• last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
- Revert previous patch, which aims at supporting toy webdav clients.
    • -177
    • +166
    ./servlets/WebdavServlet.java
- Drop teminate call.
- Port CGI updates.
- CSRF update.
- 49779: Interaction between continue and FORM.
    • -2
    • +12
    ./authenticator/FormAuthenticator.java
  1. … 1 more file in changeset.
- Improve session id creation.

- Add a master SecureRandom in Service.

- Add local SecureRandom providers seeded with the master SecureRandom in the Request.

- Port session id hashing and alphabet from AS 6 (which will need a little refactoring).

    • -1
    • +1
    ./authenticator/AuthenticatorBase.java
    • -13
    • +1
    ./session/PersistentManagerBase.java
  1. … 2 more files in changeset.
- Don't default to ContextConfig.
- JBAS-8571: Allow a Servlet 3 login to reauthenticate.
    • -1
    • +2
    ./authenticator/SingleSignOnEntry.java
  1. … 1 more file in changeset.
- JBAS-8579: Should default to JSP for body content.

- Cosmetic.

  1. … 4 more files in changeset.
- Add a system property for the cross context default.
- JBWEB-187: Avoid NPE since the "flag" is set too late.
- Dynamic host add/remove was not working so well ...
- The session id is valid for the entire vhost, so the check is not useful.
Add the ability to allow rewriting URLs for other contexts for [JBWEB-181].
- Add a lifecycle event for finer thread association management during start/stop of a webapp.
- Port a patch: add back a fix I had reverted years ago.
  1. … 1 more file in changeset.
- Add a null check to make JF happy.
- Drop useless stuff which could cause some NPEs from HostConfig.
- Add SSO HttpOnly. The SSO valve could use a full SessionCookie config, but this would need custom config.

Not nice.

    • -0
    • +4
    ./authenticator/AuthenticatorBase.java
- Port webdav fix.
    • -166
    • +177
    ./servlets/WebdavServlet.java
  1. … 1 more file in changeset.
- Disable SSI exec by default.
  1. … 2 more files in changeset.
- Port the fileupload update.
  1. … 31 more files in changeset.
- Port mod_expires filter.

- CSRF filter fixes.

    • -2
    • +52
    ./filters/CsrfPreventionFilter.java
    • -0
    • +1569
    ./filters/ExpiresFilter.java
  1. … 1 more file in changeset.
- Drop unused arbitrary value.
- 49613: Improve SSL attributes access performance when repeatedly accessing them if some are null.

- Move certificate chain retrieval to the request.

  1. … 1 more file in changeset.
- And only set it if it is null, just in case ...
- If the user has configured an Authenticator valve manually, call setAuthenticator.
- If timeout does nothing, set a 500 status. (read on the Tomcat list)
- Port CSRF filter updates.
    • -8
    • +84
    ./filters/CsrfPreventionFilter.java
  1. … 1 more file in changeset.
- NPE fix in chunk with no data edge case.
  1. … 1 more file in changeset.