• last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
[JBWEB-258] Ensure concurrent requests that require DIGEST auth receive unique nonces
    • -0
    • +15
    ./authenticator/DigestAuthenticator.java
  1. … 2 more files in changeset.
BZ1175380: Add hack to filter out some events, submitted by Aaron Ogburn.
[BZ-1126490] create session prior to Digest 401 so loadbalancers can maintain stickiness
    • -0
    • +3
    ./authenticator/DigestAuthenticator.java
Add missing patch for CVE-2014-0119, although it is hard to tell if it can be used in AS.
  1. … 1 more file in changeset.
Related to BZ1100491: Switch to the Tomcat style for IO writes with the NIO2 connector for better reliability and results. Avoid some deadlocks caused by excessive locking.
  1. … 4 more files in changeset.
Port fixes for CVE-2014-0119 (low) and CVE-2014-0096: Issue using global XSLT in the default servlet (not used in EAP), and leak issue using XML parsing in Jasper.
    • -30
    • +196
    ./servlets/DefaultServlet.java
  1. … 5 more files in changeset.
BZ1100486: Try again, make sure there's no keepalive after an upgraded connection processing.
BZ1100486: Try to resolve a discrepancy with Tomcat's behavior, since in the websocket implementation nothing will actually close the connection, only the streams will be closed (where they just close the socket). So try the usual close.
BZ1091849: Switch back the default connector to java.io.
Avoid pointless NPEs after recycle.
Remove a number of setCCL since in web they are called from the regular servlet stack.
  1. … 1 more file in changeset.
Oops.
Obvious cleanup: don't wrap as an IOE if already a meaningful IOE.
BZ1027272 (part 1): Attempt to set the CCL and thread binding when expiring sessions from other contexts.
    • -1
    • +106
    ./authenticator/SingleSignOn.java
Andiamo.
  1. … 4 more files in changeset.
Port the alwaysUseSession option from Tomcat, disabled by default (as in Tomcat).
    • -4
    • +22
    ./authenticator/AuthenticatorBase.java
  1. … 1 more file in changeset.
Reset the (kinda new) EOF flag when restoring the request body.
    • -7
    • +2
    ./authenticator/FormAuthenticator.java
BZ 1030050: Sync some changes that offer more flexibility (in addition to using createInputStream which allows using a reader for the restored request).
    • -57
    • +67
    ./authenticator/FormAuthenticator.java
JBWEB-282: Change cache to concurrent hash map due to concurrent startup.
  1. … 1 more file in changeset.
- If upgrading, discard the IS and OS, the examples are not doing cleanup well enough.
- Some exception reporting.

- Be careful about using processChannel.

  1. … 6 more files in changeset.
- Refactor the non blocking mode of the NIO2 connector.

- Some debug code remains.

  1. … 6 more files in changeset.
Add an explicit flush when completing a real write.
  1. … 1 more file in changeset.
- Add Servlet 3.1 IO API from Tomcat 7.

- Port Websockets 1.0 from Tomcat 7.

- No Websockets 1.0 testing yet (but no apparent regression for the usual Servlet functionality).

    • -3
    • +13
    ./connector/CoyoteOutputStream.java
  1. … 96 more files in changeset.
For EAP 6.3.
    • -0
    • +184
    ./valves/RequestDumperValve.java
    • -0
    • +201
    ./core/StandardContextValve.java
  1. … 1011 more files in changeset.