Apache Tomcat Version 4.0 Milestone 4 ===================================== Release Notes ============= $Id$ ============ INTRODUCTION: ============ This document describes the changes that have been made in the current milestone release of Apache Tomcat, relative to the previous milestone release. Bug reports should be entered at the interim bug reporting system for Jakarta projects at: http://znutar.cortexity.com:8888/ Please use project codes "Catalina" and "Jasper" for servlet-related and JSP-related bug reports, respectively. ============ NEW FEATURES: ============ All: Tomcat 4.0 now defaults to using the JAXP 1.1-ea XML parser, which includes SAX2 support (required by Jasper). In addition, the build scripts have been modified to let you conveniently select the XML parser you wish to use (must be JAXP-compliant) for: - Ant execution (i.e. the parser Ant uses to read build.xml files) - Catalina (the parser that is installed in $CATALINA_HOME/server) for reading server.xml and web.xml files - Jasper (the parser that is installed in $CATALINA_HOME/lib) for reading xxxxx.tld and web.xml files Catalina: The JDBCRealm implementation in Tomcat 4.0 has been updated to include features that were added to the Tomcat 3.x version, including: - Digested passwords (rather than plaintext) - The connectionName and connectionPassword properties for configuring JDBC drivers that require them separate from the connection URL Servletapi: All of the changes that occurred in the Proposed Final Draft versions of the Servlet 2.3 and JSP 1.2 specifications are present. Webapps: Updated the example filters to use the revised filter syntax. Catalina: Support the new ServletContext.getResourcePaths() method, which returns the set of resource paths visible within this web application. Catalina: Process the configuration element in web.xml, and return any value set there via the new ServletContext.getServletContextName() method. Catalina: Re-implemented support for filters to reflect the revisions in Servlet 2.3 PFD. Compared to the original model, the following changes are notable: - Single instance of a filter per filter definition (like servlets) - FilterChain objects represent the dynamic state of the handling of a particular request - Filters are now initialized at application startup and finalized at application shutdown (and also around context reloads) Jasper: Reflect the following changes in JSP 1.2 PFD: - PageInfo was renamed PageData - New signature for TagLibraryValidator.validate() Webapps: Add a commented-out invocation of a request dumper filter, which reports all request parameters to the servlet context log. This can be a very useful tool when debugging web-based requests. Jasper: Support the new "pageEncoding" attribute on the <%@ page %> directive. Catalina: Support the following changes to the deployment descriptor format per Servlet 2.3 PFD: - New element - New subelement of the element - Various documentation clarifications in the DTD itself Jasper: Support the new TLD elements that enable tag developers to avoid the need to write TagExtraInfo classes in many cases. Jasper: Reflect the revised element names for JSP 1.2 TLD elements. (As before, TLDs in the JSP 1.1 syntax are still accepted). Jasper: Support the new JSP 1.2 feature enabling translation time validation of the XML view of a JSP page by a custom tag library. Jasper: Support the new JSP 1.2 feature of hosting multiple TLDs (and therefore multiple custom tag libraries) in a single JAR file. Catalina: Enhance SSL client certificate support so that you can have multiple web applications configured, some that require client certificates and some that do not, communicating through the same SSL sockets. Jasper: Support the new TryCatchFinally interface for tag libraries. ========= BUG FIXES: ========= Jasper: Better error message when an included file is not found. Jasper: Avoid NullPointerException when processing parameters for a forward or include, when no parameters are present. Catalina: When parsing parameters for a large POST request, only the first 512 bytes were being processed. Now, they are all read. Catalina: Correct the manifest constants used to expose the SSL cipher suite and key size as request attributes. Catalina: Do not set a default content type of "text/plain". Catalina: When scanning for TLDs in JAR files (to register listeners), scan all TLD files under META-INF, not just META-INF/taglib.tld. Jasper: Accept the "jsp_precompile=" query parameter in conformance to the specification. Jasper: Do not complain if there is no web.xml file present. ============================== KNOWN PROBLEMS IN THIS RELEASE: ============================== No Web Connectors Available --------------------------- Current releases of Tomcat 4.0 only run in stand-alone mode. A new web connector for Apache will be integrated shortly, followed by integration with the other servers currently supported by Tomcat 3.x. URL Decoding Incomplete ----------------------- Currently, Catalina does not decode the values returned by getServletPath() and getPathInfo(), as required by the Servlet Specification. This will be dealt with after clarifications to the requirements are completed in the JSR-053 expert group. Redeploying From a Web Application Archive ------------------------------------------ If you attempt to undeploy, then redeploy, an application from the same web application archive file URL (where the URL refers to an actual WAR file, not to a directory), the redeploy will fail with error "zip file is closed". There appears to be a problem in the JDK's JarURLConnection class where JAR files are cached, even after they are closed, so that a request for a connection to the same URL returns the previous JarFile object instead of a new one. As a workaround, you should do one of the following: * Change the URL of the web application archive each time you redeploy. * Deploy from an unpacked directory (on the same server) instead of from a WAR file (this is often more convenient in a development environment anyway). Running Web Apps Under A Security Manager ----------------------------------------- Support for running individual web applications under the protection of a security manager has not yet been completed.