Commit a057298b authored by O'Reilly Media, Inc.'s avatar O'Reilly Media, Inc.

Initial commit

parents
## Example files for the title:
# Tomcat: The Definitive Guide 2nd Edition, by Ian Darwin
[![Tomcat: The Definitive Guide 2nd Edition, by Ian Darwin](http://akamaicovers.oreilly.com/images/9780596101060/cat.gif)](https://www.safaribooksonline.com/library/view/title/9780596101060//)
The following applies to example files from material published by O’Reilly Media, Inc. Content from other publishers may include different rules of usage. Please refer to any additional usage rights explained in the actual example files or refer to the publisher’s website.
O'Reilly books are here to help you get your job done. In general, you may use the code in O'Reilly books in your programs and documentation. You do not need to contact us for permission unless you're reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from our books does not require permission. Answering a question by citing our books and quoting example code does not require permission. On the other hand, selling or distributing a CD-ROM of examples from O'Reilly books does require permission. Incorporating a significant amount of example code from our books into your product's documentation does require permission.
We appreciate, but do not require, attribution. An attribution usually includes the title, author, publisher, and ISBN.
If you think your use of code examples falls outside fair use or the permission given here, feel free to contact us at <permissions@oreilly.com>.
Please note that the examples are not production code and have not been carefully testing. They are provided "as-is" and come with no warranty of any kind.
logo.png

3.58 KB

import java.net.DatagramPacket;
import java.net.InetAddress;
import java.net.MulticastSocket;
/**
* MulticastNode is a very simple program to test multicast. It starts
* up and joins the multicast group 228.0.0.4 on port 45564 (this is the
* default address and port of Tomcat 6's Cluster group communications).
* This program uses the first argument as a message to send into the
* multicast group, and then spends the remainder of its time listening
* for messages from other nodes and printing those messages to standard
* output.
*/
public class MulticastNode {
InetAddress group = null;
MulticastSocket s = null;
/**
* Pass this program a string argument that it should send to the
* multicast group.
*/
public static void main(String[] args) {
if (args.length > 0) {
System.out.println("Sending message: " + args[0]);
// Start up this MulticastNode
MulticastNode node = new MulticastNode();
// Send the message
node.send(args[0]);
// Listen in on the multicast group, and print all messages
node.receive();
} else {
System.out.println("Need an argument string to send.");
System.exit(1);
}
}
/**
* Construct a MulticastNode on group 228.0.0.4 and port 45564.
*/
public MulticastNode() {
try {
group = InetAddress.getByName("228.0.0.4");
s = new MulticastSocket(45564);
s.joinGroup(group);
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* Send a string message to the multicast group for all to see.
*
* @param msg the message string to send to the multicast group.
*/
public void send(String msg) {
try {
DatagramPacket hi = new DatagramPacket(
msg.getBytes(), msg.length(), group, 45564);
s.send(hi);
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* Loop forever, listening to the multicast group for messages sent
* from other nodes as DatagramPackets. When one comes in, print it
* to standard output, then go back to listening again.
*/
public void receive() {
byte[] buf;
// Loop forever
while (true) {
try {
buf = new byte[1000];
DatagramPacket recv = new DatagramPacket(buf, buf.length);
s.receive(recv);
System.out.println("Received: " + new String(buf));
} catch (Exception e) {
e.printStackTrace();
}
}
}
}
\ No newline at end of file
This directory contains build files that are shown as examples in the book.
We can't name them all "build.xml", but when you're using them, you should
probably rename the build file "build.xml".
<project name="pre-compile-jsps" default="compile-jsp-servlets">
<!-- Private properties. -->
<property name="webapp.dir" value="${basedir}/webapp-dir"/>
<property name="tomcat.home" value="/opt/tomcat"/>
<property name="jspc.pkg.prefix" value="com.mycompany"/>
<property name="jspc.dir.prefix" value="com/mycompany"/>
<!-- Compilation properties. -->
<property name="debug" value="on"/>
<property name="debuglevel" value="lines,vars,source"/>
<property name="deprecation" value="on"/>
<property name="encoding" value="ISO-8859-1"/>
<property name="optimize" value="off"/>
<property name="build.compiler" value="modern"/>
<property name="source.version" value="1.5"/>
<!-- Initialize Paths. -->
<path id="jspc.classpath">
<fileset dir="${tomcat.home}/bin">
<include name="*.jar"/>
</fileset>
<fileset dir="${tomcat.home}/server/lib">
<include name="*.jar"/>
</fileset>
<fileset dir="${tomcat.home}/common/i18n">
<include name="*.jar"/>
</fileset>
<fileset dir="${tomcat.home}/common/lib">
<include name="*.jar"/>
</fileset>
<fileset dir="${webapp.dir}/WEB-INF">
<include name="lib/*.jar"/>
</fileset>
<pathelement location="${webapp.dir}/WEB-INF/classes"/>
<pathelement location="${ant.home}/lib/ant.jar"/>
<pathelement location="${java.home}/../lib/tools.jar"/>
</path>
<property name="jspc.classpath" refid="jspc.classpath"/>
<!-- ========================================================== -->
<!-- Generates Java source and a web.xml file from JSP files. -->
<!-- ========================================================== -->
<target name="generate-jsp-java-src">
<mkdir dir="${webapp.dir}/WEB-INF/jspc-src/${jspc.dir.prefix}"/>
<taskdef classname="org.apache.jasper.JspC" name="jasper2">
<classpath>
<path refid="jspc.classpath"/>
</classpath>
</taskdef>
<touch file="${webapp.dir}/WEB-INF/jspc-web.xml"/>
<jasper2 uriroot="${webapp.dir}"
package="${jspc.pkg.prefix}"
webXmlFragment="${webapp.dir}/WEB-INF/jspc-web.xml"
outputDir="${webapp.dir}/WEB-INF/jspc-src/${jspc.dir.prefix}"
verbose="1"/>
</target>
<!-- ========================================================== -->
<!-- Compiles (generates Java class files from) the JSP servlet -->
<!-- source code that was generated by the JspC task. -->
<!-- ========================================================== -->
<target name="compile-jsp-servlets" depends="generate-jsp-java-src">
<mkdir dir="${webapp.dir}/WEB-INF/classes"/>
<javac srcdir="${webapp.dir}/WEB-INF/jspc-src"
destdir="${webapp.dir}/WEB-INF/classes"
includes="**/*.java"
debug="${debug}"
debuglevel="${debuglevel}"
deprecation="${deprecation}"
encoding="${encoding}"
optimize="${optimize}"
source="${source.version}">
<classpath>
<path refid="jspc.classpath"/>
</classpath>
</javac>
</target>
<!-- ========================================================= -->
<!-- Cleans any pre-compiled JSP source, classes, jspc-web.xml -->
<!-- ========================================================= -->
<target name="clean">
<delete dir="${webapp.dir}/WEB-INF/jspc-src"/>
<delete dir="${webapp.dir}/WEB-INF/classes/${jspc.dir.prefix}"/>
<delete file="${webapp.dir}/WEB-INF/jspc-web.xml"/>
</target>
</project>
<project name="Hello World Webapp" default="war"
basedir=".">
<!-- Store the username and password in a separate file
that only my user can read. -->
<property file="user-pass.properties"/>
<!-- Webapp and deployment properties. -->
<property name="webapp.dir" value="webapp-dir"/>
<property name="deploy.dir"
value="/opt/tomcat/webapps"/>
<property name="deploy.war" value="/tmp/hello.war"/>
<!-- Set the context path. -->
<property name="context.path" value="hello"/>
<!-- The remote machine on which Tomcat is running. -->
<property name="tomcat-server" value="localhost"/>
<!-- Build the war file. -->
<target name="war">
<war destfile="${deploy.war}"
webxml="${basedir}/webapp-dir/WEB-INF/web.xml"
basedir="${basedir}/webapp-dir"
excludes="WEB-INF/**/*">
<lib dir="${basedir}/webapp-dir/WEB-INF/lib"/>
<webinf dir="${basedir}/webapp-dir/WEB-INF"
excludes="web.xml"/>
<metainf dir="${basedir}/webapp-dir/META-INF"/>
</war>
</target>
<!-- Deploy the webapp, when new. -->
<target name="deploy" depends="war, undeploy"
description="Deploys the webapp.">
<property name="scp.dest"
value="${user}@${tomcat-server}:${deploy.dir}"/>
<scp file="${deploy.war}"
remoteTofile="${scp.dest}/${context.path}.war"
password="${pass}"/>
</target>
<!-- Restart Tomcat, including the webapp(s). -->
<target name="restart"
description="Restarts Tomcat.">
<echo>Restarting Tomcat.</echo>
<sshexec host="${tomcat-server}"
username="${user}"
password="${pass}"
command="service tomcat restart"/>
</target>
<target name="undeploy"
description="Undeploys the webapp.">
<property name="deployed.war"
value="${deploy.dir}/${context.path}.war"/>
<echo>Removing remote webapp ${deployed.war}</echo>
<sshexec host="${tomcat-server}"
username="${user}"
password="${pass}"
command="rm -f ${deployed.war}"/>
</target>
<target name="clean"
description="Cleans the build.">
<delete file="${deploy.war}"/>
</target>
</project>
<project name="Hello World Webapp" default="war"
basedir=".">
<!-- Point this build file to the Tomcat installation. -->
<property name="catalina.home" value="/opt/tomcat"/>
<!-- Store the username and password in a separate file
that only my user can read. -->
<property file="user-pass.properties"/>
<property name="deploy.dir"
value="/opt/tomcat/webapps"/>
<property name="deploy.war" value="/tmp/hello.war"/>
<!-- Set the context path. -->
<property name="path" value="/hello"/>
<!-- Properties to access the Manager webapp. -->
<property name="manager.url"
value="http://localhost:8080/manager"/>
<path id="tomcat.lib.classpath">
<fileset dir="${catalina.home}/bin">
<include name="*.jar"/>
</fileset>
<fileset dir="${catalina.home}/lib">
<include name="*.jar"/>
</fileset>
</path>
<!-- Configure the custom tasks for the Manager webapp. -->
<taskdef
resource="org/apache/catalina/ant/catalina.tasks"
classpathref="tomcat.lib.classpath"/>
<!-- Build the war file. -->
<target name="war">
<war destfile="${deploy.war}"
webxml="${basedir}/webapp-dir/WEB-INF/web.xml"
basedir="${basedir}/webapp-dir"
excludes="WEB-INF/**/*">
<lib dir="${basedir}/webapp-dir/WEB-INF/lib"/>
<webinf dir="${basedir}/webapp-dir/WEB-INF"
excludes="web.xml"/>
<metainf dir="${basedir}/webapp-dir/META-INF"/>
</war>
</target>
<!-- Deploy the webapp, when new. -->
<target name="deploy" depends=”war”
description="Deploys the webapp.">
<deploy url="${manager.url}"
username="${user}"
password="${pass}”
path="${path}"
war="file://${deploy.war}"/>
</target>
<!-- Reload the webapp. -->
<target name="reload" depends=”war”
description="Reloads the webapp.">
<reload url="${manager.url}"
username="${user}"
password="${pass}"
path="${path}"/>
</target>
<!-- Get the status of all webapps. -->
<target name="list"
description="Lists all running webapps.">
<list url="${manager.url}"
username="${user}"
password="${pass}"/>
</target>
<target name="clean"
description="Cleans the build.">
<delete file="${deploy.war}"/>
</target>
</project>
<project name="Hello World Web Site"
default="war"
basedir=".">
<!-- Build the WAR file. -->
<target name="war"
description=”Builds the WAR file.”>
<war destfile="${deploy.war}"
webxml="${basedir}/webapp-dir/WEB-INF/web.xml"
basedir="${basedir}/webapp-dir"
excludes="WEB-INF/**/*">
<lib dir="${basedir}/webapp-dir/WEB-INF/lib"/>
<webinf dir="${basedir}/webapp-dir/WEB-INF"
excludes="web.xml"/>
<metainf dir="${basedir}/webapp-dir/META-INF"/>
</war>
</target>
</project>
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry path="src" kind="src"/>
<classpathentry path="lib/servlet-api.jar" kind="lib"/>
<classpathentry path="org.eclipse.jdt.launching.JRE_CONTAINER" kind="con"/>
<classpathentry path="lib/catalina.jar" kind="lib"/>
<classpathentry path="lib/tomcat-juli.jar" kind="lib"/>
<classpathentry path="eclipse-bin" kind="output"/>
</classpath>
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>bad-input</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.jdt.core.javabuilder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.jdt.core.javanature</nature>
</natures>
</projectDescription>
<html>
<head>
<title>Testing for Bad User Input</title>
</head>
<body>
Use the below forms to expose a Cross Site Scripting (XSS) or
HTML injection vulnerability, or to demonstrate SQL injection or
command injection vulnerabilities.
<br><br>
<!-- Begin GET Method Search Form -->
<table border="1">
<tr>
<td>
Enter your search query (method="get"):
<form method="get">
<input type="text" name="queryString1" width="20"
value="<%= request.getParameter("queryString1")%>"
>
<input type="hidden" name="hidden1" value="hiddenValue1">
<input type="submit" name="submit1" value="Search">
</form>
</td>
<td>
queryString1 = <%= request.getParameter("queryString1") %><br>
hidden1 = <%= request.getParameter("hidden1") %><br>
submit1 = <%= request.getParameter("submit1") %><br>
</td>
</tr>
</table>
<!-- End GET Method Search Form -->
<br>
<!-- Begin POST Method Search Form -->
<table border="1">
<tr>
<td>
Enter your search query (method="post"):
<form method="post">
<input type="text" name="queryString2" width="20"
value="<%= request.getParameter("queryString2")%>"
>
<input type="hidden" name="hidden2" value="hiddenValue2">
<input type="submit" name="submit2" value="Search">
</form>
</td>
<td>
queryString2 = <%= request.getParameter("queryString2") %><br>
hidden2 = <%= request.getParameter("hidden2") %><br>
submit2 = <%= request.getParameter("submit2") %><br>
</td>
</tr>
</table>
<!-- End POST Method Search Form -->
<br>
<!-- Begin POST Method Username Form -->
<table border="1">
<tr>
<td width="50%">
<% // If we got a username, check it for validity.
String username = request.getParameter("username");
if (username != null) {
// Verify that the username contains only valid characters.
boolean validChars = true;
char[] usernameChars = username.toCharArray();
for (int i = 0; i < username.length(); i++) {
if (!Character.isLetterOrDigit(usernameChars[i])) {
validChars = false;
break;
}
}
if (!validChars) {
out.write("<font color=\"red\"><b><i>");
out.write("Username contained invalid characters. ");
out.write("Please use only A-Z, a-z, and 0-9.");
out.write("</i></b></font><br>");
}
// Verify that the username length is valid.
else if (username.length() < 3 || username.length() > 9) {
out.write("<font color=\"red\"><b><i>");
out.write("Bad username length. Must be 3-9 chars.");
out.write("</i></b></font><br>");
}
// Otherwise, it's valid.
else {
out.write("<center><i>\n");
out.write("Currently logged in as <b>" + username + "\n");
out.write("</b>.\n");
out.write("</i></center>\n");
}
}
%>
Enter your username [3-9 alphanumeric characters]. (method="post"):
<form method="post">
<input type="text" name="username" width="20"
value="<%= request.getParameter("username")%>"
>
<input type="hidden" name="hidden3" value="hiddenValue3">
<input type="submit" name="submit3" value="Submit">
</form>
</td>
<td>
username = <%= request.getParameter("username") %><br>
hidden3 = <%= request.getParameter("hidden3") %><br>
submit3 = <%= request.getParameter("submit3") %><br>
</td>
</tr>
</table>
<!-- End POST Method Username Form -->
</body>
</html>
/* $OpenBSD: chroot.c,v 1.7 2002/10/29 23:12:06 millert Exp $ */
/* $NetBSD: chroot.c,v 1.11 2001/04/06 02:34:04 lukem Exp $ */
/*
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* jbchroot.c
* OpenBSD's chroot command for Linux and Solaris, ported by Jason Brittain.
*/
#ifndef lint
static const char copyright[] =
"@(#) Copyright (c) 1988, 1993\n\
The Regents of the University of California. All rights reserved.\n";
#endif /* not lint */
#ifndef lint
#if 0
static const char sccsid[] = "@(#)chroot.c 8.1 (Berkeley) 6/9/93";
#else
static const char rcsid[] = "$OpenBSD: chroot.c,v 1.7 2002/10/29 23:12:06 millert Exp $";
#endif
#endif /* not lint */
#include <ctype.h>
#include <errno.h>
#include <grp.h>
#include <limits.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
int main(int, char **);
void usage(char *);
static char* getToken(char**, const char*);
int
main(int argc, char **argv)
{
struct group *gp;
struct passwd *pw;
const char *shell;
char *fulluser, *user, *group, *grouplist, *endp, *p;
gid_t gid, gidlist[NGROUPS_MAX];
uid_t uid;
int ch, gids;
unsigned long ul;
char *myname;
myname = argv[0];
gid = 0;
uid = 0;
gids = 0;
user = fulluser = group = grouplist = NULL;
while ((ch = getopt(argc, argv, "G:g:U:u:")) != -1) {
switch(ch) {
case 'U':
fulluser = optarg;
if (*fulluser == '\0')
usage(myname);
break;
case 'u':
user = optarg;
if (*user == '\0')
usage(myname);
break;
case 'g':
group = optarg;
if (*group == '\0')
usage(myname);
break;
case 'G':
grouplist = optarg;
if (*grouplist == '\0')
usage(myname);
break;
case '?':
default:
usage(myname);
}
}
argc -= optind;
argv += optind;
if (argc < 1)
usage(myname);
if (fulluser && (user || group || grouplist)) {
fprintf(stderr,
"%s: The -U option may not be specified with any other option\n",
myname);
exit(-1);
}
if (group != NULL) {
if ((gp = getgrnam(group)) != NULL)
gid = gp->gr_gid;
else if (isdigit((unsigned char)*group)) {
errno = 0;
ul = strtoul(group, &endp, 10);
if (*endp != '\0' || (ul == ULONG_MAX && errno == ERANGE)) {
fprintf(stderr, "%s: Invalid group ID `%s'\n", myname, group);
exit(-1);
}
gid = (gid_t)ul;
}
else {
fprintf(stderr, "%s: No such group `%s'\n", myname, group);
exit(-1);