You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Mark Thomas <ma...@apache.org> on 2015/01/21 00:09:47 UTC
[ANN] Apache Tomcat 8.0.17 available
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.17.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.
Apache Tomcat 8.0.17 includes numerous fixes for issues identified
in 8.0.15 as well as a number of other enhancements and changes. The
notable changes since 8.0.15 include:
- Correct a regression in annotation scanning introduced in 8.0.15
- The RemoteAddrValve and RemoteHostValve can now optionally include
the port when filtering along with a new option to trigger
authentication rather than denying access
- Various edge cases fixes in WebSocket
Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
Downloads:
http://tomcat.apache.org/download-80.cgi
Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x:
http://tomcat.apache.org/migration.html
Enjoy!
- The Apache Tomcat team
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [ANN] Apache Tomcat 8.0.17 available
Posted by Rainer Jung <ra...@kippdata.de>.
Am 21.01.2015 um 04:24 schrieb Leo Donahue:
> On Tue, Jan 20, 2015 at 5:09 PM, Mark Thomas <ma...@apache.org> wrote:
>
>> The Apache Tomcat team announces the immediate availability of Apache
>> Tomcat 8.0.17.
>>
>> - The RemoteAddrValve and RemoteHostValve can now optionally include
>> the port when filtering along with a new option to trigger
>> authentication rather than denying access
>>
>>
> There are no links on the changelog page for these and I was hoping to see
> some details about why this option was added.
> "Optionally trigger authentication instead of denial in RemoteAddrValve and
> RemoteHostValve"
>
> http://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Remote_Address_Filter
> "The behavior when a request is refused can be changed to not deny but
> instead set an invalid authentication header"
>
> Example #3
> "To allow unrestricted access to port 8009, but trigger basic
> authentication if the application is accessed on another port:"
>
> I'm trying to understand this kind of setup.
>
> If an IP has been allowed to pass through via a Filter to a restricted
> resource, wouldn't the user get the container configured authentication
> dialog anyway?
The original use case was:
- the app does not have authentication configured
- the app is officially only available via an AJP connector
- for admin/testing purposes the app should be made available via an
additional http connector but only for authorized people. Normal people
must go via reverse proxy / AJP.
You can use the above for this kind of setup without "editing" the app
itself
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [ANN] Apache Tomcat 8.0.17 available
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Leo,
On 1/21/15 10:51 AM, Leo Donahue wrote:
> On Wed, Jan 21, 2015 at 9:03 AM, Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>>
>> Leo,
>>
>> On 1/20/15 10:29 PM, Leo Donahue wrote:
>>> On Tue, Jan 20, 2015 at 9:24 PM, Leo Donahue
>>> <do...@gmail.com> wrote:
>>>
>>>> On Tue, Jan 20, 2015 at 5:09 PM, Mark Thomas
>>>> <ma...@apache.org> wrote:
>>>>
>>>>> The Apache Tomcat team announces the immediate availability
>>>>> of Apache Tomcat 8.0.17.
>>>>>
>>>>> - The RemoteAddrValve and RemoteHostValve can now
>>>>> optionally include the port when filtering along with a new
>>>>> option to trigger authentication rather than denying
>>>>> access
>>>>
>>>>
>>> And if they are Valves, why do the docs still use the word
>>> "Filter"? Remote Address Filter?
>>
>> Both flavors exist: Valve and Filter.
>>
>> - -chris
>>
>
> Right... but..
>
> Everything on this page is called a Filter.
> http://tomcat.apache.org/tomcat-8.0-doc/config/filter.html
>
> Everything on this page is called a Valve, except for the two under
> Access Control.
> http://tomcat.apache.org/tomcat-8.0-doc/config/valve.html
Patches are always welcome! ;)
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJUv9H6AAoJEBzwKT+lPKRY8XIP/imkAPDZDKzyb3X3il3l+MoB
DdZl7wX6pix01xaIccUEcqhB+SwTXUMsHpdoxVeHb8gg+KkkZKPigX+Rx9V/Bght
wc97D1XxGeGWeL7/mxaG8VrpzxpkdBUDmlgu+pdVKkHwfhlEXf+VVk8ETyXUV8Wo
KHfc9DWoB5MUrqOsu40IEYaBm+mPf0nx1hTnuZtPvKmv4DnBp+7uIrLpZQVa47rC
bA/w5njJPTFLzw2fTKml7cZs2m/1r8VEX5/jFLnY4p9qWez4tRv9S4j56ZUujsZm
2Z8Ms4nb1pqZMxiON9/l16uZMUSWMMJ+LAI4bWN2jMWSB7TzM4HDbI21X0mef+34
IwA2sqE7Ca+2B+bPD18jHPVmbGoS+iOEDi5EBA64OY3mWaaxRuPn7BQXIXuk7VCr
ZKjtWPXLXGKqE/mxOR37sx/L/ZpcXu2CbyaVV56sEMCSqZ4ln1Zbn7+5D/jyTNXY
ljaN+p9azuw14C5brQdrnbVl5X+GKukXeT2r466QCNDBMM096kYmWwbLbhWRxf9T
BesjTYAF9Ej/veNevtLpEKVX6W45+2hP5iX6C2yTFOXCUxiKLnuZNrYUDQpAYvGB
3ISDh3OOxfZODjFNkVG47/BgZKdtgC+bsvurZijqusS3q69qqlje6+cHUfAFOuBv
XMNmFsb5Mvr73Po1Sca/
=sMeF
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [ANN] Apache Tomcat 8.0.17 available
Posted by Leo Donahue <do...@gmail.com>.
On Wed, Jan 21, 2015 at 9:03 AM, Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Leo,
>
> On 1/20/15 10:29 PM, Leo Donahue wrote:
> > On Tue, Jan 20, 2015 at 9:24 PM, Leo Donahue <do...@gmail.com>
> > wrote:
> >
> >> On Tue, Jan 20, 2015 at 5:09 PM, Mark Thomas <ma...@apache.org>
> >> wrote:
> >>
> >>> The Apache Tomcat team announces the immediate availability of
> >>> Apache Tomcat 8.0.17.
> >>>
> >>> - The RemoteAddrValve and RemoteHostValve can now optionally
> >>> include the port when filtering along with a new option to
> >>> trigger authentication rather than denying access
> >>
> >>
> > And if they are Valves, why do the docs still use the word
> > "Filter"? Remote Address Filter?
>
> Both flavors exist: Valve and Filter.
>
> - -chris
>
Right... but..
Everything on this page is called a Filter.
http://tomcat.apache.org/tomcat-8.0-doc/config/filter.html
Everything on this page is called a Valve, except for the two under Access
Control.
http://tomcat.apache.org/tomcat-8.0-doc/config/valve.html
Re: [ANN] Apache Tomcat 8.0.17 available
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Leo,
On 1/20/15 10:29 PM, Leo Donahue wrote:
> On Tue, Jan 20, 2015 at 9:24 PM, Leo Donahue <do...@gmail.com>
> wrote:
>
>> On Tue, Jan 20, 2015 at 5:09 PM, Mark Thomas <ma...@apache.org>
>> wrote:
>>
>>> The Apache Tomcat team announces the immediate availability of
>>> Apache Tomcat 8.0.17.
>>>
>>> - The RemoteAddrValve and RemoteHostValve can now optionally
>>> include the port when filtering along with a new option to
>>> trigger authentication rather than denying access
>>
>>
> And if they are Valves, why do the docs still use the word
> "Filter"? Remote Address Filter?
Both flavors exist: Valve and Filter.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJUv7/bAAoJEBzwKT+lPKRY4ksQAI9AkOUmSPjr3xiuQTC9KkC7
qdRzIk8K068OMq/FFMHHDv3wcFpyzvPDnUYqiUG6WXHAUFxkKbijALDYyaO4kWpj
h9ZTCQS7KvUpfYYpyhjkeByYTbDy11MxED7HZdgMS8mE+8FJCvPkgxvhfkDqLtmX
TWABaIThKAbWLQ5wzC/igywfTq4FxQu83jKZhZOz/KO0p/IzsaeFGiUwu2rfjMu7
dVtQIxaMURu5Jurk7nQ84J7cndO96LoFfXRmAHRqsw+7HpwWs+r2ZfdjBOay//O2
ptcvEcFMgDrVvg3Q2GH22RGxw2QYzmPq6V4pFxQwbgwmtbt0868qFhubM5ITAnE7
2K0/x7UqKMqRTNZn3v9FA3eTChJlBl6VhhstBfAq5TaCJYQvJPX1rmJzSsUWSFwt
BFbPepgxP00SXMa0pDVIHrUxHViX2d4VZEK7bXUDhyoJPFhseCunmlnoCfovGZDY
C2IGs8LRgn+NM3q8MZHRv/OIThimZ6zqVG6cpEQx/I4vYISr2t8TlW6LIjj6+ARN
GRne/U1cpRpZdVuLCnNKIRz88wZsbOs14mKlYI1/f4tvtd6nzVIi+L5OXOumtik2
7BWZrmW4GNVmJbMcAzpVNCaLz/kkt7fw+hmEodcDnXBpVKQxOPRDMXJrDKBUzepH
22GINdxfw6szFyKmqQr2
=Wnjb
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [ANN] Apache Tomcat 8.0.17 available
Posted by Leo Donahue <do...@gmail.com>.
On Tue, Jan 20, 2015 at 9:24 PM, Leo Donahue <do...@gmail.com> wrote:
> On Tue, Jan 20, 2015 at 5:09 PM, Mark Thomas <ma...@apache.org> wrote:
>
>> The Apache Tomcat team announces the immediate availability of Apache
>> Tomcat 8.0.17.
>>
>> - The RemoteAddrValve and RemoteHostValve can now optionally include
>> the port when filtering along with a new option to trigger
>> authentication rather than denying access
>
>
And if they are Valves, why do the docs still use the word "Filter"?
Remote Address Filter?
Re: [ANN] Apache Tomcat 8.0.17 available
Posted by Leo Donahue <do...@gmail.com>.
On Tue, Jan 20, 2015 at 5:09 PM, Mark Thomas <ma...@apache.org> wrote:
> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 8.0.17.
>
> - The RemoteAddrValve and RemoteHostValve can now optionally include
> the port when filtering along with a new option to trigger
> authentication rather than denying access
>
>
There are no links on the changelog page for these and I was hoping to see
some details about why this option was added.
"Optionally trigger authentication instead of denial in RemoteAddrValve and
RemoteHostValve"
http://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Remote_Address_Filter
"The behavior when a request is refused can be changed to not deny but
instead set an invalid authentication header"
Example #3
"To allow unrestricted access to port 8009, but trigger basic
authentication if the application is accessed on another port:"
I'm trying to understand this kind of setup.
If an IP has been allowed to pass through via a Filter to a restricted
resource, wouldn't the user get the container configured authentication
dialog anyway?