You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by han hongfang <ha...@gmail.com> on 2011/09/19 07:43:48 UTC
[Discussion] why does geronimo set org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true?
Hi devs,
When I look into the https://issues.apache.org/jira/browse/GERONIMO-6127, I
notice that in \trunk\plugins\tomcat\tomcat7\src\main\plan\plan.xml,
geronimo sets org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true, but it is
false in tomcat by default. This causes the spring sample travel works well
in tomcat, but has homepage access issue (404 error) in geronimo.
Could somebody give me a hint why geronimo explicitly sets
org.apache.catalina.STRICT_SERVLET_COMPLIANCE as true? Does the default
value false lead to any problem?
--
Best regards,
Han Hong Fang (Janet)
hanhongfang AT apache.org
Re: [Discussion] why does geronimo set org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true?
Posted by Russell E Glaue <rg...@cait.org>.
Reading the notes on this:
http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification
-
Note that changing a number of the above defaults is likely to break the
majority of systems as some browsers are unable to correctly handle the cookie
headers that result from a strict adherence to the specifications.
-
Sounds like it is necessary to keep this false, for now. And I am not sure why
it would have been set to true, except for one guess... that is if it was set to
true while developing Geronimo 3.0 to help ensure our development process does a
better job at building a compliant server.
-
Defaults, regardless of whether or not they have been changed by setting
org.apache.catalina.STRICT_SERVLET_COMPLIANCE can always be overridden by
explicitly setting the appropriate system property or element attribut
-
So the user can always change it back to true by just setting a system variable.
Perhaps we can put this variable in to the start scripts, but commented out. And
add a note that FALSE is the default value, but the admin user can override that
value by uncommenting the line.
e.g.:
# STRICT_SERVLET_COMPLIANCE is false by default. You can override this
# by uncommenting the following line.
# See: http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification
#GERONOMO_OPTS="${GERONOMO_OPTS}
-Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true"
So, changing this would not seem to be a problem since it is easily revertable
by the end user.
-RG
On 09/23/2011 09:59 AM, Russell E Glaue wrote:
> IMO, as long as the change does not make cross-compatibility between tomcat and
> jetty containers any worse, and the same TCK cases still pass in both containers
> after any change, the change should be fine.
> Also, IMO, I think it is better to have this change in before the 3.0-beta release.
>
> -RG
>
>
> On 09/23/2011 09:03 AM, han hongfang wrote:
>> Hi devs,
>>
>> Some update for this topic.
>>
>> I set org.apache.catalina.STRICT_SERVLET_COMPLIANCE=false (just as the default
>> value in tomcat), and then run the servlet package of TCK, only two cases failed.
>>
>> http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification
>> shows the value of org.apache.catalina.STRICT_SERVLET_COMPLIANCE has effect on
>> several other properties. Looking into tomcat source code, most of the
>> properties being effected take the value of
>> org.apache.catalina.STRICT_SERVLET_COMPLIANCE only if these properties are NOT
>> explicitly set. By setting the following properties as true, above-mentioned
>> failed TCK cases pass as well.
>>
>> org.apache.catalina.core.ApplicationContext.GET_RESOURCE_REQUIRE_SLASH=true
>> org.apache.catalina.core.ApplicationDispatcher.WRAP_SAME_OBJECT=true
>> org.apache.catalina.core.StandardHostValve.ACCESS_SESSION=true
>> org.apache.catalina.session.StandardSession.ACTIVITY_CHECK=true
>> org.apache.catalina.session.StandardSession.LAST_ACCESS_AT_START=true
>>
>> I also tried in jetty v8.0.1.v20110908 and geronimo-jetty trunk, travel sample
>> runs successfully. Both of them have no homepage access issue (i.e., 404 error).
>>
>> Any objection to set org.apache.catalina.STRICT_SERVLET_COMPLIANCE=false in
>> geronimo tomcat?
>>
>> Best regards,
>>
>> Han Hong Fang (Janet)
>> hanhongfang AT apache.org <http://apache.org>
>>
>>
Re: [Discussion] why does geronimo set org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true?
Posted by Russell E Glaue <rg...@cait.org>.
IMO, as long as the change does not make cross-compatibility between tomcat and
jetty containers any worse, and the same TCK cases still pass in both containers
after any change, the change should be fine.
Also, IMO, I think it is better to have this change in before the 3.0-beta release.
-RG
On 09/23/2011 09:03 AM, han hongfang wrote:
> Hi devs,
>
> Some update for this topic.
>
> I set org.apache.catalina.STRICT_SERVLET_COMPLIANCE=false (just as the default
> value in tomcat), and then run the servlet package of TCK, only two cases failed.
>
> http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification
> shows the value of org.apache.catalina.STRICT_SERVLET_COMPLIANCE has effect on
> several other properties. Looking into tomcat source code, most of the
> properties being effected take the value of
> org.apache.catalina.STRICT_SERVLET_COMPLIANCE only if these properties are NOT
> explicitly set. By setting the following properties as true, above-mentioned
> failed TCK cases pass as well.
>
> org.apache.catalina.core.ApplicationContext.GET_RESOURCE_REQUIRE_SLASH=true
> org.apache.catalina.core.ApplicationDispatcher.WRAP_SAME_OBJECT=true
> org.apache.catalina.core.StandardHostValve.ACCESS_SESSION=true
> org.apache.catalina.session.StandardSession.ACTIVITY_CHECK=true
> org.apache.catalina.session.StandardSession.LAST_ACCESS_AT_START=true
>
> I also tried in jetty v8.0.1.v20110908 and geronimo-jetty trunk, travel sample
> runs successfully. Both of them have no homepage access issue (i.e., 404 error).
>
> Any objection to set org.apache.catalina.STRICT_SERVLET_COMPLIANCE=false in
> geronimo tomcat?
>
> Best regards,
>
> Han Hong Fang (Janet)
> hanhongfang AT apache.org <http://apache.org>
>
>
Re: [Discussion] why does geronimo set org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true?
Posted by han hongfang <ha...@gmail.com>.
Hi devs,
Some update for this topic.
I set org.apache.catalina.STRICT_SERVLET_COMPLIANCE=false (just as the
default value in tomcat), and then run the servlet package of TCK, only two
cases failed.
http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specificationshows
the value of org.apache.catalina.STRICT_SERVLET_COMPLIANCE has effect
on several other properties. Looking into tomcat source code, most of the
properties being effected take the value of
org.apache.catalina.STRICT_SERVLET_COMPLIANCE only if these properties are
NOT explicitly set. By setting the following properties as true,
above-mentioned failed TCK cases pass as well.
org.apache.catalina.core.ApplicationContext.GET_RESOURCE_REQUIRE_SLASH=true
org.apache.catalina.core.ApplicationDispatcher.WRAP_SAME_OBJECT=true
org.apache.catalina.core.StandardHostValve.ACCESS_SESSION=true
org.apache.catalina.session.StandardSession.ACTIVITY_CHECK=true
org.apache.catalina.session.StandardSession.LAST_ACCESS_AT_START=true
I also tried in jetty v8.0.1.v20110908 and geronimo-jetty trunk, travel
sample runs successfully. Both of them have no homepage access issue (i.e.,
404 error).
Any objection to set org.apache.catalina.STRICT_SERVLET_COMPLIANCE=false in
geronimo tomcat?
Best regards,
Han Hong Fang (Janet)
hanhongfang AT apache.org
Re: [Discussion] why does geronimo set org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true?
Posted by han hongfang <ha...@gmail.com>.
Rainer, thanks for the link, which shows STRICT_SERVLET_COMPLIANCE has
impact on dozens of other properties and serveral attributes of any context.
On Tue, Sep 20, 2011 at 4:01 AM, Rainer Jung <ra...@kippdata.de>wrote:
> Just in case you wonder what STRICT_SERVLET_COMPLIANCE actually means
> for Tomcat: you can find some details under
>
>
> http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification
>
> Regards,
>
> Rainer
>
--
Best regards,
Han Hong Fang (Janet)
hanhongfang AT apache.org
Re: [Discussion] why does geronimo set org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true?
Posted by Rainer Jung <ra...@kippdata.de>.
Just in case you wonder what STRICT_SERVLET_COMPLIANCE actually means
for Tomcat: you can find some details under
http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification
Regards,
Rainer
Re: [Discussion] why does geronimo set org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true?
Posted by han hongfang <ha...@gmail.com>.
Thank Russell for the comprehensive explanation.
On Tue, Sep 20, 2011 at 3:33 AM, Russell E Glaue <rg...@cait.org> wrote:
> I do not know the answer, but have two suggestions as why this is
> necessary.
>
> 1. First, we should be trying to make servlet compliance identical (as much
> as
> possible) between Jetty and Tomcat, and any future Servlet container. Being
> strict can better ensure cross-servlet-container compatibility.
>
> 2. I would assume the ...STRICT_COMPLIANCE=false allows the software to be
> forgiving to users that may use older syntax, or to make the servlet more
> backwards compatible.
>
> I would suggest that unless necessary to do otherwise, we should always
> observe
> strict compliance. Strict Compliance should be interpreted as requiring the
> exact unforgiving syntax for servlet compliance.
>
> I would also suggest that if the spring sample travel does not work well in
> the
> latest version of tomcat under Geronimo, that it be updated to meet the
> current
> specific strict servlet requirements.
> Perhaps one reason tomcat has SERVLET_COMPLIANE=false is to make the older
> sample webapps compliant so that time was not spent on upgrading the old
> webapp.
> And perhaps this webapp is an example for the reason why the tomcat has
> this set
> to false by default in the first place.
>
> IMO, Better to be strict and enforce compliance, because at some point the
> old
> deprecated syntax has to go away. And with current configuration, we alert
> the
> Geronimo admin about the uncompliant configuration, and they can choose to
> fix
> the compliance issue, and set the STRICT_COMPLIANCE flag to false and have
> some
> breathing room time to fix the issue.
>
> -RG
>
>
> On 09/19/2011 12:43 AM, han hongfang wrote:
> > Hi devs,
> >
> > When I look into the https://issues.apache.org/jira/browse/GERONIMO-6127,
> I
> > notice that in \trunk\plugins\tomcat\tomcat7\src\main\plan\plan.xml,
> geronimo
> > sets org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true, but it is false
> in
> > tomcat by default. This causes the spring sample travel works well in
> tomcat,
> > but has homepage access issue (404 error) in geronimo.
> >
> > Could somebody give me a hint why geronimo explicitly sets
> > org.apache.catalina.STRICT_SERVLET_COMPLIANCE as true? Does the default
> value
> > false lead to any problem?
> >
> > --
> > Best regards,
> >
> > Han Hong Fang (Janet)
> > hanhongfang AT apache.org <http://apache.org>
> >
> >
>
--
Best regards,
Han Hong Fang (Janet)
hanhongfang AT apache.org
Re: [Discussion] why does geronimo set org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true?
Posted by Russell E Glaue <rg...@cait.org>.
I do not know the answer, but have two suggestions as why this is necessary.
1. First, we should be trying to make servlet compliance identical (as much as
possible) between Jetty and Tomcat, and any future Servlet container. Being
strict can better ensure cross-servlet-container compatibility.
2. I would assume the ...STRICT_COMPLIANCE=false allows the software to be
forgiving to users that may use older syntax, or to make the servlet more
backwards compatible.
I would suggest that unless necessary to do otherwise, we should always observe
strict compliance. Strict Compliance should be interpreted as requiring the
exact unforgiving syntax for servlet compliance.
I would also suggest that if the spring sample travel does not work well in the
latest version of tomcat under Geronimo, that it be updated to meet the current
specific strict servlet requirements.
Perhaps one reason tomcat has SERVLET_COMPLIANE=false is to make the older
sample webapps compliant so that time was not spent on upgrading the old webapp.
And perhaps this webapp is an example for the reason why the tomcat has this set
to false by default in the first place.
IMO, Better to be strict and enforce compliance, because at some point the old
deprecated syntax has to go away. And with current configuration, we alert the
Geronimo admin about the uncompliant configuration, and they can choose to fix
the compliance issue, and set the STRICT_COMPLIANCE flag to false and have some
breathing room time to fix the issue.
-RG
On 09/19/2011 12:43 AM, han hongfang wrote:
> Hi devs,
>
> When I look into the https://issues.apache.org/jira/browse/GERONIMO-6127, I
> notice that in \trunk\plugins\tomcat\tomcat7\src\main\plan\plan.xml, geronimo
> sets org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true, but it is false in
> tomcat by default. This causes the spring sample travel works well in tomcat,
> but has homepage access issue (404 error) in geronimo.
>
> Could somebody give me a hint why geronimo explicitly sets
> org.apache.catalina.STRICT_SERVLET_COMPLIANCE as true? Does the default value
> false lead to any problem?
>
> --
> Best regards,
>
> Han Hong Fang (Janet)
> hanhongfang AT apache.org <http://apache.org>
>
>