XML parsing config clean-up

[Mark Thomas <ma...@apache.org>]

All,

I think I have finished cleaning up the configuration of the XML parsers
in 7.0.x and trunk. There is one obvious difference between 7.0.x and
8.0.x and that is that 7.0.x separates enabling validation for TLDs and
enabling validation for web.xml/web-fragment.xml

I'm currently on the fence whether or not to re-introduce a TLD specific
option in 8.0.x. Thoughts?

Mark

P.S. Given the number of moving parts there is a reasonable chance I
have missed something so if you spot a problem do let me know

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: XML parsing config clean-up

[Mark Thomas <ma...@apache.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 23/11/2013 04:14, Jeremy Boynes wrote:
> On Nov 22, 2013, at 8:24 AM, Mark Thomas <ma...@apache.org> wrote:
> 
>> Signed PGP part On 22/11/2013 16:18, Jeremy Boynes wrote:
>>> On Nov 22, 2013, at 5:40 AM, Mark Thomas <ma...@apache.org>
>>> wrote:
>>> 
>>>> On 22/11/2013 13:04, Konstantin Kolinko wrote:
>>>>> 2013/11/22 Mark Thomas <ma...@apache.org>:
>>> ...
>>>> 
>>>>> It does not mention anything else.
>>>>> 
>>>>> There might be 3rd-party tag libraries that do not
>>>>> validate. I think it is good to have a separate option.
>>>> 
>>>> OK. That is enough to nudge me off the fence. I'll get that
>>>> code re-instated. Another advantage is that 7.0.x and 8.0.x
>>>> will the same code.
>>> 
>>> Is the change backward compatible in 7.0.x? E.g. does
>>> "validating" init-param for JspServlet still work?
>> 
>> Where is (was?) that in the 7.0.x code base? I can;t see it now
>> and I don't recall removing it from 7.0.x.
> 
> This was the change: 
> http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/jasper/EmbeddedServletOptions.java?r1=1155369&r2=1544198&diff_format=h
>
>  Looking at the code, it looks the option wouldn't work in the
> first place as the default value in ParserUtils is false and ESO
> never sets the value true.

I did a little digging and it has been like that for all of 6.0.x and
all of 7.0.x. Given that there have been no bug reports, I'm confident
that no-one has been trying to use that feature. I also couldn't find
any documentation on it. Therefore, I'm happy removing the code.

Mark

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSkxq4AAoJEBDAHFovYFnngJsP/1PeBZEl0R3jSdtRNheV/EaK
jOc8IjBEbH80Wh1iAJjiW6Z6FVPvfvZiwlMEvMgHCGePTHX3LYx8NnHetWDlyv2J
HUiq7PTeetjdK/sG6jpKZ+hdaWYBXNlh/nPrCgj+XQrIoxGFRUVUjtoZrECNNEfz
H+oRPvH/j5cqGqk40l/0Bpo+f+vo9+pqoEh7PEtf+nc3XVNXOJkcmZ4zJ+t7BIjg
zZQghd6HjFYd0R/rts0eSw1UaJAl57WpMkGDf5mO9oUDyMW44POgU1VKUMoDbalv
t5Cgzd1u5sHMy281bhB3eiEXaMF5I/cpfcYbO53qt9wvx3kulvF3FdrpxKn698Am
HZMmJFvP9AXM+amMf4eZwjhfWJsr9ukqOE8MB3K6Hy4L2+QPeKUrW2qseVb+teov
w6t/joe7TNTqtUrgLWCZf9VWvNct9pdHOAzOWWgZkBZ2AtjL6yAWGZGeE1i8dBhL
ARhZKot+F80l8JA+SH0TITMw15i1m3Uw02HZWy+wJykE/ju5F/Ypg8+G1451lmX8
E97mo1VMiT0vWwFJNQNEU65k9F5x2hwQ1MYAG2bii67zWsuVSz/pWRa3xmduSYJL
40nSbOuvmMfNevYEfjvAQ1wIVZa9B0FxiMcNHutiysOBExaDq5em6uoeXpw7yVEX
eHZUQRWTcgnKfpn6Ytl7
=1Ae9
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: XML parsing config clean-up

[Jeremy Boynes <jb...@apache.org>]

On Nov 22, 2013, at 8:24 AM, Mark Thomas <ma...@apache.org> wrote:

> Signed PGP part
> On 22/11/2013 16:18, Jeremy Boynes wrote:
> > On Nov 22, 2013, at 5:40 AM, Mark Thomas <ma...@apache.org> wrote:
> >
> >> On 22/11/2013 13:04, Konstantin Kolinko wrote:
> >>> 2013/11/22 Mark Thomas <ma...@apache.org>:
> > ...
> >>
> >>> It does not mention anything else.
> >>>
> >>> There might be 3rd-party tag libraries that do not validate. I
> >>> think it is good to have a separate option.
> >>
> >> OK. That is enough to nudge me off the fence. I'll get that code
> >> re-instated. Another advantage is that 7.0.x and 8.0.x will the
> >> same code.
> >
> > Is the change backward compatible in 7.0.x? E.g. does "validating"
> > init-param for JspServlet still work?
> 
> Where is (was?) that in the 7.0.x code base? I can;t see it now and I
> don't recall removing it from 7.0.x.

This was the change:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/jasper/EmbeddedServletOptions.java?r1=1155369&r2=1544198&diff_format=h

Looking at the code, it looks the option wouldn't work in the first place as the default value in ParserUtils is false and ESO never sets the value true.

Cheers
Jeremy

Re: XML parsing config clean-up

[Mark Thomas <ma...@apache.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 22/11/2013 16:18, Jeremy Boynes wrote:
> On Nov 22, 2013, at 5:40 AM, Mark Thomas <ma...@apache.org> wrote:
> 
>> On 22/11/2013 13:04, Konstantin Kolinko wrote:
>>> 2013/11/22 Mark Thomas <ma...@apache.org>:
> ...
>> 
>>> It does not mention anything else.
>>> 
>>> There might be 3rd-party tag libraries that do not validate. I
>>> think it is good to have a separate option.
>> 
>> OK. That is enough to nudge me off the fence. I'll get that code 
>> re-instated. Another advantage is that 7.0.x and 8.0.x will the
>> same code.
> 
> Is the change backward compatible in 7.0.x? E.g. does "validating"
> init-param for JspServlet still work?

Where is (was?) that in the 7.0.x code base? I can;t see it now and I
don't recall removing it from 7.0.x.

Mark

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSj4VHAAoJEBDAHFovYFnnhzIQAMy+9lLs+p28v4df0UsXPP3+
kGTKnR9RXu3dlqKWk7sIcpyq58OFs3NdpqPX0MeE4fAvWpyewiLw+JtwUcl9o/OY
omL3LFxL7mMvpczeOEAQLcZbuvJAvQRPjhr1bOOQK2A1Ewr7eMbmdsiZwgEUVi9c
zo4qVbYtRk+TtzN2Yvzec1p6y3p98Yp0FUgEQ3zXM8d9fL+GlZKuGyxsU8wL96FN
Cf1poZn33d4Q/Vn+829sbLaw6+sqzG/XBL7EnhR5ouYgsF70N3jIsqyNLCecdf2t
3PYgUFTYNoPA8509UOcxvYnPiPBh9H9Rh8U+YP+RxRxJ/cBZ5uwlPCHJEhU/v7aU
hQBwZEHAGs3/GUxnJYsRSAzuS6h9RHYxy3uXzFkk00Ztd/C5OMZ4mdkJH+OTAkLd
SYa+CPrWxeBZdEHIY35iS8r5EQXZCa5SNbP+c7LuL+FlU04aquSgM/6ebE5Fz490
tGSIwn/SjgisFyzivni1zmbrzHcYod3P1Zh/3ohV/vGyrIxGXKdEKRT6bA+L9aB3
PZRZSqxXAgWUo+v3b22HtLR1iDyPWjV6HUuPRIna0b8KNxozCmO0ReYuDkELPqEI
3KrZTN7u785Iv7FNVbRr1GzRdggYfyEOyAoJ7srg6aRa28qflNcJ983kx1Hzi+fj
OgAfzuZ4c2dPeAK+n30H
=kljq
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: XML parsing config clean-up

[Jeremy Boynes <jb...@apache.org>]

On Nov 22, 2013, at 5:40 AM, Mark Thomas <ma...@apache.org> wrote:

> On 22/11/2013 13:04, Konstantin Kolinko wrote:
>> 2013/11/22 Mark Thomas <ma...@apache.org>:
...
> 
>> It does not mention anything else.
>> 
>> There might be 3rd-party tag libraries that do not validate. I think
>> it is good to have a separate option.
> 
> OK. That is enough to nudge me off the fence. I'll get that code
> re-instated. Another advantage is that 7.0.x and 8.0.x will the same code.

Is the change backward compatible in 7.0.x? E.g. does "validating" init-param for JspServlet still work?

Re: XML parsing config clean-up

[Mark Thomas <ma...@apache.org>]

On 22/11/2013 13:04, Konstantin Kolinko wrote:
> 2013/11/22 Mark Thomas <ma...@apache.org>:
>> All,
>>
>> I think I have finished cleaning up the configuration of the XML parsers
>> in 7.0.x and trunk. There is one obvious difference between 7.0.x and
>> 8.0.x and that is that 7.0.x separates enabling validation for TLDs and
>> enabling validation for web.xml/web-fragment.xml
>>
>> I'm currently on the fence whether or not to re-introduce a TLD specific
>> option in 8.0.x. Thoughts?
>>
> 
> When we run in "strict compliance" mode we have to enable validation
> for web.xml.
> 
> Do we need to enable validation for TLD files at the same time?
> I am OK with enabling it, but ch.15.4.3 only mentions validating the
> deployment descriptor.

7.0.x enables validation for TLDs with strict compliance and no-one has
complained so I am also happy with leaving this as the default.

> It does not mention anything else.
> 
> There might be 3rd-party tag libraries that do not validate. I think
> it is good to have a separate option.

OK. That is enough to nudge me off the fence. I'll get that code
re-instated. Another advantage is that 7.0.x and 8.0.x will the same code.

> BTW, it seems there have been no changelog.xml entry for adding the
> new option in r1544477

Thanks, I'll fix that too.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: XML parsing config clean-up

[Konstantin Kolinko <kn...@gmail.com>]

2013/11/22 Mark Thomas <ma...@apache.org>:
> All,
>
> I think I have finished cleaning up the configuration of the XML parsers
> in 7.0.x and trunk. There is one obvious difference between 7.0.x and
> 8.0.x and that is that 7.0.x separates enabling validation for TLDs and
> enabling validation for web.xml/web-fragment.xml
>
> I'm currently on the fence whether or not to re-introduce a TLD specific
> option in 8.0.x. Thoughts?
>

When we run in "strict compliance" mode we have to enable validation
for web.xml.

Do we need to enable validation for TLD files at the same time?
I am OK with enabling it, but ch.15.4.3 only mentions validating the
deployment descriptor.
It does not mention anything else.

There might be 3rd-party tag libraries that do not validate. I think
it is good to have a separate option.


BTW, it seems there have been no changelog.xml entry for adding the
new option in r1544477


Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org