Saturday, June 23, 2007

How I love Tomcat (did I say love? I hate it)

This is not the first time that Tomcat team decided to make our life easier and change the way Tomcat 6 works (compared to T5.5)

A couple of notes from our (just finished) session on how to make JeromeDL working on T6.


  1. apart from small changes required here and there in JSP (like changing ${ (test)?one:two} -> ${ (test)?(one):(two)} ) - T6 seems to be much faster than T5.5


  2. T6 introduced new way (they say it is a features) of handling internationalization, but it breaks common sense way of how fmt:bundle worked. Now, you cannot do .getKeys(), or bundle.keys - as this new object, that says it is a ResourceBundle is somehow mapped in EL to something behaving like a Map. so bundle.keys - returns ???keys??? indicating that such a translation has not been found - stupid.

    Together with Adam we wrote a helper function in Tag Lib to make sure we get Enumeration from bundle - it was required by JavaScript internationalization style we have e.g. in SSCF


  3. T6 has problems with handling long URL that contains URLEncoded fragments. If you have %2F as a result of URL encoding a slash - it will fail to load the page, with error 400 -> wrong URL no Slash - again stupid. I will try to find some solution soon.



Please let me know if anyone has any idea how to fix point 3.


Technorati Tags:
, , ,


1 comment:

Unknown said...

ok, after exchanging couple of emails with apache-tomcat community I have a solution:

add

org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true

while to make allow for this in your Tomcat.

Further reference:

* http://tomcat.apache.org/security-6.html
[see CVE-2007-0450]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450