geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Russell E Glaue <>
Subject Re: [Discussion] why does geronimo set org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true?
Date Fri, 23 Sep 2011 20:54:50 GMT
Reading the notes on this:

Note that changing a number of the above defaults is likely to break the
majority of systems as some browsers are unable to correctly handle the cookie
headers that result from a strict adherence to the specifications.

Sounds like it is necessary to keep this false, for now. And I am not sure why
it would have been set to true, except for one guess... that is if it was set to
true while developing Geronimo 3.0 to help ensure our development process does a
better job at building a compliant server.

Defaults, regardless of whether or not they have been changed by setting
org.apache.catalina.STRICT_SERVLET_COMPLIANCE can always be overridden by
explicitly setting the appropriate system property or element attribut

So the user can always change it back to true by just setting a system variable.
Perhaps we can put this variable in to the start scripts, but commented out. And
add a note that FALSE is the default value, but the admin user can override that
value by uncommenting the line.

# STRICT_SERVLET_COMPLIANCE is false by default. You can override this
# by uncommenting the following line.
# See:

So, changing this would not seem to be a problem since it is easily revertable
by the end user.


On 09/23/2011 09:59 AM, Russell E Glaue wrote:
> IMO, as long as the change does not make cross-compatibility between tomcat and
> jetty containers any worse, and the same TCK cases still pass in both containers
> after any change, the change should be fine.
> Also, IMO, I think it is better to have this change in before the 3.0-beta release.
> -RG
> On 09/23/2011 09:03 AM, han hongfang wrote:
>> Hi devs,
>> Some update for this topic.
>> I set org.apache.catalina.STRICT_SERVLET_COMPLIANCE=false (just as the default
>> value in tomcat), and then run the servlet package of TCK, only two cases failed.
>> shows the value of org.apache.catalina.STRICT_SERVLET_COMPLIANCE has effect on
>> several other properties. Looking into tomcat source code, most of the
>> properties being effected take the value of
>> org.apache.catalina.STRICT_SERVLET_COMPLIANCE only if these properties are NOT
>> explicitly set. By setting the following properties as true, above-mentioned
>> failed TCK cases pass as well.
>> org.apache.catalina.core.ApplicationContext.GET_RESOURCE_REQUIRE_SLASH=true
>> org.apache.catalina.core.ApplicationDispatcher.WRAP_SAME_OBJECT=true
>> org.apache.catalina.core.StandardHostValve.ACCESS_SESSION=true
>> org.apache.catalina.session.StandardSession.ACTIVITY_CHECK=true
>> org.apache.catalina.session.StandardSession.LAST_ACCESS_AT_START=true
>> I also tried in jetty v8.0.1.v20110908 and geronimo-jetty trunk, travel sample
>> runs successfully. Both of them have no homepage access issue (i.e., 404 error).
>> Any objection to set org.apache.catalina.STRICT_SERVLET_COMPLIANCE=false in
>> geronimo tomcat?
>> Best regards,
>> Han Hong Fang (Janet)
>> hanhongfang AT <>

View raw message