Versions Compared

Old Version 3

changes.mady.by.user Mark Thomas

Saved on

compared with

New Version Current

changes.mady.by.user Mark Thomas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add the Java 11 result

Running

Tomcat

This is a work in progress while I figure out which settings required for  the Servlet 4.0 TCK ar still required for the Servlet 5.0 TCK.

setenv.[sh|bat]

Set the following system properties

  • -Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true

context.xml

Make the following changes:

<Context crossContext="true" resourceOnlyServlets="jsp">
   <CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" alwaysAddExpires="true" forwardSlashIsSeparator="false" />
     ...

</Context>

server.xml

Enable h2c on port 8080, and add some trailer headers
<Connector ... allowedTrailerHeaders="myTrailer, myTrailer2" >
    <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
</Connector>

Enable TLS on port 8443

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true">

        <SSLHostConfig     <SSLHostConfig protocols="TLSv1.2" truststoreFile="conf/cacerts.jks">

                    <Certificate certificateKeystoreFile="conf/clientcert.jks"

                         certificateKeystorePassword                     certificateKeystorePassword="changeit"

                         type                     type="RSA" />

            </SSLHostConfig>

    </Connector>

web.xml

Remove the sections setting the default character encoding for requests and responses to UTF-8.

Tomcat config for Servlet 4.0

setenv.[sh|bat]

Set the following system properties

  • -Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
  • -Dorg.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR=false
  • -Duser.language=en
  • -Duser.country=US

context.xml

Make the following changes:

<Context crossContext="true" resourceOnlyServlets="jsp">
  <CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" alwaysAddExpires="true" forwardSlashIsSeparator="false" />

    ...

</Context>Note: Set protocols="TLSv1.2" to disable TLSv1.3 since the TCK requires post-handshake authentication and the Java 11 client does not support that.

tomcat-users.xml

Make the following changes:

<user username="CN=CTS, OU=Java Software, O=Sun Microsystems Inc., L=Burlington, ST=MA, C=US" roles="Administrator"/>
<user username="j2ee" password="j2ee" roles="Administrator,Employee" />
<user username="javajoe" password="javajoe" roles="VP,Manager" />

server.xml

Enable h2c on port 8080, and add some trailer headers

<Connector ... allowedTrailerHeaders="myTrailer, myTrailer2">
    <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
</Connector>

Enable TLS on port 8443

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true">

        <SSLHostConfig truststoreFile="conf/cacerts.jks">

            <Certificate certificateKeystoreFile="conf/clientcert.jks"

                         certificateKeystorePassword="changeit"

                         type="RSA" />

        </SSLHostConfig>

    </Connector>

Remove the lock-out realm

Client certificate tests: see below

Test Suite

Download latest nightly build

web.xml

Remove the sections setting the default character encoding for requests and responses to UTF-8.

Test Suite

Download the Jakarta Servlet 5.0.0 TCK

httpshttp://download.eclipse.org/ee4j/jakartaee-tck/masterjakartaee9/nightlypromoted/servlet-tck-5.0.0.zip

Extract to SERVLET_TCK_HOMEImport

cd $SERVLET_TCK_HOME/bin/certificates

Convert cts_cert to a truststore doing: "keytool -import -alias cts -file cts_cert -storetype JKS -keystore cacerts.jks" password should be "changeit"

Create the truststore using  "keytool -import -alias cts -file cts_cert -storetype JKS -keystore cacerts.jks" password should be "changeit"

Place cacerts.jks truststore in $SERVLET_TCK_HOME/bin/certificates

Add $SERVLET_TCK_HOME/bin/certificates/cacerts.jks and $SERVLET_TCK_HOME/bin/certificates/clientcert.jks in the Tomcat conf folder

...

securedWebServicePort=8443

command.testExecute += -Djava.endorsed.dirs=${ts.home}/endorsedlib -Djavax.net.ssl.trustStore=${ts.home}/bin/certificates/cacerts.jks
command.textExecute -= -Djava.endorsed.dirs=${endorsedlib.dir} (Java 11 only)


set JAVA_HOME
cd $SERVLET_TCK_HOME/bin

...

Accept the defaults and then run the tests

Expected results

A default 10.0.x build (as of 2020-06-1710.0.0-M10) with the above configuration and the nightly TCK (as of yyyy-mm-dd) triggers 75 test failures

1 TCK bug

  • PR 338 Incorrect major version

...

5.0.0 TCK triggers 1 test failure with the following JREs:

  • Adopt OpenJDK 8u275 b01
  • Adopt OpenJDK 11.0.9 b11 (TCK and Tomcat)

1 Expected failures

  • 1 x default context path test as Tomcat configuration always overrides this

Fixed TCK bugs

  • PR 338
    • Incorrect major version (1 failure),
    • Using LF rather an CRLF (15 failures)
    • Strange /j_security_check test (2 failures)
    • Missing annotation marker in Java 8 signature tests (1 failure)
    • Re-do Java 11 signature test based on Java 8
    • Fix regression in error page tests (1 failure)
    • Java 11 issues with HTTP/2 client