void setClosedInternal(final boolean closed) {
this.closed = closed;
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DriverConnectionFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DriverConnectionFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DriverConnectionFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DriverConnectionFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -85,6 +85,6 @@
@Override
public String toString() {
return this.getClass().getName() + " [" + driver + ";" + connectionString + ";"
- + Utils.cloneWithoutCredentials(properties) + "]";
+ + Utils.cloneWithoutCredentials(properties) + "]";
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DriverFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DriverFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DriverFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DriverFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -60,7 +60,7 @@
} else {
// Usage of DriverManager is not possible, as it does not
// respect the ContextClassLoader
- // N.B. This cast may cause ClassCastException which is
+ // This cast may cause ClassCastException which is
// handled below
driverToUse = (Driver) driverFromCCL.getConstructor().newInstance();
if (!driverToUse.acceptsURL(url)) {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DriverManagerConnectionFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DriverManagerConnectionFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/DriverManagerConnectionFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/DriverManagerConnectionFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -29,12 +29,12 @@
public class DriverManagerConnectionFactory implements ConnectionFactory {
static {
- // Related to DBCP-212
+ // Related to DBCP-272
// Driver manager does not sync loading of drivers that use the service
// provider interface. This will cause issues is multi-threaded
// environments. This hack makes sure the drivers are loaded before
// DBCP tries to use them.
- DriverManager.getDrivers();
+ DriverManager.getDrivers(); // NOPMD
}
private final String connectionUri;
@@ -123,6 +123,8 @@
}
/**
+ * Gets the connection URI.
+ *
* @return The connection URI.
* @since 2.6.0
*/
@@ -131,7 +133,9 @@
}
/**
- * @return The Properties.
+ * Gets the Properties, may be null.
+ *
+ * @return The Properties, may be null.
* @since 2.6.0
*/
public Properties getProperties() {
@@ -139,7 +143,9 @@
}
/**
- * @return The user name.
+ * Gets the user name, may be null.
+ *
+ * @return The user name, may be null.
* @since 2.6.0
*/
public String getUserName() {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/Jdbc41Bridge.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/Jdbc41Bridge.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/Jdbc41Bridge.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/Jdbc41Bridge.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -485,4 +485,14 @@
}
}
+ /**
+ * Deprecated, this class only contains static methods.
+ *
+ * @deprecated Constructor will be private in the next major release.
+ */
+ @Deprecated
+ public Jdbc41Bridge() {
+ // empty
+ }
+
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/LifetimeExceededException.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/LifetimeExceededException.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/LifetimeExceededException.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/LifetimeExceededException.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/ListException.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/ListException.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/ListException.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/ListException.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -27,6 +27,9 @@
private static final long serialVersionUID = 1L;
+ /**
+ * A list of causes.
+ */
private final List exceptionList;
/**
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/LocalStrings.properties tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/LocalStrings.properties
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/LocalStrings.properties 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/LocalStrings.properties 2026-01-23 19:33:36.000000000 +0000
@@ -5,7 +5,7 @@
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/ObjectNameWrapper.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/ObjectNameWrapper.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/ObjectNameWrapper.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/ObjectNameWrapper.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -42,7 +42,9 @@
return ManagementFactory.getPlatformMBeanServer();
} catch (final LinkageError | Exception e) {
// ignore - JMX not available
- log.debug("Failed to get platform MBeanServer", e);
+ if (log.isDebugEnabled()) {
+ log.debug("Failed to get platform MBeanServer", e);
+ }
return null;
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PStmtKey.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PStmtKey.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PStmtKey.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PStmtKey.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -17,6 +17,7 @@
package org.apache.tomcat.dbcp.dbcp2;
import java.sql.Connection;
+import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Arrays;
@@ -48,17 +49,17 @@
private static final StatementBuilder StatementColumnNames = (c, k) -> c.prepareStatement(k.sql, k.columnNames);
private static final StatementBuilder StatementConcurrency = (c, k) -> c.prepareStatement(k.sql, k.resultSetType.intValue(), k.resultSetConcurrency.intValue());
private static final StatementBuilder StatementHoldability = (c, k) -> c.prepareStatement(k.sql, k.resultSetType.intValue(), k.resultSetConcurrency.intValue(),
- k.resultSetHoldability.intValue());
+ k.resultSetHoldability.intValue());
private static final StatementBuilder StatementSQL = (c, k) -> c.prepareStatement(k.sql);
private static StatementBuilder match(final StatementType statementType, final StatementBuilder prep, final StatementBuilder call) {
switch (Objects.requireNonNull(statementType, "statementType")) {
- case PREPARED_STATEMENT:
- return prep;
- case CALLABLE_STATEMENT:
- return call;
- default:
- throw new IllegalArgumentException(statementType.toString());
+ case PREPARED_STATEMENT:
+ return prep;
+ case CALLABLE_STATEMENT:
+ return call;
+ default:
+ throw new IllegalArgumentException(statementType.toString());
}
}
@@ -68,20 +69,20 @@
private final String sql;
/**
- * Result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY}, {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or
- * {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
+ * Result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY}, {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or
+ * {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
*/
private final Integer resultSetType;
/**
- * Result set concurrency. A concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
+ * Result set concurrency. A concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
*/
private final Integer resultSetConcurrency;
/**
- * Result set holdability. One of the following {@code ResultSet} constants: {@code ResultSet.HOLD_CURSORS_OVER_COMMIT}
- * or {@code ResultSet.CLOSE_CURSORS_AT_COMMIT}.
+ * Result set holdability. One of the following {@link ResultSet} constants: {@link ResultSet#HOLD_CURSORS_OVER_COMMIT}
+ * or {@link ResultSet#CLOSE_CURSORS_AT_COMMIT}.
*/
private final Integer resultSetHoldability;
@@ -96,8 +97,8 @@
private final String schema;
/**
- * A flag indicating whether auto-generated keys should be returned; one of {@code Statement.RETURN_GENERATED_KEYS} or
- * {@code Statement.NO_GENERATED_KEYS}.
+ * A flag indicating whether auto-generated keys should be returned; one of {@link Statement#RETURN_GENERATED_KEYS} or
+ * {@link Statement#NO_GENERATED_KEYS}.
*/
private final Integer autoGeneratedKeys;
@@ -136,10 +137,10 @@
* Constructs a key to uniquely identify a prepared statement.
*
* @param sql The SQL statement.
- * @param resultSetType A result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
- * @param resultSetConcurrency A concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
+ * @param resultSetType A result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
+ * @param resultSetConcurrency A concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
* @deprecated Use {@link #PStmtKey(String, String, String, int, int)}.
*/
@Deprecated
@@ -165,7 +166,7 @@
* @param sql The SQL statement.
* @param catalog The catalog.
* @param autoGeneratedKeys A flag indicating whether auto-generated keys should be returned; one of
- * {@code Statement.RETURN_GENERATED_KEYS} or {@code Statement.NO_GENERATED_KEYS}.
+ * {@link Statement#RETURN_GENERATED_KEYS} or {@link Statement#NO_GENERATED_KEYS}.
* @deprecated Use {@link #PStmtKey(String, String, String, int)}.
*/
@Deprecated
@@ -178,10 +179,10 @@
*
* @param sql The SQL statement.
* @param catalog The catalog.
- * @param resultSetType A result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
- * @param resultSetConcurrency A concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
+ * @param resultSetType A result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
+ * @param resultSetConcurrency A concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
* @deprecated Use {@link #PStmtKey(String, String, String, int, int)}.
*/
@Deprecated
@@ -194,12 +195,12 @@
*
* @param sql The SQL statement.
* @param catalog The catalog.
- * @param resultSetType a result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
- * @param resultSetConcurrency A concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}
- * @param resultSetHoldability One of the following {@code ResultSet} constants:
- * {@code ResultSet.HOLD_CURSORS_OVER_COMMIT} or {@code ResultSet.CLOSE_CURSORS_AT_COMMIT}.
+ * @param resultSetType a result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
+ * @param resultSetConcurrency A concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}
+ * @param resultSetHoldability One of the following {@link ResultSet} constants:
+ * {@link ResultSet#HOLD_CURSORS_OVER_COMMIT} or {@link ResultSet#CLOSE_CURSORS_AT_COMMIT}.
* @deprecated Use {@link #PStmtKey(String, String, String, int, int, int)}.
*/
@Deprecated
@@ -212,12 +213,12 @@
*
* @param sql The SQL statement.
* @param catalog The catalog.
- * @param resultSetType a result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}
- * @param resultSetConcurrency A concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
- * @param resultSetHoldability One of the following {@code ResultSet} constants:
- * {@code ResultSet.HOLD_CURSORS_OVER_COMMIT} or {@code ResultSet.CLOSE_CURSORS_AT_COMMIT}.
+ * @param resultSetType a result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}
+ * @param resultSetConcurrency A concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
+ * @param resultSetHoldability One of the following {@link ResultSet} constants:
+ * {@link ResultSet#HOLD_CURSORS_OVER_COMMIT} or {@link ResultSet#CLOSE_CURSORS_AT_COMMIT}.
* @param statementType The SQL statement type, prepared or callable.
* @deprecated Use {@link #PStmtKey(String, String, String, int, int, int, PoolingConnection.StatementType)}
*/
@@ -225,7 +226,7 @@
public PStmtKey(final String sql, final String catalog, final int resultSetType, final int resultSetConcurrency, final int resultSetHoldability,
final StatementType statementType) {
this(sql, catalog, null, Integer.valueOf(resultSetType), Integer.valueOf(resultSetConcurrency), Integer.valueOf(resultSetHoldability), null, null, null, statementType,
- k -> match(statementType, StatementHoldability, CallHoldability));
+ k -> match(statementType, StatementHoldability, CallHoldability));
}
/**
@@ -233,17 +234,17 @@
*
* @param sql The SQL statement.
* @param catalog The catalog.
- * @param resultSetType A result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
- * @param resultSetConcurrency A concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
+ * @param resultSetType A result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
+ * @param resultSetConcurrency A concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
* @param statementType The SQL statement type, prepared or callable.
* @deprecated Use {@link #PStmtKey(String, String, String, int, int, PoolingConnection.StatementType)}.
*/
@Deprecated
public PStmtKey(final String sql, final String catalog, final int resultSetType, final int resultSetConcurrency, final StatementType statementType) {
this(sql, catalog, null, Integer.valueOf(resultSetType), Integer.valueOf(resultSetConcurrency), null, null, null, null, statementType,
- k -> match(statementType, StatementConcurrency, CallConcurrency));
+ k -> match(statementType, StatementConcurrency, CallConcurrency));
}
/**
@@ -280,13 +281,13 @@
* @param catalog The catalog.
* @param statementType The SQL statement type, prepared or callable.
* @param autoGeneratedKeys A flag indicating whether auto-generated keys should be returned; one of
- * {@code Statement.RETURN_GENERATED_KEYS} or {@code Statement.NO_GENERATED_KEYS}.
+ * {@link Statement#RETURN_GENERATED_KEYS} or {@link Statement#NO_GENERATED_KEYS}.
* @deprecated Use {@link #PStmtKey(String, String, String, PoolingConnection.StatementType, Integer)}
*/
@Deprecated
public PStmtKey(final String sql, final String catalog, final StatementType statementType, final Integer autoGeneratedKeys) {
this(sql, catalog, null, null, null, null, autoGeneratedKeys, null, null, statementType,
- k -> match(statementType, StatementAutoGeneratedKeys, CallSQL));
+ k -> match(statementType, StatementAutoGeneratedKeys, CallSQL));
}
/**
@@ -308,7 +309,7 @@
* @param catalog The catalog.
* @param schema The schema
* @param autoGeneratedKeys A flag indicating whether auto-generated keys should be returned; one of
- * {@code Statement.RETURN_GENERATED_KEYS} or {@code Statement.NO_GENERATED_KEYS}.
+ * {@link Statement#RETURN_GENERATED_KEYS} or {@link Statement#NO_GENERATED_KEYS}.
* @since 2.5.0
*/
public PStmtKey(final String sql, final String catalog, final String schema, final int autoGeneratedKeys) {
@@ -321,10 +322,10 @@
* @param sql The SQL statement.
* @param catalog The catalog.
* @param schema The schema
- * @param resultSetType A result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
- * @param resultSetConcurrency A concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
+ * @param resultSetType A result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
+ * @param resultSetConcurrency A concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
*/
public PStmtKey(final String sql, final String catalog, final String schema, final int resultSetType, final int resultSetConcurrency) {
this(sql, catalog, schema, resultSetType, resultSetConcurrency, StatementType.PREPARED_STATEMENT);
@@ -336,12 +337,12 @@
* @param sql The SQL statement.
* @param catalog The catalog.
* @param schema The schema
- * @param resultSetType a result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
- * @param resultSetConcurrency A concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}
- * @param resultSetHoldability One of the following {@code ResultSet} constants:
- * {@code ResultSet.HOLD_CURSORS_OVER_COMMIT} or {@code ResultSet.CLOSE_CURSORS_AT_COMMIT}.
+ * @param resultSetType a result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
+ * @param resultSetConcurrency A concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}
+ * @param resultSetHoldability One of the following {@link ResultSet} constants:
+ * {@link ResultSet#HOLD_CURSORS_OVER_COMMIT} or {@link ResultSet#CLOSE_CURSORS_AT_COMMIT}.
* @since 2.5.0
*/
public PStmtKey(final String sql, final String catalog, final String schema, final int resultSetType, final int resultSetConcurrency,
@@ -355,19 +356,19 @@
* @param sql The SQL statement.
* @param catalog The catalog.
* @param schema The schema.
- * @param resultSetType a result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}
- * @param resultSetConcurrency A concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
- * @param resultSetHoldability One of the following {@code ResultSet} constants:
- * {@code ResultSet.HOLD_CURSORS_OVER_COMMIT} or {@code ResultSet.CLOSE_CURSORS_AT_COMMIT}.
+ * @param resultSetType a result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}
+ * @param resultSetConcurrency A concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
+ * @param resultSetHoldability One of the following {@link ResultSet} constants:
+ * {@link ResultSet#HOLD_CURSORS_OVER_COMMIT} or {@link ResultSet#CLOSE_CURSORS_AT_COMMIT}.
* @param statementType The SQL statement type, prepared or callable.
* @since 2.5.0
*/
public PStmtKey(final String sql, final String catalog, final String schema, final int resultSetType, final int resultSetConcurrency,
final int resultSetHoldability, final StatementType statementType) {
this(sql, catalog, schema, Integer.valueOf(resultSetType), Integer.valueOf(resultSetConcurrency), Integer.valueOf(resultSetHoldability), null, null, null, statementType,
- k -> match(statementType, StatementHoldability, CallHoldability));
+ k -> match(statementType, StatementHoldability, CallHoldability));
}
/**
@@ -376,17 +377,17 @@
* @param sql The SQL statement.
* @param catalog The catalog.
* @param schema The schema.
- * @param resultSetType A result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
- * @param resultSetConcurrency A concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
+ * @param resultSetType A result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
+ * @param resultSetConcurrency A concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
* @param statementType The SQL statement type, prepared or callable.
* @since 2.5.0
*/
public PStmtKey(final String sql, final String catalog, final String schema, final int resultSetType, final int resultSetConcurrency,
final StatementType statementType) {
this(sql, catalog, schema, Integer.valueOf(resultSetType), Integer.valueOf(resultSetConcurrency), null, null, null, null, statementType,
- k -> match(statementType, StatementConcurrency, CallConcurrency));
+ k -> match(statementType, StatementConcurrency, CallConcurrency));
}
/**
@@ -403,8 +404,8 @@
}
private PStmtKey(final String sql, final String catalog, final String schema, final Integer resultSetType, final Integer resultSetConcurrency,
- final Integer resultSetHoldability, final Integer autoGeneratedKeys, final int[] columnIndexes, final String[] columnNames,
- final StatementType statementType, final Function statementBuilder) {
+ final Integer resultSetHoldability, final Integer autoGeneratedKeys, final int[] columnIndexes, final String[] columnNames,
+ final StatementType statementType, final Function statementBuilder) {
this.sql = Objects.requireNonNull(sql, "sql").trim();
this.catalog = catalog;
this.schema = schema;
@@ -420,8 +421,8 @@
// Root constructor.
private PStmtKey(final String sql, final String catalog, final String schema, final Integer resultSetType, final Integer resultSetConcurrency,
- final Integer resultSetHoldability, final Integer autoGeneratedKeys, final int[] columnIndexes, final String[] columnNames,
- final StatementType statementType, final StatementBuilder statementBuilder) {
+ final Integer resultSetHoldability, final Integer autoGeneratedKeys, final int[] columnIndexes, final String[] columnNames,
+ final StatementType statementType, final StatementBuilder statementBuilder) {
this.sql = sql;
this.catalog = catalog;
this.schema = schema;
@@ -456,12 +457,12 @@
* @param schema The schema.
* @param statementType The SQL statement type, prepared or callable.
* @param autoGeneratedKeys A flag indicating whether auto-generated keys should be returned; one of
- * {@code Statement.RETURN_GENERATED_KEYS} or {@code Statement.NO_GENERATED_KEYS}.
+ * {@link Statement#RETURN_GENERATED_KEYS} or {@link Statement#NO_GENERATED_KEYS}.
* @since 2.5.0
*/
public PStmtKey(final String sql, final String catalog, final String schema, final StatementType statementType, final Integer autoGeneratedKeys) {
this(sql, catalog, schema, null, null, null, autoGeneratedKeys, null, null, statementType,
- k -> match(statementType, StatementAutoGeneratedKeys, CallSQL));
+ k -> match(statementType, StatementAutoGeneratedKeys, CallSQL));
}
/**
@@ -516,35 +517,16 @@
if (this == obj) {
return true;
}
- if (obj == null) {
- return false;
- }
- if (getClass() != obj.getClass()) {
+ if (obj == null || getClass() != obj.getClass()) {
return false;
}
final PStmtKey other = (PStmtKey) obj;
- if (!Objects.equals(autoGeneratedKeys, other.autoGeneratedKeys)) {
- return false;
- }
- if (!Objects.equals(catalog, other.catalog)) {
- return false;
- }
- if (!Arrays.equals(columnIndexes, other.columnIndexes)) {
- return false;
- }
- if (!Arrays.equals(columnNames, other.columnNames)) {
- return false;
- }
- if (!Objects.equals(resultSetConcurrency, other.resultSetConcurrency)) {
- return false;
- }
- if (!Objects.equals(resultSetHoldability, other.resultSetHoldability)) {
- return false;
- }
- if (!Objects.equals(resultSetType, other.resultSetType)) {
+ if (!Objects.equals(autoGeneratedKeys, other.autoGeneratedKeys) || !Objects.equals(catalog, other.catalog)
+ || !Arrays.equals(columnIndexes, other.columnIndexes) || !Arrays.equals(columnNames, other.columnNames)) {
return false;
}
- if (!Objects.equals(schema, other.schema)) {
+ if (!Objects.equals(resultSetConcurrency, other.resultSetConcurrency) || !Objects.equals(resultSetHoldability, other.resultSetHoldability)
+ || !Objects.equals(resultSetType, other.resultSetType) || !Objects.equals(schema, other.schema)) {
return false;
}
if (!Objects.equals(sql, other.sql)) {
@@ -554,8 +536,8 @@
}
/**
- * Gets a flag indicating whether auto-generated keys should be returned; one of {@code Statement.RETURN_GENERATED_KEYS}
- * or {@code Statement.NO_GENERATED_KEYS}.
+ * Gets a flag indicating whether auto-generated keys should be returned; one of {@link Statement#RETURN_GENERATED_KEYS}
+ * or {@link Statement#NO_GENERATED_KEYS}.
*
* @return a flag indicating whether auto-generated keys should be returned.
*/
@@ -591,8 +573,8 @@
}
/**
- * Gets the result set concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
+ * Gets the result set concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
*
* @return The result set concurrency type.
*/
@@ -601,8 +583,8 @@
}
/**
- * Gets the result set holdability, one of the following {@code ResultSet} constants:
- * {@code ResultSet.HOLD_CURSORS_OVER_COMMIT} or {@code ResultSet.CLOSE_CURSORS_AT_COMMIT}.
+ * Gets the result set holdability, one of the following {@link ResultSet} constants:
+ * {@link ResultSet#HOLD_CURSORS_OVER_COMMIT} or {@link ResultSet#CLOSE_CURSORS_AT_COMMIT}.
*
* @return The result set holdability.
*/
@@ -611,8 +593,8 @@
}
/**
- * Gets the result set type, one of {@code ResultSet.TYPE_FORWARD_ONLY}, {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or
- * {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
+ * Gets the result set type, one of {@link ResultSet#TYPE_FORWARD_ONLY}, {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or
+ * {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
*
* @return the result set type.
*/
@@ -650,7 +632,7 @@
@Override
public int hashCode() {
return Objects.hash(autoGeneratedKeys, catalog, Integer.valueOf(Arrays.hashCode(columnIndexes)), Integer.valueOf(Arrays.hashCode(columnNames)),
- resultSetConcurrency, resultSetHoldability, resultSetType, schema, sql, statementType);
+ resultSetConcurrency, resultSetHoldability, resultSetType, schema, sql, statementType);
}
@Override
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PoolableCallableStatement.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PoolableCallableStatement.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PoolableCallableStatement.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PoolableCallableStatement.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnection.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnection.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnection.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnection.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -24,6 +24,7 @@
import java.time.Duration;
import java.util.Collection;
import java.util.concurrent.Executor;
+import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
@@ -59,8 +60,9 @@
private final ObjectNameWrapper jmxObjectName;
- // Use a prepared statement for validation, retaining the last used SQL to
- // check if the validation query has changed.
+ /**
+ * Use a prepared statement for validation, retaining the last used SQL to check if the validation query has changed.
+ */
private PreparedStatement validationPreparedStatement;
private String lastValidationSql;
@@ -68,7 +70,7 @@
* Indicate that unrecoverable SQLException was thrown when using this connection. Such a connection should be
* considered broken and not pass validation in the future.
*/
- private boolean fatalSqlExceptionThrown;
+ private final AtomicBoolean fatalSqlExceptionThrown = new AtomicBoolean();
/**
* SQL State codes considered to signal fatal conditions. Overrides the defaults in
@@ -83,13 +85,14 @@
*/
private final Collection disconnectionIgnoreSqlCodes;
-
/** Whether or not to fast fail validation after fatal connection errors */
private final boolean fastFailValidation;
private final Lock lock = new ReentrantLock();
/**
+ * Constructs a new instance.
+ *
* @param conn
* my underlying connection
* @param pool
@@ -103,6 +106,8 @@
}
/**
+ * Constructs a new instance.
+ *
* @param conn
* my underlying connection
* @param pool
@@ -237,6 +242,8 @@
}
/**
+ * Gets the disconnection SQL codes.
+ *
* @return The disconnection SQL codes.
* @since 2.6.0
*/
@@ -254,7 +261,7 @@
@Override
protected void handleException(final SQLException e) throws SQLException {
- fatalSqlExceptionThrown |= isFatalException(e);
+ fatalSqlExceptionThrown.compareAndSet(false, isFatalException(e));
super.handleException(e);
}
@@ -264,6 +271,7 @@
* This method should not be used by a client to determine whether or not a connection should be return to the
* connection pool (by calling {@link #close()}). Clients should always attempt to return a connection to the pool
* once it is no longer required.
+ *
*/
@Override
public boolean isClosed() throws SQLException {
@@ -303,13 +311,15 @@
return false;
}
fatalException = disconnectionSqlCodes == null
- ? sqlState.startsWith(Utils.DISCONNECTION_SQL_CODE_PREFIX) || Utils.isDisconnectionSqlCode(sqlState)
- : disconnectionSqlCodes.contains(sqlState);
+ ? sqlState.startsWith(Utils.DISCONNECTION_SQL_CODE_PREFIX) || Utils.isDisconnectionSqlCode(sqlState)
+ : disconnectionSqlCodes.contains(sqlState);
}
return fatalException;
}
/**
+ * Tests whether to fail-fast.
+ *
* @return Whether to fail-fast.
* @since 2.6.0
*/
@@ -384,11 +394,11 @@
* Validates the connection, using the following algorithm:
*
*
If {@code fastFailValidation} (constructor argument) is {@code true} and this connection has previously
- * thrown a fatal disconnection exception, a {@code SQLException} is thrown.
+ * thrown a fatal disconnection exception, a {@link SQLException} is thrown.
*
If {@code sql} is null, the driver's #{@link Connection#isValid(int) isValid(timeout)} is called. If it
- * returns {@code false}, {@code SQLException} is thrown; otherwise, this method returns successfully.
- *
If {@code sql} is not null, it is executed as a query and if the resulting {@code ResultSet} contains at
- * least one row, this method returns successfully. If not, {@code SQLException} is thrown.
+ * returns {@code false}, {@link SQLException} is thrown; otherwise, this method returns successfully.
+ *
If {@code sql} is not null, it is executed as a query and if the resulting {@link ResultSet} contains at
+ * least one row, this method returns successfully. If not, {@link SQLException} is thrown.
*
*
* @param sql
@@ -400,7 +410,7 @@
* @since 2.10.0
*/
public void validate(final String sql, Duration timeoutDuration) throws SQLException {
- if (fastFailValidation && fatalSqlExceptionThrown) {
+ if (fastFailValidation && fatalSqlExceptionThrown.get()) {
throw new SQLException(Utils.getMessage("poolableConnection.validate.fastFail"));
}
@@ -438,11 +448,11 @@
* Validates the connection, using the following algorithm:
*
*
If {@code fastFailValidation} (constructor argument) is {@code true} and this connection has previously
- * thrown a fatal disconnection exception, a {@code SQLException} is thrown.
+ * thrown a fatal disconnection exception, a {@link SQLException} is thrown.
*
If {@code sql} is null, the driver's #{@link Connection#isValid(int) isValid(timeout)} is called. If it
- * returns {@code false}, {@code SQLException} is thrown; otherwise, this method returns successfully.
- *
If {@code sql} is not null, it is executed as a query and if the resulting {@code ResultSet} contains at
- * least one row, this method returns successfully. If not, {@code SQLException} is thrown.
+ * returns {@code false}, {@link SQLException} is thrown; otherwise, this method returns successfully.
+ *
If {@code sql} is not null, it is executed as a query and if the resulting {@link ResultSet} contains at
+ * least one row, this method returns successfully. If not, {@link SQLException} is thrown.
*
*
* @param sql
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -66,7 +66,7 @@
private Collection disconnectionIgnoreSqlCodes;
- private boolean fastFailValidation = true;
+ private volatile boolean fastFailValidation = true;
private volatile ObjectPool pool;
@@ -74,23 +74,23 @@
private Boolean defaultAutoCommit;
- private boolean autoCommitOnReturn = true;
+ private volatile boolean autoCommitOnReturn = true;
- private boolean rollbackOnReturn = true;
+ private volatile boolean rollbackOnReturn = true;
- private int defaultTransactionIsolation = UNKNOWN_TRANSACTION_ISOLATION;
+ private volatile int defaultTransactionIsolation = UNKNOWN_TRANSACTION_ISOLATION;
private String defaultCatalog;
private String defaultSchema;
- private boolean cacheState;
+ private volatile boolean cacheState;
- private boolean poolStatements;
+ private volatile boolean poolStatements;
- private boolean clearStatementPoolOnReturn;
+ private volatile boolean clearStatementPoolOnReturn;
- private int maxOpenPreparedStatements = GenericKeyedObjectPoolConfig.DEFAULT_MAX_TOTAL_PER_KEY;
+ private volatile int maxOpenPreparedStatements = GenericKeyedObjectPoolConfig.DEFAULT_MAX_TOTAL_PER_KEY;
private Duration maxConnDuration = Duration.ofMillis(-1);
@@ -99,7 +99,7 @@
private Duration defaultQueryTimeoutDuration;
/**
- * Creates a new {@code PoolableConnectionFactory}.
+ * Creates a new {@link PoolableConnectionFactory}.
*
* @param connFactory
* the {@link ConnectionFactory} from which to obtain base {@link Connection}s
@@ -113,29 +113,26 @@
@Override
public void activateObject(final PooledObject p) throws SQLException {
-
validateLifetime(p);
-
- final PoolableConnection pConnection = p.getObject();
- pConnection.activate();
-
- if (defaultAutoCommit != null && pConnection.getAutoCommit() != defaultAutoCommit.booleanValue()) {
- pConnection.setAutoCommit(defaultAutoCommit.booleanValue());
+ final PoolableConnection poolableConnection = p.getObject();
+ poolableConnection.activate();
+ if (defaultAutoCommit != null && poolableConnection.getAutoCommit() != defaultAutoCommit.booleanValue()) {
+ poolableConnection.setAutoCommit(defaultAutoCommit.booleanValue());
}
if (defaultTransactionIsolation != UNKNOWN_TRANSACTION_ISOLATION
- && pConnection.getTransactionIsolation() != defaultTransactionIsolation) {
- pConnection.setTransactionIsolation(defaultTransactionIsolation);
+ && poolableConnection.getTransactionIsolation() != defaultTransactionIsolation) {
+ poolableConnection.setTransactionIsolation(defaultTransactionIsolation);
}
- if (defaultReadOnly != null && pConnection.isReadOnly() != defaultReadOnly.booleanValue()) {
- pConnection.setReadOnly(defaultReadOnly.booleanValue());
+ if (defaultReadOnly != null && poolableConnection.isReadOnly() != defaultReadOnly.booleanValue()) {
+ poolableConnection.setReadOnly(defaultReadOnly.booleanValue());
}
- if (defaultCatalog != null && !defaultCatalog.equals(pConnection.getCatalog())) {
- pConnection.setCatalog(defaultCatalog);
+ if (defaultCatalog != null && !defaultCatalog.equals(poolableConnection.getCatalog())) {
+ poolableConnection.setCatalog(defaultCatalog);
}
- if (defaultSchema != null && !defaultSchema.equals(Jdbc41Bridge.getSchema(pConnection))) {
- Jdbc41Bridge.setSchema(pConnection, defaultSchema);
+ if (defaultSchema != null && !defaultSchema.equals(Jdbc41Bridge.getSchema(poolableConnection))) {
+ Jdbc41Bridge.setSchema(poolableConnection, defaultSchema);
}
- pConnection.setDefaultQueryTimeout(defaultQueryTimeoutDuration);
+ poolableConnection.setDefaultQueryTimeout(defaultQueryTimeoutDuration);
}
@Override
@@ -699,8 +696,8 @@
* @param disconnectionSqlCodes
* The disconnection SQL codes.
* @see #getDisconnectionSqlCodes()
- * @since 2.1
* @throws IllegalArgumentException if any SQL state codes overlap with those in {@link #disconnectionIgnoreSqlCodes}.
+ * @since 2.1
*/
public void setDisconnectionSqlCodes(final Collection disconnectionSqlCodes) {
Utils.checkSqlCodes(disconnectionSqlCodes, this.disconnectionIgnoreSqlCodes);
@@ -718,9 +715,10 @@
}
/**
+ * Sets whether connections created by this factory will fast fail validation.
+ *
+ * @param fastFailValidation true means connections created by this factory will fast fail validation
* @see #isFastFailValidation()
- * @param fastFailValidation
- * true means connections created by this factory will fast fail validation
* @since 2.1
*/
public void setFastFailValidation(final boolean fastFailValidation) {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionMXBean.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionMXBean.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionMXBean.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionMXBean.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PoolablePreparedStatement.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PoolablePreparedStatement.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PoolablePreparedStatement.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PoolablePreparedStatement.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PoolingConnection.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PoolingConnection.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PoolingConnection.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PoolingConnection.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -74,9 +74,9 @@
}
/** Pool of {@link PreparedStatement}s. and {@link CallableStatement}s */
- private KeyedObjectPool pStmtPool;
+ private KeyedObjectPool stmtPool;
- private boolean clearStatementPoolOnReturn;
+ private volatile boolean clearStatementPoolOnReturn;
/**
* Constructs a new instance.
@@ -109,9 +109,9 @@
@Override
public synchronized void close() throws SQLException {
try {
- if (null != pStmtPool) {
- final KeyedObjectPool oldPool = pStmtPool;
- pStmtPool = null;
+ if (null != stmtPool) {
+ final KeyedObjectPool oldPool = stmtPool;
+ stmtPool = null;
try {
oldPool.close();
} catch (final RuntimeException e) {
@@ -140,9 +140,9 @@
* @since 2.8.0
*/
public void connectionReturnedToPool() throws SQLException {
- if (pStmtPool != null && clearStatementPoolOnReturn) {
+ if (stmtPool != null && clearStatementPoolOnReturn) {
try {
- pStmtPool.clear();
+ stmtPool.clear();
} catch (final Exception e) {
throw new SQLException("Error clearing statement pool", e);
}
@@ -168,7 +168,7 @@
* the SQL string used to define the statement
* @param autoGeneratedKeys
* A flag indicating whether auto-generated keys should be returned; one of
- * {@code Statement.RETURN_GENERATED_KEYS} or {@code Statement.NO_GENERATED_KEYS}.
+ * {@link Statement#RETURN_GENERATED_KEYS} or {@link Statement#NO_GENERATED_KEYS}.
*
* @return the PStmtKey created for the given arguments.
*/
@@ -341,7 +341,7 @@
* @since 2.8.0
*/
public KeyedObjectPool getStatementPool() {
- return pStmtPool;
+ return stmtPool;
}
/**
@@ -361,11 +361,11 @@
if (key.getStmtType() == StatementType.PREPARED_STATEMENT) {
final PreparedStatement statement = (PreparedStatement) key.createStatement(getDelegate());
@SuppressWarnings({"rawtypes", "unchecked" }) // Unable to find way to avoid this
- final PoolablePreparedStatement pps = new PoolablePreparedStatement(statement, key, pStmtPool, this);
+ final PoolablePreparedStatement pps = new PoolablePreparedStatement(statement, key, stmtPool, this);
return new DefaultPooledObject<>(pps);
}
final CallableStatement statement = (CallableStatement) key.createStatement(getDelegate());
- final PoolableCallableStatement pcs = new PoolableCallableStatement(statement, key, pStmtPool, this);
+ final PoolableCallableStatement pcs = new PoolableCallableStatement(statement, key, stmtPool, this);
return new DefaultPooledObject<>(pcs);
}
@@ -474,11 +474,11 @@
* Wraps an underlying exception.
*/
private PreparedStatement prepareStatement(final PStmtKey key) throws SQLException {
- if (null == pStmtPool) {
+ if (null == stmtPool) {
throw new SQLException("Statement pool is null - closed or invalid PoolingConnection.");
}
try {
- return pStmtPool.borrowObject(key);
+ return stmtPool.borrowObject(key);
} catch (final NoSuchElementException e) {
throw new SQLException("MaxOpenPreparedStatements limit reached", e);
} catch (final RuntimeException e) {
@@ -509,7 +509,7 @@
* the SQL string used to define the PreparedStatement
* @param autoGeneratedKeys
* A flag indicating whether auto-generated keys should be returned; one of
- * {@code Statement.RETURN_GENERATED_KEYS} or {@code Statement.NO_GENERATED_KEYS}.
+ * {@link Statement#RETURN_GENERATED_KEYS} or {@link Statement#NO_GENERATED_KEYS}.
* @return a {@link PoolablePreparedStatement}
* @throws SQLException
* Wraps an underlying exception.
@@ -610,19 +610,19 @@
* the prepared statement pool.
*/
public void setStatementPool(final KeyedObjectPool pool) {
- pStmtPool = pool;
+ stmtPool = pool;
}
@Override
public synchronized String toString() {
- if (pStmtPool instanceof GenericKeyedObjectPool) {
+ if (stmtPool instanceof GenericKeyedObjectPool) {
// DBCP-596 PoolingConnection.toString() causes StackOverflowError
- final GenericKeyedObjectPool gkop = (GenericKeyedObjectPool) pStmtPool;
+ final GenericKeyedObjectPool gkop = (GenericKeyedObjectPool) stmtPool;
if (gkop.getFactory() == this) {
- return "PoolingConnection: " + pStmtPool.getClass() + "@" + System.identityHashCode(pStmtPool);
+ return "PoolingConnection: " + stmtPool.getClass() + "@" + System.identityHashCode(stmtPool);
}
}
- return "PoolingConnection: " + Objects.toString(pStmtPool);
+ return "PoolingConnection: " + Objects.toString(stmtPool);
}
/**
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PoolingDataSource.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PoolingDataSource.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PoolingDataSource.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PoolingDataSource.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -129,7 +129,7 @@
}
/**
- * Returns a {@link java.sql.Connection} from my pool, according to the contract specified by
+ * Returns a {@link Connection} from my pool, according to the contract specified by
* {@link ObjectPool#borrowObject}.
*/
@Override
@@ -164,7 +164,6 @@
throw new UnsupportedOperationException();
}
-
/**
* Throws {@link UnsupportedOperationException}.
*
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PoolingDriver.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PoolingDriver.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/PoolingDriver.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/PoolingDriver.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/SQLExceptionList.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/SQLExceptionList.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/SQLExceptionList.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/SQLExceptionList.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -31,6 +31,10 @@
public class SQLExceptionList extends SQLException {
private static final long serialVersionUID = 1L;
+
+ /**
+ * The list of causes.
+ */
private final List causeList;
/**
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/SwallowedExceptionLogger.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/SwallowedExceptionLogger.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/SwallowedExceptionLogger.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/SwallowedExceptionLogger.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/Utils.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/Utils.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/Utils.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/Utils.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -39,7 +39,7 @@
public final class Utils {
private static final ResourceBundle messages = ResourceBundle
- .getBundle(Utils.class.getPackage().getName() + ".LocalStrings");
+ .getBundle(Utils.class.getPackage().getName() + ".LocalStrings");
/**
* Whether the security manager is enabled.
@@ -50,7 +50,7 @@
public static final boolean IS_SECURITY_ENABLED = isSecurityEnabled();
/**
- * Any SQL_STATE starting with this value is considered a fatal disconnect.
+ * Any SQL State starting with this value is considered a fatal disconnect.
*/
public static final String DISCONNECTION_SQL_CODE_PREFIX = "08";
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/ConnectionImpl.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/ConnectionImpl.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/ConnectionImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/ConnectionImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -19,6 +19,7 @@
import java.sql.CallableStatement;
import java.sql.Connection;
import java.sql.PreparedStatement;
+import java.sql.ResultSet;
import java.sql.SQLException;
import org.apache.tomcat.dbcp.dbcp2.DelegatingCallableStatement;
@@ -26,9 +27,9 @@
import org.apache.tomcat.dbcp.dbcp2.DelegatingPreparedStatement;
/**
- * This class is the {@code Connection} that will be returned from
- * {@code PooledConnectionImpl.getConnection()}. Most methods are wrappers around the JDBC 1.x
- * {@code Connection}. A few exceptions include preparedStatement and close. In accordance with the JDBC
+ * This class is the {@link Connection} that will be returned from
+ * {@link PooledConnectionImpl#getConnection()}. Most methods are wrappers around the JDBC 1.x
+ * {@link Connection}. A few exceptions include preparedStatement and close. In accordance with the JDBC
* specification this Connection cannot be used after closed() is called. Any further usage will result in an
* SQLException.
*
@@ -131,13 +132,13 @@
}
/**
- * If pooling of {@code CallableStatement}s is turned on in the {@link DriverAdapterCPDS}, a pooled object may
- * be returned, otherwise delegate to the wrapped JDBC 1.x {@link java.sql.Connection}.
+ * If pooling of {@link CallableStatement}s is turned on in the {@link DriverAdapterCPDS}, a pooled object may
+ * be returned, otherwise delegate to the wrapped JDBC 1.x {@link Connection}.
*
* @param sql
* an SQL statement that may contain one or more '?' parameter placeholders. Typically, this statement is
* specified using JDBC call escape syntax.
- * @return a default {@code CallableStatement} object containing the pre-compiled SQL statement.
+ * @return a default {@link CallableStatement} object containing the pre-compiled SQL statement.
* @throws SQLException
* Thrown if a database access error occurs or this method is called on a closed connection.
* @since 2.4.0
@@ -154,23 +155,23 @@
}
/**
- * If pooling of {@code CallableStatement}s is turned on in the {@link DriverAdapterCPDS}, a pooled object may
- * be returned, otherwise delegate to the wrapped JDBC 1.x {@link java.sql.Connection}.
+ * If pooling of {@link CallableStatement}s is turned on in the {@link DriverAdapterCPDS}, a pooled object may
+ * be returned, otherwise delegate to the wrapped JDBC 1.x {@link Connection}.
*
* @param sql
- * a {@code String} object that is the SQL statement to be sent to the database; may contain on or
+ * a {@link String} object that is the SQL statement to be sent to the database; may contain on or
* more '?' parameters.
* @param resultSetType
- * a result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
+ * a result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
* @param resultSetConcurrency
- * a concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
- * @return a {@code CallableStatement} object containing the pre-compiled SQL statement that will produce
- * {@code ResultSet} objects with the given type and concurrency.
+ * a concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
+ * @return a {@link CallableStatement} object containing the pre-compiled SQL statement that will produce
+ * {@link ResultSet} objects with the given type and concurrency.
* @throws SQLException
* Thrown if a database access error occurs, this method is called on a closed connection or the given
- * parameters are not {@code ResultSet} constants indicating type and concurrency.
+ * parameters are not {@link ResultSet} constants indicating type and concurrency.
* @since 2.4.0
*/
@Override
@@ -187,26 +188,26 @@
}
/**
- * If pooling of {@code CallableStatement}s is turned on in the {@link DriverAdapterCPDS}, a pooled object may
- * be returned, otherwise delegate to the wrapped JDBC 1.x {@link java.sql.Connection}.
+ * If pooling of {@link CallableStatement}s is turned on in the {@link DriverAdapterCPDS}, a pooled object may
+ * be returned, otherwise delegate to the wrapped JDBC 1.x {@link Connection}.
*
* @param sql
- * a {@code String} object that is the SQL statement to be sent to the database; may contain on or
+ * a {@link String} object that is the SQL statement to be sent to the database; may contain on or
* more '?' parameters.
* @param resultSetType
- * one of the following {@code ResultSet} constants: {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
+ * one of the following {@link ResultSet} constants: {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
* @param resultSetConcurrency
- * one of the following {@code ResultSet} constants: {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
+ * one of the following {@link ResultSet} constants: {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
* @param resultSetHoldability
- * one of the following {@code ResultSet} constants: {@code ResultSet.HOLD_CURSORS_OVER_COMMIT}
- * or {@code ResultSet.CLOSE_CURSORS_AT_COMMIT}.
- * @return a new {@code CallableStatement} object, containing the pre-compiled SQL statement, that will
- * generate {@code ResultSet} objects with the given type, concurrency, and holdability.
+ * one of the following {@link ResultSet} constants: {@link ResultSet#HOLD_CURSORS_OVER_COMMIT}
+ * or {@link ResultSet#CLOSE_CURSORS_AT_COMMIT}.
+ * @return a new {@link CallableStatement} object, containing the pre-compiled SQL statement, that will
+ * generate {@link ResultSet} objects with the given type, concurrency, and holdability.
* @throws SQLException
* Thrown if a database access error occurs, this method is called on a closed connection or the given
- * parameters are not {@code ResultSet} constants indicating type, concurrency, and holdability.
+ * parameters are not {@link ResultSet} constants indicating type, concurrency, and holdability.
* @since 2.4.0
*/
@Override
@@ -223,8 +224,8 @@
}
/**
- * If pooling of {@code PreparedStatement}s is turned on in the {@link DriverAdapterCPDS}, a pooled object may
- * be returned, otherwise delegate to the wrapped JDBC 1.x {@link java.sql.Connection}.
+ * If pooling of {@link PreparedStatement}s is turned on in the {@link DriverAdapterCPDS}, a pooled object may
+ * be returned, otherwise delegate to the wrapped JDBC 1.x {@link Connection}.
*
* @param sql
* SQL statement to be prepared
@@ -259,8 +260,8 @@
//
/**
- * If pooling of {@code PreparedStatement}s is turned on in the {@link DriverAdapterCPDS}, a pooled object may
- * be returned, otherwise delegate to the wrapped JDBC 1.x {@link java.sql.Connection}.
+ * If pooling of {@link PreparedStatement}s is turned on in the {@link DriverAdapterCPDS}, a pooled object may
+ * be returned, otherwise delegate to the wrapped JDBC 1.x {@link Connection}.
*
* @throws SQLException
* if this connection is closed or an error occurs in the wrapped connection.
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/DriverAdapterCPDS.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/DriverAdapterCPDS.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/DriverAdapterCPDS.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/DriverAdapterCPDS.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -18,7 +18,9 @@
import java.io.PrintWriter;
import java.io.Serializable;
+import java.sql.Connection;
import java.sql.DriverManager;
+import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.sql.SQLFeatureNotSupportedException;
import java.time.Duration;
@@ -35,6 +37,7 @@
import javax.naming.StringRefAddr;
import javax.naming.spi.ObjectFactory;
import javax.sql.ConnectionPoolDataSource;
+import javax.sql.DataSource;
import javax.sql.PooledConnection;
import org.apache.tomcat.dbcp.dbcp2.Constants;
@@ -49,22 +52,22 @@
/**
*
* An adapter for JDBC drivers that do not include an implementation of {@link javax.sql.ConnectionPoolDataSource}, but
- * still include a {@link java.sql.DriverManager} implementation. {@code ConnectionPoolDataSource}s are not used
- * within general applications. They are used by {@code DataSource} implementations that pool
- * {@code Connection}s, such as {@link org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource}. A J2EE container
- * will normally provide some method of initializing the {@code ConnectionPoolDataSource} whose attributes are
+ * still include a {@link java.sql.DriverManager} implementation. {@link ConnectionPoolDataSource}s are not used
+ * within general applications. They are used by {@link DataSource} implementations that pool
+ * {@link Connection}s, such as {@link org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource}. A J2EE container
+ * will normally provide some method of initializing the {@link ConnectionPoolDataSource} whose attributes are
* presented as bean getters/setters and then deploying it via JNDI. It is then available as a source of physical
- * connections to the database, when the pooling {@code DataSource} needs to create a new physical connection.
+ * connections to the database, when the pooling {link DataSource} needs to create a new physical connection.
*
*
* Although normally used within a JNDI environment, the DriverAdapterCPDS can be instantiated and initialized as any
- * bean and then attached directly to a pooling {@code DataSource}. {@code Jdbc2PoolDataSource} can use the
- * {@code ConnectionPoolDataSource} with or without the use of JNDI.
+ * bean and then attached directly to a pooling {link DataSource}. {@code Jdbc2PoolDataSource} can use the
+ * {link ConnectionPoolDataSource} with or without the use of JNDI.
*
*
- * The DriverAdapterCPDS also provides {@code PreparedStatement} pooling which is not generally available in jdbc2
- * {@code ConnectionPoolDataSource} implementation, but is addressed within the JDBC 3 specification. The
- * {@code PreparedStatement} pool in DriverAdapterCPDS has been in the DBCP package for some time, but it has not
+ * The DriverAdapterCPDS also provides {@link PreparedStatement} pooling which is not generally available in jdbc2
+ * {@link ConnectionPoolDataSource} implementation, but is addressed within the JDBC 3 specification. The
+ * {@link PreparedStatement} pool in DriverAdapterCPDS has been in the DBCP package for some time, but it has not
* undergone extensive testing in the configuration used here. It should be considered experimental and can be toggled
* with the poolPreparedStatements attribute.
*
@@ -110,7 +113,7 @@
static {
// Attempt to prevent deadlocks - see DBCP-272
- DriverManager.getDrivers();
+ DriverManager.getDrivers(); // NOPMD
}
/** Description */
@@ -129,19 +132,28 @@
private String driver;
/** Login TimeOut in seconds */
- private int loginTimeout;
+ private volatile int loginTimeout;
/** Log stream. NOT USED */
private transient PrintWriter logWriter;
- // PreparedStatement pool properties
- private boolean poolPreparedStatements;
- private int maxIdle = 10;
+ /** PreparedStatement pool property defaults to false. */
+ private volatile boolean poolPreparedStatements;
+
+ /** PreparedStatement pool property defaults to 10. */
+ private volatile int maxIdle = 10;
+
+ /** PreparedStatement pool property defaults to {@link BaseObjectPoolConfig#DEFAULT_DURATION_BETWEEN_EVICTION_RUNS}. */
private Duration durationBetweenEvictionRuns = BaseObjectPoolConfig.DEFAULT_DURATION_BETWEEN_EVICTION_RUNS;
- private int numTestsPerEvictionRun = -1;
+
+ /** PreparedStatement pool property defaults to -1. */
+ private volatile int numTestsPerEvictionRun = -1;
+
+ /** PreparedStatement pool property defaults to {@link BaseObjectPoolConfig#DEFAULT_MIN_EVICTABLE_IDLE_DURATION}. */
private Duration minEvictableIdleDuration = BaseObjectPoolConfig.DEFAULT_MIN_EVICTABLE_IDLE_DURATION;
- private int maxPreparedStatements = -1;
+ /** Maximum number of prepared statements, defaults to -1, meaning no limit. */
+ private volatile int maxPreparedStatements = -1;
/** Whether or not getConnection has been called */
private volatile boolean getConnectionCalled;
@@ -248,7 +260,7 @@
/**
* Gets the maximum number of prepared statements.
*
- * @return maxPrepartedStatements value
+ * @return maxPrepartedStatements, defaults to -1, meaning no limit.
*/
public int getMaxPreparedStatements() {
return maxPreparedStatements;
@@ -537,7 +549,7 @@
}
/**
- * Whether to toggle the pooling of {@code PreparedStatement}s
+ * Tests whether to toggle the pooling of {@link PreparedStatement}s
*
* @return value of poolPreparedStatements.
*/
@@ -656,7 +668,7 @@
/**
* Sets the maximum number of prepared statements.
*
- * @param maxPreparedStatements the new maximum number of prepared statements
+ * @param maxPreparedStatements the new maximum number of prepared statements, <= 0 means no limit.
*/
public void setMaxPreparedStatements(final int maxPreparedStatements) {
this.maxPreparedStatements = maxPreparedStatements;
@@ -736,7 +748,7 @@
}
/**
- * Whether to toggle the pooling of {@code PreparedStatement}s
+ * Sets whether to toggle the pooling of {@link PreparedStatement}s
*
* @param poolPreparedStatements true to pool statements.
* @throws IllegalStateException if {@link #getPooledConnection()} has been called
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/PStmtKeyCPDS.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/PStmtKeyCPDS.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/PStmtKeyCPDS.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/PStmtKeyCPDS.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -17,6 +17,8 @@
package org.apache.tomcat.dbcp.dbcp2.cpdsadapter;
import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.Statement;
import org.apache.tomcat.dbcp.dbcp2.PStmtKey;
@@ -46,7 +48,7 @@
* The SQL statement.
* @param autoGeneratedKeys
* A flag indicating whether auto-generated keys should be returned; one of
- * {@code Statement.RETURN_GENERATED_KEYS} or {@code Statement.NO_GENERATED_KEYS}.
+ * {@link Statement#RETURN_GENERATED_KEYS} or {@link Statement#NO_GENERATED_KEYS}.
*/
public PStmtKeyCPDS(final String sql, final int autoGeneratedKeys) {
super(sql, null, autoGeneratedKeys);
@@ -58,11 +60,11 @@
* @param sql
* The SQL statement.
* @param resultSetType
- * A result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
+ * A result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
* @param resultSetConcurrency
- * A concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
+ * A concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
*/
public PStmtKeyCPDS(final String sql, final int resultSetType, final int resultSetConcurrency) {
super(sql, resultSetType, resultSetConcurrency);
@@ -74,14 +76,14 @@
* @param sql
* The SQL statement.
* @param resultSetType
- * a result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
+ * a result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
* @param resultSetConcurrency
- * A concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}
+ * A concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}
* @param resultSetHoldability
- * One of the following {@code ResultSet} constants: {@code ResultSet.HOLD_CURSORS_OVER_COMMIT}
- * or {@code ResultSet.CLOSE_CURSORS_AT_COMMIT}.
+ * One of the following {@link ResultSet} constants: {@link ResultSet#HOLD_CURSORS_OVER_COMMIT}
+ * or {@link ResultSet#CLOSE_CURSORS_AT_COMMIT}.
*/
public PStmtKeyCPDS(final String sql, final int resultSetType, final int resultSetConcurrency,
final int resultSetHoldability) {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/PooledConnectionImpl.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/PooledConnectionImpl.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/PooledConnectionImpl.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/PooledConnectionImpl.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -19,6 +19,7 @@
import java.sql.CallableStatement;
import java.sql.Connection;
import java.sql.PreparedStatement;
+import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
@@ -81,10 +82,10 @@
/**
* Flag set to true, once {@link #close()} is called.
*/
- private boolean closed;
+ private volatile boolean closed;
/** My pool of {@link PreparedStatement}s. */
- private KeyedObjectPool pStmtPool;
+ private KeyedObjectPool stmtPool;
/**
* Controls access to the underlying connection.
@@ -146,8 +147,8 @@
}
/**
- * Closes the physical connection and marks this {@code PooledConnection} so that it may not be used to
- * generate any more logical {@code Connection}s.
+ * Closes the physical connection and marks this {@link PooledConnection} so that it may not be used to
+ * generate any more logical {@link Connection}s.
*
* @throws SQLException
* Thrown when an error occurs or the connection is already closed.
@@ -157,11 +158,11 @@
assertOpen();
closed = true;
try {
- if (pStmtPool != null) {
+ if (stmtPool != null) {
try {
- pStmtPool.close();
+ stmtPool.close();
} finally {
- pStmtPool = null;
+ stmtPool = null;
}
}
} catch (final RuntimeException e) {
@@ -195,7 +196,7 @@
* The SQL statement.
* @param autoGeneratedKeys
* A flag indicating whether auto-generated keys should be returned; one of
- * {@code Statement.RETURN_GENERATED_KEYS} or {@code Statement.NO_GENERATED_KEYS}.
+ * {@link Statement#RETURN_GENERATED_KEYS} or {@link Statement#NO_GENERATED_KEYS}.
* @return a key to uniquely identify a prepared statement.
*/
protected PStmtKey createKey(final String sql, final int autoGeneratedKeys) {
@@ -208,11 +209,11 @@
* @param sql
* The SQL statement.
* @param resultSetType
- * A result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
+ * A result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
* @param resultSetConcurrency
- * A concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
+ * A concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
* @return a key to uniquely identify a prepared statement.
*/
protected PStmtKey createKey(final String sql, final int resultSetType, final int resultSetConcurrency) {
@@ -225,14 +226,14 @@
* @param sql
* The SQL statement.
* @param resultSetType
- * a result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
+ * a result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
* @param resultSetConcurrency
- * A concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}
+ * A concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}
* @param resultSetHoldability
- * One of the following {@code ResultSet} constants: {@code ResultSet.HOLD_CURSORS_OVER_COMMIT}
- * or {@code ResultSet.CLOSE_CURSORS_AT_COMMIT}.
+ * One of the following {@link ResultSet} constants: {@link ResultSet#HOLD_CURSORS_OVER_COMMIT}
+ * or {@link ResultSet#CLOSE_CURSORS_AT_COMMIT}.
* @return a key to uniquely identify a prepared statement.
*/
protected PStmtKey createKey(final String sql, final int resultSetType, final int resultSetConcurrency, final int resultSetHoldability) {
@@ -245,21 +246,21 @@
* @param sql
* The SQL statement.
* @param resultSetType
- * a result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}
+ * a result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}
* @param resultSetConcurrency
- * A concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
+ * A concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
* @param resultSetHoldability
- * One of the following {@code ResultSet} constants: {@code ResultSet.HOLD_CURSORS_OVER_COMMIT}
- * or {@code ResultSet.CLOSE_CURSORS_AT_COMMIT}.
+ * One of the following {@link ResultSet} constants: {@link ResultSet#HOLD_CURSORS_OVER_COMMIT}
+ * or {@link ResultSet#CLOSE_CURSORS_AT_COMMIT}.
* @param statementType
* The SQL statement type, prepared or callable.
* @return a key to uniquely identify a prepared statement.
* @since 2.4.0
*/
protected PStmtKey createKey(final String sql, final int resultSetType, final int resultSetConcurrency, final int resultSetHoldability,
- final StatementType statementType) {
+ final StatementType statementType) {
return new PStmtKey(sql, getCatalogOrNull(), getSchemaOrNull(), resultSetType, resultSetConcurrency, resultSetHoldability, statementType);
}
@@ -269,11 +270,11 @@
* @param sql
* The SQL statement.
* @param resultSetType
- * A result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
+ * A result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
* @param resultSetConcurrency
- * A concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
+ * A concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
* @param statementType
* The SQL statement type, prepared or callable.
* @return a key to uniquely identify a prepared statement.
@@ -424,13 +425,13 @@
if (key.getStmtType() == StatementType.PREPARED_STATEMENT) {
final PreparedStatement statement = (PreparedStatement) key.createStatement(connection);
@SuppressWarnings({"rawtypes", "unchecked" }) // Unable to find way to avoid this
- final PoolablePreparedStatement pps = new PoolablePreparedStatement(statement, key, pStmtPool,
+ final PoolablePreparedStatement pps = new PoolablePreparedStatement(statement, key, stmtPool,
delegatingConnection);
return new DefaultPooledObject<>(pps);
}
final CallableStatement statement = (CallableStatement) key.createStatement(connection);
@SuppressWarnings("unchecked")
- final PoolableCallableStatement pcs = new PoolableCallableStatement(statement, key, pStmtPool,
+ final PoolableCallableStatement pcs = new PoolableCallableStatement(statement, key, stmtPool,
(DelegatingConnection) delegatingConnection);
return new DefaultPooledObject<>(pcs);
}
@@ -466,17 +467,17 @@
* @param sql
* an SQL statement that may contain one or more '?' parameter placeholders. Typically, this statement is
* specified using JDBC call escape syntax.
- * @return a default {@code CallableStatement} object containing the pre-compiled SQL statement.
+ * @return a default {@link CallableStatement} object containing the pre-compiled SQL statement.
* @throws SQLException
* Thrown if a database access error occurs or this method is called on a closed connection.
* @since 2.4.0
*/
CallableStatement prepareCall(final String sql) throws SQLException {
- if (pStmtPool == null) {
+ if (stmtPool == null) {
return getRawConnection().prepareCall(sql);
}
try {
- return (CallableStatement) pStmtPool.borrowObject(createKey(sql, StatementType.CALLABLE_STATEMENT));
+ return (CallableStatement) stmtPool.borrowObject(createKey(sql, StatementType.CALLABLE_STATEMENT));
} catch (final RuntimeException e) {
throw e;
} catch (final Exception e) {
@@ -488,28 +489,28 @@
* Creates or obtains a {@link CallableStatement} from my pool.
*
* @param sql
- * a {@code String} object that is the SQL statement to be sent to the database; may contain on or
+ * a {@link String} object that is the SQL statement to be sent to the database; may contain on or
* more '?' parameters.
* @param resultSetType
- * a result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
+ * a result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
* @param resultSetConcurrency
- * a concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
- * @return a {@code CallableStatement} object containing the pre-compiled SQL statement that will produce
- * {@code ResultSet} objects with the given type and concurrency.
+ * a concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
+ * @return a {@link CallableStatement} object containing the pre-compiled SQL statement that will produce
+ * {@link ResultSet} objects with the given type and concurrency.
* @throws SQLException
* Thrown if a database access error occurs, this method is called on a closed connection or the given
- * parameters are not {@code ResultSet} constants indicating type and concurrency.
+ * parameters are not {@link ResultSet} constants indicating type and concurrency.
* @since 2.4.0
*/
CallableStatement prepareCall(final String sql, final int resultSetType, final int resultSetConcurrency)
throws SQLException {
- if (pStmtPool == null) {
+ if (stmtPool == null) {
return getRawConnection().prepareCall(sql, resultSetType, resultSetConcurrency);
}
try {
- return (CallableStatement) pStmtPool.borrowObject(
+ return (CallableStatement) stmtPool.borrowObject(
createKey(sql, resultSetType, resultSetConcurrency, StatementType.CALLABLE_STATEMENT));
} catch (final RuntimeException e) {
throw e;
@@ -522,31 +523,31 @@
* Creates or obtains a {@link CallableStatement} from my pool.
*
* @param sql
- * a {@code String} object that is the SQL statement to be sent to the database; may contain on or
+ * a {@link String} object that is the SQL statement to be sent to the database; may contain on or
* more '?' parameters.
* @param resultSetType
- * one of the following {@code ResultSet} constants: {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
+ * one of the following {@link ResultSet} constants: {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
* @param resultSetConcurrency
- * one of the following {@code ResultSet} constants: {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
+ * one of the following {@link ResultSet} constants: {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
* @param resultSetHoldability
- * one of the following {@code ResultSet} constants: {@code ResultSet.HOLD_CURSORS_OVER_COMMIT}
- * or {@code ResultSet.CLOSE_CURSORS_AT_COMMIT}.
- * @return a new {@code CallableStatement} object, containing the pre-compiled SQL statement, that will
- * generate {@code ResultSet} objects with the given type, concurrency, and holdability.
+ * one of the following {@link ResultSet} constants: {@link ResultSet#HOLD_CURSORS_OVER_COMMIT}
+ * or {@link ResultSet#CLOSE_CURSORS_AT_COMMIT}.
+ * @return a new {@link CallableStatement} object, containing the pre-compiled SQL statement, that will
+ * generate {@link ResultSet} objects with the given type, concurrency, and holdability.
* @throws SQLException
* Thrown if a database access error occurs, this method is called on a closed connection or the given
- * parameters are not {@code ResultSet} constants indicating type, concurrency, and holdability.
+ * parameters are not {@link ResultSet} constants indicating type, concurrency, and holdability.
* @since 2.4.0
*/
CallableStatement prepareCall(final String sql, final int resultSetType, final int resultSetConcurrency,
final int resultSetHoldability) throws SQLException {
- if (pStmtPool == null) {
+ if (stmtPool == null) {
return getRawConnection().prepareCall(sql, resultSetType, resultSetConcurrency, resultSetHoldability);
}
try {
- return (CallableStatement) pStmtPool.borrowObject(createKey(sql, resultSetType, resultSetConcurrency,
+ return (CallableStatement) stmtPool.borrowObject(createKey(sql, resultSetType, resultSetConcurrency,
resultSetHoldability, StatementType.CALLABLE_STATEMENT));
} catch (final RuntimeException e) {
throw e;
@@ -564,11 +565,11 @@
* the borrow failed.
*/
PreparedStatement prepareStatement(final String sql) throws SQLException {
- if (pStmtPool == null) {
+ if (stmtPool == null) {
return getRawConnection().prepareStatement(sql);
}
try {
- return pStmtPool.borrowObject(createKey(sql));
+ return stmtPool.borrowObject(createKey(sql));
} catch (final RuntimeException e) {
throw e;
} catch (final Exception e) {
@@ -583,18 +584,18 @@
* an SQL statement that may contain one or more '?' IN parameter placeholders.
* @param autoGeneratedKeys
* a flag indicating whether auto-generated keys should be returned; one of
- * {@code Statement.RETURN_GENERATED_KEYS} or {@code Statement.NO_GENERATED_KEYS}.
+ * {@link Statement#RETURN_GENERATED_KEYS} or {@link Statement#NO_GENERATED_KEYS}.
* @return a {@link PoolablePreparedStatement}
* @throws SQLException Thrown if a database access error occurs, this method is called on a closed connection, or
* the borrow failed.
* @see Connection#prepareStatement(String, int)
*/
PreparedStatement prepareStatement(final String sql, final int autoGeneratedKeys) throws SQLException {
- if (pStmtPool == null) {
+ if (stmtPool == null) {
return getRawConnection().prepareStatement(sql, autoGeneratedKeys);
}
try {
- return pStmtPool.borrowObject(createKey(sql, autoGeneratedKeys));
+ return stmtPool.borrowObject(createKey(sql, autoGeneratedKeys));
} catch (final RuntimeException e) {
throw e;
} catch (final Exception e) {
@@ -606,14 +607,14 @@
* Creates or obtains a {@link PreparedStatement} from my pool.
*
* @param sql
- * a {@code String} object that is the SQL statement to be sent to the database; may contain one or
+ * a {@link String} object that is the SQL statement to be sent to the database; may contain one or
* more '?' IN parameters.
* @param resultSetType
- * a result set type; one of {@code ResultSet.TYPE_FORWARD_ONLY},
- * {@code ResultSet.TYPE_SCROLL_INSENSITIVE}, or {@code ResultSet.TYPE_SCROLL_SENSITIVE}.
+ * a result set type; one of {@link ResultSet#TYPE_FORWARD_ONLY},
+ * {@link ResultSet#TYPE_SCROLL_INSENSITIVE}, or {@link ResultSet#TYPE_SCROLL_SENSITIVE}.
* @param resultSetConcurrency
- * a concurrency type; one of {@code ResultSet.CONCUR_READ_ONLY} or
- * {@code ResultSet.CONCUR_UPDATABLE}.
+ * a concurrency type; one of {@link ResultSet#CONCUR_READ_ONLY} or
+ * {@link ResultSet#CONCUR_UPDATABLE}.
*
* @return a {@link PoolablePreparedStatement}.
* @throws SQLException Thrown if a database access error occurs, this method is called on a closed connection, or
@@ -622,11 +623,11 @@
*/
PreparedStatement prepareStatement(final String sql, final int resultSetType, final int resultSetConcurrency)
throws SQLException {
- if (pStmtPool == null) {
+ if (stmtPool == null) {
return getRawConnection().prepareStatement(sql, resultSetType, resultSetConcurrency);
}
try {
- return pStmtPool.borrowObject(createKey(sql, resultSetType, resultSetConcurrency));
+ return stmtPool.borrowObject(createKey(sql, resultSetType, resultSetConcurrency));
} catch (final RuntimeException e) {
throw e;
} catch (final Exception e) {
@@ -636,11 +637,11 @@
PreparedStatement prepareStatement(final String sql, final int resultSetType, final int resultSetConcurrency,
final int resultSetHoldability) throws SQLException {
- if (pStmtPool == null) {
+ if (stmtPool == null) {
return getRawConnection().prepareStatement(sql, resultSetType, resultSetConcurrency, resultSetHoldability);
}
try {
- return pStmtPool.borrowObject(createKey(sql, resultSetType, resultSetConcurrency, resultSetHoldability));
+ return stmtPool.borrowObject(createKey(sql, resultSetType, resultSetConcurrency, resultSetHoldability));
} catch (final RuntimeException e) {
throw e;
} catch (final Exception e) {
@@ -649,11 +650,11 @@
}
PreparedStatement prepareStatement(final String sql, final int[] columnIndexes) throws SQLException {
- if (pStmtPool == null) {
+ if (stmtPool == null) {
return getRawConnection().prepareStatement(sql, columnIndexes);
}
try {
- return pStmtPool.borrowObject(createKey(sql, columnIndexes));
+ return stmtPool.borrowObject(createKey(sql, columnIndexes));
} catch (final RuntimeException e) {
throw e;
} catch (final Exception e) {
@@ -662,11 +663,11 @@
}
PreparedStatement prepareStatement(final String sql, final String[] columnNames) throws SQLException {
- if (pStmtPool == null) {
+ if (stmtPool == null) {
return getRawConnection().prepareStatement(sql, columnNames);
}
try {
- return pStmtPool.borrowObject(createKey(sql, columnNames));
+ return stmtPool.borrowObject(createKey(sql, columnNames));
} catch (final RuntimeException e) {
throw e;
} catch (final Exception e) {
@@ -699,7 +700,7 @@
}
public void setStatementPool(final KeyedObjectPool statementPool) {
- pStmtPool = statementPool;
+ stmtPool = statementPool;
}
/**
@@ -720,8 +721,8 @@
builder.append(statementEventListeners);
builder.append(", closed=");
builder.append(closed);
- builder.append(", pStmtPool=");
- builder.append(pStmtPool);
+ builder.append(", stmtPool=");
+ builder.append(stmtPool);
builder.append(", accessToUnderlyingConnectionAllowed=");
builder.append(accessToUnderlyingConnectionAllowed);
builder.append("]");
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/package-info.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/package-info.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/package-info.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/package-info.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/AbstractConnectionFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/AbstractConnectionFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/AbstractConnectionFactory.java 1970-01-01 00:00:00.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/AbstractConnectionFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -0,0 +1,147 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.tomcat.dbcp.dbcp2.datasources;
+
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.time.Duration;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.sql.ConnectionPoolDataSource;
+import javax.sql.PooledConnection;
+
+import org.apache.tomcat.dbcp.dbcp2.Utils;
+import org.apache.tomcat.dbcp.pool2.PooledObject;
+
+/**
+ * Abstracts services for connection factories in this package.
+ */
+class AbstractConnectionFactory {
+
+ protected final ConnectionPoolDataSource cpds;
+ protected Duration maxConnDuration = Duration.ofMillis(-1);
+ protected final boolean rollbackAfterValidation;
+
+ /**
+ * Map of PooledConnectionAndInfo instances
+ */
+ protected final Map pcMap = new ConcurrentHashMap<>();
+
+ /**
+ * Map of PooledConnections for which close events are ignored. Connections are muted when they are being validated.
+ */
+ protected final Set validatingSet = Collections.newSetFromMap(new ConcurrentHashMap<>());
+ protected final String validationQuery;
+ protected final Duration validationQueryTimeoutDuration;
+
+ AbstractConnectionFactory(final ConnectionPoolDataSource cpds, final String validationQuery,
+ final Duration validationQueryTimeoutDuration, final boolean rollbackAfterValidation) {
+ this.cpds = cpds;
+ this.validationQuery = validationQuery;
+ this.validationQueryTimeoutDuration = validationQueryTimeoutDuration;
+ this.rollbackAfterValidation = rollbackAfterValidation;
+ }
+
+ /**
+ * Sets the maximum lifetime of a connection after which the connection will always fail activation,
+ * passivation and validation.
+ *
+ * @param duration
+ * A value of zero or less indicates an infinite lifetime. The default value is -1 milliseconds.
+ * @since 2.10.0
+ */
+ void setMaxConn(final Duration duration) {
+ this.maxConnDuration = duration;
+ }
+
+ /**
+ * Converts a duration to seconds where a duration less than one second becomes 1 second.
+ *
+ * @param duration the duration to convert.
+ * @return a duration to seconds where a duration less than one second becomes 1 second.
+ * @throws ArithmeticException if the query validation timeout does not fit as seconds in an int.
+ */
+ private int toSeconds(final Duration duration) {
+ if (duration.isNegative() || duration.isZero()) {
+ return 0;
+ }
+ final long seconds = validationQueryTimeoutDuration.getSeconds();
+ return seconds != 0 ? Math.toIntExact(seconds) : 1;
+ }
+
+ protected void validateLifetime(final PooledObject pooledObject) throws SQLException {
+ Utils.validateLifetime(pooledObject, maxConnDuration);
+ }
+
+ public boolean validateObject(final PooledObject pooledObject) {
+ try {
+ validateLifetime(pooledObject);
+ } catch (final Exception e) {
+ return false;
+ }
+ boolean valid = false;
+ final PooledConnection pooledConn = pooledObject.getObject().getPooledConnection();
+ Connection conn = null;
+ // logical Connection from the PooledConnection must be closed
+ // before another one can be requested and closing it will
+ // generate an event. Keep track so we know not to return
+ // the PooledConnection
+ validatingSet.add(pooledConn);
+ try {
+ final int timeoutSeconds = toSeconds(validationQueryTimeoutDuration);
+ if (validationQuery == null) {
+ try {
+ conn = pooledConn.getConnection();
+ valid = conn.isValid(timeoutSeconds);
+ } catch (final SQLException e) {
+ valid = false;
+ }
+ } else {
+ Statement stmt = null;
+ ResultSet rset = null;
+ try {
+ conn = pooledConn.getConnection();
+ stmt = conn.createStatement();
+ if (timeoutSeconds > 0) {
+ stmt.setQueryTimeout(timeoutSeconds);
+ }
+ rset = stmt.executeQuery(validationQuery);
+ valid = rset.next();
+ if (rollbackAfterValidation) {
+ conn.rollback();
+ }
+ } catch (final Exception e) {
+ valid = false;
+ } finally {
+ Utils.closeQuietly((AutoCloseable) rset);
+ Utils.closeQuietly((AutoCloseable) stmt);
+ }
+ }
+ } finally {
+ Utils.closeQuietly((AutoCloseable) conn);
+ validatingSet.remove(pooledConn);
+ }
+ return valid;
+ }
+
+}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/CPDSConnectionFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/CPDSConnectionFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/CPDSConnectionFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/CPDSConnectionFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -17,21 +17,14 @@
package org.apache.tomcat.dbcp.dbcp2.datasources;
import java.sql.Connection;
-import java.sql.ResultSet;
import java.sql.SQLException;
-import java.sql.Statement;
import java.time.Duration;
-import java.util.Collections;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
import javax.sql.ConnectionEvent;
import javax.sql.ConnectionEventListener;
import javax.sql.ConnectionPoolDataSource;
import javax.sql.PooledConnection;
-import org.apache.tomcat.dbcp.dbcp2.Utils;
import org.apache.tomcat.dbcp.pool2.ObjectPool;
import org.apache.tomcat.dbcp.pool2.PooledObject;
import org.apache.tomcat.dbcp.pool2.PooledObjectFactory;
@@ -42,31 +35,16 @@
*
* @since 2.0
*/
-final class CPDSConnectionFactory
+final class CPDSConnectionFactory extends AbstractConnectionFactory
implements PooledObjectFactory, ConnectionEventListener, PooledConnectionManager {
private static final String NO_KEY_MESSAGE = "close() was called on a Connection, but I have no record of the underlying PooledConnection.";
- private final ConnectionPoolDataSource cpds;
- private final String validationQuery;
- private final Duration validationQueryTimeoutDuration;
- private final boolean rollbackAfterValidation;
private ObjectPool pool;
private UserPassKey userPassKey;
- private Duration maxConnDuration = Duration.ofMillis(-1);
/**
- * Map of PooledConnections for which close events are ignored. Connections are muted when they are being validated.
- */
- private final Set validatingSet = Collections.newSetFromMap(new ConcurrentHashMap<>());
-
- /**
- * Map of PooledConnectionAndInfo instances
- */
- private final Map pcMap = new ConcurrentHashMap<>();
-
- /**
- * Creates a new {@code PoolableConnectionFactory}.
+ * Creates a new {@link PoolableConnectionFactory}.
*
* @param cpds
* the ConnectionPoolDataSource from which to obtain PooledConnection's
@@ -86,97 +64,14 @@
*/
CPDSConnectionFactory(final ConnectionPoolDataSource cpds, final String validationQuery,
final Duration validationQueryTimeoutDuration, final boolean rollbackAfterValidation, final String userName,
- final char[] userPassword) {
- this.cpds = cpds;
- this.validationQuery = validationQuery;
- this.validationQueryTimeoutDuration = validationQueryTimeoutDuration;
+ final char[] userPassword) {
+ super(cpds, validationQuery, validationQueryTimeoutDuration, rollbackAfterValidation);
this.userPassKey = new UserPassKey(userName, userPassword);
- this.rollbackAfterValidation = rollbackAfterValidation;
- }
-
- /**
- * Creates a new {@code PoolableConnectionFactory}.
- *
- * @param cpds
- * the ConnectionPoolDataSource from which to obtain PooledConnection's
- * @param validationQuery
- * a query to use to {@link #validateObject validate} {@link Connection}s. Should return at least one
- * row. May be {@code null} in which case {@link Connection#isValid(int)} will be used to validate
- * connections.
- * @param validationQueryTimeoutDuration
- * Timeout in seconds before validation fails
- * @param rollbackAfterValidation
- * whether a rollback should be issued after {@link #validateObject validating} {@link Connection}s.
- * @param userName
- * The user name to use to create connections
- * @param userPassword
- * The password to use to create connections
- * @since 2.10.0
- */
- CPDSConnectionFactory(final ConnectionPoolDataSource cpds, final String validationQuery, final Duration validationQueryTimeoutDuration,
- final boolean rollbackAfterValidation, final String userName, final String userPassword) {
- this(cpds, validationQuery, validationQueryTimeoutDuration, rollbackAfterValidation, userName, Utils.toCharArray(userPassword));
- }
-
- /**
- * Creates a new {@code PoolableConnectionFactory}.
- *
- * @param cpds
- * the ConnectionPoolDataSource from which to obtain PooledConnection's
- * @param validationQuery
- * a query to use to {@link #validateObject validate} {@link Connection}s. Should return at least one
- * row. May be {@code null} in which case {@link Connection#isValid(int)} will be used to validate
- * connections.
- * @param validationQueryTimeoutSeconds
- * Timeout in seconds before validation fails
- * @param rollbackAfterValidation
- * whether a rollback should be issued after {@link #validateObject validating} {@link Connection}s.
- * @param userName
- * The user name to use to create connections
- * @param userPassword
- * The password to use to create connections
- * @since 2.4.0
- * @deprecated Use {@link #CPDSConnectionFactory(ConnectionPoolDataSource, String, Duration, boolean, String, char[])}.
- */
- @Deprecated
- CPDSConnectionFactory(final ConnectionPoolDataSource cpds, final String validationQuery,
- final int validationQueryTimeoutSeconds, final boolean rollbackAfterValidation, final String userName,
- final char[] userPassword) {
- this.cpds = cpds;
- this.validationQuery = validationQuery;
- this.validationQueryTimeoutDuration = Duration.ofSeconds(validationQueryTimeoutSeconds);
- this.userPassKey = new UserPassKey(userName, userPassword);
- this.rollbackAfterValidation = rollbackAfterValidation;
- }
-
- /**
- * Creates a new {@code PoolableConnectionFactory}.
- *
- * @param cpds
- * the ConnectionPoolDataSource from which to obtain PooledConnection's
- * @param validationQuery
- * a query to use to {@link #validateObject validate} {@link Connection}s. Should return at least one
- * row. May be {@code null} in which case {@link Connection#isValid(int)} will be used to validate
- * connections.
- * @param validationQueryTimeoutSeconds
- * Timeout in seconds before validation fails
- * @param rollbackAfterValidation
- * whether a rollback should be issued after {@link #validateObject validating} {@link Connection}s.
- * @param userName
- * The user name to use to create connections
- * @param userPassword
- * The password to use to create connections
- * @deprecated Use {@link #CPDSConnectionFactory(ConnectionPoolDataSource, String, Duration, boolean, String, String)}.
- */
- @Deprecated
- CPDSConnectionFactory(final ConnectionPoolDataSource cpds, final String validationQuery, final int validationQueryTimeoutSeconds,
- final boolean rollbackAfterValidation, final String userName, final String userPassword) {
- this(cpds, validationQuery, validationQueryTimeoutSeconds, rollbackAfterValidation, userName, Utils.toCharArray(userPassword));
}
@Override
- public void activateObject(final PooledObject p) throws SQLException {
- validateLifetime(p);
+ public void activateObject(final PooledObject pooledObject) throws SQLException {
+ validateLifetime(pooledObject);
}
/**
@@ -216,7 +111,7 @@
try {
pool.returnObject(pci);
} catch (final Exception e) {
- System.err.println("CLOSING DOWN CONNECTION AS IT COULD " + "NOT BE RETURNED TO THE POOL");
+ System.err.println("CLOSING DOWN CONNECTION AS IT COULD NOT BE RETURNED TO THE POOL");
pc.removeConnectionEventListener(this);
try {
doDestroyObject(pci);
@@ -296,8 +191,9 @@
throw new IllegalStateException(NO_KEY_MESSAGE);
}
try {
- pool.invalidateObject(pci); // Destroy instance and update pool counters
pool.close(); // Clear any other instances in this pool and kill others as they come back
+ // Calling close before invalidate ensures that invalidate will not trigger a create attempt
+ pool.invalidateObject(pci); // Destroy instance and update pool counters
} catch (final Exception ex) {
throw new SQLException("Error invalidating connection", ex);
}
@@ -328,50 +224,12 @@
}
/**
- * Sets the maximum Duration of a connection after which the connection will always fail activation,
- * passivation and validation.
- *
- * @param maxConnDuration
- * A value of zero or less indicates an infinite lifetime. The default value is -1 milliseconds.
- * @since 2.10.0
- */
- public void setMaxConn(final Duration maxConnDuration) {
- this.maxConnDuration = maxConnDuration;
- }
-
- /**
- * Sets the maximum lifetime in milliseconds of a connection after which the connection will always fail activation,
- * passivation and validation.
- *
- * @param maxConnDuration
- * A value of zero or less indicates an infinite lifetime. The default value is -1 milliseconds.
- * @since 2.9.0
- * @deprecated Use {@link #setMaxConn(Duration)}.
- */
- @Deprecated
- public void setMaxConnLifetime(final Duration maxConnDuration) {
- this.maxConnDuration = maxConnDuration;
- }
-
- /**
- * Sets the maximum lifetime in milliseconds of a connection after which the connection will always fail activation,
- * passivation and validation.
- *
- * @param maxConnLifetimeMillis
- * A value of zero or less indicates an infinite lifetime. The default value is -1.
- * @deprecated Use {@link #setMaxConn(Duration)}.
- */
- @Deprecated
- public void setMaxConnLifetimeMillis(final long maxConnLifetimeMillis) {
- setMaxConnLifetime(Duration.ofMillis(maxConnLifetimeMillis));
- }
-
- /**
* Sets the database password used when creating new connections.
*
* @param userPassword
* new password
*/
+ @Override
public synchronized void setPassword(final char[] userPassword) {
this.userPassKey = new UserPassKey(userPassKey.getUserName(), userPassword);
}
@@ -420,61 +278,4 @@
builder.append("]");
return builder.toString();
}
-
- private void validateLifetime(final PooledObject p) throws SQLException {
- Utils.validateLifetime(p, maxConnDuration);
- }
-
- @Override
- public boolean validateObject(final PooledObject p) {
- try {
- validateLifetime(p);
- } catch (final Exception e) {
- return false;
- }
- boolean valid = false;
- final PooledConnection pconn = p.getObject().getPooledConnection();
- Connection conn = null;
- validatingSet.add(pconn);
- if (null == validationQuery) {
- Duration timeoutDuration = validationQueryTimeoutDuration;
- if (timeoutDuration.isNegative()) {
- timeoutDuration = Duration.ZERO;
- }
- try {
- conn = pconn.getConnection();
- valid = conn.isValid((int) timeoutDuration.getSeconds());
- } catch (final SQLException e) {
- valid = false;
- } finally {
- Utils.closeQuietly((AutoCloseable) conn);
- validatingSet.remove(pconn);
- }
- } else {
- Statement stmt = null;
- ResultSet rset = null;
- // logical Connection from the PooledConnection must be closed
- // before another one can be requested and closing it will
- // generate an event. Keep track so we know not to return
- // the PooledConnection
- validatingSet.add(pconn);
- try {
- conn = pconn.getConnection();
- stmt = conn.createStatement();
- rset = stmt.executeQuery(validationQuery);
- valid = rset.next();
- if (rollbackAfterValidation) {
- conn.rollback();
- }
- } catch (final Exception e) {
- valid = false;
- } finally {
- Utils.closeQuietly((AutoCloseable) rset);
- Utils.closeQuietly((AutoCloseable) stmt);
- Utils.closeQuietly((AutoCloseable) conn);
- validatingSet.remove(pconn);
- }
- }
- return valid;
- }
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/CharArray.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/CharArray.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/CharArray.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/CharArray.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -23,19 +23,18 @@
import org.apache.tomcat.dbcp.dbcp2.Utils;
/**
- * A {@code char} array wrapper that does not reveal its contents inadvertently through toString(). In contrast to, for
- * example, AtomicReference which toString()'s its contents.
- *
+ * A {@code char} array wrapper that does not reveal its contents inadvertently through toString(). In contrast to, for example, AtomicReference which
+ * toString()'s its contents.
+ *
* May contain null.
+ *
*
* @since 2.9.0
*/
final class CharArray implements Serializable {
- private static final long serialVersionUID = 1L;
-
static final CharArray NULL = new CharArray((char[]) null);
-
+ private static final long serialVersionUID = 1L;
private final char[] chars;
CharArray(final char[] chars) {
@@ -55,6 +54,18 @@
return Utils.toString(chars);
}
+ /**
+ * Clears the content of the char array.
+ *
+ * @return {@code this} instance.
+ */
+ CharArray clear() {
+ if (chars != null) {
+ Arrays.fill(chars, '\0');
+ }
+ return this;
+ }
+
@Override
public boolean equals(final Object obj) {
if (this == obj) {
@@ -80,5 +91,4 @@
public int hashCode() {
return Arrays.hashCode(chars);
}
-
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/InstanceKeyDataSource.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/InstanceKeyDataSource.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/InstanceKeyDataSource.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/InstanceKeyDataSource.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -41,30 +41,30 @@
/**
*
- * The base class for {@code SharedPoolDataSource} and {@code PerUserPoolDataSource}. Many of the
+ * The base class for {@link SharedPoolDataSource} and {@link PerUserPoolDataSource}. Many of the
* configuration properties are shared and defined here. This class is declared public in order to allow particular
* usage with commons-beanutils; do not make direct use of it outside of commons-dbcp2.
*
*
*
- * A J2EE container will normally provide some method of initializing the {@code DataSource} whose attributes are
+ * A J2EE container will normally provide some method of initializing the {@link DataSource} whose attributes are
* presented as bean getters/setters and then deploying it via JNDI. It is then available to an application as a source
* of pooled logical connections to the database. The pool needs a source of physical connections. This source is in the
- * form of a {@code ConnectionPoolDataSource} that can be specified via the {@link #setDataSourceName(String)} used
+ * form of a {@link ConnectionPoolDataSource} that can be specified via the {@link #setDataSourceName(String)} used
* to lookup the source via JNDI.
*
*
*
* Although normally used within a JNDI environment, A DataSource can be instantiated and initialized as any bean. In
- * this case the {@code ConnectionPoolDataSource} will likely be instantiated in a similar manner. This class
+ * this case the {@link ConnectionPoolDataSource} will likely be instantiated in a similar manner. This class
* allows the physical source of connections to be attached directly to this pool using the
* {@link #setConnectionPoolDataSource(ConnectionPoolDataSource)} method.
*
*
*
* The dbcp package contains an adapter, {@link org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS}, that can be
- * used to allow the use of {@code DataSource}'s based on this class with JDBC driver implementations that do not
- * supply a {@code ConnectionPoolDataSource}, but still provide a {@link java.sql.Driver} implementation.
+ * used to allow the use of {@link DataSource}'s based on this class with JDBC driver implementations that do not
+ * supply a {@link ConnectionPoolDataSource}, but still provide a {@link java.sql.Driver} implementation.
*
*
*
@@ -111,32 +111,70 @@
/** Instance key */
private String instanceKey;
- // Pool properties
- private boolean defaultBlockWhenExhausted = BaseObjectPoolConfig.DEFAULT_BLOCK_WHEN_EXHAUSTED;
+ /** Pool property defaults to {@link BaseObjectPoolConfig#DEFAULT_BLOCK_WHEN_EXHAUSTED}. */
+ private volatile boolean defaultBlockWhenExhausted = BaseObjectPoolConfig.DEFAULT_BLOCK_WHEN_EXHAUSTED;
+
+ /** Pool property defaults to {@link BaseObjectPoolConfig#DEFAULT_EVICTION_POLICY_CLASS_NAME}. */
private String defaultEvictionPolicyClassName = BaseObjectPoolConfig.DEFAULT_EVICTION_POLICY_CLASS_NAME;
- private boolean defaultLifo = BaseObjectPoolConfig.DEFAULT_LIFO;
- private int defaultMaxIdle = GenericKeyedObjectPoolConfig.DEFAULT_MAX_IDLE_PER_KEY;
- private int defaultMaxTotal = GenericKeyedObjectPoolConfig.DEFAULT_MAX_TOTAL;
+
+ /** Pool property defaults to {@link BaseObjectPoolConfig#DEFAULT_LIFO}. */
+ private volatile boolean defaultLifo = BaseObjectPoolConfig.DEFAULT_LIFO;
+
+ /** Pool property defaults to {@link GenericKeyedObjectPoolConfig#DEFAULT_MAX_IDLE_PER_KEY}. */
+ private volatile int defaultMaxIdle = GenericKeyedObjectPoolConfig.DEFAULT_MAX_IDLE_PER_KEY;
+
+ /** Pool property defaults to {@link GenericKeyedObjectPoolConfig#DEFAULT_MAX_TOTAL}. */
+ private volatile int defaultMaxTotal = GenericKeyedObjectPoolConfig.DEFAULT_MAX_TOTAL;
+
+ /** Pool property defaults to {@link BaseObjectPoolConfig#DEFAULT_MAX_WAIT}. */
private Duration defaultMaxWaitDuration = BaseObjectPoolConfig.DEFAULT_MAX_WAIT;
+
+ /** Pool property defaults to {@link BaseObjectPoolConfig#DEFAULT_MIN_EVICTABLE_IDLE_DURATION}. */
private Duration defaultMinEvictableIdleDuration = BaseObjectPoolConfig.DEFAULT_MIN_EVICTABLE_IDLE_DURATION;
- private int defaultMinIdle = GenericKeyedObjectPoolConfig.DEFAULT_MIN_IDLE_PER_KEY;
- private int defaultNumTestsPerEvictionRun = BaseObjectPoolConfig.DEFAULT_NUM_TESTS_PER_EVICTION_RUN;
+
+ /** Pool property defaults to {@link GenericKeyedObjectPoolConfig#DEFAULT_MIN_IDLE_PER_KEY}. */
+ private volatile int defaultMinIdle = GenericKeyedObjectPoolConfig.DEFAULT_MIN_IDLE_PER_KEY;
+
+ /** Pool property defaults to {@link BaseObjectPoolConfig#DEFAULT_NUM_TESTS_PER_EVICTION_RUN}. */
+ private volatile int defaultNumTestsPerEvictionRun = BaseObjectPoolConfig.DEFAULT_NUM_TESTS_PER_EVICTION_RUN;
+
+ /** Pool property defaults to {@link BaseObjectPoolConfig#DEFAULT_SOFT_MIN_EVICTABLE_IDLE_DURATION}. */
private Duration defaultSoftMinEvictableIdleDuration = BaseObjectPoolConfig.DEFAULT_SOFT_MIN_EVICTABLE_IDLE_DURATION;
- private boolean defaultTestOnCreate = BaseObjectPoolConfig.DEFAULT_TEST_ON_CREATE;
- private boolean defaultTestOnBorrow = BaseObjectPoolConfig.DEFAULT_TEST_ON_BORROW;
- private boolean defaultTestOnReturn = BaseObjectPoolConfig.DEFAULT_TEST_ON_RETURN;
- private boolean defaultTestWhileIdle = BaseObjectPoolConfig.DEFAULT_TEST_WHILE_IDLE;
+
+ /** Pool property defaults to {@link BaseObjectPoolConfig#DEFAULT_TEST_ON_CREATE}. */
+ private volatile boolean defaultTestOnCreate = BaseObjectPoolConfig.DEFAULT_TEST_ON_CREATE;
+
+ /** Pool property defaults to {@link BaseObjectPoolConfig#DEFAULT_TEST_ON_BORROW}. */
+ private volatile boolean defaultTestOnBorrow = BaseObjectPoolConfig.DEFAULT_TEST_ON_BORROW;
+
+ /** Pool property defaults to {@link BaseObjectPoolConfig#DEFAULT_TEST_ON_RETURN}. */
+ private volatile boolean defaultTestOnReturn = BaseObjectPoolConfig.DEFAULT_TEST_ON_RETURN;
+
+ /** Pool property defaults to {@link BaseObjectPoolConfig#DEFAULT_TEST_WHILE_IDLE}. */
+ private volatile boolean defaultTestWhileIdle = BaseObjectPoolConfig.DEFAULT_TEST_WHILE_IDLE;
+
+ /** Pool property defaults to {@link BaseObjectPoolConfig#DEFAULT_DURATION_BETWEEN_EVICTION_RUNS}. */
private Duration defaultDurationBetweenEvictionRuns = BaseObjectPoolConfig.DEFAULT_DURATION_BETWEEN_EVICTION_RUNS;
- // Connection factory properties
+ /** Connection factory property defaults to null. */
private String validationQuery;
+
+ /** Connection factory property defaults to -1 seconds. */
private Duration validationQueryTimeoutDuration = Duration.ofSeconds(-1);
- private boolean rollbackAfterValidation;
+
+ /** Connection factory property defaults to false. */
+ private volatile boolean rollbackAfterValidation;
+
+ /** Connection factory property defaults to -1 milliseconds. */
private Duration maxConnDuration = Duration.ofMillis(-1);
- // Connection properties
+ /** Connection property defaults to false. */
private Boolean defaultAutoCommit;
- private int defaultTransactionIsolation = UNKNOWN_TRANSACTIONISOLATION;
+
+ /** Connection property defaults to {@link #UNKNOWN_TRANSACTIONISOLATION}. */
+ private volatile int defaultTransactionIsolation = UNKNOWN_TRANSACTIONISOLATION;
+
+ /** Connection property defaults to false. */
private Boolean defaultReadOnly;
/**
@@ -198,7 +236,7 @@
public Connection getConnection(final String userName, final String userPassword) throws SQLException {
if (instanceKey == null) {
throw new SQLException("Must set the ConnectionPoolDataSource "
- + "through setDataSourceName or setConnectionPoolDataSource" + " before calling getConnection.");
+ + "through setDataSourceName or setConnectionPoolDataSource before calling getConnection.");
}
getConnectionCalled = true;
PooledConnectionAndInfo info = null;
@@ -220,7 +258,7 @@
// Password has not changed, so refuse client, but return connection to the pool
closeDueToException(info);
throw new SQLException(
- "Given password did not match password used" + " to create the PooledConnection.", ex);
+ "Given password did not match password used to create the PooledConnection.", ex);
} catch (final javax.naming.NamingException ne) {
throw new SQLException("NamingException encountered connecting to database", ne);
}
@@ -233,7 +271,7 @@
// Destroy and remove from pool
manager.invalidate(info.getPooledConnection());
// Reset the password on the factory if using CPDSConnectionFactory
- manager.setPassword(upkey.getPassword());
+ manager.setPassword(upkey.getPasswordCharArray());
info = null;
for (int i = 0; i < 10; i++) { // Bound the number of retries - only needed if bad instances return
try {
@@ -269,6 +307,12 @@
}
}
+ /**
+ * Gets the pooled connection manager for the given key.
+ *
+ * @param upkey the key.
+ * @return the pooled connection manager for the given key.
+ */
protected abstract PooledConnectionManager getConnectionManager(UserPassKey upkey);
/**
@@ -416,11 +460,11 @@
}
/**
- * Gets the default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
- * GenericObjectPool#getSoftMinEvictableIdleTimeMillis()} for each per user pool.
+ * Gets the default value for {@link
+ * GenericObjectPool#getSoftMinEvictableIdleDuration()} for each per user pool.
*
- * @return The default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
- * GenericObjectPool#getSoftMinEvictableIdleTimeMillis()} for each per user pool.
+ * @return The default value for {@link
+ * GenericObjectPool#getSoftMinEvictableIdleDuration()} for each per user pool.
* @since 2.10.0
*/
public Duration getDefaultSoftMinEvictableIdleDuration() {
@@ -428,10 +472,10 @@
}
/**
- * Gets the default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * Gets the default value for {@link
* GenericObjectPool#getSoftMinEvictableIdleTimeMillis()} for each per user pool.
*
- * @return The default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * @return The default value for {@link
* GenericObjectPool#getSoftMinEvictableIdleTimeMillis()} for each per user pool.
* @deprecated Use {@link #getDefaultSoftMinEvictableIdleDuration()}.
*/
@@ -441,10 +485,10 @@
}
/**
- * Gets the default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * Gets the default value for {@link
* GenericObjectPool#getTestOnBorrow()} for each per user pool.
*
- * @return The default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * @return The default value for {@link
* GenericObjectPool#getTestOnBorrow()} for each per user pool.
*/
public boolean getDefaultTestOnBorrow() {
@@ -452,10 +496,10 @@
}
/**
- * Gets the default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * Gets the default value for {@link
* GenericObjectPool#getTestOnCreate()} for each per user pool.
*
- * @return The default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * @return The default value for {@link
* GenericObjectPool#getTestOnCreate()} for each per user pool.
*/
public boolean getDefaultTestOnCreate() {
@@ -463,10 +507,10 @@
}
/**
- * Gets the default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * Gets the default value for {@link
* GenericObjectPool#getTestOnReturn()} for each per user pool.
*
- * @return The default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * @return The default value for {@link
* GenericObjectPool#getTestOnReturn()} for each per user pool.
*/
public boolean getDefaultTestOnReturn() {
@@ -474,10 +518,10 @@
}
/**
- * Gets the default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * Gets the default value for {@link
* GenericObjectPool#getTestWhileIdle()} for each per user pool.
*
- * @return The default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * @return The default value for {@link
* GenericObjectPool#getTestWhileIdle()} for each per user pool.
*/
public boolean getDefaultTestWhileIdle() {
@@ -666,7 +710,7 @@
/**
* Gets the value of defaultAutoCommit, which defines the state of connections handed out from this pool. The value
* can be changed on the Connection using Connection.setAutoCommit(boolean). The default is {@code null} which
- * will use the default value for the drive.
+ * will use the default value for the driver.
*
* @return value of defaultAutoCommit.
*/
@@ -677,7 +721,7 @@
/**
* Gets the value of defaultReadOnly, which defines the state of connections handed out from this pool. The value
* can be changed on the Connection using Connection.setReadOnly(boolean). The default is {@code null} which
- * will use the default value for the drive.
+ * will use the default value for the driver.
*
* @return value of defaultReadOnly.
*/
@@ -686,7 +730,7 @@
}
/**
- * Whether a rollback will be issued after executing the SQL query that will be used to validate connections from
+ * Tests whether a rollback will be issued after executing the SQL query that will be used to validate connections from
* this pool before returning them to the caller.
*
* @return true if a rollback will be issued after executing the validation query
@@ -733,7 +777,7 @@
+ "set using setConnectionPoolDataSource.");
}
if (this.dataSourceName != null) {
- throw new IllegalStateException("The DataSourceName has already been set. " + "It cannot be altered.");
+ throw new IllegalStateException("The DataSourceName has already been set. It cannot be altered.");
}
this.dataSourceName = dataSourceName;
instanceKey = InstanceKeyDataSourceFactory.registerNewInstance(this);
@@ -742,7 +786,7 @@
/**
* Sets the value of defaultAutoCommit, which defines the state of connections handed out from this pool. The value
* can be changed on the Connection using Connection.setAutoCommit(boolean). The default is {@code null} which
- * will use the default value for the drive.
+ * will use the default value for the driver.
*
* @param defaultAutoCommit
* Value to assign to defaultAutoCommit.
@@ -902,7 +946,7 @@
/**
* Sets the value of defaultReadOnly, which defines the state of connections handed out from this pool. The value
* can be changed on the Connection using Connection.setReadOnly(boolean). The default is {@code null} which
- * will use the default value for the drive.
+ * will use the default value for the driver.
*
* @param defaultReadOnly
* Value to assign to defaultReadOnly.
@@ -913,12 +957,12 @@
}
/**
- * Sets the default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
- * GenericObjectPool#getSoftMinEvictableIdleTimeMillis()} for each per user pool.
+ * Sets the default value for {@link
+ * GenericObjectPool#getSoftMinEvictableIdleDuration()} for each per user pool.
*
* @param defaultSoftMinEvictableIdleDuration
- * The default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
- * GenericObjectPool#getSoftMinEvictableIdleTimeMillis()} for each per user pool.
+ * The default value for {@link
+ * GenericObjectPool#getSoftMinEvictableIdleDuration()} for each per user pool.
* @since 2.10.0
*/
public void setDefaultSoftMinEvictableIdle(final Duration defaultSoftMinEvictableIdleDuration) {
@@ -927,11 +971,11 @@
}
/**
- * Sets the default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * Sets the default value for {@link
* GenericObjectPool#getSoftMinEvictableIdleTimeMillis()} for each per user pool.
*
* @param softMinEvictableIdleTimeMillis
- * The default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * The default value for {@link
* GenericObjectPool#getSoftMinEvictableIdleTimeMillis()} for each per user pool.
* @deprecated Use {@link #setDefaultSoftMinEvictableIdle(Duration)}.
*/
@@ -942,11 +986,11 @@
}
/**
- * Sets the default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * Sets the default value for {@link
* GenericObjectPool#getTestOnBorrow()} for each per user pool.
*
* @param testOnBorrow
- * The default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * The default value for {@link
* GenericObjectPool#getTestOnBorrow()} for each per user pool.
*/
public void setDefaultTestOnBorrow(final boolean testOnBorrow) {
@@ -955,11 +999,11 @@
}
/**
- * Sets the default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * Sets the default value for {@link
* GenericObjectPool#getTestOnCreate()} for each per user pool.
*
* @param testOnCreate
- * The default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * The default value for {@link
* GenericObjectPool#getTestOnCreate()} for each per user pool.
*/
public void setDefaultTestOnCreate(final boolean testOnCreate) {
@@ -968,11 +1012,11 @@
}
/**
- * Sets the default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * Sets the default value for {@link
* GenericObjectPool#getTestOnReturn()} for each per user pool.
*
* @param testOnReturn
- * The default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * The default value for {@link
* GenericObjectPool#getTestOnReturn()} for each per user pool.
*/
public void setDefaultTestOnReturn(final boolean testOnReturn) {
@@ -981,11 +1025,11 @@
}
/**
- * Sets the default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * Sets the default value for {@link
* GenericObjectPool#getTestWhileIdle()} for each per user pool.
*
* @param testWhileIdle
- * The default value for {@link org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool
+ * The default value for {@link
* GenericObjectPool#getTestWhileIdle()} for each per user pool.
*/
public void setDefaultTestWhileIdle(final boolean testWhileIdle) {
@@ -1017,14 +1061,14 @@
public void setDefaultTransactionIsolation(final int defaultTransactionIsolation) {
assertInitializationAllowed();
switch (defaultTransactionIsolation) {
- case Connection.TRANSACTION_NONE:
- case Connection.TRANSACTION_READ_COMMITTED:
- case Connection.TRANSACTION_READ_UNCOMMITTED:
- case Connection.TRANSACTION_REPEATABLE_READ:
- case Connection.TRANSACTION_SERIALIZABLE:
- break;
- default:
- throw new IllegalArgumentException(BAD_TRANSACTION_ISOLATION);
+ case Connection.TRANSACTION_NONE:
+ case Connection.TRANSACTION_READ_COMMITTED:
+ case Connection.TRANSACTION_READ_UNCOMMITTED:
+ case Connection.TRANSACTION_REPEATABLE_READ:
+ case Connection.TRANSACTION_SERIALIZABLE:
+ break;
+ default:
+ throw new IllegalArgumentException(BAD_TRANSACTION_ISOLATION);
}
this.defaultTransactionIsolation = defaultTransactionIsolation;
}
@@ -1143,7 +1187,7 @@
}
/**
- * Whether a rollback will be issued after executing the SQL query that will be used to validate connections from
+ * Sets whether a rollback will be issued after executing the SQL query that will be used to validate connections from
* this pool before returning them to the caller. Default behavior is NOT to issue a rollback. The setting will only
* have an effect if a validation query is set
*
@@ -1155,6 +1199,13 @@
this.rollbackAfterValidation = rollbackAfterValidation;
}
+ /**
+ * Sets up the defaults for a given connection.
+ *
+ * @param connection The target connection.
+ * @param userName The user name for the connection.
+ * @throws SQLException if a database access error occurs or this method is called on a closed connection
+ */
protected abstract void setupDefaults(Connection connection, String userName) throws SQLException;
/**
@@ -1193,9 +1244,18 @@
this.validationQueryTimeoutDuration = Duration.ofSeconds(validationQueryTimeoutSeconds);
}
+ /**
+ * Tests and returns whether a JNDI context can be created to lookup a ConnectionPoolDataSource to then access a PooledConnection connection.
+ *
+ * @param userName An optional user name, may be null.
+ * @param userPassword An optional user user password, may be null.
+ * @return A ConnectionPoolDataSource from a JNDI context.
+ * @throws javax.naming.NamingException if a naming exception is encountered.
+ * @throws SQLException if a ConnectionPoolDataSource or PooledConnection is not available.
+ */
protected ConnectionPoolDataSource testCPDS(final String userName, final String userPassword)
throws javax.naming.NamingException, SQLException {
- // The source of physical db connections
+ // The source of physical database connections
ConnectionPoolDataSource cpds = this.dataSource;
if (cpds == null) {
Context ctx = null;
@@ -1206,12 +1266,11 @@
}
final Object ds = ctx.lookup(dataSourceName);
if (!(ds instanceof ConnectionPoolDataSource)) {
- throw new SQLException("Illegal configuration: " + "DataSource " + dataSourceName + " ("
- + ds.getClass().getName() + ")" + " doesn't implement javax.sql.ConnectionPoolDataSource");
+ throw new SQLException("Illegal configuration: DataSource " + dataSourceName + " ("
+ + ds.getClass().getName() + ") doesn't implement javax.sql.ConnectionPoolDataSource");
}
cpds = (ConnectionPoolDataSource) ds;
}
-
// try to get a connection with the supplied userName/password
PooledConnection conn = null;
try {
@@ -1247,6 +1306,11 @@
return builder.toString();
}
+ /**
+ * Appends this instance's fields to a string builder.
+ *
+ * @param builder the target string builder.
+ */
protected void toStringFields(final StringBuilder builder) {
builder.append("getConnectionCalled=");
builder.append(getConnectionCalled);
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/InstanceKeyDataSourceFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/InstanceKeyDataSourceFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/InstanceKeyDataSourceFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/InstanceKeyDataSourceFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -37,7 +37,7 @@
import org.apache.tomcat.dbcp.dbcp2.Utils;
/**
- * A JNDI ObjectFactory which creates {@code SharedPoolDataSource}s or {@code PerUserPoolDataSource}s
+ * A JNDI ObjectFactory which creates {@link SharedPoolDataSource}s or {@link PerUserPoolDataSource}s
*
* @since 2.0
*/
@@ -116,7 +116,7 @@
}
}
- private Boolean booleanValueOf(RefAddr refAddr) {
+ private Boolean booleanValueOf(final RefAddr refAddr) {
return Boolean.valueOf(toString(refAddr));
}
@@ -340,11 +340,11 @@
}
}
- private Duration toDurationFromMillis(RefAddr refAddr) {
+ private Duration toDurationFromMillis(final RefAddr refAddr) {
return Duration.ofMillis(parseLong(refAddr));
}
- private Duration toDurationFromSeconds(RefAddr refAddr) {
+ private Duration toDurationFromSeconds(final RefAddr refAddr) {
return Duration.ofSeconds(parseInt(refAddr));
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/KeyedCPDSConnectionFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/KeyedCPDSConnectionFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/KeyedCPDSConnectionFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/KeyedCPDSConnectionFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -17,21 +17,14 @@
package org.apache.tomcat.dbcp.dbcp2.datasources;
import java.sql.Connection;
-import java.sql.ResultSet;
import java.sql.SQLException;
-import java.sql.Statement;
import java.time.Duration;
-import java.util.Collections;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
import javax.sql.ConnectionEvent;
import javax.sql.ConnectionEventListener;
import javax.sql.ConnectionPoolDataSource;
import javax.sql.PooledConnection;
-import org.apache.tomcat.dbcp.dbcp2.Utils;
import org.apache.tomcat.dbcp.pool2.KeyedObjectPool;
import org.apache.tomcat.dbcp.pool2.KeyedPooledObjectFactory;
import org.apache.tomcat.dbcp.pool2.PooledObject;
@@ -42,31 +35,14 @@
*
* @since 2.0
*/
-final class KeyedCPDSConnectionFactory implements KeyedPooledObjectFactory,
- ConnectionEventListener, PooledConnectionManager {
+final class KeyedCPDSConnectionFactory extends AbstractConnectionFactory
+ implements KeyedPooledObjectFactory, ConnectionEventListener, PooledConnectionManager {
- private static final String NO_KEY_MESSAGE = "close() was called on a Connection, but "
- + "I have no record of the underlying PooledConnection.";
-
- private final ConnectionPoolDataSource cpds;
- private final String validationQuery;
- private final Duration validationQueryTimeoutDuration;
- private final boolean rollbackAfterValidation;
+ private static final String NO_KEY_MESSAGE = "close() was called on a Connection, but I have no record of the underlying PooledConnection.";
private KeyedObjectPool pool;
- private Duration maxConnLifetime = Duration.ofMillis(-1);
-
- /**
- * Map of PooledConnections for which close events are ignored. Connections are muted when they are being validated.
- */
- private final Set validatingSet = Collections.newSetFromMap(new ConcurrentHashMap<>());
-
- /**
- * Map of PooledConnectionAndInfo instances
- */
- private final Map pcMap = new ConcurrentHashMap<>();
/**
- * Creates a new {@code KeyedPoolableConnectionFactory}.
+ * Creates a new {@code KeyedCPDSConnectionFactory}.
*
* @param cpds
* the ConnectionPoolDataSource from which to obtain PooledConnections
@@ -74,44 +50,20 @@
* a query to use to {@link #validateObject validate} {@link Connection}s. Should return at least one
* row. May be {@code null} in which case3 {@link Connection#isValid(int)} will be used to validate
* connections.
- * @param validationQueryTimeoutSeconds
+ * @param validationQueryTimeoutDuration
* The Duration to allow for the validation query to complete
* @param rollbackAfterValidation
* whether a rollback should be issued after {@link #validateObject validating} {@link Connection}s.
* @since 2.10.0
*/
KeyedCPDSConnectionFactory(final ConnectionPoolDataSource cpds, final String validationQuery,
- final Duration validationQueryTimeoutSeconds, final boolean rollbackAfterValidation) {
- this.cpds = cpds;
- this.validationQuery = validationQuery;
- this.validationQueryTimeoutDuration = validationQueryTimeoutSeconds;
- this.rollbackAfterValidation = rollbackAfterValidation;
- }
-
- /**
- * Creates a new {@code KeyedPoolableConnectionFactory}.
- *
- * @param cpds
- * the ConnectionPoolDataSource from which to obtain PooledConnections
- * @param validationQuery
- * a query to use to {@link #validateObject validate} {@link Connection}s. Should return at least one
- * row. May be {@code null} in which case3 {@link Connection#isValid(int)} will be used to validate
- * connections.
- * @param validationQueryTimeoutSeconds
- * The time, in seconds, to allow for the validation query to complete
- * @param rollbackAfterValidation
- * whether a rollback should be issued after {@link #validateObject validating} {@link Connection}s.
- * @deprecated Use {@link #KeyedCPDSConnectionFactory(ConnectionPoolDataSource, String, Duration, boolean)}.
- */
- @Deprecated
- KeyedCPDSConnectionFactory(final ConnectionPoolDataSource cpds, final String validationQuery,
- final int validationQueryTimeoutSeconds, final boolean rollbackAfterValidation) {
- this(cpds, validationQuery, Duration.ofSeconds(validationQueryTimeoutSeconds), rollbackAfterValidation);
+ final Duration validationQueryTimeoutDuration, final boolean rollbackAfterValidation) {
+ super(cpds, validationQuery, validationQueryTimeoutDuration, rollbackAfterValidation);
}
@Override
- public void activateObject(final UserPassKey key, final PooledObject p) throws SQLException {
- validateLifetime(p);
+ public void activateObject(final UserPassKey ignored, final PooledObject pooledObject) throws SQLException {
+ validateLifetime(pooledObject);
}
/**
@@ -146,7 +98,7 @@
try {
pool.returnObject(pci.getUserPassKey(), pci);
} catch (final Exception e) {
- System.err.println("CLOSING DOWN CONNECTION AS IT COULD " + "NOT BE RETURNED TO THE POOL");
+ System.err.println("CLOSING DOWN CONNECTION AS IT COULD NOT BE RETURNED TO THE POOL");
pc.removeConnectionEventListener(this);
try {
pool.invalidateObject(pci.getUserPassKey(), pci);
@@ -185,8 +137,8 @@
* Closes the PooledConnection and stops listening for events from it.
*/
@Override
- public void destroyObject(final UserPassKey key, final PooledObject p) throws SQLException {
- final PooledConnection pooledConnection = p.getObject().getPooledConnection();
+ public void destroyObject(final UserPassKey ignored, final PooledObject pooledObject) throws SQLException {
+ final PooledConnection pooledConnection = pooledObject.getObject().getPooledConnection();
pooledConnection.removeConnectionEventListener(this);
pcMap.remove(pooledConnection);
pooledConnection.close();
@@ -241,62 +193,28 @@
} else {
pooledConnection = cpds.getPooledConnection(userName, password);
}
-
if (pooledConnection == null) {
throw new IllegalStateException("Connection pool data source returned null from getPooledConnection");
}
-
// should we add this object as a listener or the pool.
// consider the validateObject method in decision
pooledConnection.addConnectionEventListener(this);
final PooledConnectionAndInfo pci = new PooledConnectionAndInfo(pooledConnection, userPassKey);
pcMap.put(pooledConnection, pci);
-
return new DefaultPooledObject<>(pci);
}
@Override
- public void passivateObject(final UserPassKey key, final PooledObject p) throws SQLException {
- validateLifetime(p);
- }
-
- /**
- * Sets the maximum lifetime of a connection after which the connection will always fail activation,
- * passivation and validation.
- *
- * @param maxConnLifetimeMillis
- * A value of zero or less indicates an infinite lifetime. The default value is -1 milliseconds.
- * @since 2.10.0
- */
- public void setMaxConn(final Duration maxConnLifetimeMillis) {
- this.maxConnLifetime = maxConnLifetimeMillis;
+ public void passivateObject(final UserPassKey ignored, final PooledObject pooledObject) throws SQLException {
+ validateLifetime(pooledObject);
}
/**
- * Sets the maximum lifetime of a connection after which the connection will always fail activation,
- * passivation and validation.
- *
- * @param maxConnLifetimeMillis
- * A value of zero or less indicates an infinite lifetime. The default value is -1 milliseconds.
- * @since 2.9.0
- * @deprecated Use {@link #setMaxConn(Duration)}.
+ * Does nothing. This factory does not cache user credentials.
*/
- @Deprecated
- public void setMaxConnLifetime(final Duration maxConnLifetimeMillis) {
- this.maxConnLifetime = maxConnLifetimeMillis;
- }
-
- /**
- * Sets the maximum lifetime in milliseconds of a connection after which the connection will always fail activation,
- * passivation and validation.
- *
- * @param maxConnLifetimeMillis
- * A value of zero or less indicates an infinite lifetime. The default value is -1.
- * @deprecated Use {@link #setMaxConnLifetime(Duration)}.
- */
- @Deprecated
- public void setMaxConnLifetimeMillis(final long maxConnLifetimeMillis) {
- setMaxConn(Duration.ofMillis(maxConnLifetimeMillis));
+ @Override
+ public void setPassword(final char[] password) {
+ // Does nothing. This factory does not cache user credentials.
}
/**
@@ -311,69 +229,21 @@
this.pool = pool;
}
- private void validateLifetime(final PooledObject pooledObject) throws SQLException {
- Utils.validateLifetime(pooledObject, maxConnLifetime);
- }
-
/**
* Validates a pooled connection.
+ *
+ * A query validation timeout greater than 0 and less than 1 second is converted to 1 second.
+ *
*
- * @param key
+ * @param ignored
* ignored
* @param pooledObject
* wrapped {@code PooledConnectionAndInfo} containing the connection to validate
* @return true if validation succeeds
+ * @throws ArithmeticException if the query validation timeout does not fit as seconds in an int.
*/
@Override
- public boolean validateObject(final UserPassKey key, final PooledObject pooledObject) {
- try {
- validateLifetime(pooledObject);
- } catch (final Exception e) {
- return false;
- }
- boolean valid = false;
- final PooledConnection pooledConn = pooledObject.getObject().getPooledConnection();
- Connection conn = null;
- validatingSet.add(pooledConn);
- if (null == validationQuery) {
- Duration timeoutDuration = validationQueryTimeoutDuration;
- if (timeoutDuration.isNegative()) {
- timeoutDuration = Duration.ZERO;
- }
- try {
- conn = pooledConn.getConnection();
- valid = conn.isValid((int) timeoutDuration.getSeconds());
- } catch (final SQLException e) {
- valid = false;
- } finally {
- Utils.closeQuietly((AutoCloseable) conn);
- validatingSet.remove(pooledConn);
- }
- } else {
- Statement stmt = null;
- ResultSet rset = null;
- // logical Connection from the PooledConnection must be closed
- // before another one can be requested and closing it will
- // generate an event. Keep track so we know not to return
- // the PooledConnection
- validatingSet.add(pooledConn);
- try {
- conn = pooledConn.getConnection();
- stmt = conn.createStatement();
- rset = stmt.executeQuery(validationQuery);
- valid = rset.next();
- if (rollbackAfterValidation) {
- conn.rollback();
- }
- } catch (final Exception e) {
- valid = false;
- } finally {
- Utils.closeQuietly((AutoCloseable) rset);
- Utils.closeQuietly((AutoCloseable) stmt);
- Utils.closeQuietly((AutoCloseable) conn);
- validatingSet.remove(pooledConn);
- }
- }
- return valid;
+ public boolean validateObject(final UserPassKey ignored, final PooledObject pooledObject) {
+ return super.validateObject(pooledObject);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -30,6 +30,7 @@
import javax.naming.Reference;
import javax.naming.StringRefAddr;
import javax.sql.ConnectionPoolDataSource;
+import javax.sql.DataSource;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -41,7 +42,7 @@
/**
*
- * A pooling {@code DataSource} appropriate for deployment within J2EE environment. There are many configuration
+ * A pooling {@link DataSource} appropriate for deployment within J2EE environment. There are many configuration
* options, most of which are defined in the parent class. This datasource uses individual pools per user, and some
* properties can be set specifically for a given user, if the deployment environment can support initialization of
* mapped properties. So for example, a pool of admin or write-access Connections can be guaranteed a certain number of
@@ -641,7 +642,7 @@
}
/**
- * Returns a {@code PerUserPoolDataSource} {@link Reference}.
+ * Returns a {@link PerUserPoolDataSource} {@link Reference}.
*/
@Override
public Reference getReference() throws NamingException {
@@ -684,7 +685,7 @@
// the factory with the pool, so we do not have to do so
// explicitly)
final CPDSConnectionFactory factory = new CPDSConnectionFactory(cpds, getValidationQuery(), getValidationQueryTimeoutDuration(),
- isRollbackAfterValidation(), userName, password);
+ isRollbackAfterValidation(), userName, Utils.toCharArray(password));
factory.setMaxConn(getMaxConnDuration());
// Create an object pool to contain our PooledConnections
final GenericObjectPool pool = new GenericObjectPool<>(factory);
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -24,13 +24,20 @@
import javax.naming.Reference;
/**
- * A JNDI ObjectFactory which creates {@code SharedPoolDataSource}s
+ * A JNDI ObjectFactory which creates {@link SharedPoolDataSource}s
*
* @since 2.0
*/
public class PerUserPoolDataSourceFactory extends InstanceKeyDataSourceFactory {
private static final String PER_USER_POOL_CLASSNAME = PerUserPoolDataSource.class.getName();
+ /**
+ * Constructs a new instance.
+ */
+ public PerUserPoolDataSourceFactory() {
+ // empty
+ }
+
@SuppressWarnings("unchecked") // Avoid warnings on deserialization
@Override
protected InstanceKeyDataSource getNewInstance(final Reference ref) throws IOException, ClassNotFoundException {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/PoolKey.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/PoolKey.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/PoolKey.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/PoolKey.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -40,10 +40,7 @@
if (this == obj) {
return true;
}
- if (obj == null) {
- return false;
- }
- if (getClass() != obj.getClass()) {
+ if (obj == null || getClass() != obj.getClass()) {
return false;
}
final PoolKey other = (PoolKey) obj;
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/PooledConnectionAndInfo.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/PooledConnectionAndInfo.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/PooledConnectionAndInfo.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/PooledConnectionAndInfo.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/PooledConnectionManager.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/PooledConnectionManager.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/PooledConnectionManager.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/PooledConnectionManager.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -14,6 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+
package org.apache.tomcat.dbcp.dbcp2.datasources;
import java.sql.SQLException;
@@ -31,9 +32,9 @@
* Closes the connection pool associated with the given user.
*
* @param userName
- * user name
+ * user name.
* @throws SQLException
- * if an error occurs closing idle connections in the pool
+ * if an error occurs closing idle connections in the pool.
*/
void closePool(String userName) throws SQLException;
@@ -41,27 +42,27 @@
* Closes the PooledConnection and remove it from the connection pool to which it belongs, adjusting pool counters.
*
* @param pc
- * PooledConnection to be invalidated
+ * PooledConnection to be invalidated.
* @throws SQLException
- * if an SQL error occurs closing the connection
+ * if an SQL error occurs closing the connection.
*/
void invalidate(PooledConnection pc) throws SQLException;
-// /**
-// * Sets the database password used when creating connections.
-// *
-// * @param password password used when authenticating to the database
-// * @since 2.10.0
-// */
-// default void setPassword(char[] password) {
-// setPassword(String.copyValueOf(password));
-// }
+ /**
+ * Sets the database password used when creating connections.
+ *
+ * @param password password used when authenticating to the database.
+ * @since 2.14.0
+ */
+ default void setPassword(final char[] password) {
+ setPassword(String.copyValueOf(password));
+ }
/**
* Sets the database password used when creating connections.
*
* @param password
- * password used when authenticating to the database
+ * password used when authenticating to the database.
*/
void setPassword(String password);
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSource.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSource.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSource.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSource.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -25,6 +25,7 @@
import javax.naming.Reference;
import javax.naming.StringRefAddr;
import javax.sql.ConnectionPoolDataSource;
+import javax.sql.DataSource;
import org.apache.tomcat.dbcp.pool2.KeyedObjectPool;
import org.apache.tomcat.dbcp.pool2.impl.GenericKeyedObjectPool;
@@ -32,7 +33,7 @@
/**
*
- * A pooling {@code DataSource} appropriate for deployment within J2EE environment. There are many configuration
+ * A pooling {@link DataSource} appropriate for deployment within J2EE environment. There are many configuration
* options, most of which are defined in the parent class. All users (based on user name) share a single maximum number
* of Connections in this data source.
*
@@ -54,7 +55,7 @@
/**
* Max total defaults to {@link GenericKeyedObjectPoolConfig#DEFAULT_MAX_TOTAL}.
*/
- private int maxTotal = GenericKeyedObjectPoolConfig.DEFAULT_MAX_TOTAL;
+ private volatile int maxTotal = GenericKeyedObjectPoolConfig.DEFAULT_MAX_TOTAL;
/**
* Maps user credentials to pooled connection with credentials.
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -20,7 +20,7 @@
import javax.naming.Reference;
/**
- * A JNDI ObjectFactory which creates {@code SharedPoolDataSource}s
+ * A JNDI ObjectFactory which creates {@link SharedPoolDataSource}s
*
* @since 2.0
*/
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/UserPassKey.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/UserPassKey.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/UserPassKey.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/UserPassKey.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -26,7 +26,7 @@
* Holds a user name and password pair. Serves as a poolable object key for the {@link KeyedObjectPool} backing a
* {@link SharedPoolDataSource}. Two instances with the same user name are considered equal. This ensures that there
* will be only one keyed pool for each user in the pool. The password is used (along with the user name) by the
- * {@code KeyedCPDSConnectionFactory} when creating new connections.
+ * {@link KeyedCPDSConnectionFactory} when creating new connections.
*
*
*
@@ -60,6 +60,17 @@
}
/**
+ * Clears the content of the name and password.
+ *
+ * @return {@code this} instance.
+ */
+ UserPassKey clear() {
+ name.clear();
+ password.clear();
+ return this;
+ }
+
+ /**
* Only takes the user name into account.
*/
@Override
@@ -67,10 +78,7 @@
if (this == obj) {
return true;
}
- if (obj == null) {
- return false;
- }
- if (getClass() != obj.getClass()) {
+ if (obj == null || getClass() != obj.getClass()) {
return false;
}
final UserPassKey other = (UserPassKey) obj;
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/package-info.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/package-info.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/datasources/package-info.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/datasources/package-info.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/BasicManagedDataSource.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/BasicManagedDataSource.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/BasicManagedDataSource.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/BasicManagedDataSource.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -67,8 +67,15 @@
/** Transaction Synchronization Registry */
private transient TransactionSynchronizationRegistry transactionSynchronizationRegistry;
+ /**
+ * Constructs a new instance.
+ */
+ public BasicManagedDataSource() {
+ // empty
+ }
+
@Override
- protected ConnectionFactory createConnectionFactory() throws SQLException {
+ protected synchronized ConnectionFactory createConnectionFactory() throws SQLException {
if (transactionManager == null) {
throw new SQLException("Transaction manager must be set before a connection can be created");
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -158,15 +158,35 @@
@Override
public Connection createConnection() throws SQLException {
// create a new XAConnection
- final XAConnection xaConnection;
- if (userName == null) {
- xaConnection = xaDataSource.getXAConnection();
- } else {
- xaConnection = xaDataSource.getXAConnection(userName, Utils.toString(userPassword));
+ XAConnection xaConnection = null;
+ Connection connection = null;
+ final XAResource xaResource;
+ try {
+ if (userName == null) {
+ xaConnection = xaDataSource.getXAConnection();
+ } else {
+ xaConnection = xaDataSource.getXAConnection(userName, Utils.toString(userPassword));
+ }
+ // get the real connection and XAResource from the connection
+ connection = xaConnection.getConnection();
+ xaResource = xaConnection.getXAResource();
+ } catch (final SQLException sqle) {
+ if (connection != null) {
+ try {
+ connection.close();
+ } catch (final SQLException ignored) {
+ // Ignore
+ }
+ }
+ if (xaConnection != null) {
+ try {
+ xaConnection.close();
+ } catch (final SQLException ignored) {
+ // Ignore
+ }
+ }
+ throw sqle;
}
- // get the real connection and XAResource from the connection
- final Connection connection = xaConnection.getConnection();
- final XAResource xaResource = xaConnection.getXAResource();
// register the XA resource for the connection
transactionRegistry.registerConnection(connection, xaResource);
// The Connection we're returning is a handle on the XAConnection.
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/LocalXAConnectionFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/LocalXAConnectionFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/LocalXAConnectionFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/LocalXAConnectionFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -103,7 +103,7 @@
connection.commit();
}
} catch (final SQLException e) {
- throw (XAException) new XAException().initCause(e);
+ throw newXAException("Commit failed.", e);
} finally {
try {
connection.setAutoCommit(originalAutoCommit);
@@ -180,6 +180,10 @@
return this == xaResource;
}
+ private XAException newXAException(final String message, final SQLException cause) {
+ return (XAException) new XAException(message).initCause(cause);
+ }
+
/**
* This method does nothing since the LocalXAConnection does not support two-phase-commit. This method will
* return XAResource.XA_RDONLY if the connection isReadOnly(). This assumes that the physical connection is
@@ -242,7 +246,7 @@
try {
connection.rollback();
} catch (final SQLException e) {
- throw (XAException) new XAException().initCause(e);
+ throw newXAException("Rollback failed.", e);
} finally {
try {
connection.setAutoCommit(originalAutoCommit);
@@ -282,12 +286,10 @@
public synchronized void start(final Xid xid, final int flag) throws XAException {
if (flag == TMNOFLAGS) {
// first time in this transaction
-
// make sure we aren't already in another tx
if (this.currentXid != null) {
throw new XAException("Already enlisted in another transaction with xid " + xid);
}
-
// save off the current auto commit flag, so it can be restored after the transaction completes
try {
originalAutoCommit = connection.getAutoCommit();
@@ -295,20 +297,16 @@
// no big deal, just assume it was off
originalAutoCommit = true;
}
-
// update the auto commit flag
try {
connection.setAutoCommit(false);
} catch (final SQLException e) {
- throw (XAException) new XAException("Count not turn off auto commit for a XA transaction")
- .initCause(e);
+ throw newXAException("Count not turn off auto commit for a XA transaction", e);
}
-
this.currentXid = xid;
} else if (flag == TMRESUME) {
if (!xid.equals(this.currentXid)) {
- throw new XAException("Attempting to resume in different transaction: expected " + this.currentXid
- + ", but was " + xid);
+ throw new XAException("Attempting to resume in different transaction: expected " + this.currentXid + ", but was " + xid);
}
} else {
throw new XAException("Unknown start flag " + flag);
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/ManagedConnection.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/ManagedConnection.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/ManagedConnection.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/ManagedConnection.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -51,6 +51,14 @@
* @since 2.0
*/
protected class CompletionListener implements TransactionContextListener {
+
+ /**
+ * Constructs a new instance.
+ */
+ public CompletionListener() {
+ // empty
+ }
+
@Override
public void afterCompletion(final TransactionContext completedContext, final boolean committed) {
if (completedContext == transactionContext) {
@@ -207,27 +215,23 @@
lock.lock();
try {
transactionContext.completeTransaction();
+ // If we were using a shared connection, clear the reference now that
+ // the transaction has completed
+ if (isSharedConnection) {
+ setDelegate(null);
+ isSharedConnection = false;
+ }
} finally {
lock.unlock();
}
-
- // If we were using a shared connection, clear the reference now that
- // the transaction has completed
- if (isSharedConnection) {
- setDelegate(null);
- isSharedConnection = false;
- }
-
// autoCommit may have been changed directly on the underlying connection
clearCachedState();
-
// If this connection was closed during the transaction and there is
// still a delegate present close it
final Connection delegate = getDelegateInternal();
if (isClosedInternal() && delegate != null) {
try {
setDelegate(null);
-
if (!delegate.isClosed()) {
delegate.close();
}
@@ -253,15 +257,12 @@
// our listener is called. In that rare case, trigger the transaction complete call now
transactionComplete();
}
-
// the existing transaction context ended (or we didn't have one), get the active transaction context
transactionContext = transactionRegistry.getActiveTransactionContext();
-
// if there is an active transaction context, and it already has a shared connection, use it
if (transactionContext != null && transactionContext.getSharedConnection() != null) {
// A connection for the connection factory has already been enrolled
// in the transaction, replace our delegate with the enrolled connection
-
// return current connection to the pool
final C connection = getDelegateInternal();
setDelegate(null);
@@ -277,17 +278,14 @@
}
}
}
-
// add a listener to the transaction context
transactionContext.addTransactionContextListener(new CompletionListener());
-
// Set our delegate to the shared connection. Note that this will
// always be of type C since it has been shared by another
// connection from the same pool.
@SuppressWarnings("unchecked")
final C shared = (C) transactionContext.getSharedConnection();
setDelegate(shared);
-
// remember that we are using a shared connection, so it can be cleared after the
// transaction completes
isSharedConnection = true;
@@ -303,12 +301,10 @@
throw new SQLException("Unable to acquire a new connection from the pool", e);
}
}
-
// if we have a transaction, out delegate becomes the shared delegate
if (transactionContext != null) {
// add a listener to the transaction context
transactionContext.addTransactionContextListener(new CompletionListener());
-
// register our connection as the shared connection
try {
transactionContext.setSharedConnection(connection);
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/ManagedDataSource.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/ManagedDataSource.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/ManagedDataSource.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/ManagedDataSource.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/PoolableManagedConnection.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/PoolableManagedConnection.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/PoolableManagedConnection.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/PoolableManagedConnection.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/PoolableManagedConnectionFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/PoolableManagedConnectionFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/PoolableManagedConnectionFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/PoolableManagedConnectionFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/SynchronizationAdapter.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/SynchronizationAdapter.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/SynchronizationAdapter.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/SynchronizationAdapter.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/TransactionContext.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/TransactionContext.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/TransactionContext.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/TransactionContext.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/TransactionContextListener.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/TransactionContextListener.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/TransactionContextListener.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/TransactionContextListener.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/TransactionRegistry.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/TransactionRegistry.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/TransactionRegistry.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/TransactionRegistry.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/XAConnectionFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/XAConnectionFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/XAConnectionFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/XAConnectionFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/package-info.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/package-info.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/managed/package-info.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/managed/package-info.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -29,7 +29,6 @@
* transaction is committed or rolled back the enlisted connections are
* committed or rolled back.
*
- *
*
* This package supports full XADataSources and non-XA data sources using
* local transaction semantics. non-XA data sources commit and rollback as
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/package-info.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/package-info.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/dbcp2/package-info.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/dbcp2/package-info.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/BaseObject.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/BaseObject.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/BaseObject.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/BaseObject.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -23,6 +23,13 @@
*/
public abstract class BaseObject {
+ /**
+ * Constructs a new instance.
+ */
+ public BaseObject() {
+ // empty
+ }
+
@Override
public String toString() {
final StringBuilder builder = new StringBuilder();
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/BaseObjectPool.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -33,6 +33,13 @@
private volatile boolean closed;
/**
+ * Constructs a new instance.
+ */
+ public BaseObjectPool() {
+ // empty
+ }
+
+ /**
* Not supported in this base implementation. Subclasses should override
* this behavior.
*
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/DestroyMode.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/DestroyMode.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/DestroyMode.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/DestroyMode.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/KeyedObjectPool.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/KeyedObjectPool.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/KeyedObjectPool.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/KeyedObjectPool.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/KeyedPooledObjectFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/KeyedPooledObjectFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/KeyedPooledObjectFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/KeyedPooledObjectFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -62,7 +62,7 @@
* While clients of a {@link KeyedObjectPool} borrow and return instances of
* the underlying value type V, the factory methods act on instances of
* {@link PooledObject PooledObject<V>}. These are the object wrappers that
- * pools use to track and maintain state informations about the objects that
+ * pools use to track and maintain state information about the objects that
* they manage.
*
*
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/ObjectPool.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/ObjectPool.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/ObjectPool.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/ObjectPool.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -23,6 +23,7 @@
import java.util.Map;
import java.util.Timer;
import java.util.TimerTask;
+import java.util.concurrent.locks.ReentrantLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock.ReadLock;
import java.util.concurrent.locks.ReentrantReadWriteLock.WriteLock;
@@ -46,6 +47,9 @@
* frequently.
*/
private static final class ErodingFactor {
+
+ private static final float MAX_INTERVAL = 15f;
+
/** Determines frequency of "erosion" events */
private final float factor;
@@ -53,7 +57,9 @@
private transient volatile long nextShrinkMillis;
/** High water mark - largest numIdle encountered */
- private transient volatile int idleHighWaterMark;
+ private transient volatile int idleHighWaterMark = 1;
+
+ private final ReentrantLock lock = new ReentrantLock();
/**
* Creates a new ErodingFactor with the given erosion factor.
@@ -61,10 +67,9 @@
* @param factor
* erosion factor
*/
- ErodingFactor(final float factor) {
+ private ErodingFactor(final float factor) {
this.factor = factor;
- nextShrinkMillis = System.currentTimeMillis() + (long) (900000 * factor); // now + 15 min * factor
- idleHighWaterMark = 1;
+ nextShrinkMillis = System.currentTimeMillis() + (long) (900_000 * factor); // now + 15 min * factor
}
/**
@@ -72,7 +77,7 @@
*
* @return next shrink time
*/
- public long getNextShrink() {
+ private long getNextShrink() {
return nextShrinkMillis;
}
@@ -81,7 +86,7 @@
*/
@Override
public String toString() {
- return "ErodingFactor{" + "factor=" + factor +
+ return "ErodingFactor{factor=" + factor +
", idleHighWaterMark=" + idleHighWaterMark + '}';
}
@@ -95,11 +100,14 @@
*/
public void update(final long nowMillis, final int numIdle) {
final int idle = Math.max(0, numIdle);
- idleHighWaterMark = Math.max(idle, idleHighWaterMark);
- final float maxInterval = 15f;
- final float minutes = maxInterval +
- (1f - maxInterval) / idleHighWaterMark * idle;
- nextShrinkMillis = nowMillis + (long) (minutes * 60000f * factor);
+ lock.lock();
+ try {
+ idleHighWaterMark = Math.max(idle, idleHighWaterMark);
+ final float minutes = MAX_INTERVAL + (1f - MAX_INTERVAL) / idleHighWaterMark * idle;
+ nextShrinkMillis = nowMillis + (long) (minutes * 60000f * factor);
+ } finally {
+ lock.unlock();
+ }
}
}
/**
@@ -129,7 +137,7 @@
* events
* @see #erodingFactor
*/
- protected ErodingKeyedObjectPool(final KeyedObjectPool keyedPool,
+ private ErodingKeyedObjectPool(final KeyedObjectPool keyedPool,
final ErodingFactor erodingFactor) {
if (keyedPool == null) {
throw new IllegalArgumentException(
@@ -150,7 +158,7 @@
* events
* @see #erodingFactor
*/
- ErodingKeyedObjectPool(final KeyedObjectPool keyedPool,
+ private ErodingKeyedObjectPool(final KeyedObjectPool keyedPool,
final float factor) {
this(keyedPool, new ErodingFactor(factor));
}
@@ -315,7 +323,7 @@
*/
@Override
public String toString() {
- return "ErodingKeyedObjectPool{" + "factor=" +
+ return "ErodingKeyedObjectPool{factor=" +
erodingFactor + ", keyedPool=" + keyedPool + '}';
}
}
@@ -346,7 +354,7 @@
* events
* @see #factor
*/
- ErodingObjectPool(final ObjectPool pool, final float factor) {
+ private ErodingObjectPool(final ObjectPool pool, final float factor) {
this.pool = pool;
this.factor = new ErodingFactor(factor);
}
@@ -355,7 +363,7 @@
* {@inheritDoc}
*/
@Override
- public void addObject() throws Exception{
+ public void addObject() throws Exception {
pool.addObject();
}
@@ -457,7 +465,7 @@
*/
@Override
public String toString() {
- return "ErodingObjectPool{" + "factor=" + factor + ", pool=" +
+ return "ErodingObjectPool{factor=" + factor + ", pool=" +
pool + '}';
}
}
@@ -486,7 +494,7 @@
* @param factor
* erosion factor
*/
- ErodingPerKeyKeyedObjectPool(final KeyedObjectPool keyedPool, final float factor) {
+ private ErodingPerKeyKeyedObjectPool(final KeyedObjectPool keyedPool, final float factor) {
super(keyedPool, null);
this.factor = factor;
}
@@ -506,7 +514,7 @@
*/
@Override
public String toString() {
- return "ErodingPerKeyKeyedObjectPool{" + "factor=" + factor +
+ return "ErodingPerKeyKeyedObjectPool{factor=" + factor +
", keyedPool=" + getKeyedPool() + '}';
}
}
@@ -1731,7 +1739,7 @@
* @return a synchronized view of the specified KeyedPooledObjectFactory.
*/
public static KeyedPooledObjectFactory synchronizedKeyedPooledFactory(
- final KeyedPooledObjectFactory keyedFactory) {
+ final KeyedPooledObjectFactory keyedFactory) {
return new SynchronizedKeyedPooledObjectFactory<>(keyedFactory);
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/PooledObject.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/PooledObject.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/PooledObject.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/PooledObject.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -34,14 +34,37 @@
public interface PooledObject extends Comparable> {
/**
- * Tests whether the given PooledObject is null or contains a null.
+ * Gets the wrapped object or null.
*
- * @param pooledObject the PooledObject to test.
- * @return whether the given PooledObject is null or contains a null.
+ * @param the type of object in the pool.
+ * @param pooledObject the PooledObject to unwrap, may be null.
+ * @return the wrapped object or null.
+ * @since 2.13.0
+ */
+ static T getObject(final PooledObject pooledObject) {
+ return pooledObject != null ? pooledObject.getObject() : null;
+ }
+
+ /**
+ * Tests whether the given PooledObject is null or wraps a null.
+ *
+ * @param pooledObject the PooledObject to test, may be null.
+ * @return whether the given PooledObject is null or wraps a null.
* @since 2.12.0
*/
static boolean isNull(final PooledObject pooledObject) {
- return pooledObject == null || pooledObject.getObject() == null;
+ return getObject(pooledObject) == null;
+ }
+
+ /**
+ * Tests whether the given PooledObject isn't null and doesn't wraps a null.
+ *
+ * @param pooledObject the PooledObject to test, may be null.
+ * @return whether the given PooledObject isn't null and doesn't wraps a null.
+ * @since 2.13.0
+ */
+ static boolean nonNull(final PooledObject pooledObject) {
+ return getObject(pooledObject) != null;
}
/**
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/PooledObjectFactory.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/PooledObjectFactory.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/PooledObjectFactory.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/PooledObjectFactory.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -70,85 +70,85 @@
*/
public interface PooledObjectFactory {
- /**
- * Reinitializes an instance to be returned by the pool.
- *
- * @param p a {@code PooledObject} wrapping the instance to be activated
- * @throws Exception if there is a problem activating {@code obj},
- * this exception may be swallowed by the pool.
- *
- * @see #destroyObject
- */
- void activateObject(PooledObject p) throws Exception;
-
- /**
- * Destroys an instance no longer needed by the pool, using the default (NORMAL)
- * DestroyMode.
- *
- * It is important for implementations of this method to be aware that there
- * is no guarantee about what state {@code obj} will be in and the
- * implementation should be prepared to handle unexpected errors.
- *
- *
- * Also, an implementation must take in to consideration that instances lost
- * to the garbage collector may never be destroyed.
- *
- *
- * @param p a {@code PooledObject} wrapping the instance to be destroyed
- * @throws Exception should be avoided as it may be swallowed by
- * the pool implementation.
- *
- * @see #validateObject
- * @see ObjectPool#invalidateObject
- */
- void destroyObject(PooledObject p) throws Exception;
-
- /**
- * Destroys an instance no longer needed by the pool, using the provided
- * DestroyMode.
- *
- * @param p a {@code PooledObject} wrapping the instance to be destroyed
- * @param destroyMode DestroyMode providing context to the factory
- * @throws Exception should be avoided as it may be swallowed by
- * the pool implementation.
- *
- * @see #validateObject
- * @see ObjectPool#invalidateObject
- * @see #destroyObject(PooledObject)
- * @see DestroyMode
- * @since 2.9.0
- */
- default void destroyObject(final PooledObject p, final DestroyMode destroyMode) throws Exception {
- destroyObject(p);
- }
-
- /**
- * Creates an instance that can be served by the pool and wrap it in a
- * {@link PooledObject} to be managed by the pool.
- *
- * @return a {@code PooledObject} wrapping an instance that can be served by the pool, not null.
- * @throws Exception if there is a problem creating a new instance,
- * this will be propagated to the code requesting an object.
- */
- PooledObject makeObject() throws Exception;
-
- /**
- * Uninitializes an instance to be returned to the idle object pool.
- *
- * @param p a {@code PooledObject} wrapping the instance to be passivated
- * @throws Exception if there is a problem passivating {@code obj},
- * this exception may be swallowed by the pool.
- *
- * @see #destroyObject
- */
- void passivateObject(PooledObject p) throws Exception;
-
- /**
- * Ensures that the instance is safe to be returned by the pool.
- *
- * @param p a {@code PooledObject} wrapping the instance to be validated
- * @return {@code false} if {@code obj} is not valid and should
- * be dropped from the pool, {@code true} otherwise.
- */
- boolean validateObject(PooledObject p);
+ /**
+ * Reinitializes an instance to be returned by the pool.
+ *
+ * @param p a {@code PooledObject} wrapping the instance to be activated
+ * @throws Exception if there is a problem activating {@code obj},
+ * this exception may be swallowed by the pool.
+ *
+ * @see #destroyObject
+ */
+ void activateObject(PooledObject p) throws Exception;
+
+ /**
+ * Destroys an instance no longer needed by the pool, using the default (NORMAL)
+ * DestroyMode.
+ *
+ * It is important for implementations of this method to be aware that there
+ * is no guarantee about what state {@code obj} will be in and the
+ * implementation should be prepared to handle unexpected errors.
+ *
+ *
+ * Also, an implementation must take in to consideration that instances lost
+ * to the garbage collector may never be destroyed.
+ *
+ *
+ * @param p a {@code PooledObject} wrapping the instance to be destroyed
+ * @throws Exception should be avoided as it may be swallowed by
+ * the pool implementation.
+ *
+ * @see #validateObject
+ * @see ObjectPool#invalidateObject
+ */
+ void destroyObject(PooledObject p) throws Exception;
+
+ /**
+ * Destroys an instance no longer needed by the pool, using the provided
+ * DestroyMode.
+ *
+ * @param p a {@code PooledObject} wrapping the instance to be destroyed
+ * @param destroyMode DestroyMode providing context to the factory
+ * @throws Exception should be avoided as it may be swallowed by
+ * the pool implementation.
+ *
+ * @see #validateObject
+ * @see ObjectPool#invalidateObject
+ * @see #destroyObject(PooledObject)
+ * @see DestroyMode
+ * @since 2.9.0
+ */
+ default void destroyObject(final PooledObject p, final DestroyMode destroyMode) throws Exception {
+ destroyObject(p);
+ }
+
+ /**
+ * Creates an instance that can be served by the pool and wrap it in a
+ * {@link PooledObject} to be managed by the pool.
+ *
+ * @return a {@code PooledObject} wrapping an instance that can be served by the pool, not null.
+ * @throws Exception if there is a problem creating a new instance,
+ * this will be propagated to the code requesting an object.
+ */
+ PooledObject makeObject() throws Exception;
+
+ /**
+ * Uninitializes an instance to be returned to the idle object pool.
+ *
+ * @param p a {@code PooledObject} wrapping the instance to be passivated
+ * @throws Exception if there is a problem passivating {@code obj},
+ * this exception may be swallowed by the pool.
+ *
+ * @see #destroyObject
+ */
+ void passivateObject(PooledObject p) throws Exception;
+
+ /**
+ * Ensures that the instance is safe to be returned by the pool.
+ *
+ * @param p a {@code PooledObject} wrapping the instance to be validated
+ * @return {@code false} if {@code obj} is not valid and should
+ * be dropped from the pool, {@code true} otherwise.
+ */
+ boolean validateObject(PooledObject p);
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/PooledObjectState.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/PooledObjectState.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/PooledObjectState.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/PooledObjectState.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/SwallowedExceptionListener.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/SwallowedExceptionListener.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/SwallowedExceptionListener.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/SwallowedExceptionListener.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/TrackedUse.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/TrackedUse.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/TrackedUse.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/TrackedUse.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/UsageTracking.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/UsageTracking.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/UsageTracking.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/UsageTracking.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/AbandonedConfig.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/AbandonedConfig.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/AbandonedConfig.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/AbandonedConfig.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/BaseGenericObjectPool.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/BaseGenericObjectPool.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/BaseGenericObjectPool.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/BaseGenericObjectPool.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -205,41 +205,53 @@
* @param type of objects in the pool
*/
static class IdentityWrapper {
+
+ /**
+ * Creates a new instance for the object inside a {@link PooledObject}.
+ *
+ * @param The type of the object in the {@link PooledObject}.
+ * @param p The {@link PooledObject}.
+ * @return a new instance.
+ */
+ static IdentityWrapper unwrap(final PooledObject p) {
+ return new IdentityWrapper<>(p.getObject());
+ }
+
/** Wrapped object */
- private final T instance;
+ private final T object;
/**
* Constructs a wrapper for an instance.
*
- * @param instance object to wrap
+ * @param object object to wrap
*/
- IdentityWrapper(final T instance) {
- this.instance = instance;
+ IdentityWrapper(final T object) {
+ this.object = object;
}
@Override
@SuppressWarnings("rawtypes")
public boolean equals(final Object other) {
- return other instanceof IdentityWrapper && ((IdentityWrapper) other).instance == instance;
+ return other instanceof IdentityWrapper && ((IdentityWrapper) other).object == object;
}
/**
* @return the wrapped object
*/
- public T getObject() {
- return instance;
+ T getObject() {
+ return object;
}
@Override
public int hashCode() {
- return System.identityHashCode(instance);
+ return System.identityHashCode(object);
}
@Override
public String toString() {
final StringBuilder builder = new StringBuilder();
builder.append("IdentityWrapper [instance=");
- builder.append(instance);
+ builder.append(object);
builder.append("]");
return builder.toString();
}
@@ -395,6 +407,7 @@
private volatile SwallowedExceptionListener swallowedExceptionListener;
private volatile boolean messageStatistics;
+ private volatile boolean collectDetailedStatistics = BaseObjectPoolConfig.DEFAULT_COLLECT_DETAILED_STATISTICS;
/** Additional configuration properties for abandoned object tracking. */
protected volatile AbandonedConfig abandonedConfig;
@@ -483,6 +496,16 @@
}
/**
+ * Returns the duration since the given start time.
+ *
+ * @param startInstant the start time
+ * @return the duration since the given start time
+ */
+ final Duration durationSince(final Instant startInstant) {
+ return Duration.between(startInstant, Instant.now());
+ }
+
+ /**
* Tries to ensure that the configured minimum number of idle instances are
* available in the pool.
* @throws Exception if an error occurs creating idle instances
@@ -525,6 +548,20 @@
}
/**
+ * Gets whether detailed timing statistics collection is enabled.
+ * When {@code false}, the pool will not collect detailed timing statistics for
+ * mean active time, mean idle time, and mean borrow wait time,
+ * improving performance under high load.
+ *
+ * @return {@code true} if detailed statistics collection is enabled,
+ * {@code false} if disabled for improved performance.
+ * @since 2.13.0
+ */
+ public boolean getCollectDetailedStatistics() {
+ return collectDetailedStatistics;
+ }
+
+ /**
* Gets the total number of objects created for this pool over the lifetime of
* the pool.
* @return the created object count
@@ -977,7 +1014,6 @@
* removal is configured for this pool; Integer.MAX_VALUE otherwise.
*
* @see AbandonedConfig#getRemoveAbandonedTimeoutDuration()
- * @see AbandonedConfig#getRemoveAbandonedTimeoutDuration()
* @deprecated Use {@link #getRemoveAbandonedTimeoutDuration()}.
* @since 2.11.0
*/
@@ -1226,8 +1262,9 @@
}
/**
- * Tests whether this pool instance been closed.
- * @return {@code true} when this pool has been closed.
+ * Tests whether this pool instance is closed.
+ *
+ * @return {@code true} when this pool is closed.
*/
public final boolean isClosed() {
return closed;
@@ -1258,7 +1295,7 @@
}
while (!registered) {
try {
- ObjectName objName;
+ final ObjectName objName;
// Skip the numeric suffix for the first pool in case there is
// only one so the names are cleaner.
if (i == 1) {
@@ -1349,6 +1386,21 @@
}
/**
+ * Sets whether detailed timing statistics collection is enabled.
+ * When {@code false}, the pool will not collect detailed timing statistics,
+ * improving performance under high load at the cost of reduced monitoring capabilities.
+ *
+ * This setting affects data collection for mean active time, mean idle time, and mean borrow wait time.
+ *
+ *
+ * @param collectDetailedStatistics whether to collect detailed statistics.
+ * @since 2.13.0
+ */
+ public void setCollectDetailedStatistics(final boolean collectDetailedStatistics) {
+ this.collectDetailedStatistics = collectDetailedStatistics;
+ }
+
+ /**
* Sets the receiver with the given configuration.
*
* @param config Initialization source.
@@ -1374,6 +1426,7 @@
setEvictionPolicy(policy);
}
setEvictorShutdownTimeout(config.getEvictorShutdownTimeoutDuration());
+ setCollectDetailedStatistics(config.getCollectDetailedStatistics());
}
/**
@@ -1945,6 +1998,7 @@
startEvictor(Duration.ofMillis(-1L));
}
+
/**
* Swallows an exception and notifies the configured listener for swallowed
* exceptions queue.
@@ -2045,17 +2099,19 @@
*/
final void updateStatsBorrow(final PooledObject p, final Duration waitDuration) {
borrowedCount.incrementAndGet();
- idleTimes.add(p.getIdleDuration());
- waitTimes.add(waitDuration);
-
- // lock-free optimistic-locking maximum
- Duration currentMaxDuration;
- do {
- currentMaxDuration = maxBorrowWaitDuration.get();
- if (currentMaxDuration.compareTo(waitDuration) >= 0) {
- break;
- }
- } while (!maxBorrowWaitDuration.compareAndSet(currentMaxDuration, waitDuration));
+ // Only collect detailed statistics if enabled
+ if (collectDetailedStatistics) {
+ idleTimes.add(p.getIdleDuration());
+ waitTimes.add(waitDuration);
+ // lock-free optimistic-locking maximum
+ Duration currentMaxDuration;
+ do {
+ currentMaxDuration = maxBorrowWaitDuration.get();
+ if (currentMaxDuration.compareTo(waitDuration) >= 0) {
+ break;
+ }
+ } while (!maxBorrowWaitDuration.compareAndSet(currentMaxDuration, waitDuration));
+ }
}
/**
@@ -2066,7 +2122,25 @@
*/
final void updateStatsReturn(final Duration activeTime) {
returnedCount.incrementAndGet();
- activeTimes.add(activeTime);
+ // Only collect detailed statistics if enabled
+ if (collectDetailedStatistics) {
+ activeTimes.add(activeTime);
+ }
+ }
+
+ /**
+ * Waits for notification on the given object for the specified duration.
+ * Duration.ZERO causes the thread to wait indefinitely.
+ *
+ * @param obj the object to wait on
+ * @param duration the duration to wait
+ * @throws InterruptedException if interrupted while waiting
+ * @throws IllegalArgumentException if the duration is negative
+ */
+ final void wait(final Object obj, final Duration duration) throws InterruptedException {
+ if (!duration.isNegative()) {
+ obj.wait(duration.toMillis(), duration.getNano() % 1_000_000);
+ }
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/BaseObjectPoolConfig.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/BaseObjectPoolConfig.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/BaseObjectPoolConfig.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/BaseObjectPoolConfig.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -254,6 +254,19 @@
*/
public static final String DEFAULT_EVICTION_POLICY_CLASS_NAME = DefaultEvictionPolicy.class.getName();
+ /**
+ * The default value for the {@code collectDetailedStatistics} configuration
+ * attribute. When {@code true}, the pool will collect detailed timing statistics
+ * for monitoring purposes. When {@code false}, detailed statistics collection
+ * is disabled, improving performance under high load.
+ *
+ * This setting affects data collection for mean active time, mean idle time, and mean borrow wait time.
+ *
+ *
+ * @since 2.13.0
+ */
+ public static final boolean DEFAULT_COLLECT_DETAILED_STATISTICS = true;
+
private boolean lifo = DEFAULT_LIFO;
private boolean fairness = DEFAULT_FAIRNESS;
@@ -291,6 +304,15 @@
private String jmxNameBase = DEFAULT_JMX_NAME_BASE;
+ private boolean collectDetailedStatistics = DEFAULT_COLLECT_DETAILED_STATISTICS;
+
+ /**
+ * Constructs a new instance.
+ */
+ public BaseObjectPoolConfig() {
+ // empty
+ }
+
/**
* Gets the value for the {@code blockWhenExhausted} configuration attribute for pools created with this configuration instance.
*
@@ -303,6 +325,23 @@
}
/**
+ * Gets the value for the {@code collectDetailedStatistics} configuration attribute
+ * for pools created with this configuration instance.
+ *
+ * This setting affects data collection for mean active time, mean idle time, and mean borrow wait time.
+ *
+ *
+ * @return {@code true} if detailed statistics collection is enabled,
+ * {@code false} if disabled for improved performance.
+ * @see GenericObjectPool#getCollectDetailedStatistics()
+ * @see GenericKeyedObjectPool#getCollectDetailedStatistics()
+ * @since 2.13.0
+ */
+ public boolean getCollectDetailedStatistics() {
+ return collectDetailedStatistics;
+ }
+
+ /**
* Gets the value for the {@code timeBetweenEvictionRuns} configuration attribute for pools created with this configuration instance.
*
* @return The current setting of {@code timeBetweenEvictionRuns} for this configuration instance
@@ -624,6 +663,25 @@
}
/**
+ * Sets the value for the {@code collectDetailedStatistics} configuration attribute
+ * for pools created with this configuration instance. When {@code false}, the pool
+ * will not collect detailed timing statistics, improving performance under high load
+ * at the cost of reduced monitoring capabilities.
+ *
+ * This setting affects data collection for mean active time, mean idle time, and mean borrow wait time.
+ *
+ *
+ * @param collectDetailedStatistics The new setting of {@code collectDetailedStatistics}
+ * for this configuration instance.
+ * @see GenericObjectPool#getCollectDetailedStatistics()
+ * @see GenericKeyedObjectPool#getCollectDetailedStatistics()
+ * @since 2.13.0
+ */
+ public void setCollectDetailedStatistics(final boolean collectDetailedStatistics) {
+ this.collectDetailedStatistics = collectDetailedStatistics;
+ }
+
+ /**
* Sets the value for the {@code evictionPolicyClass} configuration attribute for pools created with this configuration instance.
*
* @param evictionPolicy The new setting of {@code evictionPolicyClass} for this configuration instance
@@ -953,5 +1011,7 @@
builder.append(jmxNamePrefix);
builder.append(", jmxNameBase=");
builder.append(jmxNameBase);
+ builder.append(", collectDetailedStatistics=");
+ builder.append(collectDetailedStatistics);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/CallStack.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/CallStack.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/CallStack.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/CallStack.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/DefaultEvictionPolicy.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/DefaultEvictionPolicy.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/DefaultEvictionPolicy.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/DefaultEvictionPolicy.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -31,7 +31,7 @@
* {@link GenericKeyedObjectPoolConfig#getMinIdlePerKey()} idle objects in
* the pool and the object has been idle for longer than
* {@link GenericObjectPool#getSoftMinEvictableIdleDuration()} /
- * {@link GenericKeyedObjectPool#getSoftMinEvictableIdleDuration()}
+ * {@link GenericKeyedObjectPool#getSoftMinEvictableIdleDuration()}
*
*
* This class is immutable and thread-safe.
@@ -42,6 +42,13 @@
*/
public class DefaultEvictionPolicy implements EvictionPolicy {
+ /**
+ * Constructs a new instance.
+ */
+ public DefaultEvictionPolicy() {
+ // empty
+ }
+
@Override
public boolean evict(final EvictionConfig config, final PooledObject underTest, final int idleCount) {
// @formatter:off
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/DefaultPooledObject.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/DefaultPooledObject.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/DefaultPooledObject.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/DefaultPooledObject.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/DefaultPooledObjectInfo.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/DefaultPooledObjectInfo.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/DefaultPooledObjectInfo.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/DefaultPooledObjectInfo.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/DefaultPooledObjectInfoMBean.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/DefaultPooledObjectInfoMBean.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/DefaultPooledObjectInfoMBean.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/DefaultPooledObjectInfoMBean.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/EvictionConfig.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/EvictionConfig.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/EvictionConfig.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/EvictionConfig.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/EvictionPolicy.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/EvictionPolicy.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/EvictionPolicy.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/EvictionPolicy.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -23,7 +23,7 @@
* DefaultEvictionPolicy} for a pool, users must provide an implementation of
* this interface that provides the required eviction policy.
*
- * @param the type of objects in the pool
+ * @param the type of objects in the pool.
* @since 2.0
*/
public interface EvictionPolicy {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -21,6 +21,7 @@
import java.security.PrivilegedAction;
import java.time.Duration;
import java.util.HashMap;
+import java.util.Iterator;
import java.util.Map.Entry;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.ScheduledThreadPoolExecutor;
@@ -32,7 +33,7 @@
*
* This class is currently implemented using {@link ScheduledThreadPoolExecutor}. This implementation may change in any
* future release. This class keeps track of how many pools are using it. If no pools are using the timer, it is
- * cancelled. This prevents a thread being left running which, in application server environments, can lead to memory
+ * canceled. This prevents a thread being left running which, in application server environments, can lead to memory
* leads and/or prevent applications from shutting down or reloading cleanly.
*
*
@@ -73,11 +74,17 @@
@Override
public void run() {
synchronized (EvictionTimer.class) {
- for (final Entry.Evictor>, WeakRunner.Evictor>> entry : TASK_MAP
- .entrySet()) {
+ /*
+ * Need to use iterator over TASK_MAP so entries can be removed when iterating without triggering a
+ * ConcurrentModificationException.
+ */
+ final Iterator.Evictor>, WeakRunner.Evictor>>> iterator =
+ TASK_MAP.entrySet().iterator();
+ while (iterator.hasNext()) {
+ final Entry.Evictor>, WeakRunner.Evictor>> entry = iterator.next();
if (entry.getKey().get() == null) {
executor.remove(entry.getValue());
- TASK_MAP.remove(entry.getKey());
+ iterator.remove();
}
}
if (TASK_MAP.isEmpty() && executor != null) {
@@ -104,7 +111,7 @@
* @param ref the reference to track.
*/
private WeakRunner(final WeakReference ref) {
- this.ref = ref;
+ this.ref = ref;
}
@Override
@@ -113,8 +120,10 @@
if (task != null) {
task.run();
} else {
- executor.remove(this);
- TASK_MAP.remove(ref);
+ synchronized (EvictionTimer.class) {
+ executor.remove(this);
+ TASK_MAP.remove(ref);
+ }
}
}
}
@@ -124,13 +133,13 @@
/** Keys are weak references to tasks, values are runners managed by executor. */
private static final HashMap<
- WeakReference.Evictor>,
- WeakRunner.Evictor>> TASK_MAP = new HashMap<>(); // @GuardedBy("EvictionTimer.class")
+ WeakReference.Evictor>,
+ WeakRunner.Evictor>> TASK_MAP = new HashMap<>(); // @GuardedBy("EvictionTimer.class")
/**
* Removes the specified eviction task from the timer.
*
- * @param evictor Task to be cancelled.
+ * @param evictor Task to be canceled.
* @param timeout If the associated executor is no longer required, how
* long should this thread wait for the executor to
* terminate?
@@ -195,8 +204,8 @@
* server environments.
*
* @param task Task to be scheduled.
- * @param delay Delay in milliseconds before task is executed.
- * @param period Time in milliseconds between executions.
+ * @param delay Duration before task is executed.
+ * @param period Duration between executions.
*/
static synchronized void schedule(
final BaseGenericObjectPool.Evictor task, final Duration delay, final Duration period) {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/GenericKeyedObjectPool.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/GenericKeyedObjectPool.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/GenericKeyedObjectPool.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/GenericKeyedObjectPool.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -28,8 +28,8 @@
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.TreeMap;
+import java.util.concurrent.BlockingDeque;
import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicLong;
@@ -128,16 +128,16 @@
* @param fairness true means client threads waiting to borrow / return instances
* will be served as if waiting in a FIFO queue.
*/
- ObjectDeque(final boolean fairness) {
+ private ObjectDeque(final boolean fairness) {
idleObjects = new LinkedBlockingDeque<>(fairness);
}
/**
* Gets all the objects for the current key.
*
- * @return All the objects
+ * @return All the objects,
*/
- public Map, PooledObject> getAllObjects() {
+ Map, PooledObject> getAllObjects() {
return allObjects;
}
@@ -145,27 +145,27 @@
* Gets the number of instances created - number destroyed.
* Should always be less than or equal to maxTotalPerKey.
*
- * @return The net instance addition count for this deque
+ * @return The net instance addition count for this deque.
*/
- public AtomicInteger getCreateCount() {
+ AtomicInteger getCreateCount() {
return createCount;
}
/**
* Gets the idle objects for the current key.
*
- * @return The idle objects
+ * @return The idle objects.
*/
- public LinkedBlockingDeque> getIdleObjects() {
+ LinkedBlockingDeque> getIdleObjects() {
return idleObjects;
}
/**
* Gets the number of threads with an interest registered in this key.
*
- * @return The number of threads with a registered interest in this key
+ * @return The number of threads with a registered interest in this key.
*/
- public AtomicLong getNumInterested() {
+ AtomicLong getNumInterested() {
return numInterested;
}
@@ -201,6 +201,12 @@
private volatile int maxTotalPerKey =
GenericKeyedObjectPoolConfig.DEFAULT_MAX_TOTAL_PER_KEY;
+ private volatile boolean reuseCapacityOnReturn =
+ GenericKeyedObjectPoolConfig.DEFAULT_REUSE_CAPACITY_ON_RETURN;
+
+ private volatile boolean reuseCapacityOnMaintenance =
+ GenericKeyedObjectPoolConfig.DEFAULT_REUSE_CAPACITY_ON_MAINTENANCE;
+
private final KeyedPooledObjectFactory factory;
private final boolean fairness;
@@ -209,8 +215,13 @@
* My hash of sub-pools (ObjectQueue). The list of keys must be kept
* in step with {@link #poolKeyList} using {@link #keyLock} to ensure any
* changes to the list of current keys is made in a thread-safe manner.
+ *
+ * Correct operation of the pool requires that a Map implementation is used that
+ * supports concurrent read and write (e.g. ensureMinIdle() iterates over the key set
+ * while other threads may be adding or removing keys) therefore explicitly define
+ * this field as ConcurrentHashMap rather than Map.
*/
- private final Map> poolMap =
+ private final ConcurrentHashMap> poolMap =
new ConcurrentHashMap<>(); // @GuardedBy("keyLock") for write access (and some read access)
/*
@@ -298,9 +309,9 @@
* @throws Exception If the associated factory fails to passivate the object
*/
private void addIdleObject(final K key, final PooledObject p) throws Exception {
- if (!PooledObject.isNull(p)) {
+ if (PooledObject.nonNull(p)) {
factory.passivateObject(key, p);
- final LinkedBlockingDeque> idleObjects = poolMap.get(key).getIdleObjects();
+ final BlockingDeque> idleObjects = poolMap.get(key).getIdleObjects();
if (getLifo()) {
idleObjects.addFirst(p);
} else {
@@ -330,9 +341,18 @@
@Override
public void addObject(final K key) throws Exception {
assertOpen();
- register(key);
+ final ObjectDeque objectDeque = register(key);
try {
- addIdleObject(key, create(key));
+ // Attempt create and add only if there is capacity to add
+ // > to the overall instance count
+ // > to the pool under the key
+ final int maxtTotalPerKey = getMaxTotalPerKey();
+ final int maxTotal = getMaxTotal();
+ if ((maxTotal < 0 || getNumActive() + getNumIdle() < maxTotal)
+ && (maxtTotalPerKey < 0 || objectDeque.allObjects.size() < maxtTotalPerKey)) {
+ // Attempt to create and add a new instance under key
+ addIdleObject(key, create(key, getMaxWaitDuration()));
+ }
} finally {
deregister(key);
}
@@ -400,8 +420,8 @@
*
*
* @param key pool key
- * @param borrowMaxWaitMillis The time to wait in milliseconds for an object
- * to become available
+ * @param maxWaitDuration The time to wait for an object to become
+ * available
*
* @return object instance from the keyed pool
* @throws NoSuchElementException if a keyed object instance cannot be
@@ -409,10 +429,12 @@
*
* @throws Exception if a keyed object instance cannot be returned due to an
* error
+ * @since 2.12.2
*/
- public T borrowObject(final K key, final long borrowMaxWaitMillis) throws Exception {
+ public T borrowObject(final K key, final Duration maxWaitDuration) throws Exception {
assertOpen();
-
+ final Instant startInstant = Instant.now();
+ Duration remainingWaitDuration = maxWaitDuration;
final AbandonedConfig ac = this.abandonedConfig;
if (ac != null && ac.getRemoveAbandonedOnBorrow() && getNumIdle() < 2 &&
getNumActive() > getMaxTotal() - 3) {
@@ -426,27 +448,28 @@
final boolean blockWhenExhausted = getBlockWhenExhausted();
boolean create;
- final Instant waitTime = Instant.now();
final ObjectDeque objectDeque = register(key);
try {
while (p == null) {
+ remainingWaitDuration = maxWaitDuration.minus(durationSince(startInstant));
create = false;
p = objectDeque.getIdleObjects().pollFirst();
if (p == null) {
- p = create(key);
- if (!PooledObject.isNull(p)) {
+ p = create(key, remainingWaitDuration);
+ if (PooledObject.nonNull(p)) {
create = true;
}
+ remainingWaitDuration = maxWaitDuration.minus(durationSince(startInstant));
}
if (blockWhenExhausted) {
if (PooledObject.isNull(p)) {
- p = borrowMaxWaitMillis < 0 ? objectDeque.getIdleObjects().takeFirst():
- objectDeque.getIdleObjects().pollFirst(borrowMaxWaitMillis, TimeUnit.MILLISECONDS);
+ p = maxWaitDuration.isNegative() ? objectDeque.getIdleObjects().takeFirst()
+ : objectDeque.getIdleObjects().pollFirst(remainingWaitDuration);
}
if (PooledObject.isNull(p)) {
throw new NoSuchElementException(appendStats(
- "Timeout waiting for idle object, borrowMaxWaitMillis=" + borrowMaxWaitMillis));
+ "Timeout waiting for idle object, borrowMaxWaitMillis=" + maxWaitDuration.toMillis()));
}
} else if (PooledObject.isNull(p)) {
throw new NoSuchElementException(appendStats("Pool exhausted"));
@@ -455,7 +478,7 @@
p = null;
}
- if (!PooledObject.isNull(p)) {
+ if (PooledObject.nonNull(p)) {
try {
factory.activateObject(key, p);
} catch (final Exception e) {
@@ -466,12 +489,13 @@
}
p = null;
if (create) {
- final NoSuchElementException nsee = new NoSuchElementException(appendStats("Unable to activate object"));
+ final NoSuchElementException nsee = new NoSuchElementException(
+ appendStats("Unable to activate object"));
nsee.initCause(e);
throw nsee;
}
}
- if (!PooledObject.isNull(p) && getTestOnBorrow()) {
+ if (PooledObject.nonNull(p) && getTestOnBorrow()) {
boolean validate = false;
Throwable validationThrowable = null;
try {
@@ -502,11 +526,78 @@
deregister(key);
}
- updateStatsBorrow(p, Duration.between(waitTime, Instant.now()));
+ updateStatsBorrow(p, Duration.between(startInstant, Instant.now()));
return p.getObject();
}
+
+ /**
+ * Borrows an object from the sub-pool associated with the given key using
+ * the specified waiting time which only applies if
+ * {@link #getBlockWhenExhausted()} is true.
+ *
+ * If there is one or more idle instances available in the sub-pool
+ * associated with the given key, then an idle instance will be selected
+ * based on the value of {@link #getLifo()}, activated and returned. If
+ * activation fails, or {@link #getTestOnBorrow() testOnBorrow} is set to
+ * {@code true} and validation fails, the instance is destroyed and the
+ * next available instance is examined. This continues until either a valid
+ * instance is returned or there are no more idle instances available.
+ *
+ *
+ * If there are no idle instances available in the sub-pool associated with
+ * the given key, behavior depends on the {@link #getMaxTotalPerKey()
+ * maxTotalPerKey}, {@link #getMaxTotal() maxTotal}, and (if applicable)
+ * {@link #getBlockWhenExhausted()} and the value passed in to the
+ * {@code borrowMaxWaitMillis} parameter. If the number of instances checked
+ * out from the sub-pool under the given key is less than
+ * {@code maxTotalPerKey} and the total number of instances in
+ * circulation (under all keys) is less than {@code maxTotal}, a new
+ * instance is created, activated and (if applicable) validated and returned
+ * to the caller. If validation fails, a {@code NoSuchElementException}
+ * will be thrown. If the factory returns null when creating an instance,
+ * a {@code NullPointerException} is thrown.
+ *
+ *
+ * If the associated sub-pool is exhausted (no available idle instances and
+ * no capacity to create new ones), this method will either block
+ * ({@link #getBlockWhenExhausted()} is true) or throw a
+ * {@code NoSuchElementException}
+ * ({@link #getBlockWhenExhausted()} is false).
+ * The length of time that this method will block when
+ * {@link #getBlockWhenExhausted()} is true is determined by the value
+ * passed in to the {@code borrowMaxWait} parameter.
+ *
+ *
+ * When {@code maxTotal} is set to a positive value and this method is
+ * invoked when at the limit with no idle instances available under the requested
+ * key, an attempt is made to create room by clearing the oldest 15% of the
+ * elements from the keyed sub-pools.
+ *
+ *
+ * When the pool is exhausted, multiple calling threads may be
+ * simultaneously blocked waiting for instances to become available. A
+ * "fairness" algorithm has been implemented to ensure that threads receive
+ * available instances in request arrival order.
+ *
+ *
+ * @param key pool key
+ * @param maxWaitMillis The time to wait in milliseconds for an object to become
+ * available
+ *
+ * @return object instance from the keyed pool
+ * @throws NoSuchElementException if a keyed object instance cannot be
+ * returned because the pool is exhausted.
+ *
+ * @throws Exception if a keyed object instance cannot be returned due to an
+ * error
+ */
+
+ public T borrowObject(final K key, final long maxWaitMillis) throws Exception {
+ return borrowObject(key, Duration.ofMillis(maxWaitMillis));
+ }
+
/**
* Calculate the number of objects that need to be created to attempt to
* maintain the minimum number of idle objects while not exceeded the limits
@@ -607,7 +698,7 @@
final ObjectDeque objectDeque = register(key);
int freedCapacity = 0;
try {
- final LinkedBlockingDeque> idleObjects = objectDeque.getIdleObjects();
+ final BlockingDeque> idleObjects = objectDeque.getIdleObjects();
PooledObject p = idleObjects.poll();
while (p != null) {
try {
@@ -698,7 +789,7 @@
jmxUnregister();
// Release any threads that were waiting for an object
- poolMap.values().forEach(e -> e.getIdleObjects().interuptTakeWaiters());
+ poolMap.values().forEach(e -> e.getIdleObjects().interruptTakeWaiters());
// This clear cleans up the keys now any waiting threads have been
// interrupted
clear();
@@ -708,11 +799,16 @@
/**
* Creates a new pooled object or null.
*
- * @param key Key associated with new pooled object.
+ * @param key Key associated with new pooled object.
+ * @param maxWaitDuration The time to wait in this method. If negative or ZERO,
+ * this method may wait indefinitely.
* @return The new, wrapped pooled object. May return null.
* @throws Exception If the objection creation fails.
*/
- private PooledObject create(final K key) throws Exception {
+ private PooledObject create(final K key, final Duration maxWaitDuration) throws Exception {
+ final Instant startInstant = Instant.now();
+ Duration remainingWaitDuration = maxWaitDuration.isNegative() ? Duration.ZERO : maxWaitDuration;
+
int maxTotalPerKeySave = getMaxTotalPerKey(); // Per key
if (maxTotalPerKeySave < 0) {
maxTotalPerKeySave = Integer.MAX_VALUE;
@@ -744,6 +840,7 @@
// call the factory
Boolean create = null;
while (create == null) {
+ remainingWaitDuration = maxWaitDuration.isNegative() ? Duration.ZERO : maxWaitDuration.minus(durationSince(startInstant));
synchronized (objectDeque.makeObjectCountLock) {
final long newCreateCount = objectDeque.getCreateCount().incrementAndGet();
// Check against the per key limit
@@ -757,12 +854,13 @@
// create a new object. Return and wait for an object to
// be returned.
create = Boolean.FALSE;
- } else {
+ } else if (!remainingWaitDuration.isNegative()) {
// There are makeObject() calls in progress that might
// bring the pool to capacity. Those calls might also
// fail so wait until they complete and then re-test if
// the pool is at capacity or not.
- objectDeque.makeObjectCountLock.wait();
+ objectDeque.makeObjectCountLock.wait(remainingWaitDuration.toMillis(),
+ remainingWaitDuration.getNano() % 1_000_000);
}
} else {
// The pool is not at capacity. Create a new object.
@@ -808,7 +906,7 @@
}
createdCount.incrementAndGet();
- objectDeque.getAllObjects().put(new IdentityWrapper<>(p.getObject()), p);
+ objectDeque.getAllObjects().put(IdentityWrapper.unwrap(p), p);
return p;
}
@@ -857,13 +955,13 @@
/**
* Destroy the wrapped, pooled object.
*
- * @param key The key associated with the object to destroy.
+ * @param key The key associated with the object to destroy
* @param toDestroy The wrapped object to be destroyed
* @param always Should the object be destroyed even if it is not currently
* in the set of idle objects for the given key
- * @param destroyMode DestroyMode context provided to the factory
+ * @param destroyMode {@link DestroyMode} context provided to the factory
* @return {@code true} if the object was destroyed, otherwise {@code false}
- * @throws Exception If the object destruction failed
+ * @throws Exception If the factory throws an exception during destruction
*/
private boolean destroy(final K key, final PooledObject toDestroy, final boolean always, final DestroyMode destroyMode) throws Exception {
@@ -881,7 +979,7 @@
}
}
if (isIdle || always) {
- objectDeque.getAllObjects().remove(new IdentityWrapper<>(toDestroy.getObject()));
+ objectDeque.getAllObjects().remove(IdentityWrapper.unwrap(toDestroy));
toDestroy.invalidate();
try {
@@ -1086,8 +1184,6 @@
}
}
underTest.endEvictionTest(idleObjects);
- // TODO - May need to add code here once additional
- // states are used
}
}
}
@@ -1096,6 +1192,9 @@
if (ac != null && ac.getRemoveAbandonedOnMaintenance()) {
removeAbandoned(ac);
}
+ if (reuseCapacityOnMaintenance) {
+ reuseCapacity();
+ }
}
/**
@@ -1258,6 +1357,32 @@
return result;
}
+ /**
+ * Gets whether to call {@link #reuseCapacity()} during pool maintenance (eviction).
+ * When true, the pool will attempt to reuse freed capacity at the end of each
+ * eviction run.
+ *
+ * @return {@code true} if capacity reuse is enabled during maintenance, {@code false} otherwise
+ * @see #setReuseCapacityOnMaintenance(boolean)
+ * @since 2.13.0
+ */
+ public boolean getReuseCapacityOnMaintenance() {
+ return reuseCapacityOnMaintenance;
+ }
+
+ /**
+ * Gets whether to call {@link #reuseCapacity()} when returning objects to the pool.
+ * When true, the pool will check if there are threads waiting to borrow objects
+ * and attempt to reuse the capacity freed by the return operation.
+ *
+ * @return {@code true} if capacity reuse is enabled on return, {@code false} otherwise
+ * @see #setReuseCapacityOnReturn(boolean)
+ * @since 2.13.0
+ */
+ public boolean getReuseCapacityOnReturn() {
+ return reuseCapacityOnReturn;
+ }
+
@SuppressWarnings("boxing") // Commons Pool uses auto-boxing
@Override
String getStatsString() {
@@ -1333,7 +1458,7 @@
* to be borrowed) and active (currently borrowed).
*
* Note: This is named listAllObjects so it is presented as an operation via
- * JMX. That means it won't be invoked unless the explicitly requested
+ * JMX. That means it won't be invoked unless explicitly requested
* whereas all attributes will be automatically requested when viewing the
* attributes for an object in a tool like JConsole.
*
@@ -1505,7 +1630,7 @@
}
final int maxIdle = getMaxIdlePerKey();
- final LinkedBlockingDeque> idleObjects = objectDeque.getIdleObjects();
+ final BlockingDeque> idleObjects = objectDeque.getIdleObjects();
if (isClosed() || maxIdle > -1 && maxIdle <= idleObjects.size()) {
try {
@@ -1527,7 +1652,7 @@
}
}
} finally {
- if (hasBorrowWaiters()) {
+ if (reuseCapacityOnReturn && hasBorrowWaiters()) {
reuseCapacity();
}
updateStatsReturn(activeTime);
@@ -1550,7 +1675,7 @@
private void reuseCapacity() {
final int maxTotalPerKeySave = getMaxTotalPerKey();
int maxQueueLength = 0;
- LinkedBlockingDeque> mostLoadedPool = null;
+ BlockingDeque> mostLoadedPool = null;
K mostLoadedKey = null;
// Find the most loaded pool that could take a new instance
@@ -1571,7 +1696,7 @@
try {
// If there is no capacity to add, create will return null
// and addIdleObject will no-op.
- addIdleObject(mostLoadedKey, create(mostLoadedKey));
+ addIdleObject(mostLoadedKey, create(mostLoadedKey, Duration.ZERO));
} catch (final Exception e) {
swallowException(e);
} finally {
@@ -1585,7 +1710,7 @@
*
* Always activates {@link #reuseCapacity()} at least once.
*
- * @param newCapacity number of new instances to attempt to create.
+ * @param newCapacity number of times to call {@link #reuseCapacity()}
*/
private void reuseCapacity(final int newCapacity) {
final int bound = newCapacity < 1 ? 1 : newCapacity;
@@ -1606,6 +1731,8 @@
setMaxTotalPerKey(conf.getMaxTotalPerKey());
setMaxTotal(conf.getMaxTotal());
setMinIdlePerKey(conf.getMinIdlePerKey());
+ setReuseCapacityOnReturn(conf.getReuseCapacityOnReturn());
+ setReuseCapacityOnMaintenance(conf.getReuseCapacityOnMaintenance());
}
/**
@@ -1662,6 +1789,34 @@
this.minIdlePerKey = minIdlePerKey;
}
+ /**
+ * Sets whether to call {@link #reuseCapacity()} during pool maintenance (eviction).
+ * When enabled, the pool will attempt to reuse capacity at the end of each
+ * eviction run.
+ *
+ * @param reuseCapacityOnMaintenance {@code true} to enable capacity reuse during
+ * maintenance, {@code false} to disable
+ * @see #getReuseCapacityOnMaintenance()
+ * @since 2.13.0
+ */
+ public void setReuseCapacityOnMaintenance(final boolean reuseCapacityOnMaintenance) {
+ this.reuseCapacityOnMaintenance = reuseCapacityOnMaintenance;
+ }
+
+ /**
+ * Sets whether to call {@link #reuseCapacity()} when returning objects to the pool.
+ * When enabled, the pool will check if there are threads waiting to borrow objects
+ * and attempt to reuse capacity (across pools) on return.
+ *
+ * @param reuseCapacityOnReturn {@code true} to enable capacity reuse on return,
+ * {@code false} to disable
+ * @see #getReuseCapacityOnReturn()
+ * @since 2.13.0
+ */
+ public void setReuseCapacityOnReturn(final boolean reuseCapacityOnReturn) {
+ this.reuseCapacityOnReturn = reuseCapacityOnReturn;
+ }
+
@Override
protected void toStringAppendFields(final StringBuilder builder) {
super.toStringAppendFields(builder);
@@ -1689,6 +1844,10 @@
builder.append(evictionKey);
builder.append(", abandonedConfig=");
builder.append(abandonedConfig);
+ builder.append(", reuseCapacityOnReturn=");
+ builder.append(reuseCapacityOnReturn);
+ builder.append(", reuseCapacityOnMaintenance=");
+ builder.append(reuseCapacityOnMaintenance);
}
/**
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/GenericKeyedObjectPoolConfig.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/GenericKeyedObjectPoolConfig.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/GenericKeyedObjectPoolConfig.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/GenericKeyedObjectPoolConfig.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -58,6 +58,22 @@
*/
public static final int DEFAULT_MAX_IDLE_PER_KEY = 8;
+ /**
+ * The default value for the {@code reuseCapacityOnReturn} configuration attribute: {@value}.
+ *
+ * @see GenericKeyedObjectPool#getReuseCapacityOnReturn()
+ * @since 2.13.0
+ */
+ public static final boolean DEFAULT_REUSE_CAPACITY_ON_RETURN = true;
+
+ /**
+ * The default value for the {@code reuseCapacityOnMaintenance} configuration attribute: {@value}.
+ *
+ * @see GenericKeyedObjectPool#getReuseCapacityOnMaintenance()
+ * @since 2.13.0
+ */
+ public static final boolean DEFAULT_REUSE_CAPACITY_ON_MAINTENANCE = false;
+
private int minIdlePerKey = DEFAULT_MIN_IDLE_PER_KEY;
private int maxIdlePerKey = DEFAULT_MAX_IDLE_PER_KEY;
@@ -66,6 +82,10 @@
private int maxTotal = DEFAULT_MAX_TOTAL;
+ private boolean reuseCapacityOnReturn = DEFAULT_REUSE_CAPACITY_ON_RETURN;
+
+ private boolean reuseCapacityOnMaintenance = DEFAULT_REUSE_CAPACITY_ON_MAINTENANCE;
+
/**
* Constructs a new configuration with default settings.
*/
@@ -135,6 +155,34 @@
}
/**
+ * Gets the value for the {@code reuseCapacityOnMaintenance} configuration attribute
+ * for pools created with this configuration instance.
+ *
+ * @return The current setting of {@code reuseCapacityOnMaintenance} for this
+ * configuration instance
+ *
+ * @see GenericKeyedObjectPool#getReuseCapacityOnMaintenance()
+ * @since 2.13.0
+ */
+ public boolean getReuseCapacityOnMaintenance() {
+ return reuseCapacityOnMaintenance;
+ }
+
+ /**
+ * Gets the value for the {@code reuseCapacityOnReturn} configuration attribute
+ * for pools created with this configuration instance.
+ *
+ * @return The current setting of {@code reuseCapacityOnReturn} for this
+ * configuration instance
+ *
+ * @see GenericKeyedObjectPool#getReuseCapacityOnReturn()
+ * @since 2.13.0
+ */
+ public boolean getReuseCapacityOnReturn() {
+ return reuseCapacityOnReturn;
+ }
+
+ /**
* Sets the value for the {@code maxIdlePerKey} configuration attribute for
* pools created with this configuration instance.
*
@@ -186,6 +234,34 @@
this.minIdlePerKey = minIdlePerKey;
}
+ /**
+ * Sets the value for the {@code reuseCapacityOnMaintenance} configuration attribute for
+ * pools created with this configuration instance.
+ *
+ * @param reuseCapacityOnMaintenance The new setting of {@code reuseCapacityOnMaintenance}
+ * for this configuration instance
+ *
+ * @see GenericKeyedObjectPool#setReuseCapacityOnMaintenance(boolean)
+ * @since 2.13.0
+ */
+ public void setReuseCapacityOnMaintenance(final boolean reuseCapacityOnMaintenance) {
+ this.reuseCapacityOnMaintenance = reuseCapacityOnMaintenance;
+ }
+
+ /**
+ * Sets the value for the {@code reuseCapacityOnReturn} configuration attribute for
+ * pools created with this configuration instance.
+ *
+ * @param reuseCapacityOnReturn The new setting of {@code reuseCapacityOnReturn}
+ * for this configuration instance
+ *
+ * @see GenericKeyedObjectPool#setReuseCapacityOnReturn(boolean)
+ * @since 2.13.0
+ */
+ public void setReuseCapacityOnReturn(final boolean reuseCapacityOnReturn) {
+ this.reuseCapacityOnReturn = reuseCapacityOnReturn;
+ }
+
@Override
protected void toStringAppendFields(final StringBuilder builder) {
super.toStringAppendFields(builder);
@@ -197,5 +273,9 @@
builder.append(maxTotalPerKey);
builder.append(", maxTotal=");
builder.append(maxTotal);
+ builder.append(", reuseCapacityOnReturn=");
+ builder.append(reuseCapacityOnReturn);
+ builder.append(", reuseCapacityOnMaintenance=");
+ builder.append(reuseCapacityOnMaintenance);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/GenericKeyedObjectPoolMXBean.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/GenericKeyedObjectPoolMXBean.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/GenericKeyedObjectPoolMXBean.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/GenericKeyedObjectPoolMXBean.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -82,13 +82,7 @@
// JMX specific attributes
private static final String ONAME_BASE =
- "org.apache.commons.pool2:type=GenericObjectPool,name=";
-
- private static void wait(final Object obj, final Duration duration) throws InterruptedException {
- if (!duration.isNegative()) {
- obj.wait(duration.toMillis(), duration.getNano() % 1_000_000);
- }
- }
+ "org.apache.commons.pool2:type=GenericObjectPool,name=";
private volatile String factoryType;
@@ -102,17 +96,17 @@
* All of the objects currently associated with this pool in any state. It
* excludes objects that have been destroyed. The size of
* {@link #allObjects} will always be less than or equal to {@link
- * #_maxActive}. Map keys are pooled objects, values are the PooledObject
+ * #getMaxTotal()}. Map keys are pooled objects, values are the PooledObject
* wrappers used internally by the pool.
*/
private final ConcurrentHashMap, PooledObject> allObjects = new ConcurrentHashMap<>();
/*
* The combined count of the currently created objects and those in the
- * process of being created. Under load, it may exceed {@link #_maxActive}
+ * process of being created. Under load, it may exceed {@link #getMaxTotal()}
* if multiple threads try and create a new object at the same time but
* {@link #create()} will ensure that there are never more than
- * {@link #_maxActive} objects created at any one time.
+ * {@link #getMaxTotal()} objects created at any one time.
*/
private final AtomicLong createCount = new AtomicLong();
@@ -188,7 +182,7 @@
* @throws Exception If the factory fails to passivate the object
*/
private void addIdleObject(final PooledObject p) throws Exception {
- if (!PooledObject.isNull(p)) {
+ if (PooledObject.nonNull(p)) {
factory.passivateObject(p);
if (getLifo()) {
idleObjects.addFirst(p);
@@ -199,10 +193,11 @@
}
/**
- * Creates an object, and place it into the pool. addObject() is useful for
+ * Creates an object, and places it into the pool. addObject() is useful for
* "pre-loading" a pool with idle objects.
*
- * If there is no capacity available to add to the pool, this is a no-op
+ * If there is no capacity available to add to the pool, or there are already
+ * {@link #getMaxIdle()} idle instances in the pool, this is a no-op
* (no exception, no impact to the pool).
*
*
@@ -217,11 +212,16 @@
if (factory == null) {
throw new IllegalStateException("Cannot add objects without a factory.");
}
- addIdleObject(create(getMaxWaitDuration()));
+ final int localMaxIdle = getMaxIdle();
+ final int localMaxTotal = getMaxTotal();
+ if ((localMaxIdle < 0 || getNumIdle() < localMaxIdle) &&
+ (localMaxTotal < 0 || createCount.get() < localMaxTotal)) {
+ addIdleObject(create(getMaxWaitDuration()));
+ }
}
/**
- * Equivalent to {@link #borrowObject(long)
+ * Equivalent to {@link #borrowObject(Duration)
* borrowObject}({@link #getMaxWaitDuration()}).
*
* {@inheritDoc}
@@ -246,8 +246,8 @@
*
* If there are no idle instances available in the pool, behavior depends on
* the {@link #getMaxTotal() maxTotal}, (if applicable)
- * {@link #getBlockWhenExhausted()} and the value passed in to the
- * {@code borrowMaxWaitMillis} parameter. If the number of instances
+ * {@link #getBlockWhenExhausted()} and the value passed in the
+ * {@code maxWaitDuration} parameter. If the number of instances
* checked out from the pool is less than {@code maxTotal,} a new
* instance is created, activated and (if applicable) validated and returned
* to the caller. If validation fails, a {@code NoSuchElementException}
@@ -261,8 +261,9 @@
* {@code NoSuchElementException} (if
* {@link #getBlockWhenExhausted()} is false). The length of time that this
* method will block when {@link #getBlockWhenExhausted()} is true is
- * determined by the value passed in to the {@code borrowMaxWaitMillis}
- * parameter.
+ * determined by the value passed in to the {@code maxWaitDuration}
+ * parameter. Passing a negative duration will cause this method to block
+ * indefinitely until an object becomes available.
*
*
* When the pool is exhausted, multiple calling threads may be
@@ -271,17 +272,17 @@
* available instances in request arrival order.
*
*
- * @param borrowMaxWaitDuration The time to wait for an object to become available, not null.
+ * @param maxWaitDuration The time to wait for an object to become available, not null.
* @return object instance from the pool
* @throws NoSuchElementException if an instance cannot be returned
* @throws Exception if an object instance cannot be returned due to an error
* @since 2.10.0
*/
- public T borrowObject(final Duration borrowMaxWaitDuration) throws Exception {
+ public T borrowObject(final Duration maxWaitDuration) throws Exception {
assertOpen();
final Instant startInstant = Instant.now();
- final boolean negativeDuration = borrowMaxWaitDuration.isNegative();
- Duration remainingWaitDuration = borrowMaxWaitDuration;
+ final boolean negativeDuration = maxWaitDuration.isNegative();
+ Duration remainingWaitDuration = maxWaitDuration;
final AbandonedConfig ac = this.abandonedConfig;
if (ac != null && ac.getRemoveAbandonedOnBorrow() && getNumIdle() < 2 && getNumActive() > getMaxTotal() - 3) {
removeAbandoned(ac);
@@ -292,22 +293,22 @@
final boolean blockWhenExhausted = getBlockWhenExhausted();
boolean create;
while (p == null) {
- remainingWaitDuration = remainingWaitDuration.minus(durationSince(startInstant));
+ remainingWaitDuration = maxWaitDuration.minus(durationSince(startInstant));
create = false;
p = idleObjects.pollFirst();
if (p == null) {
p = create(remainingWaitDuration);
- if (!PooledObject.isNull(p)) {
+ if (PooledObject.nonNull(p)) {
create = true;
}
}
if (blockWhenExhausted) {
if (PooledObject.isNull(p)) {
+ remainingWaitDuration = maxWaitDuration.minus(durationSince(startInstant));
p = negativeDuration ? idleObjects.takeFirst() : idleObjects.pollFirst(remainingWaitDuration);
}
if (PooledObject.isNull(p)) {
- throw new NoSuchElementException(appendStats(
- "Timeout waiting for idle object, borrowMaxWaitDuration=" + remainingWaitDuration));
+ throw new NoSuchElementException(appendStats("Timeout waiting for idle object, maxWaitDuration=" + remainingWaitDuration));
}
} else if (PooledObject.isNull(p)) {
throw new NoSuchElementException(appendStats("Pool exhausted"));
@@ -326,8 +327,7 @@
}
p = null;
if (create) {
- final NoSuchElementException nsee = new NoSuchElementException(
- appendStats("Unable to activate object"));
+ final NoSuchElementException nsee = new NoSuchElementException(appendStats("Unable to activate object"));
nsee.initCause(e);
throw nsee;
}
@@ -350,8 +350,7 @@
}
p = null;
if (create) {
- final NoSuchElementException nsee = new NoSuchElementException(
- appendStats("Unable to validate object"));
+ final NoSuchElementException nsee = new NoSuchElementException(appendStats("Unable to validate object"));
nsee.initCause(validationThrowable);
throw nsee;
}
@@ -363,10 +362,6 @@
return p.getObject();
}
- private Duration durationSince(final Instant startInstant) {
- return Duration.between(startInstant, Instant.now());
- }
-
/**
* Borrows an object from the pool using the specific waiting time which only
* applies if {@link #getBlockWhenExhausted()} is true.
@@ -383,7 +378,7 @@
* If there are no idle instances available in the pool, behavior depends on
* the {@link #getMaxTotal() maxTotal}, (if applicable)
* {@link #getBlockWhenExhausted()} and the value passed in to the
- * {@code borrowMaxWaitMillis} parameter. If the number of instances
+ * {@code maxWaitMillis} parameter. If the number of instances
* checked out from the pool is less than {@code maxTotal,} a new
* instance is created, activated and (if applicable) validated and returned
* to the caller. If validation fails, a {@code NoSuchElementException}
@@ -397,8 +392,9 @@
* {@code NoSuchElementException} (if
* {@link #getBlockWhenExhausted()} is false). The length of time that this
* method will block when {@link #getBlockWhenExhausted()} is true is
- * determined by the value passed in to the {@code borrowMaxWaitMillis}
- * parameter.
+ * determined by the value passed in to the {@code maxWaitMillis}
+ * parameter. Passing a negative duration will cause this method to block
+ * indefinitely until an object becomes available.
*
*
* When the pool is exhausted, multiple calling threads may be
@@ -407,15 +403,17 @@
* available instances in request arrival order.
*
*
- * @param borrowMaxWaitMillis The time to wait in milliseconds for an object
+ * @param maxWaitMillis The time to wait in milliseconds for an object
* to become available
* @return object instance from the pool
* @throws NoSuchElementException if an instance cannot be returned
* @throws Exception if an object instance cannot be returned due to an
* error
+ * @deprecated Use {@link #borrowObject(Duration)}.
*/
- public T borrowObject(final long borrowMaxWaitMillis) throws Exception {
- return borrowObject(Duration.ofMillis(borrowMaxWaitMillis));
+ @Deprecated
+ public T borrowObject(final long maxWaitMillis) throws Exception {
+ return borrowObject(Duration.ofMillis(maxWaitMillis));
}
/**
@@ -481,7 +479,7 @@
jmxUnregister();
// Release any threads that were waiting for an object
- idleObjects.interuptTakeWaiters();
+ idleObjects.interruptTakeWaiters();
}
}
@@ -495,13 +493,13 @@
* If the factory makeObject returns null, this method throws a NullPointerException.
*
*
- * @param maxWaitDuration The time to wait for an object to become available.
+ * @param maxWaitDurationRequest The time to wait for capacity to create.
* @return The new wrapped pooled object or null.
- * @throws Exception if the object factory's {@code makeObject} fails
+ * @throws Exception if the object factory's {@code makeObject} fails.
*/
- private PooledObject create(final Duration maxWaitDuration) throws Exception {
+ private PooledObject create(final Duration maxWaitDurationRequest) throws Exception {
final Instant startInstant = Instant.now();
- Duration remainingWaitDuration = maxWaitDuration.isNegative() ? Duration.ZERO : maxWaitDuration;
+ final Duration maxWaitDuration = maxWaitDurationRequest.isNegative() ? Duration.ZERO : maxWaitDurationRequest;
int localMaxTotal = getMaxTotal();
// This simplifies the code later in this method
if (localMaxTotal < 0) {
@@ -516,7 +514,7 @@
Boolean create = null;
while (create == null) {
// remainingWaitDuration handles spurious wakeup from wait().
- remainingWaitDuration = remainingWaitDuration.minus(durationSince(startInstant));
+ final Duration remainingWaitDuration = maxWaitDuration.minus(durationSince(startInstant));
synchronized (makeObjectCountLock) {
final long newCreateCount = createCount.incrementAndGet();
if (newCreateCount > localMaxTotal) {
@@ -580,7 +578,7 @@
}
createdCount.incrementAndGet();
- allObjects.put(new IdentityWrapper<>(p.getObject()), p);
+ allObjects.put(IdentityWrapper.unwrap(p), p);
return p;
}
@@ -595,7 +593,7 @@
private void destroy(final PooledObject toDestroy, final DestroyMode destroyMode) throws Exception {
toDestroy.invalidate();
idleObjects.remove(toDestroy);
- allObjects.remove(new IdentityWrapper<>(toDestroy.getObject()));
+ allObjects.remove(IdentityWrapper.unwrap(toDestroy));
try {
factory.destroyObject(toDestroy, destroyMode);
} finally {
@@ -604,6 +602,7 @@
}
}
+
/**
* Tries to ensure that {@code idleCount} idle instances exist in the pool.
*
@@ -760,8 +759,6 @@
}
}
underTest.endEvictionTest(idleObjects);
- // TODO - May need to add code here once additional
- // states are used
}
}
}
@@ -917,7 +914,8 @@
* {@inheritDoc}
*
* Activation of this method decrements the active count and attempts to destroy the instance, using the provided
- * {@link DestroyMode}.
+ * {@link DestroyMode}. To ensure liveness of the pool, {@link #addObject()} is called to replace the invalidated
+ * instance.
*
*
* @throws Exception if an exception occurs destroying the object
@@ -938,7 +936,9 @@
destroy(p, destroyMode);
}
}
- ensureIdle(1, false);
+ if (!isClosed()) {
+ addObject();
+ }
}
/**
@@ -957,11 +957,12 @@
public Set listAllObjects() {
return allObjects.values().stream().map(DefaultPooledObjectInfo::new).collect(Collectors.toSet());
}
+
/**
* Tries to ensure that {@link #getMinIdle()} idle instances are available
* in the pool.
*
- * @throws Exception If the associated factory throws an exception
+ * @throws Exception If the associated factory throws an exception.
* @since 2.4
*/
public void preparePool() throws Exception {
@@ -973,7 +974,10 @@
/**
* Recovers abandoned objects which have been checked out but
- * not used since longer than the removeAbandonedTimeout.
+ * not used since longer than the removeAbandonedTimeout. For each object
+ * deemed abandoned, {@link #invalidateObject(Object)} is called. This
+ * results in the object being destroyed and then {@link #addObject()} is
+ * called to try to replace it.
*
* @param abandonedConfig The configuration to use to identify abandoned objects
*/
@@ -1021,75 +1025,76 @@
}
return; // Object was abandoned and removed
}
+ synchronized (p) {
+ markReturningState(p);
- markReturningState(p);
-
- final Duration activeTime = p.getActiveDuration();
+ final Duration activeTime = p.getActiveDuration();
- if (getTestOnReturn() && !factory.validateObject(p)) {
- try {
- destroy(p, DestroyMode.NORMAL);
- } catch (final Exception e) {
- swallowException(e);
- }
- try {
- ensureIdle(1, false);
- } catch (final Exception e) {
- swallowException(e);
+ if (getTestOnReturn() && !factory.validateObject(p)) {
+ try {
+ destroy(p, DestroyMode.NORMAL);
+ } catch (final Exception e) {
+ swallowException(e);
+ }
+ try {
+ ensureIdle(1, false);
+ } catch (final Exception e) {
+ swallowException(e);
+ }
+ updateStatsReturn(activeTime);
+ return;
}
- updateStatsReturn(activeTime);
- return;
- }
- try {
- factory.passivateObject(p);
- } catch (final Exception e1) {
- swallowException(e1);
try {
- destroy(p, DestroyMode.NORMAL);
- } catch (final Exception e) {
- swallowException(e);
- }
- try {
- ensureIdle(1, false);
- } catch (final Exception e) {
- swallowException(e);
+ factory.passivateObject(p);
+ } catch (final Exception e1) {
+ swallowException(e1);
+ try {
+ destroy(p, DestroyMode.NORMAL);
+ } catch (final Exception e) {
+ swallowException(e);
+ }
+ try {
+ ensureIdle(1, false);
+ } catch (final Exception e) {
+ swallowException(e);
+ }
+ updateStatsReturn(activeTime);
+ return;
}
- updateStatsReturn(activeTime);
- return;
- }
- if (!p.deallocate()) {
- throw new IllegalStateException(
- "Object has already been returned to this pool or is invalid");
- }
-
- final int maxIdleSave = getMaxIdle();
- if (isClosed() || maxIdleSave > -1 && maxIdleSave <= idleObjects.size()) {
- try {
- destroy(p, DestroyMode.NORMAL);
- } catch (final Exception e) {
- swallowException(e);
- }
- try {
- ensureIdle(1, false);
- } catch (final Exception e) {
- swallowException(e);
+ if (!p.deallocate()) {
+ throw new IllegalStateException(
+ "Object has already been returned to this pool or is invalid");
}
- } else {
- if (getLifo()) {
- idleObjects.addFirst(p);
+
+ final int maxIdleSave = getMaxIdle();
+ if (isClosed() || maxIdleSave > -1 && maxIdleSave <= idleObjects.size()) {
+ try {
+ destroy(p, DestroyMode.NORMAL);
+ } catch (final Exception e) {
+ swallowException(e);
+ }
+ try {
+ ensureIdle(1, false);
+ } catch (final Exception e) {
+ swallowException(e);
+ }
} else {
- idleObjects.addLast(p);
- }
- if (isClosed()) {
- // Pool closed while object was being added to idle objects.
- // Make sure the returned object is destroyed rather than left
- // in the idle object pool (which would effectively be a leak)
- clear();
+ if (getLifo()) {
+ idleObjects.addFirst(p);
+ } else {
+ idleObjects.addLast(p);
+ }
+ if (isClosed()) {
+ // Pool closed while object was being added to idle objects.
+ // Make sure the returned object is destroyed rather than left
+ // in the idle object pool (which would effectively be a leak)
+ clear();
+ }
}
+ updateStatsReturn(activeTime);
}
- updateStatsReturn(activeTime);
}
/**
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPoolConfig.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPoolConfig.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPoolConfig.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPoolConfig.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -57,6 +57,13 @@
private int minIdle = DEFAULT_MIN_IDLE;
+ /**
+ * Constructs a new instance.
+ */
+ public GenericObjectPoolConfig() {
+ // empty
+ }
+
@SuppressWarnings("unchecked")
@Override
public GenericObjectPoolConfig clone() {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPoolMXBean.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPoolMXBean.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPoolMXBean.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPoolMXBean.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/InterruptibleReentrantLock.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/InterruptibleReentrantLock.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/InterruptibleReentrantLock.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/InterruptibleReentrantLock.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -37,18 +37,18 @@
* Constructs a new InterruptibleReentrantLock with the given fairness policy.
*
* @param fairness true means threads should acquire contended locks as if
- * waiting in a FIFO queue
+ * waiting in a FIFO queue.
*/
InterruptibleReentrantLock(final boolean fairness) {
super(fairness);
}
/**
- * Interrupts the threads that are waiting on a specific condition
+ * Interrupts the threads that are waiting on a specific condition.
*
* @param condition the condition on which the threads are waiting.
*/
- public void interruptWaiters(final Condition condition) {
+ void interruptWaiters(final Condition condition) {
getWaitingThreads(condition).forEach(Thread::interrupt);
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/LinkedBlockingDeque.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/LinkedBlockingDeque.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/LinkedBlockingDeque.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/LinkedBlockingDeque.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -22,10 +22,10 @@
import java.time.Duration;
import java.util.AbstractQueue;
import java.util.Collection;
-import java.util.Deque;
import java.util.Iterator;
import java.util.NoSuchElementException;
import java.util.Objects;
+import java.util.concurrent.BlockingDeque;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.Condition;
@@ -66,7 +66,7 @@
* @since 2.0
*/
final class LinkedBlockingDeque extends AbstractQueue
- implements Deque, Serializable {
+ implements BlockingDeque, Serializable {
/*
* Implemented as a simple doubly-linked list protected by a
@@ -101,7 +101,7 @@
/**
* The next node to return in next()
*/
- Node next;
+ Node next;
/**
* nextItem holds on to item fields because once we claim that
@@ -223,18 +223,26 @@
/** Descending iterator */
private final class DescendingItr extends AbstractItr {
@Override
- Node firstNode() { return last; }
+ Node firstNode() {
+ return last;
+ }
@Override
- Node nextNode(final Node n) { return n.prev; }
+ Node nextNode(final Node n) {
+ return n.prev;
+ }
}
/** Forward iterator */
private final class Itr extends AbstractItr {
@Override
- Node firstNode() { return first; }
+ Node firstNode() {
+ return first;
+ }
@Override
- Node nextNode(final Node n) { return n.next; }
+ Node nextNode(final Node n) {
+ return n.next;
}
+ }
/**
* Doubly-linked list node class.
@@ -471,6 +479,7 @@
* @throws NullPointerException if c is null
* @throws IllegalArgumentException if c is this instance
*/
+ @Override
public int drainTo(final Collection c) {
return drainTo(c, Integer.MAX_VALUE);
}
@@ -490,6 +499,7 @@
* @throws NullPointerException if c is null
* @throws IllegalArgumentException if c is this instance
*/
+ @Override
public int drainTo(final Collection collection, final int maxElements) {
Objects.requireNonNull(collection, "collection");
if (collection == this) {
@@ -547,10 +557,10 @@
*
* @return number of threads waiting on this deque's notEmpty condition.
*/
- public int getTakeQueueLength() {
+ int getTakeQueueLength() {
lock.lock();
try {
- return lock.getWaitQueueLength(notEmpty);
+ return lock.getWaitQueueLength(notEmpty);
} finally {
lock.unlock();
}
@@ -562,7 +572,7 @@
*
* @return true if there is at least one thread waiting on this deque's notEmpty condition.
*/
- public boolean hasTakeWaiters() {
+ boolean hasTakeWaiters() {
lock.lock();
try {
return lock.hasWaiters(notEmpty);
@@ -575,7 +585,7 @@
* Interrupts the threads currently waiting to take an object from the pool. See disclaimer on accuracy in
* {@link java.util.concurrent.locks.ReentrantLock#getWaitingThreads(Condition)}.
*/
- public void interuptTakeWaiters() {
+ void interruptTakeWaiters() {
lock.lock();
try {
lock.interruptWaiters(notEmpty);
@@ -685,6 +695,7 @@
* @throws InterruptedException if the thread is interrupted whilst waiting
* for space
*/
+ @Override
public boolean offer(final E e, final long timeout, final TimeUnit unit) throws InterruptedException {
return offerLast(e, timeout, unit);
}
@@ -711,7 +722,7 @@
* @throws InterruptedException if the thread is interrupted whilst waiting
* for space
*/
- public boolean offerFirst(final E e, final Duration timeout) throws InterruptedException {
+ boolean offerFirst(final E e, final Duration timeout) throws InterruptedException {
Objects.requireNonNull(e, "e");
long nanos = timeout.toNanos();
lock.lockInterruptibly();
@@ -740,6 +751,7 @@
* @throws InterruptedException if the thread is interrupted whilst waiting
* for space
*/
+ @Override
public boolean offerFirst(final E e, final long timeout, final TimeUnit unit) throws InterruptedException {
return offerFirst(e, PoolImplUtils.toDuration(timeout, unit));
}
@@ -795,6 +807,7 @@
* @throws InterruptedException if the thread is interrupted whist waiting
* for space
*/
+ @Override
public boolean offerLast(final E e, final long timeout, final TimeUnit unit) throws InterruptedException {
return offerLast(e, PoolImplUtils.toDuration(timeout, unit));
}
@@ -856,6 +869,7 @@
* @return the unlinked element
* @throws InterruptedException if the current thread is interrupted
*/
+ @Override
public E poll(final long timeout, final TimeUnit unit) throws InterruptedException {
return pollFirst(timeout, unit);
}
@@ -904,6 +918,7 @@
* @return the unlinked element
* @throws InterruptedException if the current thread is interrupted
*/
+ @Override
public E pollFirst(final long timeout, final TimeUnit unit) throws InterruptedException {
return pollFirst(PoolImplUtils.toDuration(timeout, unit));
}
@@ -926,7 +941,7 @@
* @return the unlinked element
* @throws InterruptedException if the current thread is interrupted
*/
- public E pollLast(final Duration timeout)
+ E pollLast(final Duration timeout)
throws InterruptedException {
long nanos = timeout.toNanos();
lock.lockInterruptibly();
@@ -953,6 +968,7 @@
* @return the unlinked element
* @throws InterruptedException if the current thread is interrupted
*/
+ @Override
public E pollLast(final long timeout, final TimeUnit unit)
throws InterruptedException {
return pollLast(PoolImplUtils.toDuration(timeout, unit));
@@ -981,6 +997,7 @@
* @throws InterruptedException if the thread is interrupted whilst waiting
* for space
*/
+ @Override
public void put(final E e) throws InterruptedException {
putLast(e);
}
@@ -994,6 +1011,7 @@
* @throws InterruptedException if the thread is interrupted whilst waiting
* for space
*/
+ @Override
public void putFirst(final E e) throws InterruptedException {
Objects.requireNonNull(e, "e");
lock.lock();
@@ -1015,6 +1033,7 @@
* @throws InterruptedException if the thread is interrupted whilst waiting
* for space
*/
+ @Override
public void putLast(final E e) throws InterruptedException {
Objects.requireNonNull(e, "e");
lock.lock();
@@ -1030,12 +1049,11 @@
// Stack methods
/**
- * Reconstitutes this deque from a stream (that is,
- * deserialize it).
+ * Reconstitutes this deque from a stream (that is, deserialize it).
+ *
* @param s the stream
*/
- private void readObject(final ObjectInputStream s)
- throws IOException, ClassNotFoundException {
+ private void readObject(final ObjectInputStream s) throws IOException, ClassNotFoundException {
s.defaultReadObject();
count = 0;
first = null;
@@ -1043,7 +1061,7 @@
// Read in all elements and place in queue
for (;;) {
@SuppressWarnings("unchecked")
- final E item = (E)s.readObject();
+ final E item = (E) s.readObject();
if (item == null) {
break;
}
@@ -1066,6 +1084,7 @@
*
* @return The number of additional elements the queue is able to accept
*/
+ @Override
public int remainingCapacity() {
lock.lock();
try {
@@ -1238,6 +1257,7 @@
* @return the unlinked element
* @throws InterruptedException if the current thread is interrupted
*/
+ @Override
public E take() throws InterruptedException {
return takeFirst();
}
@@ -1249,6 +1269,7 @@
* @return the unlinked element
* @throws InterruptedException if the current thread is interrupted
*/
+ @Override
public E takeFirst() throws InterruptedException {
lock.lock();
try {
@@ -1269,6 +1290,7 @@
* @return the unlinked element
* @throws InterruptedException if the current thread is interrupted
*/
+ @Override
public E takeLast() throws InterruptedException {
lock.lock();
try {
@@ -1319,12 +1341,11 @@
lock.lock();
try {
if (a.length < count) {
- a = (T[])java.lang.reflect.Array.newInstance
- (a.getClass().getComponentType(), count);
+ a = (T[]) java.lang.reflect.Array.newInstance(a.getClass().getComponentType(), count);
}
int k = 0;
for (Node p = first; p != null; p = p.next) {
- a[k++] = (T)p.item;
+ a[k++] = (T) p.item;
}
if (a.length > k) {
a[k] = null;
@@ -1362,9 +1383,8 @@
p.next = n;
n.prev = p;
x.item = null;
- // Don't mess with x's links. They may still be in use by
- // an iterator.
- --count;
+ // Don't mess with x's links. They may still be in use by an iterator.
+ --count;
notFull.signal();
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/NoOpCallStack.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/NoOpCallStack.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/NoOpCallStack.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/NoOpCallStack.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -27,7 +27,7 @@
public class NoOpCallStack implements CallStack {
/**
- * Singleton instance.
+ * The singleton instance.
*/
public static final CallStack INSTANCE = new NoOpCallStack();
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -197,22 +197,22 @@
static ChronoUnit toChronoUnit(final TimeUnit timeUnit) {
// TODO when using Java >= 9: Use TimeUnit.toChronoUnit().
switch (Objects.requireNonNull(timeUnit)) {
- case NANOSECONDS:
- return ChronoUnit.NANOS;
- case MICROSECONDS:
- return ChronoUnit.MICROS;
- case MILLISECONDS:
- return ChronoUnit.MILLIS;
- case SECONDS:
- return ChronoUnit.SECONDS;
- case MINUTES:
- return ChronoUnit.MINUTES;
- case HOURS:
- return ChronoUnit.HOURS;
- case DAYS:
- return ChronoUnit.DAYS;
- default:
- throw new IllegalArgumentException(timeUnit.toString());
+ case NANOSECONDS:
+ return ChronoUnit.NANOS;
+ case MICROSECONDS:
+ return ChronoUnit.MICROS;
+ case MILLISECONDS:
+ return ChronoUnit.MILLIS;
+ case SECONDS:
+ return ChronoUnit.SECONDS;
+ case MINUTES:
+ return ChronoUnit.MINUTES;
+ case HOURS:
+ return ChronoUnit.HOURS;
+ case DAYS:
+ return ChronoUnit.DAYS;
+ default:
+ throw new IllegalArgumentException(timeUnit.toString());
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/PooledSoftReference.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/PooledSoftReference.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/PooledSoftReference.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/PooledSoftReference.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -23,6 +23,7 @@
import java.util.Iterator;
import java.util.NoSuchElementException;
import java.util.Optional;
+import java.util.concurrent.BlockingDeque;
import org.apache.tomcat.dbcp.pool2.BaseObjectPool;
import org.apache.tomcat.dbcp.pool2.ObjectPool;
@@ -62,12 +63,11 @@
private long createCount; // @GuardedBy("this")
/** Idle references - waiting to be borrowed */
- private final LinkedBlockingDeque> idleReferences =
- new LinkedBlockingDeque<>();
+ private final BlockingDeque> idleReferences = new LinkedBlockingDeque<>();
/** All references - checked out or waiting to be borrowed. */
private final ArrayList> allReferences =
- new ArrayList<>();
+ new ArrayList<>();
/**
* Constructs a {@code SoftReferenceObjectPool} with the specified factory.
@@ -262,7 +262,7 @@
}
/**
- * Destroys a {@code PooledSoftReference} and removes it from the idle and all
+ * Destroys a {@link PooledSoftReference} and removes it from the idle and all
* references pools.
*
* @param toDestroy PooledSoftReference to destroy
@@ -329,7 +329,7 @@
final PooledSoftReference ref = findReference(obj);
if (ref == null) {
throw new IllegalStateException(
- "Object to invalidate is not currently part of this pool");
+ "Object to invalidate is not currently part of this pool");
}
if (factory != null) {
destroy(ref);
@@ -392,7 +392,7 @@
final PooledSoftReference ref = findReference(obj);
if (ref == null) {
throw new IllegalStateException(
- "Returned object not currently part of this pool");
+ "Returned object not currently part of this pool");
}
if (factory != null) {
if (!factory.validateObject(ref)) {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/ThrowableCallStack.java tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/ThrowableCallStack.java
--- tomcat10-10.1.40/java/org/apache/tomcat/dbcp/pool2/impl/ThrowableCallStack.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/dbcp/pool2/impl/ThrowableCallStack.java 2026-01-23 19:33:36.000000000 +0000
@@ -6,7 +6,7 @@
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -42,7 +42,7 @@
/**
* Constructs a new instance with its message set to the now instant.
*/
- Snapshot() {
+ private Snapshot() {
this(Instant.now());
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/jni/AprStatus.java tomcat10-10.1.52/java/org/apache/tomcat/jni/AprStatus.java
--- tomcat10-10.1.40/java/org/apache/tomcat/jni/AprStatus.java 1970-01-01 00:00:00.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/jni/AprStatus.java 2026-01-23 19:33:36.000000000 +0000
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.jni;
+
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+
+/**
+ * Holds APR status without the need to load other classes.
+ */
+public class AprStatus {
+ private static volatile boolean aprInitialized = false;
+ private static volatile boolean aprAvailable = false;
+ private static volatile boolean useOpenSSL = true;
+ private static volatile boolean instanceCreated = false;
+ private static volatile int openSSLVersion = 0;
+ private static ReentrantReadWriteLock statusLock = new ReentrantReadWriteLock();
+
+ public static boolean isAprInitialized() {
+ return aprInitialized;
+ }
+
+ public static boolean isAprAvailable() {
+ return aprAvailable;
+ }
+
+ public static boolean getUseOpenSSL() {
+ return useOpenSSL;
+ }
+
+ public static boolean isInstanceCreated() {
+ return instanceCreated;
+ }
+
+ public static void setAprInitialized(boolean aprInitialized) {
+ AprStatus.aprInitialized = aprInitialized;
+ }
+
+ public static void setAprAvailable(boolean aprAvailable) {
+ AprStatus.aprAvailable = aprAvailable;
+ }
+
+ public static void setUseOpenSSL(boolean useOpenSSL) {
+ AprStatus.useOpenSSL = useOpenSSL;
+ }
+
+ public static void setInstanceCreated(boolean instanceCreated) {
+ AprStatus.instanceCreated = instanceCreated;
+ }
+
+ /**
+ * @return the openSSLVersion
+ */
+ public static int getOpenSSLVersion() {
+ return openSSLVersion;
+ }
+
+ /**
+ * @param openSSLVersion the openSSLVersion to set
+ */
+ public static void setOpenSSLVersion(int openSSLVersion) {
+ AprStatus.openSSLVersion = openSSLVersion;
+ }
+
+ /**
+ * Code that changes the status of the APR library MUST hold the write lock while making any changes.
+ *
+ * Code that needs the status to be consistent for an operation must hold the read lock for the duration of that
+ * operation.
+ *
+ * @return The read/write lock for APR library status
+ */
+ public static ReentrantReadWriteLock getStatusLock() {
+ return statusLock;
+ }
+}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/jni/Buffer.java tomcat10-10.1.52/java/org/apache/tomcat/jni/Buffer.java
--- tomcat10-10.1.40/java/org/apache/tomcat/jni/Buffer.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/jni/Buffer.java 2026-01-23 19:33:36.000000000 +0000
@@ -19,8 +19,7 @@
import java.nio.ByteBuffer;
/**
- * Provides utilities related to the use of directly allocated
- * {@link ByteBuffer} instances with native code.
+ * Provides utilities related to the use of directly allocated {@link ByteBuffer} instances with native code.
*/
public class Buffer {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/jni/CertificateVerifier.java tomcat10-10.1.52/java/org/apache/tomcat/jni/CertificateVerifier.java
--- tomcat10-10.1.40/java/org/apache/tomcat/jni/CertificateVerifier.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/jni/CertificateVerifier.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,13 +22,14 @@
public interface CertificateVerifier {
/**
- * Returns {@code true} if the passed in certificate chain could be verified and so the handshake
- * should be successful, {@code false} otherwise.
+ * Returns {@code true} if the passed in certificate chain could be verified and so the handshake should be
+ * successful, {@code false} otherwise.
*
- * @param ssl the SSL instance
- * @param x509 the {@code X509} certificate chain
- * @param authAlgorithm the auth algorithm
- * @return verified {@code true} if verified successful, {@code false} otherwise
+ * @param ssl the SSL instance
+ * @param x509 the {@code X509} certificate chain
+ * @param authAlgorithm the auth algorithm
+ *
+ * @return verified {@code true} if verified successful, {@code false} otherwise
*/
boolean verify(long ssl, byte[][] x509, String authAlgorithm);
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/jni/FileInfo.java tomcat10-10.1.52/java/org/apache/tomcat/jni/FileInfo.java
--- tomcat10-10.1.40/java/org/apache/tomcat/jni/FileInfo.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/jni/FileInfo.java 2026-01-23 19:33:36.000000000 +0000
@@ -17,10 +17,9 @@
package org.apache.tomcat.jni;
/**
- * Tomcat Native 1.2.33 and earlier won't initialise unless this class is
- * present. This dummy class ensures initialisation gets as far as being able to
- * check the version of the Tomcat Native library and reporting a version error
- * if 1.2.33 or earlier is present.
+ * Tomcat Native 1.2.33 and earlier won't initialise unless this class is present. This dummy class ensures
+ * initialisation gets as far as being able to check the version of the Tomcat Native library and reporting a version
+ * error if 1.2.33 or earlier is present.
*/
public class FileInfo {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/jni/Library.java tomcat10-10.1.52/java/org/apache/tomcat/jni/Library.java
--- tomcat10-10.1.40/java/org/apache/tomcat/jni/Library.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/jni/Library.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,7 +21,7 @@
public final class Library {
/* Default library names - use 2.x in preference to 1.x if both are available */
- private static final String [] NAMES = {"tcnative-2", "libtcnative-2", "tcnative-1", "libtcnative-1"};
+ private static final String[] NAMES = { "tcnative-2", "libtcnative-2", "tcnative-1", "libtcnative-1" };
/* System property used to define CATALINA_HOME */
private static final String CATALINA_HOME_PROP = "catalina.home";
/*
@@ -56,7 +56,7 @@
}
if (!loaded) {
String path = System.getProperty("java.library.path");
- String [] paths = path.split(File.pathSeparator);
+ String[] paths = path.split(File.pathSeparator);
for (String value : NAMES) {
try {
System.loadLibrary(value);
@@ -88,12 +88,11 @@
names.append(name);
names.append(", ");
}
- throw new LibraryNotFoundError(names.substring(0, names.length() -2), err.toString());
+ throw new LibraryNotFoundError(names.substring(0, names.length() - 2), err.toString());
}
}
- private Library(String libraryName)
- {
+ private Library(String libraryName) {
System.loadLibrary(libraryName);
}
@@ -101,43 +100,45 @@
* Create Tomcat Native's global APR pool. This has to be the first call to TCN library.
*/
private static native boolean initialize();
+
/**
* Destroys Tomcat Native's global APR pool. This has to be the last call to TCN library. This will destroy any APR
* root pools that have not been explicitly destroyed.
*/
public static native void terminate();
+
/* Internal function for loading APR Features */
private static native int version(int what);
/* TCN_MAJOR_VERSION */
- public static int TCN_MAJOR_VERSION = 0;
+ public static int TCN_MAJOR_VERSION = 0;
/* TCN_MINOR_VERSION */
- public static int TCN_MINOR_VERSION = 0;
+ public static int TCN_MINOR_VERSION = 0;
/* TCN_PATCH_VERSION */
- public static int TCN_PATCH_VERSION = 0;
+ public static int TCN_PATCH_VERSION = 0;
/* TCN_IS_DEV_VERSION */
public static int TCN_IS_DEV_VERSION = 0;
/* APR_MAJOR_VERSION */
- public static int APR_MAJOR_VERSION = 0;
+ public static int APR_MAJOR_VERSION = 0;
/* APR_MINOR_VERSION */
- public static int APR_MINOR_VERSION = 0;
+ public static int APR_MINOR_VERSION = 0;
/* APR_PATCH_VERSION */
- public static int APR_PATCH_VERSION = 0;
+ public static int APR_PATCH_VERSION = 0;
/* APR_IS_DEV_VERSION */
public static int APR_IS_DEV_VERSION = 0;
/* TCN_VERSION_STRING */
public static native String versionString();
+
/* APR_VERSION_STRING */
public static native String aprVersionString();
/**
- * Setup any APR internal data structures. This MUST be the first function
- * called for any APR library.
+ * Setup any APR internal data structures. This MUST be the first function called for any APR library.
+ *
* @param libraryName the name of the library to load
*
- * @return {@code true} if the native code was initialized successfully
- * otherwise {@code false}
+ * @return {@code true} if the native code was initialized successfully otherwise {@code false}
*
* @throws Exception if a problem occurred during initialization
*/
@@ -148,18 +149,17 @@
} else {
_instance = new Library(libraryName);
}
- TCN_MAJOR_VERSION = version(0x01);
- TCN_MINOR_VERSION = version(0x02);
- TCN_PATCH_VERSION = version(0x03);
+ TCN_MAJOR_VERSION = version(0x01);
+ TCN_MINOR_VERSION = version(0x02);
+ TCN_PATCH_VERSION = version(0x03);
TCN_IS_DEV_VERSION = version(0x04);
- APR_MAJOR_VERSION = version(0x11);
- APR_MINOR_VERSION = version(0x12);
- APR_PATCH_VERSION = version(0x13);
+ APR_MAJOR_VERSION = version(0x11);
+ APR_MINOR_VERSION = version(0x12);
+ APR_PATCH_VERSION = version(0x13);
APR_IS_DEV_VERSION = version(0x14);
if (APR_MAJOR_VERSION < 1) {
- throw new UnsatisfiedLinkError("Unsupported APR Version (" +
- aprVersionString() + ")");
+ throw new UnsatisfiedLinkError("Unsupported APR Version (" + aprVersionString() + ")");
}
}
return initialize();
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/jni/LibraryNotFoundError.java tomcat10-10.1.52/java/org/apache/tomcat/jni/LibraryNotFoundError.java
--- tomcat10-10.1.40/java/org/apache/tomcat/jni/LibraryNotFoundError.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/jni/LibraryNotFoundError.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,17 +23,15 @@
private final String libraryNames;
/**
- * @param libraryNames A list of the file names of the native libraries that
- * failed to load
- * @param errors A list of the error messages received when trying to load
- * each of the libraries
+ * @param libraryNames A list of the file names of the native libraries that failed to load
+ * @param errors A list of the error messages received when trying to load each of the libraries
*/
- public LibraryNotFoundError(String libraryNames, String errors){
+ public LibraryNotFoundError(String libraryNames, String errors) {
super(errors);
this.libraryNames = libraryNames;
}
- public String getLibraryNames(){
+ public String getLibraryNames() {
return libraryNames;
}
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/jni/Pool.java tomcat10-10.1.52/java/org/apache/tomcat/jni/Pool.java
--- tomcat10-10.1.40/java/org/apache/tomcat/jni/Pool.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/jni/Pool.java 2026-01-23 19:33:36.000000000 +0000
@@ -17,26 +17,23 @@
package org.apache.tomcat.jni;
/**
- * Provides access to APR memory pools which are used to manage memory
- * allocations for natively created instances.
+ * Provides access to APR memory pools which are used to manage memory allocations for natively created instances.
*/
public class Pool {
/**
* Create a new pool.
*
- * @param parent The parent pool. If this is 0, the new pool is a root pool.
- * If it is non-zero, the new pool will inherit all of its
- * parent pool's attributes, except the apr_pool_t will be a
- * sub-pool.
+ * @param parent The parent pool. If this is 0, the new pool is a root pool. If it is non-zero, the new pool will
+ * inherit all of its parent pool's attributes, except the apr_pool_t will be a sub-pool.
*
* @return The pool we have just created.
- */
+ */
public static native long create(long parent);
/**
- * Destroy the pool. This takes similar action as apr_pool_clear() and then
- * frees all the memory. This will actually free the memory.
+ * Destroy the pool. This takes similar action as apr_pool_clear() and then frees all the memory. This will actually
+ * free the memory.
*
* @param pool The pool to destroy
*/
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/jni/SSL.java tomcat10-10.1.52/java/org/apache/tomcat/jni/SSL.java
--- tomcat10-10.1.40/java/org/apache/tomcat/jni/SSL.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/jni/SSL.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,61 +21,62 @@
/*
* Type definitions mostly from mod_ssl
*/
- public static final int UNSET = -1;
+ public static final int UNSET = -1;
/*
* Define the certificate algorithm types
*/
public static final int SSL_ALGO_UNKNOWN = 0;
- public static final int SSL_ALGO_RSA = (1<<0);
- public static final int SSL_ALGO_DSA = (1<<1);
- public static final int SSL_ALGO_ALL = (SSL_ALGO_RSA|SSL_ALGO_DSA);
-
- public static final int SSL_AIDX_RSA = 0;
- public static final int SSL_AIDX_DSA = 1;
- public static final int SSL_AIDX_ECC = 3;
- public static final int SSL_AIDX_MAX = 4;
+ public static final int SSL_ALGO_RSA = (1 << 0);
+ public static final int SSL_ALGO_DSA = (1 << 1);
+ public static final int SSL_ALGO_ALL = (SSL_ALGO_RSA | SSL_ALGO_DSA);
+
+ public static final int SSL_AIDX_RSA = 0;
+ public static final int SSL_AIDX_DSA = 1;
+ public static final int SSL_AIDX_ECC = 3;
+ public static final int SSL_AIDX_MAX = 4;
/*
* Define IDs for the temporary RSA keys and DH params
*/
- public static final int SSL_TMP_KEY_RSA_512 = 0;
+ public static final int SSL_TMP_KEY_RSA_512 = 0;
public static final int SSL_TMP_KEY_RSA_1024 = 1;
public static final int SSL_TMP_KEY_RSA_2048 = 2;
public static final int SSL_TMP_KEY_RSA_4096 = 3;
- public static final int SSL_TMP_KEY_DH_512 = 4;
- public static final int SSL_TMP_KEY_DH_1024 = 5;
- public static final int SSL_TMP_KEY_DH_2048 = 6;
- public static final int SSL_TMP_KEY_DH_4096 = 7;
- public static final int SSL_TMP_KEY_MAX = 8;
+ public static final int SSL_TMP_KEY_DH_512 = 4;
+ public static final int SSL_TMP_KEY_DH_1024 = 5;
+ public static final int SSL_TMP_KEY_DH_2048 = 6;
+ public static final int SSL_TMP_KEY_DH_4096 = 7;
+ public static final int SSL_TMP_KEY_MAX = 8;
/*
* Define the SSL options
*/
- public static final int SSL_OPT_NONE = 0;
- public static final int SSL_OPT_RELSET = (1<<0);
- public static final int SSL_OPT_STDENVVARS = (1<<1);
- public static final int SSL_OPT_EXPORTCERTDATA = (1<<3);
- public static final int SSL_OPT_FAKEBASICAUTH = (1<<4);
- public static final int SSL_OPT_STRICTREQUIRE = (1<<5);
- public static final int SSL_OPT_OPTRENEGOTIATE = (1<<6);
- public static final int SSL_OPT_ALL = (SSL_OPT_STDENVVARS|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE);
+ public static final int SSL_OPT_NONE = 0;
+ public static final int SSL_OPT_RELSET = (1 << 0);
+ public static final int SSL_OPT_STDENVVARS = (1 << 1);
+ public static final int SSL_OPT_EXPORTCERTDATA = (1 << 3);
+ public static final int SSL_OPT_FAKEBASICAUTH = (1 << 4);
+ public static final int SSL_OPT_STRICTREQUIRE = (1 << 5);
+ public static final int SSL_OPT_OPTRENEGOTIATE = (1 << 6);
+ public static final int SSL_OPT_ALL = (SSL_OPT_STDENVVARS | SSL_OPT_EXPORTCERTDATA | SSL_OPT_FAKEBASICAUTH |
+ SSL_OPT_STRICTREQUIRE | SSL_OPT_OPTRENEGOTIATE);
/*
* Define the SSL Protocol options
*/
- public static final int SSL_PROTOCOL_NONE = 0;
- public static final int SSL_PROTOCOL_SSLV2 = (1<<0);
- public static final int SSL_PROTOCOL_SSLV3 = (1<<1);
- public static final int SSL_PROTOCOL_TLSV1 = (1<<2);
- public static final int SSL_PROTOCOL_TLSV1_1 = (1<<3);
- public static final int SSL_PROTOCOL_TLSV1_2 = (1<<4);
- public static final int SSL_PROTOCOL_TLSV1_3 = (1<<5);
+ public static final int SSL_PROTOCOL_NONE = 0;
+ public static final int SSL_PROTOCOL_SSLV2 = (1 << 0);
+ public static final int SSL_PROTOCOL_SSLV3 = (1 << 1);
+ public static final int SSL_PROTOCOL_TLSV1 = (1 << 2);
+ public static final int SSL_PROTOCOL_TLSV1_1 = (1 << 3);
+ public static final int SSL_PROTOCOL_TLSV1_2 = (1 << 4);
+ public static final int SSL_PROTOCOL_TLSV1_3 = (1 << 5);
public static final int SSL_PROTOCOL_ALL;
static {
if (version() >= 0x1010100f) {
- SSL_PROTOCOL_ALL = (SSL_PROTOCOL_TLSV1 | SSL_PROTOCOL_TLSV1_1 | SSL_PROTOCOL_TLSV1_2 |
- SSL_PROTOCOL_TLSV1_3);
+ SSL_PROTOCOL_ALL =
+ (SSL_PROTOCOL_TLSV1 | SSL_PROTOCOL_TLSV1_1 | SSL_PROTOCOL_TLSV1_2 | SSL_PROTOCOL_TLSV1_3);
} else {
SSL_PROTOCOL_ALL = (SSL_PROTOCOL_TLSV1 | SSL_PROTOCOL_TLSV1_1 | SSL_PROTOCOL_TLSV1_2);
}
@@ -85,154 +86,159 @@
/*
* Define the SSL verify levels
*/
- public static final int SSL_CVERIFY_UNSET = UNSET;
- public static final int SSL_CVERIFY_NONE = 0;
- public static final int SSL_CVERIFY_OPTIONAL = 1;
- public static final int SSL_CVERIFY_REQUIRE = 2;
+ public static final int SSL_CVERIFY_UNSET = UNSET;
+ public static final int SSL_CVERIFY_NONE = 0;
+ public static final int SSL_CVERIFY_OPTIONAL = 1;
+ public static final int SSL_CVERIFY_REQUIRE = 2;
public static final int SSL_CVERIFY_OPTIONAL_NO_CA = 3;
- /* Use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
- * are 'ored' with SSL_VERIFY_PEER if they are desired
+ /*
+ * Use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are 'ored' with SSL_VERIFY_PEER if they are
+ * desired
*/
- public static final int SSL_VERIFY_NONE = 0;
- public static final int SSL_VERIFY_PEER = 1;
+ public static final int SSL_VERIFY_NONE = 0;
+ public static final int SSL_VERIFY_PEER = 1;
public static final int SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2;
- public static final int SSL_VERIFY_CLIENT_ONCE = 4;
- public static final int SSL_VERIFY_PEER_STRICT = (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
+ public static final int SSL_VERIFY_CLIENT_ONCE = 4;
+ public static final int SSL_VERIFY_PEER_STRICT = (SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
- public static final int SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001;
- public static final int SSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002;
+ public static final int SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001;
+ public static final int SSL_OP_NETSCAPE_CHALLENGE_BUG = 0x00000002;
public static final int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 0x00000008;
- public static final int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000010;
- public static final int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000020;
- public static final int SSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000040;
- public static final int SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000080;
- public static final int SSL_OP_TLS_D5_BUG = 0x00000100;
- public static final int SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000200;
-
- /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
- * in OpenSSL 0.9.6d. Usually (depending on the application protocol)
- * the workaround is not needed. Unfortunately some broken SSL/TLS
- * implementations cannot handle it at all, which is why we include
- * it in SSL_OP_ALL. */
- public static final int SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00000800;
-
- /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
- * This used to be 0x000FFFFFL before 0.9.7. */
- public static final int SSL_OP_ALL = 0x00000FFF;
+ public static final int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 0x00000010;
+ public static final int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 0x00000020;
+ public static final int SSL_OP_MSIE_SSLV2_RSA_PADDING = 0x00000040;
+ public static final int SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 0x00000080;
+ public static final int SSL_OP_TLS_D5_BUG = 0x00000100;
+ public static final int SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000200;
+
+ /*
+ * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in OpenSSL 0.9.6d. Usually (depending on the
+ * application protocol) the workaround is not needed. Unfortunately some broken SSL/TLS implementations cannot
+ * handle it at all, which is why we include it in SSL_OP_ALL.
+ */
+ public static final int SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 0x00000800;
+
+ /*
+ * SSL_OP_ALL: various bug workarounds that should be rather harmless. This used to be 0x000FFFFFL before 0.9.7.
+ */
+ public static final int SSL_OP_ALL = 0x00000FFF;
/* As server, disallow session resumption on renegotiation */
public static final int SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00010000;
/* Don't use compression even if supported */
- public static final int SSL_OP_NO_COMPRESSION = 0x00020000;
+ public static final int SSL_OP_NO_COMPRESSION = 0x00020000;
/* Permit unsafe legacy renegotiation */
- public static final int SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION = 0x00040000;
+ public static final int SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION = 0x00040000;
/* If set, always create a new key when using tmp_eddh parameters */
- public static final int SSL_OP_SINGLE_ECDH_USE = 0x00080000;
+ public static final int SSL_OP_SINGLE_ECDH_USE = 0x00080000;
/* If set, always create a new key when using tmp_dh parameters */
- public static final int SSL_OP_SINGLE_DH_USE = 0x00100000;
- /* Set to always use the tmp_rsa key when doing RSA operations,
- * even when this violates protocol specs */
- public static final int SSL_OP_EPHEMERAL_RSA = 0x00200000;
- /* Set on servers to choose the cipher according to the server's
- * preferences */
- public static final int SSL_OP_CIPHER_SERVER_PREFERENCE = 0x00400000;
- /* If set, a server will allow a client to issue an SSLv3.0 version number
- * as latest version supported in the premaster secret, even when TLSv1.0
- * (version 3.1) was announced in the client hello. Normally this is
- * forbidden to prevent version rollback attacks. */
- public static final int SSL_OP_TLS_ROLLBACK_BUG = 0x00800000;
-
- public static final int SSL_OP_NO_SSLv2 = 0x01000000;
- public static final int SSL_OP_NO_SSLv3 = 0x02000000;
- public static final int SSL_OP_NO_TLSv1 = 0x04000000;
- public static final int SSL_OP_NO_TLSv1_2 = 0x08000000;
- public static final int SSL_OP_NO_TLSv1_1 = 0x10000000;
-
- public static final int SSL_OP_NO_TICKET = 0x00004000;
-
- public static final int SSL_OP_NETSCAPE_CA_DN_BUG = 0x20000000;
- public static final int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x40000000;
-
- public static final int SSL_CRT_FORMAT_UNDEF = 0;
- public static final int SSL_CRT_FORMAT_ASN1 = 1;
- public static final int SSL_CRT_FORMAT_TEXT = 2;
- public static final int SSL_CRT_FORMAT_PEM = 3;
+ public static final int SSL_OP_SINGLE_DH_USE = 0x00100000;
+ /*
+ * Set to always use the tmp_rsa key when doing RSA operations, even when this violates protocol specs
+ */
+ public static final int SSL_OP_EPHEMERAL_RSA = 0x00200000;
+ /*
+ * Set on servers to choose the cipher according to the server's preferences
+ */
+ public static final int SSL_OP_CIPHER_SERVER_PREFERENCE = 0x00400000;
+ /*
+ * If set, a server will allow a client to issue an SSLv3.0 version number as latest version supported in the
+ * premaster secret, even when TLSv1.0 (version 3.1) was announced in the client hello. Normally this is forbidden
+ * to prevent version rollback attacks.
+ */
+ public static final int SSL_OP_TLS_ROLLBACK_BUG = 0x00800000;
+
+ public static final int SSL_OP_NO_SSLv2 = 0x01000000;
+ public static final int SSL_OP_NO_SSLv3 = 0x02000000;
+ public static final int SSL_OP_NO_TLSv1 = 0x04000000;
+ public static final int SSL_OP_NO_TLSv1_2 = 0x08000000;
+ public static final int SSL_OP_NO_TLSv1_1 = 0x10000000;
+
+ public static final int SSL_OP_NO_TICKET = 0x00004000;
+
+ public static final int SSL_OP_NETSCAPE_CA_DN_BUG = 0x20000000;
+ public static final int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 0x40000000;
+
+ public static final int SSL_CRT_FORMAT_UNDEF = 0;
+ public static final int SSL_CRT_FORMAT_ASN1 = 1;
+ public static final int SSL_CRT_FORMAT_TEXT = 2;
+ public static final int SSL_CRT_FORMAT_PEM = 3;
public static final int SSL_CRT_FORMAT_NETSCAPE = 4;
- public static final int SSL_CRT_FORMAT_PKCS12 = 5;
- public static final int SSL_CRT_FORMAT_SMIME = 6;
- public static final int SSL_CRT_FORMAT_ENGINE = 7;
-
- public static final int SSL_MODE_CLIENT = 0;
- public static final int SSL_MODE_SERVER = 1;
- public static final int SSL_MODE_COMBINED = 2;
-
- public static final int SSL_CONF_FLAG_CMDLINE = 0x0001;
- public static final int SSL_CONF_FLAG_FILE = 0x0002;
- public static final int SSL_CONF_FLAG_CLIENT = 0x0004;
- public static final int SSL_CONF_FLAG_SERVER = 0x0008;
- public static final int SSL_CONF_FLAG_SHOW_ERRORS = 0x0010;
- public static final int SSL_CONF_FLAG_CERTIFICATE = 0x0020;
-
- public static final int SSL_CONF_TYPE_UNKNOWN = 0x0000;
- public static final int SSL_CONF_TYPE_STRING = 0x0001;
- public static final int SSL_CONF_TYPE_FILE = 0x0002;
- public static final int SSL_CONF_TYPE_DIR = 0x0003;
+ public static final int SSL_CRT_FORMAT_PKCS12 = 5;
+ public static final int SSL_CRT_FORMAT_SMIME = 6;
+ public static final int SSL_CRT_FORMAT_ENGINE = 7;
+
+ public static final int SSL_MODE_CLIENT = 0;
+ public static final int SSL_MODE_SERVER = 1;
+ public static final int SSL_MODE_COMBINED = 2;
+
+ public static final int SSL_CONF_FLAG_CMDLINE = 0x0001;
+ public static final int SSL_CONF_FLAG_FILE = 0x0002;
+ public static final int SSL_CONF_FLAG_CLIENT = 0x0004;
+ public static final int SSL_CONF_FLAG_SERVER = 0x0008;
+ public static final int SSL_CONF_FLAG_SHOW_ERRORS = 0x0010;
+ public static final int SSL_CONF_FLAG_CERTIFICATE = 0x0020;
+
+ public static final int SSL_CONF_TYPE_UNKNOWN = 0x0000;
+ public static final int SSL_CONF_TYPE_STRING = 0x0001;
+ public static final int SSL_CONF_TYPE_FILE = 0x0002;
+ public static final int SSL_CONF_TYPE_DIR = 0x0003;
- public static final int SSL_SHUTDOWN_TYPE_UNSET = 0;
+ public static final int SSL_SHUTDOWN_TYPE_UNSET = 0;
public static final int SSL_SHUTDOWN_TYPE_STANDARD = 1;
- public static final int SSL_SHUTDOWN_TYPE_UNCLEAN = 2;
+ public static final int SSL_SHUTDOWN_TYPE_UNCLEAN = 2;
public static final int SSL_SHUTDOWN_TYPE_ACCURATE = 3;
- public static final int SSL_INFO_SESSION_ID = 0x0001;
- public static final int SSL_INFO_CIPHER = 0x0002;
- public static final int SSL_INFO_CIPHER_USEKEYSIZE = 0x0003;
- public static final int SSL_INFO_CIPHER_ALGKEYSIZE = 0x0004;
- public static final int SSL_INFO_CIPHER_VERSION = 0x0005;
- public static final int SSL_INFO_CIPHER_DESCRIPTION = 0x0006;
- public static final int SSL_INFO_PROTOCOL = 0x0007;
-
- /* To obtain the CountryName of the Client Certificate Issuer
- * use the SSL_INFO_CLIENT_I_DN + SSL_INFO_DN_COUNTRYNAME
- */
- public static final int SSL_INFO_CLIENT_S_DN = 0x0010;
- public static final int SSL_INFO_CLIENT_I_DN = 0x0020;
- public static final int SSL_INFO_SERVER_S_DN = 0x0040;
- public static final int SSL_INFO_SERVER_I_DN = 0x0080;
-
- public static final int SSL_INFO_DN_COUNTRYNAME = 0x0001;
- public static final int SSL_INFO_DN_STATEORPROVINCENAME = 0x0002;
- public static final int SSL_INFO_DN_LOCALITYNAME = 0x0003;
- public static final int SSL_INFO_DN_ORGANIZATIONNAME = 0x0004;
+ public static final int SSL_INFO_SESSION_ID = 0x0001;
+ public static final int SSL_INFO_CIPHER = 0x0002;
+ public static final int SSL_INFO_CIPHER_USEKEYSIZE = 0x0003;
+ public static final int SSL_INFO_CIPHER_ALGKEYSIZE = 0x0004;
+ public static final int SSL_INFO_CIPHER_VERSION = 0x0005;
+ public static final int SSL_INFO_CIPHER_DESCRIPTION = 0x0006;
+ public static final int SSL_INFO_PROTOCOL = 0x0007;
+
+ /*
+ * To obtain the CountryName of the Client Certificate Issuer use the SSL_INFO_CLIENT_I_DN + SSL_INFO_DN_COUNTRYNAME
+ */
+ public static final int SSL_INFO_CLIENT_S_DN = 0x0010;
+ public static final int SSL_INFO_CLIENT_I_DN = 0x0020;
+ public static final int SSL_INFO_SERVER_S_DN = 0x0040;
+ public static final int SSL_INFO_SERVER_I_DN = 0x0080;
+
+ public static final int SSL_INFO_DN_COUNTRYNAME = 0x0001;
+ public static final int SSL_INFO_DN_STATEORPROVINCENAME = 0x0002;
+ public static final int SSL_INFO_DN_LOCALITYNAME = 0x0003;
+ public static final int SSL_INFO_DN_ORGANIZATIONNAME = 0x0004;
public static final int SSL_INFO_DN_ORGANIZATIONALUNITNAME = 0x0005;
- public static final int SSL_INFO_DN_COMMONNAME = 0x0006;
- public static final int SSL_INFO_DN_TITLE = 0x0007;
- public static final int SSL_INFO_DN_INITIALS = 0x0008;
- public static final int SSL_INFO_DN_GIVENNAME = 0x0009;
- public static final int SSL_INFO_DN_SURNAME = 0x000A;
- public static final int SSL_INFO_DN_DESCRIPTION = 0x000B;
- public static final int SSL_INFO_DN_UNIQUEIDENTIFIER = 0x000C;
- public static final int SSL_INFO_DN_EMAILADDRESS = 0x000D;
-
- public static final int SSL_INFO_CLIENT_M_VERSION = 0x0101;
- public static final int SSL_INFO_CLIENT_M_SERIAL = 0x0102;
- public static final int SSL_INFO_CLIENT_V_START = 0x0103;
- public static final int SSL_INFO_CLIENT_V_END = 0x0104;
- public static final int SSL_INFO_CLIENT_A_SIG = 0x0105;
- public static final int SSL_INFO_CLIENT_A_KEY = 0x0106;
- public static final int SSL_INFO_CLIENT_CERT = 0x0107;
- public static final int SSL_INFO_CLIENT_V_REMAIN = 0x0108;
-
- public static final int SSL_INFO_SERVER_M_VERSION = 0x0201;
- public static final int SSL_INFO_SERVER_M_SERIAL = 0x0202;
- public static final int SSL_INFO_SERVER_V_START = 0x0203;
- public static final int SSL_INFO_SERVER_V_END = 0x0204;
- public static final int SSL_INFO_SERVER_A_SIG = 0x0205;
- public static final int SSL_INFO_SERVER_A_KEY = 0x0206;
- public static final int SSL_INFO_SERVER_CERT = 0x0207;
- /* Return client certificate chain.
- * Add certificate chain number to that flag (0 ... verify depth)
+ public static final int SSL_INFO_DN_COMMONNAME = 0x0006;
+ public static final int SSL_INFO_DN_TITLE = 0x0007;
+ public static final int SSL_INFO_DN_INITIALS = 0x0008;
+ public static final int SSL_INFO_DN_GIVENNAME = 0x0009;
+ public static final int SSL_INFO_DN_SURNAME = 0x000A;
+ public static final int SSL_INFO_DN_DESCRIPTION = 0x000B;
+ public static final int SSL_INFO_DN_UNIQUEIDENTIFIER = 0x000C;
+ public static final int SSL_INFO_DN_EMAILADDRESS = 0x000D;
+
+ public static final int SSL_INFO_CLIENT_M_VERSION = 0x0101;
+ public static final int SSL_INFO_CLIENT_M_SERIAL = 0x0102;
+ public static final int SSL_INFO_CLIENT_V_START = 0x0103;
+ public static final int SSL_INFO_CLIENT_V_END = 0x0104;
+ public static final int SSL_INFO_CLIENT_A_SIG = 0x0105;
+ public static final int SSL_INFO_CLIENT_A_KEY = 0x0106;
+ public static final int SSL_INFO_CLIENT_CERT = 0x0107;
+ public static final int SSL_INFO_CLIENT_V_REMAIN = 0x0108;
+
+ public static final int SSL_INFO_SERVER_M_VERSION = 0x0201;
+ public static final int SSL_INFO_SERVER_M_SERIAL = 0x0202;
+ public static final int SSL_INFO_SERVER_V_START = 0x0203;
+ public static final int SSL_INFO_SERVER_V_END = 0x0204;
+ public static final int SSL_INFO_SERVER_A_SIG = 0x0205;
+ public static final int SSL_INFO_SERVER_A_KEY = 0x0206;
+ public static final int SSL_INFO_SERVER_CERT = 0x0207;
+ /*
+ * Return client certificate chain. Add certificate chain number to that flag (0 ... verify depth)
*/
- public static final int SSL_INFO_CLIENT_CERT_CHAIN = 0x0400;
+ public static final int SSL_INFO_CLIENT_CERT_CHAIN = 0x0400;
/* Only support OFF and SERVER for now */
public static final long SSL_SESS_CACHE_OFF = 0x0000;
@@ -248,12 +254,12 @@
public static native String versionString();
/**
- * Initialize OpenSSL support.
- * This function needs to be called once for the
- * lifetime of JVM. Library.init() has to be called before.
- * @param engine Support for external a Crypto Device ("engine"),
- * usually
- * a hardware accelerator card for crypto operations.
+ * Initialize OpenSSL support. This function needs to be called once for the lifetime of JVM. Library.init() has to
+ * be called before.
+ *
+ * @param engine Support for external a Crypto Device ("engine"), usually a hardware accelerator card for crypto
+ * operations.
+ *
* @return APR status code
*/
public static native int initialize(String engine);
@@ -261,9 +267,11 @@
/**
* Get the status of FIPS Mode.
*
- * @return FIPS_mode return code. It is 0 if OpenSSL is not
- * in FIPS mode, 1 if OpenSSL is in FIPS Mode.
+ * @return FIPS_mode return code. It is 0 if OpenSSL is not in FIPS mode, 1 if OpenSSL is
+ * in FIPS Mode.
+ *
* @throws Exception If tcnative was not compiled with FIPS Mode available.
+ *
* @see OpenSSL method FIPS_mode()
*/
public static native int fipsModeGet() throws Exception;
@@ -274,8 +282,10 @@
* @param mode 1 - enable, 0 - disable
*
* @return FIPS_mode_set return code
- * @throws Exception If tcnative was not compiled with FIPS Mode available,
- * or if {@code FIPS_mode_set()} call returned an error value.
+ *
+ * @throws Exception If tcnative was not compiled with FIPS Mode available, or if {@code FIPS_mode_set()} call
+ * returned an error value.
+ *
* @see OpenSSL method FIPS_mode_set()
*/
public static native int fipsModeSet(int mode) throws Exception;
@@ -283,15 +293,16 @@
/**
* Sets global random filename.
*
- * @param filename Filename to use.
- * If set it will be used for SSL initialization
- * and all contexts where explicitly not set.
+ * @param filename Filename to use. If set it will be used for SSL initialization and all contexts where explicitly
+ * not set.
*/
public static native void randSet(String filename);
/**
* Return the handshake completed count.
+ *
* @param ssl SSL pointer
+ *
* @return the count
*/
public static native int getHandshakeCount(long ssl);
@@ -303,84 +314,101 @@
public static final int SSL_SENT_SHUTDOWN = 1;
public static final int SSL_RECEIVED_SHUTDOWN = 2;
- public static final int SSL_ERROR_NONE = 0;
- public static final int SSL_ERROR_SSL = 1;
- public static final int SSL_ERROR_WANT_READ = 2;
- public static final int SSL_ERROR_WANT_WRITE = 3;
+ public static final int SSL_ERROR_NONE = 0;
+ public static final int SSL_ERROR_SSL = 1;
+ public static final int SSL_ERROR_WANT_READ = 2;
+ public static final int SSL_ERROR_WANT_WRITE = 3;
public static final int SSL_ERROR_WANT_X509_LOOKUP = 4;
- public static final int SSL_ERROR_SYSCALL = 5; /* look at error stack/return value/errno */
- public static final int SSL_ERROR_ZERO_RETURN = 6;
- public static final int SSL_ERROR_WANT_CONNECT = 7;
- public static final int SSL_ERROR_WANT_ACCEPT = 8;
+ public static final int SSL_ERROR_SYSCALL = 5; /* look at error stack/return value/errno */
+ public static final int SSL_ERROR_ZERO_RETURN = 6;
+ public static final int SSL_ERROR_WANT_CONNECT = 7;
+ public static final int SSL_ERROR_WANT_ACCEPT = 8;
/**
* SSL_new
- * @param ctx Server or Client context to use.
- * @param server if true configure SSL instance to use accept handshake routines
- * if false configure SSL instance to use connect handshake routines
+ *
+ * @param ctx Server or Client context to use.
+ * @param server if true configure SSL instance to use accept handshake routines if false configure SSL instance to
+ * use connect handshake routines
+ *
* @return pointer to SSL instance (SSL *)
*/
public static native long newSSL(long ctx, boolean server);
/**
* BIO_ctrl_pending.
+ *
* @param bio BIO pointer (BIO *)
+ *
* @return the pending bytes count
*/
public static native int pendingWrittenBytesInBIO(long bio);
/**
* SSL_pending.
+ *
* @param ssl SSL pointer (SSL *)
+ *
* @return the pending bytes count
*/
public static native int pendingReadableBytesInSSL(long ssl);
/**
* BIO_write.
- * @param bio BIO pointer
+ *
+ * @param bio BIO pointer
* @param wbuf Buffer pointer
* @param wlen Write length
+ *
* @return the bytes count written
*/
public static native int writeToBIO(long bio, long wbuf, int wlen);
/**
* BIO_read.
- * @param bio BIO pointer
+ *
+ * @param bio BIO pointer
* @param rbuf Buffer pointer
* @param rlen Read length
+ *
* @return the bytes count read
*/
public static native int readFromBIO(long bio, long rbuf, int rlen);
/**
* SSL_write.
- * @param ssl the SSL instance (SSL *)
+ *
+ * @param ssl the SSL instance (SSL *)
* @param wbuf Buffer pointer
* @param wlen Write length
+ *
* @return the bytes count written
*/
public static native int writeToSSL(long ssl, long wbuf, int wlen);
/**
* SSL_read
- * @param ssl the SSL instance (SSL *)
+ *
+ * @param ssl the SSL instance (SSL *)
* @param rbuf Buffer pointer
* @param rlen Read length
+ *
* @return the bytes count read
*/
public static native int readFromSSL(long ssl, long rbuf, int rlen);
/**
* SSL_get_shutdown
+ *
* @param ssl the SSL instance (SSL *)
+ *
* @return the operation status
*/
public static native int getShutdown(long ssl);
/**
* SSL_free
+ *
* @param ssl the SSL instance (SSL *)
*/
public static native void freeSSL(long ssl);
@@ -390,86 +418,106 @@
*
* Warning: you must explicitly free this resource by calling freeBIO
*
- * While the SSL's internal/application data BIO will be freed when freeSSL is called on
- * the provided SSL instance, you must call freeBIO on the returned network BIO.
+ * While the SSL's internal/application data BIO will be freed when freeSSL is called on the provided SSL instance,
+ * you must call freeBIO on the returned network BIO.
*
* @param ssl the SSL instance (SSL *)
+ *
* @return pointer to the Network BIO (BIO *)
*/
public static native long makeNetworkBIO(long ssl);
/**
* BIO_free
+ *
* @param bio BIO pointer
*/
public static native void freeBIO(long bio);
/**
* SSL_shutdown
+ *
* @param ssl the SSL instance (SSL *)
+ *
* @return the operation status
*/
public static native int shutdownSSL(long ssl);
/**
- * Get the error number representing the last error OpenSSL encountered on
- * this thread.
+ * Get the error number representing the last error OpenSSL encountered on this thread.
+ *
* @return the last error number
*/
public static native int getLastErrorNumber();
/**
* SSL_get_cipher.
+ *
* @param ssl the SSL instance (SSL *)
+ *
* @return the cipher name
*/
public static native String getCipherForSSL(long ssl);
/**
* SSL_get_version
+ *
* @param ssl the SSL instance (SSL *)
+ *
* @return the SSL version in use
*/
public static native String getVersion(long ssl);
/**
* SSL_do_handshake
+ *
* @param ssl the SSL instance (SSL *)
+ *
* @return the handshake status
*/
public static native int doHandshake(long ssl);
/**
* SSL_renegotiate
+ *
* @param ssl the SSL instance (SSL *)
+ *
* @return the operation status
*/
public static native int renegotiate(long ssl);
/**
* SSL_renegotiate_pending
+ *
* @param ssl the SSL instance (SSL *)
+ *
* @return the operation status
*/
public static native int renegotiatePending(long ssl);
/**
* SSL_verify_client_post_handshake
+ *
* @param ssl the SSL instance (SSL *)
+ *
* @return the operation status
*/
public static native int verifyClientPostHandshake(long ssl);
/**
* Is post handshake authentication in progress on this connection?
+ *
* @param ssl the SSL instance (SSL *)
+ *
* @return the operation status
*/
public static native int getPostHandshakeAuthInProgress(long ssl);
/**
* SSL_in_init.
+ *
* @param ssl the SSL instance (SSL *)
+ *
* @return the status
*/
public static native int isInInit(long ssl);
@@ -480,52 +528,59 @@
/**
* SSL_get0_alpn_selected
+ *
* @param ssl the SSL instance (SSL *)
+ *
* @return the ALPN protocol negotiated
*/
public static native String getAlpnSelected(long ssl);
/**
* Get the peer certificate chain or {@code null} if none was sent.
+ *
* @param ssl the SSL instance (SSL *)
+ *
* @return the certificate chain bytes
*/
public static native byte[][] getPeerCertChain(long ssl);
/**
* Get the peer certificate or {@code null} if none was sent.
+ *
* @param ssl the SSL instance (SSL *)
+ *
* @return the certificate bytes
*/
public static native byte[] getPeerCertificate(long ssl);
/**
* Get the error number representing for the given {@code errorNumber}.
+ *
* @param errorNumber The error code
+ *
* @return an error message
*/
public static native String getErrorString(long errorNumber);
/**
* SSL_get_time
+ *
* @param ssl the SSL instance (SSL *)
+ *
* @return returns the time at which the session ssl was established. The time is given in seconds since the Epoch
*/
public static native long getTime(long ssl);
/**
- * Set Type of Client Certificate verification and Maximum depth of CA Certificates
- * in Client Certificate verification.
- *
- * This directive sets the Certificate verification level for the Client
- * Authentication. Notice that this directive can be used both in per-server
- * and per-directory context. In per-server context it applies to the client
- * authentication process used in the standard SSL handshake when a connection
- * is established. In per-directory context it forces an SSL renegotiation with
- * the reconfigured client verification level after the HTTP request was read
- * but before the HTTP response is sent.
- *
+ * Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate
+ * verification.
+ * This directive sets the Certificate verification level for the Client Authentication. Notice that this directive
+ * can be used both in per-server and per-directory context. In per-server context it applies to the client
+ * authentication process used in the standard SSL handshake when a connection is established. In per-directory
+ * context it forces an SSL renegotiation with the reconfigured client verification level after the HTTP request was
+ * read but before the HTTP response is sent.
* The following levels are available for level:
+ *
*
* SSL_CVERIFY_NONE - No client Certificate is required at all
* SSL_CVERIFY_OPTIONAL - The client may present a valid Certificate
@@ -533,66 +588,80 @@
* SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate
* but it need not to be (successfully) verifiable
*
+ *
*
- * The depth actually is the maximum number of intermediate certificate issuers,
- * i.e. the number of CA certificates which are max allowed to be followed while
- * verifying the client certificate. A depth of 0 means that self-signed client
- * certificates are accepted only, the default depth of 1 means the client
- * certificate can be self-signed or has to be signed by a CA which is directly
- * known to the server (i.e. the CA's certificate is under
+ * The depth actually is the maximum number of intermediate certificate issuers, i.e. the number of CA certificates
+ * which are max allowed to be followed while verifying the client certificate. A depth of 0 means that self-signed
+ * client certificates are accepted only, the default depth of 1 means the client certificate can be self-signed or
+ * has to be signed by a CA which is directly known to the server (i.e. the CA's certificate is under
* {@code setCACertificatePath}, etc).
*
- * @param ssl the SSL instance (SSL *)
+ * @param ssl the SSL instance (SSL *)
* @param level Type of Client Certificate verification.
- * @param depth Maximum depth of CA Certificates in Client Certificate
- * verification.
+ * @param depth Maximum depth of CA Certificates in Client Certificate verification.
*/
public static native void setVerify(long ssl, int level, int depth);
/**
* Set OpenSSL Option.
- * @param ssl the SSL instance (SSL *)
- * @param options See SSL.SSL_OP_* for option flags.
+ *
+ * @param ssl the SSL instance (SSL *)
+ * @param options See SSL.SSL_OP_* for option flags.
*/
public static native void setOptions(long ssl, int options);
/**
* Get OpenSSL Option.
+ *
* @param ssl the SSL instance (SSL *)
- * @return options See SSL.SSL_OP_* for option flags.
+ *
+ * @return options See SSL.SSL_OP_* for option flags.
*/
public static native int getOptions(long ssl);
/**
* Returns all cipher suites that are enabled for negotiation in an SSL handshake.
+ *
* @param ssl the SSL instance (SSL *)
+ *
* @return ciphers
*/
public static native String[] getCiphers(long ssl);
/**
- * Returns the cipher suites available for negotiation in SSL handshake.
- *
- * This complex directive uses a colon-separated cipher-spec string consisting
- * of OpenSSL cipher specifications to configure the Cipher Suite the client
- * is permitted to negotiate in the SSL handshake phase. Notice that this
- * directive can be used both in per-server and per-directory context.
- * In per-server context it applies to the standard SSL handshake when a
- * connection is established. In per-directory context it forces an SSL
- * renegotiation with the reconfigured Cipher Suite after the HTTP request
- * was read but before the HTTP response is sent.
- * @param ssl the SSL instance (SSL *)
- * @param ciphers an SSL cipher specification
+ * Set the TLSv1.2 and below ciphers available for negotiation the in TLS handshake.
+ *
+ * This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to
+ * configure the ciphers the client is permitted to negotiate in the TLS handshake phase.
+ *
+ * @param ssl The SSL instance (SSL *)
+ * @param cipherList An OpenSSL cipher specification.
+ *
+ * @return true if the operation was successful
+ *
+ * @throws Exception An error occurred
+ */
+ public static native boolean setCipherSuites(long ssl, String cipherList) throws Exception;
+
+ /**
+ * Set the TLSv1.3 cipher suites available for negotiation the in TLS handshake.
+ *
+ * This uses a colon-separated list of TLSv1.3 cipher suite names in preference order.
+ *
+ * @param ssl The SSL instance (SSL *)
+ * @param cipherSuites An OpenSSL cipher suite list.
+ *
* @return true if the operation was successful
+ *
* @throws Exception An error occurred
*/
- public static native boolean setCipherSuites(long ssl, String ciphers)
- throws Exception;
+ public static native boolean setCipherSuitesEx(long ssl, String cipherSuites) throws Exception;
/**
* Returns the ID of the session as byte array representation.
*
* @param ssl the SSL instance (SSL *)
+ *
* @return the session as byte array representation obtained via SSL_SESSION_get_id.
*/
public static native byte[] getSessionId(long ssl);
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/jni/SSLConf.java tomcat10-10.1.52/java/org/apache/tomcat/jni/SSLConf.java
--- tomcat10-10.1.40/java/org/apache/tomcat/jni/SSLConf.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/jni/SSLConf.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,10 +21,10 @@
/**
* Create a new SSL_CONF context.
*
- * @param pool The pool to use.
- * @param flags The SSL_CONF flags to use. It can be any combination of
- * the following:
- *
+ * @param pool The pool to use.
+ * @param flags The SSL_CONF flags to use. It can be any combination of the following:
+ *
+ *
*
- * @return The Java representation of a pointer to the newly created
- * SSL_CONF Context
+ * @return The Java representation of a pointer to the newly created SSL_CONF Context
*
* @throws Exception If the SSL_CONF context could not be created
*
* @see OpenSSL SSL_CONF_CTX_new
- * @see OpenSSL SSL_CONF_CTX_set_flags
+ * @see OpenSSL
+ * SSL_CONF_CTX_set_flags
*/
public static native long make(long pool, int flags) throws Exception;
@@ -55,13 +55,12 @@
/**
* Check a command with an SSL_CONF context.
*
- * @param cctx SSL_CONF context to use.
- * @param name command name.
+ * @param cctx SSL_CONF context to use.
+ * @param name command name.
* @param value command value.
*
- * @return The result of the check based on the {@code SSL_CONF_cmd_value_type}
- * call. Unknown types will result in an exception, as well as
- * file and directory types with invalid file or directory names.
+ * @return The result of the check based on the {@code SSL_CONF_cmd_value_type} call. Unknown types will result in
+ * an exception, as well as file and directory types with invalid file or directory names.
*
* @throws Exception If the check fails.
*
@@ -70,22 +69,22 @@
public static native int check(long cctx, String name, String value) throws Exception;
/**
- * Assign an SSL context to an SSL_CONF context.
- * All following calls to {@link #apply(long, String, String)} will be
+ * Assign an SSL context to an SSL_CONF context. All following calls to {@link #apply(long, String, String)} will be
* applied to this SSL context.
*
* @param cctx SSL_CONF context to use.
- * @param ctx SSL context to assign to the given SSL_CONF context.
+ * @param ctx SSL context to assign to the given SSL_CONF context.
*
- * @see OpenSSL SSL_CONF_CTX_set_ssl_ctx
+ * @see OpenSSL
+ * SSL_CONF_CTX_set_ssl_ctx
*/
public static native void assign(long cctx, long ctx);
/**
* Apply a command to an SSL_CONF context.
*
- * @param cctx SSL_CONF context to use.
- * @param name command name.
+ * @param cctx SSL_CONF context to use.
+ * @param name command name.
* @param value command value.
*
* @return The result of the native {@code SSL_CONF_cmd} call
@@ -103,7 +102,8 @@
*
* @return The result of the native {@code SSL_CONF_CTX_finish} call
*
- * @see OpenSSL SSL_CONF_CTX_finish
+ * @see OpenSSL
+ * SSL_CONF_CTX_finish
*/
public static native int finish(long cctx);
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/jni/SSLContext.java tomcat10-10.1.52/java/org/apache/tomcat/jni/SSLContext.java
--- tomcat10-10.1.40/java/org/apache/tomcat/jni/SSLContext.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/jni/SSLContext.java 2026-01-23 19:33:36.000000000 +0000
@@ -22,16 +22,15 @@
public final class SSLContext {
- public static final byte[] DEFAULT_SESSION_ID_CONTEXT =
- new byte[] { 'd', 'e', 'f', 'a', 'u', 'l', 't' };
+ public static final byte[] DEFAULT_SESSION_ID_CONTEXT = new byte[] { 'd', 'e', 'f', 'a', 'u', 'l', 't' };
/**
* Create a new SSL context.
*
- * @param pool The pool to use.
- * @param protocol The SSL protocol to use. It can be any combination of
- * the following:
- *
+ * @param pool The pool to use.
+ * @param protocol The SSL protocol to use. It can be any combination of the following:
+ *
+ *
*
- * @return The Java representation of a pointer to the newly created SSL
- * Context
+ * @return The Java representation of a pointer to the newly created SSL Context
*
* @throws Exception If the SSL Context could not be created
*/
@@ -56,149 +56,152 @@
/**
* Free the resources used by the Context
+ *
* @param ctx Server or Client context to free.
+ *
* @return APR Status code.
*/
public static native int free(long ctx);
/**
* Set OpenSSL Option.
- * @param ctx Server or Client context to use.
- * @param options See SSL.SSL_OP_* for option flags.
+ *
+ * @param ctx Server or Client context to use.
+ * @param options See SSL.SSL_OP_* for option flags.
*/
public static native void setOptions(long ctx, int options);
/**
* Get OpenSSL Option.
+ *
* @param ctx Server or Client context to use.
- * @return options See SSL.SSL_OP_* for option flags.
+ *
+ * @return options See SSL.SSL_OP_* for option flags.
*/
public static native int getOptions(long ctx);
/**
* Clears OpenSSL Options.
- * @param ctx Server or Client context to use.
- * @param options See SSL.SSL_OP_* for option flags.
+ *
+ * @param ctx Server or Client context to use.
+ * @param options See SSL.SSL_OP_* for option flags.
*/
public static native void clearOptions(long ctx, int options);
/**
* Returns all cipher suites that are enabled for negotiation in an SSL handshake.
+ *
* @param ctx Server or Client context to use.
+ *
* @return ciphers
*/
public static native String[] getCiphers(long ctx);
/**
- * Cipher Suite available for negotiation in SSL handshake.
- *
- * This complex directive uses a colon-separated cipher-spec string consisting
- * of OpenSSL cipher specifications to configure the Cipher Suite the client
- * is permitted to negotiate in the SSL handshake phase. Notice that this
- * directive can be used both in per-server and per-directory context.
- * In per-server context it applies to the standard SSL handshake when a
- * connection is established. In per-directory context it forces an SSL
- * renegotiation with the reconfigured Cipher Suite after the HTTP request
- * was read but before the HTTP response is sent.
- * @param ctx Server or Client context to use.
- * @param ciphers An OpenSSL cipher specification.
+ * Set the TLSv1.2 and below ciphers available for negotiation the in TLS handshake.
+ *
+ * This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to
+ * configure the ciphers the client is permitted to negotiate in the TLS handshake phase.
+ *
+ * @param ctx Server or Client context to use.
+ * @param cipherList An OpenSSL cipher specification.
+ *
* @return true if the operation was successful
+ *
* @throws Exception An error occurred
*/
- public static native boolean setCipherSuite(long ctx, String ciphers)
- throws Exception;
+ public static native boolean setCipherSuite(long ctx, String cipherList) throws Exception;
/**
- * Set File of concatenated PEM-encoded CA CRLs or
- * directory of PEM-encoded CA Certificates for Client Auth
- *
- * This directive sets the all-in-one file where you can assemble the
- * Certificate Revocation Lists (CRL) of Certification Authorities (CA)
- * whose clients you deal with. These are used for Client Authentication.
- * Such a file is simply the concatenation of the various PEM-encoded CRL
- * files, in order of preference.
- *
- * The files in this directory have to be PEM-encoded and are accessed through
- * hash filenames. So usually you can't just place the Certificate files there:
- * you also have to create symbolic links named hash-value.N. And you should
- * always make sure this directory contains the appropriate symbolic links.
- * Use the Makefile which comes with mod_ssl to accomplish this task.
- * @param ctx Server or Client context to use.
+ * Set the TLSv1.3 cipher suites available for negotiation the in TLS handshake.
+ *
+ * This uses a colon-separated list of TLSv1.3 cipher suite names in preference order.
+ *
+ * @param ctx Server or Client context to use.
+ * @param cipherSuites An OpenSSL cipher suite list.
+ *
+ * @return true if the operation was successful
+ *
+ * @throws Exception An error occurred
+ */
+ public static native boolean setCipherSuitesEx(long ctx, String cipherSuites) throws Exception;
+
+ /**
+ * Set File of concatenated PEM-encoded CA CRLs or directory of PEM-encoded CA Certificates for Client Auth
+ * This directive sets the all-in-one file where you can assemble the Certificate Revocation Lists (CRL) of
+ * Certification Authorities (CA) whose clients you deal with. These are used for Client Authentication. Such a file
+ * is simply the concatenation of the various PEM-encoded CRL files, in order of preference.
+ * The files in this directory have to be PEM-encoded and are accessed through hash filenames. So usually you can't
+ * just place the Certificate files there: you also have to create symbolic links named hash-value.N. And you should
+ * always make sure this directory contains the appropriate symbolic links. Use the Makefile which comes with
+ * mod_ssl to accomplish this task.
+ *
+ * @param ctx Server or Client context to use.
* @param file File of concatenated PEM-encoded CA CRLs for Client Auth.
* @param path Directory of PEM-encoded CA Certificates for Client Auth.
+ *
* @return true if the operation was successful
+ *
* @throws Exception An error occurred
*/
- public static native boolean setCARevocation(long ctx, String file,
- String path)
- throws Exception;
+ public static native boolean setCARevocation(long ctx, String file, String path) throws Exception;
/**
- * Set File of PEM-encoded Server CA Certificates
- *
- * This directive sets the optional all-in-one file where you can assemble the
- * certificates of Certification Authorities (CA) which form the certificate
- * chain of the server certificate. This starts with the issuing CA certificate
- * of the server certificate and can range up to the root CA certificate.
- * Such a file is simply the concatenation of the various PEM-encoded CA
- * Certificate files, usually in certificate chain order.
- *
- * But be careful: Providing the certificate chain works only if you are using
- * a single (either RSA or DSA) based server certificate. If you are using a
- * coupled RSA+DSA certificate pair, this will work only if actually both
- * certificates use the same certificate chain. Else the browsers will be
- * confused in this situation.
- * @param ctx Server or Client context to use.
- * @param file File of PEM-encoded Server CA Certificates.
- * @param skipfirst Skip first certificate if chain file is inside
- * certificate file.
+ * Set File of PEM-encoded Server CA Certificates
+ * This directive sets the optional all-in-one file where you can assemble the certificates of Certification
+ * Authorities (CA) which form the certificate chain of the server certificate. This starts with the issuing CA
+ * certificate of the server certificate and can range up to the root CA certificate. Such a file is simply the
+ * concatenation of the various PEM-encoded CA Certificate files, usually in certificate chain order.
+ * But be careful: Providing the certificate chain works only if you are using a single (either RSA or DSA) based
+ * server certificate. If you are using a coupled RSA+DSA certificate pair, this will work only if actually both
+ * certificates use the same certificate chain. Else the browsers will be confused in this situation.
+ *
+ * @param ctx Server or Client context to use.
+ * @param file File of PEM-encoded Server CA Certificates.
+ * @param skipfirst Skip first certificate if chain file is inside certificate file.
+ *
* @return true if the operation was successful
*/
- public static native boolean setCertificateChainFile(long ctx, String file,
- boolean skipfirst);
+ public static native boolean setCertificateChainFile(long ctx, String file, boolean skipfirst);
/**
- * Set Certificate
- *
- * Point setCertificateFile at a PEM encoded certificate. If
- * the certificate is encrypted, then you will be prompted for a
- * pass phrase. Note that a kill -HUP will prompt again. A test
- * certificate can be generated with 'make certificate' under
- * built time. Keep in mind that if you've both a RSA and a DSA
- * certificate you can configure both in parallel (to also allow
- * the use of DSA ciphers, etc.)
- *
- * If the key is not combined with the certificate, use key param
- * to point at the key file. Keep in mind that if
- * you've both a RSA and a DSA private key you can configure
- * both in parallel (to also allow the use of DSA ciphers, etc.)
- * @param ctx Server or Client context to use.
- * @param cert Certificate file.
- * @param key Private Key file to use if not in cert.
- * @param password Certificate password. If null and certificate
- * is encrypted, password prompt will be displayed.
- * @param idx Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA.
+ * Set Certificate
+ * Point setCertificateFile at a PEM encoded certificate. If the certificate is encrypted, then you will be prompted
+ * for a pass phrase. Note that a kill -HUP will prompt again. A test certificate can be generated with 'make
+ * certificate' under built time. Keep in mind that if you've both a RSA and a DSA certificate you can configure
+ * both in parallel (to also allow the use of DSA ciphers, etc.)
+ * If the key is not combined with the certificate, use key param to point at the key file. Keep in mind that if
+ * you've both a RSA and a DSA private key you can configure both in parallel (to also allow the use of DSA ciphers,
+ * etc.)
+ *
+ * @param ctx Server or Client context to use.
+ * @param cert Certificate file.
+ * @param key Private Key file to use if not in cert.
+ * @param password Certificate password. If null and certificate is encrypted, password prompt will be displayed.
+ * @param idx Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA.
+ *
* @return true if the operation was successful
+ *
* @throws Exception An error occurred
*/
- public static native boolean setCertificate(long ctx, String cert,
- String key, String password,
- int idx)
- throws Exception;
+ public static native boolean setCertificate(long ctx, String cert, String key, String password, int idx)
+ throws Exception;
/**
- * Set the size of the internal session cache.
- * http://www.openssl.org/docs/ssl/SSL_CTX_sess_set_cache_size.html
- * @param ctx Server or Client context to use.
+ * Set the size of the internal session cache. http://www.openssl.org/docs/ssl/SSL_CTX_sess_set_cache_size.html
+ *
+ * @param ctx Server or Client context to use.
* @param size The cache size
+ *
* @return the value set
*/
public static native long setSessionCacheSize(long ctx, long size);
/**
- * Get the size of the internal session cache.
- * http://www.openssl.org/docs/ssl/SSL_CTX_sess_get_cache_size.html
+ * Get the size of the internal session cache. http://www.openssl.org/docs/ssl/SSL_CTX_sess_get_cache_size.html
+ *
* @param ctx Server or Client context to use.
+ *
* @return the size
*/
public static native long getSessionCacheSize(long ctx);
@@ -206,8 +209,10 @@
/**
* Set the timeout for the internal session cache in seconds.
* http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html
- * @param ctx Server or Client context to use.
+ *
+ * @param ctx Server or Client context to use.
* @param timeoutSeconds Timeout value
+ *
* @return the value set
*/
public static native long setSessionCacheTimeout(long ctx, long timeoutSeconds);
@@ -215,90 +220,98 @@
/**
* Get the timeout for the internal session cache in seconds.
* http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html
+ *
* @param ctx Server or Client context to use.
+ *
* @return the timeout
*/
public static native long getSessionCacheTimeout(long ctx);
/**
* Set the mode of the internal session cache and return the previous used mode.
- * @param ctx Server or Client context to use.
+ *
+ * @param ctx Server or Client context to use.
* @param mode The mode to set
+ *
* @return the value set
*/
public static native long setSessionCacheMode(long ctx, long mode);
/**
* Get the mode of the current used internal session cache.
+ *
* @param ctx Server or Client context to use.
+ *
* @return the value set
*/
public static native long getSessionCacheMode(long ctx);
/*
- * Session resumption statistics methods.
- * http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html
+ * Session resumption statistics methods. http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html
*/
public static native long sessionAccept(long ctx);
+
public static native long sessionAcceptGood(long ctx);
+
public static native long sessionAcceptRenegotiate(long ctx);
+
public static native long sessionCacheFull(long ctx);
+
public static native long sessionCbHits(long ctx);
+
public static native long sessionConnect(long ctx);
+
public static native long sessionConnectGood(long ctx);
+
public static native long sessionConnectRenegotiate(long ctx);
+
public static native long sessionHits(long ctx);
+
public static native long sessionMisses(long ctx);
+
public static native long sessionNumber(long ctx);
+
public static native long sessionTimeouts(long ctx);
/**
* Set TLS session keys. This allows us to share keys across TFEs.
- * @param ctx Server or Client context to use.
+ *
+ * @param ctx Server or Client context to use.
* @param keys Some session keys
*/
public static native void setSessionTicketKeys(long ctx, byte[] keys);
/**
- * Set File and Directory of concatenated PEM-encoded CA Certificates
- * for Client Auth
- *
- * This directive sets the all-in-one file where you can assemble the
- * Certificates of Certification Authorities (CA) whose clients you deal with.
- * These are used for Client Authentication. Such a file is simply the
- * concatenation of the various PEM-encoded Certificate files, in order of
- * preference. This can be used alternatively and/or additionally to
- * path.
- *
- * The files in this directory have to be PEM-encoded and are accessed through
- * hash filenames. So usually you can't just place the Certificate files there:
- * you also have to create symbolic links named hash-value.N. And you should
- * always make sure this directory contains the appropriate symbolic links.
- * Use the Makefile which comes with mod_ssl to accomplish this task.
- * @param ctx Server or Client context to use.
- * @param file File of concatenated PEM-encoded CA Certificates for
- * Client Auth.
+ * Set File and Directory of concatenated PEM-encoded CA Certificates for Client Auth
+ * This directive sets the all-in-one file where you can assemble the Certificates of Certification Authorities (CA)
+ * whose clients you deal with. These are used for Client Authentication. Such a file is simply the concatenation of
+ * the various PEM-encoded Certificate files, in order of preference. This can be used alternatively and/or
+ * additionally to path.
+ * The files in this directory have to be PEM-encoded and are accessed through hash filenames. So usually you can't
+ * just place the Certificate files there: you also have to create symbolic links named hash-value.N. And you should
+ * always make sure this directory contains the appropriate symbolic links. Use the Makefile which comes with
+ * mod_ssl to accomplish this task.
+ *
+ * @param ctx Server or Client context to use.
+ * @param file File of concatenated PEM-encoded CA Certificates for Client Auth.
* @param path Directory of PEM-encoded CA Certificates for Client Auth.
+ *
* @return true if the operation was successful
+ *
* @throws Exception An error occurred
*/
- public static native boolean setCACertificate(long ctx, String file,
- String path)
- throws Exception;
+ public static native boolean setCACertificate(long ctx, String file, String path) throws Exception;
/**
- * Set Type of Client Certificate verification and Maximum depth of CA Certificates
- * in Client Certificate verification.
- *
- * This directive sets the Certificate verification level for the Client
- * Authentication. Notice that this directive can be used both in per-server
- * and per-directory context. In per-server context it applies to the client
- * authentication process used in the standard SSL handshake when a connection
- * is established. In per-directory context it forces an SSL renegotiation with
- * the reconfigured client verification level after the HTTP request was read
- * but before the HTTP response is sent.
- *
+ * Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate
+ * verification.
+ * This directive sets the Certificate verification level for the Client Authentication. Notice that this directive
+ * can be used both in per-server and per-directory context. In per-server context it applies to the client
+ * authentication process used in the standard SSL handshake when a connection is established. In per-directory
+ * context it forces an SSL renegotiation with the reconfigured client verification level after the HTTP request was
+ * read but before the HTTP response is sent.
* The following levels are available for level:
+ *
*
* SSL_CVERIFY_NONE - No client Certificate is required at all
* SSL_CVERIFY_OPTIONAL - The client may present a valid Certificate
@@ -306,34 +319,30 @@
* SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate
* but it need not to be (successfully) verifiable
*
+ *
*
- * The depth actually is the maximum number of intermediate certificate issuers,
- * i.e. the number of CA certificates which are max allowed to be followed while
- * verifying the client certificate. A depth of 0 means that self-signed client
- * certificates are accepted only, the default depth of 1 means the client
- * certificate can be self-signed or has to be signed by a CA which is directly
- * known to the server (i.e. the CA's certificate is under
+ * The depth actually is the maximum number of intermediate certificate issuers, i.e. the number of CA certificates
+ * which are max allowed to be followed while verifying the client certificate. A depth of 0 means that self-signed
+ * client certificates are accepted only, the default depth of 1 means the client certificate can be self-signed or
+ * has to be signed by a CA which is directly known to the server (i.e. the CA's certificate is under
* setCACertificatePath), etc.
- * @param ctx Server or Client context to use.
+ *
+ * @param ctx Server or Client context to use.
* @param level Type of Client Certificate verification.
- * @param depth Maximum depth of CA Certificates in Client Certificate
- * verification.
+ * @param depth Maximum depth of CA Certificates in Client Certificate verification.
*/
public static native void setVerify(long ctx, int level, int depth);
/**
- * When tc-native encounters a SNI extension in the TLS handshake it will
- * call this method to determine which OpenSSL SSLContext to use for the
- * connection.
- *
- * @param currentCtx The OpenSSL SSLContext that the handshake started to
- * use. This will be the default OpenSSL SSLContext for
- * the endpoint associated with the socket.
- * @param sniHostName The host name requested by the client
- *
- * @return The Java representation of the pointer to the OpenSSL SSLContext
- * to use for the given host or zero if no SSLContext could be
- * identified
+ * When tc-native encounters a SNI extension in the TLS handshake it will call this method to determine which
+ * OpenSSL SSLContext to use for the connection.
+ *
+ * @param currentCtx The OpenSSL SSLContext that the handshake started to use. This will be the default OpenSSL
+ * SSLContext for the endpoint associated with the socket.
+ * @param sniHostName The host name requested by the client
+ *
+ * @return The Java representation of the pointer to the OpenSSL SSLContext to use for the given host or zero if no
+ * SSLContext could be identified
*/
public static long sniCallBack(long currentCtx, String sniHostName) {
SNICallBack sniCallBack = sniCallBacks.get(Long.valueOf(currentCtx));
@@ -347,50 +356,47 @@
}
/**
- * A map of default SSL Contexts to SNICallBack instances (in Tomcat these
- * are instances of AprEndpoint) that will be used to determine the SSL
- * Context to use bases on the SNI host name. It is structured this way
- * since a Tomcat instance may have several TLS enabled endpoints that each
- * have different SSL Context mappings for the same host name.
+ * A map of default SSL Contexts to SNICallBack instances (in Tomcat these are instances of AprEndpoint) that will
+ * be used to determine the SSL Context to use bases on the SNI host name. It is structured this way since a Tomcat
+ * instance may have several TLS enabled endpoints that each have different SSL Context mappings for the same host
+ * name.
*/
private static final Map sniCallBacks = new ConcurrentHashMap<>();
/**
- * Interface implemented by components that will receive the call back to
- * select an OpenSSL SSLContext based on the host name requested by the
- * client.
+ * Interface implemented by components that will receive the call back to select an OpenSSL SSLContext based on the
+ * host name requested by the client.
*/
public interface SNICallBack {
/**
- * This callback is made during the TLS handshake when the client uses
- * the SNI extension to request a specific TLS host.
+ * This callback is made during the TLS handshake when the client uses the SNI extension to request a specific
+ * TLS host.
*
- * @param sniHostName The host name requested by the client - must be in
- * lower case
+ * @param sniHostName The host name requested by the client - must be in lower case
*
- * @return The Java representation of the pointer to the OpenSSL
- * SSLContext to use for the given host or zero if no SSLContext
- * could be identified
+ * @return The Java representation of the pointer to the OpenSSL SSLContext to use for the given host or zero if
+ * no SSLContext could be identified
*/
long getSslContext(String sniHostName);
}
/**
- * Allow to hook {@link CertificateVerifier} into the handshake processing.
- * This will call {@code SSL_CTX_set_cert_verify_callback} and so replace the default verification
- * callback used by openssl
- * @param ctx Server or Client context to use.
+ * Allow to hook {@link CertificateVerifier} into the handshake processing. This will call
+ * {@code SSL_CTX_set_cert_verify_callback} and so replace the default verification callback used by openssl
+ *
+ * @param ctx Server or Client context to use.
* @param verifier the verifier to call during handshake.
*/
public static native void setCertVerifyCallback(long ctx, CertificateVerifier verifier);
/**
* Set application layer protocol for application layer protocol negotiation extension
- * @param ctx Server context to use.
- * @param alpnProtos protocols in priority order
- * @param selectorFailureBehavior see {@link SSL#SSL_SELECTOR_FAILURE_NO_ADVERTISE}
- * and {@link SSL#SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL}
+ *
+ * @param ctx Server context to use.
+ * @param alpnProtos protocols in priority order
+ * @param selectorFailureBehavior see {@link SSL#SSL_SELECTOR_FAILURE_NO_ADVERTISE} and
+ * {@link SSL#SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL}
*/
public static native void setAlpnProtos(long ctx, String[] alpnProtos, int selectorFailureBehavior);
@@ -398,42 +404,45 @@
* Set the context within which session be reused (server side only)
* http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html
*
- * @param ctx Server context to use.
- * @param sidCtx can be any kind of binary data, it is therefore possible to use e.g. the name
- * of the application and/or the hostname and/or service name
+ * @param ctx Server context to use.
+ * @param sidCtx can be any kind of binary data, it is therefore possible to use e.g. the name of the application
+ * and/or the hostname and/or service name
+ *
* @return {@code true} if success, {@code false} otherwise.
*/
public static native boolean setSessionIdContext(long ctx, byte[] sidCtx);
/**
- * Set CertificateRaw
- *
+ * Set CertificateRaw
* Use keystore a certificate and key to fill the BIOP
- * @param ctx Server or Client context to use.
- * @param cert Byte array with the certificate in DER encoding.
- * @param key Byte array with the Private Key file in PEM format.
+ *
+ * @param ctx Server or Client context to use.
+ * @param cert Byte array with the certificate in DER encoding.
+ * @param key Byte array with the Private Key file in PEM format.
* @param sslAidxRsa Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA.
+ *
* @return {@code true} if success, {@code false} otherwise.
*/
public static native boolean setCertificateRaw(long ctx, byte[] cert, byte[] key, int sslAidxRsa);
/**
- * Add a certificate to the certificate chain. Certs should be added in
- * order starting with the issuer of the host certs and working up the
- * certificate chain to the CA.
- *
- *
+ * Add a certificate to the certificate chain. Certs should be added in order starting with the issuer of the host
+ * certs and working up the certificate chain to the CA.
* Use keystore a certificate chain to fill the BIOP
- * @param ctx Server or Client context to use.
+ *
+ * @param ctx Server or Client context to use.
* @param cert Byte array with the certificate in DER encoding.
+ *
* @return {@code true} if success, {@code false} otherwise.
*/
public static native boolean addChainCertificateRaw(long ctx, byte[] cert);
/**
* Add a CA certificate we accept as issuer for peer certs
- * @param ctx Server or Client context to use.
+ *
+ * @param ctx Server or Client context to use.
* @param cert Byte array with the certificate in DER encoding.
+ *
* @return {@code true} if success, {@code false} otherwise.
*/
public static native boolean addClientCACertificateRaw(long ctx, byte[] cert);
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/jni/Sockaddr.java tomcat10-10.1.52/java/org/apache/tomcat/jni/Sockaddr.java
--- tomcat10-10.1.40/java/org/apache/tomcat/jni/Sockaddr.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/jni/Sockaddr.java 2026-01-23 19:33:36.000000000 +0000
@@ -17,10 +17,9 @@
package org.apache.tomcat.jni;
/**
- * Tomcat Native 1.2.33 and earlier won't initialise unless this class is
- * present. This dummy class ensures initialisation gets as far as being able to
- * check the version of the Tomcat Native library and reporting a version error
- * if 1.2.33 or earlier is present.
+ * Tomcat Native 1.2.33 and earlier won't initialise unless this class is present. This dummy class ensures
+ * initialisation gets as far as being able to check the version of the Tomcat Native library and reporting a version
+ * error if 1.2.33 or earlier is present.
*/
public class Sockaddr {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/Diagnostics.java tomcat10-10.1.52/java/org/apache/tomcat/util/Diagnostics.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/Diagnostics.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/Diagnostics.java 2026-01-23 19:33:36.000000000 +0000
@@ -76,34 +76,25 @@
private static final Log log = LogFactory.getLog(Diagnostics.class);
- private static final SimpleDateFormat timeformat =
- new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS");
+ private static final SimpleDateFormat timeformat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS");
/* Some platform MBeans */
- private static final ClassLoadingMXBean classLoadingMXBean =
- ManagementFactory.getClassLoadingMXBean();
- private static final CompilationMXBean compilationMXBean =
- ManagementFactory.getCompilationMXBean();
- private static final OperatingSystemMXBean operatingSystemMXBean =
- ManagementFactory.getOperatingSystemMXBean();
- private static final RuntimeMXBean runtimeMXBean =
- ManagementFactory.getRuntimeMXBean();
- private static final ThreadMXBean threadMXBean =
- ManagementFactory.getThreadMXBean();
+ private static final ClassLoadingMXBean classLoadingMXBean = ManagementFactory.getClassLoadingMXBean();
+ private static final CompilationMXBean compilationMXBean = ManagementFactory.getCompilationMXBean();
+ private static final OperatingSystemMXBean operatingSystemMXBean = ManagementFactory.getOperatingSystemMXBean();
+ private static final RuntimeMXBean runtimeMXBean = ManagementFactory.getRuntimeMXBean();
+ private static final ThreadMXBean threadMXBean = ManagementFactory.getThreadMXBean();
// XXX Not sure whether the following MBeans should better
// be retrieved on demand, i.e. whether they can change
// dynamically in the MBeanServer.
private static final PlatformLoggingMXBean loggingMXBean =
- ManagementFactory.getPlatformMXBean(PlatformLoggingMXBean.class);
- private static final MemoryMXBean memoryMXBean =
- ManagementFactory.getMemoryMXBean();
+ ManagementFactory.getPlatformMXBean(PlatformLoggingMXBean.class);
+ private static final MemoryMXBean memoryMXBean = ManagementFactory.getMemoryMXBean();
private static final List garbageCollectorMXBeans =
- ManagementFactory.getGarbageCollectorMXBeans();
- private static final List memoryManagerMXBeans =
- ManagementFactory.getMemoryManagerMXBeans();
- private static final List memoryPoolMXBeans =
- ManagementFactory.getMemoryPoolMXBeans();
+ ManagementFactory.getGarbageCollectorMXBeans();
+ private static final List memoryManagerMXBeans = ManagementFactory.getMemoryManagerMXBeans();
+ private static final List memoryPoolMXBeans = ManagementFactory.getMemoryPoolMXBeans();
/**
* Check whether thread contention monitoring is enabled.
@@ -146,8 +137,8 @@
threadMXBean.setThreadCpuTimeEnabled(enable);
boolean checkValue = threadMXBean.isThreadCpuTimeEnabled();
if (enable != checkValue) {
- log.error(sm.getString("diagnostics.setPropertyFail", "threadCpuTimeEnabled",
- Boolean.valueOf(enable), Boolean.valueOf(checkValue)));
+ log.error(sm.getString("diagnostics.setPropertyFail", "threadCpuTimeEnabled", Boolean.valueOf(enable),
+ Boolean.valueOf(checkValue)));
}
}
@@ -167,8 +158,8 @@
classLoadingMXBean.setVerbose(verbose);
boolean checkValue = classLoadingMXBean.isVerbose();
if (verbose != checkValue) {
- log.error(sm.getString("diagnostics.setPropertyFail", "verboseClassLoading",
- Boolean.valueOf(verbose), Boolean.valueOf(checkValue)));
+ log.error(sm.getString("diagnostics.setPropertyFail", "verboseClassLoading", Boolean.valueOf(verbose),
+ Boolean.valueOf(checkValue)));
}
}
@@ -176,15 +167,14 @@
* Set logger level
*
* @param loggerName the name of the logger
- * @param levelName the level to set
+ * @param levelName the level to set
*/
public static void setLoggerLevel(String loggerName, String levelName) {
loggingMXBean.setLoggerLevel(loggerName, levelName);
String checkValue = loggingMXBean.getLoggerLevel(loggerName);
if (!checkValue.equals(levelName)) {
String propertyName = "loggerLevel[" + loggerName + "]";
- log.error(sm.getString("diagnostics.setPropertyFail", propertyName,
- levelName, checkValue));
+ log.error(sm.getString("diagnostics.setPropertyFail", propertyName, levelName, checkValue));
}
}
@@ -197,8 +187,8 @@
memoryMXBean.setVerbose(verbose);
boolean checkValue = memoryMXBean.isVerbose();
if (verbose != checkValue) {
- log.error(sm.getString("diagnostics.setPropertyFail", "verboseGarbageCollection",
- Boolean.valueOf(verbose), Boolean.valueOf(checkValue)));
+ log.error(sm.getString("diagnostics.setPropertyFail", "verboseGarbageCollection", Boolean.valueOf(verbose),
+ Boolean.valueOf(checkValue)));
}
}
@@ -215,7 +205,7 @@
* @param name name of the MemoryPoolMXBean or "all"
*/
public static void resetPeakUsage(String name) {
- for (MemoryPoolMXBean mbean: memoryPoolMXBeans) {
+ for (MemoryPoolMXBean mbean : memoryPoolMXBeans) {
if (name.equals("all") || name.equals(mbean.getName())) {
mbean.resetPeakUsage();
}
@@ -225,12 +215,13 @@
/**
* Set usage threshold in MemoryPoolMXBean
*
- * @param name name of the MemoryPoolMXBean
+ * @param name name of the MemoryPoolMXBean
* @param threshold the threshold to set
+ *
* @return true if setting the threshold succeeded
*/
public static boolean setUsageThreshold(String name, long threshold) {
- for (MemoryPoolMXBean mbean: memoryPoolMXBeans) {
+ for (MemoryPoolMXBean mbean : memoryPoolMXBeans) {
if (name.equals(mbean.getName())) {
try {
mbean.setUsageThreshold(threshold);
@@ -247,12 +238,13 @@
/**
* Set collection usage threshold in MemoryPoolMXBean
*
- * @param name name of the MemoryPoolMXBean
+ * @param name name of the MemoryPoolMXBean
* @param threshold the collection threshold to set
+ *
* @return true if setting the threshold succeeded
*/
public static boolean setCollectionUsageThreshold(String name, long threshold) {
- for (MemoryPoolMXBean mbean: memoryPoolMXBeans) {
+ for (MemoryPoolMXBean mbean : memoryPoolMXBeans) {
if (name.equals(mbean.getName())) {
try {
mbean.setCollectionUsageThreshold(threshold);
@@ -270,6 +262,7 @@
* Formats the thread dump header for one thread.
*
* @param ti the ThreadInfo describing the thread
+ *
* @return the formatted thread dump header
*/
private static String getThreadDumpHeader(ThreadInfo ti) {
@@ -297,6 +290,7 @@
* Formats the thread dump for one thread.
*
* @param ti the ThreadInfo describing the thread
+ *
* @return the formatted thread dump
*/
private static String getThreadDump(ThreadInfo ti) {
@@ -318,14 +312,15 @@
if (ti.getLockName() != null) {
sb.append(INDENT2 + "- waiting on (a ").append(ti.getLockName()).append(")");
if (ti.getLockOwnerName() != null) {
- sb.append(" owned by ").append(ti.getLockOwnerName()).append(" Id=").append(ti.getLockOwnerId());
+ sb.append(" owned by ").append(ti.getLockOwnerName()).append(" Id=")
+ .append(ti.getLockOwnerId());
}
sb.append(CRLF);
}
start = false;
}
if (monitorDepths[i] != null) {
- MonitorInfo mi = (MonitorInfo)monitorDepths[i];
+ MonitorInfo mi = (MonitorInfo) monitorDepths[i];
sb.append(INDENT2 + "- locked (a ").append(mi.toString()).append(")").append(" index ");
sb.append(mi.getLockedStackDepth()).append(" frame ").append(mi.getLockedStackFrame().toString());
sb.append(CRLF);
@@ -339,6 +334,7 @@
* Formats the thread dump for a list of threads.
*
* @param tinfos the ThreadInfo array describing the thread list
+ *
* @return the formatted thread dump
*/
private static String getThreadDump(ThreadInfo[] tinfos) {
@@ -351,17 +347,14 @@
}
/**
- * Check if any threads are deadlocked. If any, print
- * the thread dump for those threads.
+ * Check if any threads are deadlocked. If any, print the thread dump for those threads.
*
- * @return a deadlock message and the formatted thread dump
- * of the deadlocked threads
+ * @return a deadlock message and the formatted thread dump of the deadlocked threads
*/
public static String findDeadlock() {
long[] ids = threadMXBean.findDeadlockedThreads();
if (ids != null) {
- ThreadInfo[] tinfos = threadMXBean.getThreadInfo(threadMXBean.findDeadlockedThreads(),
- true, true);
+ ThreadInfo[] tinfos = threadMXBean.getThreadInfo(threadMXBean.findDeadlockedThreads(), true, true);
if (tinfos != null) {
return sm.getString("diagnostics.deadlockFound") + CRLF + getThreadDump(tinfos);
}
@@ -370,8 +363,7 @@
}
/**
- * Retrieves a formatted JVM thread dump.
- * The default StringManager will be used.
+ * Retrieves a formatted JVM thread dump. The default StringManager will be used.
*
* @return the formatted JVM thread dump
*/
@@ -380,29 +372,27 @@
}
/**
- * Retrieves a formatted JVM thread dump.
- * The given list of locales will be used
- * to retrieve a StringManager.
+ * Retrieves a formatted JVM thread dump. The given list of locales will be used to retrieve a StringManager.
*
* @param requestedLocales list of locales to use
+ *
* @return the formatted JVM thread dump
*/
public static String getThreadDump(Enumeration requestedLocales) {
- return getThreadDump(
- StringManager.getManager(PACKAGE, requestedLocales));
+ return getThreadDump(StringManager.getManager(PACKAGE, requestedLocales));
}
/**
- * Retrieve a JVM thread dump formatted
- * using the given StringManager.
+ * Retrieve a JVM thread dump formatted using the given StringManager.
*
* @param requestedSm the StringManager to use
+ *
* @return the formatted JVM thread dump
*/
public static String getThreadDump(StringManager requestedSm) {
StringBuilder sb = new StringBuilder();
- synchronized(timeformat) {
+ synchronized (timeformat) {
sb.append(timeformat.format(new Date()));
}
sb.append(CRLF);
@@ -428,8 +418,10 @@
/**
* Format contents of a MemoryUsage object.
- * @param name a text prefix used in formatting
+ *
+ * @param name a text prefix used in formatting
* @param usage the MemoryUsage object to format
+ *
* @return the formatted contents
*/
private static String formatMemoryUsage(String name, MemoryUsage usage) {
@@ -445,8 +437,7 @@
}
/**
- * Retrieves a formatted JVM information text.
- * The default StringManager will be used.
+ * Retrieves a formatted JVM information text. The default StringManager will be used.
*
* @return the formatted JVM information text
*/
@@ -455,11 +446,10 @@
}
/**
- * Retrieves a formatted JVM information text.
- * The given list of locales will be used
- * to retrieve a StringManager.
+ * Retrieves a formatted JVM information text. The given list of locales will be used to retrieve a StringManager.
*
* @param requestedLocales list of locales to use
+ *
* @return the formatted JVM information text
*/
public static String getVMInfo(Enumeration requestedLocales) {
@@ -467,16 +457,16 @@
}
/**
- * Retrieve a JVM information text formatted
- * using the given StringManager.
+ * Retrieve a JVM information text formatted using the given StringManager.
*
* @param requestedSm the StringManager to use
+ *
* @return the formatted JVM information text
*/
public static String getVMInfo(StringManager requestedSm) {
StringBuilder sb = new StringBuilder();
- synchronized(timeformat) {
+ synchronized (timeformat) {
sb.append(timeformat.format(new Date()));
}
sb.append(CRLF);
@@ -501,19 +491,25 @@
sb.append(INDENT1 + "name: ").append(operatingSystemMXBean.getName()).append(CRLF);
sb.append(INDENT1 + "version: ").append(operatingSystemMXBean.getVersion()).append(CRLF);
sb.append(INDENT1 + "architecture: ").append(operatingSystemMXBean.getArch()).append(CRLF);
- sb.append(INDENT1 + "availableProcessors: ").append(operatingSystemMXBean.getAvailableProcessors()).append(CRLF);
+ sb.append(INDENT1 + "availableProcessors: ").append(operatingSystemMXBean.getAvailableProcessors())
+ .append(CRLF);
sb.append(INDENT1 + "systemLoadAverage: ").append(operatingSystemMXBean.getSystemLoadAverage()).append(CRLF);
sb.append(CRLF);
sb.append(requestedSm.getString("diagnostics.vmInfoThreadMxBean"));
sb.append(":" + CRLF);
- sb.append(INDENT1 + "isCurrentThreadCpuTimeSupported: ").append(threadMXBean.isCurrentThreadCpuTimeSupported()).append(CRLF);
+ sb.append(INDENT1 + "isCurrentThreadCpuTimeSupported: ").append(threadMXBean.isCurrentThreadCpuTimeSupported())
+ .append(CRLF);
sb.append(INDENT1 + "isThreadCpuTimeSupported: ").append(threadMXBean.isThreadCpuTimeSupported()).append(CRLF);
sb.append(INDENT1 + "isThreadCpuTimeEnabled: ").append(threadMXBean.isThreadCpuTimeEnabled()).append(CRLF);
- sb.append(INDENT1 + "isObjectMonitorUsageSupported: ").append(threadMXBean.isObjectMonitorUsageSupported()).append(CRLF);
- sb.append(INDENT1 + "isSynchronizerUsageSupported: ").append(threadMXBean.isSynchronizerUsageSupported()).append(CRLF);
- sb.append(INDENT1 + "isThreadContentionMonitoringSupported: ").append(threadMXBean.isThreadContentionMonitoringSupported()).append(CRLF);
- sb.append(INDENT1 + "isThreadContentionMonitoringEnabled: ").append(threadMXBean.isThreadContentionMonitoringEnabled()).append(CRLF);
+ sb.append(INDENT1 + "isObjectMonitorUsageSupported: ").append(threadMXBean.isObjectMonitorUsageSupported())
+ .append(CRLF);
+ sb.append(INDENT1 + "isSynchronizerUsageSupported: ").append(threadMXBean.isSynchronizerUsageSupported())
+ .append(CRLF);
+ sb.append(INDENT1 + "isThreadContentionMonitoringSupported: ")
+ .append(threadMXBean.isThreadContentionMonitoringSupported()).append(CRLF);
+ sb.append(INDENT1 + "isThreadContentionMonitoringEnabled: ")
+ .append(threadMXBean.isThreadContentionMonitoringEnabled()).append(CRLF);
sb.append(CRLF);
sb.append(requestedSm.getString("diagnostics.vmInfoThreadCounts"));
@@ -526,7 +522,7 @@
sb.append(requestedSm.getString("diagnostics.vmInfoStartup"));
sb.append(":" + CRLF);
- for (String arg: runtimeMXBean.getInputArguments()) {
+ for (String arg : runtimeMXBean.getInputArguments()) {
sb.append(INDENT1).append(arg).append(CRLF);
}
sb.append(CRLF);
@@ -552,30 +548,31 @@
sb.append(":" + CRLF);
sb.append(INDENT1 + "name: ").append(compilationMXBean.getName()).append(CRLF);
sb.append(INDENT1 + "totalCompilationTime: ").append(compilationMXBean.getTotalCompilationTime()).append(CRLF);
- sb.append(INDENT1 + "isCompilationTimeMonitoringSupported: ").append(compilationMXBean.isCompilationTimeMonitoringSupported()).append(CRLF);
+ sb.append(INDENT1 + "isCompilationTimeMonitoringSupported: ")
+ .append(compilationMXBean.isCompilationTimeMonitoringSupported()).append(CRLF);
sb.append(CRLF);
- for (MemoryManagerMXBean mbean: memoryManagerMXBeans) {
+ for (MemoryManagerMXBean mbean : memoryManagerMXBeans) {
sb.append(requestedSm.getString("diagnostics.vmInfoMemoryManagers", mbean.getName()));
sb.append(":" + CRLF);
sb.append(INDENT1 + "isValid: ").append(mbean.isValid()).append(CRLF);
sb.append(INDENT1 + "mbean.getMemoryPoolNames: " + CRLF);
String[] names = mbean.getMemoryPoolNames();
Arrays.sort(names);
- for (String name: names) {
+ for (String name : names) {
sb.append(INDENT2).append(name).append(CRLF);
}
sb.append(CRLF);
}
- for (GarbageCollectorMXBean mbean: garbageCollectorMXBeans) {
+ for (GarbageCollectorMXBean mbean : garbageCollectorMXBeans) {
sb.append(requestedSm.getString("diagnostics.vmInfoGarbageCollectors", mbean.getName()));
sb.append(":" + CRLF);
sb.append(INDENT1 + "isValid: ").append(mbean.isValid()).append(CRLF);
sb.append(INDENT1 + "mbean.getMemoryPoolNames: " + CRLF);
String[] names = mbean.getMemoryPoolNames();
Arrays.sort(names);
- for (String name: names) {
+ for (String name : names) {
sb.append(INDENT2).append(name).append(CRLF);
}
sb.append(INDENT1 + "getCollectionCount: ").append(mbean.getCollectionCount()).append(CRLF);
@@ -586,12 +583,13 @@
sb.append(requestedSm.getString("diagnostics.vmInfoMemory"));
sb.append(":" + CRLF);
sb.append(INDENT1 + "isVerbose: ").append(memoryMXBean.isVerbose()).append(CRLF);
- sb.append(INDENT1 + "getObjectPendingFinalizationCount: ").append(memoryMXBean.getObjectPendingFinalizationCount()).append(CRLF);
+ sb.append(INDENT1 + "getObjectPendingFinalizationCount: ")
+ .append(memoryMXBean.getObjectPendingFinalizationCount()).append(CRLF);
sb.append(formatMemoryUsage("heap", memoryMXBean.getHeapMemoryUsage()));
sb.append(formatMemoryUsage("non-heap", memoryMXBean.getNonHeapMemoryUsage()));
sb.append(CRLF);
- for (MemoryPoolMXBean mbean: memoryPoolMXBeans) {
+ for (MemoryPoolMXBean mbean : memoryPoolMXBeans) {
sb.append(requestedSm.getString("diagnostics.vmInfoMemoryPools", mbean.getName()));
sb.append(":" + CRLF);
sb.append(INDENT1 + "isValid: ").append(mbean.isValid()).append(CRLF);
@@ -599,7 +597,7 @@
sb.append(INDENT1 + "mbean.getMemoryManagerNames: " + CRLF);
String[] names = mbean.getMemoryManagerNames();
Arrays.sort(names);
- for (String name: names) {
+ for (String name : names) {
sb.append(INDENT2).append(name).append(CRLF);
}
sb.append(INDENT1 + "isUsageThresholdSupported: ").append(mbean.isUsageThresholdSupported()).append(CRLF);
@@ -608,9 +606,11 @@
} catch (UnsupportedOperationException ex) {
// IGNORE
}
- sb.append(INDENT1 + "isCollectionUsageThresholdSupported: ").append(mbean.isCollectionUsageThresholdSupported()).append(CRLF);
+ sb.append(INDENT1 + "isCollectionUsageThresholdSupported: ")
+ .append(mbean.isCollectionUsageThresholdSupported()).append(CRLF);
try {
- sb.append(INDENT1 + "isCollectionUsageThresholdExceeded: ").append(mbean.isCollectionUsageThresholdExceeded()).append(CRLF);
+ sb.append(INDENT1 + "isCollectionUsageThresholdExceeded: ")
+ .append(mbean.isCollectionUsageThresholdExceeded()).append(CRLF);
} catch (UnsupportedOperationException ex) {
// IGNORE
}
@@ -625,12 +625,14 @@
// IGNORE
}
try {
- sb.append(INDENT1 + "getCollectionUsageThreshold: ").append(mbean.getCollectionUsageThreshold()).append(CRLF);
+ sb.append(INDENT1 + "getCollectionUsageThreshold: ").append(mbean.getCollectionUsageThreshold())
+ .append(CRLF);
} catch (UnsupportedOperationException ex) {
// IGNORE
}
try {
- sb.append(INDENT1 + "getCollectionUsageThresholdCount: ").append(mbean.getCollectionUsageThresholdCount()).append(CRLF);
+ sb.append(INDENT1 + "getCollectionUsageThresholdCount: ")
+ .append(mbean.getCollectionUsageThresholdCount()).append(CRLF);
} catch (UnsupportedOperationException ex) {
// IGNORE
}
@@ -646,7 +648,7 @@
Map props = runtimeMXBean.getSystemProperties();
ArrayList keys = new ArrayList<>(props.keySet());
Collections.sort(keys);
- for (String prop: keys) {
+ for (String prop : keys) {
sb.append(INDENT1).append(prop).append(": ").append(props.get(prop)).append(CRLF);
}
sb.append(CRLF);
@@ -655,7 +657,7 @@
sb.append(":" + CRLF);
List loggers = loggingMXBean.getLoggerNames();
Collections.sort(loggers);
- for (String logger: loggers) {
+ for (String logger : loggers) {
sb.append(INDENT1).append(logger).append(": level=").append(loggingMXBean.getLoggerLevel(logger));
sb.append(", parent=").append(loggingMXBean.getParentLoggerName(logger)).append(CRLF);
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/ExceptionUtils.java tomcat10-10.1.52/java/org/apache/tomcat/util/ExceptionUtils.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/ExceptionUtils.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/ExceptionUtils.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,8 +25,8 @@
public class ExceptionUtils {
/**
- * Checks whether the supplied Throwable is one that needs to be
- * rethrown and swallows all others.
+ * Checks whether the supplied Throwable is one that needs to be rethrown and swallows all others.
+ *
* @param t the Throwable to check
*/
public static void handleThrowable(Throwable t) {
@@ -44,11 +44,11 @@
}
/**
- * Checks whether the supplied Throwable is an instance of
- * InvocationTargetException and returns the throwable that is
- * wrapped by it, if there is any.
+ * Checks whether the supplied Throwable is an instance of InvocationTargetException and returns the
+ * throwable that is wrapped by it, if there is any.
*
* @param t the Throwable to check
+ *
* @return t or t.getCause()
*/
public static Throwable unwrapInvocationTargetException(Throwable t) {
@@ -60,10 +60,9 @@
/**
- * NO-OP method provided to enable simple preloading of this class. Since
- * the class is used extensively in error handling, it is prudent to
- * preload it to avoid any failure to load this class masking the true
- * problem during error handling.
+ * NO-OP method provided to enable simple preloading of this class. Since the class is used extensively in error
+ * handling, it is prudent to preload it to avoid any failure to load this class masking the true problem during
+ * error handling.
*/
public static void preload() {
// NO-OP
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/IntrospectionUtils.java tomcat10-10.1.52/java/org/apache/tomcat/util/IntrospectionUtils.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/IntrospectionUtils.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/IntrospectionUtils.java 2026-01-23 19:33:36.000000000 +0000
@@ -38,29 +38,28 @@
private static final StringManager sm = StringManager.getManager(IntrospectionUtils.class);
/**
- * Find a method with the right name If found, call the method ( if param is
- * int or boolean we'll convert value to the right type before) - that means
- * you can have setDebug(1).
- * @param o The object to set a property on
- * @param name The property name
+ * Find a method with the right name If found, call the method ( if param is int or boolean we'll convert value to
+ * the right type before) - that means you can have setDebug(1).
+ *
+ * @param o The object to set a property on
+ * @param name The property name
* @param value The property value
+ *
* @return true if operation was successful
*/
public static boolean setProperty(Object o, String name, String value) {
return setProperty(o, name, value, true, null);
}
- public static boolean setProperty(Object o, String name, String value,
- boolean invokeSetProperty) {
+ public static boolean setProperty(Object o, String name, String value, boolean invokeSetProperty) {
return setProperty(o, name, value, invokeSetProperty, null);
}
@SuppressWarnings("null") // setPropertyMethodVoid is not null when used
- public static boolean setProperty(Object o, String name, String value,
- boolean invokeSetProperty, StringBuilder actualMethod) {
+ public static boolean setProperty(Object o, String name, String value, boolean invokeSetProperty,
+ StringBuilder actualMethod) {
if (log.isTraceEnabled()) {
- log.trace("IntrospectionUtils: setProperty(" +
- o.getClass() + " " + name + "=" + value + ")");
+ log.trace("IntrospectionUtils: setProperty(" + o.getClass() + " " + name + "=" + value + ")");
}
if (actualMethod == null && XReflectionIntrospectionUtils.isEnabled()) {
@@ -77,8 +76,8 @@
// First, the ideal case - a setFoo( String ) method
for (Method item : methods) {
Class[] paramT = item.getParameterTypes();
- if (setter.equals(item.getName()) && paramT.length == 1
- && "java.lang.String".equals(paramT[0].getName())) {
+ if (setter.equals(item.getName()) && paramT.length == 1 &&
+ "java.lang.String".equals(paramT[0].getName())) {
item.invoke(o, value);
if (actualMethod != null) {
actualMethod.append(item.getName()).append("(\"").append(escape(value)).append("\")");
@@ -90,16 +89,14 @@
// Try a setFoo ( int ) or ( boolean )
for (Method method : methods) {
boolean ok = true;
- if (setter.equals(method.getName())
- && method.getParameterTypes().length == 1) {
+ if (setter.equals(method.getName()) && method.getParameterTypes().length == 1) {
// match - find the type and invoke it
Class paramType = method.getParameterTypes()[0];
Object[] params = new Object[1];
// Try a setFoo ( int )
- if ("java.lang.Integer".equals(paramType.getName())
- || "int".equals(paramType.getName())) {
+ if ("java.lang.Integer".equals(paramType.getName()) || "int".equals(paramType.getName())) {
try {
params[0] = Integer.valueOf(value);
} catch (NumberFormatException ex) {
@@ -107,14 +104,15 @@
}
if (actualMethod != null) {
if ("java.lang.Integer".equals(paramType.getName())) {
- actualMethod.append(method.getName()).append("(Integer.valueOf(\"").append(value).append("\"))");
+ actualMethod.append(method.getName()).append("(Integer.valueOf(\"").append(value)
+ .append("\"))");
} else {
- actualMethod.append(method.getName()).append("(Integer.parseInt(\"").append(value).append("\"))");
+ actualMethod.append(method.getName()).append("(Integer.parseInt(\"").append(value)
+ .append("\"))");
}
}
// Try a setFoo ( long )
- } else if ("java.lang.Long".equals(paramType.getName())
- || "long".equals(paramType.getName())) {
+ } else if ("java.lang.Long".equals(paramType.getName()) || "long".equals(paramType.getName())) {
try {
params[0] = Long.valueOf(value);
} catch (NumberFormatException ex) {
@@ -122,25 +120,28 @@
}
if (actualMethod != null) {
if ("java.lang.Long".equals(paramType.getName())) {
- actualMethod.append(method.getName()).append("(Long.valueOf(\"").append(value).append("\"))");
+ actualMethod.append(method.getName()).append("(Long.valueOf(\"").append(value)
+ .append("\"))");
} else {
- actualMethod.append(method.getName()).append("(Long.parseLong(\"").append(value).append("\"))");
+ actualMethod.append(method.getName()).append("(Long.parseLong(\"").append(value)
+ .append("\"))");
}
}
// Try a setFoo ( boolean )
- } else if ("java.lang.Boolean".equals(paramType.getName())
- || "boolean".equals(paramType.getName())) {
+ } else if ("java.lang.Boolean".equals(paramType.getName()) ||
+ "boolean".equals(paramType.getName())) {
params[0] = Boolean.valueOf(value);
if (actualMethod != null) {
if ("java.lang.Boolean".equals(paramType.getName())) {
- actualMethod.append(method.getName()).append("(Boolean.valueOf(\"").append(value).append("\"))");
+ actualMethod.append(method.getName()).append("(Boolean.valueOf(\"").append(value)
+ .append("\"))");
} else {
- actualMethod.append(method.getName()).append("(Boolean.parseBoolean(\"").append(value).append("\"))");
+ actualMethod.append(method.getName()).append("(Boolean.parseBoolean(\"").append(value)
+ .append("\"))");
}
}
// Try a setFoo ( InetAddress )
- } else if ("java.net.InetAddress".equals(paramType
- .getName())) {
+ } else if ("java.net.InetAddress".equals(paramType.getName())) {
try {
params[0] = InetAddress.getByName(value);
} catch (UnknownHostException exc) {
@@ -150,13 +151,13 @@
ok = false;
}
if (actualMethod != null) {
- actualMethod.append(method.getName()).append("(InetAddress.getByName(\"").append(value).append("\"))");
+ actualMethod.append(method.getName()).append("(InetAddress.getByName(\"").append(value)
+ .append("\"))");
}
// Unknown type
} else {
if (log.isTraceEnabled()) {
- log.trace("IntrospectionUtils: Unknown type " +
- paramType.getName());
+ log.trace("IntrospectionUtils: Unknown type " + paramType.getName());
}
}
@@ -178,25 +179,24 @@
}
// Ok, no setXXX found, try a setProperty("name", "value")
- if (invokeSetProperty && (setPropertyMethodBool != null ||
- setPropertyMethodVoid != null)) {
+ if (invokeSetProperty && (setPropertyMethodBool != null || setPropertyMethodVoid != null)) {
if (actualMethod != null) {
- actualMethod.append("setProperty(\"").append(name).append("\", \"").append(escape(value)).append("\")");
+ actualMethod.append("setProperty(\"").append(name).append("\", \"").append(escape(value))
+ .append("\")");
}
Object[] params = new Object[2];
params[0] = name;
params[1] = value;
if (setPropertyMethodBool != null) {
try {
- return ((Boolean) setPropertyMethodBool.invoke(o,
- params)).booleanValue();
- }catch (IllegalArgumentException biae) {
- //the boolean method had the wrong
- //parameter types. let's try the other
- if (setPropertyMethodVoid!=null) {
+ return ((Boolean) setPropertyMethodBool.invoke(o, params)).booleanValue();
+ } catch (IllegalArgumentException biae) {
+ // the boolean method had the wrong
+ // parameter types. let's try the other
+ if (setPropertyMethodVoid != null) {
setPropertyMethodVoid.invoke(o, params);
return true;
- }else {
+ } else {
throw biae;
}
}
@@ -216,8 +216,8 @@
}
/**
- * @param s
- * the input string
+ * @param s the input string
+ *
* @return escaped string, per Java rule
*/
public static String escape(String s) {
@@ -291,36 +291,29 @@
}
/**
- * Replaces ${NAME} in the value with the value of the property 'NAME'.
- * Replaces ${NAME:DEFAULT} with the value of the property 'NAME:DEFAULT',
- * if the property 'NAME:DEFAULT' is not set,
- * the expression is replaced with the value of the property 'NAME',
- * if the property 'NAME' is not set,
- * the expression is replaced with 'DEFAULT'.
- * If the property is not set and there is no default the value will be
- * returned unmodified.
+ * Replaces ${NAME} in the value with the value of the property 'NAME'. Replaces ${NAME:DEFAULT} with the value of
+ * the property 'NAME:DEFAULT', if the property 'NAME:DEFAULT' is not set, the expression is replaced with the value
+ * of the property 'NAME', if the property 'NAME' is not set, the expression is replaced with 'DEFAULT'. If the
+ * property is not set and there is no default the value will be returned unmodified.
*
- * @param value The value
- * @param staticProp Replacement properties
+ * @param value The value
+ * @param staticProp Replacement properties
* @param dynamicProp Replacement properties
- * @param classLoader Class loader associated with the code requesting the
- * property
+ * @param classLoader Class loader associated with the code requesting the property
*
* @return the replacement value
*/
- public static String replaceProperties(String value,
- Hashtable staticProp, PropertySource[] dynamicProp,
- ClassLoader classLoader) {
- return replaceProperties(value, staticProp, dynamicProp, classLoader, 0);
+ public static String replaceProperties(String value, Hashtable staticProp,
+ PropertySource[] dynamicProp, ClassLoader classLoader) {
+ return replaceProperties(value, staticProp, dynamicProp, classLoader, 0);
}
- private static String replaceProperties(String value,
- Hashtable staticProp, PropertySource[] dynamicProp,
- ClassLoader classLoader, int iterationCount) {
+ private static String replaceProperties(String value, Hashtable staticProp,
+ PropertySource[] dynamicProp, ClassLoader classLoader, int iterationCount) {
if (value == null || !value.contains("${")) {
return value;
}
- if (iterationCount >=20) {
+ if (iterationCount >= 20) {
log.warn(sm.getString("introspectionUtils.tooManyIterations", value));
return value;
}
@@ -378,11 +371,11 @@
if (log.isTraceEnabled()) {
log.trace("IntrospectionUtils.replaceProperties iter on: " + newval);
}
- return replaceProperties(newval, staticProp, dynamicProp, classLoader, iterationCount+1);
+ return replaceProperties(newval, staticProp, dynamicProp, classLoader, iterationCount + 1);
}
- private static String getProperty(String name, Hashtable staticProp,
- PropertySource[] dynamicProp, ClassLoader classLoader) {
+ private static String getProperty(String name, Hashtable staticProp, PropertySource[] dynamicProp,
+ ClassLoader classLoader) {
String v = null;
if (staticProp != null) {
v = (String) staticProp.get(name);
@@ -404,7 +397,9 @@
/**
* Reverse of Introspector.decapitalize.
+ *
* @param name The name
+ *
* @return the capitalized string
*/
public static String capitalize(String name) {
@@ -434,8 +429,7 @@
return methods;
}
- public static Method findMethod(Class c, String name,
- Class[] params) {
+ public static Method findMethod(Class c, String name, Class[] params) {
Method[] methods = findMethods(c);
for (Method method : methods) {
if (method.getName().equals(name)) {
@@ -465,14 +459,13 @@
return null;
}
- public static Object callMethod1(Object target, String methodN,
- Object param1, String typeParam1, ClassLoader cl) throws Exception {
+ public static Object callMethod1(Object target, String methodN, Object param1, String typeParam1, ClassLoader cl)
+ throws Exception {
if (target == null || methodN == null || param1 == null) {
throw new IllegalArgumentException(sm.getString("introspectionUtils.nullParameter"));
}
if (log.isTraceEnabled()) {
- log.trace("IntrospectionUtils: callMethod1 " +
- target.getClass().getName() + " " +
+ log.trace("IntrospectionUtils: callMethod1 " + target.getClass().getName() + " " +
param1.getClass().getName() + " " + typeParam1);
}
@@ -484,7 +477,8 @@
}
Method m = findMethod(target.getClass(), methodN, params);
if (m == null) {
- throw new NoSuchMethodException(sm.getString("introspectionUtils.noMethod", methodN, target, target.getClass()));
+ throw new NoSuchMethodException(
+ sm.getString("introspectionUtils.noMethod", methodN, target, target.getClass()));
}
try {
return m.invoke(target, param1);
@@ -494,8 +488,8 @@
}
}
- public static Object callMethodN(Object target, String methodN,
- Object[] params, Class[] typeParams) throws Exception {
+ public static Object callMethodN(Object target, String methodN, Object[] params, Class[] typeParams)
+ throws Exception {
Method m = findMethod(target.getClass(), methodN, typeParams);
if (m == null) {
if (log.isDebugEnabled()) {
@@ -529,57 +523,50 @@
Object result = null;
if ("java.lang.String".equals(paramType.getName())) {
result = object;
- } else if ("java.lang.Integer".equals(paramType.getName())
- || "int".equals(paramType.getName())) {
+ } else if ("java.lang.Integer".equals(paramType.getName()) || "int".equals(paramType.getName())) {
try {
result = Integer.valueOf(object);
} catch (NumberFormatException ex) {
}
// Try a setFoo ( boolean )
- } else if ("java.lang.Boolean".equals(paramType.getName())
- || "boolean".equals(paramType.getName())) {
+ } else if ("java.lang.Boolean".equals(paramType.getName()) || "boolean".equals(paramType.getName())) {
result = Boolean.valueOf(object);
// Try a setFoo ( InetAddress )
- } else if ("java.net.InetAddress".equals(paramType
- .getName())) {
+ } else if ("java.net.InetAddress".equals(paramType.getName())) {
try {
result = InetAddress.getByName(object);
} catch (UnknownHostException exc) {
if (log.isDebugEnabled()) {
- log.debug(sm.getString("introspectionUtils.hostResolutionFail", object));
+ log.debug(sm.getString("introspectionUtils.hostResolutionFail", object), exc);
}
}
// Unknown type
} else {
if (log.isTraceEnabled()) {
- log.trace("IntrospectionUtils: Unknown type " +
- paramType.getName());
+ log.trace("IntrospectionUtils: Unknown type " + paramType.getName());
}
}
if (result == null) {
- throw new IllegalArgumentException(sm.getString("introspectionUtils.conversionError", object, paramType.getName()));
+ throw new IllegalArgumentException(
+ sm.getString("introspectionUtils.conversionError", object, paramType.getName()));
}
return result;
}
/**
- * Checks to see if the specified class is an instance of or assignable from
- * the specified type. The class clazz, all its superclasses,
- * interfaces and those superinterfaces are tested for a match against
- * the type name type.
- * This is similar to instanceof or {@link Class#isAssignableFrom}
- * except that the target type will not be resolved into a Class
- * object, which provides some security and memory benefits.
+ * Checks to see if the specified class is an instance of or assignable from the specified type. The class
+ * clazz, all its superclasses, interfaces and those superinterfaces are tested for a match against the
+ * type name type. This is similar to instanceof or {@link Class#isAssignableFrom} except
+ * that the target type will not be resolved into a Class object, which provides some security and memory benefits.
*
* @param clazz The class to test for a match.
- * @param type The name of the type that clazz must be.
+ * @param type The name of the type that clazz must be.
*
- * @return true if the clazz tested is an
- * instance of the specified type,
- * false otherwise.
+ * @return true if the clazz tested is an instance of the specified type,
+ * false otherwise.
*/
public static boolean isInstance(Class clazz, String type) {
if (type.equals(clazz.getName())) {
@@ -613,19 +600,16 @@
public interface SecurePropertySource extends PropertySource {
/**
- * Obtain a property value, checking that code associated with the
- * provided class loader has permission to access the property. If the
- * {@code classLoader} is {@code null} or if {@code classLoader} does
- * not implement {@link PermissionCheck} then the property value will be
- * looked up without a call to
+ * Obtain a property value, checking that code associated with the provided class loader has permission to
+ * access the property. If the {@code classLoader} is {@code null} or if {@code classLoader} does not implement
+ * {@link PermissionCheck} then the property value will be looked up without a call to
* {@link PermissionCheck#check(java.security.Permission)}
*
- * @param key The key of the requested property
- * @param classLoader The class loader associated with the code that
- * trigger the property lookup
- * @return The property value or {@code null} if it could not be found
- * or if {@link PermissionCheck#check(java.security.Permission)}
- * fails
+ * @param key The key of the requested property
+ * @param classLoader The class loader associated with the code that trigger the property lookup
+ *
+ * @return The property value or {@code null} if it could not be found or if
+ * {@link PermissionCheck#check(java.security.Permission)} fails
*/
String getProperty(String key, ClassLoader classLoader);
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/MultiThrowable.java tomcat10-10.1.52/java/org/apache/tomcat/util/MultiThrowable.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/MultiThrowable.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/MultiThrowable.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,9 +21,8 @@
import java.util.List;
/**
- * Wraps a list of throwables as a single throwable. This is intended to be used
- * when multiple actions are taken where each may throw an exception but all
- * actions are taken before any errors are reported.
+ * Wraps a list of throwables as a single throwable. This is intended to be used when multiple actions are taken where
+ * each may throw an exception but all actions are taken before any errors are reported.
*
* This class is NOT threadsafe.
*/
@@ -52,9 +51,8 @@
/**
- * @return {@code null} if there are no wrapped throwables, the Throwable if
- * there is a single wrapped throwable or the current instance of
- * there are multiple wrapped throwables
+ * @return {@code null} if there are no wrapped throwables, the Throwable if there is a single wrapped throwable or
+ * the current instance of there are multiple wrapped throwables
*/
public Throwable getThrowable() {
if (size() == 0) {
@@ -76,10 +74,9 @@
/**
- * Overrides the default implementation to provide a concatenation of the
- * messages associated with each of the wrapped throwables. Note that the
- * format of the returned String is not guaranteed to be fixed and may
- * change in a future release.
+ * Overrides the default implementation to provide a concatenation of the messages associated with each of the
+ * wrapped throwables. Note that the format of the returned String is not guaranteed to be fixed and may change in a
+ * future release.
*/
@Override
public String toString() {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/XReflectionIntrospectionUtils.java tomcat10-10.1.52/java/org/apache/tomcat/util/XReflectionIntrospectionUtils.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/XReflectionIntrospectionUtils.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/XReflectionIntrospectionUtils.java 2026-01-23 19:33:36.000000000 +0000
@@ -25,8 +25,8 @@
/**
* Always throws {@link UnsupportedOperationException}
*
- * @param o Unused
- * @param name Unused
+ * @param o Unused
+ * @param name Unused
*
* @return Never returns normally
*/
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/bcel/Const.java tomcat10-10.1.52/java/org/apache/tomcat/util/bcel/Const.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/bcel/Const.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/bcel/Const.java 2026-01-23 19:33:36.000000000 +0000
@@ -269,6 +269,22 @@
public static final short MAJOR_24 = 68;
/**
+ * Minor version number of class files for Java 25: {@value}.
+ *
+ * @see #MAJOR_25
+ * @since 6.11.0
+ */
+ public static final short MINOR_25 = 0;
+
+ /**
+ * Major version number of class files for Java 25: {@value}.
+ *
+ * @see #MINOR_25
+ * @since 6.11.0
+ */
+ public static final short MAJOR_25 = 69;
+
+ /**
* Get the CONSTANT_NAMES entry at the given index.
*
* @param index index into {@code CONSTANT_NAMES}.
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/bcel/classfile/Utility.java tomcat10-10.1.52/java/org/apache/tomcat/util/bcel/classfile/Utility.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/bcel/classfile/Utility.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/bcel/classfile/Utility.java 2026-01-23 19:33:36.000000000 +0000
@@ -28,10 +28,7 @@
final class Utility {
/**
- * Shorten long class name str, i.e., chop off the prefix,
- * if the
- * class name starts with this string and the flag chopit is true.
- * Slashes / are converted to dots ..
+ * Shorten long class names, java/lang/String becomes String.
*
* @param str The long class name
* @return Compacted class name
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/buf/AbstractChunk.java tomcat10-10.1.52/java/org/apache/tomcat/util/buf/AbstractChunk.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/buf/AbstractChunk.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/buf/AbstractChunk.java 2026-01-23 19:33:36.000000000 +0000
@@ -85,6 +85,7 @@
/**
* Set the start position of the data in the buffer.
+ *
* @param start the new start position
*/
public void setStart(int start) {
@@ -105,6 +106,7 @@
/**
* Set the end position of the data in the buffer.
+ *
* @param end the new end position
*/
public void setEnd(int end) {
@@ -114,6 +116,7 @@
/**
* @return start
+ *
* @deprecated Unused. This method will be removed in Tomcat 12.
*/
@Deprecated
@@ -123,7 +126,9 @@
/**
* Set start.
+ *
* @param off the new start
+ *
* @deprecated Unused. This method will be removed in Tomcat 12.
*/
@Deprecated
@@ -155,15 +160,15 @@
/**
- * Return the index of the first occurrence of the subsequence of
- * the given String, or -1 if it is not found.
+ * Return the index of the first occurrence of the subsequence of the given String, or -1 if it is not found.
*
- * @param src the String to look for
+ * @param src the String to look for
* @param srcStart the subsequence start in the String
- * @param srcLen the subsequence length in the String
+ * @param srcLen the subsequence length in the String
* @param myOffset the index on which to start the search in the buffer
- * @return the position of the first character of the first occurrence
- * of the subsequence in the buffer, or -1 if not found
+ *
+ * @return the position of the first character of the first occurrence of the subsequence in the buffer, or -1 if
+ * not found
*/
public int indexOf(String src, int srcStart, int srcLen, int myOffset) {
char first = src.charAt(srcStart);
@@ -171,7 +176,8 @@
// Look for first char
int srcEnd = srcStart + srcLen;
- mainLoop: for (int i = myOffset + start; i <= (end - srcLen); i++) {
+ mainLoop:
+ for (int i = myOffset + start; i <= (end - srcLen); i++) {
if (getBufferElement(i) != first) {
continue;
}
@@ -225,6 +231,7 @@
/**
* @param index the element location in the buffer
+ *
* @return the element
*/
protected abstract int getBufferElement(int index);
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/buf/Ascii.java tomcat10-10.1.52/java/org/apache/tomcat/util/buf/Ascii.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/buf/Ascii.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/buf/Ascii.java 2026-01-23 19:33:36.000000000 +0000
@@ -18,9 +18,6 @@
/**
* This class implements some basic ASCII character handling functions.
- *
- * @author dac@eng.sun.com
- * @author James Todd [gonzo@eng.sun.com]
*/
public final class Ascii {
/*
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/buf/ByteChunk.java tomcat10-10.1.52/java/org/apache/tomcat/util/buf/ByteChunk.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/buf/ByteChunk.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/buf/ByteChunk.java 2026-01-23 19:33:36.000000000 +0000
@@ -41,22 +41,13 @@
* chars and Strings until the strings are needed. In addition, the charset is determined later, from headers or user
* code.
*
- * In a server it is very important to be able to operate on
- * the original byte[] without converting everything to chars.
- * Some protocols are ASCII only, and some allow different
- * non-UNICODE encodings. The encoding is not known beforehand,
- * and can even change during the execution of the protocol.
- * ( for example a multipart message may have parts with different
- * encoding )
+ * In a server it is very important to be able to operate on the original byte[] without converting everything to chars.
+ * Some protocols are ASCII only, and some allow different non-UNICODE encodings. The encoding is not known beforehand,
+ * and can even change during the execution of the protocol. ( for example a multipart message may have parts with
+ * different encoding )
*
- * For HTTP, it is not very clear how the encoding of RequestURI
- * and mime values can be determined, but it is a great advantage
- * to be able to parse the request without converting to string.
- *
- * @author dac@sun.com
- * @author James Todd [gonzo@sun.com]
- * @author Costin Manolache
- * @author Remy Maucherat
+ * For HTTP, it is not very clear how the encoding of RequestURI and mime values can be determined, but it is a great
+ * advantage to be able to parse the request without converting to string.
*/
public final class ByteChunk extends AbstractChunk {
@@ -566,7 +557,8 @@
// entire byte array. This is expensive if only a small subset of the
// bytes will be used. The code below is from Apache Harmony.
CharBuffer cb;
- if (malformedInputAction == CodingErrorAction.REPLACE && unmappableCharacterAction == CodingErrorAction.REPLACE) {
+ if (malformedInputAction == CodingErrorAction.REPLACE &&
+ unmappableCharacterAction == CodingErrorAction.REPLACE) {
cb = charset.decode(ByteBuffer.wrap(buff, start, end - start));
} else {
cb = charset.newDecoder().onMalformedInput(malformedInputAction)
@@ -701,9 +693,10 @@
*
* NOTE: This only works for characters in the range 0-127.
*
- * @param c2 the array to compare to
+ * @param c2 the array to compare to
* @param off2 offset
* @param len2 length
+ *
* @return true if the comparison succeeded, false otherwise
*/
public boolean equals(char[] c2, int off2, int len2) {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/buf/CharChunk.java tomcat10-10.1.52/java/org/apache/tomcat/util/buf/CharChunk.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/buf/CharChunk.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/buf/CharChunk.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,11 +21,6 @@
/**
* Utilities to manipulate char chunks. While String is the easiest way to manipulate chars ( search, substrings, etc),
* it is known to not be the most efficient solution - Strings are designed as immutable and secure objects.
- *
- * @author dac@sun.com
- * @author James Todd [gonzo@sun.com]
- * @author Costin Manolache
- * @author Remy Maucherat
*/
public final class CharChunk extends AbstractChunk implements CharSequence {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/buf/HexUtils.java tomcat10-10.1.52/java/org/apache/tomcat/util/buf/HexUtils.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/buf/HexUtils.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/buf/HexUtils.java 2026-01-23 19:33:36.000000000 +0000
@@ -21,8 +21,6 @@
/**
* Tables useful when converting byte arrays to and from strings of hexadecimal digits. Code from Ajp11, from Apache's
* JServ.
- *
- * @author Craig R. McClanahan
*/
public final class HexUtils {
@@ -33,9 +31,9 @@
/**
* Table for HEX to DEC byte translation.
*/
- private static final int[] DEC = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -1, -1, -1, -1, -1, -1, -1, 10, 11, 12, 13,
- 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, 10, 11, 12, 13, 14, 15, };
+ private static final int[] DEC = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -1, -1, -1, -1, -1, -1, -1, 10, 11, 12, 13, 14, 15,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 10,
+ 11, 12, 13, 14, 15, };
/**
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/buf/MessageBytes.java tomcat10-10.1.52/java/org/apache/tomcat/util/buf/MessageBytes.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/buf/MessageBytes.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/buf/MessageBytes.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,10 +31,6 @@
*
* The object can represent a byte[], a char[], or a (sub) String. All operations can be made in case-sensitive mode or
* not.
- *
- * @author dac@eng.sun.com
- * @author James Todd [gonzo@eng.sun.com]
- * @author Costin Manolache
*/
public final class MessageBytes implements Cloneable, Serializable {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/buf/StringCache.java tomcat10-10.1.52/java/org/apache/tomcat/util/buf/StringCache.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/buf/StringCache.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/buf/StringCache.java 2026-01-23 19:33:36.000000000 +0000
@@ -31,8 +31,6 @@
/**
* This class implements a String cache for ByteChunk and CharChunk.
- *
- * @author Remy Maucherat
*/
public class StringCache {
@@ -481,8 +479,8 @@
*
* @return the corresponding value
*
- * @deprecated Unused. Will be removed in Tomcat 11.
- * Use {@link #find(ByteChunk, CodingErrorAction, CodingErrorAction)}
+ * @deprecated Unused. Will be removed in Tomcat 11. Use
+ * {@link #find(ByteChunk, CodingErrorAction, CodingErrorAction)}
*/
@Deprecated
protected static final String find(ByteChunk name) {
@@ -500,7 +498,7 @@
* @return the corresponding value
*/
protected static String find(ByteChunk name, CodingErrorAction malformedInputAction,
- CodingErrorAction unmappableCharacterAction) {
+ CodingErrorAction unmappableCharacterAction) {
int pos = findClosest(name, bcCache, bcCache.length);
if ((pos < 0) || (compare(name, bcCache[pos].name) != 0) || !(name.getCharset().equals(bcCache[pos].charset)) ||
!malformedInputAction.equals(bcCache[pos].malformedInputAction) ||
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/buf/StringUtils.java tomcat10-10.1.52/java/org/apache/tomcat/util/buf/StringUtils.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/buf/StringUtils.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/buf/StringUtils.java 2026-01-23 19:33:36.000000000 +0000
@@ -101,11 +101,11 @@
}
/**
- * Splits a comma-separated string into an array of String values.
- * Whitespace around the commas is removed.
- * Null or empty values will return a zero-element array.
+ * Splits a comma-separated string into an array of String values. Whitespace around the commas is removed. Null or
+ * empty values will return a zero-element array.
*
* @param s The string to split by commas.
+ *
* @return An array of String values.
*/
public static String[] splitCommaSeparated(String s) {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/buf/UDecoder.java tomcat10-10.1.52/java/org/apache/tomcat/util/buf/UDecoder.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/buf/UDecoder.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/buf/UDecoder.java 2026-01-23 19:33:36.000000000 +0000
@@ -28,8 +28,6 @@
/**
* All URL decoding happens here. This way we can reuse, review, optimize without adding complexity to the buffers. The
* conversion will modify the original buffer.
- *
- * @author Costin Manolache
*/
public final class UDecoder {
@@ -101,10 +99,8 @@
* URLDecode, will modify the source. Assumes source bytes are encoded using a superset of US-ASCII as per RFC 7230.
*
* @param mb The URL encoded bytes
- * @param encodedSolidusHandling How should the %2f sequence handled by the decoder? For query strings this
- * parameter will be ignored and the %2f sequence will be decoded
- * @param encodedReverseSolidusHandling How should the %5c sequence handled by the decoder? For query strings this
- * parameter will be ignored and the %5c sequence will be decoded
+ * @param encodedSolidusHandling How should the %2f sequence handled by the decoder?
+ * @param encodedReverseSolidusHandling How should the %5c sequence handled by the decoder?
*
* @throws IOException Invalid %xx URL encoding
*/
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/buf/UEncoder.java tomcat10-10.1.52/java/org/apache/tomcat/util/buf/UEncoder.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/buf/UEncoder.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/buf/UEncoder.java 2026-01-23 19:33:36.000000000 +0000
@@ -24,8 +24,6 @@
* Efficient implementation of a UTF-8 encoder. This class is not thread safe - you need one encoder per thread. The
* encoder will save and recycle the internal objects, avoiding garbage. You can add extra characters that you want
* preserved, for example while encoding a URL you can add "/".
- *
- * @author Costin Manolache
*/
public final class UEncoder {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/codec/binary/Base64.java tomcat10-10.1.52/java/org/apache/tomcat/util/codec/binary/Base64.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/codec/binary/Base64.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/codec/binary/Base64.java 2026-01-23 19:33:36.000000000 +0000
@@ -18,7 +18,6 @@
/**
* Provides Base64 encoding and decoding as defined by RFC 2045.
- *
*
* This class implements section 6.8. Base64 Content-Transfer-Encoding from RFC 2045 Multipurpose
* Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies by Freed and Borenstein.
@@ -36,15 +35,15 @@
* The URL-safe parameter is only applied to encode operations. Decoding seamlessly handles both modes.
*
*
- * Since this class operates directly on byte streams, and not character streams, it is hard-coded to only
- * encode/decode character encodings which are compatible with the lower 127 ASCII chart (ISO-8859-1, Windows-1252,
- * UTF-8, etc).
+ * Since this class operates directly on byte streams, and not character streams, it is hard-coded to only encode/decode
+ * character encodings which are compatible with the lower 127 ASCII chart (ISO-8859-1, Windows-1252, UTF-8, etc).
*
*
* This class is thread-safe.
*
*
* @see RFC 2045
+ *
* @since 1.0
*
* @deprecated Unused. This class will be removed in Tomcat 11 onwards.
@@ -53,8 +52,7 @@
public class Base64 extends BaseNCodec {
/**
- * BASE64 characters are 6 bits in length.
- * They are formed by taking a block of 3 octets to form a 24-bit string,
+ * BASE64 characters are 6 bits in length. They are formed by taking a block of 3 octets to form a 24-bit string,
* which is converted into 4 BASE64 characters.
*/
private static final int BITS_PER_ENCODED_BYTE = 6;
@@ -69,30 +67,23 @@
* https://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
*
*/
- private static final byte[] STANDARD_ENCODE_TABLE = {
- 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
- 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
- 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
- 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
- '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/'
- };
+ private static final byte[] STANDARD_ENCODE_TABLE = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L',
+ 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g',
+ 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1',
+ '2', '3', '4', '5', '6', '7', '8', '9', '+', '/' };
/**
- * This is a copy of the STANDARD_ENCODE_TABLE above, but with + and /
- * changed to - and _ to make the encoded Base64 results more URL-SAFE.
- * This table is only used when the Base64's mode is set to URL-SAFE.
- */
- private static final byte[] URL_SAFE_ENCODE_TABLE = {
- 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
- 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
- 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
- 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
- '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '-', '_'
- };
+ * This is a copy of the STANDARD_ENCODE_TABLE above, but with + and / changed to - and _ to make the encoded Base64
+ * results more URL-SAFE. This table is only used when the Base64's mode is set to URL-SAFE.
+ */
+ private static final byte[] URL_SAFE_ENCODE_TABLE = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L',
+ 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g',
+ 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1',
+ '2', '3', '4', '5', '6', '7', '8', '9', '-', '_' };
/**
- * This array is a lookup table that translates Unicode characters drawn from the "Base64 Alphabet" (as specified
- * in Table 1 of RFC 2045) into their 6-bit positive integer equivalents. Characters that are not in the Base64
+ * This array is a lookup table that translates Unicode characters drawn from the "Base64 Alphabet" (as specified in
+ * Table 1 of RFC 2045) into their 6-bit positive integer equivalents. Characters that are not in the Base64
* alphabet but fall within the bounds of the array are translated to -1.
*
* Note: '+' and '-' both decode to 62. '/' and '_' both decode to 63. This means decoder seamlessly handles both
@@ -103,6 +94,7 @@
* https://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
*
*/
+ // @formatter:off
private static final byte[] STANDARD_DECODE_TABLE = {
// 0 1 2 3 4 5 6 7 8 9 A B C D E F
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, // 00-0f
@@ -125,7 +117,8 @@
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, 63, // 50-5f P-Z _
-1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, // 60-6f a-o
41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51 // 70-7a p-z
- };
+ };
+ // @formatter:on
/*
* Base64 uses 6-bit fields.
@@ -141,8 +134,7 @@
// The private member fields below are used with the new streaming approach, which requires
// some state be preserved between calls of encode() and decode().
- public static byte[] decodeBase64(
- final byte[] base64Data, final int off, final int len) {
+ public static byte[] decodeBase64(final byte[] base64Data, final int off, final int len) {
return new Base64().decode(base64Data, off, len);
}
@@ -152,9 +144,10 @@
* Note: this method seamlessly handles data encoded in URL-safe or normal mode.
*
*
- * @param base64String
- * String containing Base64 data
+ * @param base64String String containing Base64 data
+ *
* @return Array containing decoded data.
+ *
* @since 1.4
*/
public static byte[] decodeBase64(final String base64String) {
@@ -169,13 +162,13 @@
/**
* Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks.
*
- * @param binaryData
- * Array containing binary data to encode.
- * @param isChunked
- * if {@code true} this encoder will chunk the base64 output into 76 character blocks
+ * @param binaryData Array containing binary data to encode.
+ * @param isChunked if {@code true} this encoder will chunk the base64 output into 76 character blocks
+ *
* @return Base64-encoded data.
- * @throws IllegalArgumentException
- * Thrown when the input array needs an output array bigger than {@link Integer#MAX_VALUE}
+ *
+ * @throws IllegalArgumentException Thrown when the input array needs an output array bigger than
+ * {@link Integer#MAX_VALUE}
*/
public static byte[] encodeBase64(final byte[] binaryData, final boolean isChunked) {
return encodeBase64(binaryData, isChunked, false);
@@ -184,16 +177,16 @@
/**
* Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks.
*
- * @param binaryData
- * Array containing binary data to encode.
- * @param isChunked
- * if {@code true} this encoder will chunk the base64 output into 76 character blocks
- * @param urlSafe
- * if {@code true} this encoder will emit - and _ instead of the usual + and / characters.
- * Note: no padding is added when encoding using the URL-safe alphabet.
+ * @param binaryData Array containing binary data to encode.
+ * @param isChunked if {@code true} this encoder will chunk the base64 output into 76 character blocks
+ * @param urlSafe if {@code true} this encoder will emit - and _ instead of the usual + and / characters.
+ * Note: no padding is added when encoding using the URL-safe alphabet.
+ *
* @return Base64-encoded data.
- * @throws IllegalArgumentException
- * Thrown when the input array needs an output array bigger than {@link Integer#MAX_VALUE}
+ *
+ * @throws IllegalArgumentException Thrown when the input array needs an output array bigger than
+ * {@link Integer#MAX_VALUE}
+ *
* @since 1.4
*/
public static byte[] encodeBase64(final byte[] binaryData, final boolean isChunked, final boolean urlSafe) {
@@ -203,22 +196,20 @@
/**
* Encodes binary data using the base64 algorithm, optionally chunking the output into 76 character blocks.
*
- * @param binaryData
- * Array containing binary data to encode.
- * @param isChunked
- * if {@code true} this encoder will chunk the base64 output into 76 character blocks
- * @param urlSafe
- * if {@code true} this encoder will emit - and _ instead of the usual + and / characters.
- * Note: no padding is added when encoding using the URL-safe alphabet.
- * @param maxResultSize
- * The maximum result size to accept.
+ * @param binaryData Array containing binary data to encode.
+ * @param isChunked if {@code true} this encoder will chunk the base64 output into 76 character blocks
+ * @param urlSafe if {@code true} this encoder will emit - and _ instead of the usual + and / characters.
+ * Note: no padding is added when encoding using the URL-safe alphabet.
+ * @param maxResultSize The maximum result size to accept.
+ *
* @return Base64-encoded data.
- * @throws IllegalArgumentException
- * Thrown when the input array needs an output array bigger than maxResultSize
+ *
+ * @throws IllegalArgumentException Thrown when the input array needs an output array bigger than maxResultSize
+ *
* @since 1.4
*/
- public static byte[] encodeBase64(final byte[] binaryData, final boolean isChunked,
- final boolean urlSafe, final int maxResultSize) {
+ public static byte[] encodeBase64(final byte[] binaryData, final boolean isChunked, final boolean urlSafe,
+ final int maxResultSize) {
if (binaryData == null || binaryData.length == 0) {
return binaryData;
}
@@ -228,23 +219,22 @@
final Base64 b64 = isChunked ? new Base64(urlSafe) : new Base64(0, CHUNK_SEPARATOR, urlSafe);
final long len = b64.getEncodedLength(binaryData);
if (len > maxResultSize) {
- throw new IllegalArgumentException(sm.getString(
- "base64.inputTooLarge", Long.valueOf(len), Integer.valueOf(maxResultSize)));
+ throw new IllegalArgumentException(
+ sm.getString("base64.inputTooLarge", Long.valueOf(len), Integer.valueOf(maxResultSize)));
}
return b64.encode(binaryData);
}
/**
- * Encodes binary data using the base64 algorithm but does not chunk the output.
+ * Encodes binary data using the base64 algorithm but does not chunk the output. NOTE: We changed the behavior of
+ * this method from multi-line chunking (commons-codec-1.4) to single-line non-chunking (commons-codec-1.5).
*
- * NOTE: We changed the behavior of this method from multi-line chunking (commons-codec-1.4) to
- * single-line non-chunking (commons-codec-1.5).
+ * @param binaryData binary data to encode
*
- * @param binaryData
- * binary data to encode
* @return String containing Base64 characters.
- * @since 1.4 (NOTE: 1.4 chunked the output, whereas 1.5 does not).
+ *
+ * @since 1.4 (NOTE: 1.4 chunked the output, whereas 1.5 does not).
*/
public static String encodeBase64String(final byte[] binaryData) {
return StringUtils.newStringUsAscii(encodeBase64(binaryData, false));
@@ -252,11 +242,12 @@
/**
* Encodes binary data using a URL-safe variation of the base64 algorithm but does not chunk the output. The
- * url-safe variation emits - and _ instead of + and / characters.
- * Note: no padding is added.
- * @param binaryData
- * binary data to encode
+ * url-safe variation emits - and _ instead of + and / characters. Note: no padding is added.
+ *
+ * @param binaryData binary data to encode
+ *
* @return String containing Base64 characters
+ *
* @since 1.4
*/
public static String encodeBase64URLSafeString(final byte[] binaryData) {
@@ -264,24 +255,22 @@
}
/**
- * Validates whether decoding the final trailing character is possible in the context
- * of the set of possible base 64 values.
+ * Validates whether decoding the final trailing character is possible in the context of the set of possible base 64
+ * values.
*
- * The character is valid if the lower bits within the provided mask are zero. This
- * is used to test the final trailing base-64 digit is zero in the bits that will be discarded.
+ * The character is valid if the lower bits within the provided mask are zero. This is used to test the final
+ * trailing base-64 digit is zero in the bits that will be discarded.
*
*
* @param emptyBitsMask The mask of the lower bits that should be empty
- * @param context the context to be used
+ * @param context the context to be used
*
* @throws IllegalArgumentException if the bits being checked contain any non-zero value
*/
private static void validateCharacter(final int emptyBitsMask, final Context context) {
if ((context.ibitWorkArea & emptyBitsMask) != 0) {
- throw new IllegalArgumentException(
- "Last encoded character (before the paddings if any) is a valid " +
- "base 64 alphabet but not a possible value. " +
- "Expected the discarded bits to be zero.");
+ throw new IllegalArgumentException("Last encoded character (before the paddings if any) is a valid " +
+ "base 64 alphabet but not a possible value. " + "Expected the discarded bits to be zero.");
}
}
@@ -327,7 +316,6 @@
*
* When encoding the line length is 0 (no chunking), and the encoding table is STANDARD_ENCODE_TABLE.
*
- *
*
* When decoding all variants are supported.
*
@@ -341,14 +329,12 @@
*
* When encoding the line length is 76, the line separator is CRLF, and the encoding table is STANDARD_ENCODE_TABLE.
*
- *
*
* When decoding all variants are supported.
*
*
- * @param urlSafe
- * if {@code true}, URL-safe encoding is used. In most cases this should be set to
- * {@code false}.
+ * @param urlSafe if {@code true}, URL-safe encoding is used. In most cases this should be set to {@code false}.
+ *
* @since 1.4
*/
public Base64(final boolean urlSafe) {
@@ -368,10 +354,10 @@
* When decoding all variants are supported.
*
*
- * @param lineLength
- * Each line of encoded data will be at most of the given length (rounded down to the nearest multiple of
- * 4). If lineLength <= 0, then the output will not be divided into lines (chunks). Ignored when
- * decoding.
+ * @param lineLength Each line of encoded data will be at most of the given length (rounded down to the nearest
+ * multiple of 4). If lineLength <= 0, then the output will not be divided into lines
+ * (chunks). Ignored when decoding.
+ *
* @since 1.4
*/
public Base64(final int lineLength) {
@@ -391,14 +377,13 @@
* When decoding all variants are supported.
*
*
- * @param lineLength
- * Each line of encoded data will be at most of the given length (rounded down to the nearest multiple of
- * 4). If lineLength <= 0, then the output will not be divided into lines (chunks). Ignored when
- * decoding.
- * @param lineSeparator
- * Each line of encoded data will end with this sequence of bytes.
- * @throws IllegalArgumentException
- * Thrown when the provided lineSeparator included some base64 characters.
+ * @param lineLength Each line of encoded data will be at most of the given length (rounded down to the nearest
+ * multiple of 4). If lineLength <= 0, then the output will not be divided into lines
+ * (chunks). Ignored when decoding.
+ * @param lineSeparator Each line of encoded data will end with this sequence of bytes.
+ *
+ * @throws IllegalArgumentException Thrown when the provided lineSeparator included some base64 characters.
+ *
* @since 1.4
*/
public Base64(final int lineLength, final byte[] lineSeparator) {
@@ -418,23 +403,20 @@
* When decoding all variants are supported.
*
*
- * @param lineLength
- * Each line of encoded data will be at most of the given length (rounded down to the nearest multiple of
- * 4). If lineLength <= 0, then the output will not be divided into lines (chunks). Ignored when
- * decoding.
- * @param lineSeparator
- * Each line of encoded data will end with this sequence of bytes.
- * @param urlSafe
- * Instead of emitting '+' and '/' we emit '-' and '_' respectively. urlSafe is only applied to encode
- * operations. Decoding seamlessly handles both modes.
- * Note: no padding is added when using the URL-safe alphabet.
- * @throws IllegalArgumentException
- * Thrown when the {@code lineSeparator} contains Base64 characters.
+ * @param lineLength Each line of encoded data will be at most of the given length (rounded down to the nearest
+ * multiple of 4). If lineLength <= 0, then the output will not be divided into lines
+ * (chunks). Ignored when decoding.
+ * @param lineSeparator Each line of encoded data will end with this sequence of bytes.
+ * @param urlSafe Instead of emitting '+' and '/' we emit '-' and '_' respectively. urlSafe is only applied to
+ * encode operations. Decoding seamlessly handles both modes. Note: no padding is added
+ * when using the URL-safe alphabet.
+ *
+ * @throws IllegalArgumentException Thrown when the {@code lineSeparator} contains Base64 characters.
+ *
* @since 1.4
*/
public Base64(final int lineLength, final byte[] lineSeparator, final boolean urlSafe) {
- super(BYTES_PER_UNENCODED_BLOCK, BYTES_PER_ENCODED_BLOCK,
- lineLength,
+ super(BYTES_PER_UNENCODED_BLOCK, BYTES_PER_ENCODED_BLOCK, lineLength,
lineSeparator == null ? 0 : lineSeparator.length);
// Needs to be set early to avoid NPE during call to containsAlphabetOrPad() below
this.decodeTable = urlSafe ? URL_SAFE_DECODE_TABLE : STANDARD_DECODE_TABLE;
@@ -445,7 +427,7 @@
final String sep = StringUtils.newStringUtf8(lineSeparator);
throw new IllegalArgumentException(sm.getString("base64.lineSeparator", sep));
}
- if (lineLength > 0){ // null line-sep forces no chunking rather than throwing IAE
+ if (lineLength > 0) { // null line-sep forces no chunking rather than throwing IAE
this.encodeSize = BYTES_PER_ENCODED_BLOCK + lineSeparator.length;
this.lineSeparator = lineSeparator.clone();
} else {
@@ -478,14 +460,10 @@
* https://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
*
*
- * @param input
- * byte[] array of ASCII data to base64 decode.
- * @param inPos
- * Position to start reading data from.
- * @param inAvail
- * Amount of bytes available from input for decoding.
- * @param context
- * the context to be used
+ * @param input byte[] array of ASCII data to base64 decode.
+ * @param inPos Position to start reading data from.
+ * @param inAvail Amount of bytes available from input for decoding.
+ * @param context the context to be used
*/
@Override
void decode(final byte[] input, int inPos, final int inAvail, final Context context) {
@@ -506,7 +484,7 @@
if (b >= 0 && b < decodeTable.length) {
final int result = decodeTable[b];
if (result >= 0) {
- context.modulus = (context.modulus+1) % BYTES_PER_ENCODED_BLOCK;
+ context.modulus = (context.modulus + 1) % BYTES_PER_ENCODED_BLOCK;
context.ibitWorkArea = (context.ibitWorkArea << BITS_PER_ENCODED_BYTE) + result;
if (context.modulus == 0) {
buffer[context.pos++] = (byte) (context.ibitWorkArea >> 16 & MASK_8BITS);
@@ -526,22 +504,22 @@
// We have some spare bits remaining
// Output all whole multiples of 8 bits and ignore the rest
switch (context.modulus) {
-// case 0 : // impossible, as excluded above
-// case 1 : // 6 bits - invalid - use default below
- case 2 : // 12 bits = 8 + 4
+ // case 0 : // impossible, as excluded above
+ // case 1 : // 6 bits - invalid - use default below
+ case 2: // 12 bits = 8 + 4
validateCharacter(MASK_4BITS, context);
context.ibitWorkArea = context.ibitWorkArea >> 4; // dump the extra 4 bits
buffer[context.pos++] = (byte) (context.ibitWorkArea & MASK_8BITS);
break;
- case 3 : // 18 bits = 8 + 8 + 2
+ case 3: // 18 bits = 8 + 8 + 2
validateCharacter(MASK_2BITS, context);
context.ibitWorkArea = context.ibitWorkArea >> 2; // dump 2 bits
buffer[context.pos++] = (byte) (context.ibitWorkArea >> 8 & MASK_8BITS);
buffer[context.pos++] = (byte) (context.ibitWorkArea & MASK_8BITS);
break;
default:
- throw new IllegalStateException(sm.getString(
- "base64.impossibleModulus", Integer.valueOf(context.modulus)));
+ throw new IllegalStateException(
+ sm.getString("base64.impossibleModulus", Integer.valueOf(context.modulus)));
}
}
}
@@ -552,20 +530,18 @@
* the data to encode, and once with inAvail set to "-1" to alert encoder that EOF has been reached, to flush last
* remaining bytes (if not multiple of 3).
*
- *
Note: no padding is added when encoding using the URL-safe alphabet.
+ *
+ * Note: no padding is added when encoding using the URL-safe alphabet.
+ *
*
* Thanks to "commons" project in ws.apache.org for the bitwise operations, and general approach.
* https://svn.apache.org/repos/asf/webservices/commons/trunk/modules/util/
*
*
- * @param in
- * byte[] array of binary data to base64 encode.
- * @param inPos
- * Position to start reading data from.
- * @param inAvail
- * Amount of bytes available from input for encoding.
- * @param context
- * the context to be used
+ * @param in byte[] array of binary data to base64 encode.
+ * @param inPos Position to start reading data from.
+ * @param inAvail Amount of bytes available from input for encoding.
+ * @param context the context to be used
*/
@Override
void encode(final byte[] in, int inPos, final int inAvail, final Context context) {
@@ -582,9 +558,9 @@
final byte[] buffer = ensureBufferSize(encodeSize, context);
final int savedPos = context.pos;
switch (context.modulus) { // 0-2
- case 0 : // nothing to do here
+ case 0: // nothing to do here
break;
- case 1 : // 8 bits = 6 + 2
+ case 1: // 8 bits = 6 + 2
// top 6 bits:
buffer[context.pos++] = encodeTable[context.ibitWorkArea >> 2 & MASK_6BITS];
// remaining 2:
@@ -596,7 +572,7 @@
}
break;
- case 2 : // 16 bits = 6 + 6 + 4
+ case 2: // 16 bits = 6 + 6 + 4
buffer[context.pos++] = encodeTable[context.ibitWorkArea >> 10 & MASK_6BITS];
buffer[context.pos++] = encodeTable[context.ibitWorkArea >> 4 & MASK_6BITS];
buffer[context.pos++] = encodeTable[context.ibitWorkArea << 2 & MASK_6BITS];
@@ -606,8 +582,8 @@
}
break;
default:
- throw new IllegalStateException(sm.getString(
- "base64.impossibleModulus", Integer.valueOf(context.modulus)));
+ throw new IllegalStateException(
+ sm.getString("base64.impossibleModulus", Integer.valueOf(context.modulus)));
}
context.currentLinePos += context.pos - savedPos; // keep track of current line position
// if currentPos == 0 we are at the start of a line, so don't add CRLF
@@ -618,12 +594,12 @@
} else {
for (int i = 0; i < inAvail; i++) {
final byte[] buffer = ensureBufferSize(encodeSize, context);
- context.modulus = (context.modulus+1) % BYTES_PER_UNENCODED_BLOCK;
+ context.modulus = (context.modulus + 1) % BYTES_PER_UNENCODED_BLOCK;
int b = in[inPos++];
if (b < 0) {
b += 256;
}
- context.ibitWorkArea = (context.ibitWorkArea << 8) + b; // BITS_PER_BYTE
+ context.ibitWorkArea = (context.ibitWorkArea << 8) + b; // BITS_PER_BYTE
if (0 == context.modulus) { // 3 bytes = 24 bits = 4 * 6 bits to extract
buffer[context.pos++] = encodeTable[context.ibitWorkArea >> 18 & MASK_6BITS];
buffer[context.pos++] = encodeTable[context.ibitWorkArea >> 12 & MASK_6BITS];
@@ -643,8 +619,8 @@
/**
* Returns whether or not the {@code octet} is in the Base64 alphabet.
*
- * @param octet
- * The value to test
+ * @param octet The value to test
+ *
* @return {@code true} if the value is defined in the Base64 alphabet {@code false} otherwise.
*/
@Override
@@ -656,6 +632,7 @@
* Returns our current encode mode. True if we're URL-SAFE, false otherwise.
*
* @return true if we're in URL-SAFE mode, false otherwise.
+ *
* @since 1.4
*/
public boolean isUrlSafe() {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java tomcat10-10.1.52/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/codec/binary/BaseNCodec.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,7 +23,6 @@
/**
* Abstract superclass for Base-N encoders and decoders.
- *
*
* This class is thread-safe.
*
@@ -36,17 +35,16 @@
protected static final StringManager sm = StringManager.getManager(BaseNCodec.class);
/**
- * Holds thread context so classes can be thread-safe.
- *
- * This class is not itself thread-safe; each thread must allocate its own copy.
+ * Holds thread context so classes can be thread-safe. This class is not itself thread-safe; each thread must
+ * allocate its own copy.
*
* @since 1.7
*/
static class Context {
/**
- * Placeholder for the bytes we're dealing with for our based logic.
- * Bitwise operations store and extract the encoding or decoding from this variable.
+ * Placeholder for the bytes we're dealing with for our based logic. Bitwise operations store and extract the
+ * encoding or decoding from this variable.
*/
int ibitWorkArea;
@@ -72,8 +70,8 @@
boolean eof;
/**
- * Variable tracks how many characters have been written to the current line. Only used when encoding. We use
- * it to make sure each encoded line never goes beyond lineLength (if lineLength > 0).
+ * Variable tracks how many characters have been written to the current line. Only used when encoding. We use it
+ * to make sure each encoded line never goes beyond lineLength (if lineLength > 0).
*/
int currentLinePos;
@@ -91,9 +89,10 @@
@SuppressWarnings("boxing") // OK to ignore boxing here
@Override
public String toString() {
- return String.format("%s[buffer=%s, currentLinePos=%s, eof=%s, ibitWorkArea=%s, " +
- "modulus=%s, pos=%s, readPos=%s]", this.getClass().getSimpleName(), HexUtils.toHexString(buffer),
- currentLinePos, eof, ibitWorkArea, modulus, pos, readPos);
+ return String.format(
+ "%s[buffer=%s, currentLinePos=%s, eof=%s, ibitWorkArea=%s, " + "modulus=%s, pos=%s, readPos=%s]",
+ this.getClass().getSimpleName(), HexUtils.toHexString(buffer), currentLinePos, eof, ibitWorkArea,
+ modulus, pos, readPos);
}
}
@@ -105,8 +104,7 @@
static final int EOF = -1;
/**
- * MIME chunk size per RFC 2045 section 6.8.
- *
+ * MIME chunk size per RFC 2045 section 6.8.
*
* The {@value} character limit does not count the trailing CRLF, but counts all other characters, including any
* equal signs.
@@ -119,20 +117,18 @@
private static final int DEFAULT_BUFFER_RESIZE_FACTOR = 2;
/**
- * Defines the default buffer size - currently {@value}
- * - must be large enough for at least one encoded block+separator
+ * Defines the default buffer size - currently {@value} - must be large enough for at least one encoded
+ * block+separator
*/
private static final int DEFAULT_BUFFER_SIZE = 128;
/**
* The maximum size buffer to allocate.
- *
- *
This is set to the same size used in the JDK {@link java.util.ArrayList}:
- *
- * Some VMs reserve some header words in an array.
- * Attempts to allocate larger arrays may result in
- * OutOfMemoryError: Requested array size exceeds VM limit.
- *
+ *
+ * This is set to the same size used in the JDK {@link java.util.ArrayList}:
+ *
+ *
Some VMs reserve some header words in an array. Attempts to allocate larger arrays may result in
+ * OutOfMemoryError: Requested array size exceeds VM limit.
*/
private static final int MAX_BUFFER_SIZE = Integer.MAX_VALUE - 8;
@@ -149,15 +145,16 @@
*
* @see RFC 2045 section 2.1
*/
- static final byte[] CHUNK_SEPARATOR = {'\r', '\n'};
+ static final byte[] CHUNK_SEPARATOR = { '\r', '\n' };
/**
- * Create a positive capacity at least as large the minimum required capacity.
- * If the minimum capacity is negative then this throws an OutOfMemoryError as no array
- * can be allocated.
+ * Create a positive capacity at least as large the minimum required capacity. If the minimum capacity is negative
+ * then this throws an OutOfMemoryError as no array can be allocated.
*
* @param minCapacity the minimum capacity
+ *
* @return the capacity
+ *
* @throws OutOfMemoryError if the {@code minCapacity} is negative
*/
private static int createPositiveCapacity(final int minCapacity) {
@@ -178,9 +175,12 @@
/**
* Increases our buffer by the {@link #DEFAULT_BUFFER_RESIZE_FACTOR}.
- * @param context the context to be used
+ *
+ * @param context the context to be used
* @param minCapacity the minimum required capacity
+ *
* @return the resized byte[] buffer
+ *
* @throws OutOfMemoryError if the {@code minCapacity} is negative
*/
private static byte[] resizeBuffer(final Context context, final int minCapacity) {
@@ -209,8 +209,7 @@
private final int encodedBlockSize;
/**
- * Chunksize for encoding. Not used when decoding.
- * A value of zero or less implies no chunking of the encoded data.
+ * Chunksize for encoding. Not used when decoding. A value of zero or less implies no chunking of the encoded data.
* Rounded down to the nearest multiple of encodedBlockSize.
*/
protected final int lineLength;
@@ -221,31 +220,31 @@
private final int chunkSeparatorLength;
/**
- * Note {@code lineLength} is rounded down to the nearest multiple of the encoded block size.
- * If {@code chunkSeparatorLength} is zero, then chunking is disabled.
+ * Note {@code lineLength} is rounded down to the nearest multiple of the encoded block size. If
+ * {@code chunkSeparatorLength} is zero, then chunking is disabled.
*
- * @param unencodedBlockSize the size of an unencoded block (e.g. Base64 = 3)
- * @param encodedBlockSize the size of an encoded block (e.g. Base64 = 4)
- * @param lineLength if > 0, use chunking with a length {@code lineLength}
+ * @param unencodedBlockSize the size of an unencoded block (e.g. Base64 = 3)
+ * @param encodedBlockSize the size of an encoded block (e.g. Base64 = 4)
+ * @param lineLength if > 0, use chunking with a length {@code lineLength}
* @param chunkSeparatorLength the chunk separator length, if relevant
*/
- protected BaseNCodec(final int unencodedBlockSize, final int encodedBlockSize,
- final int lineLength, final int chunkSeparatorLength) {
+ protected BaseNCodec(final int unencodedBlockSize, final int encodedBlockSize, final int lineLength,
+ final int chunkSeparatorLength) {
this(unencodedBlockSize, encodedBlockSize, lineLength, chunkSeparatorLength, PAD_DEFAULT);
}
/**
- * Note {@code lineLength} is rounded down to the nearest multiple of the encoded block size.
- * If {@code chunkSeparatorLength} is zero, then chunking is disabled.
+ * Note {@code lineLength} is rounded down to the nearest multiple of the encoded block size. If
+ * {@code chunkSeparatorLength} is zero, then chunking is disabled.
*
- * @param unencodedBlockSize the size of an unencoded block (e.g. Base64 = 3)
- * @param encodedBlockSize the size of an encoded block (e.g. Base64 = 4)
- * @param lineLength if > 0, use chunking with a length {@code lineLength}
+ * @param unencodedBlockSize the size of an unencoded block (e.g. Base64 = 3)
+ * @param encodedBlockSize the size of an encoded block (e.g. Base64 = 4)
+ * @param lineLength if > 0, use chunking with a length {@code lineLength}
* @param chunkSeparatorLength the chunk separator length, if relevant
- * @param pad byte used as padding byte.
+ * @param pad byte used as padding byte.
*/
- protected BaseNCodec(final int unencodedBlockSize, final int encodedBlockSize,
- final int lineLength, final int chunkSeparatorLength, final byte pad) {
+ protected BaseNCodec(final int unencodedBlockSize, final int encodedBlockSize, final int lineLength,
+ final int chunkSeparatorLength, final byte pad) {
this.unencodedBlockSize = unencodedBlockSize;
this.encodedBlockSize = encodedBlockSize;
final boolean useChunking = lineLength > 0 && chunkSeparatorLength > 0;
@@ -258,19 +257,19 @@
* Returns the amount of buffered data available for reading.
*
* @param context the context to be used
+ *
* @return The amount of buffered data available for reading.
*/
- int available(final Context context) { // package protected for access from I/O streams
+ int available(final Context context) { // package protected for access from I/O streams
return hasData(context) ? context.pos - context.readPos : 0;
}
/**
- * Tests a given byte array to see if it contains any characters within the alphabet or PAD.
+ * Tests a given byte array to see if it contains any characters within the alphabet or PAD. Intended for use in
+ * checking line-ending arrays
*
- * Intended for use in checking line-ending arrays
+ * @param arrayOctet byte array to test
*
- * @param arrayOctet
- * byte array to test
* @return {@code true} if any byte is a valid character in the alphabet or PAD; {@code false} otherwise
*/
protected boolean containsAlphabetOrPad(final byte[] arrayOctet) {
@@ -288,8 +287,8 @@
/**
* Decodes a byte[] containing characters in the Base-N alphabet.
*
- * @param pArray
- * A byte array containing Base-N character data
+ * @param pArray A byte array containing Base-N character data
+ *
* @return a byte array containing binary data
*/
public byte[] decode(final byte[] pArray) {
@@ -314,8 +313,8 @@
/**
* Decodes a String containing characters in the Base-N alphabet.
*
- * @param pArray
- * A String containing Base-N character data
+ * @param pArray A String containing Base-N character data
+ *
* @return a byte array containing binary data
*/
public byte[] decode(final String pArray) {
@@ -325,8 +324,8 @@
/**
* Encodes a byte[] containing binary data, into a byte[] containing characters in the alphabet.
*
- * @param pArray
- * a byte array containing binary data
+ * @param pArray a byte array containing binary data
+ *
* @return A byte array containing only the base N alphabetic character data
*/
public byte[] encode(final byte[] pArray) {
@@ -337,16 +336,14 @@
}
/**
- * Encodes a byte[] containing binary data, into a byte[] containing
- * characters in the alphabet.
+ * Encodes a byte[] containing binary data, into a byte[] containing characters in the alphabet.
+ *
+ * @param pArray a byte array containing binary data
+ * @param offset initial offset of the subarray.
+ * @param length length of the subarray.
*
- * @param pArray
- * a byte array containing binary data
- * @param offset
- * initial offset of the subarray.
- * @param length
- * length of the subarray.
* @return A byte array containing only the base N alphabetic character data
+ *
* @since 1.11
*/
public byte[] encode(final byte[] pArray, final int offset, final int length) {
@@ -365,32 +362,35 @@
abstract void encode(byte[] pArray, int i, int length, Context context);
/**
- * Encodes a byte[] containing binary data, into a String containing characters in the appropriate alphabet.
- * Uses UTF8 encoding.
+ * Encodes a byte[] containing binary data, into a String containing characters in the appropriate alphabet. Uses
+ * UTF8 encoding.
*
* @param pArray a byte array containing binary data
+ *
* @return String containing only character data in the appropriate alphabet.
+ *
* @since 1.5
- */
- public String encodeAsString(final byte[] pArray){
+ */
+ public String encodeAsString(final byte[] pArray) {
return StringUtils.newStringUtf8(encode(pArray));
}
/**
* Ensure that the buffer has room for {@code size} bytes
*
- * @param size minimum spare space required
+ * @param size minimum spare space required
* @param context the context to be used
+ *
* @return the buffer
*/
- protected byte[] ensureBufferSize(final int size, final Context context){
+ protected byte[] ensureBufferSize(final int size, final Context context) {
if (context.buffer == null) {
context.buffer = new byte[Math.max(size, getDefaultBufferSize())];
context.pos = 0;
context.readPos = 0;
// Overflow-conscious:
- // x + y > z == x + y - z > 0
+ // x + y > z == x + y - z > 0
} else if (context.pos + size - context.buffer.length > 0) {
return resizeBuffer(context, context.pos + size);
}
@@ -411,16 +411,16 @@
*
* @param pArray byte[] array which will later be encoded
*
- * @return amount of space needed to encode the supplied array.
- * Returns a long since a max-len array will require > Integer.MAX_VALUE
+ * @return amount of space needed to encode the supplied array. Returns a long since a max-len array will require
+ * > Integer.MAX_VALUE
*/
public long getEncodedLength(final byte[] pArray) {
// Calculate non-chunked size - rounded up to allow for padding
// cast to long is needed to avoid possibility of overflow
- long len = (pArray.length + unencodedBlockSize-1) / unencodedBlockSize * (long) encodedBlockSize;
+ long len = (pArray.length + unencodedBlockSize - 1) / unencodedBlockSize * (long) encodedBlockSize;
if (lineLength > 0) { // We're using chunking
// Round up to nearest multiple
- len += (len + lineLength-1) / lineLength * chunkSeparatorLength;
+ len += (len + lineLength - 1) / lineLength * chunkSeparatorLength;
}
return len;
}
@@ -429,15 +429,15 @@
* Returns true if this object has buffered data for reading.
*
* @param context the context to be used
+ *
* @return true if there is data still available for reading.
*/
- boolean hasData(final Context context) { // package protected for access from I/O streams
+ boolean hasData(final Context context) { // package protected for access from I/O streams
return context.pos > context.readPos;
}
/**
- * Returns whether or not the {@code octet} is in the current alphabet.
- * Does not allow whitespace or pad.
+ * Returns whether or not the {@code octet} is in the current alphabet. Does not allow whitespace or pad.
*
* @param value The value to test
*
@@ -452,14 +452,11 @@
* Package private for access from I/O streams.
*
*
- * @param b
- * byte[] array to extract the buffered data into.
- * @param bPos
- * position in byte[] array to start extraction at.
- * @param bAvail
- * amount of bytes we're allowed to extract. We may extract fewer (if fewer are available).
- * @param context
- * the context to be used
+ * @param b byte[] array to extract the buffered data into.
+ * @param bPos position in byte[] array to start extraction at.
+ * @param bAvail amount of bytes we're allowed to extract. We may extract fewer (if fewer are available).
+ * @param context the context to be used
+ *
* @return The number of bytes successfully extracted into the provided byte[] array.
*/
int readResults(final byte[] b, final int bPos, final int bAvail, final Context context) {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/codec/binary/StringUtils.java tomcat10-10.1.52/java/org/apache/tomcat/util/codec/binary/StringUtils.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/codec/binary/StringUtils.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/codec/binary/StringUtils.java 2026-01-23 19:33:36.000000000 +0000
@@ -23,11 +23,13 @@
* Converts String to and from bytes using the encodings required by the Java specification. These encodings are
* specified in
* Standard charsets.
- *
- *
This class is immutable and thread-safe.
+ *
+ * This class is immutable and thread-safe.
+ *
*
* @see Charset
* @see StandardCharsets
+ *
* @since 1.4
*
* @deprecated Unused. This class will be removed in Tomcat 11 onwards.
@@ -38,10 +40,9 @@
/**
* Calls {@link String#getBytes(Charset)}
*
- * @param string
- * The string to encode (if null, return null).
- * @param charset
- * The {@link Charset} to encode the {@code String}
+ * @param string The string to encode (if null, return null).
+ * @param charset The {@link Charset} to encode the {@code String}
+ *
* @return the encoded bytes
*/
private static byte[] getBytes(final String string, final Charset charset) {
@@ -52,13 +53,15 @@
* Encodes the given string into a sequence of bytes using the UTF-8 charset, storing the result into a new byte
* array.
*
- * @param string
- * the String to encode, may be {@code null}
+ * @param string the String to encode, may be {@code null}
+ *
* @return encoded bytes, or {@code null} if the input string was {@code null}
- * @throws NullPointerException
- * Thrown if {@link StandardCharsets#UTF_8} is not initialized, which should never happen
- * since it is required by the Java platform specification.
+ *
+ * @throws NullPointerException Thrown if {@link StandardCharsets#UTF_8} is not initialized, which should never
+ * happen since it is required by the Java platform specification.
+ *
* @since As of 1.7, throws {@link NullPointerException} instead of UnsupportedEncodingException
+ *
* @see Charset
*/
public static byte[] getBytesUtf8(final String string) {
@@ -68,14 +71,13 @@
/**
* Constructs a new {@code String} by decoding the specified array of bytes using the given charset.
*
- * @param bytes
- * The bytes to be decoded into characters
- * @param charset
- * The {@link Charset} to encode the {@code String}; not {@code null}
- * @return A new {@code String} decoded from the specified array of bytes using the given charset,
- * or {@code null} if the input byte array was {@code null}.
- * @throws NullPointerException
- * Thrown if charset is {@code null}
+ * @param bytes The bytes to be decoded into characters
+ * @param charset The {@link Charset} to encode the {@code String}; not {@code null}
+ *
+ * @return A new {@code String} decoded from the specified array of bytes using the given charset, or {@code null}
+ * if the input byte array was {@code null}.
+ *
+ * @throws NullPointerException Thrown if charset is {@code null}
*/
private static String newString(final byte[] bytes, final Charset charset) {
return bytes == null ? null : new String(bytes, charset);
@@ -84,13 +86,14 @@
/**
* Constructs a new {@code String} by decoding the specified array of bytes using the US-ASCII charset.
*
- * @param bytes
- * The bytes to be decoded into characters
- * @return A new {@code String} decoded from the specified array of bytes using the US-ASCII charset,
- * or {@code null} if the input byte array was {@code null}.
- * @throws NullPointerException
- * Thrown if {@link StandardCharsets#US_ASCII} is not initialized, which should never happen
- * since it is required by the Java platform specification.
+ * @param bytes The bytes to be decoded into characters
+ *
+ * @return A new {@code String} decoded from the specified array of bytes using the US-ASCII charset, or
+ * {@code null} if the input byte array was {@code null}.
+ *
+ * @throws NullPointerException Thrown if {@link StandardCharsets#US_ASCII} is not initialized, which should never
+ * happen since it is required by the Java platform specification.
+ *
* @since As of 1.7, throws {@link NullPointerException} instead of UnsupportedEncodingException
*/
public static String newStringUsAscii(final byte[] bytes) {
@@ -100,13 +103,14 @@
/**
* Constructs a new {@code String} by decoding the specified array of bytes using the UTF-8 charset.
*
- * @param bytes
- * The bytes to be decoded into characters
- * @return A new {@code String} decoded from the specified array of bytes using the UTF-8 charset,
- * or {@code null} if the input byte array was {@code null}.
- * @throws NullPointerException
- * Thrown if {@link StandardCharsets#UTF_8} is not initialized, which should never happen since it is
- * required by the Java platform specification.
+ * @param bytes The bytes to be decoded into characters
+ *
+ * @return A new {@code String} decoded from the specified array of bytes using the UTF-8 charset, or {@code null}
+ * if the input byte array was {@code null}.
+ *
+ * @throws NullPointerException Thrown if {@link StandardCharsets#UTF_8} is not initialized, which should never
+ * happen since it is required by the Java platform specification.
+ *
* @since As of 1.7, throws {@link NullPointerException} instead of UnsupportedEncodingException
*/
public static String newStringUtf8(final byte[] bytes) {
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/codec/binary/package-info.java tomcat10-10.1.52/java/org/apache/tomcat/util/codec/binary/package-info.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/codec/binary/package-info.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/codec/binary/package-info.java 2026-01-23 19:33:36.000000000 +0000
@@ -16,8 +16,6 @@
*/
/**
- * Base64 String encoding and decoding.
- *
- * Unused. This package will be removed in Tomcat 11 onwards.
+ * Base64 String encoding and decoding. Unused. This package will be removed in Tomcat 11 onwards.
*/
package org.apache.tomcat.util.codec.binary;
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/collections/CaseInsensitiveKeyMap.java tomcat10-10.1.52/java/org/apache/tomcat/util/collections/CaseInsensitiveKeyMap.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/collections/CaseInsensitiveKeyMap.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/collections/CaseInsensitiveKeyMap.java 2026-01-23 19:33:36.000000000 +0000
@@ -27,11 +27,9 @@
import org.apache.tomcat.util.res.StringManager;
/**
- * A Map implementation that uses case-insensitive (using {@link
- * Locale#ENGLISH}) strings as keys.
+ * A Map implementation that uses case-insensitive (using {@link Locale#ENGLISH}) strings as keys.
*
- * Keys must be instances of {@link String}. Note that this means that
- * null keys are not permitted.
+ * Keys must be instances of {@link String}. Note that this means that null keys are not permitted.
*
* This implementation is not thread-safe.
*
@@ -39,8 +37,7 @@
*/
public class CaseInsensitiveKeyMap extends AbstractMap {
- private static final StringManager sm =
- StringManager.getManager(CaseInsensitiveKeyMap.class);
+ private static final StringManager sm = StringManager.getManager(CaseInsensitiveKeyMap.class);
private final Map map = new HashMap<>();
@@ -64,12 +61,11 @@
/**
* {@inheritDoc}
*
- * Use this method with caution. If the input Map contains duplicate
- * keys when the keys are compared in a case-insensitive manner then some
- * values will be lost when inserting via this method.
+ * Use this method with caution. If the input Map contains duplicate keys when the keys are compared in a
+ * case-insensitive manner then some values will be lost when inserting via this method.
*/
@Override
- public void putAll(Map m) {
+ public void putAll(Map m) {
super.putAll(m);
}
@@ -87,7 +83,7 @@
@Override
- public Set> entrySet() {
+ public Set> entrySet() {
return new EntrySet<>(map.entrySet());
}
@@ -126,8 +122,8 @@
}
@Override
- public Entry next() {
- Entry entry = iterator.next();
+ public Entry next() {
+ Entry entry = iterator.next();
return new EntryImpl<>(entry.getKey().getKey(), entry.getValue());
}
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/collections/ConcurrentCache.java tomcat10-10.1.52/java/org/apache/tomcat/util/collections/ConcurrentCache.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/collections/ConcurrentCache.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/collections/ConcurrentCache.java 2026-01-23 19:33:36.000000000 +0000
@@ -20,7 +20,7 @@
import java.util.WeakHashMap;
import java.util.concurrent.ConcurrentHashMap;
-public final class ConcurrentCache {
+public final class ConcurrentCache {
private final int size;
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/collections/ConcurrentLruCache.java tomcat10-10.1.52/java/org/apache/tomcat/util/collections/ConcurrentLruCache.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/collections/ConcurrentLruCache.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/collections/ConcurrentLruCache.java 2026-01-23 19:33:36.000000000 +0000
@@ -76,7 +76,7 @@
if (oldMap != null) {
map.putAll(oldMap);
}
- } else {
+ } else {
map = null;
}
}
@@ -94,7 +94,7 @@
}
- private static class LimitedLinkedHashMap extends LinkedHashMap {
+ private static class LimitedLinkedHashMap extends LinkedHashMap {
private static final long serialVersionUID = 1L;
private final int limit;
diff -Nru tomcat10-10.1.40/java/org/apache/tomcat/util/collections/ManagedConcurrentWeakHashMap.java tomcat10-10.1.52/java/org/apache/tomcat/util/collections/ManagedConcurrentWeakHashMap.java
--- tomcat10-10.1.40/java/org/apache/tomcat/util/collections/ManagedConcurrentWeakHashMap.java 2025-04-01 18:12:59.000000000 +0000
+++ tomcat10-10.1.52/java/org/apache/tomcat/util/collections/ManagedConcurrentWeakHashMap.java 2026-01-23 19:33:36.000000000 +0000
@@ -30,23 +30,20 @@
import java.util.concurrent.ConcurrentMap;
/**
- * Concurrent hash map that holds its keys via weak references. Unlike
- * WeakHashMap this class does not handle dead keys during common
- * access operations, but expects you to call its {@link #maintain()} method
+ * Concurrent hash map that holds its keys via weak references. Unlike WeakHashMap this class does not
+ * handle dead keys during common access operations, but expects you to call its {@link #maintain()} method
* periodically. Both keys and values are expected to be not-null.
*
* @param The type of keys used with the Map instance
* @param The type of values used with the Map instance
*/
-public class ManagedConcurrentWeakHashMap extends AbstractMap implements
- ConcurrentMap {
+public class ManagedConcurrentWeakHashMap extends AbstractMap implements ConcurrentMap {
- private final ConcurrentMap map = new ConcurrentHashMap<>();
+ private final ConcurrentMap map = new ConcurrentHashMap<>();
private final ReferenceQueue