Versions Compared

Old Version 12

changes.mady.by.user Mark Thomas

Saved on

compared with

New Version 13

changes.mady.by.user Remy Maucherat

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Running

Tomcat

setenv.[sh|bat]

Set the following system properties

  • -Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
  • -Dorg.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR=false
  • -Duser.language=en
  • -Duser.country=US

context.xml

Make the following changes to context.xml:

<Context crossContext="true" resourceOnlyServlets="jsp">
  <CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" />

    ...

</Context>Make the following changes to

tomcat-users.xml

Make the following changes:

<user username="CN=CTS, OU=Java Software, O=Sun Microsystems Inc., L=Burlington, ST=MA, C=US" roles="Administrator"/>
<user username="j2ee" password="j2ee" roles="Administrator,Employee" />
<user username="javajoe" password="javajoe" roles="VP,Manager" />

server.xml

Enable h2c on port 8080, and add some trailer headers

...

</Connector>

Enable TLS on port 8443

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true">

        <SSLHostConfig truststoreFile="conf/cacerts.jks">

            <Certificate certificateKeystoreFile="conf/clientcert.jks"

                         certificateKeystorePassword="changeit"

                         type="RSA" />

        </SSLHostConfig>

    </Connector>

Remove the lock-out realm

Client certificate tests

  • Import bin/cts_cert to a truststore doing: "keytool -import -alias cts -file cts_cert -storetype JKS -keystore cacerts.jks" password should be "changeit"
  • Place cacerts.jks into the bin/certificates folder on the TCK
  • Set client trutstore using "-Djavax.net.ssl.trustStore=${ts.home}/bin/certificates/cacerts.jks \ " in the command.testExecute in ts.jte
  • Add cacerts.jks and clientcert.jks into Tomcat conf folder so that the 8443 connector works as wellTBD

Test Suite

Download latest nightly build

...

A default 9.0.x build with the above configuration triggers 16 12 test failures

2 Expected failures

...

  • 1 x case sensitive HTTP header checks
  • TBD * com/sun/ts/tests/servlet/spec/security/denyUncovered/* use URLs which don't match the WAR name (it needs to be renamed from servlet_sec_denyUncovered_web.war to servlet_sec_denyUncovered.war (there is a proprietary descriptor to rectify the mapping on deployment, but it is not portable)

13 9 TBD

Note the configuration above also works around 3 additional TCK bugs

...