geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Sisson <jrsis...@gmail.com>
Subject Re: PATCH from GERONIMO-2006
Date Tue, 23 May 2006 22:39:55 GMT
+1 to fixing

John

David Jencks wrote:
> I'd like to apply the patch 
> http://issues.apache.org/jira/secure/attachment/12334350/GERONIMO-2006.patch 
>
>
> from http://issues.apache.org/jira/browse/GERONIMO-2006
>
> It fixes a buffer overflow problem in tomcat (which presumably doesn't 
> need a vote since it's a bug fix) and does some simple checks on the 
> plan you supply to upgrade the plan if it is clearly a 1.0 plan.
>
> here's my +1.  I'd like to know if it counts, see my separate post 
> asking about this.
>
> here's the text of the patch: again I'd like to know if this is 
> required or if the link to the jira issue is sufficient.
>
> Thanks
> david jencks
>
>
> Index: applications/console-standard/project.xml
> ===================================================================
> --- applications/console-standard/project.xml    (revision 407792)
> +++ applications/console-standard/project.xml    (working copy)
> @@ -92,6 +92,11 @@
>          </dependency>
>          <dependency>
>              <groupId>geronimo</groupId>
> +            <artifactId>geronimo-upgrade</artifactId>
> +            <version>${pom.currentVersion}</version>
> +        </dependency>
> +        <dependency>
> +            <groupId>geronimo</groupId>
>              <artifactId>geronimo-deploy-jsr88</artifactId>
>              <version>${pom.currentVersion}</version>
>          </dependency>
> Index: 
> applications/console-standard/src/java/org/apache/geronimo/console/configmanager/PlanExportServlet.java

>
> ===================================================================
> --- 
> applications/console-standard/src/java/org/apache/geronimo/console/configmanager/PlanExportServlet.java
   
> (revision 0)
> +++ 
> applications/console-standard/src/java/org/apache/geronimo/console/configmanager/PlanExportServlet.java
   
> (revision 0)
> @@ -0,0 +1,41 @@
> +/**
> +*
> +* Copyright 2006 The Apache Software Foundation
> +*
> +*  Licensed under the Apache License, Version 2.0 (the "License");
> +*  you may not use this file except in compliance with the License.
> +*  You may obtain a copy of the License at
> +*
> +*     http://www.apache.org/licenses/LICENSE-2.0
> +*
> +*  Unless required by applicable law or agreed to in writing, software
> +*  distributed under the License is distributed on an "AS IS" BASIS,
> +*  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 
> implied.
> +*  See the License for the specific language governing permissions and
> +*  limitations under the License.
> +*/
> +package org.apache.geronimo.console.configmanager;
> +
> +import javax.servlet.ServletException;
> +import javax.servlet.http.HttpServlet;
> +import javax.servlet.http.HttpServletRequest;
> +import javax.servlet.http.HttpServletResponse;
> +import java.io.IOException;
> +
> +/**
> +* Servlet that lets you download a migrated plan
> +*
> +* @version $Rev$ $Date$
> +*/
> +public class PlanExportServlet extends HttpServlet {
> +   protected void doPost(HttpServletRequest request, 
> HttpServletResponse response) throws ServletException, IOException {
> +       String migratedPlan = request.getParameter("migratedPlan");
> +       if (migratedPlan == null) {
> +           response.sendError(HttpServletResponse.SC_BAD_REQUEST);
> +       } else {
> +           response.setContentType("application/x-unknown");
> +           response.addHeader("Content-Disposition", "attachment; 
> filename=migrated-plan.xml");
> +           response.getOutputStream().write(migratedPlan.getBytes());
> +       }
> +   }
> +}
>
> Property changes on: 
> applications/console-standard/src/java/org/apache/geronimo/console/configmanager/PlanExportServlet.java

>
> ___________________________________________________________________
> Name: svn:mime-type
>    + text/plain
> Name: svn:keywords
>    + Date Author Id Revision HeadURL
> Name: svn:eol-style
>    + native
>
> Index: 
> applications/console-standard/src/java/org/apache/geronimo/console/configmanager/DeploymentPortlet.java

>
> ===================================================================
> --- 
> applications/console-standard/src/java/org/apache/geronimo/console/configmanager/DeploymentPortlet.java
   
> (revision 407792)
> +++ 
> applications/console-standard/src/java/org/apache/geronimo/console/configmanager/DeploymentPortlet.java
   
> (working copy)
> @@ -17,8 +17,11 @@
> package org.apache.geronimo.console.configmanager;
> +import java.io.ByteArrayInputStream;
> import java.io.File;
> +import java.io.FileInputStream;
> import java.io.IOException;
> +import java.io.StringWriter;
> import java.util.Iterator;
> import java.util.List;
> import java.util.ArrayList;
> @@ -34,6 +37,9 @@
> import javax.portlet.PortletRequestDispatcher;
> import javax.portlet.RenderRequest;
> import javax.portlet.RenderResponse;
> +import javax.xml.parsers.DocumentBuilder;
> +import javax.xml.parsers.DocumentBuilderFactory;
> +
> import org.apache.commons.fileupload.FileItem;
> import org.apache.commons.fileupload.FileUploadException;
> import org.apache.commons.fileupload.disk.DiskFileItemFactory;
> @@ -43,17 +49,21 @@
> import org.apache.geronimo.deployment.plugin.ConfigIDExtractor;
> import org.apache.geronimo.common.DeploymentException;
> import org.apache.geronimo.kernel.repository.Artifact;
> +import org.apache.geronimo.upgrade.Upgrade1_0To1_1;
> +import org.w3c.dom.Document;
> public class DeploymentPortlet extends BasePortlet {
> +    private static final String DEPLOY_VIEW          = 
> "/WEB-INF/view/configmanager/deploy.jsp";
> +    private static final String HELP_VIEW            = 
> "/WEB-INF/view/configmanager/deployHelp.jsp";
> +    private static final String MIGRATED_PLAN_PARM   = "migratedPlan";
> +    private static final String ORIGINAL_PLAN_PARM   = "originalPlan";
> +    private static final String FULL_STATUS_PARM     = 
> "fullStatusMessage";
> +    private static final String ABBR_STATUS_PARM     = 
> "abbrStatusMessage";
>      private PortletRequestDispatcher deployView;
> -
>      private PortletRequestDispatcher helpView;
> -    private boolean messageNotRendered = true;
> -
>      public void processAction(ActionRequest actionRequest,
>                                ActionResponse actionResponse) throws 
> PortletException, IOException {
> -        messageNotRendered = true;
>          if (!PortletFileUpload.isMultipartContent(actionRequest)) {
>              throw new PortletException("Expected file upload");
>          }
> @@ -107,6 +117,7 @@
>              throw new PortletException(e);
>          }
>          DeploymentFactoryManager dfm = 
> DeploymentFactoryManager.getInstance();
> +        FileInputStream fis = null;
>          try {
>              DeploymentManager mgr = 
> dfm.getDeploymentManager("deployer:geronimo:inVM", null, null);
>              try {
> @@ -128,23 +139,58 @@
>                  while(progress.getDeploymentStatus().isRunning()) {
>                      Thread.sleep(100);
>                  }
> -
> +
> +                String abbrStatusMessage;
> +                String fullStatusMessage = null;
>                  if(progress.getDeploymentStatus().isCompleted()) {
> -                    String message = "The application was 
> successfully "+(isRedeploy ? "re" : "")+"deployed.<br/>";
> +                    abbrStatusMessage = "The application was 
> successfully "+(isRedeploy ? "re" : "")+"deployed.<br/>";
>                      // start installed app/s
>                      if (!isRedeploy && startApp != null && 
> !startApp.equals("")) {
>                          progress = 
> mgr.start(progress.getResultTargetModuleIDs());
>                          
> while(progress.getDeploymentStatus().isRunning()) {
>                              Thread.sleep(100);
>                          }
> -                        message+="The application was successfully 
> started";
> +                        abbrStatusMessage+="The application was 
> successfully started";
>                      }
> -                    
> actionResponse.setRenderParameter("outcome",message);
>                  } else {
> -                    actionResponse.setRenderParameter("outcome", 
> "Deployment failed: "+progress.getDeploymentStatus().getMessage());
> +                    fullStatusMessage = 
> progress.getDeploymentStatus().getMessage();
> +                    // for the abbreviated status message clip off 
> everything
> +                    // after the first line, which in most cases 
> means the gnarly stacktrace
> +                    abbrStatusMessage = "Deployment failed:<br/>"
> +                                      + 
> fullStatusMessage.substring(0, fullStatusMessage.indexOf('\n'));
> +                    // try to provide an upgraded version of the plan
> +                    try {
> +                        if (planFile != null && planFile.exists()) {
> +                            byte[] plan = new byte[(int) 
> planFile.length()];
> +                            fis = new FileInputStream(planFile);
> +                            fis.read(plan);
> +                            DocumentBuilder documentBuilder = 
> DocumentBuilderFactory.newInstance().newDocumentBuilder();
> +                            Document doc = documentBuilder.parse(new 
> ByteArrayInputStream(plan));
> +                            // v1.1 switched from configId to moduleId
> +                            String configId = 
> doc.getDocumentElement().getAttribute("configId");
> +                            if (configId != null && 
> !("".equals(configId))) {
> +                                StringWriter sw = new StringWriter();
> +                                new Upgrade1_0To1_1().upgrade(new 
> ByteArrayInputStream(plan), sw);
> +                                // have to store the original and 
> upgraded plans in the session
> +                                // because the buffer size for render 
> parameters is sometimes not
> +                                // big enough
> +                                
> actionRequest.getPortletSession().setAttribute(MIGRATED_PLAN_PARM, 
> sw.getBuffer());
> +                                
> actionRequest.getPortletSession().setAttribute(ORIGINAL_PLAN_PARM, new 
> String(plan));
> +                            }
> +                        }
> +                    } catch (Exception e) {
> +                        // cannot provide a migrated plan in this 
> case, most likely
> +                        // because the deployment plan would not 
> parse. a valid
> +                        // status message has already been provided 
> in this case
> +                    }
>                  }
> +                // have to store the status messages in the portlet 
> session
> +                // because the buffer size for render parameters is 
> sometimes not big enough
> +                
> actionRequest.getPortletSession().setAttribute(FULL_STATUS_PARM, 
> fullStatusMessage);
> +                
> actionRequest.getPortletSession().setAttribute(ABBR_STATUS_PARM, 
> abbrStatusMessage);
>              } finally {
>                  mgr.release();
> +                if (fis!=null) fis.close();
>              }
>          } catch (Exception e) {
>              throw new PortletException(e);
> @@ -184,14 +230,24 @@
>      protected void doView(RenderRequest renderRequest,
>                            RenderResponse renderResponse) throws 
> PortletException, IOException {
> -        if (messageNotRendered) {
> -            renderRequest.setAttribute("outcome", renderRequest
> -                    .getParameter("outcome"));
> -            messageNotRendered = false;
> -        }
> +        // The deployment plans and messages from the deployers 
> sometime exceeds
> +        // the buffer size for render attributes. To avoid the buffer
> +        // overrun the render attributes are temporarily stored in 
> the portlet
> +        // session during the processAction phase and then copied 
> into render
> +        // attributes here so the JSP has easier access to them. This 
> seems
> +        // to only be an issue on tomcat.
> +        copyRenderAttribute(renderRequest, FULL_STATUS_PARM);
> +        copyRenderAttribute(renderRequest, ABBR_STATUS_PARM);
> +        copyRenderAttribute(renderRequest, MIGRATED_PLAN_PARM);
> +        copyRenderAttribute(renderRequest, ORIGINAL_PLAN_PARM);
>          deployView.include(renderRequest, renderResponse);
> -        // clear previous message for next rendering
>      }
> +
> +    private void copyRenderAttribute(RenderRequest renderRequest, 
> String attr) {
> +        Object value = 
> renderRequest.getPortletSession().getAttribute(attr);
> +        renderRequest.getPortletSession().removeAttribute(attr);
> +        renderRequest.setAttribute(attr, value);
> +    }
>      protected void doHelp(RenderRequest renderRequest,
>                            RenderResponse renderResponse) throws 
> PortletException, IOException {
> @@ -200,8 +256,8 @@
>      public void init(PortletConfig portletConfig) throws 
> PortletException {
>          super.init(portletConfig);
> -        deployView = 
> portletConfig.getPortletContext().getRequestDispatcher("/WEB-INF/view/configmanager/deploy.jsp");

>
> -        helpView = 
> portletConfig.getPortletContext().getRequestDispatcher("/WEB-INF/view/configmanager/deployHelp.jsp");

>
> +        deployView = 
> portletConfig.getPortletContext().getRequestDispatcher(DEPLOY_VIEW);
> +        helpView = 
> portletConfig.getPortletContext().getRequestDispatcher(HELP_VIEW);
>      }
>      public void destroy() {
> Index: 
> applications/console-standard/src/webapp/WEB-INF/view/configmanager/deploy.jsp 
>
> ===================================================================
> --- 
> applications/console-standard/src/webapp/WEB-INF/view/configmanager/deploy.jsp    
> (revision 407792)
> +++ 
> applications/console-standard/src/webapp/WEB-INF/view/configmanager/deploy.jsp    
> (working copy)
> @@ -1,9 +1,67 @@
> -<%@ page import="java.io.PrintWriter"%>
> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
> <%@ taglib uri="http://java.sun.com/portlet" prefix="portlet"%>
> <portlet:defineObjects/>
> -<c:if test="${! outcome}"><pre>${outcome}</pre></c:if>
> +<script>
> +// toggle the display state of an element
> +function <portlet:namespace/>toggleDisplay(id) {
> +  var element = document.getElementById("<portlet:namespace/>"+id);
> +  if (element.style.display == 'inline') {
> +      element.style.display='none';
> +  } else {
> +      element.style.display='inline';
> +  }
> +}
> +</script>
> +
> +<!-- Abbreviated status message -->
> +<c:if test="${!(empty abbrStatusMessage)}">
> +    <div id="<portlet:namespace/>abbrStatusMessage" 
> style="display:inline">
> +     ${abbrStatusMessage}<br/>
> +    <c:if test="${!(empty fullStatusMessage)}">
> +    <button 
> onclick="<portlet:namespace/>toggleDisplay('fullStatusMessage');<portlet:namespace/>toggleDisplay('abbrStatusMessage');return

> false;">Show full details</button>
> +    </c:if>
> +    </div>
> +</c:if>
> +<!-- Full status message -->
> +<c:if test="${!(empty fullStatusMessage)}">
> +    <div id="<portlet:namespace/>fullStatusMessage" 
> style="display:none">
> +    <pre>
> +<c:out escapeXml="true" value="${fullStatusMessage}"/>
> +    </pre>
> +    </div>
> +</c:if>
> +
> +<P/>
> +
> +<!-- Migrated Plan -->
> +<c:if test="${!(empty migratedPlan)}">
> +<hr/><br/>
> +The deployment plan you provided appears to be for a previous version of
> +the application server.
> +A migrated version of your plan is provided below for your 
> convenience.  Not all
> +deployment plans can be fully migrated so some manual editing may be 
> required
> +before the migrated plan can be deployed.
> +<p/>
> +<div id="<portlet:namespace/>migratedPlan" style="display:inline">
> +Migrated plan:
> +<form method="POST" action="/console/plan-export">
> +    <textarea name="migratedPlan" rows=10 cols=80><c:out 
> escapeXml="true" value="${migratedPlan}"/></textarea>
> +    <br/>
> +    <button 
> onclick="<portlet:namespace/>toggleDisplay('originalPlan');<portlet:namespace/>toggleDisplay('migratedPlan');return

> false;">Show original plan</button>
> +    <input type="submit" value="Save this plan locally"/>
> +</form>
> +</div>
> +<div id="<portlet:namespace/>originalPlan" style="display:none">
> +Original plan:
> +<form>
> +    <textarea rows=10 cols=80><c:out escapeXml="true" 
> value="${originalPlan}"/></textarea><br/>
> +    <button 
> onclick="<portlet:namespace/>toggleDisplay('migratedPlan');<portlet:namespace/>toggleDisplay('originalPlan');return

> false;">Show Migrated plan</button>
> +</form>
> +</div>
> +<br/><hr/><br/>
> +</c:if>
> +
> <form enctype="multipart/form-data" method="POST" 
> action="<portlet:actionURL><portlet:param name="action" 
> value="deploy"/></portlet:actionURL>">
> <table>
>    <tr><th align="right">Archive: </th><td><input type="file"

> name="module" /></td></tr>
> Index: applications/console-standard/src/webapp/WEB-INF/web.xml
> ===================================================================
> --- applications/console-standard/src/webapp/WEB-INF/web.xml    
> (revision 407792)
> +++ applications/console-standard/src/webapp/WEB-INF/web.xml    
> (working copy)
> @@ -763,6 +763,11 @@
>    <servlet-name>maven-repo</servlet-name>
>    
> <servlet-class>org.apache.geronimo.console.car.GeronimoAsMavenServlet</servlet-class>

>
> </servlet>
> +<servlet>
> +  <display-name>Plan Export Servlet</display-name>
> +  <servlet-name>plan-export</servlet-name>
> +  
> <servlet-class>org.apache.geronimo.console.configmanager.PlanExportServlet</servlet-class>

>
> +</servlet>
> <servlet-mapping>
>    <servlet-name>dwr-invoker</servlet-name>
> @@ -776,6 +781,10 @@
>    <servlet-name>maven-repo</servlet-name>
>    <url-pattern>/maven-repo/*</url-pattern>
> </servlet-mapping>
> +<servlet-mapping>
> +  <servlet-name>plan-export</servlet-name>
> +  <url-pattern>/plan-export</url-pattern>
> +</servlet-mapping>
> Index: applications/console-framework/src/webapp/WEB-INF/web.xml
> ===================================================================
> --- applications/console-framework/src/webapp/WEB-INF/web.xml    
> (revision 407792)
> +++ applications/console-framework/src/webapp/WEB-INF/web.xml    
> (working copy)
> @@ -71,6 +71,20 @@
>             <param-value>/graphs</param-value>
>          </init-param>
>      </servlet>
> +
> +    <servlet>
> +        <display-name>Plan Export Forward Servlet</display-name>
> +        <servlet-name>plan-export-forward</servlet-name>
> +        
> <servlet-class>org.apache.geronimo.console.servlet.ContextForwardServlet</servlet-class>

>
> +        <init-param>
> +           <param-name>context-path</param-name>
> +           <param-value>/console-standard</param-value>
> +        </init-param>
> +        <init-param>
> +           <param-name>servlet-path</param-name>
> +           <param-value>/plan-export</param-value>
> +        </init-param>
> +    </servlet>
>      <servlet-mapping>
>          <servlet-name>se-console</servlet-name>
> @@ -92,6 +106,10 @@
>          <servlet-name>svg-forward</servlet-name>
>          <url-pattern>/graphs/*</url-pattern>
>      </servlet-mapping>
> +    <servlet-mapping>
> +        <servlet-name>plan-export-forward</servlet-name>
> +        <url-pattern>/plan-export</url-pattern>
> +    </servlet-mapping>
>      <security-constraint>
>          <web-resource-collection>
> Index: configs/console-tomcat/project.xml
> ===================================================================
> --- configs/console-tomcat/project.xml    (revision 407792)
> +++ configs/console-tomcat/project.xml    (working copy)
> @@ -146,6 +146,14 @@
>          </dependency>
>          <dependency>
>              <groupId>geronimo</groupId>
> +            <artifactId>geronimo-upgrade</artifactId>
> +            <version>${geronimo_version}</version>
> +            <properties>
> +                <geronimo.dependency>true</geronimo.dependency>
> +            </properties>
> +        </dependency>
> +        <dependency>
> +            <groupId>geronimo</groupId>
>              <artifactId>geronimo-management</artifactId>
>              <version>${geronimo_version}</version>
>              <properties>
> Index: configs/console-jetty/project.xml
> ===================================================================
> --- configs/console-jetty/project.xml    (revision 407792)
> +++ configs/console-jetty/project.xml    (working copy)
> @@ -146,6 +146,14 @@
>          </dependency>
>          <dependency>
>              <groupId>geronimo</groupId>
> +            <artifactId>geronimo-upgrade</artifactId>
> +            <version>${geronimo_version}</version>
> +            <properties>
> +                <geronimo.dependency>true</geronimo.dependency>
> +            </properties>
> +        </dependency>
> +        <dependency>
> +            <groupId>geronimo</groupId>
>              <artifactId>geronimo-management</artifactId>
>              <version>${geronimo_version}</version>
>              <properties>
>
>


Mime
View raw message