You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2014/04/27 20:43:59 UTC

svn commit: r1590451 - in /tomcat/trunk/webapps/docs: changelog.xml config/valve.xml security-howto.xml

Author: kkolinko
Date: Sun Apr 27 18:43:58 2014
New Revision: 1590451

URL: http://svn.apache.org/r1590451
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56383
Document the new feature on the "security HowTO" page.
Move error valve documentation lower in the valves list
(access log valves and access control valves should be the first ones there).

Modified:
    tomcat/trunk/webapps/docs/changelog.xml
    tomcat/trunk/webapps/docs/config/valve.xml
    tomcat/trunk/webapps/docs/security-howto.xml

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1590451&r1=1590450&r2=1590451&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Sun Apr 27 18:43:58 2014
@@ -110,7 +110,7 @@
       <add>
         <bug>56383</bug>: Properties for disabling server information and error
         report are added to the <code>org.apache.catalina.valves.ErrorReportValve</code>.
-        Based on the patch provided by Nick Bunn. (violetagg)
+        Based on the patch provided by Nick Bunn. (violetagg/kkolinko)
       </add>
       <fix>
         <bug>56390</bug>: Fix JAR locking issue with JARs containing TLDs and

Modified: tomcat/trunk/webapps/docs/config/valve.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1590451&r1=1590450&r2=1590451&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/trunk/webapps/docs/config/valve.xml Sun Apr 27 18:43:58 2014
@@ -339,54 +339,6 @@
 </section>
 
 
-<section name="Error Report Valve">
-
-  <subsection name="Introduction">
-
-    <p>The <strong>Error Report Valve</strong> is a simple error handler
-    for HTTP status codes that will generate and return HTML error pages.</p>
-
-    <p><strong>NOTE:</strong> Disabling both showServerInfo and showReport will
-    only return the HTTP status code and remove all CSS.</p>
-
-  </subsection>
-
-  <subsection name="Attributes">
-
-    <p>The <strong>Error Report Valve</strong> supports the following
-    configuration attributes:</p>
-
-    <attributes>
-
-      <attribute name="className" required="true">
-        <p>Java class name of the implementation to use.  This MUST be set to
-        <strong>org.apache.catalina.valves.ErrorReportValve</strong> to use the
-        default error report valve.</p>
-      </attribute>
-
-      <attribute name="showReport" required="false">
-        <p>Flag to determine if the error report is presented when an error occurs.
-           If set to <code>false</code>, then the error report is not in
-           the HTML response.
-           Default value: <code>true</code>
-        </p>
-      </attribute>
-
-      <attribute name="showServerInfo" required="false">
-        <p>Flag to determine if server information is presented when an error occurs.
-           If set to <code>false</code>, then the server version is not returned in
-           the HTML response.
-           Default value: <code>true</code>
-        </p>
-      </attribute>
-
-    </attributes>
-
-  </subsection>
-
-</section>
-
-
 <section name="Extended Access Log Valve">
 
   <subsection name="Introduction">
@@ -640,6 +592,54 @@
 </section>
 
 
+<section name="Error Report Valve">
+
+  <subsection name="Introduction">
+
+    <p>The <strong>Error Report Valve</strong> is a simple error handler
+    for HTTP status codes that will generate and return HTML error pages.</p>
+
+    <p><strong>NOTE:</strong> Disabling both showServerInfo and showReport will
+    only return the HTTP status code and remove all CSS.</p>
+
+  </subsection>
+
+  <subsection name="Attributes">
+
+    <p>The <strong>Error Report Valve</strong> supports the following
+    configuration attributes:</p>
+
+    <attributes>
+
+      <attribute name="className" required="true">
+        <p>Java class name of the implementation to use.  This MUST be set to
+        <strong>org.apache.catalina.valves.ErrorReportValve</strong> to use the
+        default error report valve.</p>
+      </attribute>
+
+      <attribute name="showReport" required="false">
+        <p>Flag to determine if the error report is presented when an error
+           occurs. If set to <code>false</code>, then the error report is not in
+           the HTML response.
+           Default value: <code>true</code>
+        </p>
+      </attribute>
+
+      <attribute name="showServerInfo" required="false">
+        <p>Flag to determine if server information is presented when an error
+           occurs. If set to <code>false</code>, then the server version is not
+           returned in the HTML response.
+           Default value: <code>true</code>
+        </p>
+      </attribute>
+
+    </attributes>
+
+  </subsection>
+
+</section>
+
+
 <section name="Single Sign On Valve">
 
   <subsection name="Introduction">

Modified: tomcat/trunk/webapps/docs/security-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-howto.xml?rev=1590451&r1=1590450&r2=1590451&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/security-howto.xml (original)
+++ tomcat/trunk/webapps/docs/security-howto.xml Sun Apr 27 18:43:58 2014
@@ -348,8 +348,10 @@
 
       <p>The default ErrorReportValve includes the Tomcat version number in the
       response sent to clients. To avoid this, custom error handling can be
-      configured within each web application. Alternatively, the version number
-      can be changed by creating the file
+      configured within each web application. Alternatively, you can explicitly
+      configure an <a href="config/valve.html">ErrorReportValve</a> and set its
+      <strong>showServerInfo</strong> attribute to <code>false</code>.
+      Alternatively, the version number can be changed by creating the file
       CATALINA_BASE/lib/org/apache/catalina/util/ServerInfo.properties with
       content as follows:</p>
       <source>server.info=Apache Tomcat/<version-major-minor/>.x</source>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org