You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "Ate Douma (JIRA)" <je...@portals.apache.org> on 2011/09/14 14:51:09 UTC
[jira] [Created] (JS2-1255) Update Jetspeed demo and installer to
use latest Tomcat 7.x version for hardened security
Update Jetspeed demo and installer to use latest Tomcat 7.x version for hardened security
-----------------------------------------------------------------------------------------
Key: JS2-1255
URL: https://issues.apache.org/jira/browse/JS2-1255
Project: Jetspeed 2
Issue Type: Improvement
Affects Versions: 2.2.1
Reporter: Ate Douma
Fix For: 2.2.2
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] [Updated] (JS2-1255) Update Jetspeed demo and installer to
use latest Tomcat 6.x version for hardened security
Posted by "Ate Douma (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ate Douma updated JS2-1255:
---------------------------
Summary: Update Jetspeed demo and installer to use latest Tomcat 6.x version for hardened security (was: Update Jetspeed demo and installer to use latest Tomcat 7.x version for hardened security)
> Update Jetspeed demo and installer to use latest Tomcat 6.x version for hardened security
> -----------------------------------------------------------------------------------------
>
> Key: JS2-1255
> URL: https://issues.apache.org/jira/browse/JS2-1255
> Project: Jetspeed 2
> Issue Type: Improvement
> Affects Versions: 2.2.1
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2.2
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] [Resolved] (JS2-1255) Update Jetspeed demo and installer to
use latest Tomcat 6.x version for hardened security
Posted by "Ate Douma (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ate Douma resolved JS2-1255.
----------------------------
Resolution: Fixed
> Update Jetspeed demo and installer to use latest Tomcat 6.x version for hardened security
> -----------------------------------------------------------------------------------------
>
> Key: JS2-1255
> URL: https://issues.apache.org/jira/browse/JS2-1255
> Project: Jetspeed 2
> Issue Type: Improvement
> Affects Versions: 2.2.1
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2.2
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] [Resolved] (JS2-1255) Update Jetspeed demo and installer to
use latest Tomcat 7.x version for hardened security
Posted by "Ate Douma (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ate Douma resolved JS2-1255.
----------------------------
Resolution: Fixed
Done.
Installer now bundles Tomcat 7.0.21 and Tomcat 7 is now the default deploy target
> Update Jetspeed demo and installer to use latest Tomcat 7.x version for hardened security
> -----------------------------------------------------------------------------------------
>
> Key: JS2-1255
> URL: https://issues.apache.org/jira/browse/JS2-1255
> Project: Jetspeed 2
> Issue Type: Improvement
> Affects Versions: 2.2.1
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2.2
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] [Assigned] (JS2-1255) Update Jetspeed demo and installer to
use latest Tomcat 7.x version for hardened security
Posted by "Ate Douma (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ate Douma reassigned JS2-1255:
------------------------------
Assignee: Ate Douma
> Update Jetspeed demo and installer to use latest Tomcat 7.x version for hardened security
> -----------------------------------------------------------------------------------------
>
> Key: JS2-1255
> URL: https://issues.apache.org/jira/browse/JS2-1255
> Project: Jetspeed 2
> Issue Type: Improvement
> Affects Versions: 2.2.1
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2.2
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] [Commented] (JS2-1255) Update Jetspeed demo and installer to
use latest Tomcat 7.x version for hardened security
Posted by "David Sean Taylor (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13104722#comment-13104722 ]
David Sean Taylor commented on JS2-1255:
----------------------------------------
The build also needs to support Tomcat 7 as a valid option for org.apache.jetspeed.catalina.version.major
> Update Jetspeed demo and installer to use latest Tomcat 7.x version for hardened security
> -----------------------------------------------------------------------------------------
>
> Key: JS2-1255
> URL: https://issues.apache.org/jira/browse/JS2-1255
> Project: Jetspeed 2
> Issue Type: Improvement
> Affects Versions: 2.2.1
> Reporter: Ate Douma
> Fix For: 2.2.2
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] [Reopened] (JS2-1255) Update Jetspeed demo and installer to
use latest Tomcat 7.x version for hardened security
Posted by "Ate Douma (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ate Douma reopened JS2-1255:
----------------------------
I encountered some issues while testing with Tomcat 7, so I think is not trustable enough yet to use as default/demo Tomcat version.
I'll update this issue (including title) and downgrade the installer to latest Tomcat 6.x (6.0.33)
> Update Jetspeed demo and installer to use latest Tomcat 7.x version for hardened security
> -----------------------------------------------------------------------------------------
>
> Key: JS2-1255
> URL: https://issues.apache.org/jira/browse/JS2-1255
> Project: Jetspeed 2
> Issue Type: Improvement
> Affects Versions: 2.2.1
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2.2
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] [Commented] (JS2-1255) Update Jetspeed demo and installer to
use latest Tomcat 7.x version for hardened security
Posted by "Ate Douma (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13106650#comment-13106650 ]
Ate Douma commented on JS2-1255:
--------------------------------
I found the problem of the above NPE and fixed it already, see: JS2-1257
Everything else seems to be working as expected now, so I'll commence with committing my above proposed changes, including dropping support for Tomcat 5.x as so far nobody objected.
> Update Jetspeed demo and installer to use latest Tomcat 7.x version for hardened security
> -----------------------------------------------------------------------------------------
>
> Key: JS2-1255
> URL: https://issues.apache.org/jira/browse/JS2-1255
> Project: Jetspeed 2
> Issue Type: Improvement
> Affects Versions: 2.2.1
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2.2
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] [Commented] (JS2-1255) Update Jetspeed demo and installer to
use latest Tomcat 7.x version for hardened security
Posted by "Ate Douma (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13105075#comment-13105075 ]
Ate Douma commented on JS2-1255:
--------------------------------
Agreed.
Actually, I was thinking if it maybe is time to drop Tomcat 5.x support and make Tomcat 7 the default (that is: if/when it properly works with Jetspeed, see below).
The Tomcat 6 and Tomcat 7 deployment configurations actually are the same, so doing the above would simply "collapse" our maven deploy plugin configuration and behavior into a singular one.
I've already played with this a bit trying to get it to work, and it actually turned out to be pretty trivial changes.
One specific, and major, configuration change however is required for upgrading to Tomcat 7: the server.xml connector emptySessionPath="true" attribute no longer is supported!
I discovered this while working on a similar upgrade for Pluto, see PLUTO-611
But also for this, the "fix" is pretty trivial: now a new attribute sessionCookiePath="/" needs to be configured instead on the root Context in $CATALINA_HOME/conf/context.xml
See: http://tomcat.apache.org/migration.html#Session_cookie_configuration
Once I did these, building and deploying to Tomcat 7.0.21 worked without a problem, including through a jetspeed-installer build.
However...
We have a new and more serious technical problem: (only) when trying to login on Jetspeed, the PortalSessionsManagerImpl now throws a NPE for every portlet render:
java.lang.NullPointerException
at org.apache.jetspeed.container.session.PortalSessionsManagerImpl.checkMonitorSession(PortalSessionsManagerImpl.java:226)
at org.apache.jetspeed.container.JetspeedContainerServlet.doGet(JetspeedContainerServlet.java:395)
This I haven't had time to look into yet, but it seems like Tomcat 7 is "twisting" the session/cookie handling after login in some way.
I'll try to figure out what goes wrong ASAP (this week).
> Update Jetspeed demo and installer to use latest Tomcat 7.x version for hardened security
> -----------------------------------------------------------------------------------------
>
> Key: JS2-1255
> URL: https://issues.apache.org/jira/browse/JS2-1255
> Project: Jetspeed 2
> Issue Type: Improvement
> Affects Versions: 2.2.1
> Reporter: Ate Douma
> Fix For: 2.2.2
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] [Issue Comment Edited] (JS2-1255) Update Jetspeed demo and
installer to use latest Tomcat 7.x version for hardened security
Posted by "Ate Douma (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13105075#comment-13105075 ]
Ate Douma edited comment on JS2-1255 at 9/15/11 2:39 AM:
---------------------------------------------------------
Agreed.
Actually, I was thinking if it maybe is time to drop Tomcat 5.x support and make Tomcat 7 the default (that is: if/when it properly works with Jetspeed, see below).
The Tomcat 6 and Tomcat 7 deployment configurations actually are the same, so doing the above would simply "collapse" our maven deploy plugin configuration and behavior into a singular one.
I've already played with this a bit trying to get it to work, and it actually turned out to be pretty trivial changes.
One specific, and major, configuration change however is required for upgrading to Tomcat 7: the server.xml connector emptySessionPath="true" attribute no longer is supported!
I discovered this while working on a similar upgrade for Pluto, see PLUTO-611
But also for this, the "fix" is pretty trivial: now a new attribute sessionCookiePath="/" needs to be configured instead on the root Context in $CATALINA_HOME/conf/context.xml
See: http://tomcat.apache.org/migration.html#Session_cookie_configuration
The nice part of this change is: its backwards compatible with Tomcat 6.0.27+ (latest Tomcat 6 already is 6.0.33, so no big deal).
Yet another reason IMO to now drop Tomcat 5.x support and support latest Tomcat 6 and 7 versions (and higher) only.
Anyway, once I did these changes, building and deploying to Tomcat 7.0.21 worked without a problem, including through a jetspeed-installer build.
However...
We have a new and more serious technical problem: (only) when trying to login on Jetspeed, the PortalSessionsManagerImpl now throws a NPE for every portlet render:
java.lang.NullPointerException
at org.apache.jetspeed.container.session.PortalSessionsManagerImpl.checkMonitorSession(PortalSessionsManagerImpl.java:226)
at org.apache.jetspeed.container.JetspeedContainerServlet.doGet(JetspeedContainerServlet.java:395)
This I haven't had time to look into yet, but it seems like Tomcat 7 is "twisting" the session/cookie handling after login in some way.
I'll try to figure out what goes wrong ASAP (this week).
was (Author: adouma):
Agreed.
Actually, I was thinking if it maybe is time to drop Tomcat 5.x support and make Tomcat 7 the default (that is: if/when it properly works with Jetspeed, see below).
The Tomcat 6 and Tomcat 7 deployment configurations actually are the same, so doing the above would simply "collapse" our maven deploy plugin configuration and behavior into a singular one.
I've already played with this a bit trying to get it to work, and it actually turned out to be pretty trivial changes.
One specific, and major, configuration change however is required for upgrading to Tomcat 7: the server.xml connector emptySessionPath="true" attribute no longer is supported!
I discovered this while working on a similar upgrade for Pluto, see PLUTO-611
But also for this, the "fix" is pretty trivial: now a new attribute sessionCookiePath="/" needs to be configured instead on the root Context in $CATALINA_HOME/conf/context.xml
See: http://tomcat.apache.org/migration.html#Session_cookie_configuration
Once I did these, building and deploying to Tomcat 7.0.21 worked without a problem, including through a jetspeed-installer build.
However...
We have a new and more serious technical problem: (only) when trying to login on Jetspeed, the PortalSessionsManagerImpl now throws a NPE for every portlet render:
java.lang.NullPointerException
at org.apache.jetspeed.container.session.PortalSessionsManagerImpl.checkMonitorSession(PortalSessionsManagerImpl.java:226)
at org.apache.jetspeed.container.JetspeedContainerServlet.doGet(JetspeedContainerServlet.java:395)
This I haven't had time to look into yet, but it seems like Tomcat 7 is "twisting" the session/cookie handling after login in some way.
I'll try to figure out what goes wrong ASAP (this week).
> Update Jetspeed demo and installer to use latest Tomcat 7.x version for hardened security
> -----------------------------------------------------------------------------------------
>
> Key: JS2-1255
> URL: https://issues.apache.org/jira/browse/JS2-1255
> Project: Jetspeed 2
> Issue Type: Improvement
> Affects Versions: 2.2.1
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2.2
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org